AI financial advice: when your app becomes an unregistered investment adviser
The line between a 'financial information tool' and an 'unregistered investment adviser' is narrow and the SEC has been actively enforcing it against AI-flavoured retail products. The Investment Advisers Act's three-part test (advice, securities, compensation) catches a lot of products founders didn't think were in scope. Here's the test, the Marketing Rule, the enforcement record, and the registration-vs.-disclaimer decision every operator has to make.
The three-part test
Section 202(a)(11) of the Investment Advisers Act of 1940 defines an 'investment adviser' as any person who, for compensation, engages in the business of advising others as to the value of securities or as to the advisability of investing in, purchasing, or selling securities. The SEC's published interpretation (Release IA-1092, 1987) reduced this to a practical three-part test.
- Advice — does the product provide recommendations about securities or financial planning?
- Securities — are the recommendations about stocks, bonds, mutual funds, ETFs, crypto-securities, options, or similar instruments?
- Compensation — does the operator receive compensation (subscription fees count; ad revenue counts; affiliate commissions count)?
If your product answers "yes" to all three, the default legal status is "investment adviser, registration required." The exceptions are narrow: publishers (the Lowe v. SEC line — bona fide newsletters with general circulation), pure educational content, and certain de minimis exemptions. Most AI 'advisor' or 'robo-advisor' products don't fit the exceptions.
The SEC Marketing Rule
Even before registration questions, the SEC Marketing Rule (Rule 206(4)-1, updated 2022, fully in effect 2024) governs how registered AND unregistered advisers can talk about their service. Several recent SEC actions cite Marketing Rule violations by AI-flavoured products as the operative violation.
- No guaranteed returns. "Risk-free", "guaranteed", "certain profit" are per-se misleading under the rule.
- No cherry-picked performance. If you show backtested or hypothetical returns, you must show the methodology and limitations prominently. "Beat the market with AI" claims without GIPS-compliant backing are the typical Marketing Rule trigger.
- No testimonials without disclosure of compensation and material conflicts.
- AI-specific scrutiny — the SEC's 2024 'AI-washing' enforcement sweep targeted multiple firms claiming AI capabilities they didn't have. Don't overstate the AI component.
In March 2024, the SEC settled with two registered investment advisers (Delphia and Global Predictions) for falsely claiming AI-powered investment processes. Combined penalties: $400K. The pattern matters for vibe-coded operators because the same theory — overclaiming AI capability — applies independently of whether the operator is registered. The SEC's view, articulated by Chair Gary Gensler in the relevant press release: AI claims are subject to the same anti-fraud requirements as any other marketing claim.
The enforcement record against AI advice products
- SEC v. Delphia (2024) — registered RIA, $225K Marketing Rule settlement for AI-capability overclaim
- SEC v. Global Predictions (2024) — registered RIA, $175K Marketing Rule settlement for similar overclaim
- FINRA actions against retail crypto-recommendation tools (multiple, 2024-2025) — typically for failure to register, performance claim violations, or both
- State securities regulators — NASAA (the state-regulator association) issued a 2024 alert specifically targeting 'AI investment advice' products, which presages coordinated state enforcement
Language that triggers SEC / FINRA scrutiny
The patterns below appear in nearly every enforcement action against software-mediated investment products. If your product copy includes these phrases, you're operating well above baseline regulatory risk.
- "Based on your goals/situation/portfolio, you should…" — personalisation is the operative test for being an adviser
- "Guaranteed returns" / "risk-free" / "can't lose" — per-se Marketing Rule violations
- "Beat the market" / "alpha" / "outperform the S&P" without GIPS-compliant backing — Marketing Rule
- "AI-powered investing" / "proprietary AI model" without disclosed methodology — AI-washing risk
- "Insider tips" / "sure thing picks" — appears in nearly every SEC fraud action against retail products
The registration vs. disclaimer fork
Every AI-financial product eventually faces the same decision: register as an investment adviser, or restructure to avoid registration. There's no third path that scales.
Path A — register
SEC registration if AUM > $100M, state registration (one or many) below that threshold. Form ADV filing, fiduciary duty obligations, recordkeeping (Books and Records Rule), compliance officer requirement, custody rule, advertising rule, code of ethics, business continuity plan. Initial filing + first-year compliance setup typically $25K–$75K for an SMB; ongoing compliance $15K–$50K/year. Once registered, you can give personalised advice freely.
Path B — restructure to avoid registration
Reframe outputs as educational analysis rather than recommendations. Add 'not investment advice' disclaimers. Avoid personalisation language. Use 'considerations' and 'characteristics to look at' instead of 'buy / sell'. Add explicit 'we are not a registered investment adviser' disclosure. This is the Morningstar / Seeking Alpha / Motley Fool model.
Founders sometimes try to thread the needle by claiming "we provide AI-powered insights, not advice" while shipping product copy that clearly recommends. This works until the first complaint reaches the SEC or a state regulator, at which point the entire product gets re-read against the three-part test. Pick a path early and align the product copy to it.
The educational-only floor
If you go the disclaimer route (Path B), the floor that has worked for the established players is:
- Persistent disclaimer in footer: "This service is for informational and educational purposes only. It is not investment advice, not a recommendation to buy or sell any security, and not personalised to your situation."
- Per-output disclaimer: "Educational analysis. Not investment advice." Above every model output that mentions a security.
- Registration-status disclosure: "We are not a registered investment adviser or broker-dealer."
- No personalisation language. Replace "you should" with "products with these characteristics include".
- Past-performance disclaimer wherever historical returns appear: "Past performance does not predict future results."
What to do this week
- Apply the three-part test honestly. If you answer 'yes' to all three, decide registration vs. restructure now — the cost of doing it later is materially higher.
- Audit every output for personalisation language ('based on your', 'you should', 'we recommend'). Replace with educational framing OR commit to registering.
- Audit every marketing claim for AI-washing exposure. Don't claim AI capabilities you can't substantiate.
- Add the registration-status statement to your footer. Either claim registration (with Form ADV link) or explicitly disclaim it.
- Re-scan after each change. Comply Code's financial rule pack flags personalisation language, guaranteed-return phrases, missing disclaimers, and missing registration-status disclosure.
Common questions.
What if I'm just providing market data and analysis?
Pure data and pure educational analysis (without security-specific recommendations) generally falls into the publisher exemption from the Lowe v. SEC line. The exemption is real but narrower than founders assume: bona fide, general-circulation, not personalised, not coercive in tone. As soon as the analysis becomes user-specific or recommendation-oriented, you've left the exemption.
Does this apply to crypto?
Yes, increasingly. The SEC's position is that most tokens are securities under the Howey test, and recent enforcement (against Coinbase, Binance, others) tests this position in court. For a vibe-coded operator, the prudent default is to treat 'AI crypto trading advice' as squarely within Investment Advisers Act scope. State money-transmitter licensing also potentially applies if you touch user funds at all.
I just have an AI chatbot that answers questions about ETFs — am I in scope?
Depends on whether it makes recommendations. 'What's the expense ratio on VTI' is education and is fine. 'Should I buy VTI given that I'm 35 and have $50K in cash' is personalised advice and is in scope. The line is the personalisation — disclaim it explicitly and design the prompt to refuse it.
What's the worst-case scenario?
An SEC investigation that finds you operated as an unregistered adviser. The administrative remedies include disgorgement (returning fees collected), civil penalties (typically $25K–$500K+ depending on size and harm), an order to cease and desist, and a public administrative record that becomes a permanent search-result. State actions add similar penalties. If investor losses are tied to your advice, private civil suits become possible too.
Does Comply Code's scanner detect financial-licensing risk?
Yes — when our classifier detects financial-vertical signals, it runs a rule pack flagging personalised-recommendation language, guaranteed-return phrases, AI-washing risk, missing 'not investment advice' disclaimers, and missing registration-status disclosure. Findings appear under 'professional licensing' in the report.
Related reading.
Sources
- Investment Advisers Act of 1940 §202(a)(11)
- SEC Release IA-1092 — applicability of the Advisers Act
- SEC Marketing Rule (Rule 206(4)-1)
- SEC v. Delphia + Global Predictions (AI-washing, 2024)
- Lowe v. SEC (publisher exemption)
- NASAA — 2024 alert on AI investment products
- FINRA Rule 2210 — Communications with the Public