SEC Manual Update Targets AI in Finance

This update reflects a broader regulatory focus on AI that has been building for some time. The SEC's Division of Examinations specifically named AI and other emerging technologies as a priority for 2025, indicating plans to review how firms are monitoring and supervising their use of AI for functions like fraud prevention, trading, and anti-money laundering. The Enforcement Division has been particularly vocal, with Director Gurbir Grewal warning of a "perfect storm" brewing around AI and cautioning against "AI washing" – making unfounded claims about AI capabilities. This isn't just talk; the SEC has already settled charges against investment advisers for making false and misleading statements about their use of AI. For financial institutions, the challenge lies in integrating AI with legacy infrastructure while navigating complex regulations that weren't designed with AI in mind. The "black box" nature of many AI systems conflicts with regulatory demands for transparency and explainability, especially in areas like credit decisions and risk assessments. In response, the industry is seeing a push for robust AI governance frameworks that embed controls, traceability, and accountability throughout the AI lifecycle. Regulators expect firms to not only explain what their AI does but also how and why it does it, demanding clear human oversight and documented decision logic. This includes ensuring the quality and security of data used in AI systems and mitigating biases in AI-driven decision-making. The focus on internal controls is critical as AI adoption moves from pilot projects to production systems. Firms are being scrutinized on whether they have specific policies for AI use, how they manage AI-related conflicts of interest, and if they have business continuity plans for AI system failures. The SEC has been conducting sweeps of investment advisers, requesting detailed documentation on their AI risk management practices. Beyond just financial firms, the SEC has made it clear that public companies making disclosures about their AI adoption must ensure those statements are not materially false or misleading. The commission is looking at everything from AI-driven trading algorithms and chatbot functionality to predictive data analytics and AI-generated investment advice. This regulatory pressure is happening alongside the rapid evolution of agentic AI architectures and autonomous workflow patterns. As developers and enterprises experiment with these more advanced systems, the need for auditable and compliant API design becomes paramount. The lack of specific AI regulations means the SEC is currently applying existing securities laws to these new technologies. Looking ahead, the challenge for both firms and regulators will be to balance innovation with risk management. The development of standards for algorithm safety and testing will be crucial to prevent market distortions. For enterprise CTOs and architects, this means building AI systems with compliance and transparency as core design principles, not as afterthoughts.