The new Reg S-P deadline passed. Here is what you can and cannot feed an AI tool.

What the amended rule actually requires

On June 3, 2026, the SEC's amended Regulation S-P compliance deadline arrived for smaller investment advisers and broker-dealers, as reported by Davis Wright Tremaine and RIA Compliance Consultants. Larger firms were already on the hook earlier. With this date, the smaller end of the industry is in.

In plain terms, the amendments push firms to maintain written safeguards for customer information and an incident-response program: a plan for what you do when customer data is exposed, including notifying affected customers. The rule treats customer information as something you are responsible for protecting wherever it sits.

That last part is the hinge for this briefing. If you are responsible for protecting customer information wherever it sits, then every place you put that information matters, including a chat box.

It helps to picture what an incident-response program actually asks of you. It means having decided, in advance, how you would detect that customer data was exposed, who you would notify, and on what timeline. A firm that has thought that through tends to think differently about where it sends data in the first place, because every new place customer information lives is another place an exposure could start. An AI tool is one of those places the moment you paste a real client into it. Naming it as a place data can sit is the first step to handling it cleanly under the rule.

Where AI tools collide with Reg S-P

The reason this matters now is timing. The same months that brought the deadline brought a wave of advisers pasting client situations into AI tools to draft reviews, summarize statements, model scenarios, and write client emails. That is real productivity. It is also a data-handling decision every single time.

Here is the collision in one sentence. The moment you paste a client's identifying details into a tool, you have moved customer information into that tool's environment, and Reg S-P asks whether that environment is covered by your safeguards. If it is not, you have created exactly the kind of exposure the incident-response requirement exists to address.

This is not a reason to stop using AI. It is a reason to be deliberate about what crosses the line into the tool. The canonical, tool-agnostic version of that line lives in the never upload list. This briefing is the Reg S-P specific read.

What you may and may not feed an AI tool

The simplest working rule for a registered adviser: feed the tool the work, not the client's identity. You can get most of the value from AI on de-identified inputs.

• Do not paste: names tied to accounts, account numbers, Social Security or tax IDs, dates of birth, addresses, specific holdings or balances tied to a named person, or anything that identifies a real customer.
• You can paste: the structure of a problem, generic scenarios, anonymized numbers, regulatory questions, draft language with the client stripped out, and your own templates and processes.
• A practical habit: write the prompt as if it were a question about a hypothetical client, then add the real numbers back into your document yourself, inside your covered systems, after the AI has done the thinking.
• Before you paste anything client-specific, ask one question: is this tool covered under my firm's written safeguards, or is it a public chat box? If you cannot answer, treat it as not covered.

The point is that the model is good at the reasoning and the drafting. It does not need the client's name to do either. Keep the identity inside your safeguarded systems and you keep most of the upside without the exposure.

Work through a real example. Say you want help drafting a quarterly review for a client who is heavy in one position and nervous about it. You do not need to type the client's name, account number, or the actual dollar figures into the tool. You can describe the situation as a hypothetical: a client with a concentrated position, a stated concern about risk, a particular time horizon, and ask the model to lay out how you might frame the conversation and the options. The thinking it gives back is just as useful. Then you open your own covered system, drop in the real name and the real numbers, and finish the document there. The model never touched anything that identifies a person, and you still saved the drafting time.

Protecting the practice, not fearmongering

It is easy to read a new SEC deadline as a reason to lock everything down and tell the team to avoid AI. That is the wrong lesson, and it costs you the productivity your competitors are keeping.

The right lesson is narrower and calmer. AI is a tool you can use under Reg S-P, the same way you use email and a CRM under it, as long as you are deliberate about what customer information goes where. The firms that handle this well are not the ones that ban the tools. They are the ones with a clear, written habit for what crosses into an AI tool and what never does.

That habit is also your incident-response posture in practice. The cleanest way to never have to report an AI-related exposure is to never put reportable information into an uncovered tool in the first place. Prevention is the whole game.

It is worth saying plainly to your team, if you have one. A blanket ban on AI tends to fail in a quiet way: people use the tools anyway, on their personal accounts, where you have no visibility and no safeguards at all. A clear rule that says what they may put in and what they may never put in is both safer and more honest about how people actually work. Give them the de-identified path and they will take it, because it gets them the productivity without the worry. Take the tools away entirely and you have not removed the risk, you have only stopped being able to see it.

Where the rule ends and judgment begins

A rule tells you what you must protect. It does not tell you every judgment call in a live client conversation, and it cannot. There is a layer below compliance where you decide how much to lean on a model, when its draft is good enough to send, and when the situation needs you, not a tool. That boundary is its own subject, covered in the fiduciary firewall.

For Reg S-P specifically, keep the scope tight. The obligation is to safeguard customer information and have a plan if it is exposed. Applied to AI, that becomes one discipline: identity stays inside covered systems, the model gets the de-identified work, and you check anything client-facing before it leaves your hands.

The skill under the rule

Regulations will keep changing. The next amendment, the next deadline, the next tool, none of it changes the underlying skill: knowing what client information is, where it is allowed to go, and how to get the value of AI without ever handing it the part that identifies a real person.

That is the part worth building, because it outlasts any single rule or product. AI for Financial Advisors teaches that discipline for registered advisers, from the first prompt to a client-ready deliverable, and the two minute course quiz will point you to the right program for your practice.