Financial Services + AI: GLBA, FFIEC, and Securities Compliance for ChatGPT and Claude in 2026

Short answer: Banks, broker-dealers, RIAs, and other financial institutions can use ChatGPT, Claude, and similar AI tools — but the GLBA Safeguards Rule, FFIEC IT guidance, FINRA Notice 24-09, and the SEC's predictive-data-analytics proposal collectively raise the bar well above "the vendor is SOC 2." This guide explains, in plain English, what financial-services regulators actually expect of an AI deployment in 2026, the specific risks unique to financial workflows, and the controls that hold up under examination.

The five regulatory regimes that touch every AI decision

For a US financial institution, generative-AI use rarely sits under a single regulator. In practice, the relevant regimes overlap:

• GLBA Safeguards Rule (16 CFR §314 / FRB & OCC equivalents) — requires a written information security program with risk assessment, access controls, encryption, vendor oversight, and incident response. The 2023 amendments introduced a 30-day notification requirement for unauthorized acquisition of unencrypted customer information affecting 500+ consumers.
• FFIEC IT Examination Handbook — supervisory expectations covering risk management, third-party relationships, and information security. The 2024 update adds explicit guidance on "Authentication and Access to Financial Institution Services and Systems," and the FFIEC has issued joint statements on managing risks associated with AI and machine learning.
• OCC Bulletin 2013-29 / SR 23-4 / FDIC FIL-29-2023 (Interagency Third-Party Risk Management) — sets the baseline for AI-vendor due diligence, contracts, ongoing monitoring, and termination. The interagency final guidance explicitly applies to AI providers as third parties.
• FINRA Notice 24-09 (and predecessors) — addresses the use of generative AI by broker-dealers, including supervision, recordkeeping (FINRA Rules 4511, 2210), suitability (Rule 2111), and the requirement that AI-generated communications with the public meet content standards.
• SEC Predictive Data Analytics Rule (proposed 2023, evolving in 2024–2026) — would require investment advisers and broker-dealers to eliminate or neutralize conflicts of interest associated with predictive-data analytics, including generative AI, used in investor interactions.

In addition, state regimes (NY DFS Part 500, California CCPA/CPRA, similar laws in CO, CT, UT, VA, TX) layer on top, and the EU AI Act applies extraterritorially when an AI system's output is used in the EU.

Why financial workflows are higher-risk than the average AI use case

Three properties of financial work make casual AI use risky in a way generic productivity tools are not:

1. Customer NPI is regulated at the point of disclosure. Under GLBA, "nonpublic personal information" — names tied to account numbers, balances, transaction histories — is regulated when shared with non-affiliated third parties. Pasting a portfolio summary into a non-BAA AI tool can be a controlled disclosure.
2. MNPI / insider information is categorical. Material non-public information about issuers (an unannounced earnings figure, a pending M&A target) is subject to securities laws. Prompts containing MNPI to a tool with retention or training rights raise insider-trading and Reg FD concerns that no after-the-fact remediation can fully cure.
3. Books-and-records obligations make every AI interaction a potential record. SEC Rule 17a-4 and FINRA Rule 4511 require firms to preserve communications related to their business. The 2024 SEC enforcement sweep over off-channel communications fined a dozen+ firms billions of dollars; AI chats are the next frontier of that scrutiny.

What examiners look for in 2026

Based on public exam priorities (SEC OCIE, FINRA Reg Notice 24-09, OCC Semiannual Risk Perspective) and bank-regulator guidance, the recurring questions are:

• Inventory. Does the firm know which AI tools its workforce uses, including unsanctioned ones?
• Risk assessment. Has the firm assessed each AI use case against confidentiality, integrity, availability, accuracy, and consumer protection?
• Vendor due diligence. For each material AI provider, does the firm have a current SOC 2, a DPA, evidence of training-opt-out / zero-retention, and a clear path to terminate?
• Customer NPI controls. What technical controls prevent NPI from reaching non-approved AI tools?
• MNPI / insider information controls. What controls prevent MNPI from being entered into AI tools at all?
• Recordkeeping. Are AI prompts and outputs preserved per Rule 17a-4 / 4511, retrievable, and tamper-evident?
• Communications with the public. Is AI-generated marketing or client-facing content reviewed and approved per FINRA Rule 2210?
• Model risk management. For AI used in decisions (fraud, AML, lending), does the firm follow SR 11-7-equivalent model-risk-management practices?
• Incident response. Is "AI prompt-leakage incident" in the IR runbook, with notification timelines that match GLBA, NYDFS Part 500, and applicable state laws?

A firm that cannot answer most of those clearly will struggle in an exam regardless of how strong its AI vendor's marketing is.

The product-tier reality for financial workflows

As of April 2026, the practical lay of the land is:

• OpenAI ChatGPT Free / Plus / Team (consumer) — May retain prompts for abuse monitoring; may use prompts for training unless opted out; not eligible for an enterprise data-processing addendum (DPA). Materially harder to defend for any workflow involving NPI or MNPI.
• OpenAI ChatGPT Enterprise / Edu / API — Zero Data Retention available; not used for training; SOC 2 Type II; enterprise DPA. Workable for customer NPI under proper configuration; MNPI use still requires firm policy.
• Anthropic Claude (claude.ai and API) — Excluded from training by default; enterprise DPA and zero retention available; SOC 2 Type II.
• Google Gemini (consumer) — May retain and human-review prompts on free tier; Workspace and Vertex AI under separate enterprise terms.
• Microsoft 365 Copilot / Copilot Chat (Commercial Data Protection) — Prompts not used for training when signed into an eligible commercial account; integrates with M365 audit logs.

Every one of these products is configurable in ways that change the regulatory analysis. The firm's compliance position depends on the specific tier, contract, and configuration — not on the product family.

Real-world workflow patterns financial firms are actually using

The patterns below are drawn from public RegTech case studies and 2024–2026 examiner letters in the public record:

• Research and summarization with redacted input. Analysts use enterprise AI to summarize SEC filings, broker reports, and internal research — with names of held positions, client identifiers, and MNPI redacted at the browser layer before transmission. A local-first redaction tool (e.g., Sonomos) detects entity categories such as customer names, account numbers, ticker symbols flagged as restricted, and replaces them with reversible tokens before the prompt leaves the device.
• Marketing and communications drafting. Wholesalers and marketing teams use AI to draft public-facing content. Outputs go through the firm's standard FINRA Rule 2210 review queue before publication; AI-generated drafts are flagged in the workflow.
• Compliance and surveillance assistance. Compliance teams use AI to triage alerts, summarize transcripts, and draft case narratives — with strict isolation from production data and a human-in-the-loop signoff before any action.
• Internal Q&A on policy. AI assistants trained on (or grounded in) the firm's own policy documents answer staff questions, reducing the temptation to paste sensitive context into consumer tools.

In each pattern the principle is the same: keep regulated data inside the firm or its BAA-equivalent boundary, and use technical controls to make the safe path the easiest path.

Examples: what is and is not defensible

| Scenario | Defensible? | Why | | --- | --- | --- | | Advisor pastes a client's full account statement into ChatGPT Plus to "explain the holdings" | No | NPI to a non-DPA, non-zero-retention account | | Advisor uses ChatGPT Enterprise (DPA + ZDR) to summarize the same statement, with the client's identifiers redacted at the browser via a local-first tool | Yes | NPI never leaves the device unmasked; reversible tokens preserve utility | | Trader pastes an unannounced earnings figure into Claude to "draft talking points for the call" | No | MNPI to a third party; Reg FD and insider-trading exposure regardless of vendor | | Compliance analyst uses an enterprise AI tool to draft a SAR narrative from anonymized facts | Defensible with controls | Strict scope, audit log, human signoff, books-and-records preservation | | Marketing copywriter uses ChatGPT to brainstorm headlines from public data | Yes | No NPI / MNPI; outputs go through Rule 2210 review | | Wealth team uses a private LLM grounded on the firm's policies to answer staff Q&A | Yes | Properly governed internal use case |

Frequently asked questions

Does signing a DPA make ChatGPT GLBA-compliant?

A DPA is necessary but not sufficient. GLBA requires a written information security program, risk assessment, vendor oversight, encryption, access controls, and incident response. A DPA addresses one slice — what the vendor may do with your data. The firm is responsible for the rest.

Are AI-generated client communications subject to FINRA recordkeeping?

Yes, if they relate to the firm's business and are sent to or received from clients or counterparties. FINRA Rule 4511 and SEC Rule 17a-4 do not exempt content because an AI helped draft it. Retain inputs and outputs in the same media-neutral retention system you use for email and chat.

What about MNPI in agentic AI workflows?

Agentic systems that browse, read documents, or call internal APIs can encounter MNPI as a side effect. Treat the agent's runtime as a privileged context: limit its tool surface, isolate per-user identity, and apply egress controls. Logging and replay help with both supervision and incident response.

How does the EU AI Act affect a US financial firm?

If the firm or its vendor places an AI system on the EU market, or the system's output is used in the EU, the AI Act's risk-tier obligations can apply. For most generative-AI use in US firms, the practical impact is on documentation, transparency, and human oversight. Coordinate with EU counsel before assuming the regime does not reach you.

What does a defensible AI inventory look like?

A spreadsheet (or tool-managed registry) listing each AI system used by the firm, its owner, its data classification, vendor, contract status, training/retention configuration, last risk assessment date, and approved-vs-prohibited use cases. Keep it current; examiners ask for it as a starting point.

Is browser-level redaction enough on its own?

It is one layer, not the whole program. Local-first redaction with a tool like Sonomos materially reduces the chance that NPI reaches a non-approved AI account, and it is increasingly cited as a "reasonable measure" in regulatory discussion. It complements — does not replace — a complete information-security program.

A short checklist for compliance, IT, and risk teams

• Maintain a current AI inventory, including unsanctioned tools observed in usage data.
• Map each AI use case to GLBA, FFIEC, FINRA, SEC, and applicable state requirements.
• Choose enterprise tiers with DPAs and zero-retention configurations; block consumer endpoints.
• Deploy local-first redaction at the browser layer for all customer-facing and research workforces.
• Preserve AI prompts and outputs per Rule 17a-4 / 4511, including for unsanctioned-tool incidents.
• Add AI-prompt-leakage scenarios to the incident-response runbook with GLBA / NYDFS / state notification timelines.
• Update the firm's communications policies (FINRA Rule 2210; advertising rules) to address AI-generated content.
• For AI used in decisions, apply SR 11-7-style model-risk-management.
• Run an annual independent assessment of the AI program, not just the underlying vendors.

The bottom line

For financial services in 2026, "AI compliance" is not a single conversation; it is GLBA, the FFIEC handbook, FINRA notices, SEC priorities, state law, and (often) the EU AI Act all interacting with each AI use case. Firms that succeed in examinations are not the ones with the most expensive AI vendor — they are the ones that have inventoried what the workforce actually does, made the safe path the easy path with technical controls, and can produce documentation on demand. Generative AI is genuinely useful inside a well-governed program. Outside of one, it is an enforcement case waiting for a trigger.