About a-team Marketing Services
The knowledge platform for the financial technology industry
The knowledge platform for the financial technology industry

A-Team Insight Blogs

From e-Comms to AI Validation: Key Findings from ACA’s IMCT Survey 2025

Subscribe to our newsletter

Artificial intelligence has risen to the top of compliance priorities according to the 2025 Investment Management Compliance Testing (IMCT) Survey by the Investment Advisor Association (IAA), ACA Group and Yuter Compliance Consulting. Based on responses from 577 adviser firms, AI usage ranks as the year’s “hottest” topic (57%), ahead of AML readiness (41%) and cybersecurity (38%). The same dataset shows testing activity rising across the board, with the heaviest increases in e-communications/off-channel surveillance (61%), cybersecurity (55%), advertising/marketing (48%), AI (46%) and vendor due diligence (42%).

Beneath the headlines, adoption remains cautious. The survey sponsors report that around 40% of firms have formally adopted AI tools for internal work, while only 5% use AI in client-facing contexts. “I very much expected to see the numbers having changed significantly … but really, there was no change. You still got 40% of firms using it for internal purposes … and there’s this tiny little fraction, more or less 5%, that were using it … externally,” says ACA’s Senior Manager of Thought Leadership, Aaron Pinnick.

The picture that emerges is less a stampede than a slow walk – the survey notes that while AI testing rose sharply year-on-year, nearly half of adopters report no formal validation of outputs – an indication that the control framework still has a way to go.

Hot Topic but Low Adoption

AI is the hot new compliance topic … [but] when you look at the actual adoption rates … that really hasn’t changed,” notes Pinnick. The plateauing of internal use cases and low single-digit market-facing use persisted from late-2024 into May-2025, despite intensifying discourse and scrutiny.

Some of this reflects the industry’s long tail. Smaller and mid-sized advisers dominate the register, and many lack the scale incentives that push larger firms to productionise tooling. Even so, Pinnick argues the sample tracks the market: “When you compare the IAAs official record to our demographics, the findings are broadly similar.”

Public statements around adoption can also mask a governance gap. The survey data shows 46% increased testing around AI this year, yet 44% of firms that have adopted AI report no formal testing or validation of outputs.

Firms say they are testing more but not always testing well. The survey highlights a rise in AI-related testing alongside a notable share of adopters without formal model validation or output checks – a governance shortfall that examiners are likely to probe.

Pinnick’s observation is straightforward: “There needs to be some sort of validation of that underlying model … if trusting a third party to do the validation … you should still demonstrate that you did due diligence … asked about the cybersecurity concerns, the privacy concerns … and have a documented record.”

ACA Group positions itself as a full-stack GRC partner that blends advisory, managed services, distribution solutions and technology. The firm publicly cites service to 6,350+ clients across asset management, banking, insurance and FinTech, and a global team that includes former regulators. Its leadership includes Chief Executive Officer Patrick Olson, appointed in 2023 after senior roles at BlackRock.

On the tool side, ACA’s ComplianceAlpha platform brings surveillance, employee compliance, marketing review and compliance management into one environment. Its e-communications module advertises capture, archiving and surveillance across “85+ channels”, reflecting the heightened focus on off-channel communications.

Earlier this month, ACA Group unveiled its proprietary AI engine designed expressly for regulatory compliance – Encore.AI. Encore AI marks the evolution of ACA’s original Encore Compliance platform, formalizing the next phase of ACA’s strategy to deliver smarter, and serves as the core intelligence layer across ACA’s technology suite, including ComplianceAlpha®, ESG, and Research Compliance Solutions.

Testing Hot Spots

Electronic communications are the testing hotspot. Sixty-one percent of respondents increased testing in this area, aligning with global scrutiny of of-channel communications and collaboration platforms. The conversation is widening to the visual (video/image processing) layer. As Pinnick notes, it is “certainly possible that in a few years” regulators might expect video calls to be archived and screened by AI, though technical capability and false positives remain practical hurdles.

Marketing remains high on the list. The SEC staff’s 19 March 2025 FAQ update eased some performance-presentation frictions; e.g. conditions under which gross extracted performance may be shown if total-portfolio gross and net are presented appropriately, yet practitioners still want clarity. “There’s still more relief requested … [around] substantiation … market index [and] hypothetical performance … [and] institutional exceptions,” says Pinnick.

Budgets also shape behaviour. As Pinnick puts it, firms face expanding remits “to do more with less”, but he sees “cheaper, better tools” now available to achieve scale compared with a decade ago – part of why managed services and automation continue to gain ground.

The Near Horizon

Regulation S-P’s 2024 amendments bring codified incident-response programmes, service-provider oversight and a 30-day outer limit for notifying affected individuals after the firm determines that unauthorised access is reasonably likely to have occurred. Compliance is tiered: larger entities face a 3 December 2025 deadline, smaller entities 3 June 2026.

Pinnick observes that some firms appear to be taking a “wait-and-see” stance on vendor diligence, even as Reg S-P expands the definition of protected information. His concern: many underestimate how widely customer data sits across third-party estates. “Unless you’ve … looked at how many vendors have [customer] data … it’s pretty easy to underestimate all the little places where data has been shuffled off outside of the organisation.”

Don’t Forget the Basics

The survey points to a few key things that are changing rapidly. AI adoption is coming up, shifts in regulatory focus, that’s coming, that is occurring. But what it also points out is that “the more things change, the more they stay the same, notes Pinnick. “You’ve still got to have your ducks in a row as it relates to the core competencies and expectations for a highly regulated firm,” he says. “Don’t forget about that and keep that in mind as things are changing. As you’re adopting AI across the firm, remember, you’ve got to keep records … you’ve  got to test and validate and be able to explain.”

ACA’s trajectory follows a wider shift in compliance: scale is no longer just about headcount; it’s about trusted automation with inbuilt controls. From advisory and outsourced CCO services to distribution and market surveillance, the firm has methodically layered technology into its franchise. The launch of Encore AI signals a continuing commitment to auditable, explainable applications of machine intelligence across its ComplianceAlpha platform. As the IMCT survey shows, adoption without validation is a regulatory risk. ACA’s strategy is to give clients the missing piece; tools that deliver efficiency while standing up to examiners’ demand for proof.

Subscribe to our newsletter

Related content

WEBINAR

Recorded Webinar: Best Practices for Managing Trade Surveillance

The surge in trading volumes combined with the emergence of new digital financial assets and geopolitical events have added layers of complexity to market activities. Traditional surveillance methods often struggle to keep pace with these changes, leading to difficulties in detecting sophisticated market abuses and increased regulatory risk. To address these challenges, financial institutions are...

BLOG

November 2025 Deadline for ISO 20022: Are We Ready?

Global payment networks are undergoing a fundamental transformation as the financial industry transitions to ISO 20022 – a structured messaging standard designed to replace legacy formats and drive interoperability. In capital markets and treasury operations, this shift is most evident in the SWIFT cross-border payments network and high-value systems like the U.S. Fedwire. SWIFT’s Cross-Border...

EVENT

Data Management Summit New York City

Now in its 15th year the Data Management Summit NYC brings together the North American data management community to explore how data strategy is evolving to drive business outcomes and speed to market in changing times.

GUIDE

AI in Capital Markets: Practical Insight for a Transforming Industry – Free Handbook

AI is no longer on the horizon – it’s embedded in the infrastructure of modern capital markets. But separating real impact from inflated promises requires a grounded, practical understanding. The AI in Capital Markets Handbook 2025 provides exactly that. Designed for data-driven professionals across the trade life-cycle, compliance, infrastructure, and strategy, this handbook goes beyond...