SEC Intensifies Scrutiny on AI Disclosures in Financial Reports

The U.S. Securities and Exchange Commission (SEC) is ramping up enforcement to ensure that AI-related disclosures in financial reports are accurate, substantiated, and not misleading, directly impacting compliance obligations for financial sector enterprises Financial Times Reuters.

On May 29, 2024, the SEC announced intensified scrutiny of AI-related statements in public company financial filings, warning that unsubstantiated or exaggerated claims about AI capabilities or strategies could trigger enforcement actions. This move targets financial services firms and other regulated enterprises that increasingly reference AI in their risk factors, business strategies, and operational disclosures. The SEC’s Division of Corporation Finance has issued updated guidance and is actively reviewing filings for misleading or unsupported AI references Financial Times.

The SEC’s action is a direct response to the proliferation of AI claims in financial reporting, which the agency believes may mislead investors or obscure material risks. For regulated industries, especially financial services, this aligns with broader regulatory trends such as the EU AI Act and the NIST AI Risk Management Framework, both of which emphasize transparency, risk assessment, and accountability in AI deployments Reuters NIST. The SEC’s focus is on ensuring that disclosures about AI-driven products, risk models, or operational efficiencies are not only accurate but also supported by verifiable evidence, reflecting a shift from permissive to proactive oversight.

Enterprise CTOs, CISOs, and Compliance Officers should immediately review all AI-related disclosures in upcoming financial reports, ensuring claims are evidence-backed and consistent with internal documentation and risk assessments. Over the next 30-90 days, expect increased SEC queries and potential enforcement actions targeting unsupported AI statements. Firms should coordinate with legal and audit teams to validate AI-related risk factors, business model impacts, and compliance with both SEC and cross-jurisdictional AI regulations.

What This Means for Enterprise AI

Financial services firms must treat AI-related disclosures with the same rigor as other material statements, documenting the basis for any claims about AI capabilities, risk mitigation, or business value. The SEC’s focus mirrors requirements in the EU AI Act for transparency and risk documentation, and dovetails with the NIST AI RMF’s emphasis on traceability and accountability NIST. Failure to provide substantiated disclosures could result in SEC enforcement, reputational damage, and potential investor litigation Financial Times.

Operationally, compliance teams should audit all public statements and filings for AI-related content, cross-referencing with technical documentation and risk assessments. CTOs should ensure that AI systems referenced in filings have undergone formal validation and that their limitations are clearly communicated to both internal stakeholders and regulators. CISOs must assess whether AI-related risk disclosures align with actual risk management practices, particularly around model governance, data privacy, and cybersecurity.

Action items:

• Conduct an immediate review of all AI-related disclosures in financial reports.
• Establish a cross-functional task force (legal, compliance, technical) to validate AI claims.
• Update internal documentation to support all public-facing AI statements.
• Monitor SEC communications for further guidance or enforcement trends.