Govern · Financial Services AI Governance
Can a wealth management firm use LLMs with client data?
June 2026 · Jason Lee
Yes. No securities rule prohibits using large language models with nonpublic client information. What the rules prohibit is how most firms are currently doing it: advisers pasting client details into personal AI accounts, with no vendor agreement, no retention of the record, and no supervision.
Regulators have been explicit that existing obligations apply to AI — nothing about a model exempts a firm from privacy, recordkeeping, or supervisory rules. The difference between an examination finding and a defensible deployment is architecture. Here is what that architecture looks like.
What regulators actually require
There is no AI rulebook to wait for. The obligations that govern an LLM deployment are the ones an RIA or broker-dealer already lives under:
- Safeguarding client information — Reg S-P and the GLBA Safeguards Rule. Nonpublic personal information must be protected wherever it flows, and that duty follows the data to your vendors. An AI provider handling client data is a service provider you must select and oversee with due diligence, bind contractually, and monitor. Finance has no BAA; the due-diligence file plus a data processing agreement is how your compliance boundary extends to the vendor.
- Books and records. Business communications and records don’t stop being business records because a model helped produce them. AI-assisted client communications, meeting summaries, and advice drafts belong in your retention system like any other record. The industry has already paid heavily for off-channel communications; an unlogged AI tool is the next off-channel.
- Supervision. FINRA and the SEC have both signaled that generative AI use falls under existing supervisory obligations. If your written supervisory procedures don’t address AI, your staff’s AI use is unsupervised by definition — and it is happening either way.
- Fiduciary duty and the Marketing Rule. Model output that reaches a client — advice, performance discussion, marketing copy — carries the same standards as if a human wrote it alone. That means adviser review before anything client-facing, and marketing-rule review for anything promotional. Regulators have also shown they will act against firms that overstate what their AI does; say less, prove more.
None of this is new law. It is your existing compliance program, applied to a new category of vendor and a new channel of communication.
The reference architecture
The design principle: client data never leaves your compliance boundary — instead, due diligence and a DPA extend your boundary to cover the vendor, and every exchange lands in your books and records.
Three zones, one rule.
Zone 1 — Your systems. Portfolio management and CRM, custodian data feeds, the document vault, and the advisers and staff who work them. Nothing here changes.
Zone 2 — The AI gateway. The part most firms skip, and the part examiners will ask about. Every AI request from your people or systems passes through a control layer you own:
- Identity first. Single sign-on and role-based access. No anonymous prompts, no personal accounts, ever.
- Data minimization, enforced. The gateway strips or masks nonpublic personal information the task doesn’t require before anything leaves your systems. A meeting-prep summary doesn’t need account numbers attached.
- Approved use cases only. The gateway permits the workflows your WSPs sanction and blocks the rest — with client-facing and promotional outputs flagged for the review queue. A policy that lives in a PDF is a suggestion; a policy that lives in the gateway is supervision.
- Books-and-records capture. Every prompt and every response, archived in your retention system, attributable to a person. This is the control that turns AI from an off-channel liability into a supervised channel.
Zone 3 — The LLM provider, under DPA and due diligence. An enterprise API endpoint — not a consumer chat app — with the vendor-oversight file to match: completed due diligence, a signed data processing agreement, zero data retention, no training on your data, and encryption in transit and at rest. Verified in the vendor’s data processing terms, not assumed — the enterprise and consumer tiers of the same product carry different terms.
The return path matters as much as the outbound one. Model output routes back through the gateway, gets archived, and lands in front of an adviser — and, where it’s client-facing or promotional, in front of compliance — before it reaches a client or a record of advice. Human review isn’t a courtesy; for a fiduciary it is the control.
And the blocked lane. Personal ChatGPT accounts, free-tier assistants, browser extensions: no DPA, no retention, no supervision trail, no recall. Blocked by policy and, wherever possible, by network controls. A ban without a sanctioned alternative pushes usage underground — advisers will not give back the hour a day these tools save them. The gateway is the sanctioned alternative.
The five conditions, as a checklist
- Vendor due diligence completed and a signed DPA with every AI vendor touching client data
- Zero-retention, no-training configuration, verified in the vendor’s data processing terms — not assumed
- A gateway you control: SSO, role-based access, data minimization, use-case allowlist mapped to your WSPs
- Every prompt and response captured into books and records, attributable to individuals
- Adviser review before AI output reaches a client, a record of advice, or a marketing channel
Meet all five and the question changes from “can we use LLMs with client data” to “which workflows first.” Miss any one and you have built the next off-channel communications problem — with better grammar.
Where firms get this wrong
- The silent default. Advisers are already pasting client situations into consumer tools because it saves an hour of meeting prep. Surveys consistently put unsanctioned AI use at a majority of employees. The exposure exists today; the only question is whether your CCO can see it.
- DPA-by-assumption. “The vendor is big, surely it’s covered” is not vendor oversight. Verify the tier you are actually on and file the diligence.
- The recordkeeping gap. Firms that learned the off-channel lesson on texting are re-creating it on AI. If a model helped draft a client communication and no record was retained, the problem isn’t the model.
- Marketing without review. AI-drafted performance language and promotional copy flowing to clients without marketing-rule review — or worse, public claims about AI capabilities the firm can’t substantiate. Regulators have already brought actions over overstated AI claims. Say less, prove more.
What this makes possible
With the architecture in place, the workflows with the strongest ROI in wealth management are the ones consuming your advisers’ week: meeting preparation and post-meeting summaries, client reporting drafts, RFP and DDQ responses, KYC and document summarization, and compliance-review triage — each measured in adviser hours recovered per week, each with a human in the loop.
This article describes a reference architecture, not legal or compliance advice. Your counsel and chief compliance officer own the final call — this is the material to bring them.