Marketing copy drafted by ChatGPT. Pitch books with AI-generated commentary. Note assistants pulling client data into vendor tools nobody vetted. Two AI-washing enforcement actions on the books, a Marketing Rule risk alert in every CCO's inbox, and Reg S-P amendments hitting smaller advisers June 3, 2026.
Merkon runs a fixed-price, 14-day Shadow AI Evidence Room engagement. By Day 14 your CCO walks into the next exam with everything documented.
AI adoption among independent registered investment advisers has more than doubled since 2023. Advisers use AI in marketing, in client communication, in research, in note-taking.
But most don't have an AI policy. Books and records rules don't account for prompts and outputs. Pitch books reference AI without disclosure review. And the SEC has noticed.
Source: Schwab Advisor Services 2025 RIA & AI Research Study (n=533, fielded Oct 2025).
SEC Division of Examinations issued a Marketing Rule compliance risk alert flagging Testimonials & Endorsements and Third-Party Ratings deficiencies. AI-generated marketing copy is now squarely in scope.
Two SEC enforcement actions against advisers misrepresenting AI use in their marketing materials. Saying you "use AI" without documenting how is now an enforcement risk.
Smaller advisers must have a written incident-response program. Carriers are increasingly requiring documented AI-vendor scope as part of cyber renewal.
FY2026 SEC exam priorities flagged AI-driven threats. Examiners are asking AI questions in current exams. CCOs without an AI policy and inventory are answering them on the fly.
A complete Evidence Room pack across five regulatory anchors — AI Tool Inventory · Marketing Rule Exposure Review · Reg S-P Vendor & Data Evidence · Books-and-Records Gap Analysis · CCO Exam Memo & Roadmap. Built for SEC-registered RIAs. Mapped to the Investment Advisers Act, NIST AI Risk Management Framework, and ISO 42001.
Structured inventory of every AI tool the firm uses — sanctioned and shadow — mapped to use cases, user groups, data inputs, output types, and recordkeeping touchpoints. Covers enterprise AI assistants, meeting-note vendors, CRM and portfolio AI features, marketing and content AI, advisor and staff productivity AI. Pulled from SSO logs, SaaS spend, browser extensions, and an employee survey.
Review log of AI-assisted firm communications and marketing materials against Advisers Act Rule 206(4)-1, with flagged claims, attribution gaps, and approval-workflow exceptions. Covers website copy, newsletters, LinkedIn and social, pitch decks, testimonials and endorsements, and “AI-powered” / “AI-driven” claims.
Vendor inventory and data-flow map for AI and AI-adjacent vendors that touch customer information, with controls and gaps mapped against the Reg S-P amendments’ incident-response and oversight requirements. Covers AI vendor inventory, customer-information exposure map, vendor due diligence file, and incident-response inputs for AI-specific scenarios.
Gap analysis of AI-assisted communications, prompts, and outputs against Advisers Act Rule 204-2 retention obligations, with recommended approval and retention workflows. Covers AI-assisted email and client communications, prompt and output handling, marketing approval log, and staff attestation records.
Standalone memo summarising scope reviewed, key findings, evidence folder index, and critical gaps and quick wins with owners and timelines. Sized for board or audit-committee circulation. Covers scope, findings, evidence folder index, policies created or updated, open risks, and next 90 days.
Operational compliance evidence and policy drafts prepared for CCO and counsel review and adoption. Not legal advice. Not SEC certification. Firms should consult counsel and Chief Compliance Officer regarding specific obligations under the Investment Advisers Act of 1940 and related rules.
The engagement runs 100% remote over Zoom and a shared workspace. Your CCO and one or two IT/operations contacts are involved. Nothing else is required from the firm.
Every engagement is a 14-day fixed-fee productised service — not hourly billing, not open-ended retainer. Fee is scoped against firm size, complexity, and timing during a 20-minute discovery conversation. Payment structure is 50% at signature of the SOW, 50% on Day 14 delivery. A limited Design Partner cohort is open to early firms in exchange for a written testimonial and anonymised case study permission.
Half the fee at signing of the SOW. Half on Day 14 delivery. If by Day 14 we have not delivered the full deliverable pack — AI tool inventory, Marketing Rule exposure review, Reg S-P vendor and data evidence, books-and-records gap analysis, and the CCO-ready exam memo — the second invoice is waived and the firm keeps every artefact, every policy, every document. The trigger is non-delivery on our side — not subjective applicability after the fact.
Merkon is lean by design — every engagement is delivered directly by the founder with independent senior reviewer QA before deliverables reach the CCO. No junior associates running point on your engagement, no sales-side handoff. All deliverables undergo independent QA review by a senior compliance advisor prior to delivery.
Background in financial audit and assurance — mid-market engagements, IFRS standards, Big 4 methodology. Financial statement audit and advisory experience prior to founding Merkon.
MSc Management, Bayes Business School (City, University of London).
Connect on LinkedInAI compliance for a $500M–$10B AUM RIA is a 2-week problem with one decision-maker: the CCO. Big 4 firms can't price below $50,000 because of their cost structure. Boutiques cluster at $20K–$35K because they staff every engagement with a manager and two associates.
A lean operator running on Claude-assisted automation, fixed scope, and 14-day delivery does the same work for a fraction of the cost — and the CCO is talking to the person doing the work, not a sales lead.
Every deliverable undergoes independent QA review by a senior compliance advisor — a former CCO or securities counsel with deep RIA experience — before handoff. Advisor identified on engagement letter.
The engagement is bounded, productised, and built for repeatability. No year-long retainers, no scope creep, no monthly meetings about meetings. By Day 14 the firm has what it needs — or it doesn't pay.
For CCOs, COOs, and Managing Partners at SEC-registered RIAs. We'll spend 20 minutes on what AI your firm is actually using, what's exposed, and whether a 14-day Shadow AI Evidence Room engagement makes sense for you. If not, we'll say so.