Broker-dealer conduct, supervisory procedures, model governance — applies to AI in suitability and trading decisions.
(a) Supervisory System Each member shall establish and maintain a system to supervise the activities of each associated person that is reasonably designed to achieve compliance with applicable securities laws and regulations, and with applicable FINRA rules.
(b) Written Supervisory Procedures (WSPs) Each member shall establish, maintain, and enforce written procedures to supervise the types of business in which it engages and the activities of its associated persons that are reasonably designed to achieve compliance with applicable securities laws and regulations, and with applicable FINRA rules.
Key sub-provisions:
(c) Internal Inspections Each member shall conduct a review, at least annually, of the businesses in which it engages that is reasonably designed to assist in detecting and preventing violations of applicable securities laws and regulations and applicable FINRA rules.
(e) Supervisory Controls Each member shall designate and identify (by name or title) to FINRA one or more principals who establish, maintain, and enforce a system of supervisory controls.
From the 2026 Annual Regulatory Oversight Report:
Under FINRA Rule 3110, firms are required to include in their supervisory procedures a process to review securities transactions that is reasonably designed to identify trades that may violate provisions of the Exchange Act and FINRA rules.
FINRA now expects firms to create and maintain supervisory procedures that cover the full AI lifecycle, addressing critical questions like: Who approved this model? How was it tested? What data can it access? How are outputs reviewed?
For AI agents: firms should ensure their supervision practices cover use cases, model risks, fair and balanced customer communications, vendor diligence, capture of AI-enabled communications within firm books and records, and technology change management.
Sources:
From the 2026 Report:
FINRA stresses that firms must maintain a reasonably designed supervisory system covering all outsourced activities. Firms must maintain detailed inventories of vendor services, systems and the firm data they access, and ensure that contracts contain robust data-protection, confidentiality and GenAI-related restrictions.
This means: the firm remains responsible for what an AI vendor (LLM provider, agent platform) can access — regardless of contractual delegation.
| AutoPIL Policy ID | Policy Name | How It Satisfies 3110 |
|---|---|---|
FS-FINRA-3110-001 | Agent Registry & Pre-Approval | Every agent registered, versioned, approved by designated principal before going live |
FS-FINRA-3110-002 | Written Supervisory Procedure (AI) | AutoPIL policy configuration constitutes the WSP for AI agent data access |
FS-FINRA-3110-003 | Vendor Data Inventory | Per-source sensitivity classification documents what each vendor/agent can access |
FS-FINRA-3110-004 | Annual Review Support | Queryable audit chain enables annual inspection review without manual log assembly |
FS-FINRA-3110-005 | Supervisory Controls — AI Scope | Sensitivity ceilings and per-role policies enforce "narrow scope" per 2026 guidance |
From 2026 Oversight Report findings on supervision failures:
Without pre-retrieval enforcement, a firm's WSP says "agents may only access data appropriate to their role" — but there's no technical enforcement of that policy at the moment of retrieval. The WSP exists on paper; the violation happens in practice. AutoPIL is the technical implementation of the WSP for AI agent data access.
(a) Members shall make and preserve books and records as required under the FINRA rules, the Exchange Act and the applicable Exchange Act rules.
(b) Members shall preserve for a period of at least six years those FINRA books and records for which there is no specified period under the FINRA rules or applicable Exchange Act rules.
(c) All books and records required to be made pursuant to the FINRA rules shall be preserved in a format and media that complies with SEA Rule 17a-4.
Specifies the minimum records a broker-dealer must create. Relevant sub-rules:
Specifies retention periods and format requirements:
From the 2026 Annual Regulatory Oversight Report (December 9, 2025):
FINRA highlights the importance of maintaining prompt and output logging, version tracking, and access controls for human and non-human (service) accounts. For AI agents that can act or transact, FINRA recommends narrow scope, permissions, audit trails of actions, and explicit human checkpoints before execution.
>
Books-and-records: Classify prompt/output logs as records when used in supervision, recommendations, or customer interactions.
Source: https://www.shumaker.com/insight/client-alert-generative-artificial-intelligence-in-financial-services-a-practical-compliance-playbook-for-2026/
| AutoPIL Policy ID | Policy Name | How It Satisfies 4511 |
|---|---|---|
FS-FINRA-4511-001 | Tamper-Evident Audit Chain | SHA-256 hash-linked chain constitutes non-rewriteable record of every AI agent decision |
FS-FINRA-4511-002 | Agent Access Log Retention | All ALLOW/DENY decisions preserved with timestamp, agent_id, source_id, sensitivity level |
FS-FINRA-4511-003 | AI Output Logging as Firm Record | Prompt/output pairs logged when used in customer-facing supervision or recommendations |
FS-FINRA-4511-004 | Six-Year Retention Enforcement | Configurable retention policy enforced at the governance layer, not dependent on app logic |
Based on 2026 Oversight Report findings:
The cryptographic audit chain is hash-linked — each entry contains the SHA-256 hash of the prior entry. Any alteration breaks the chain and is detectable. Logs are queryable by agent_id, time range, sensitivity level, and outcome (ALLOW/DENY), making them producible on demand during examination.
(a) General Each member shall make reasonable efforts to obtain, verify, and keep current the following information for each customer account:
(b) Non-Institutional Customer Accounts — Additional Requirements For non-institutional accounts, members shall make reasonable efforts to obtain:
(c) Trusted Contact Members shall make reasonable efforts to obtain the name and contact information of a trusted contact person upon the opening of a non-institutional customer account and upon updating account information.
From Regulatory Notice 26-02 (January 2026):
FINRA seeks comment on proposed rule modernization changes to further assist member firms in protecting customers from fraud. FINRA proposes amendments to FINRA Rules 4512 and 2165 (Financial Exploitation of Specified Adults) and proposed Rule 2166 (Temporary Delays for Suspected Fraud).
The amendments expand protections around trusted contact usage and introduce mechanisms to delay transactions suspected of fraud — relevant context for AI agents that can initiate transactions.
Source: https://www.finra.org/rules-guidance/notices/26-02
Rule 4512 becomes relevant to AutoPIL in two ways:
1. Data Access Logging When an AI agent accesses customer account information (name, address, investment profile, account history), that access must be logged with sufficient detail to reconstruct who accessed what, when, and under what authorization. An AI agent accessing customer records is functionally equivalent to an associated person doing so — the recordkeeping obligation applies.
2. Scope Enforcement A fraud investigator agent should be able to access transaction data but not, for example, modify trusted contact information or change investment objectives. Rule 4512 requires the firm to control and log every modification to customer account data — including modifications initiated or recommended by AI agents.
| AutoPIL Policy ID | Policy Name | How It Satisfies 4512 |
|---|---|---|
FS-FINRA-4512-001 | Customer Data Access Logging | Every AI agent retrieval of customer record data logged with timestamp and policy basis |
FS-FINRA-4512-002 | Sensitivity Classification: Customer PII | Customer name, DOB, address, financial profile classified at HIGH sensitivity |
FS-FINRA-4512-003 | Account Modification Scope Control | Agent roles explicitly scoped — read-only vs. write access enforced pre-retrieval |
FS-FINRA-4512-004 | Trusted Contact Data Restriction | Trusted contact information blocked from AI agent access without supervisor approval |
This is the first FINRA Annual Regulatory Oversight Report to dedicate a full standalone section to Generative AI — a signal that FINRA has moved from observing AI adoption to actively examining it. The 2025 report mentioned AI only as an "emerging technology." In 2026, FINRA explicitly states that GenAI "is no longer a novelty — it is a supervised technology that demands the same compliance rigor as any critical system."
FINRA identifies these specific risks for AI agents:
Source: https://www.finra.org/rules-guidance/guidance/reports/2026-finra-annual-regulatory-oversight-report/gen-ai
For AI agents specifically, the 2026 Report recommends:
Firms must maintain a reasonably designed supervisory system covering all outsourced activities. Maintain detailed inventories of vendor services, systems and the firm data they access. Ensure contracts contain robust data-protection, confidentiality and GenAI-related restrictions.
Implication: firms using LLM APIs (OpenAI, Anthropic, Google, etc.) remain responsible for what those systems can access. The vendor contract does not transfer the regulatory obligation.
| 2026 FINRA Prescription | AutoPIL Capability |
|---|---|
| Narrow scope and permissions | Per-role sensitivity ceilings and pre-retrieval enforcement |
| Audit trails of every action | SHA-256 hash-linked tamper-evident chain — every decision logged |
| Human checkpoints | Agent registry requires principal approval before agent goes live |
| Prompt/output logging as record | Configurable capture of agent I/O as part of the audit chain |
| Vendor data inventory | Per-source sensitivity classification across all connected systems |
| Full lifecycle supervision | Agent versioning, status tracking, and revocation capability |
"Auditability and transparency: Complicated, multi-step agent reasoning tasks can make outcomes difficult to trace or explain, complicating auditability."
— 2026 FINRA Annual Regulatory Oversight Report
"For AI agents that can act or transact, FINRA recommends narrow scope, permissions, audit trails of actions, and explicit human checkpoints before execution."
— Shumaker analysis of 2026 Report
"Outsourcing does not outsource responsibility. Firms must maintain a reasonably designed supervisory system covering all outsourced activities."
— 2026 FINRA Annual Regulatory Oversight Report
This page is a working reference and not a substitute for qualified legal review. Verify against official sources before use in compliance artifacts.
AutoPIL intercepts every AI agent data access call, enforces your policy, and writes a tamper-evident audit record — before sensitive data enters the agent context window.