The AI governance gap: adoption is racing ahead of supervision
63% of RIAs now use AI, but only about one in ten have integrated it at the firm level. That gap between bottom-up adoption and top-down supervision is the defining governance story of 2026 — and the one regulators are built to find.
The data: 63% of RIAs use AI, but only about one in ten AI users have integrated it at the firm level. (Charles Schwab) Adoption is bottom-up and broad; supervision is top-down and absent. That spread is the defining governance story of the year — and FINRA Rule 3110 is the rule built to find it.
This piece reads the gap as a market signal: where adoption outruns supervision, examiners have a target, and vendors have an opening.
Quantifying the gap
Put the adoption and integration numbers side by side and the exposure is obvious:
| Signal | Figure |
|---|---|
| RIAs using AI in some capacity | 63% |
| AI users who have fully integrated AI into firm strategy | ~1 in 10 |
| Most common deployment pattern | Individual experimentation, not firm-wide systems |
| Advisors expecting AI to be transformative within 3 years | 68% |
The distance between "63% use it" and "10% have integrated it" is the governance gap. It exists because AI entered firms the way consumer software always does — an individual starts using it before anyone writes a procedure. Rule 3110 is indifferent to how the tool arrived; it asks whether the firm supervises the activity.
When 63% of firms use a technology that 10% of them supervise, the other 53% are running an unsupervised business activity.
What Rule 3110 actually requires
FINRA Rule 3110 (Supervision) has two core obligations:
- Written procedures describing the supervisory system and how each obligation is met.
- Active supervision — not just written policies, but real oversight that the procedures work.
The rule applies to "all business activities." FINRA has consistently treated new technology as creating new supervisory obligations, not exemptions — and its annual regulatory oversight reporting has repeatedly flagged generative AI as an area where firms need documented oversight of what tools registered persons use and how their output is controlled.
Why the regulator is structurally advantaged here
Examiners don't need to prove an AI tool produced a bad outcome. Under 3110 they only need to ask: which AI tools do your registered persons use, and where are the procedures that supervise them? For 53% of the market — adopters without integration — the honest answer is "we don't have those procedures yet." That's the finding.
What closing the gap looks like
The firms in the ~10% that have integrated AI aren't doing anything exotic. They've translated three things into written procedure:
- Inventory — a maintained list of which AI tools are in use, by whom, for what.
- Verification — a documented control that AI output is checked before it reaches clients or informs a recommendation.
- Recordkeeping — AI queries and outputs retained as records, not left in personal accounts.
The market implication is that the supervision layer — the procedures, logging, and verification controls — is where the next phase of advisor-AI value accrues, because it's the part the adoption wave skipped.
Where AdvisorIQ fits the data
AdvisorIQ is designed to make a firm land in the integrated 10% rather than the unsupervised 53%. Because it runs research against cited sources and logs every query automatically (what was asked, what was retrieved, what was answered, timestamped), the inventory and recordkeeping pieces of a 3110 procedure are produced by the system, and the verification step has source citations to check against. The tool gives a small firm the supervisory artifacts that adoption-by-experimentation otherwise leaves missing.
Related
- The state of AI adoption among independent RIAs in 2026
- Inside the 2025–26 exam cycle: what regulators are asking about AI
- Glossary: audit trail, suitability
Sources
- Charles Schwab — RIA AI Adoption More Than Doubles (Jan 2026)
- FINRA — Artificial Intelligence key topics hub
This article is general market commentary, not legal or compliance advice. Consult your compliance counsel before changing your supervisory procedures.
- How wide is the gap between AI adoption and AI governance?
- Schwab's 2026 research found 63% of RIAs use AI but only about one in ten AI users have fully integrated it into firm strategy. Adoption is broad and bottom-up; governance is narrow and lagging. FINRA Rule 3110 requires written supervisory procedures for all business activities, including AI use — so the gap is a supervision exposure, not just an operational one.
- Does FINRA Rule 3110 apply to AI tools?
- Yes. Rule 3110 requires member firms to maintain written supervisory procedures reasonably designed to achieve compliance across all business activities. FINRA has consistently held that new technology creates new supervisory obligations, not exemptions. If registered persons use AI for research, communications, or recommendations, the WSPs must address that use.
Keep reading
All blog →Inside the 2025–26 exam cycle: what regulators are asking about AI
The SEC made AI and emerging technology a named examination priority for 2025, and the Division of Examinations is publishing risk alerts that read like a roadmap. Here's what the exam-priority data signals — and how to read it as a firm.
The Marketing Rule meets AI content: what the latest risk alert reveals
The SEC's December 2025 Marketing Rule risk alert documents widespread non-compliance on testimonials, endorsements, and third-party ratings. As advisors start generating client-facing content with AI, that enforcement pattern is the map for what gets scrutinized.
Reg BI in the exam data: why AI raises the documentation bar
Reg BI and Form CRS are repeat top examination priorities, and enforcement is active. As AI starts informing recommendations, the documentation burden the rule already imposes only gets heavier. Here's what the exam data implies.