Governance & Program Info
Advisor Copilots & Conversational Finance — Governance
Cross-builder institution context and per-item ownership, due dates, status, and next actions for the governance-relevant checklist items in this builder.
Institution context
Program info
Applies across every builder in the app. Stored locally; nothing leaves the browser.
Checklist governance
Items (0 of 11 marked complete)
Annotate ownership, due date, status, and next action. Items on the left come from the builder's governance / compliance phases.
05 · Governance & Compliance
Implement FINRA four-pillar GenAI governance program
FINRA 2025 Annual Regulatory Oversight Report requires: (1) low-risk exempt list, (2) prohibited use list, (3) risk-assessed use cases with mitigation, (4) inventory of higher-risk production use cases with monitoring.
05 · Governance & Compliance
Address FINRA Notice 24-09 specific risks
Recordkeeping, customer information protection, risk management, and Reg BI compliance for GenAI in client-facing contexts.
05 · Governance & Compliance
Apply FINRA Rule 2210 communications supervision
AI-generated communications with clients are business communications subject to 2210 review and 4511 retention.
05 · Governance & Compliance
Apply SEC Investment Advisers Act fiduciary duty to AI output
Registered investment advisers owe a fiduciary duty under the Advisers Act that extends to any AI-generated advice delivered to clients.
05 · Governance & Compliance
Monitor proposed SEC AI-advisory rulemaking
Track the 2023 proposed rule on predictive data analytics and its evolution — the acceptable-use perimeter is still forming.
05 · Governance & Compliance
Apply Reg BI (17 CFR 240.15l-1) at the point of recommendation
Best-interest obligation, reasonable basis, customer-specific suitability, and disclosure requirements attach to every AI-generated recommendation.
05 · Governance & Compliance
Comply with SEC Rule 17a-4 electronic recordkeeping
Copilot outputs delivered to clients are communications subject to Rule 17a-4 retention, indexing, and non-rewriteable storage requirements.
05 · Governance & Compliance
Complete SR 11-7 model documentation for copilot
Federal Reserve SR 11-7 model risk framework applies — documentation, independent validation, and ongoing monitoring are required for any consequential-decision model.
05 · Governance & Compliance
Map EU AI Act Annex III obligations for EU clients
The EU AI Act entered into force in 2024; Annex III covers high-risk AI systems including those in financial services. Firms serving EU clients must map obligations.
05 · Governance & Compliance
Board-level AI governance reporting
Copilot adoption, supervisory disposition rates, grounding failure rates, and enforcement exposure should appear in board risk reporting.
05 · Governance & Compliance
Independent model validation (second-line)
Independent validation of retrieval quality, citation grounding, and recommendation suitability — must be independent of development.