What RIAs Should Know From the 2026 Compliance Week Conference

I recently attended the 2026 Compliance Week National Conference on behalf of Key Bridge Compliance. The event brought together compliance professionals, regulators, legal teams, risk managers, and technology leaders from across industries to discuss the forces reshaping governance and regulatory strategy.

 Several of the conference’s central themes have direct relevance for the RIAs we serve, particularly as firms navigate the growing tension between operational efficiency, technology adoption, and increasingly complex governance expectations.

Regulators Are Shifting Their Tone, but Not Their Expectations

One of the themes that stood out to me was a noticeable shift in how regulators are approaching enforcement. Conversations reflected a move toward greater collaboration, with more emphasis on remediation, governance maturity, and timely self-reporting rather than purely punitive action.

The past several years saw a wave of enforcement activity around books and records violations and the use of alternative communications.  Much of that behavior became widespread during the COVID era, when firms adapted to changing communication norms and remote work environments faster than supervisory structures could realistically evolve alongside them.  There now appears to be growing recognition that firms demonstrating strong governance, practical remediation efforts, and a willingness to self-correct may be viewed differently than firms operating without defensible supervisory structures altogether.

None of this means the bar is getting lower. Firms are still expected to maintain defensible supervisory systems, proper books and records, vendor oversight, and governance frameworks that can keep pace with emerging technologies. Building sound compliance infrastructure now puts your firm in a stronger position regardless of where regulatory tone lands in any given cycle.

AI Governance Is No Longer Optional

AI governance dominated the conference, and for good reason. The conversation has clearly moved beyond whether firms will adopt AI and toward whether governance structures are evolving quickly enough to support responsible use.

Most organizations are already using AI in some capacity. The larger issue is governance maturity. In many cases, firms understand tactical AI usage reasonably well, but are still developing the supervisory frameworks needed to address accountability, validation, operational risk, records retention, escalation, and vendor oversight.

One of the more practical themes repeated throughout the conference was that firms may benefit from approaching AI first as an operational risk issue rather than a standalone technology issue. Before developing expansive AI policies, organizations should start with more foundational questions:

• What is the actual use case?
• What data is being used?
• What decisions are being influenced?
• Where does validation occur?
• And ultimately, where does accountability still sit once AI enters the workflow?

Another important distinction raised repeatedly was the difference between approving an AI tool and approving a specific AI use case. Those are two very different governance decisions. A tool may be technically permissible from an IT or security perspective while still creating regulatory, disclosure, supervision, or books-and-records concerns depending on how employees actually use it in practice.

For RIAs, the implications are significant. Whether firms are using AI for portfolio analysis, client communications, marketing reviews, operational testing, or internal workflows, regulators still expect the same level of oversight, documentation, supervision, and accountability that applies to every other part of the business.

Human Oversight Still Matters

As discussions around AI adoption became more practical, attention increasingly shifted toward where firms should maintain human oversight, validation, and accountability within AI-enabled workflows. As these tools become more capable, the question isn’t whether technology will play a larger role in operations. It’s where the validation checkpoints and accountability need to sit.

 I think the better way to frame it is less as pure automation and more as orchestration — or what I kept thinking of throughout the conference as “AI-mation.” The near-term reality for most firms is not autonomous AI replacing professionals, but structured workflows where technology handles repetitive or multi-step processes while humans remain responsible for oversight, contextual judgment, escalation, and validation.

Preserving critical thinking, skepticism, and contextual reasoning is not just a soft-skill exercise. Increasingly, those capabilities may become some of the most important control functions within AI-enabled organizations.

Speakers also raised the risk of deskilling as organizations lean more heavily on AI. Preserving critical thinking, skepticism, and contextual reasoning isn’t a soft skill exercise. It’s a control function that becomes more important as adoption accelerates.

Vendor Claims Deserve Scrutiny

The conference reinforced a theme we discuss with our clients regularly: not every AI-powered product lives up to its marketing. Speakers cautioned firms to evaluate vendor claims carefully, especially around compliance capability, data handling, and transparency into how AI models make decisions. The current market is moving fast, and there is a meaningful difference between tools that deliver genuinely scalable solutions and  products benefiting from broader AI hype cycles rather than delivering genuinely scalable governance solutions.

Firms should be asking hard questions about data ownership, records retention, auditability, and what happens when something goes wrong. Particularly for RIAs, governance around vendor oversight, auditability, books and records retention, and data ownership cannot become secondary considerations simply because a tool is marketed as innovative.

The Bottom Line

Walking away from this conference, the overarching message was clear: the compliance environment is growing more complex.  The firms most likely to navigate this environment successfully are probably not the ones adopting technology the fastest, but the ones building governance structures capable of evolving alongside it. At Key Bridge Compliance, that is exactly what we help RIAs do. We translate regulatory complexity into clear, actionable compliance programs so you can focus on running your business and serving your clients. If your firm needs help building an AI governance framework, strengthening supervisory processes, or staying ahead of what’s changing in the industry, schedule a consultation to talk with our team.