The rapid adoption of artificial intelligence tools across the financial services and fiduciary sectors presents significant opportunities, but it also introduces legal and regulatory risks that fiduciaries — whether individual trustees, corporate fiduciaries, banks, trust companies, or investment advisers — must carefully evaluate. As the SEC's Investor Advisory Committee has emphasized, compliance with an ethical framework for the use of AI is consistent with the fiduciary duties of advisers, including their affirmative duties of care, loyalty, honesty, and utmost good faith. We highlight four critical areas of risk at the intersection of AI and fiduciary responsibility.

On April 7, 2026, the Financial Crimes Enforcement Network (FinCEN) published a notice of proposed rulemaking (NPRM) to reform anti-money laundering/Bank Secrecy Act (AML/BSA) compliance requirements, superseding an earlier July 2024 NPRM. On April 8, 2026, FinCEN and the Office of Foreign Assets Control (OFAC) jointly published a separate NPRM implementing the framework set forth by the Guiding and Establishing National Innovation for U.S. Stablecoins Act (the GENIUS Act) for permitted payment stablecoin issuers (PPSIs). Both proposals shift AML/countering the financing of terrorism (AML/CFT) policy toward effectiveness-driven, risk-based programs. Every covered institution faces the same substantive obligations, but the enforcement framework differs by charter type.

Businesses increasingly rely on website-derived data to drive analytics, personalization, and product development. That same data, together with insights, models, and other intellectual property generated from it, must be collected and protected under a coherent legal framework.

Real estate transactions are increasingly targeted by cybercriminals due to the large sums of money involved, strict closing timelines, and the multiple parties exchanging sensitive information—often electronically and under time pressure. While buyers, realtors, and title companies each face their own unique cybersecurity risks, one of the most effective ways to reduce those risks is through early and ongoing communication among all parties involved.

In today’s digital landscape, cybersecurity and data privacy must be part of the core strategy—not an afterthought. These are not just “big company” concerns. Cybersecurity threats and compliance requirements impact every player in the renewable space, regardless of size or budget.