Why financial services has the most precise customer data rules in the world — and why AI agents are structurally incapable of following them without help.
Financial services is the most heavily regulated data environment in the United States. Banks, broker-dealers, investment advisers, and fintechs operate under overlapping frameworks that have spent decades defining exactly what customer data is, who it belongs to, and what obligations attach to it.
Financial services is also one of the fastest-moving AI adopters in the enterprise. Copilot across wealth management teams. AI agents in customer service workflows. Retrieval systems assembling investment summaries from account data. GenAI drafting client communications.
The combination creates a compliance problem most security programs have not yet articulated. The regulatory frameworks know precisely what a customer relationship is. The AI agents operating inside those relationships do not.
What the Regulations Actually Say
GLBA, Regulation S-P, and FINRA rules share a structural characteristic that is easy to overlook: they attach obligations not to data types, but to relationships.
Under GLBA, a customer is a consumer with whom the institution has a continuing relationship, one under which it provides financial products or services for personal, family, or household purposes. The Privacy Rule requires privacy notices at or before the time that relationship is established. The Safeguards Rule requires protection of customer information against unauthorized access and misuse. The obligation is relational — it attaches to a specific person and a specific ongoing engagement.
Regulation S-P, which governs broker-dealers, investment companies, investment advisers, and transfer agents, follows the same logic. Its May 2024 amendments, requiring compliance from large institutions by December 2025, explicitly extended protection to unauthorized use of customer information — not just unauthorized access. A system that accesses customer information legitimately, then uses it in a context where it should not appear, is squarely within Reg S-P’s scope.
FINRA reinforces this across the securities industry. Its 2026 Annual Regulatory Oversight Report, released December 2025, identified generative AI as an emerging risk and noted that autonomous AI agents may require novel oversight, including tracking actions and restricting system access.
Three frameworks. Three regulatory bodies. One shared assumption: the institution understands whose data it holds, what relationship surrounds it, and whether any given use is appropriate for that specific customer in that specific context.
What AI Agents Actually Do
When a wealth management firm deploys Copilot or a custom AI agent across advisory workflows, the agent inherits access — to account summaries, transaction histories, portfolio positions, correspondence archives, and planning documents. In many implementations, it reaches all of this for all clients simultaneously, subject only to the permissions of the user invoking it.
The agent does not understand the customer relationship. It does not know that combining details from two clients’ accounts in a single response crosses a boundary GLBA and Reg S-P were designed to protect. It does not know that surfacing one client’s position information in the context of another client’s inquiry is a potential unauthorized use under Reg S-P’s 2024 amendments. It does not know that the NPI it assembled into a client summary was obtained through a relationship with one customer and should not inform reasoning about another.
These are not edge cases. They are the normal operating behavior of AI agents given broad retrieval access and no framework for reasoning about the relational obligations that attach to the data they retrieve.
In financial services, the judgment AI agents are missing has a regulatory name. It is called the customer relationship. Every major framework governing financial data presumes it will be present in every data handling decision the institution makes.
The Specific Failure Mode
The failure mode in financial services AI deployments is not the classic data breach — unauthorized external access to customer files. That is a well-understood risk with well-understood controls.
The emerging failure mode is subtler. It is the authorized agent, operating within legitimate access boundaries, making decisions about customer data that violate the relational obligations the regulatory framework was designed to enforce.
A Copilot summarizing client communications may surface details from one relationship in materials prepared for a different one. An AI agent on a support inquiry may retrieve and combine NPI from multiple accounts when a single account was the only appropriate scope. None of these events involve a breach. None would trigger an alert in a conventional DLP or SIEM deployment. All may represent compliance failures under GLBA’s Safeguards Rule, Reg S-P’s 2024 unauthorized use provisions, or FINRA’s customer information protection requirements.
Why This Is an Architecture Problem, Not a Policy Problem
The relational obligation in GLBA, Reg S-P, and FINRA rules was never primarily about policy. It was operationalized through human judgment. The relationship manager who knew which client was which. The compliance officer who reviewed outbound communications for cross-client contamination. The advisor who understood that this information belonged to this client and should not appear in that context.
When AI agents replace or supplement those humans, that judgment disappears. The policy remains. The agent has no mechanism for following it because it has no understanding of the customer relationship that makes the obligation meaningful.
The enforcement has to live inside the AI reasoning workflow, at the moment data is retrieved and assembled — where the compliance decision is actually being made. Entity-aware, relationship-aware judgment at the data boundary is what the regulatory framework has always required. Access controls alone have never been sufficient. AI agents make that gap impossible to ignore.
The Deadline That Already Passed
For large broker-dealers, investment advisers, and investment companies, the Reg S-P 2024 amendment compliance deadline was December 3, 2025. For smaller entities, it is June 3, 2026. These are current obligations — not future requirements — applying to AI systems already operating across customer data every day.
The regulatory frameworks governing financial services customer data were built on a structural assumption about human judgment. AI adoption has not changed those frameworks. It has removed the mechanism through which they were operationally enforced.
The regulations know what a customer relationship is. The AI agents operating inside those relationships do not. That gap is not a policy gap. It is an enforcement gap — and it is already open.