AI Marketing: Compliance Burden to Competitive Edge

By John Bruni, Compliance Associate

Generative AI is now all over the marketing stack—drafting thought pieces, rewriting landing pages, suggesting headlines, even assembling performance visuals. For those in the investment management and advisory space, AI’s productivity boost comes with non-trivial regulatory risk. The SEC has already brought “AI-washing” cases, and the Division of Examinations staff have included AI in their 2025 Exam Priorities. Firms utilizing AI tools in marketing must manage risk by establishing controls that prevent misleading claims, preserve evidence of substantiation, and integrate privacy/security obligations for data used to fuel AI.

Prevent misleading claims

AI can draft content faster than any marketing associate — but it also can make confident statements that aren’t accurate. For example, AI may pull information from an outdated source and present that information as current. That’s a major issue when your communications are subject to the SEC Marketing Rule. Advisers need to ensure AI-generated text isn’t inadvertently exaggerating performance, misrepresenting investment strategy, or implying outcomes that are guaranteed. The simplest safeguard is human review: require a qualified compliance or marketing reviewer to sign off on all externally facing AI-generated content, just as they would any other advertisement or client communication. At the recent SEC Roundtable on Artificial Intelligence, SEC Commissioner, Hestor Pierce, noted the innovation and fear surrounding AI and stated that “we can accomplish yet more by combining our intelligence with artificial intelligence.” Human beings should remain an integral part of any function that involves AI because it leads to the more compliant results. As we’ve heard time and time again from the SEC, do what you say and say what you do. That becomes even more relevant when using this type of technology.

Preserve evidence of substantiation

When AI tools are used to draft or refine marketing materials, it’s easy to lose track of where claims came from. But under the SEC Marketing Rule, advisers must be able to substantiate statements of fact, whether it be performance metrics, case studies, or conflicts of interest. That means maintaining records of the source data and assumptions that feed any AI-driven content. If a large language model inserts a claim about “historical outperformance” or “strong risk-adjusted returns,” your documentation should show the data source and calculation method. This highlights the importance of proper recordkeeping of marketing materials and the accompanying backup. Lack of backup documentation may lead to violations of the SEC books & records rule.

Integrate privacy and security controls

Finally, AI tools are only as compliant as the data they process. Advisers must ensure that no personally identifiable, or client-confidential, information is entered into open AI models or third-party platforms that may reuse or retain data. Failure to do so opens the firm up to a range of issues including, but not limited to, privacy violations, cyber incidents, and breaches of fiduciary duty. Mitigating these risks requires updating data handling policies, vendor due diligence checklists, and employee training to reflect the risks of generative AI. This becomes even more relevant with the upcoming implementation of Regulation S-P amendments[1]. Some firms are creating safe-use policies — limited, internal-only models trained on firm-approved data — while others are limiting the use of AI systems altogether. Either way, privacy and cybersecurity policy should be part of any AI implementation conversation from the start. Guardrails are the bedrocks of compliance when it comes to AI utilization.

AI can be a legitimate differentiator for advisers, driving smarter content, faster client service, and leaner operations. But like any emerging technology, it introduces new points of regulatory exposure. The key is to approach AI with the same compliance rigor you’d apply to managing your client’s assets: document your process, test your controls, and keep experienced staff firmly in the loop. Momentum is on your side — as long as compliance is too.

[1] Effective date for large advisors ($1.5B or more AUM): December 3, 2025 | Effective date for all other advisors: June 3, 2026