5 AI Workflows for Investment Management Operations and Oversight

What the SEC is starting to ask about, and how to be ready

In November, the SEC's Division of Examinations published its 2026 priorities. AI made the list for the first time. The Division said it will examine how investment advisers use AI in back-office operations, anti-money-laundering checks, and fraud detection. It will look at whether what firms say their AI does actually matches what it does. And it will ask to see the records.

That last part is where most firms have a problem.

In March 2024, the SEC charged two registered investment advisers, Delphia and Global Predictions, for making false and misleading statements about their use of AI. The combined fine was $400,000. It was the industry’s first enforcement action involving misleading claims about the use or capabilities of AI, often referred to as “AI-washing.” The SEC then renamed its Crypto Assets and Cyber Unit to the Cyber and Emerging Technologies Unit in early 2025. AI fraud is now part of its enforcement mandate.

Most investment managers are already adopting AI in some capacity. They use it to draft investor letters, summarize research, and fill out due diligence questionnaires. Very few firms, however, have formally documented how those systems are governed or controlled.

That gap is the risk.

The five workflows below reflect how we apply AI inside investment management operations. Each one is structured the way an auditor would want it built: a clear record of every input, every output, and every human decision in between. The SEC's question isn't whether you use AI. The question is whether you can produce the logs.

1. Deck Automation

The first place AI saves real time in an investment management firm isn't trading. It's the deck production cycle.

Many investment management firms spend three to five days every quarter rebuilding investor materials from scratch, using the same underlying data for different audiences. Quarterly investor letters, prospect pitch decks, fund tear sheets, and board reporting all require separate versions of the same story. By the time the process is finished, the team is already behind on the next cycle.

The pattern we apply reads directly from a firm's source files, including the performance tracker, position files, and commentary documents, and automatically generates multiple versions of investor materials from them. Different views of the same data, but the information stays consistent across every output. One engine powers the entire process.

A deck refresh that used to take several days can now happen a single morning. Instead of rebuilding slides by hand, team members can return their focus to investment work.

The compliance component is what makes this process exam-ready: every number on every slide ties back to a source cell in the firm's own data environment. If a regulator or an auditor asks where a figure came from, the answer is one click away.

2. Middle-Office Trade Confirmation

When a hedge fund executes a derivative trade, the counterparty sends a confirmation document containing the terms of the transaction. Someone at the fund has to reconcile that document against the firm's internal records. Across counterparties and asset types, there can be dozens of these reviews every day, and the process is both repetitive and prone to costly errors.

Today, most of that work is still handled manually by middle-office staff, with the audit trail scattered across spreadsheets, PDFs, and email chains.

AI changes both the speed of the process and the quality of the controls around it. The approach we apply turns confirmation review into an exception-based workflow. Instead of checking every field manually, the system identifies discrepancies automatically and routes them to the right person with the context needed to resolve them quickly.

What makes the process exam-ready is the auditability behind it. Every match, every flag, and every human decision is logged with a time stamp. Six months later, if the SEC asks how a specific discrepancy was resolved, the firm can pull the record.

3. AI-Assisted Policy Lookups

Every investment management firm has a compliance manual. Many run well over two hundred pages. In practice, they are usually referenced by a single person, the Chief Compliance Officer (CCO), and typically only when a specific policy or procedure needs to be located.

But the questions that arise most often do not come from the CCO. They come from the trading desk, operations, or investor relations: “Can I do this?” “What’s our policy on personal trading?” Today, those answers typically require interrupting the compliance team or relying on incomplete assumptions.

AI changes that dynamic. Instead of sitting unused in a PDF, the firm’s own compliance manual becomes immediately accessible across the organization, with responses grounded in the firm’s actual policies rather than a generic chatbot’s interpretation.

The exam-ready angle: the firm's own policy is the only source of truth. AI doesn't add to it, it simply makes existing policies searchable, accessible, and easier to apply consistently across the organization. 

4. Document Analysis with Sources

The compliance manual tool is one example of a broader pattern.

Any time an investment management firm has a large set of documents and needs reliable answers from them, the same challenge applies. A due diligence data room for a prospective investment. A folder of investor letters. A counterparty's offering documents. The information exists, but finding the exact answer quickly, is difficult.

Most "chat with your documents" tools solve this by summarizing what you give them. The problem with that is you can't check the summary against the source without rereading the whole document. In practice, you end up trusting the AI's confidence level, rather than the source itself.

The approach we apply works differently. Every answer must point back to the underlying source material. The system returns not only the answer, but the specific document and paragraph it came from. If an analyst, compliance officer, auditor, or regulator wants to verify the result, they can do it in a single click.

This is the same principle Deloitte recently identified as the response to “black box” AI in regulated industries: if a decision matters, it must be explainable.

That is what makes the process exam-ready. The AI does not summarize without evidence. It cites.

5. DDQ Response Drafting 

Due diligence questionnaires (DDQs) are an operational reality of investment management. An institutional investor sends one. The firm's Chief Operating Officer (COO), Chief Financial Officer (CFO), and CCO each spend time answering it. Then another investor sends a different questionnaire with many of the same underlying questions, phrased slightly differently. The cycle repeats throughout the year.

Most firms end up answering the same core questions ten or twenty times a year. What changes is usually the wording of the question, not the substance of the response.

AI-assisted DDQ drafting changes the process. The firm's prior approved responses become a searchable source library. When a new questionnaire arrives, the system matches each question against prior responses and generates a draft answer, along with a citation showing which previous DDQ the language came from. A compliance or operations reviewer can then adjust the response for context and approve it before anything is sent externally.

The time savings are meaningful, but the larger benefit is consistency. Every representation the firm has made to investors becomes searchable and traceable. Contradictions, outdated language, and response drift can be identified during drafting rather than after materials have already gone out to investors.

What makes the process exam-ready is the control framework behind it. The firm maintains a clear record of what was sent, when it was sent, which prior responses informed the draft, and who reviewed and approved the final language. Over time, that creates a single, auditable source of truth for the firm’s investor communications.

Where the industry is heading 

A KPMG AI Pulse survey published in Q1 2026 found that 63% of organizations now require human validation before AI-generated output can be used externally. A year ago, that number was just 22%. In twelve months, it nearly tripled. That shift says a great deal about where the industry is heading.

The firms that get this right won't be the ones using the most AI. They'll be the ones who can show the records. Every prompt, every output, every human decision, in order, with time stamps.

The SEC's question for 2026 isn't whether your firm uses AI. The question is whether you can hand over the logs.

Stable Rock builds AI for investment managers the way an auditor would expect it to be built: with transparency, controls, and a complete audit trail from day one.

About the author

Diego Bravo joined Stable Rock with more than a decade of experience at the intersection of finance, technology, and data-driven operations, including roles at American Express and private equity-backed Thrasio. He leads Stable Rock’s AI & Automation Services practice. Reach Diego at dbravo@stablerock.com.