Skip to content

Control 3.7: Regulatory Reporting — Portal Walkthrough

Step-by-step portal configuration for establishing regulatory reporting capabilities that incorporate Copilot-generated data and AI governance metrics for financial regulatory submissions.

Prerequisites

  • Role: Compliance Administrator or Regulatory Reporting Officer
  • License: Microsoft 365 E5 or E5 Compliance add-on
  • Access: Microsoft Purview portal, Microsoft 365 Admin Center

Steps

Step 1: Configure Compliance Manager Assessments for AI Governance

Portal: Microsoft Purview portal Path: Solutions > Compliance Manager > Assessments

  1. Navigate to Compliance Manager and review existing assessments.
  2. Create or update assessments for regulatory frameworks that require AI disclosure:
  3. FINRA AI usage reporting
  4. SEC AI disclosure requirements
  5. OCC supervisory reporting for model risk
  6. Map Copilot governance controls to relevant assessment items.
  7. Assign improvement actions to responsible teams.

Step 2: Set Up Regulatory Report Data Sources

Portal: Microsoft Purview portal Path: Solutions > Audit > Saved searches

  1. Create saved audit log searches for data that feeds into regulatory reports:
  2. Copilot interaction volume by business unit
  3. Communication compliance review outcomes
  4. Supervisory review statistics
  5. DLP policy match counts related to Copilot content
  6. Schedule these searches to run at the frequency matching your reporting cycle.

Step 3: Configure Report Export Templates

Portal: Microsoft Purview portal Path: Solutions > Compliance Manager > Reports

  1. Create report templates for each regulatory submission that includes AI governance data.
  2. Map data fields from Copilot audit logs and compliance metrics to report templates.
  3. Include the following standard sections in each report:
  4. AI tool inventory (Copilot features in use)
  5. Governance control status (pass/fail per control)
  6. Incident and exception summary
  7. Supervisory review metrics

Step 4: Establish Reporting Calendar

Portal: Microsoft 365 Admin Center Path: Settings > Org settings > Compliance reporting

  1. Document the regulatory reporting calendar with deadlines:
  2. FINRA annual reports (FINRA Rule 3120) — annual
  3. SEC Form ADV amendments (if applicable) — annual/material changes
  4. OCC supervisory reports — as required by examination
  5. Set calendar reminders and assign report owners.
  6. Create a pre-submission review workflow for each report.

FSI Recommendations

Setting Baseline Recommended Regulated
Compliance Manager assessments Annual review Quarterly review Continuous monitoring
AI governance reporting Manual Semi-automated Automated data feeds
Report pre-submission review Single reviewer Dual review Committee review
Reporting calendar automation Manual tracking Automated reminders Integrated workflow

Regulatory Alignment

  • FINRA Rule 3120 — Supports compliance with annual supervisory control report requirements
  • SEC Form ADV — Helps meet disclosure obligations for AI tool usage in advisory practices
  • OCC Bulletin 2011-12 — Supports model risk management reporting requirements

Next Steps