Kiteworks | Your Private Data Network

Enabling Zero Trust Data Exchange in One Platform

Free Trial EXPLORE KITEWORKS
Home > Security and Compliance Blog > Regulatory Compliance > What the SEC’s AI Disclosure Requirements Actually Mean for Compliance Teams

What the SEC’s AI Disclosure Requirements Actually Mean for Compliance Teams

by Danielle Barbour updated March 25, 2026 Regulatory Compliance
Reading Time: 11 minutes

Financial services firms have been deploying AI agents against their most sensitive workflows — client reporting, trade reconciliation, regulatory filing preparation, and portfolio analysis. Most of these workflows touch data that is subject to SEC oversight: client portfolio holdings, advisory communications, fee schedules, trading records, and material nonpublic information. That makes them subject to existing SEC rules, not future ones still under development.

The compliance question is not whether AI will eventually be regulated by the SEC. It is whether your firm can demonstrate, right now, that AI agent access to regulated financial data satisfies the same recordkeeping, access control, and supervisory obligations that govern human employee access to that same data. The SEC’s Division of Examinations has made AI compliance policies and investor disclosures active examination priorities. When an examiner asks how your firm controls AI access to client data, the answer must be an evidence package, not a policy document.

This post explains what existing SEC rules already require of AI agent deployments, what the SEC’s evolving examination posture signals for compliance teams, where financial services AI deployments fall short, and how to build a defensible, audit-ready AI governance posture.

Executive Summary

Main Idea: SEC rules governing recordkeeping, access to client data, supervisory obligations, and investor disclosure apply to AI agents operating in financial services workflows just as they apply to human advisers and employees. Most firms have deployed AI against regulated data workflows without data governance infrastructure that satisfies these existing obligations — creating audit exposure that SEC examiners are now actively looking for.

Why You Should Care: The SEC’s FY2026 examination priorities explicitly identify AI compliance policies and disclosures as examination focus areas. The SEC’s Investor Advisory Committee is pushing for enhanced board-level AI governance disclosures. The SEC has already brought enforcement actions against firms for “AI washing” — misrepresenting AI capabilities in investor-facing materials. Firms that can demonstrate governed, auditable AI data access will be in the strongest position when examiners arrive. Those that can only produce a policy document will not.

Key Takeaways

  1. Existing SEC rules already apply to AI agent access to regulated financial data. Rule 204-2 under the Advisers Act, Regulation S-P, and the SEC’s fiduciary duty framework do not contain exemptions for machine-operated workflows. An AI agent that accesses client portfolio data, generates advisory recommendations, or drafts client communications has performed a regulated activity subject to existing supervisory, recordkeeping, and disclosure obligations.
  2. Recordkeeping obligations extend to AI-generated outputs and the data those outputs accessed. Rule 204-2 requires investment advisers to maintain records of communications relating to recommendations, advice, and client interactions. When an AI agent generates a client report, a portfolio summary, or a draft advisory communication, the underlying data accessed and the output generated are both within scope of recordkeeping obligations — and the access record must be attributable to an authorized individual.
  3. The SEC’s examination posture on AI is shifting from “do you have a policy” to “show us the evidence.” The SEC’s FY2025 and FY2026 exam priorities signal that examiners will look at AI compliance policies, supervisory procedures, and investor disclosures in depth. “We have an AI governance policy” is the starting point of an examination, not the end of it. Examiners will ask for evidence that the policy is operationalized — including access logs, delegation records, and audit trails for AI agent data interactions.
  4. AI agent access to material nonpublic information creates insider trading exposure that requires the same controls as human access. If an AI agent operating in a financial services workflow can reach MNPI — merger documents, earnings data, deal terms — without the same access controls and audit trail that govern analyst access to that same data, the firm has a potential supervisory failure under existing SEC rules. The fact that a machine accessed the data does not reduce the regulatory obligation.
  5. Investor disclosures about AI use must reflect actual governance capabilities, not aspirational ones. The SEC’s enforcement actions on “AI washing” establish that investor-facing statements about AI capabilities and governance must be accurate and verifiable. A firm that discloses that it “governs AI access to client data” must be able to demonstrate what that governance consists of. Disclosures that outpace actual governance infrastructure create their own enforcement exposure.

What Existing SEC Rules Require of AI-Enabled Financial Workflows

The SEC has not yet enacted a comprehensive AI-specific regulatory framework for financial services. What it has done — through examination priorities, enforcement actions, and guidance — is make clear that existing rules apply to AI in full. For compliance teams, this means the governance question is not “what will the SEC require of AI?” but “what do our existing obligations require of every system that touches regulated data?”

Rule 204-2: Books and Records

Rule 204-2 under the Investment Advisers Act requires registered investment advisers to maintain records of communications relating to recommendations, advice given, and client interactions. When an AI agent generates a portfolio analysis, drafts an advisory letter, or prepares a regulatory filing, those outputs and the underlying data interactions are within scope. Records must be retrievable, attributable to an authorized individual, and maintained for the required period. An agent that generates advisory content without a traceable attribution chain linking the output to the human who authorized the workflow cannot satisfy the books and records requirement for that output.

Regulation S-P: Safeguarding Client Information

Regulation S-P requires covered entities to maintain policies and procedures reasonably designed to protect client records and information. For AI agents, the same safeguarding obligations that apply to human employee access to client data apply to agent access: access must be limited to authorized workflows, data must be protected with appropriate encryption, and access events must be logged. The 2024 Regulation S-P amendments significantly strengthened these requirements, adding incident response obligations and extending coverage to more categories of customer information. AI agents accessing client data outside a governed, policy-enforced framework represent a direct Regulation S-P gap.

Supervisory Obligations and the Fiduciary Standard

Investment advisers operate under a fiduciary duty to act in clients’ best interests. Broker-dealers operate under Regulation Best Interest. Both impose supervisory obligations on how client data is accessed and used in the advisory process. When an AI agent participates in a client advisory workflow — accessing portfolio data, generating recommendations, or preparing client-facing materials — the firm’s supervisory framework must extend to that agent. An agent that accesses data beyond its authorized scope, or generates outputs a supervisor cannot trace back to the underlying data and authorization, represents a supervisory control failure under existing standards.

SEC Rule 17a-4: Electronic Records for Broker-Dealers

Rule 17a-4 requires broker-dealers to maintain electronic records in a non-rewriteable, non-erasable format — a tamper-evident standard for regulated records. When AI agents create, access, or contribute to records subject to Rule 17a-4, the access trail must meet this standard. A broker-dealer that deploys AI agents against trade records, client communications, or regulatory filings without ensuring AI-generated and AI-accessed records satisfy the tamper-evident requirement has a direct Rule 17a-4 gap.

The SEC’s Evolving AI Examination Posture

Beyond existing rules, the SEC’s evolving examination and enforcement posture signals where scrutiny is heading. Compliance teams that understand this trajectory can build governance infrastructure that satisfies both current obligations and anticipated examination focus areas.

FY2026 Examination Priorities: AI Compliance Policies and Disclosures

The SEC’s Division of Examinations identified AI compliance policies, supervisory procedures, and investor disclosures as FY2026 examination priorities. The specific language — “if advisers integrate AI into advisory operations, an examination may look in-depth at compliance policies and procedures as well as disclosures to investors” — signals that examiners will evaluate whether AI compliance policies are operationalized with enforceable controls, not just documented. Evidence of governed data access, not the policy that describes it, is what an examination will ultimately require.

AI Washing Enforcement: Disclosures Must Match Reality

The SEC has brought enforcement actions against firms for misrepresenting AI capabilities in investor-facing materials. These “AI washing” cases establish a clear principle: disclosures about AI data governance must accurately represent actual operational controls. A firm that discloses robust AI governance without the underlying infrastructure is creating enforcement exposure on top of the governance gap itself.

Board-Level AI Governance Disclosure

The SEC’s Investor Advisory Committee has been pushing for enhanced disclosures about how boards oversee AI data governance as part of security risk management. CCOs and CISOs should expect board-level questions about AI governance to escalate and should be building the evidence infrastructure to answer those questions with documented, verifiable controls rather than policy descriptions.

Where Financial Services AI Deployments Fall Short

Most financial services AI deployments share an architecture built for operational speed rather than regulatory defensibility: agents connected to client data repositories through service accounts, access scope governed by system prompts, and oversight provided by periodic manual review. This architecture fails on multiple SEC compliance dimensions simultaneously.

No Attribution Chain for AI-Generated Advisory Content

Rule 204-2 requires that the underlying data access and AI-generated outputs be attributable to an authorized individual. A service account authenticates the system, not the supervising adviser who authorized the workflow. Without a chain of custody linking the agent’s actions to a named human authorizer, AI-generated advisory content cannot be properly attributed in the books and records Rule 204-2 requires. This gap also makes it impossible to demonstrate operation-level access scoping for Regulation S-P purposes: when an agent has broad repository access through a service account, the firm cannot show that the agent accessed only data within its authorized workflow scope.

AI-Generated Records That Cannot Satisfy 17a-4

Broker-dealers using AI agents to assist with trade records, client communications, or regulatory filing preparation must ensure that records produced satisfy Rule 17a-4’s non-rewriteable, non-erasable standard. Standard AI output logs, document management systems, and email archives were not designed to satisfy this standard for AI-generated content. Firms that have not specifically addressed the tamper-evident recordkeeping requirement for AI-generated outputs have a compliance gap that examiners are equipped to find.

Best Practices for SEC-Defensible AI Agent Governance

1. Establish Attribution Chains for Every AI Agent Data Interaction

Every AI agent accessing regulated financial data must operate under a unique identity credential linked to the human adviser or compliance officer who authorized the workflow. The attribution chain — authorizer identity, agent identity, data accessed, output generated — must be captured in a tamper-evident record for every interaction. This satisfies Rule 204-2’s recordkeeping obligation for AI-generated content and provides examiners with the evidence they will request.

2. Enforce Access Scoping at the Operation Level, Not the Session Level

Implement attribute-based access control that limits each AI agent to the specific client data required for the authorized workflow, evaluated per operation. An agent generating a quarterly review for Client A should not have technical access to Client B’s portfolio data — and that boundary must be enforced by the governance architecture, not by a system prompt. This satisfies Regulation S-P’s safeguarding requirement at the data access layer.

3. Implement Tamper-Evident Logging for AI-Generated Records and Access Events

All AI agent interactions with regulated financial data must be captured in audit logs that satisfy the tamper-evident standard required by Rule 17a-4 and the equivalent recordkeeping standards for investment advisers. These logs must be attributable, retrievable, and exportable in a format that supports SEC examination review. Standard application logs and AI inference logs do not satisfy this standard.

4. Align Investor Disclosures with Actual Governance Capabilities

Before making any investor-facing disclosure about AI use, access controls, or data governance, audit whether the described controls exist in the operational environment. The SEC’s AI washing enforcement actions establish that the gap between disclosure and reality is itself an enforcement risk. Disclosures should describe verifiable controls — authenticated agent identity, policy-governed access, audit trail — not aspirational governance frameworks not yet operationalized.

5. Update Written Supervisory Procedures to Cover AI Agent Workflows

Update the firm’s written supervisory procedures to address AI agent access to client data and regulated workflows. WSPs should specify which AI agent workflows are authorized, what data access each is permitted, how agent actions are monitored, and what supervisory review applies to AI-generated outputs. An examination of AI compliance policies will include a WSP review, and many firms have not made this update.

How Kiteworks Enables SEC-Defensible AI Agent Governance for Financial Services

Financial services compliance teams need AI governance that produces evidence, not just policies. When an SEC examiner asks how your firm controls AI access to client data, the answer must be a complete, retrievable record of every agent interaction — who authorized it, what data was accessed, under what policy, and when. The Kiteworks Private Data Network provides financial services firms with a data-layer governance architecture that intercepts every AI agent interaction with regulated financial data before it occurs, producing the audit trail that SEC examination requires.

Attribution Chain and Delegation Record for Rule 204-2

Kiteworks authenticates every AI agent before it accesses client data and links that authentication to the human adviser or compliance officer who authorized the workflow. The complete attribution chain is preserved in every audit log entry — satisfying Rule 204-2’s recordkeeping obligation for AI-generated content without manual reconstruction.

Operation-Level Access Scoping for Regulation S-P

Kiteworks’ Data Policy Engine evaluates every AI agent data request against the agent’s authenticated profile, the client data classification, the authorized workflow context, and the specific operation. An agent authorized to access Client A’s portfolio data cannot reach Client B’s records or perform operations beyond its permitted scope. This per-operation enforcement satisfies Regulation S-P’s requirement that client data access be limited to authorized purposes — architecturally, not by instruction.

Tamper-Evident Audit Trail for 17a-4 and Examination Readiness

Every AI agent financial data interaction is captured in a tamper-evident, operation-level log feeding directly into the firm’s SIEM and exportable in a format that supports SEC examination review. When the Division of Examinations requests an evidence package for AI data governance, the response is a report, not a forensic reconstruction from infrastructure logs never designed to satisfy 17a-4.

Wealth Management Agent Governance at SEC-Defensible Scale

Kiteworks Compliant AI enables wealth management firms to deploy AI agents for client reporting, portfolio review, and regulatory filing workflows with every interaction governed end-to-end. An agent producing quarterly portfolio review packages accesses only specifically authorized client data, under FIPS 140-3 validated encryption, with a complete audit trail linking every data access to the authorizing compliance officer — at AI speed, with no manual compliance review gate.

For financial services compliance teams who need to govern AI at scale without creating audit exposure, Kiteworks makes every AI agent interaction with regulated financial data defensible by design. Learn more about Kiteworks for financial services or request a demo.

Frequently Asked Questions

Existing SEC rules already apply. Rule 204-2 requires records of communications and advice attributable to authorized individuals — which covers AI-generated advisory content. Regulation S-P requires safeguarding procedures for client data access controls — which covers AI agent access. The SEC’s FY2026 examination priorities confirm that AI compliance policies and disclosures are active examination focus areas, not future ones. The governance obligation exists now, under rules that have been in effect for years.

Yes. Rule 17a-4 requires broker-dealers to maintain electronic records — including records created or accessed in regulated workflows — in a non-rewriteable, non-erasable format. When AI agents create, access, or contribute to records subject to this rule, those records and the access trail must satisfy the tamper-evident standard. Standard AI output logs and application audit trails were not designed to meet this standard. Firms should confirm that their AI governance infrastructure produces records that satisfy 17a-4’s retention and format requirements specifically.

Based on the SEC’s FY2026 examination priorities and prior guidance, examiners will look for: written supervisory procedures that address AI agent workflows; evidence that AI access to client data is limited to authorized purposes and scoped per operation; attribution records linking AI agent actions to human authorizers; investor disclosures about AI use that accurately reflect actual governance controls; and audit trails for AI-generated advisory content that satisfy recordkeeping obligations. Policy documents alone will not satisfy an examiner looking for evidence of operationalized controls.

The SEC’s AI washing enforcement actions establish that investor disclosures about AI capabilities and AI data governance must accurately represent actual operational controls — not aspirational frameworks. Before disclosing that your firm “governs AI access to client data” or “maintains audit trails for AI agent interactions,” compliance teams should verify that those controls exist in the operational environment and can produce evidence on demand. Disclosures that outpace governance reality create enforcement exposure that is distinct from — and in addition to — the underlying governance gap itself.

Output-level supervisory review — having a human reviewer examine AI-generated content before it reaches clients — is a meaningful control but does not satisfy the underlying data access governance requirements. It does not produce an attribution chain for the underlying data access, does not enforce ABAC access scoping at the operation level, and does not create a tamper-evident record of what data the agent accessed. Data-layer governance intercepts every access event before it occurs, enforcing identity, policy, encryption, and logging independently of what the model produces. Both controls may be appropriate — but only data-layer governance satisfies the SEC’s recordkeeping and safeguarding requirements at the point of data access.

The most immediate step is a data access audit: identify every AI agent workflow touching regulated financial data, map what data each agent can technically reach versus what it is authorized to access, and assess whether any access events from those workflows are captured in attribution-traceable, tamper-evident audit logs. This audit will define the scope of your governance gap and establish the baseline for your remediation plan. Until data-layer governance is in place, every AI agent interaction with client data is generating unattributable access events that cannot be produced to an examiner in the format Rule 204-2 and Regulation S-P require.

Additional Resources

Get started.

It’s easy to start ensuring regulatory compliance and effectively managing risk with Kiteworks. Join the thousands of organizations who are confident in how they exchange private data between people, machines, and systems. Get started today.

Schedule a Demo

Table of Contents

Table of Content
Share
Tweet
Share
Explore Kiteworks