How Does FINRA View AI Use in Financial Services?

Why financial firms keep asking this question

Broker-dealers and registered investment advisers are adopting AI for client-facing chat, compliance monitoring, trade surveillance, and document generation. The appeal is real: faster workflows, lower headcount costs, consistent outputs. But FINRA's enforcement history shows that 'the vendor did it' is not a defense. Firms have been fined for letting third-party systems send non-compliant communications, and AI is no different.

FINRA hasn't published a dedicated AI rulebook, and it's unlikely to do so quickly. Instead, it has issued guidance, conducted sweeps, and used existing rules to evaluate AI deployments. If you're building or buying AI for a regulated financial workflow, you're responsible for mapping every output to an existing obligation before the system goes live.

What FINRA actually expects from firms using AI

FINRA's 2024 guidance and earlier reports frame AI as a firm tool, not a separate actor. Any content an AI system generates and sends to clients is a 'firm communication' under FINRA Rule 2210. That means principal review requirements, fair and balanced standards, and recordkeeping under SEA Rule 17a-4 all apply. If your AI chatbot tells a client their portfolio is 'well-positioned for growth,' that's a claim your compliance team is responsible for.

Supervision is the second major area. FINRA Rule 3110 requires firms to establish and maintain a supervisory system for all business activity, including AI-assisted workflows. In practice, that means written supervisory procedures (WSPs) that name who reviews AI outputs, how often, and what triggers escalation. FINRA examiners have specifically asked about WSPs for AI during routine exams since 2023.

Suitability and Reg BI add a third layer for client-facing systems. If an AI tool generates product recommendations, those recommendations must reflect the customer's best interest under Regulation Best Interest. A general-purpose LLM that isn't constrained by customer profile data, risk tolerance, and product eligibility rules cannot safely do this. The model's training data doesn't know your client's situation.

When the compliance picture gets more complicated

The risk profile changes significantly when AI is client-facing versus internal. An AI system summarizing earnings calls for your analysts carries far less regulatory exposure than one fielding client questions about account balances or investment options. Internal tools still need supervision policies, but the communication and suitability rules are much less likely to be triggered.

Firms operating across FINRA and SEC jurisdiction also need to track SEC staff statements on AI, which have moved faster in 2024. If you're an RIA, the SEC's marketing rule and its treatment of AI-generated testimonials and endorsements adds complexity that FINRA guidance alone won't cover. And if your AI system touches customer financial data, state-level privacy laws including the CCPA in California create additional obligations that sit entirely outside FINRA's scope.