For broker-dealers and RIAs
AI supervision and recordkeeping for investment firms
Your team uses ChatGPT, Claude, and Copilot every day. TinyFox gives your firm a complete record of how — with the audit trail, supervisory controls, and policy enforcement your next FINRA or SEC examination will ask about.
Compliance dashboard
Last 30 days
AI interactions
+18%14,200
this month, firm-wide
Sensitive data blocked
−28
last 30 days
Supervisory queue
+412
pending review
Retention
7-yr policy7 yrs
tamper-proof
AI interactions logged
14,200 total · 8 blocked · 12 flagged for review
Last 14 days
Supervisory queue
12 pendingQuarterly letter draft — performance claim
s.patel · Client Service · 3 min ago
Client email blocked — SSN detected
a.chen · Client Service · 11 min ago
Account note flagged — possible MNPI
j.martinez · Investment Research · 28 min
Marketing copy — testimonial language
m.kumar · Operations · 1 hr ago
Spend by team
Feb 2026Total
$2,400
Budget
$3,500
vs. Jan
−14%
AI providers your team already uses
+ in-browser tools via Chrome extension (coming May 2026)
The fastest path to FINRA-grade and SEC-grade AI compliance
One config change. Full coverage. No SDK, no code changes, no multi-team rollout. Setup in 15 minutes.
Before
After
That's it. Every call now flows through TinyFox.
Every request logged
Tamper-proof audit trail with full prompt, response, user, team, and cost attribution.
PII scanned and blocked
SSNs, credit cards, and sensitive data caught before they reach the model.
Policies enforced
Model restrictions, budget limits, and usage controls — all at the API layer.
Exam-ready evidence on tap
Exports built from your actual usage data — formatted for the FINRA request letter or the SEC document request.
The rules are getting specific. The next exam will be about AI.
Both FINRA and the SEC have flagged AI as an exam focus. Different rules, same expectation: prove you supervise it.
For broker-dealers (FINRA)
- FINRA Regulatory Notice 25-07 — the first AI-specific guidance from FINRA. Capture prompt/output logs, track model versions, supervise AI-assisted communications.
- 2025 FINRA Annual Regulatory Oversight Report — AI flagged across cybersecurity, supervision, and communications.
- Rule 3110 supervisory program — your WSPs are expected to address AI tools.
For RIAs (SEC)
- 2025 SEC Examination Priorities — Division of Examinations flagged AI as a focus area (advice, marketing, operations).
- Marketing Rule enforcement (206(4)-1) — AI-generated client communications subject to the same testimonial, performance, substantiation requirements as anything else.
- Rule 206(4)-7 annual compliance review — must cover AI use specifically.
Sources: FINRA Reg Notice 25-07 · FINRA.org — Rules & Guidance · SEC.gov — Investment Adviser rules
What TinyFox captures
Evidence your compliance program can rely on
Books and records
Every AI interaction logged with full prompt, response, user, team, model, and timestamp. Tamper-proof, indexed, and exportable.
Supervisory review
Flagged interactions queued for compliance review. PII, policy violations, or content meeting your firm's risk criteria — surfaced, not buried.
Marketing rule controls
Content checks on AI-assisted client communications. Catch performance claims, testimonials, and other marketing-rule triggers before they ship.
Cost and usage attribution
Spend, tokens, and request volume attributed by user, team, and provider. Anomalies flagged. No more month-end surprises.
Flying blind gets expensive fast.
60%
of organizations have no visibility into AI usage
Cisco, 2025
39.7%
of data input to AI tools is sensitive
Cyberhaven, 2026
$670K
added to average breach cost from shadow AI
IBM, 2025
Built for the people who own AI risk at your firm
Chief Compliance Officer
Show your next examiner exactly how AI is used at your firm
Complete books and records, supervisory review trail, and marketing-rule controls — all generated from your firm's actual AI usage, not a spreadsheet assembled the week before the exam.
Managing Partner / President
Protect your firm's reputation on every client communication
AI-assisted client emails, market commentary, and proposals all flow through one place. Sensitive data caught. Performance claims flagged. The risk doesn't sit in a dozen private ChatGPT tabs.
Chief Operating Officer
One source of truth for AI tools, costs, and risk
Spend by team, model, and provider. Policies enforced at the API layer. Vendor sprawl replaced with a single line item, a single audit trail, and a single place your CCO can answer to.
See what fits your firm
Pick your version.
AI supervision looks different depending on whether you're FINRA-regulated or SEC-regulated. TinyFox supports both — pick the version that matches your regulator.
FINRA · Rule 3110 · 4511 · 2210 · RN 25-07
Built for your next FINRA exam
Books and records under Rule 4511, principal supervision under Rule 3110, communications under Rule 2210. Built for the firm that takes the request letter seriously.
See features for broker-dealersSEC · Rule 204-2 · 206(4)-7 · 206(4)-1
Built for your next SEC examination
Books and records under Rule 204-2, compliance program under Rule 206(4)-7, Marketing Rule under Rule 206(4)-1. Built for the firm that takes the deficiency letter seriously.
See features for RIAsDually registered firm (both BD and RIA)? Pick either one — we'll walk through both rule sets on the call.
Live within two weeks, not two quarters
No SDKs. No code changes. No multi-team rollout project. One config change per AI provider, and every team is covered.
0
lines of code changed
~1 hr
per AI provider to configure
100%
of your team's API-based AI usage captured
Ready to give your compliance program the evidence it needs?
Book a 15-minute call. We'll walk through how TinyFox maps to your firm's supervisory and recordkeeping obligations.