Control 3.9: AI Disclosure, Transparency, and SEC Marketing Rule — Portal Walkthrough

Step-by-step portal configuration for implementing AI disclosure and transparency controls that support compliance with the SEC Marketing Rule and client communication transparency requirements for Copilot-generated content.

Prerequisites

• Role: Compliance Administrator, Marketing Compliance Officer
• License: Microsoft 365 E5 or E5 Compliance add-on
• Access: Microsoft Purview portal, Microsoft 365 Admin Center

Steps

Step 1: Configure Sensitivity Labels for AI-Generated Content Disclosure

Portal: Microsoft Purview portal Path: Solutions > Information protection > Labels > Create a label

1. Create a sensitivity label named "AI-Assisted Content".
2. Set the label description: "Content drafted with or substantially assisted by Microsoft 365 Copilot."
3. Under Content marking, enable:
4. Header: "AI-Assisted Content — Review Before Distribution"
5. Footer: "This content was generated with AI assistance and requires human review per firm policy."
6. Publish the label to all Copilot-licensed users.

Step 2: Create Communication Compliance Policy for SEC Marketing Rule

Portal: Microsoft Purview portal Path: Solutions > Communication compliance > Policies > Create policy

1. Create a policy named "FSI-SEC-MarketingRule-AI-Disclosure".
2. Target outbound communications from marketing and client-facing teams using Copilot.
3. Add conditions to detect:
4. Testimonials and endorsements in Copilot-drafted content
5. Performance claims or projections generated by Copilot
6. Missing AI disclosure statements in client-facing materials
7. Set review percentage to 100% for marketing materials.

Step 3: Configure DLP Policy for AI Disclosure Enforcement

Portal: Microsoft Purview portal Path: Solutions > Data loss prevention > Policies > Create policy

1. Create a DLP policy named "FSI-AI-Disclosure-Enforcement".
2. Add a condition that detects outbound emails or documents that:
3. Were created or modified using Copilot (detected via metadata or sensitivity label)
4. Are sent to external recipients
5. Do not contain the required AI disclosure statement
6. Set the action to Block with override — requiring the sender to acknowledge AI disclosure requirements.

Step 4: Establish AI Disclosure Templates

Portal: Microsoft 365 Admin Center Path: Settings > Org settings > Email templates

1. Create standard AI disclosure templates for different communication types:
2. Client correspondence: "Portions of this communication were drafted with AI assistance and reviewed by [firm name] personnel."
3. Marketing materials: "This material was prepared with AI-assisted technology and reviewed by compliance personnel."
4. Research reports: "AI tools were used in the preparation of this research. All conclusions have been reviewed by the analyst."
5. Distribute templates to all Copilot-licensed teams.

FSI Recommendations

Setting	Baseline	Recommended	Regulated
AI content labeling	Optional	Recommended	Required
Marketing material review	25%	100%	100%
AI disclosure in client comms	Optional	Recommended	Required
DLP enforcement for disclosures	Notify	Block with override	Block with override

Regulatory Alignment

• SEC Marketing Rule (206(4)-1) — Supports compliance with advertising and marketing disclosure requirements
• SEC Reg BI — Helps meet disclosure obligations when AI assists in recommendation communications
• FINRA Rule 2210 — Supports fair and balanced communication requirements with AI transparency

Next Steps

• Proceed to PowerShell Setup for automation of disclosure enforcement
• See Verification & Testing to validate disclosure controls