Red Oak Insights Webinar Q&A
AI that Answers to Compliance on February 10, 2026
Thank you for joining us on February 10 for Red Oak Insights | AI that Answers to Compliance. We appreciated the volume of questions we received. While we weren’t able to address every submission live, we’ve compiled a comprehensive Q&A that includes the questions answered during the webinar and those we were unable to cover due to time constraints.
For books and records retention, are both versions of AI reviewed notes needing to be retained? (AI version and enhanced transcripts/human corrected version).
Yes, you need to retain both versions.
For books and records retention, is it recommended to exclude PII from summaries?
No, we don’t recommend excluding it. If the PII already exists in the material that’s being reviewed, there’s no reason to exclude it from the summary.
Who owns AI outputs? Where is data coming from? Do we have to source this? (re: lawsuit concerns)
Who owns AI outputs depends on your firm’s policies and procedures. In some firms, compliance owns AI, but in some cases, IT owns AI tooling. The source/model of the AI response is stored inside of the request itself. That way we know the exact model and version of the AI that took any request and issued the response. Although all requests/responses to date are made to OpenAI GPT-4o on Azure, the model version will probably not change very often.
Is there an AI platform you would recommend that meets compliance-grade requirements?
At Red Oak, our philosophy is simple: Compliance should adopt AI, not surrender to it. Our Compliance-Grade AI™ is an architectural approach designed specifically for the rigor, transparency, and auditability that compliance demands. We discuss Red Oak’s approach to Compliance-Grade AI™ in depth in our recent White Paper–Building AI for Regulated Environments: Precision Over Prediction. Download it here.
Will the new Red Oak AI feature that can analyze pictures also be able to read/interpret charts and graphs?
AI Vision will not read/interpret charts and graphs in the initial launch. However, this capability is on the roadmap and is being worked on currently.
Is this a closed AI platform? If so, when there are regulatory updates to marketing rules, are you making them or is the user making them?
Yes, this is a Red Oak product closed AI platform, but the underlying models we use are absolute base publicly available models and the classifications and definitions which feed the prompts are completely configured by you (the client). Public base models are not updated regularly—typically only every 2-3 years. When regulatory updates happen, models are not reflecting that data. Red Oak’s AI policy right now is that we do not scour the public internet for additional context (like ChatGPT does) during AI reviews because these external sources have not been vetted or quality checked by the model vendors yet. Exactly like the existing processes, it is the responsibility of every client to use their current regulatory update notification mechanisms, read each regulation, and then decide if those regulatory updates apply to their existing classifications/definitions or to any disclosures/disclaimers. In the very near future, Red Oak will be delivering a feature called the “Prompt Helper” which will take the text of a regulation or policy and determine whether the existing classifications/definitions cover the items in that regulation or policy.
We have private AI embedded within our cloud storage solution. We also have a private license with one of the providers to maintain employee activities private as the license does not allow the provider to train other LLMs. We have an affirmation that requires employees to certify they only use internal AI applications. Are there any additional steps one can take to prevent potential ghost AI usage?
Internally, your IT team can remove the ability for your employees to access unauthorized tools and platforms. However, outside of that, we are unaware of any other solutions or tooling that can fully prevent ‘ghost-AI’ usage outside of the walls of your organization.
Have you received any feedback or input from regulators?
Yes, we’ve had many discussions with regulators and continue to do so on a regular basis. Many members of our team come from compliance backgrounds, including all of our founders—one of whom previously served as a CCO. Our staff also includes former SEC and FINRA employees, including engineers who helped build their systems.
Is there an off-the-shelf AI preview package that screens marketing materials for basic FINRA and SEC marketing review rules that doesn’t factor in in-firm policies as of yet?
Yes, the Red Oak Essentials—which now includes AI at no upcharge—package does this off the shelf.