Prefer to listen? Take this blog on the go with our AI-generated podcast by listening here.
Imagine a routine advisory meeting via Zoom or Microsoft Teams. Historically, such verbal communications left no immediate paper trail. Now, AI tools instantly convert dialogue into text: Zoom’s AI Companion creates meeting summaries, Microsoft Copilot generates transcripts, and services like Otter provide detailed records. While these technological advancements enhance productivity, they also pose compliance challenges.
Are these AI-generated texts considered "written communications" under SEC rules? If so, advisers must retain and supervise previously ephemeral content.
This blog explores whether AI-generated meeting transcripts or summaries fall under SEC record keeping obligations, while analyzing guidance on "written communications," evaluating record keeping requirements, and discussing retention and discovery risks.
In the last two years, major communication platforms introduced AI features to capture and summarize meeting content. Zoom AI Companion and Microsoft 365 Copilot can now automatically generate transcripts of conversations, draft follow-up emails, identify action items, and even summarize meetings for participants. Third-party apps like Otter or Jump integrate with conferencing tools to do the same. These “AI meeting assistants” have been quickly adopted by businesses for their productivity benefits. For investment advisers, such tools promise thorough documentation of client calls or internal discussions without anyone furiously taking notes.
However, the output of these tools is text – essentially turning spoken words into written form. This raises the key question: Does that text now constitute a “written communication” under SEC regulations, triggering requirements to retain it as part of the adviser’s official books and records?
AI is blurring that line by materializing voice into text.
To understand the implications, we need to review what SEC rules say about written communications for investment advisers.
Requirement: Rule 204-2 requires investment advisers to make and keep true, accurate, and current specified books and records. This includes standard accounting records (journals, ledgers, financial statements), records of securities transactions (order memoranda, confirmations), documentation related to client accounts (agreements, discretionary authority instruments), client communications, advertising materials, records supporting performance calculations, compliance program documents (including the Code of Ethics and policies), and corporate governance records. The rule's reach was effectively broadened by the Dodd-Frank Act, which subjected many previously exempt hedge fund and private equity fund managers to SEC registration and, consequently, to Rule 204-2. This includes, under Rule 204-2(a)(7), originals of all written communications received and copies of all written communications sent relating to recommendations, advice, receipt/disbursement of funds or securities, placing of orders, and execution of transactions.
The pivotal issue is whether AI-generated text from meetings counts as a written communication or record in the eyes of the SEC. Are the AI’s causing a compliance gap for the IA’s?
If an AI-generated piece of content is electronically communicated, SEC rules are clear: it counts as correspondence, exists externally, and is subject to discovery and record keeping requirements.
However, if the content is stored within an application or cloud and not actively sent, it may not qualify as a "sent or received" communication under Rule 204-2 or similar rules. SEC record keeping rules for advisers (and broker-dealers) specifically apply to communications sent or received as correspondence, not every internal document. A Zoom meeting transcript stored in the cloud could be considered similar to personal notes until actively used in communication.
The situation changes once content is forwarded or distributed. If an adviser emails an AI-generated meeting summary to a client or colleague or posts a transcript excerpt in a chat, it becomes a written communication subject to regulatory requirements. Such content must be retained if related to covered topics (advice, recommendations, etc.), which is likely the case with investment-related client meetings. Practically, if a Zoom AI Companion emails a meeting summary, that email requires retention like other client communications. Similarly, posting an Otter transcript excerpt in a trade-related team chat transforms it into a required record.
But what if the transcript isn't shared? Opinions vary. A conservative view suggests AI transcripts of advisory discussions should be retained even if not shared externally, as they might be the sole detailed record of advice given. For example, Stark & Stark law firm cautions, "once translated into written form, the SEC could consider transcripts and summaries as written communications regarding investment advice." Under this view, advisers should archive AI-generated transcripts proactively. Compliance officers following this approach prefer archiving to risking non-compliance.
Conversely, one could argue that internal-only AI-generated records aren't required records until externally shared, based on Rule 204-2 explicitly covering "communications sent by the adviser or received," not internal notes or unsent automated files.
Currently, no explicit SEC guidance covers AI meeting transcripts, leaving firms operating by interpretation. An emerging consensus is that internal-only AI-generated content likely isn't a "communication" record but becomes one if shared externally.
Advisers should proceed cautiously, considering ambiguous scenarios: If a transcript is automatically accessible to participants via platforms like Teams or Zoom, does that count as "sending"? Participants technically receive access. Also, if an adviser internally uses a summary to inform advice and later deletes it, the SEC might disapprove if it was the sole documentation of discussed advice during an examination. Given these complexities, many firms prefer retention or policies ensuring essential transcript information is formally documented elsewhere.
Relying on the argument that untransmitted AI-generated text escapes SEC record keeping rules because it hasn't been "sent" or "received" is a precarious stance. While Rule 204-2(a)(7) focuses on transmission, it also broadly requires maintaining records "relating to [the] investment advisory business." If AI-generated content is used internally - to inform client advice, update CRM notes, or for supervisory review - it arguably becomes a business record regardless of transmission. The SEC prioritizes substance over form, and using content while claiming it's exempt contradicts the rule’s intent. Moreover, AI-generated content is easily transmitted - a summary pasted into an email, CRM, or chat instantly triggers record keeping obligations. Assuming untransmitted AI text is exempt is a risky harbor that may lead to non-compliance and regulatory issues.
If AI-generated meeting texts are considered records (at least in certain circumstances), advisers must retain them according to SEC rules. Rule 204-2 generally requires retention of records for five years. Failing to retain applicable “written communications” can result in deficiencies or enforcement actions. The SEC has recently enforced actions against firms for failing to preserve business-related chats and texts, underscoring the seriousness of record keeping obligations.
Could AI transcripts become the next area of “off-channel” enforcement? It’s possible. Advisers might rely on Zoom or Otter to capture meeting details, but if transcripts aren’t integrated into firm archiving systems, they could temporarily exist on vendor platforms before disappearing. If transcripts include recommendations or trade discussions (communications related to advice or orders), advisers are required to retain them. Allowing transcripts to auto-delete or not saving them could inadvertently constitute destruction of required records. SEC compliance rules emphasize preventing the “untimely destruction” of records. An examiner could reasonably inquire about transcript retention practices. A firm unprepared, such as using Teams transcripts without retaining them, could face issues if those transcripts qualify as advisory communications.
Discovery and litigation risks also warrant attention. If a firm enters a dispute (regulatory or civil litigation) over client communications, AI transcripts might become discoverable evidence. Even if not explicitly required by SEC rules, existing transcripts could be subpoenaed. A problematic scenario arises if a client retains a transcript or Zoom summary email while the adviser does not. During an SEC exam or arbitration, the client could produce the transcript showing discrepancies or problematic statements, putting the adviser on the defensive regarding inconsistent record keeping. At best, this scenario is embarrassing; at worst, it could lead to a books-and-records violation or evidence spoliation charges.
Another concern is the accuracy of AI-generated content. Transcription algorithms may produce errors or omit nuances and context. While SEC rules don’t explicitly address record accuracy in this context, advisers have a fiduciary duty to avoid providing or relying on inaccurate information. Circulating an AI-generated meeting recap containing errors (e.g., incorrect figures or misstated recommendations) could result in liability if clients rely on it. Compliance officers should ensure processes are in place to review shared summaries for accuracy. At a minimum, consider annotating known errors or retaining raw audio to verify details if saving transcripts as official records.
For IT and compliance teams at advisory firms, AI meeting content can be a blind spot because it falls between traditional communication categories. It’s neither email nor human-authored documents, nor purely oral exchanges, creating uncertainty about ownership. Often, IT departments enable transcription or summary features in platforms like Teams or Zoom for efficiency, unaware that compliance may not realize sensitive conversations are being automatically converted to text and stored outside official channels.
Key challenges and risks include:
Lack of Awareness: Compliance officers might not know advisers or staff are using tools like Otter or receiving automatic Zoom summaries. Such features may be enabled by individual users or defaults, resulting in written client discussion records existing unnoticed in AI tools.
Untimely Destruction: If transcripts qualify as required records, allowing auto-deletion or manual deletion could breach SEC retention requirements, constituting "untimely destruction" flagged by examiners. Firms might permit deletion if their policy considers transcripts non-essential unless shared externally, but an SEC disagreement later could make such deletions problematic. Firms should clearly document retention stances in procedures (e.g., transcripts retained only if externally disseminated via email archives).
Regulatory Uncertainty: The SEC hasn't provided explicit guidance on AI-generated records, forcing firms to interpret older rules. This uncertainty necessitates judgment calls. Conservative firms may disable these AI features entirely for regulated staff, avoiding risk. Innovative firms may use them but incorporate compliance processes. Either way, firms should have a clear rationale. If the SEC asks during an examination about transcript retention, firms must be prepared to explain policies aligned with current rules.
Firms and vendors are developing practices to address this blind spot. Examples of industry approaches include:
Policy Updates & Training: Investment advisers are updating written supervisory procedures to explicitly address AI-generated content. Policies now instruct treating AI meeting transcripts or summaries as correspondence if shared externally, ensuring they're preserved. Firms are training staff, including advisers and IT, to recognize that seemingly innocuous tools like AI meeting assistants are subject to compliance oversight. For example, IT staff enabling Zoom features now inform compliance: “This feature emails out a written summary – should we activate it?”
Disabling or Restricting Features: A straightforward approach is disabling transcription and summary features for client meetings or sensitive discussions entirely. Without these features, no record requiring special handling is created. An adviser might decide automatic transcripts aren't worth regulatory hassle, relying instead on manual notes retained in client files. Alternatively, some firms permit transcripts only for internal meetings, minimizing risks of uncaptured client advisory records.
Controlled Dissemination: Firms using AI note-taking commonly control distribution. Many prevent automatic sharing of AI summaries with clients directly. Instead, advisers receive transcripts or summaries first, then incorporate relevant portions into official follow-up emails or memos, which are archived. This aligns with guidance suggesting AI-generated content isn't retained communication unless actively transmitted via email or chat. Funneled into approved communication channels, only genuinely relied-upon or communicated content is preserved. The original AI transcript might then be discarded after use, analogous to discarding rough drafts once final copies are saved.
Vendor Solutions for Archiving: Compliance technology vendors are enhancing solutions to meet these new demands. Providers offer integrations enabling platforms like Zoom or Teams to deliver transcripts automatically to secure archives. Tools like SteelEye capture meeting texts and analyze them for compliance risks. Some firms implement comprehensive solutions, capturing all transcripts, chats, and recordings by default. This addresses retention thoroughly but increases storage costs and review burdens. To manage volume efficiently, firms typically apply data classification and filtering - formally archiving only client meetings or flagged conversations, while purely internal dialogues remain excluded.
To navigate this complex terrain, investment advisers should take immediate, concrete steps:
Inventory & Assess: Conduct a thorough inventory of AI-powered meeting transcription and summarization tools used within the firm, whether officially sanctioned or ad-hoc. Understand each tool's functionalities, data storage protocols, default retention settings, security features, and actual usage by personnel.
Update Policies & Procedures (Rule 206(4)-7): Develop new or revise existing compliance policies specifically addressing AI meeting tools. Policies must cover:
Approved Technologies: Clearly define permitted and prohibited AI tools and features, especially those with auto-delete or insufficient security.
Consent: Establish and document protocols for obtaining participant consent before enabling AI recording or summarization.
Archiving Mandate: Require AI-generated texts intended for business use to be transferred to the firm’s SEC-compliant communications archive.
Configuration: Mandate compliant settings, such as disabling auto-delete features, setting retention periods to meet or exceed SEC standards, and enhancing security controls.
Accuracy Verification: Implement procedures for reviewing and verifying AI-generated transcripts or summaries before use. Document material corrections.
Supervision: Define supervisory review processes for AI-generated content related to investment advice, client interactions, or marketing claims.
Data Governance: Establish protocols managing the security and confidentiality of data processed by AI tools, including vendor due diligence and restrictions on external AI training data usage.
Technology Integration: Ensure approved AI tools automatically archive texts into SEC-compliant systems.
Training: Conduct mandatory training for personnel on compliance policies, data privacy, risks, and proper AI tool use.
Testing & Auditing: Regularly test technological controls and audit adherence to policies.
AI-driven transcription and meeting summary tools significantly boost productivity, collaboration, and client service. However, as with any innovation in regulated industries, they raise potential SEC record keeping obligations. Depending on your firm’s circumstances and risk appetite, three primary approaches exist:
Prohibit the Tools Altogether: Some firms disable or ban AI transcription to avoid inadvertently creating records requiring retention. This strategy avoids regulatory uncertainty but sacrifices convenience and efficiency benefits from AI-generated summaries.
Use the Tools but Assume They Don’t Count as Written Records: Another approach interprets SEC rules narrowly - arguing that AI-generated transcripts aren't official communications unless explicitly "sent" or "received." Firms might allow tools but rely on default deletions or treat transcripts as internal notes exempt from archiving. This method reduces storage obligations but depends on a risky legal interpretation that the SEC might challenge.
Leverage the Tools and Archive the Output: The most conservative approach treats AI transcripts as discoverable written communications. Firms using this method ensure AI-generated texts are captured and archived via compliance tools or e-surveillance solutions (e.g., SteelEye). While requiring greater technical integration and oversight, this strategy aligns closely with SEC record keeping standards.
Regardless of your chosen path, recognize that these "efficiency boosters" might create unforeseen complications in SEC examinations or litigation. If regulators request records you didn't think necessary to retain - or if generated texts were never archived - the resulting risks and efforts could exceed those of implementing clear initial policies.
In conclusion, AI-generated transcripts and summaries offer substantial advantages, but careful consideration is critical in a regulated environment emphasizing compliance documentation. Only through clearly defined policies, regular training, and transparent oversight will firms be able to harness AI benefits while simultaneously mitigating potential record keeping risks.
SteelEye's comprehensive communications surveillance solution means financial firms can integrate voice effortlessly into their compliance frameworks.
SteelEye partners with Intelligent Voice for voice transcription. Intelligent Voice's specialized voice models are designed for the financial sector. The technology understands the noisy environments of trading floors and the industry-specific jargon traders use, providing unparalleled transcription accuracy in this context. By working with Intelligent Voice, SteelEye offers a highly accurate and accessible voice transcription, enabling comprehensive voice surveillance without the high costs of traditional systems.
SteelEye offers comprehensive support for multiple languages and handles various accents and dialects, ensuring accurate transcription across diverse linguistic backgrounds. The system automatically identifies and transcribes sections in different languages and integrates translations directly into the transcript, allowing compliance teams to efficiently analyze multilingual conversations without needing external tools.
SteelEye treats voice data as a core component of its surveillance platform, seamlessly integrating it with text-based communications. Compliance analysts have access to the same robust risk detection tools for both voice and electronic communications, enhancing the overall effectiveness of risk management.
SteelEye’s Compliance CoPilot leverages AI to provide alert scoring, risk analysis, and resolution suggestions, speeding up the alert review process by up to 75%. This ensures compliance teams can focus on the most critical risks with reduced manual effort.