Does the SEC Marketing Rule apply to AI-generated RIA marketing content?

Yes — unambiguously. SEC Rule 206(4)-1 (the Marketing Rule) applies to any advertisement the adviser disseminates, regardless of whether a human or an AI drafts it. That means substantiation, no misleading statements, testimonial and endorsement disclosure, performance presentation rules, and hypothetical performance rules all apply to AI-authored blog posts, emails, social content, and client letters. The SEC's 2024 AI Risk Alert and 2024-2025 enforcement actions make clear: 'AI washing' (overstating AI capabilities to clients or investors) is itself a Marketing Rule violation. Every AI-drafted marketing item needs CCO review before it is disseminated.

Can we paste client data into ChatGPT / Claude / Gemini to draft plans faster?

No. Client financial data is non-public personal information under Reg S-P and likely also under state privacy laws (CCPA/CPRA in CA, NY SHIELD, MA 201 CMR 17.00). Pasting it into a consumer LLM is a breach. Use only enterprise-tier tools with a signed DPA and contractual no-training — for example, Microsoft 365 Copilot with Purview, enterprise ChatGPT Enterprise / Team, Claude for Enterprise, or purpose-built RIA tools like Jump, Zocks, Mili, Zeplyn, or eMoney Advisor AI. CCO should maintain a vendor inventory with SOC 2 Type II evidence and a written AI governance policy — now effectively required by the SEC Division of Examinations' 2025 priorities letter.

Is it safe to use AI note-takers in client discovery meetings?

Yes, with four guardrails: (1) state recording consent — many states (CA, FL, MA, WA, PA, IL, MT, NH, CT, MD) require two-party consent. Get it in writing. (2) Vendor must be enterprise-tier with DPA + SOC 2 Type II. Zocks, Jump, Zeplyn, Mili, Pulse360, and Fireflies/Fathom Enterprise work; consumer tiers generally do not. (3) Transcripts and summaries are 'books and records' under Advisers Act Rule 204-2 — retain for 5 years in an accessible form. (4) CCO defines what the tool can auto-populate into the CRM and what requires human review. Never auto-populate investment recommendations.

What AI stack is actually working at $200M-$1B AUM RIAs in 2026?

Core: an AI-native meeting + CRM layer (Jump, Zocks, Zeplyn, Mili, Pulse360) feeding Redtail, Wealthbox, or Salesforce FSC. Planning: eMoney Advisor AI, MoneyGuidePro with MGP Blocks + MGP AI, RightCapital AI. Portfolio: Orion AI, Envestnet Insights, Black Diamond, Tamarac, Addepar AI. Trading + rebalancing: iRebal, Orion Eclipse, Pontera for held-away 401(k). Tax: Holistiplan, FP Alpha, Tax-Clarity. Compliance: MyRIACompliance, RIA in a Box, Hadrius, ComplySci, Smarsh for email archive. All enterprise-tier with DPAs. CCO-approved vendor list.

What is the single fastest AI win for a small RIA this quarter?

AI meeting-notes + CRM auto-population with advisor review before save. At firms with 75-250 households per advisor, this typically returns 3-6 hours per advisor per week, eliminates 'note debt,' and improves client-letter turnaround from 10 days to 3. Layer it with AI-drafted quarterly client letters (advisor + CCO sign) and you get the double win. Stay away from anything that auto-recommends trades — that is a Reg BI / fiduciary minefield.

How to Use AI for an RIA Firm in 2026: Prospecting, Planning, IPS, Reviews & Compliance

Published May 6, 2026 · 14 min read · Happycapy Guide

TL;DR — for the RIA owner / CCO

The two highest-ROI AI wins in a 2026 RIA are AI meeting-notes + CRM auto-population and AI-drafted quarterly client letters. Combined: 3-6 hours/advisor/week, faster client response, no fiduciary drift.
Everything AI produces that could be an "advertisement" under SEC Rule 206(4)-1 (Marketing Rule) is subject to substantiation, testimonial disclosure, performance, and hypothetical-performance rules. CCO reviews and signs every marketing asset before dissemination.
Never paste client NPI into consumer AI. Enterprise-tier + DPA + no-training only. Maintain a SOC 2 Type II vendor inventory.
Never let AI recommend trades or state suitability conclusions. Reg BI and fiduciary duty require the human advisor to form and document the recommendation.
AI-generated meeting transcripts and client letters are books and recordsunder Advisers Act Rule 204-2. Retain 5 years, indexed, accessible.

Why 2026 is the inflection year for RIA AI

Three forces converged. First, the SEC's 2024 AI Risk Alert and 2024-2025 "AI washing" enforcement settlements drew a bright line: anything you say about AI to clients or prospects is a marketing statement subject to 206(4)-1. Second, a wave of AI-native advisor tools (Jump, Zocks, Zeplyn, Mili, Pulse360) matured past the demo stage and now plug directly into Redtail, Wealthbox, and Salesforce FSC. Third, the Division of Examinations' 2025 priorities letter put AI governance, vendor oversight, and model-risk management squarely on the exam list.

That means owners of $150M-$2B fee-only RIAs cannot treat AI as a side experiment. It is now a compliance-visible part of the operating model. This playbook is for those owners and their CCOs.

The compliance floor (read this first)

Advisers Act §206 fiduciary duty: duty of care + duty of loyalty. AI cannot discharge either; the adviser does.
SEC Rule 206(4)-1 Marketing Rule: substantiation, testimonial / endorsement disclosure, performance presentation, hypothetical performance, no cherry-picking. Applies to AI-written content.
SEC Rule 206(4)-7 Compliance Rule: written policies + annual review. Your AI policy goes here.
Form ADV Part 2A / 2B: if you use AI materially, disclose it. "Algorithmic" disclosure language is evolving.
Reg BI (for dual-registrants / IARs with B/D affiliation): care, disclosure, conflict, compliance obligations.
Reg S-P / Safeguards Rule: customer records protection; incident response and 30-day notification for covered breaches (2024 amendments).
Custody Rule 206(4)-2: AI must not create inadvertent custody (e.g., by initiating first-party transfers beyond SLOAs).
Advisers Act Rule 204-2 (Books & Records): 5-year retention of communications, recommendations, performance; AI-generated content counts.
SEC 2024 AI Risk Alert + 2025 Exam Priorities: AI washing, governance, vendor oversight, model risk.
State privacy laws: CCPA/CPRA (CA), SHIELD (NY), 201 CMR 17.00 (MA), and 10+ others.
State two-party consent recording (CA, FL, MA, WA, PA, IL, MT, NH, CT, MD): written client consent before AI note-takers engage.
FINRA 2210 (if B/D affiliated): communications with the public rules also apply to AI-generated content.

The RIA AI stack in 2026

Meeting notes + CRM auto-population: Jump, Zocks, Zeplyn, Mili, Pulse360, Fireflies Enterprise, Fathom Team — all with DPA + two-party-consent workflow.
CRM: Redtail (with AI), Wealthbox AI, Salesforce FSC + Einstein, Practifi, Junxure.
Planning: eMoney Advisor with AI summarization, MoneyGuidePro + MGP Blocks, RightCapital AI, Income Lab, Asset-Map.
Portfolio management + performance: Orion AI, Envestnet Insights + Radar AI, Black Diamond, Tamarac AI, Addepar + AI Q&A.
Trading + rebalancing: iRebal, Orion Eclipse, Pontera for held-away 401(k), TradeWarrior.
Tax + estate: Holistiplan (tax-return scan), FP Alpha, Tax-Clarity, Wealth.com + Vanilla for estate.
Compliance: MyRIACompliance, RIA in a Box, Hadrius, ComplySci, Smarsh (email archive + review), Global Relay.
Document + client portal: DocuSign CLM AI, Wealthbox Mail, Summit.

10 copy-paste prompts for a 2026 RIA

Run only inside enterprise tools with DPA + no-training. The advisor and CCO sign every output before it is used, filed, or sent.

1. Prospect qualification + meeting prep

You are our lead analyst. Read this prospect intake form + any linked public disclosures (Form CRS retrieval if referred from another RIA, LinkedIn bio, public bio). Extract: - Household snapshot (ages, dependents, state of residence, estimated investable assets, prior advisor relationship) - Stated goals (retirement, education, estate, business sale, liquidity event) - Risk-tolerance signals (words, not a number — never output a numeric score) - Tax complexity signals (stock comp, K-1, multi-state, foreign) - Urgency and trigger events - Potential conflicts / suitability concerns Then: 1) Score fit A/B/C for our niche 2) 5 discovery questions 3) Topics the advisor should NOT commit on in the first meeting (no recommendation, no allocation, no tax advice) 4) Form CRS + ADV 2A to send pre-meeting 5) Draft a 4-line confirmation email — no performance claims, no savings projections Reg BI / fiduciary reminder: this prep is not a recommendation. Advisor makes that.

2. Discovery-meeting note + action-item extractor

You are our meeting assistant running inside [Jump / Zocks / Zeplyn / Mili]. The client has given written two-party-consent. Output: 1) 8-bullet discovery summary (facts, not inferences) 2) Client-stated goals in their own words 3) Risk signals verbatim 4) Tax + estate complexity flags 5) Action items for the advisor (with owner + due date) 6) Action items for the client (documents, transfers, beneficiaries) 7) Items that explicitly require CCO / tax counsel / estate attorney review 8) Three "advisor judgment" prompts — questions the advisor must form an opinion on Do NOT generate recommendations. Do NOT auto-submit to CRM without advisor review. Retain transcript + summary as a 204-2 record, 5-year retention, accessible.

3. Financial-plan first-pass draft

You are a planning assistant working inside [eMoney / MoneyGuidePro / RightCapital]. Using the client's inputs (cash-flow, balance sheet, goals, assumptions), draft the narrative sections of a plan: 1) Executive summary at 9th-grade reading level 2) Current situation (cash flow, balance sheet, insurance adequacy, estate docs status) 3) Goal-by-goal feasibility narrative with Monte Carlo result stated WITH assumption disclosures (capital market assumptions source, inflation, tax, longevity) 4) Gap identification by goal 5) Strategy options (describe, do NOT recommend): accumulation, distribution, tax, insurance, estate, legacy 6) Next-step checklist Required disclosures to include verbatim at the end: - "Monte Carlo results are probabilistic, not guarantees." - "Capital market assumptions source: [name + date]." - "No specific security recommendations are made here; see IPS + trade confirmations." - "Tax treatment assumes current law; consult your CPA / tax counsel." Advisor + CCO sign before client receives.

4. Investment Policy Statement (IPS) drafter

You are our IPS drafter. Using the client's goals, time horizon, risk tolerance (stated), liquidity needs, tax situation, and firm model portfolios, draft an IPS. Include: 1) Client objectives + time horizon + cash-flow needs 2) Risk tolerance statement (from client's own words, not a made-up number) 3) Asset-allocation policy range (min / target / max) per asset class 4) Rebalancing policy + tolerance bands 5) Tax location + tax-loss harvesting policy 6) Permitted / prohibited investments 7) Concentration limits (any single security, sector, issuer) 8) Manager selection + replacement criteria 9) Performance benchmarks + review cadence 10) Fiduciary + fee disclosure language Do NOT invent risk-tolerance scores. Do NOT guarantee returns. Advisor + CCO sign. IPS becomes a 204-2 book-and-record.

5. Quarterly portfolio review memo

You are our performance analyst. From [Orion / Envestnet / Black Diamond / Addepar] exports for this household, draft a quarterly review memo. Include: 1) Period return + benchmark-relative (GIPS-adjacent disclosures — state policy + benchmark + net vs gross) 2) Attribution at asset-class + manager level 3) Cash-flow impact on performance 4) Drift vs. IPS bands — flag any band breach 5) Tax-lot status + realized gain YTD 6) Tax-loss harvesting opportunities (identify, don't recommend) 7) Rebalancing recommendation flagged for advisor approval 8) Red-flag items (concentration, held-away changes, beneficiary gaps, RMD status) 9) Client-facing 5-bullet summary at 9th-grade reading Required disclosures: past performance does not guarantee future results; benchmark selection rationale; fees impact; tax-treatment caveat. CCO reviews before send.

6. Quarterly client letter (Marketing Rule-safe)

You are our client-letter drafter. Write this quarter's client letter in our house voice. Rules: - No performance cherry-picking. Present net, gross, and benchmark per our GIPS-adjacent policy, or state that individual household performance will be in the statement. - No predictions about markets. Commentary only, with sources. - No testimonials or endorsements without disclosure. - No claims of superior skill or AI magic ("AI washing" is a Marketing Rule violation). - Cite data sources (FRED, EIA, BLS, BEA, Fed, IMF, Morningstar) with date. - Include standard required disclosures footer + ADV 2A reference. - 9th-grade reading level. - Advisor + CCO signature required before dissemination. Length: 600-800 words. Produce 3 variants (conservative household, growth household, retirement-income household) that are appropriate for each cohort WITHOUT making individualized recommendations.

7. RMD + tax-loss-harvesting ops brief

You are our ops analyst. From today's custodian and tax-lot feeds, build the daily RMD + TLH brief. RMD section: - Clients age 73+ with unmet RMD YTD — list, required amount, account, deadline - QCD opportunities for clients with charitable intent - Clients turning 73 this year — set up calendar - Inherited-IRA 10-year-rule watch TLH section: - Loss candidates with > [$ threshold] and > [%] drawdown - Wash-sale risk (substantially identical + 30-day window — flag ETF substitution list) - Tax-lot method by account (spec-ID required for TLH) - Realized gain YTD by household for harvesting budget Output: - Advisor approval queue with expected tax benefit - Compliance check: each trade matches IPS + advisor approval + custodian authority - Nothing auto-executes without advisor sign-off

8. Form ADV + Marketing-Rule review assistant

You are the CCO's review assistant. I will paste a piece of AI-drafted or human-drafted content (blog, email, social, pitch deck, case study). Check and flag against: 1) Marketing Rule 206(4)-1 — testimonial / endorsement disclosure, performance rules, hypothetical performance rules, substantiation 2) "AI washing" — overstated AI capabilities or role 3) Cherry-picking 4) Performance presentation (gross/net, time period, benchmark, fee impact) 5) Past performance disclosures 6) Fiduciary language ("best interest," "trusted") 7) Testimonials — material connection disclosure 8) Form ADV 2A consistency 9) FINRA 2210 (if B/D affiliated) 10) State advertising rules for any state we market into Output: PASS / REVISE / REJECT with specific rewrites suggested. CCO signs the final decision.

9. Prospect follow-up + onboarding sequencer

You are our onboarding specialist. For this newly-signed client, build a 30/60/90 plan. Days 0-7: - Form CRS + ADV 2A + 2B + Privacy Notice delivered with acknowledgement - Custodian account opening (Schwab / Fidelity / Altruist / Pershing) - ACAT transfers initiated with paper trail - Beneficiary review initiated - Billing + fee agreement countersigned Days 8-30: - IPS finalized + signed - Initial allocation implemented per IPS - Insurance + estate doc review scheduled - First quarterly review calendar set Days 31-90: - Tax-doc collection for current-year planning - Employer-benefits / equity-comp review if applicable - Estate attorney referral if gaps found - 90-day check-in scheduled For each step, output: owner, due date, 204-2 record to retain, compliance touchpoint. No recommendations. Advisor drives allocation.

10. Owner / CCO weekly scorecard

You are my business + compliance analyst. From this week's CRM + custodian + compliance archive exports, produce a one-page weekly scorecard. Business: new prospect meetings, close rate, signed households, AUM onboarded, churn, fee revenue, advisor capacity utilization, avg response time to client email. Compliance: any item rejected or revised at marketing review, any off-channel communication flagged, any wash-sale exception, any IPS-band breach unresolved, any 204-2 retention gap, any held-away Pontera anomaly, any two-party-consent gap. AI governance: vendors added/removed, DPAs expiring, SOC 2 Type II coverage gaps, any model behavior drift complaints from advisors, any client-feedback on AI-generated content. Output 3 wins, 3 risks, 3 decisions needed by Monday. No fluff.

Common mistakes that get RIAs in SEC trouble

AI washing in marketing. Saying "our AI optimizes your portfolio" without substantiation is a Marketing Rule violation per the SEC's 2024 enforcement actions.
Pasting client NPI into consumer LLMs. Reg S-P breach. 2024 amendments added a 30-day notification trigger.
Letting AI note-takers run without two-party consent. State-law violation plus advisory-duty breach.
Auto-filing AI-generated trades. Fiduciary + Reg BI violation if dual-reg. Advisor must form and document every recommendation.
Forgetting 204-2 retention on AI transcripts. Book-and-record failure on exam.
AI-drafted testimonials without material-connection disclosure. Direct Marketing Rule violation.
Using AI to answer client investment questions in chat without advisor review. Creates unauthorized recommendations.
No written AI governance policy. 206(4)-7 exam finding.
Unvetted AI vendors with no DPA or SOC 2 Type II. Vendor-oversight failing.
Claiming AI "eliminates conflicts of interest." It does not. Disclose conflicts per Form ADV 2A.

A 60-day rollout that survives an SEC exam

Four two-week sprints. CCO signs off at every step.

Days 1-14 — AI governance policy + vendor inventory. CCO drafts a written AI policy under 206(4)-7; inventories every AI tool with DPA + SOC 2 Type II evidence; updates Form ADV 2A if needed.
Days 15-28 — Meeting-notes pilot. Two advisors, written two-party consent, Jump or Zocks or Zeplyn. Human review before CRM save. Measure time saved + accuracy.
Days 29-42 — Quarterly client letter + Marketing Rule review. CCO review loop with AI pre-flight check. Measure CCO review time + revision rate.
Days 43-60 — Portfolio review memos + RMD/TLH ops. Roll out to advisors. Weekly scorecard live. Review 60-day data. Drop what is not earning its keep.

Want a full operator-level AI playbook tuned to your RIA?

Happycapy publishes weekly playbooks for financial advisors, RIAs, and CCOs — compliance-first, vendor-agnostic, and written for the firm owner who actually has to sign the ADV and the marketing.

Browse more playbooks →