Navigating the Dynamic AI Landscape: Insights from the SIFMA C&L Regional Event in Charlotte

Sep 26th '23

By Tiffany Magri, Regulatory Advisor at Smarsh.


In the quickly evolving landscape of artificial intelligence (AI), financial firms have been met with new challenges. Against this backdrop, professionals from the financial industry converged at the SIFMA C&L Regional event in Charlotte to discuss responsible implementation, regulatory compliance, and the potential benefits AI offers while mitigating potential risks with a focus on generative AI technology.


The panel was a deep dive into the considerations and best practices necessary for leveraging AI effectively and ethically. This event served as an informative platform, helping equip attendees with the knowledge and strategies necessary to adeptly traverse the AI terrain and frame compliance with evolving regulatory standards. As lawmakers and regulators continue to raise questions, the event offered a great space for dialogue and insights into AI applications.


Amidst the event’s discussions, I noted certain key considerations that may significantly aid firms in pursuing AI compliance. These considerations offer valuable guidance to financial institutions seeking to embrace AI responsibly, helping to ensure they meet regulatory requirements while harnessing the power of AI as a transformational tool.


In the following sections, I highlight these considerations, providing a roadmap that can help financial firms successfully navigate the AI landscape while maintaining compliance with regulatory standards.


Use case specifics

  • Disruption strategy: Examine use cases to determine what happens if an AI system needs to be taken offline or adjusted. How does this impact other systems, and what steps are taken to ensure data integrity and system functionality?
  • Business continuity: When AI systems exhibit unexpected behavior or “hallucinate,” consider predefined protocols for taking the system offline. Consider the implications for business continuity and cybersecurity incident management.
  • Deepfake and impersonation risk: AI can be used to create convincing deepfake voices and videos. Prepare for scenarios where threat actors impersonate customers or executives through AI-generated content. Train employees to recognize and verify such communications to avoid falling victim to fraud or deception.


Business-led decision-making

  • While second-line functions like legal, compliance, and cybersecurity provide advice, the business units should ultimately make most decisions regarding AI use cases. This helps ensure that the decision-making process is balanced between assessing risks and realizing the value of AI. Recognize that some AI use cases may not be as valuable or risk-worthy as initially perceived. The panelist noted that it is essential to manage egos and ensure that decisions are based on a clear analysis of benefits, risks, and alignment with the organization’s strategy.


Regulatory landscape

  • Compliance awareness: Firms must proactively stay informed about the evolving AI regulatory landscape. This involves understanding relevant laws, industry-specific rules, and any applicable municipal or state regulations.
  • Audit and transparency: Some regulations may require firms to conduct audits of their AI systems to ensure compliance, as well as to maintain transparency by disclosing how AI-driven decisions are made.


Transparency and accountability

  • Audit trail: Firms should implement robust audit trails to track how AI-driven decisions are made. This will be essential for regulatory compliance and for explaining AI outcomes to auditors.
  • Accountability structures: Establish clear accountability structures within the organization. Determine who is responsible for AI outcomes and how errors or unexpected results will be addressed.


Data quality

  • Data assessment: Carefully assess the data used to train AI systems. Understand the source of data, ensure proper permissions, and identify and mitigate biases that may exist in the data.
  • Data cleaning: Implement data cleansing processes to remove inaccuracies or inconsistencies in the training data.


Governance model

  • Scalable governance: Tailor your governance model to the size and complexity of your organization’s AI initiatives. Consider whether existing governance structures need adjustment or if a dedicated AI governance framework is required.
  • Cross-functional involvement: Involve stakeholders from different parts of the organization, including control functions, technology, and business units, in the governance process.


Human oversight

  • Guardrail setting: Human experts should set guardrails for AI systems. They should deeply understand the specific problem AI is addressing to ensure alignment with the firm’s goals and values.
  • Monitoring: Continuously monitor AI systems to ensure they operate within expected boundaries and take corrective actions if they deviate.


Metrics and monitoring

  • Establish metrics: Define key performance indicators (KPIs) and metrics for AI systems. Regularly monitor these metrics to assess the system’s performance and identify any anomalies.
  • Adaptive management: Develop processes for adjusting data, algorithms, and overall AI strategies based on the observed metrics and performance.


Learning from mistakes

  • Error handling: Be prepared to learn from AI-related mistakes. Implement mechanisms to identify, analyze, and learn from errors or unexpected outcomes to prevent future occurrences.


Scope and use case

  • Clear definition: Clearly define your organization’s scope and intended use cases for AI. Avoid allowing AI to be used for purposes beyond its original scope to prevent “scope creep.”


Employee training

  • Ethical use: Train employees on how to use AI systems ethically and responsibly. Ensure they understand the potential risks and benefits of AI tools and their role in ensuring AI compliance.
  • Cybersecurity threats: Continuously educate employees about the latest AI-related threats, including deepfake technology, and provide them with tools and knowledge to detect and respond appropriately.


Cybersecurity and AI

  • Cybersecurity into playbooks: Just like any other technology, cybersecurity should be an integral part of an organization’s AI strategy. Develop cybersecurity playbooks that outline how to respond in case of AI system vulnerabilities or unexpected behavior.
  • Adaptive cybersecurity: Cybersecurity strategies should adapt to evolving AI capabilities and threats. Stay informed about advancements in AI-driven cyberattacks and adjust cybersecurity measures accordingly.
  • Flow of AI data: Understand how data flows within your organization, particularly data generated or influenced by AI models. Map out data flows to prevent data from AI systems contaminating other tools or systems.
  • Data security: Ensure the security of AI-related data, especially if it’s stored in a data lake. Regularly conduct penetration testing to identify and address vulnerabilities.
  • Malware prevention: Develop protocols to prevent the introduction of malware into AI data sets, which could compromise the AI system’s integrity.


During the event, we also heard regulators highlight certain points regarding AI applications. Among these key takeaways, regulators emphasized gaining a comprehensive understanding of various AI technologies. They stressed the need for robust oversight of AI activities, with a particular focus on potential impacts on clients. Additionally, the regulators underscored the critical importance of AI explainability, which encompasses the formulation of policies and procedures and the diligent analysis of AI implementations to assess their effects.


As the financial industry rapidly adapts to AI’s transformative potential, it’s essential for financial institutions to develop comprehensive AI strategies before diving into these technologies. This proactive approach not only helps prepare firms for the evolving regulatory environment but also equips them to thrive in an AI-driven future where tools are constantly evolving.


Source: Smarsh


About the author

As a Regulatory Advisor at Smarsh, Tiffany Magri monitors, evaluates and consults on the financial services regulatory landscape. Tiffany has more than 10 years of experience facilitating compliance with laws and regulations, policies, and risk management. Prior to joining Smarsh, Tiffany was a Senior Associate at Benefit Street Partners and a Compliance Analyst at Broadstone and Manning & Napier Advisors.


About Smarsh

Smarsh® is the recognized global leader in electronic communications archiving solutions for regulated organizations. Smarsh provides innovative capture, archiving, e-discovery, and supervision solutions across the industry’s widest breadth of communication channels.


Scalable for organizations of all sizes, the Smarsh platform provides customers with compliance built on confidence. It enables them to strategically future-proof as new communication channels are adopted, and to realize more insight and value from the data in their archive. Customers strengthen their compliance and e-discovery initiatives and benefit from the productive use of email, social media, mobile/text messaging, instant messaging and collaboration, web, and voice channels.


Smarsh serves a global client base that spans the top banks in North America and Europe, along with leading brokerage firms, insurers, and registered investment advisors. Smarsh also enables state and local government agencies to meet their public records and e-discovery requirements. For more information, visit


About us

LS Consultancy are experts in Marketing and Compliance, and work with a range of firms to assist with improving their documents, processes and systems to mitigate any risk.


We provide a cost-effective and timely bespoke copy advice and copy development services to make sure all your advertising and campaigns are compliant, clear and suitable for their purpose.


Our range of innovative solutions can be tailored to suit your unique requirements, no matter whether you’re currently working from home, or are continuing to go into the office. Our services can be deployed individually or combined to form a broader solution to release your energies and focus on your clients.


Contact us today for a chat or send us an email to find out how we can support you in meeting your current and future challenges with confidence.


Explore our full range today.


Need A Regulatory Marketing Compliance Consultant? A Bit More About Us


Contact us


Why Not Download our FREE Brochures! Click here.


Call Us Today on 020 8087 2377 or send us an email.


We welcome individual bloggers / Professional Writers / Freelancers to submit high quality contents. Find out more…



Connect with us via social media and drop us a message from there. We’d love to hear from you and discuss how we can help.


Facebook | Instagram | LinkedIn | X (formally Twitter) | YouTube


Contact us