SEC Intensifies Enforcement on AI Risk Disclosures in Finance

The U.S. Securities and Exchange Commission (SEC) has begun ramping up enforcement actions against financial institutions that fail to provide transparent and comprehensive disclosures of AI-related risks, marking a significant escalation in regulatory scrutiny for AI use in finance. This shift demands immediate attention from CTOs, CISOs, and Compliance Officers at regulated financial firms.

On June 10, 2024, the SEC announced a series of enforcement actions targeting financial firms that did not adequately disclose operational, compliance, and reputational risks associated with their use of artificial intelligence in investor filings, following the release of new AI disclosure guidelines earlier this quarter Financial Times Reuters. The SEC’s Division of Enforcement is now actively investigating firms suspected of omitting or downplaying material AI risks, with several high-profile cases already underway. These actions affect all SEC-regulated financial entities deploying AI in trading, risk modeling, customer service, or compliance functions.

The SEC’s intensified focus comes amid growing concerns about the systemic risks and ethical challenges posed by AI in financial markets, including algorithmic bias, model opacity, and potential for market manipulation Financial Times. The new guidance requires firms to explicitly identify and describe material AI-related risks in their periodic reports and registration statements, referencing the SEC’s mandate under the Securities Exchange Act of 1934 to ensure investors receive all material information Reuters. This move aligns with global regulatory trends, such as the EU AI Act, which also mandates transparency and risk management for high-risk AI systems in finance European Commission.

Financial institutions must now reassess their AI governance frameworks and disclosure practices to avoid enforcement actions, penalties, or reputational damage. CTOs and CISOs should immediately review all AI-related risk disclosures in collaboration with legal and compliance teams, ensuring alignment with the SEC’s new guidelines. Compliance Officers should prepare for potential SEC inquiries and audits by documenting risk assessments, model validation processes, and mitigation strategies for AI systems. Over the next 30-90 days, firms should prioritize updating their risk management policies, enhancing transparency in investor communications, and conducting internal audits of AI deployments to identify and remediate disclosure gaps.

What This Means for Enterprise AI

Financial firms must treat AI risk disclosure as a core compliance obligation under the Securities Exchange Act, not a voluntary best practice. The SEC’s new guidance requires explicit identification of AI-related operational, compliance, and reputational risks in all relevant filings, including 10-Ks and 10-Qs Reuters. Failure to comply may result in enforcement actions, fines, or public censure.

CTOs should immediately inventory all AI systems in production and assess their risk profiles, focusing on areas such as algorithmic bias, data quality, and model explainability. CISOs must ensure that AI risk management controls are documented and auditable, as the SEC is expected to request evidence of ongoing monitoring and incident response plans Financial Times. Compliance Officers should update disclosure language to reflect the specific risks associated with each AI application, referencing both SEC and emerging EU AI Act requirements for cross-border operations European Commission.

In the next quarter, expect the SEC to expand its review of AI-related disclosures during routine examinations and to coordinate with other regulators on cross-jurisdictional AI risk oversight. Firms that proactively enhance their AI governance and disclosure practices will be better positioned to avoid regulatory penalties and maintain investor trust.