Chevron Left
ALL RESOURCES
July 7, 2026

AI Can Improve Efficiency but Human Insight Still Drives Accountability

This article is part of our Defensible AI series for RIAs, focused on using artificial intelligence responsibly in a regulated advisory environment.

This blog explains why AI should support qualified professionals, while human review, supervision, and accountability remain critical.

Continue exploring why RIAs should build practical AI governance now instead of waiting for AI specific regulations.

Read Chapter: 1 | 2 | 3 | 4 | 5

Chapter #3 Introduction

AI can dramatically improve efficiency across compliance, operations, supervision, and client service functions. It can summarize information in seconds, organize large data sets, draft policies, identify patterns, and accelerate workflows that once took hours. But speed and efficiency do not eliminate the need for human judgment.

For RIAs, one of the biggest misconceptions about AI is the idea that human oversight is simply a formality. In reality, oversight is what determines whether AI use is responsible, controlled, and ultimately defensible. AI-generated content may appear polished and credible while still containing errors, omissions, outdated information, or assumptions that do not reflect the firm’s actual business practices.

AI governance starts with visibility.

Before your firm can supervise AI use, it needs to know where AI exists, what data it touches, and which workflows may create regulatory exposure.

See how SurgeONE helps RIAs build defensible AI oversight.

That is why firms should view AI as a support tool rather than an autonomous decision maker. The value of AI is not in replacing accountability, but in helping qualified professionals work more efficiently while still applying the judgment, context, and regulatory understanding that technology cannot replicate.

Human Oversight Is Not Optional. It Must Be Qualified, Documented, and Repeatable.

AI can accelerate work, but it cannot assume regulatory accountability. For RIAs, this point should be non-negotiable. Human oversight is not a symbolic control. It is the bridge between AI productivity and regulatory defensibility.

AI systems can hallucinate, produce inaccurate summaries, rely on outdated information, create biased outputs, misunderstand prompts, omit important context, or draft procedures that sound plausible but do not match the firm’s actual business. These risks are amplified when AI is used in compliance, supervision, investment analysis, client communications, or policy drafting.

AI output should not be treated as final. It should be treated as work product requiring review.

The Human Must Be the Right Human

A common mistake is to define human oversight too broadly. Having a human in the loop is not enough if the reviewer lacks the expertise to evaluate the output.

For compliance-sensitive use cases, the reviewer must be qualified. If AI drafts a policy, the reviewer must understand the applicable regulatory requirements, the firm’s business model, the firm’s actual practices, and the consequences of adopting procedures that are inaccurate or unrealistic. If AI summarizes a regulatory issue, the reviewer must be able to identify omissions or misstatements. If AI supports surveillance, the reviewer must understand what the system is flagging and what it may be missing.

The human review process should answer four questions:

  1. Is the AI output accurate?
  2. Is it complete enough for the intended use?
  3. Does it align with firm practices and regulatory obligations?
  4. Has the review and approval been documented?

The fourth question is often the difference between a good internal process and a defensible one. If a firm cannot show who reviewed AI output, what they reviewed, what changes they made, and when they approved it, the firm may struggle to demonstrate effective supervision.

AI-Drafted Policies Create a Specific Risk

Using AI to draft compliance policies and procedures can be helpful, but it also creates a predictable risk. The output may sound sophisticated while failing to reflect the firm’s actual operations.

Firms often have procedures that do not line up with their practices. Once those procedures are adopted, failure to follow them creates regulatory deficiencies.

This is an important point for CCOs. A policy is not defensible because it is well written. It is defensible because it accurately reflects what the firm does, what the rules require, who is responsible, how controls operate, and how exceptions are handled.

AI can generate generic procedures quickly. But generic procedures can be dangerous if they create obligations the firm does not actually meet. For example, if AI drafts a procedure stating that all AI outputs are reviewed weekly by compliance, but the firm does not perform that review, the firm has created a gap between written procedures and actual practice.

That gap can become an examination finding.

A defensible approach to AI-assisted policy drafting should include:

  • Human review by a qualified compliance professional
  • Alignment with the firm’s actual business model
  • Confirmation that assigned responsibilities are realistic
  • Review of recordkeeping requirements
  • Testing of whether procedures can actually be followed
  • Version control and approval records
  • Periodic updates as AI use cases evolve

AI can assist the drafting process. It should not own the compliance judgment.

AI Is Better Treated as an Analyst Than a Decision Maker

AI is best understood as a tool that can gather information, organize it, summarize it, and present it in useful formats. It can function like an analyst or paralegal, but it should not replace the professional judgment of the person responsible for the final decision.

This is a useful operating model for RIAs. AI can help summarize, classify, draft, organize, identify patterns, and accelerate analysis. But final judgment should remain with accountable professionals.

That principle is particularly important for:

  • Compliance policies
  • Regulatory responses
  • Client-facing communications
  • Investment recommendations
  • Risk assessments
  • Exception reviews
  • Cybersecurity incident analysis
  • Vendor due diligence
  • Supervisory decisions
  • Books and records determinations

The more a use case affects investors, client data, regulatory obligations, or firm supervision, the stronger the human oversight should be.

Accountability Cannot Be Outsourced to AI

Regulators will hold someone accountable when AI causes harm. The firm may be accountable as an entity. Individuals may also be accountable if they were responsible for oversight, approval, supervision, or implementation.

This principle should be reflected directly in AI governance documents. The firm should define who owns AI risk at the leadership level, who approves AI tools, who monitors ongoing use, who reviews outputs, who handles exceptions, and who escalates incidents.

For small and mid-sized RIAs, the structure does not need to be overly complex. But it does need to be explicit.

At a minimum, firms should define:

  • Executive sponsor for AI governance
  • Compliance owner for AI policy and supervision
  • Technology owner for security, access, logging, and vendor controls
  • Business owner for each approved AI use case
  • Reviewer or approver for high-risk outputs
  • Incident owner for breaches, misuse, or control failures

The structure should match the firm’s size, but the accountability should be clear.

Conclusion

At the end of the day, AI is still just a tool. It cannot replace experience, judgment, or accountability. In a regulated environment, those responsibilities still belong to people.

That is why firms should be careful not to confuse automation with oversight. AI-generated output may sound polished and convincing, but someone still needs to ask the critical questions, verify the accuracy, and make sure the result actually reflects the firm’s practices and obligations.

The firms that use AI successfully will not be the ones that remove humans from the process. They will be the ones that use AI to support their people while keeping decision-making, supervision, and accountability firmly in human hands. As AI adoption continues to grow, maintaining that balance will be essential to building a program that is not only efficient, but also practical and trustworthy.

Author:  
SurgeONE Team