:max_bytes(150000):strip_icc()/GettyImages-1395109887-90f9e7c2f1d4410ba0a8eaf07fc10e58.jpg "An AI Prompt to Draft an Internal AI Usage Policy for Advisors")
:max_bytes(150000):strip_icc():format(jpeg)/GettyImages-1395109887-90f9e7c2f1d4410ba0a8eaf07fc10e58.jpg)
Key Takeaways
- Financial advisors should create an Internal AI Usage Policy to ensure compliance and protect client data.
- AI tools can improve efficiency but must not process client-specific information or generate unreviewed advice.
- Policies should outline permitted uses, data privacy protocols, and compliance requirements, and be regularly updated.
Get personalized, AI-powered answers built on 27+ years of trusted expertise.
If you plan to incorporate Artificial Intelligence (AI) into your practice as a financial advisor, it’s recommended that you create an Internal AI Usage Policy. While AI can help advisors stay organized, complete complex calculations, and streamline client communications, it can also pose serious risks to client confidentiality and put you at risk of violating regulations under FINRA or the SEC. A policy can outline for your employees and clients how you plan to use AI, and when it is prohibited.
Goal of the Prompt
Creating a policy from scratch can be time-consuming and often requires knowledge of the latest compliance regulations, use cases, and potential risks. By using the prompt below, you can create a comprehensive and customizable Internal AI Usage Policy in minutes.
Your policy should outline the permitted and prohibited uses, data privacy protocols, and compliance requirements, and should be reviewed and refined as AI continues to evolve.
A Prompt to Draft an Internal AI Usage Policy for Financial Advisors
Here’s a structured prompt to help you create a message for concerned clients.
Persona: You are a Certified Financial Planner (CFP).
Context: Our firm is beginning to use AI tools and needs to establish clear guidelines.
Objective: Create an Internal AI Usage Policy that outlines permitted and prohibited uses, establishes data privacy protocols, and outlines compliance requirements.
Audience: All employees who use AI tools in their work.
Tone: Professional, authoritative, and clear.
Format: A policy document with the following sections: Purpose, Scope, Permitted Uses, Prohibited Uses, Data Privacy Requirements, Compliance Protocols, Employee Responsibilities, Violations and Consequences, and Review Schedule.
Constraints: Do not include client-specific information, investment recommendations, or market forecasts.
Sample Output
Generated using: Claude Sonnet 4.5
INTERNAL AI USAGE POLICY
1. Purpose
This policy establishes guidelines for appropriate use of Artificial Intelligence (AI) tools within our financial advisory practice. We aim to leverage AI to enhance productivity and service quality while maintaining strict compliance with all regulatory requirements and protecting client confidentiality.
2. Scope
This policy applies to all employees who use AI tools for any business-related purpose.
3. Permitted Uses
You may use AI tools for:
4. Prohibited Uses
You must NEVER use AI tools for:
- Inputting client names, account numbers, Social Security numbers, or any personally identifiable information (PII)
- Processing client financial data, portfolio details, or investment positions
- Generating investment recommendations or financial advice without human review
- Creating client-facing communications that have not been reviewed by a licensed professional
5. Data Privacy Requirements
- Verify that any AI tool will not share, store, or use client data for model training before you use it
- Use hypothetical examples or anonymized data when testing AI capabilities
6. Compliance Protocols
- A registered representative must review and approve all AI-generated client communications
- Maintain records of how you use AI tools in client service and communications
7. Employee Responsibilities
- Verify the accuracy of all AI-generated content before you use it
- Report any suspected data breaches or policy violations immediately
- Complete required training on AI usage and data privacy
8. Review Schedule
We will review this policy annually or when significant changes occur in AI technology, regulatory requirements, or firm operations.
Refining the Response
This initial output is a great start, but you can further refine the draft with requests like:
- “Include specific examples of permitted and prohibited use cases”
- “Add a section on training requirements for employees”
- “Add in the latest regulations from the SEC in the following article [include link].”
- “Draft a section on incident reporting and escalation procedures.”
Other Tasks This Prompt Can Accomplish
With just a few modifications, this outline can help you create other important policy documents for your business, including:
- Social Media Usage Policy: Change the policy context to cover employee social media usage and FINRA’s guidance on digital communications.
- Remote Work Security Policy: Update the context to focus on cybersecurity for remote work environments, and modify sections to address VPN requirements, device security, etc.
- Client Communication Guidelines: Adjust the objective to create standards for all client communications (email, phone, text, video).
AI Prompt Best Practices
- Always include context, objective, and format in prompts. Open AI advises to be specific and provide context in your prompts for the best output.
- Use AI for drafting, not publishing. According to Microsoft Azure, AI should be used as a tool in the drafting stage, not as a replacement for human judgment.
- Refine the response with additional information if the initial output is lacking. The second or third follow up will often generate the best results, so MIT recommends refining your prompts.
- Test AI on internal, low-risk tasks first. Before you implement AI into complex client work, Google Cloud suggests trying it out on simpler tasks first.
- Never include personal client information in prompts. IBM reminds us that AI should never be used to handle confidential data, so use placeholder language in place of sensitive information.
A Model Prompt
Below is an example of a model prompt you might use, adjusting throughout as necessary to meet your specific needs.
Persona: Describe the role you want AI to play (e.g., productivity coach, client educator, communications assistant).
Context: Briefly describe the situation or background for the task.
Objective: State what you want the AI to achieve—summarize, educate, rephrase, outline, etc.
Audience: Define who the content is for (e.g., retirees, colleagues, prospective clients).
Tone: Specify the desired style or tone (e.g., empathetic, professional, clear, educational).
Format: Indicate the form of the output—short paragraph, email draft, bullet list, LinkedIn post, etc.
Constraints: List compliance or content limits (e.g., no investment advice, no client identifiers, no forecasts).
The Bottom Line
Creating an Internal AI Usage Policy doesn’t have to be overwhelming. Get started by using the prompt and tools above, and soon you will have a strong policy statement that outlines compliance requirements, protects client data, and sets clear boundaries for safe AI use in your practice.
