SEC 2025 Examination Priorities Shine Light on AI

Changes in available financial technology are changing the way the SEC’s Division of Examinations will examine registered firms. The division’s recently released 2025 examination priorities focus on the emerging risks posed by new financial technology in the capital markets and securities industry. The division aims to protect investors’ interests by requiring registered firms that use such technology to provide more transparency and disclosure about their business practices.

AI Under the Microscope

One technology in the spotlight is generative artificial intelligence-based applications. The division plans to investigate registered firms’ use of AI in their investment strategies and operations — specifically, their representations, policies and procedures, use of regulatory technology, and use of third-party products and services:

With respect to AI, the Division will review registrant representations regarding their AI capabilities or AI use for accuracy. In addition, the Division will assess whether firms have implemented adequate policies and procedures to monitor and/or supervise their use of AI, including for tasks related to fraud prevention and detection, back-office operations, anti-money laundering (AML), and trading functions, as applicable. Reviews will also consider firm integration of regulatory technology to automate internal processes and optimize efficiencies. In addition, the Division will examine how registrants protect against loss or misuse of client records and information that may occur from the use of third-party AI models and tools.

Throughout its review of registered firms, the division will look for certain clues. Specifically, the division says:

When conducting these reviews, assessments generally will include whether: (1) representations are fair and accurate; (2) operations and controls in place are consistent with disclosures made to investors; (3) algorithms produce advice or recommendations consistent with investors’ investment profiles or stated strategies; and (4) controls to confirm that advice or recommendations resulting from digital engagement practices are consistent with regulatory obligations to investors, including older investors.

AI Washing

The securities industry has coined the term “AI washing” for misrepresentations and inaccuracies that registered firms may make about AI (similar to “greenwashing” in the ESG context). AI washing can manifest in many forms, including:

• Overstating a firm’s AI capabilities;
• Giving an incomplete or inaccurate picture of certain AI practices;
• Using misleading high-tech buzzwords to attract investor attention when only basic algorithms, as opposed to sophisticated AI techniques, are being used; and
• Claiming that an AI function is fully autonomous when natural persons within the registered firm still play a role in the related activity.

Overall, AI washing is an act of deceit, and the division, in effect, wants a flashlight to reveal the true nature of AI use by registered firms. And instead of placing decoding responsibility on investors and consumers, the division places it in the hands of registered firms making AI claims and assertions.

Key Questions for Registered Firms

• Do you say what you do and do what you say?
• Does your business have a risk management framework that includes AI governance controls, testing protocols, and third-party oversight?
• Does your business have an established AI committee or AI governance group?
• When outsourcing AI work, is your clients’ data properly handled and protected?
• When using AI tools, do you have policies in place to protect clients’ confidential and personally identifiable information?

Addressing these key questions will light the way for registered firms to align their practices with ethical standards, risk management, and client trust in the use of AI.