S6:E10 | Building Compliance in an AI World | Compliance in Context

Written By Patrick Hayes
 

Welcome back to the Compliance In Context podcast! On today’s show, we discuss how to build a culture of compliance in AI world and some best practices firms are using now to build AI into their respective operations and compliance programs. In our Headlines section, the SEC to Raise Qualified Client Threshold for Performance-Based Fees, SIFMA Re-urges the SEC to Overhaul Communications Retention Rules, and SIFMA Urges SEC to Overhaul Communications Retention Rules, and finally, we close up today with another installment of Outtakes, where we review a recent enforcement action involving fraud and registration charges against three venture capital fund managers and their owner.

Show

Headlines

  • SEC issued a final order that adjusts the dollar amount thresholds for “qualified clients” under Rule 205-3 of the Investment Advisers Act

  • SIFMA Urges SEC to Overhaul Communications Retention Rules

Interview with Erik Olsen

  • How are you seeing firms successfully use AI, both inside and outside of compliance?

  • Have you developed an AI policy?

  • What voices inside the firm did you engage to help draft it (i.e. what departments were consulted)?

  • From an operational perspective, what are the key considerations firms should consider before implementing AI into their systems and processes?

  • What impact has incorporating AI into your firm had from a compliance perspective?

  • What are some of the best practices you see firms implementing across the compliance program to foster a “culture of compliance” where AI feels ever present?

  • Where do you see AI going in the future and what steps are you taking now to help accommodate the changing environment?

Outtakes

  • SEC charges venture capital fund managers for making false and misleading disclosures, failing to disclose certain conflicts of interest and failing to comply with Securities Act and Investment Company Act registration requirements.

Quotes

14:13 – “Well, it’s, it’s the new shiny toy, right? It’s the souped-up new shiny toy that, as we always hear, you know, our neighbors down the street have and we don’t have, right? The same way they do marketing or, or something like that. So yeah, I agree with you. We got to figure out what is the use case for us because in, you know, us, you, them, it-it’s not going to be equal. Even though we all do asset management, you know, as we know within even the product lineup and the strategies we offer, it’s not all equal. So we do have to do that analysis. What do we use it for? What type of firm are we? Like I said at the top, we’re about 39 people. That AI use may look totally different than a shop that’s 1,000 people, right? Not only just what it... how you use it, what you’re using it for, but even how you even get to implement it.” – Erik Olsen

16:43 – “We are Microsoft Suite users, right? Copilot is basically in there. So we gave everyone the ability to use Copilot for work-related stuff. And in our acceptable use policy, which is an IT-owned policy, we had a section dedicated to large language learning models and AI and what you--basically the limitations. It was basically Copilot or bust. Here are the finer points. You know, put restrictions around trying to get backdoor access to Claude or Gemini or ChatGPT, whatever, et cetera. So that’s been kind of the last, again, let’s say, call it a year. And of course, people want more, which is fine. And the constant pullback was, “Yes, we want, we want more. Explain that to us,” and us really meaning—my firm, IT and compliance—to help us understand. We’re not against it. Like, that’s we--that was kind of the reaction. We’re not against it. We just want to understand what you want to use it for and to the part of we need governance first.” – Erik Olsen

28:24 – “Sometimes people view any kind of AI…like they view AI like the boogeyman, right? They’re like, it, it’s scary to them, and, and they’re worried about what their employees are going to do if they get involved with it. At the same time, like, when you go and do code of ethics training right now, at the end of the day, you are relying on people, given the training that you’ve conducted, that they’re going to disclose all of their personal brokerage accounts, that they’re going to tell you about all of their outside business activities, that they’re going to inform you when they make political contributions. And of course, there are some things we can do to help supervise that or test against some of that. But at the end of the day, you’re also very much relying on employees to incorporate the training that you’ve conducted into their day-to-day business and operations, and then making them certify to the notion that, “Hey, I’ve abided by the firm’s compliance policies and procedures.” – Patrick Hayes

35:57 – “We saw one person that, you know, was maybe a little skeptical about AI, and they got shown one of the tools and what it could do, and 180 them. Like, “Oh. Oh, yeah, okay, yeah. I want that now.” So they... I think some people, right, are, are hesitant or skeptical, like a lot of things, and not just AI. But, uh, you can show them some positive, you know, nature of it, and they’ll, they’ll swing around, and-Yeah-they’ll be all over it too.” – Erik Olsen

Audiogram

Resources:

Compliance in Context Contact Form 

LinkedIn: Compliance in Context, NSCP

Twitter: @compliancepod

Websites: Compliance in Context, NSCP

Patrick Hayes
Next

S6:E9 | FINRA Forward and Some New Rulemaking | Compliance in Context