Compliance, MNPI & Validating AI Output

The downside of AI as an equity analyst is real and career-ending. An analyst publishing a research note that quotes a number AI invented can lose a CFA designation, a Series 7, and a job. A buy-side analyst who uploads an internal earnings model to a consumer ChatGPT account has created an MNPI event. A sell-side desk that lets AI quietly soften a rating's disclosure language is in breach of research-independence rules. This lesson is the compliance and validation playbook — the one that keeps your career and your firm's license safe.

New to AI in a finance context? This is an advanced, equity-specific lesson. If the general foundations — what AI is good and bad at, how to prompt it, which plans are safe — are unfamiliar, start with the prerequisite course AI for Finance Professionals and come back. This lesson assumes the basics and focuses on the equity-research-specific traps.

What You'll Learn

• Where AI silently fails on financial data — and how to catch hallucinated numbers
• The compliance traps that specifically catch equity research analysts: MNPI, Reg FD, research independence, and disclosure
• The validation routine that catches AI errors before they reach a client
• Which AI tools are enterprise-safe and which are not
• How to document AI use so your firm's audit trail is clean

Where AI Silently Fails on Financial Data

Before the compliance rules, internalize why the rules exist: AI fails on financial data in ways that look correct. These four failure modes are the source of nearly every preventable AI compliance event.

1. Arithmetic in plain chat is unreliable. When ChatGPT or Claude does math inside a chat reply without a code tool, it is predicting the next token, not computing. It gets small numbers right and large multi-step calculations — compound growth, IRR, a DCF roll-up — wrong with shocking confidence. The fix: force the AI into code mode (Advanced Data Analysis in ChatGPT, the analysis tool in Claude) for anything beyond simple addition, or compute in Excel and have the AI only interpret the result. (On the Excel side, AI-Powered Excel Formulas covers the formula and model-building mechanics in depth.)

2. Hallucinated filing details. Ask for a specific number from a 10-K the model has not been given and it will invent a plausible one. Even when you upload the filing, it sometimes pulls from training data instead of the document. The fix: always say "quote the exact passage" or "cite the page" — if it cannot, it should admit the number is unknown rather than fabricate it.

3. Stale data on prices, multiples, and macro. Even AI tools with web search are not real-time. A current Treasury yield, today's earnings reaction, or a live trading multiple may be off by hours or days. The fix: pull prices and multiples from Bloomberg, FactSet, Capital IQ, or Refinitiv — use AI only to discuss the implications, never to source a published number.

4. Subtle valuation logic errors. AI remembers the shape of a DCF but slips on mid-year convention, terminal-value formula choice, tax-shield treatment, or minority-interest deductions. These errors are invisible unless you understand the model. The fix: never accept an AI-built valuation without rebuilding it yourself — use AI to brainstorm assumptions, not to produce the final answer.

The discipline that separates analysts who use AI well from those who get burned: every output is a draft until verified. Anything you would not stake your reputation on if AI did not exist, you should not stake your reputation on because AI helped you produce it.

The Compliance Traps for Equity Analysts

Trap 1: MNPI in consumer AI accounts.

Material non-public information is anything that, if known to the public, would materially affect a stock's price. For an equity analyst the live examples are everywhere: an internal earnings model, a draft rating change before publication, a number a management contact let slip, the substance of a private channel-check call, an unannounced M&A discussion. Pasting any of these into a personal ChatGPT, Claude, or Gemini account is a compliance violation in every jurisdiction — and if you are sitting on genuine MNPI you should not be trading or publishing on the name at all, with or without AI.

The fix: never use a consumer AI account for any material non-public data. Use only enterprise AI tools your firm has explicitly approved, and escalate to compliance the moment you suspect you hold MNPI.

Trap 2: Reg FD and selective disclosure.

Regulation Fair Disclosure (Reg FD) prohibits issuers from selectively disclosing material information, and a careless analyst can drag a management team into a violation. If you use AI to draft questions for a management meeting or an expert call, the risk is that a question is engineered to extract guidance the company has not made public — which puts both sides at risk. This is the equity-research-specific edge of the MNPI problem: the line between aggressive diligence and soliciting selective disclosure.

The fix: when AI generates meeting or channel-check questions, always run the "flag any question that could be perceived as seeking MNPI or soliciting selective disclosure" instruction, and reframe anything it flags. Diligence around the public information, never for the non-public number.

Trap 3: Research independence and the rating.

Sell-side rules (FINRA Rule 2241, the global research settlement legacy, MiFID II in Europe) require that the published rating and price target reflect the analyst's genuine, independent view — not banking pressure, not the issuer's preference, and not an AI's default tone. An AI that quietly nudges a draft toward a more favorable framing, or that authors the rating rationale itself, undermines the documented independence of the call.

The fix: AI drafts language and analysis; the rating, price target, and the variant view behind them are yours and must be defensible as your independent judgment. Never let the model author the conclusion.

Trap 4: Unverified output published.

You ask AI for a number. You drop it in a note. You publish. The number is wrong. Your name is on it. A client traded on it. This is the most common AI compliance event and it is entirely preventable.

The fix: every quantitative claim in a published analyst document must trace back to a primary source — a filing, a market data terminal, or your own model. AI is not a primary source. Ever.

Trap 5: Disclosure and compliance-language drift.

Sell-side research carries hard language and disclosure requirements: prohibited words like "guaranteed" or "certain," required risk and methodology disclosures in specific positions, conflict-of-interest and ownership disclosures, and forward-looking-statement hedging. AI does not know your firm's compliance manual and will sometimes produce language that violates it.

The fix: run every AI-drafted note through the compliance-check prompt below before publication, and never bypass your firm's standard human compliance review.

The Validation Routine

Use this checklist before publishing any document with AI-generated content. It takes about 10 minutes for a typical research note.

1. Source check on every number.

Open the document. Highlight every quantitative claim — revenue, growth rate, margin, multiple, market size, customer count. For each, ask yourself: do I know exactly where this number came from? If it came from AI without an underlying source, look it up and verify.

2. Citation check on every external claim.

For any claim that references an external source ("Gartner estimates..." or "Bloomberg reports..."), verify that the cited source actually says what you claim it says. AI hallucinates citations more often than it hallucinates numbers.

3. Math reconciliation.

Re-derive the key conclusions. If the report says revenue grew 22%, take Q4 revenue and Q4 prior-year revenue, divide, and confirm. If the report cites a 14% IRR, plug the cash flows into Excel and recompute.

4. Sensitivity sanity check.

Change one assumption by 10%. Does the conclusion change in a way you expected? If the conclusion flips on a tiny change, something is structurally wrong with the analysis.

5. Re-read in plain English.

Print or paste the report and read it without the surrounding context. Does it tell a coherent story? Does the thesis match the data? Are there sentences that sound impressive but say nothing? AI drafts have this failure mode often — they sound polished but make no specific claim.

The Compliance-Check Prompt

Before sending any draft research piece to your firm's compliance team, run this prompt against the draft:

Review the attached draft research note for [COMPANY] for compliance
risks under standard sell-side conventions. Check for:

1. Prohibited language: "guaranteed," "will" without qualification,
   "certain," "no risk," "promise"
2. Forward-looking statements not properly hedged with "we expect,"
   "we estimate," "we believe"
3. Specific recommendations made without supporting analysis
4. Comparisons to other names that could be construed as a separate
   recommendation
5. Forecast numbers without methodology disclosure
6. Missing valuation methodology language
7. Missing or misplaced required disclosures (rating definition,
   risk disclosure, conflict/ownership disclosure)
8. Any phrasing that implies access to non-public information
9. Any claim that AI cannot verify against the provided context

For each issue: quote the offending sentence, explain the issue,
and suggest a compliant rewrite.

This catches 70-80% of the issues your firm's compliance team would catch, before they spend their time on it. Still send to human compliance — but the draft is cleaner.

Enterprise-Safe Tools

A simplified guide to which tools are typically considered enterprise-safe in 2026:

Generally enterprise-safe (with the right plan):

• ChatGPT Enterprise and ChatGPT Team — contractually no training on customer data
• Claude for Work / Teams / Enterprise — same protection
• Microsoft Copilot for Business — runs inside your Microsoft 365 tenant
• Gemini for Google Workspace Enterprise — same tenant boundary
• Bloomberg GPT inside the Terminal — vendor-managed enterprise environment
• FactSet AI, AlphaSense, and similar finance-specific tools — built for compliance

Not enterprise-safe by default:

• Free or consumer ChatGPT (with default settings)
• Free or consumer Claude
• Free or consumer Gemini
• Perplexity Free
• Any unbranded AI tool on a generic website

The right plan matters even within enterprise. Confirm with your firm's IT and compliance team that the plan you use has the correct data protection clauses.

Documenting AI Use

Some firms now require an AI usage log alongside published research. A simple log format:

Document: [Report title]
Date: [Publication date]
Analyst: [Your name]

AI tools used:
- [Tool name and version, e.g. Claude 4.5 for Work]

What AI was used for:
- [e.g. drafting the industry overview, summarizing the earnings call,
  generating comp table commentary]

What was verified:
- [e.g. all numbers cross-checked against company filings; citations
  verified against original sources; valuation math redone in Excel]

What AI did not produce:
- [e.g. the investment thesis, the rating, the price target — these
  are my own analysis]

Even if your firm does not require it yet, keeping this log as a personal habit protects you in any future audit.

Common AI Mistakes and How to Catch Them

Mistake 1: Hallucinated competitor name.

AI invents a company that does not exist. Catch: spot-check by ticker on Bloomberg or company website.

Mistake 2: Wrong filing number.

AI quotes a revenue figure from "the latest 10-K" but the number is from training data, not the file you uploaded. Catch: always ask for the page or section reference.

Mistake 3: Mixed-up fiscal years.

Many companies have non-calendar fiscal years. AI sometimes treats FY24 and CY24 as the same. Catch: explicitly state the fiscal year convention in your prompt and verify in the output.

Mistake 4: Stale macro data.

AI confidently cites a 4.5% 10-year Treasury yield when the current yield is something else. Catch: pull macro data only from Bloomberg, your terminal, or a real-time source.

Mistake 5: Statistical artifacts.

AI computes a CAGR over a period that includes an outlier and reports it as a trend. Catch: visualize the series before quoting trend lines.

Key Takeaways

• AI fails silently on financial data — chat arithmetic, hallucinated filing numbers, stale prices, and subtle valuation logic — so treat every output as a draft until verified
• The equity-research compliance traps are MNPI, Reg FD / selective disclosure, research independence, unverified output, and disclosure-language drift
• Run the 5-step validation routine on every document — source, citation, math, sensitivity, plain-English read
• Use the compliance-check prompt before sending to your firm's compliance team — and never bypass human review
• Only use enterprise-grade AI plans with explicit no-training contractual protection; keep an AI usage log for the audit trail
• The fundamental rule: AI is your draft, your name and your independent rating are on the final