AI & Work

Advisors: ChatGPT Can Violate SEC Reg S-P

Arpit TripathiArpit TripathiLinkedIn·July 2, 2026·11 min read

Pasting a client's financial info into consumer ChatGPT can put an adviser offside Reg S-P and FINRA supervision. Here is the compliant path.

Yes, pasting a client's financial information into consumer ChatGPT can put an investment adviser or broker-dealer offside SEC Regulation S-P and FINRA supervision rules. It sends regulated customer information to a third party the firm cannot supervise, and that transfer alone is the problem. Picture a busy advisor at month-end, dropping a client's account balances, holdings, and Social Security number into a chat window to draft a review summary faster. The draft looks harmless. The compliance exposure is not.

Most coverage of AI risk fixates on breaches: the fear that ChatGPT will one day leak your data to the world. That framing misses the near-term issue for regulated advisors. The disclosure to an unsupervised outside party is itself the compliance question, breach or no breach. This post walks through why, and how to give your team the same productivity without the regulatory tail.

The stakes are not abstract. Investment advisers and broker-dealers hold some of the most sensitive information a person owns: account numbers, balances, income, tax details, beneficiaries, and often a Social Security number. Regulators treat that data as a category apart, and they expect the firms entrusted with it to prove, not just assert, that it stays protected. A chatbot habit that quietly widens the circle of who holds that data undermines the proof.

The short answer: consumer ChatGPT moves regulated data outside your control

When an advisor types nonpublic personal information into a consumer AI tool, that data leaves the firm's systems and lands with a vendor the firm has no service agreement with, no supervisory reach over, and no documented controls governing. SEC Regulation S-P, codified at 17 CFR Part 248, requires broker-dealers and investment advisers to adopt written policies and procedures to safeguard customer records and protect the privacy of consumer financial information. Sending that information to a general-purpose chatbot is hard to reconcile with a safeguarding program the firm can actually stand behind.

The tool is not the culprit here. The firm is, because it can no longer answer basic examiner questions about that data: where it is stored, who can access it, how long it is retained, and whether it trains a model. Once those answers move outside the firm, the safeguarding obligation is no longer being met by the firm. It has been outsourced to a party that never agreed to it.

Insight

Here is what most guides won't tell you: you do not need a data breach to have a Reg S-P problem. The moment nonpublic client information reaches a third party your firm cannot supervise or govern by contract, the safeguarding and supervision questions are already live.

That reframing changes what a compliance team should watch for. You are not only hunting for leaks. You are hunting for the routine, well-intentioned habit of feeding client details into whatever tool is fastest, because each instance is a disclosure the firm cannot document or defend.

Consider how an examiner approaches this. They will ask to see the firm's written safeguarding policies, then ask how those policies map to the tools staff actually touch. If the answer is that advisors paste client data into a public chatbot with no agreement and no oversight, the written policy and the real practice have diverged. Examiners notice divergence. A safeguarding program that exists on paper but not in daily behavior is the kind of finding that turns a routine review into a deficiency letter.

Why FINRA Rule 3110 supervision is the second tripwire

For broker-dealers, the supervision obligation compounds the privacy one. FINRA Rule 3110 requires a firm to establish and maintain a supervisory system, including written supervisory procedures, reasonably designed to achieve compliance with securities laws and FINRA rules across the firm's business and its associated persons. A supervisory system has to reach the tools people actually use to conduct business.

Consumer ChatGPT sits outside that reach. The firm cannot log the prompts, cannot review the outputs, cannot retain the records, and cannot enforce a control at the point of use. When an associated person pastes client data into an ungoverned chat window, the firm has a gap between its written procedures and its real-world activity. That gap is exactly what Rule 3110 is designed to close.

A subtler failure mode compounds it. When a tool is convenient and unsupervised, use of it spreads informally. One advisor shares a prompt that works, a colleague copies it, and within weeks a workflow the compliance team never approved is embedded in how the office operates. By the time anyone documents it, the practice is entrenched and the client data has already traveled through the tool many times over. Supervision that arrives after the habit forms is supervision in name only.

  • Supervisability: A supervisory system under Rule 3110 has to cover the channels where regulated activity happens. An ungoverned chatbot is not one of them.
  • Recordkeeping: Prompts and outputs that touch client business may be records. If they live in a consumer tool, the firm cannot capture or retain them.
  • Written procedures: If your WSPs are silent on AI tools, staff will fill the silence with whatever is convenient, and that improvisation is the risk.

What the 2024 Reg S-P amendments added

On May 16, 2024, the SEC adopted amendments to Regulation S-P that raise the stakes for how firms handle customer information. The SEC's own press release describes the change: covered firms must maintain written incident-response programs and must notify affected individuals whose sensitive customer information was or is reasonably likely to have been accessed or used without authorization. The notice must go out as soon as practicable, but not later than 30 days after the firm becomes aware that unauthorized access to or use of customer information has occurred or is reasonably likely to have occurred.

These are no longer future deadlines. The amendments were published in the Federal Register on June 3, 2024. Larger entities had 18 months to comply, a deadline that landed on December 3, 2025, and smaller entities had 24 months, which passed on June 3, 2026. Both dates are now behind us, so the written incident-response program and the 30-day notification clock are live operating requirements for covered broker-dealers and investment advisers, not a rule still on the horizon. FINRA classifies which firms fall on each side of that line: broadly, an RIA managing $1.5 billion or more counts as a larger entity, and most other advisers and broker-dealers count as smaller entities. A firm that routinely ships client data into tools it cannot monitor will struggle to run a credible incident-response program, because it cannot even see the full universe of places client information has traveled.

Pro Tip

Read the new 30-day notice rule together with the ungoverned-tool habit. If you cannot inventory every place client data went, you cannot reliably scope a breach, and you cannot start the clock on time. Visibility is a prerequisite for the incident-response program the amendments now require.

The compliant path: three ways to handle AI, ranked

The safest posture is simple: keep identifiable client data out of any third-party model your firm cannot supervise and contract with. AI can still help with generic, non-client work. The distinction that matters is whether nonpublic personal information ever leaves the firm's control.

ConsiderationConsumer ChatGPTEnterprise / API with agreementKeep client data off third-party tools
Customer data leaves the firm's control?Yes, to an ungoverned vendorYes, but under a written agreement with defined termsNo
Supervisable under FINRA 3110?No, no logging, review, or retentionDepends on the agreement and firm controlsYes, activity stays within firm systems
Adds Reg S-P breach-notice exposure?Yes, expands where data livesReduced but must be assessedMinimized, data stays in-scope of firm program
Best fit forNever, for client PIIFirms that vet vendors and paper the termsClient-identifiable work and reviews

The middle column is not a free pass. An enterprise or API arrangement with a data-processing agreement, no-training terms, and defined retention can bring AI use back inside something a firm can supervise. But the firm still has to vet the vendor, document the controls, update its written procedures, and confirm the arrangement is consistent with Reg S-P and Rule 3110. The agreement is the starting line, not the finish.

The right-hand column, keeping identifiable client data off third-party tools entirely, is the cleanest posture for the highest-sensitivity work. It does not mean abandoning AI. It means drawing a bright line: brainstorming a market outlook, drafting a generic email template, or summarizing a public filing can happen with AI, while anything naming a client or exposing their financial details stays inside systems the firm governs. The line is easy to explain and easy to enforce, which is exactly what makes it defensible in an exam.

Practical steps for the compliance team

  • Write AI into your policies: State plainly what tools are approved, what data may go where, and what is prohibited. Silence invites improvisation.
  • Separate generic from client-identifiable work: Drafting a market-commentary template is different from summarizing a named client's holdings. Only the latter carries PII exposure.
  • Inventory data flows: Know every place client information can travel, because the 2024 amendments' incident-response and 30-day notice duties depend on that visibility.
  • Train the front line: Advisors adopt AI faster than policies update. Give them an approved workflow so the fast option is also the compliant one.
  • Vet vendors before you rely on agreements: A contract you have not read, or terms that permit training on your data, will not hold up in an exam.

The productivity you actually wanted, without the regulatory tail

The reason advisors reach for ChatGPT is real: they want a working context that remembers the client, the prior meetings, and the open items, so drafting a review does not start from a blank page every time. The mistake is putting that context in a consumer tool the firm cannot govern. The context is valuable. The container is the problem.

An advisor's working context belongs in a memory layer the firm controls, not scattered across chat windows a vendor owns. MemX is an external memory layer you control: it holds the context that follows your work across AI tools while keeping identifiable client information out of an unsupervised consumer model. It is private by architecture, with per-user isolation, encryption at rest, and on-device options, so the sensitive details stay where your firm's policies can reach them. MemX is not a compliance product and does not make any tool Reg S-P or FINRA compliant on its own; it gives your team a governed place to keep working context instead of pasting it into tools you cannot supervise.

The practical difference shows up in an exam. When context lives in a layer the firm owns, you can answer where data sits, who can reach it, and how long it stays. When context is scattered across consumer chat sessions, those answers vanish. Portability matters too: advisors switch models and vendors, and a memory layer that moves with the work means the firm is not re-exposing client data to a new third party every time the tooling changes.

Frequently Asked Questions
01Is it illegal to use ChatGPT as a financial advisor?

Using AI is not banned. The issue is putting nonpublic client information into a consumer tool your firm cannot supervise, which strains Reg S-P safeguarding duties and FINRA Rule 3110 supervision. Generic, non-client work carries far less exposure.

02Does pasting client data into ChatGPT violate Reg S-P?

It can. Reg S-P (17 CFR Part 248) requires firms to safeguard customer records and protect nonpublic personal information. Sending that data to an ungoverned third party is hard to square with a safeguarding program the firm can document and defend in an exam.

03Do I only have a problem if ChatGPT gets breached?

No. The compliance concern is the disclosure to an unsupervised third party itself, not just a future breach. Once client data leaves your control, the safeguarding and supervision questions are already live, breach or not.

04What did the 2024 Reg S-P amendments change?

The SEC now requires covered firms to keep written incident-response programs and to notify affected customers as soon as practicable, but no later than 30 days after becoming aware of unauthorized access to customer information. Compliance dates of December 3, 2025 (larger) and June 3, 2026 (smaller) have both passed.

05Can financial advisors use AI compliantly at all?

Yes. Use enterprise or API arrangements with a data agreement, no-training terms, and defined retention, keep identifiable client data in tools the firm controls, and write AI use into your supervisory procedures under FINRA Rule 3110.

The bottom line for advisors and their compliance teams: the fast AI shortcut and the compliant workflow do not have to be different things. Decide where client-identifiable information is allowed to live, keep it inside systems the firm can supervise, and give staff an approved path that is also the convenient one. Do that, and AI becomes a drafting aid instead of a standing Reg S-P and Rule 3110 exposure.

Read Next

Or try MemX to access 40+ AI models in one place — including Claude Sonnet 4.6 and GPT-5.4 — and get your questions answered today.

Was this article helpful?

Found this useful? Share it with someone who needs it.

Free · iOS, Android & WhatsApp

Stop losing what you save.
Let MemX remember it for you.

Every screenshot, photo, PDF and voice note — captured, encrypted, and instantly searchable. Ask in plain English, get the answer in seconds.

  • Reads text inside images and handwriting
  • Private and encrypted by default
  • Free to start, no credit card

Takes under a minute to set up. Your data stays yours.

Arpit Tripathi
Written by
Arpit TripathiLinkedIn

Founder of MemX. Ex-Google Staff Tech Lead Manager, ex-AWS Senior SDE (Elastic Block Store). Writes about practical AI on the MemX blog.

Keep reading

More guides for AI-powered students.