SEC AI Enforcement and Examination Priorities
Four named actions, two consecutive exam-priority cycles, and a withdrawn rule that means enforcement now rests on existing antifraud and recordkeeping authority.
The AI Washing Era Opens — March 18, 2024
On March 18, 2024, the SEC settled simultaneous "AI washing" actions against Delphia (USA) Inc. and Global Predictions Inc., totaling $400,000 in civil penalties for false and misleading statements about their AI use in investment processes.
Then-Chair Gary Gensler framed the priority directly: "We find that Delphia and Global Predictions marketed to their clients and prospective clients that they were using AI in certain ways when, in fact, they were not." The penalties were modest. The signal was not.
Every Named AI Enforcement Action Through 2026
Active enforcement, escalating penalties, and a low bar for "false or misleading"
Delphia (USA) Inc.
AI washing. $225,000 civil penalty. Investment-process AI misrepresentation.
Why it matters: First explicit SEC AI enforcement against an investment adviser.
Global Predictions Inc.
AI washing. $175,000 civil penalty. Same simultaneous-settlement action as Delphia.
Why it matters: Establishes the misrepresentation framework as the SEC's primary AI lever.
Rockwell Capital Management
AI washing combined with other charges. Approximately $1.8 million combined disgorgement and civil penalties.
Why it matters: Largest single-case AI-washing monetary outcome to date.
Presto Automation Inc.
First AI-washing action against a public company. No civil penalty, no disgorgement, no monitor.
Why it matters: Reputational consequence-only outcome; the precedent expands to public-company disclosure.
Nate Inc. (Former CEO)
Parallel SEC/DOJ fraud charges over $42M+ raised on false claims the shopping app used AI when it relied on overseas human workers.
Why it matters: AI washing intersects with traditional securities fraud at high dollar values.
Active and Escalating
Four named actions in fourteen months. Penalties escalating from $175K to ~$1.8M. Bar for "false or misleading AI representation" is low.
Why it matters: Every adviser and broker-dealer with AI in any client-facing process should expect exam scrutiny.
The Three Failure Modes the SEC Will Pursue
From Delphia and Global Predictions — what "fair and accurate" means in practice
Capability Inflation
Claiming a model does things it does not — predict markets, optimize portfolios, etc.
Why it matters: Most common failure mode in marketing materials.
Disclosure Misrepresentation
Form ADV brochure language describing AI use that does not match operational reality.
Why it matters: The Form ADV is the highest-stakes disclosure surface.
Marketing-vs-Reality Gap
Marketing materials claiming AI-driven outcomes where the underlying process is rule-based or human.
Why it matters: The standard is not 'AI is good marketing' — it is 'what you say must match what you do.'
The Predictive Data Analytics Rule Is Dead
The SEC's July 2023 proposed rule on Conflicts of Interest Associated with the Use of Predictive Data Analytics by Broker-Dealers and Investment Advisers was formally withdrawn on June 12, 2025, as part of a sweep of 14 prior-administration proposals. The SEC stated it "does not intend to issue final rules."
Any future regulation would require restarting rulemaking. There is no specific AI rule for broker-dealers and investment advisers. The enforcement framework rests on existing rules — Rule 17a-4 (recordkeeping), Reg S-P (privacy), Regulation Best Interest, and Investment Advisers Act fiduciary duty. The Delphia line of enforcement applies the antifraud provisions to AI claims.
Examination Priorities — 2025 and 2026
SEC Division of Examinations has named AI explicitly in two consecutive priority cycles
Reg S-P 2024 Amendments — The Privacy Enforcement Vector
Adopted May 16, 2024 (effective August 2, 2024) — and now in force
Customer Notification
Covered institutions must notify affected individuals of customer-information breaches as soon as practicable, no later than 30 days after discovery.
Why it matters: AI vendor breaches trigger the same clock.
Service Provider Notification
Service providers must notify the covered institution within 72 hours of becoming aware of unauthorized access.
Why it matters: Directly implicates AI vendors handling customer data — the firm must know who they are.
Written Incident Response Program
Required, with service-provider oversight. AI vendors sit inside the program.
Why it matters: Documented procedures examiners will ask for.
Compliance Dates
December 3, 2025 for larger entities (RIAs with ≥$1.5B AUM and large B-Ds). June 3, 2026 for smaller entities.
Why it matters: Larger entities are already past compliance date.
Audit-Readiness Checklist
Seven artifacts examiners typically want with AI on the agenda
AI inventory
Every AI tool, model, or vendor in use across the firm.
Form ADV / disclosure mapping
What the firm says about AI vs. what it does.
Reg S-P service-provider files
Due diligence and contracts for every AI vendor handling customer information.
17a-4 / 4511 retention plan
Where AI-generated business communications are stored, and for how long. See /financial-services-industry/ai-recordkeeping-finance/.
2210 supervision documentation
Pre-publication review of AI-generated client communications. See /financial-services-industry/finra-ai-guidance/.
Marketing review
Marketing materials reviewed against actual AI capabilities — the Delphia question.
Incident response plan
30-day customer notification and 72-hour service-provider workflow.
SEC AI Enforcement — FAQ
What was the first SEC AI enforcement action?
On March 18, 2024, the SEC settled simultaneous 'AI washing' actions against Delphia (USA) Inc. and Global Predictions Inc., totaling $400,000 in civil penalties for false and misleading statements about their AI use in investment processes. It was the SEC's first explicit AI enforcement against investment advisers.
Is the SEC's Predictive Data Analytics rule still pending?
No. The SEC formally withdrew the proposed rule on June 12, 2025, as part of a sweep of 14 prior-administration proposals. The SEC stated it 'does not intend to issue final rules' — any future regulation would require restarting rulemaking. AI enforcement now rests on existing rules (17a-4, Reg S-P, Reg BI, IAA fiduciary duty).
Is AI a SEC examination priority?
Yes, in both 2025 and 2026. The SEC Division of Examinations 2025 Priorities explicitly named AI as a focus area; the 2026 Priorities (released November 2025) extended that focus to 'automated investment tools, AI technologies, and trading algorithms.' Registrants with AI in any client-facing process should expect exam questions on disclosures, governance, and supervision.
What does "fair and accurate" AI representation mean to the SEC?
It means a firm cannot claim to use AI in ways it does not. Capability inflation (claiming a model does things it cannot), material misrepresentation in Form ADV brochures, and marketing-vs-reality gaps are the three failure modes the SEC has signaled it will pursue under the Delphia / Global Predictions framework.
Related Resources
Continue across the silo or bridge to a core hub
FINRA AI Guidance
How FINRA's Notice 24-09 framework complements SEC enforcement
Read article →AI Recordkeeping (17a-4 and 4511)
The 17a-4 retention regime that underpins exam findings
Read article →AI in Wealth Management and Fiduciary Risk
How the robo-advisor enforcement line maps to AI-assisted advice
Read article →AI Observability and Compliance
Audit logs and decision traceability that satisfy exam requests
Read article →OCR AI Enforcement
The federal-enforcement parallel from healthcare on AI disclosure adequacy
Read article →Audit Your Firm's AI Representations and Supervisory Framework
Free Shadow AI Assessment audits your Form ADV against operational reality, your Reg S-P service-provider files, your retention plan, and your pre-publication review workflow.