Regulatory Insights: Key Takeaways from SIFMA C&L Conference and SEC AI Roundtable
Regulatory expectations continue to evolve in 2025, with important insights emerging from both the SIFMA C&L Conference and SEC AI Roundtable. I've distilled the key discussions on off-channel communications, AI governance frameworks, and changing enforcement priorities to help you navigate the shifting compliance landscape.
Why it matters
Firms must proactively adapt compliance programs, mitigate emerging risks, and ensure they remain ahead of regulatory changes. Understanding these trends is essential for maintaining robust, future-proof compliance frameworks that align with both current and future enforcement priorities.
Off-channel communications: best practices and program evolution
Despite potential shifts in enforcement priorities, the panel on off-channel communications emphasized that this area requires ongoing attention. Panelists characterized it as "a bit of an unsolvable problem," requiring continuous program evolution rather than a one-time fix.
Success in this area starts with program fundamentals: quarterly attestations, regular training, and updated disciplinary frameworks that consistently address violations. However, what truly differentiates effective programs is cross-functional collaboration. The most successful firms are bringing together compliance, legal, business units, and technology teams to develop solutions that work in practice, not just on paper.
Rather than imposing one-size-fits-all solutions, leading firms are customizing their approaches based on how different business units actually communicate. This toolkit approach recognizes that communication styles vary across teams and adapts accordingly while maintaining compliance standards.
On the monitoring front, technology remains crucial for capturing communications across approved channels. Equally important is developing processes to identify new communication channels as they emerge and conducting regular vendor assessments to uncover communication functionalities in business tools that might otherwise go unnoticed.
Even as enforcement patterns evolve, both FINRA and federal regulators remain focused on communication compliance. A CFTC representative emphasized that off-channel communication "is still a violation," making it clear that firms should maintain robust compliance programs in this area regardless of shifting enforcement priorities.
AI governance and risk management
The convergence of insights from SIFMA sessions and the SEC's AI Roundtable revealed a maturing approach to AI governance in financial services. Firms are moving beyond ad-hoc oversight to establish dedicated cross-divisional AI governance committees with representation from business, compliance, legal, risk, and technology functions.
These governance bodies are developing clear policies on appropriate AI usage and associated risks, while implementing mandatory AI literacy training across their organizations. The most sophisticated approaches adopt risk-based oversight that varies in intensity based on use case sensitivity.
Traditional model risk management approaches have proven insufficient for large language models (LLMs). Instead, firms are developing input/output testing approaches that focus on outcomes rather than model internals. This includes creating "ground truth" test cases validated by subject matter experts and implementing continuous monitoring for model drift and performance degradation.
Implementation strategies typically begin with internal productivity use cases before expanding to client-facing applications. This measured approach allows firms to gain experience while managing risk. Industry leaders at the SEC Roundtable emphasized the importance of "right-sizing the risk and controls based off of the risk assessment and where we think the high risk or critical risks are."
Data segregation and thoughtful model selection have emerged as competitive differentiators, with clear data lineage and robust monitoring capabilities serving as the foundation for responsible AI deployment.
Enforcement priorities: the shifting landscape
The enforcement panel featuring regulators from the SEC, CFTC, and FINRA provided valuable insights into evolving priorities. Despite administration changes, fraud and manipulation in core markets remain central concerns, along with retail investor protection and elder fraud. Crypto and AI cases will focus primarily on fraudulent activities, while individual accountability cases will likely receive increased attention.
Several notable changes in approach are emerging. Penalties may be recalibrated, with regulators looking at historical precedents rather than just recent settlements. Self-reporting and cooperation frameworks are becoming more transparent, potentially offering significant penalty reductions for firms that meet specific criteria.
Rule-making processes appear to be becoming more deliberative, with longer comment periods and increased stakeholder engagement. Some regulators indicated that exams may play a larger role relative to enforcement actions going forward, potentially offering more opportunities for remediation before formal actions are initiated.
Key takeaways for financial institutions
As firms navigate this evolving landscape, five key takeaways emerge:
- Maintain robust compliance programs for off-channel communications despite potential enforcement shifts. The fundamental requirements haven't changed even if enforcement approaches evolve.
- Develop comprehensive, cross-functional AI governance frameworks with appropriate risk-based controls that adapt to the unique challenges of newer AI technologies.
- Continue prioritizing communication compliance while recognizing regulators may focus more on substantive violations that directly impact market integrity and investor protection.
- Implement a structured approach to monitoring regulatory trends across formal and informal channels to anticipate compliance expectations before they crystallize into enforcement actions.
- Engage proactively with regulators through comment processes and industry dialogues to help shape the evolving regulatory framework.
While enforcement priorities may evolve, the fundamental focus on market integrity, investor protection, and fraud prevention remains constant.
Share this post!
- Regulatory Insights: Key Takeaways from SIFMA C&L Conference and SEC AI Roundtable - April 9, 2025
- Regulatory Alert: Must-Know Details of the 2025 FINRA Annual Regulatory Oversight Report - February 4, 2025
- 2025 Digital Communications Outlook: Top 5 Predictions - January 14, 2025
Smarsh Blog
Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.
Ready to enable compliant productivity?
Join the 6,500+ customers using Smarsh to drive their business forward.
More Resources
Watch it Work
Contact Us
Chat
Subscribe to the Smarsh Blog Digest
Subscribe to receive a monthly digest of articles exploring regulatory updates, news, trends and best practices in electronic communications capture and archiving.
Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.
FOLLOW US