Financial services is the sector where agentic AI buying decisions stall longest, and the reason is consistent across the firms we have visibility into. The procurement question is not whether the platform can perform the task. The procurement question is whether the firm can defend the platform’s use to three separate regulators on three separate frameworks, with the audit trail an examiner will ask for in the first thirty minutes of any examination. Most platforms cannot produce that audit trail. This dossier is the regulatory landscape, the specific questions an examiner will ask, and the structural gap that is killing deals at the compliance review.
The three regulatory regimes a US-domiciled financial services firm has to satisfy simultaneously when deploying agentic AI: FINRA (for broker-dealers, member firms), the SEC (for registered investment advisers, investment companies, and the broker-dealer side via Reg BI and Rule 17a), and applicable state regulators (NY DFS, California DFPI, etc., where the firm is licensed). Each has its own framework. None of them have published agentic-AI-specific rules. All of them apply existing rules to AI deployments and let the firm work out the implementation. This is the consistent failure mode: the rules apply unambiguously; the implementation guidance is the firm’s problem.
FINRA Rule 3110 (Supervision) is the operative rule for agentic AI in a member firm. The rule requires the firm to establish and maintain a supervisory system reasonably designed to achieve compliance with applicable securities laws. When an AI agent takes an action that would have been a registered representative action — drafting client communications, conducting account analysis, generating recommendations, interacting with order management — the supervision rule applies to that action. The supervisor of record has to have the means to review what the agent did, why it did it, and whether it complied with applicable rules. This is structural: the firm cannot delegate the supervisory function to the platform; the firm has to maintain it.
FINRA Rule 4511 (Books and Records) and SEC Rule 17a-4 (records retention) are the operative rules for the audit trail. Rule 4511 requires firms to maintain books and records as required by SEC Rules 17a-3 and 17a-4. Rule 17a-4 requires that broker-dealer records be preserved in a non-rewriteable, non-erasable format (the WORM standard, Write Once Read Many) for the prescribed retention periods (three years readily accessible, six years total for most categories). When the AI agent’s decision sequence is part of the supervisory record, that record needs to meet the WORM standard and the retention period. Logs that are mutable, or that can be silently filtered, do not satisfy 17a-4.
SEC Reg BI (Regulation Best Interest, 17 CFR § 240.15l-1) requires that recommendations to retail customers be in the customer’s best interest. When an AI agent generates a recommendation, the Reg BI obligations apply to the recommendation. The firm has to be able to demonstrate the basis for the recommendation, the conflicts of interest considered, the disclosures made — and the demonstration has to survive an SEC examination, which means the underlying record has to be reconstructable on demand from the firm’s records.
Massive Marketing Industry Notes (MAR) on AI from FINRA — specifically Regulatory Notice 24-09 (June 2024, on supervisory considerations for the use of generative AI) and the 2025 Annual Regulatory Oversight Report’s AI section — establish FINRA’s expectation that firms apply existing rules to AI deployments and document the supervisory framework. The notice does not introduce new rules; it makes explicit that the firm cannot avoid Rule 3110 or Rule 4511 obligations by claiming the AI is autonomous.
What an examiner will ask in the first thirty minutes. The pattern in recent FINRA examinations of firms with AI deployments has been consistent. First question: “Show me the AI inventory — every system, every business function, every supervisor of record.” The firm needs a maintained inventory document. Second question: “For a sample client interaction, show me the full decision record — the prompt, the agent’s reasoning trace, the tools the agent invoked, the data the agent retrieved, and the final action taken — with timestamps and the supervisor sign-off where required.” This is where most firms fail. The platform produces some of these elements, the firm’s logging captures some, the data warehouse retains some, but the firm cannot, on demand, produce the unified decision record. Reconstructing it from disconnected logs takes weeks. The examiner expects it within the examination period.
Third question: “For any flagged interaction — high value, complex product, vulnerable customer — show me the supervisor review.” Rule 3110 supervision is not satisfied by the agent flagging the interaction; it is satisfied by a registered supervisor reviewing the flag. The platform needs to support that workflow with reviewable surfaces, not buried log entries. Fourth question: “For the AI inventory, show me the change log — every model version change, every prompt template change, every policy change, with the date and the change-approver.” This is the SR-15a equivalent for AI: configuration management as a supervisory record.
What the audit-trail problem looks like in practice. A broker-dealer deploys an agentic AI assistant for registered representatives. The assistant drafts client communications, analyses account positions, suggests rebalancing actions for the rep to consider. Each of these is potentially a Reg BI moment, a 3110 supervision moment, and a 4511/17a-4 record. The platform vendor produces a chat log. The platform vendor produces a tool-call log. The platform vendor produces a model-inference log. Three logs. None of them are joined at the platform level. The firm’s SIEM ingests them but doesn’t reassemble them into a per-interaction record. When the examiner asks for one client’s six-month interaction history, the firm has to reconstruct it from three sources, hope nothing is missing, and pray that the timestamps reconcile.
This is the audit-trail problem. The platform’s logs are necessary. They are not the supervisory record on their own. The firm’s compliance team needs the platform to produce a unified, signed, retention-compliant interaction record per client — not three separate logs that the firm assembles after the fact. Vendors who do not produce this are vendors whose deals are stalling at the compliance review. Vendors who do are the ones surviving the procurement.
The structural answer is to treat the interaction record as a first-class output of the platform, signed at production, retained per the WORM standard, and exported to the firm’s record-keeping infrastructure in a format the firm’s compliance team can hand to an examiner without rework. This is what an audit-grade record looks like in practice: per-interaction, with the prompt, the agent’s reasoning trace, the tool invocations, the data retrievals, the final action, the supervisor sign-off (where required), and the policy version active at the time. RFC 3161 timestamps. Merkle-tree anchoring (so the firm can prove the record was not altered after the fact, which is what 17a-4’s non-rewriteable requirement is about). Mapping to the specific FINRA rules, SEC rules, and Reg BI obligations the interaction implicates.
What the firm still owns. The supervisory framework itself is the firm’s. The platform produces the records; the firm’s compliance team determines which interactions require supervisor review, what the review consists of, and how the review is documented. The Written Supervisory Procedures (WSPs) need to address AI explicitly, with the supervisor of record named for each AI system in the inventory. The firm’s training programme has to cover AI use; the firm’s annual compliance certification has to cover AI controls. None of this is the platform’s responsibility, and a firm that expects a platform to deliver these is going to discover the gap at the next examination.
What firms ahead of this curve are doing. They have done three things. First, they have built the AI inventory before deploying the agentic system, not after. The inventory is a living document; every new AI system added is a documented decision with named supervisor of record. Second, they have updated their WSPs to address AI before the system goes live. The update is reviewed by their compliance counsel, not just internal compliance. Third, they have demanded the unified interaction record from the platform vendor in the procurement process; they have not accepted “we produce logs” as an answer. The vendors who can demonstrate the record win the deal. The vendors who cannot are losing.
The state-regulator dimension. NY DFS Cybersecurity Regulation (23 NYCRR 500), as amended in 2023, requires written cybersecurity policies and risk assessments for AI systems where they touch the firm’s information systems. California Consumer Privacy Act and California Privacy Rights Act extend privacy obligations to automated decision-making systems. Massachusetts and Connecticut have proposed legislation. The state regulators are not aligned with each other or with FINRA/SEC, which means a national broker-dealer is satisfying overlapping but non-identical obligations simultaneously. The audit trail that satisfies FINRA satisfies most of the state requirements as a side effect, because the state requirements largely require a documented, retained record of AI-driven decisions touching customer data — which is what the FINRA audit trail already is.
What buyers should ask in the procurement process. First: “Show me the unified interaction record format. For one of your reference deployments, show me a single client’s six-month interaction history as the platform exports it.” The vendor should produce a sample. Second: “What is the retention guarantee? Does the platform meet 17a-4 WORM standards out of the box, or do we need a separate archiving tier?” The right answer is out of the box. Third: “For each of FINRA Rule 3110, FINRA Rule 4511, SEC Rule 17a-4, and SEC Reg BI, name the platform features that support compliance and the customer obligations that remain.” The vendor should answer in regulatory specifics, not in marketing language.
The 2026 FINRA examination programme will continue to focus on AI. The 2025 Regulatory Oversight Report flagged AI supervision as a 2025 priority; the 2026 priorities (published January 2026) carried the focus forward. Firms with AI deployments are being examined on AI specifically. The firms that survive these examinations are the ones whose audit trails are unified, signed, retained, and ready. The firms that struggle are the ones whose audit trails are still being assembled when the examiner walks in.