AI Governance, Conflict Management, Marketing Compliance & the Next Era of Supervision
The 2025 NSCP National Conference made one thing clear: the regulatory landscape isn’t simply evolving – it is accelerating. Compliance leaders across the industry gathered to discuss how rapid advances in technology, including artificial intelligence, are reshaping business operations, regulatory expectations, and the core workflows of modern compliance teams.
Where past years focused on adoption and awareness, this year shifted decisively toward execution, governance, and demonstrable controls in place to ensure compliance, such as ‘human in the loop’ for AI. Regulators now expect firms to not only use technology responsibly, but to also demonstrate the means to compliance decisions. Attendees heard repeated calls for stronger documentation, clearer roles & accountability, and supervisory structures that match today’s digital operating environment.
Across sessions, one theme echoed: compliance is moving from a reactive, rules-based model to a proactive, risk-based discipline powered by data analysis, technological innovation, and transparent governance.
Below are the major themes driving the next chapter of compliance.
The Next Phase of AI in Compliance: Oversight, Explainability & Operational Maturity
Not surprisingly, Artificial intelligence was a common topic of discussion across panels. Sessions reflected a shift from curiosity and experimentation to mature, accountable deployment. Firms are no longer testing AI at the margins – they are embedding it into core workflows for review, surveillance, research, and risk detection.
Yet with opportunity comes heightened scrutiny. Regulators and practitioners emphasized that AI cannot simply be deployed in a “fire and forget” manner – it must be governed. The SEC continues to reinforce the importance of oversight and model transparency. Likewise, FINRA’s notice on AI governance (Reg Notice 24-09) underscores increasing expectations for supervision, accuracy, and vendor accountability.
Before diving into specific applications, panels stressed three foundational principles:
- Firms must be able to explain how AI models arrive at conclusions
- Risk mitigation frameworks must extend to vendor-provided AI tools, not just internal use
- Regulators expect firms to retain and supervise AI-generated records as they would any electronic communication under the SEC’s Books & Records Rules
Only after establishing these guardrails did conversations turn to execution. Firms are now actively deploying AI for: drafting and reviewing communications, assisting with research, detecting anomalies in trading and employee activity, flagging complaints, and strengthening cybersecurity. The most successful implementations are not “generic copilots” – they are purpose-built compliance AI solutions deployed in high-risk, high-governance areas with human review.
Conflicts of Interest: From Disclosure to Demonstrable Mitigation
Conflict management has always been foundational to fiduciary and broker-dealer compliance – but enforcement and expectations are intensifying. In 2025, regulators are placing greater emphasis on whether firms are actively identifying, assessing, mitigating, and documenting conflicts.
Speakers connected fiduciary duty standards and Reg BI obligations to real-world discipline cases where improper disclosure, vague mitigation efforts, or inconsistent supervisory attention led to enforcement actions.
The backdrop driving this focus includes:
- Expanding complexity in compensation and affiliate structures
- Growth in dual-registrant models and rollover considerations
- Increased use of third-party service providers and technology vendors
- Evolving client segmentation and preferential treatment risks
Regulators and panelists reinforced that today’s environment demands a living conflicts program – one that is mapped to business processes, updated for organizational change, tied to training and surveillance, and backed by demonstrable records for review.
Proper conflict management is no longer a policy exercis – it is an operational discipline.
The Marketing Rule in Practice: Evidence, Clarity & Consistency
Another major theme was marketing compliance – particularly the SEC Marketing Rule under Advisers Act Rule 206(4)-1. With firms increasingly leaning into content marketing, digital communication, and claims about technology capabilities, including AI-enabled processes, the SEC has sharpened its focus on substantiation and truthfulness.
Panels shared examples of recent enforcement involving:
- Firms overstating or misrepresenting AI capabilities (“AI-washing”)
- Claims of being fully conflict-free without substantive proof
- Performance representations lacking fair presentation and disclosure
- Websites, podcasts, and presentations not properly disclosed as advertisements
- Misalignment between marketing messaging and Form ADV / Form CRS filings
Speakers emphasized that compliance teams should view all modern communication channels – websites, podcasts, webinars, social media, even executive interviews – as potential advertisements requiring oversight.
One repeated mantra: “If you cannot prove it, you cannot promote it.”
This environment favors firms who formalize content review, properly maintain substantiation files, and integrate technology to support scale and control.
Cybersecurity in an AI-Enabled World: The Threat Vector Has Changed
Cybersecurity sessions underscored a sobering reality: AI is now a weapon used by adversaries, not just a tool for improved efficiency and automation. Deepfakes, synthetic voice fraud, targeted phishing, social media scams and credential attacks are becoming more sophisticated – and faster.
Speakers stressed that traditional cybersecurity frameworks must now account for:
- AI-driven social engineering
- Vendor and system supply-chain vulnerabilities
- Realistic training simulations based on actual deception campaigns
- Continuous threat modeling
- A tightening regulatory environment and rising stakeholder scrutiny
FINRA’s cybersecurity resource hub remains a foundational reference, but panels stressed that firms must go beyond awareness to practical, scenario-based training and layered controls.
If AI expands the attack surface, cybersecurity programs must expand their sophistication to match.
Modern Supervision & Discipline : Culture, Documentation & Consistency
Finally, supervisory and enforcement sessions reinforced that culture and documentation remain the cornerstone of compliance credibility.
Firms are expected to demonstrate fair, consistent, and timely disciplinary processes; maintain supervisory structures adapted to hybrid and remote environments; document rationale for escalations and outcomes; and align reporting with obligations under U5 and Rule 4530.
Regulators continue to focus on off-channel communications, repeat conduct patterns, and operational anomalies – areas where technology can significantly enhance monitoring and documentation.
As firms adopt modern tech and remote-first workforce models, effective supervision depends on clear expectations, transparent controls, and integrated technology.
Looking Ahead: Compliance as Strategic Infrastructure
The 2025 NSCP conference reflected an industry that has moved past “checking the box.” Compliance is no longer simply about avoiding penalties – it is about building durable trust, operational integrity, and technology-ready governance frameworks.
In a year where AI adoption is accelerating, digital communication channels are multiplying, and new forms of risk are emerging, the most prepared firms are those that:
- Integrate AI responsibly, with oversight and auditing
- Operationalize conflict management and disclosure
- Substantiate every claim, across every channel
- Evolve cybersecurity for an AI-enabled threat landscape
- Use technology to reinforce supervision and culture
The future of compliance is not defensive – it is predictive, strategic, and data-driven.
And RegEd remains committed to supporting firms as they navigate this next chapter with purpose-built technology that strengthens governance, enhances insight, and scales human expertise.
About RegEd
RegEd is the market-leading provider of RegTech enterprise solutions with relationships with more than 200 enterprise clients that represent more than 35 of the top 50 insurance companies.
Established in 2000 by former regulators, the company is recognized for continuous regulatory technology innovation with solutions hallmarked by workflow-directed processes, data integration, regulatory intelligence, automated validations, business process automation and compliance dashboards. The aggregate drives the highest levels of operational efficiency and enables our clients to cost-effectively comply with regulations and continuously mitigate risk.
Trusted by the nation’s top financial services firms, RegEd’s proven, holistic approach to RegTech meets firms where they are on the compliance and risk management continuum, scaling as their needs evolve and amplifying the value proposition delivered to clients. For more information, please visit www.reged.com.