AI Chat for Financial Advisors & RIAs
SEC Rule 17a-4 recordkeeping. FINRA expectations. Why consumer AI breaks both. What compliant AI looks like for an RIA or independent advisor.
Two regulatory worlds
Before you pick an AI tool, you need to know which set of rules you live under. Most advisors don't think about this clearly because the day-to-day work feels the same. The recordkeeping obligations are not the same.
Registered Investment Advisers (RIAs) are regulated under the Investment Advisers Act of 1940. Recordkeeping rules sit in Rule 204-2. Your principal regulator is either the SEC (if you manage above the AUM threshold) or your state securities administrator.
Broker-dealers and registered representatives are regulated under the Securities Exchange Act of 1934 and FINRA rules. Recordkeeping sits in SEC Rule 17a-3 (what to keep) and Rule 17a-4 (how to keep it). FINRA Rule 4511 reinforces the books-and-records obligation.
A lot of small firms touch both. You might be an RIA with a separate broker-dealer affiliation, or a hybrid practice where some accounts are advisory and some are brokerage. Your AI tool needs to satisfy whichever rule applies to the work it's being used for. In practice, that usually means designing for the stricter standard and applying it to everything.
SEC Rule 17a-4 in plain English
Rule 17a-4 is the rule everyone in the industry talks about. Even RIAs reference it as shorthand, even though Rule 204-2 is the technically correct citation for them. Here's what 17a-4 actually requires, in plain English.
Retain communications. Anything that's a communication with a customer, or a record relating to your business, needs to be preserved. Email, chat, SMS, voicemail, social media, and yes, AI prompts and outputs that become communications.
Keep them accessible. Records must be readily producible to examiners on request. The first two years easily accessible, the rest of the retention period in archive.
Keep them immutable. Some categories must be stored in a non-rewriteable, non-erasable format. This is the WORM requirement (write-once, read-many). Modern compliant alternatives exist, but the principle is the same: a record can't be altered after the fact.
Retain them for the right period. Generally three to six years depending on the category, with longer for some account-opening documents and corporate records. Customer communications under 17a-4(b)(4) are three years. Investment Advisers Act Rule 204-2 generally requires five years.
Retain. Archive. Make accessible. Make immutable. Customer communications and business records get captured, stored in a tamper-resistant format, kept for years, and produced on demand when an examiner asks. The rule is about being able to reconstruct what happened. AI prompts and outputs that touch client communications fall inside that perimeter.
FINRA expectations
If you have any FINRA-registered representatives in the practice, FINRA layers additional expectations on top of the SEC rules. Three things matter for AI specifically.
Supervision. FINRA Rule 3110 requires firms to supervise their representatives' communications with the public. If a rep uses AI to draft a client email or a marketing piece, that output is a communication that needs to be reviewed and approved through the firm's supervisory process before it goes out.
Books and records. FINRA Rule 4511 reinforces the firm's obligation to make and preserve books and records under 17a-3 and 17a-4. If AI output becomes part of a client deliverable, a working paper, or a communication, it's a record. It gets preserved like any other record.
Communications with the public. FINRA Rule 2210 governs the content standards for communications with the public, including correspondence, retail communications, and institutional communications. AI-drafted content has to meet the same standards: fair and balanced, not misleading, and properly approved before distribution.
The throughline: AI output isn't a separate category. It gets treated the same way you'd treat anything a rep wrote by hand. The fact that a model produced the first draft doesn't change the firm's obligation to supervise, review, and archive.
Where consumer AI breaks recordkeeping
This is where ChatGPT, Claude.ai, Gemini, and the other consumer chatbots fall apart for advisors. None of them were designed with 17a-4 or 204-2 in mind. The breakage happens in four places.
No firm-side archive. The conversation lives in the vendor's account, on the vendor's servers, attached to the user's personal login. Your compliance archive (Smarsh, Global Relay, Proofpoint) never sees it. There is no record on your side.
No immutable record. The user can edit the conversation title, delete the thread, or clear history at any time. There's no WORM enforcement. The opposite, actually: consumer chat is built to let users curate their own history.
No examiner-accessible export. When the SEC or a state examiner shows up and asks for two years of communications, you can't hand them an export of every employee's ChatGPT account. The format isn't there, the permissions aren't there, and you don't even own the data.
No supervision interface. A principal can't review what reps are sending to consumer AI. There's no queue, no flag, no audit trail. Supervision under Rule 3110 isn't possible because the surface isn't visible.
Even if a rep is using consumer AI for something that "feels" non-record-creating, the perimeter is fuzzy. A research summary becomes a client memo. A draft email becomes a real email. By the time the output crosses the line, the prompt and the response are already lost on the vendor's servers and the firm has no copy.
What compliant AI for advisors actually requires
"Compliant AI" isn't one thing. It's a stack of requirements that have to be true at the same time. If your vendor checks all of these, the tool can sit comfortably inside an advisory practice.
- Vendor agreement covering confidentiality. The contract treats prompts and outputs as your firm's confidential information, not the vendor's data.
- Retention controls aligned with your archive. The vendor either feeds your existing 17a-4 archive directly, or exposes an API the archive can pull from. Your archive is the source of truth, not the vendor.
- No training on your data. Prompts and outputs are not used to train the underlying model, and not used by the vendor for any other secondary purpose.
- Audit log. Every prompt, every output, every user, every timestamp. Exportable. Accessible to compliance.
- Encryption. TLS in transit, AES-256 at rest, key management documented.
- SOC 2 Type II. Independent attestation that the vendor's security controls actually work.
- Breach SLA. Defined notification window when something goes wrong. Your firm needs that to meet its own breach-notification obligations.
- Sub-processor disclosure. A list of who else touches the data (cloud provider, model vendor, monitoring tools) so your due diligence covers the whole chain.
Read the Anthropic DPA explained piece if you want a concrete walk-through of what each of those clauses looks like in a real contract.
Hybrid pattern: AI tool plus compliance archive
Almost no compliant deployment uses one vendor for both AI and recordkeeping. The pattern that works, and the one your compliance consultant will probably recommend, is two separate vendors connected together.
AI vendor (Anthropic, OpenAI, Private Claude Business) provides the model and the chat interface. Confidential terms, no training, audit logs.
Compliance archive (Smarsh, Global Relay, Proofpoint, Mimecast) provides the WORM storage, retention, eDiscovery, and examiner-ready export. This is where the books-and-records obligation actually gets satisfied.
Integration connects them. Either the AI vendor pushes a copy of every prompt and output to the archive via API or journaled email, or the archive pulls from a logging endpoint. Either way, the archive holds the canonical record.
This is the pattern your firm already uses for email. Your email provider is one vendor. Your email archive is another. The two are wired together. You're not asking your AI vendor to become an archive. You're asking it to play nicely with the one you have.
Use cases that work
With the hybrid pattern in place, AI starts to earn its keep. The use cases that fit cleanly inside an advisory practice without inventing new compliance headaches:
- Client memo drafting. First-draft of a market commentary, a quarterly letter, a financial-planning summary. The rep edits and a principal reviews before it goes out.
- Market research synthesis. "Summarize these three sell-side reports in plain English." Internal use, working paper.
- Investment Policy Statement drafting. Pull risk tolerance, time horizon, and constraints into a structured IPS draft. Compliance reviews before it's signed.
- Internal memos and meeting prep. Briefing documents for an upcoming client meeting based on the file. Internal-only.
- Compliance and policy Q&A. "What does our supervisory procedure say about X?" The model reads your policy manual; the rep gets a quick answer.
- Form letter and template generation. RMD reminders, account-update notices, generic onboarding language.
- Translation and plain-English rewrites. Take a dense planning concept and rewrite it for a client at their reading level.
For more on how this pairs with general compliance for small practices, see AI compliance for small practices.
Use cases that need extra care
Some advisor workflows touch enough sensitivity that "we have an AI tool, point and shoot" isn't enough. These need extra structure.
Anything involving material non-public information (MNPI). If you have access to MNPI through any channel (a board seat, a 13D position, a deal in flight), running it through any external AI vendor creates a containment problem. Even with a no-training contract, the prompt is leaving your firm's perimeter. Talk to compliance before you do this. Some firms restrict AI use to public information only.
Anything that becomes a communication TO a client. The moment AI output gets sent to a client, it's a communication. It needs supervisory review under FINRA 3110, content review under FINRA 2210, and archive capture under 17a-4 or 204-2. Workflow: AI drafts, rep edits, principal approves, system sends, archive captures. Don't skip steps.
Anything that creates a recommendation. Suitability rules require an analysis of the client's profile against the recommendation. AI can support that analysis, but it can't replace the rep's documented judgment. Don't let the model produce "buy this" output that goes out without a real suitability process behind it. Reg BI applies to broker-dealer reps; the Advisers Act fiduciary duty applies to RIAs. Both demand the same discipline.
Anything advertised externally. AI-generated marketing content is still marketing. It needs to comply with the SEC Marketing Rule (for RIAs) or FINRA 2210 (for broker-dealers), including any testimonial, performance, or hypothetical-result restrictions.
Vendor checklist for advisors and RIAs
Print this. Walk through it with any AI vendor before you sign. If you can't get a clean "yes" on these ten items, you're not ready to deploy.
| # | Question | What "yes" looks like |
|---|---|---|
| 1 | SOC 2 Type II report | Available under NDA, recent (within last 12 months) |
| 2 | Vendor policy aligned with 17a-4 / 204-2 | Vendor understands the rules and won't fight integration |
| 3 | Integration with our compliance archive | API, journaled email, or webhook to Smarsh / Global Relay / Proofpoint |
| 4 | Retention configurable | Vendor's own logs purge on a schedule we control or align with |
| 5 | Training opt-out | Contractual, default-on, no exceptions |
| 6 | Audit log access | Per-user, per-prompt, exportable, includes timestamp and model version |
| 7 | Breach notification SLA | Defined window (24-72 hours) with named contact |
| 8 | Sub-processor disclosure | Full list, with notification on changes |
| 9 | Encryption at rest and in transit | TLS 1.2+ in transit, AES-256 at rest, documented key management |
| 10 | Deletion on demand | Vendor can purge our data within a defined window when we offboard |
If you've done DPA reviews with other SaaS vendors, this list will look familiar. AI vendors aren't a different species. They just need to satisfy the same controls.
What Private Claude Business offers an RIA
Private Claude Business is built on the Anthropic API, which means the model-side terms are already advisor-friendly: no training on your prompts, 7-day operational log auto-delete, and Anthropic's published DPA. We add the layer on top that an advisory practice needs.
- Confidential vendor terms. Your prompts and outputs are your firm's confidential information. We don't read them, we don't repurpose them, we don't share them.
- Anthropic API 7-day auto-delete. Anthropic keeps operational logs for 7 days for abuse detection, then auto-purges. Your firm should still archive the conversation in your own compliance system if it qualifies as a record under 204-2 or 17a-4. We are not the archive.
- Audit logs. Per-user, per-prompt, exportable. Your compliance team or principal can review what reps are using the tool for.
- Archive integration support. Configurable hooks to feed Smarsh, Global Relay, Proofpoint, or your existing archive. We help you wire it up.
- $1,449 per year per seat for small RIAs. Confidential terms, audit logs, configuration support, and standard Private Claude features. Your archive is separate, the same way your email retention is separate from your email provider.
The full Private Claude Business overview walks through the rest of the deployment, including SSO, user management, and how the BAA-backed tier works for advisors who also handle PHI on a separate book.
Frequently asked questions
Does SEC Rule 17a-4 apply to RIAs?
Not directly. Rule 17a-4 lives under the Securities Exchange Act of 1934 and applies to broker-dealers. RIAs sit under the Investment Advisers Act of 1940, where Rule 204-2 governs recordkeeping. The two rules cover similar ground (retain communications, keep them accessible, preserve them for years) but the citations are different. Many small firms touch both regimes because they're dually registered or affiliated with a broker-dealer.
Can I use ChatGPT or Claude.ai in my advisory practice?
Not for anything that becomes a record. Consumer AI tools store conversations on the vendor's servers, don't integrate with your firm's archive, don't offer immutable retention, and don't expose audit logs to examiners. If a prompt or output qualifies as a communication or a working paper under your recordkeeping obligation, putting it in consumer AI puts you offside. Internal brainstorming on non-client topics is a different question, but the line moves fast.
Do AI prompts and outputs need to be archived?
If they qualify as books and records, yes. Drafts of client communications, suitability memos, IPS drafts, and any output that gets sent to a client all sit inside the recordkeeping perimeter. Internal research that never leaves your head is different. The safe posture: archive everything, then let your compliance team scope what's required. Most firms route AI output through the same archive that captures email, chat, and SMS.
What's WORM and do I need it for AI?
WORM stands for write-once, read-many. The SEC requires certain records be stored in a format that can't be altered after the fact. You don't need to host WORM storage yourself. Compliance archive vendors (Smarsh, Global Relay, Proofpoint) provide it. Your AI vendor doesn't have to be WORM. It just has to feed your archive, and your archive handles the WORM piece.
What retention period applies to AI-generated communications?
It depends on the record category. Customer communications and advertising sit at three years (with the first two years easily accessible) under 17a-4. Some categories run longer. Investment Advisers Act records under Rule 204-2 generally require five years, with the first two readily accessible. When in doubt, treat AI output the same way you'd treat email on the same topic and apply your existing retention schedule.
Does Anthropic train Claude on my prompts if I use the API?
No. On the Anthropic API, prompts and outputs are not used to train models, ever. Operational logs are kept for 7 days for abuse detection and then auto-delete. That's the contractual default. Private Claude Business runs on the API, so the same terms apply to your prompts. Your firm should still archive the conversation in your own compliance system if it qualifies as a record.
Is Private Claude an archive replacement?
No. We are the AI tool, not the archive. We give you confidential vendor terms, audit logs, no training on your data, and a chat interface that works for advisor workflows. Your firm should still pair us with a 17a-4 or 204-2 compliant archive (Smarsh, Global Relay, Proofpoint, or whatever you already use). The hybrid pattern is the norm in the industry, not the exception.
How much does Private Claude Business cost for a small RIA?
$1,449 per year for small RIA seats with confidential vendor terms, audit logs, and configuration support for archive integration. That covers AI usage for the seat. Your firm still pays for its archive separately, the same way you do for email retention today.
Private Claude for regulated teams.
BAA available. Zero data retention. Self-serve or deploy in your VPC. Talk to us about your compliance requirements.
Contact sales