This blog is part of our Defensible AI series for RIAs, focused on AI compliance, risk management, and governance challenges.
This article explains why shadow AI creates risk when employees, advisors, or contractors use unapproved AI tools.
Next in this series look at why human oversight remains essential to responsible AI use and long-term accountability.
Read Chapter: 1 | 2 | 3 | 4 | 5
Across the industry, employees, consultants and advisors are increasingly turning to AI tools to improve productivity, speed up workflows, and simplify daily tasks. The problem is that much of this adoption happens informally, often without compliance, legal, or technology teams fully understanding where AI is being used or what data is being exposed.
This growing challenge, often referred to as shadow AI, creates a level of risk that traditional supervision models were not designed to handle. A simple action such as pasting client information into a public AI tool, using a personal chatbot account for firm business, or enabling an unapproved AI plug-in can create privacy, cybersecurity, recordkeeping, and supervisory concerns almost instantly.
AI governance starts with visibility.
Before your firm can supervise AI use, it needs to know where AI exists, what data it touches, and which workflows may create regulatory exposure.
See how SurgeONE helps RIAs build defensible AI oversight.
As AI becomes more accessible and embedded into everyday applications, firms can no longer rely solely on policies and annual attestations to manage these associated risks.
Many compliance risks arise from formal firm decisions. AI is different because a large portion of risk may arise from informal employee behavior. This is the problem of shadow AI.
Shadow AI occurs when employees, advisors, contractors, or representatives use unapproved AI tools for firm business outside the firm’s governance framework. It may involve a personal ChatGPT account, a free AI assistant, a browser plug-in, a transcription tool, a personal Copilot account, or an AI feature inside a consumer application.
The exposure is especially significant for firms with decentralized workforces, remote employees, independent contractors, or advisors using their own devices and networks. Historically, firms have often relied on questionnaires asking independent representatives whether their devices were patched, encrypted, and free of unauthorized applications. The weakness of that model is obvious: firms have to rely heavily on self-reporting.
AI creates a similar challenge, but with broader implications. An employee can copy client data into a public AI tool in seconds. A representative can use a personal AI account to generate a client report. An advisor can paste account information into a chatbot to prepare a meeting summary. A contractor can use an AI note-taker without understanding whether the transcript is being stored or used to train a model.
If the firm does not know this activity is happening, it cannot evaluate privacy, recordkeeping, supervision, or data security implications.
The ability to detect shadow AI use is becoming one of the most important practical challenges for compliance and technology leaders.
Firms may be tempted to solve shadow AI with an annual certification. Employees can be asked to confirm that they are not using unauthorized AI tools or entering client data into public platforms. Certifications are useful, but they are not sufficient.
Regulators have already shown skepticism toward compliance programs that rely entirely on certifications without testing. The same concept applies to off-channel communications, outside storage, personal devices, and other areas where employee behavior can occur outside firm-approved systems. A certification may help show that expectations were communicated, but it does not prove that the firm had a reasonable supervisory process.
A defensible AI control framework should include multiple touchpoints:
The firm should not rely on a single control. A policy without training will not be enough. Training without testing will not be enough. Testing without documentation will not be enough. Defensibility comes from the combination.
AI training should not be generic. Employees need to understand the specific types of information that should not be entered into unapproved tools. They need concrete examples of prohibited conduct.
For example, a firm should train employees not to paste the following into public or unapproved AI systems:
Employees may not understand what qualifies as non-public information or personally identifiable information unless the firm explains it clearly. Firms must train staff on what PII means, what confidential information means, and why client or firm information cannot be entered into unapproved AI tools.
This training should be role-specific. A portfolio manager, client service associate, operations analyst, CCO, CIO, and CEO may each use AI differently. The firm should explain AI risk in the context of real workflows.
For example:
Training and documentation also matter because they help distinguish between an employee who made a mistake and an employee who intentionally circumvented firm controls.
If an individual goes around the firm’s systems, sets up a separate account, or tries to avoid monitoring, the behavior can move from negligence to intentional avoidance.
This distinction is important. A firm cannot prevent every rogue action. But it can reduce firm-level exposure by showing that it had reasonable procedures, communicated them clearly, trained employees, collected certifications, tested compliance, and used reasonable methods to detect violations.
A defensible AI program should therefore document not only what the firm prohibits, but how the firm communicates, monitors, tests, and enforces those prohibitions.
If an examiner asked how your firm knows employees are not entering client information into unapproved AI tools, would your answer rely only on policy language and annual attestations?
Shadow AI is quickly becoming one of the most difficult compliance and governance challenges firms face. The issue is not simply whether employees are using AI, it is whether firms have a reasonable framework for identifying, supervising, and controlling that usage before it creates regulatory, operational, or reputational exposure.
Organizations need layered controls that combine training, oversight, testing, monitoring, and documentation. Employees must understand not only that AI creates risk, but how that risk appears within their specific day-to-day responsibilities and workflows.
RIAs and wealth management firms can significantly strengthen their defensibility by demonstrating that they communicated expectations clearly, implemented practical safeguards, tested compliance, and maintained reasonable supervisory processes. As AI adoption continues to accelerate, the organizations best positioned for long-term success will be the ones that treat AI governance as an ongoing operational responsibility.