Of the 15 ready-to-run workflows Anthropic shipped with Claude for Small Business this month, at least seven sit directly inside the workday of a financial services firm. Month-end close. Margin analysis. Invoice chasing. Tax-season organization. Contract review. Lead triage. Weekly business pulse.
If you run an RIA, a CPA practice, or an independent insurance agency, that should get your attention. It should also make you cautious. Financial services is not general SMB plus a few extra rules. The regulatory layer changes what is safe to deploy, what is safe to deploy with approval gates, and what is genuinely off the table, regardless of how slick the demo looks.
This post walks through the three sub-verticals separately, because they have different regulators, different workflows, and different risk profiles. The tools may look the same. The calculus does not. For the broader context on what Anthropic actually launched and why it matters, see our Post #1 in this series.
Why Financial Services is Harder Than the Press Releases Suggest
Anthropic's launch announcement contains a quote from Joe Preston, VP of Product Management at Intuit QuickBooks, about how agentic AI capabilities will remove the complexities of managing finances for SMBs. That language is fine for a furniture maker. For an SEC-registered RIA, every word in that sentence has a regulatory implication.
Removing complexities can mean automating decisions that require licensed judgment. Managing finances can mean interacting with client funds in ways the custody rule cares about. The Anthropic announcement is not making any specific claim about regulated activity. But the workflows it ships are deeply finance-centric, and FS firms will need to read between the lines.
Three cross-cutting concerns before we go vertical by vertical.
Books and records. SEC, FINRA, state insurance commissioners, and state CPA boards all care about what was generated, who saw it, and what was retained. Audit trails on AI activity have to flow into your existing books-and-records retention.
Marketing and advertising. Anything AI generates that goes to a prospect or client falls under the SEC Marketing Rule (for RIAs), FINRA Rule 2210 (for broker-dealers), state insurance advertising rules, or AICPA code (for CPAs). The fact that an AI wrote it does not exempt it from review.
Confidentiality and data classification. GLBA, the FTC Safeguards Rule state privacy laws (NY SHIELD Act, California CCPA, others), and your client engagement letters all impose obligations on how customer data is handled by third parties, including AI vendors.
RIAs and wealth management firms
If you are an SEC-registered or state-registered investment adviser, three workflows in the Claude for Small Business package warrant specific care. For our broader take on RIA technology programs under the current rule set, see SEC Reg S-P Compliance for RIAs.
Marketing and Content Generation
The SEC Marketing Rule (Rule 206(4)-1, governs investment adviser advertisements and is interpreted broadly. Anything AI-generated that goes to current or prospective clients is an advertisement if it promotes the adviser's services. The fact that AI drafted it does not change the rule. Your CCO still owns review and substantiation.
Practical implication: if you use a workflow like run a sales campaign or content generation through Canva inside Claude, route everything through your existing marketing review process before anything sends. Build the approval gate into the workflow. Do not let speed-to-publish become the optimization.
Client Communications and Meeting Prep
Summarizing a meeting, drafting a follow-up email, or generating a quarterly client letter through AI is fine in principle and useful in practice. Two cautions.
First, the books-and-records rule (Rule 204-2) requires retention of communications. If your AI is in the loop drafting client communications, the drafts and final versions should both end up in your compliance archive. Retention applies even when the draft is never sent. SEC enforcement has gone after firms specifically for missing draft retention. Make sure your archive (Smarsh, Global Relay, others) is capturing AI-touched content, and that your client portal security baseline flows through to the AI layer.
Second, performance claims. If an AI summary refers to past returns, hypothetical performance, or anything that could be construed as a marketing claim, the Marketing Rule applies. Train the workflow to flag and require human approval on any performance-related language.
What is Genuinely Safe to Deploy in an RIA Today
In order of lowest risk and highest payoff:
Invoice chasing for advisory fee collections.
Internal monthly reconciliations and management reporting.
Vendor contract review for non-client-facing services.
Internal meeting notes and CRM enrichment, with appropriate disclosures to clients about AI use in your service delivery.
For more on the operational side of building a compliance-first IT program for advisory firms, our Financial Services industry page lays out the full picture.
CPAs and Accounting Firms
CPAs sit closer to the center of the Claude for Small Business workflow set than any other FS sub-vertical. The product is built around QuickBooks. Most of the 15 workflows are accounting-adjacent. For an overview of how we approach technology for the profession, see our Accounting Firms industry page. There are two regulatory layers to keep in mind.
IRS Publication 4557 and the FTC Safeguards Rule
If you prepare tax returns, you are subject to IRS Pub 4557 and the FTC Safeguards Rule, which took full effect on June 9, 2023, with a breach notification requirement effective May 13, 2024 that requires notice to the FTC within 30 days of a breach affecting 500 or more customers. Both require a Written Information Security Plan (WISP), specific safeguards on client data, and incident response procedures.
An AI vendor handling client tax data needs to fit inside your WISP. Practically, that means evaluating the vendor under the same framework you use for any other technology service provider. Ask for SOC 2 Type II. Ask about data location. Ask about subprocessors. Document the assessment. Our Cyber-Insurance Alignment for Financial Firms checklist covers the same vendor-controls vocabulary your carrier is already asking about.
AICPA professional conduct and confidentiality
AICPA Rule 1.700.001, the Confidential Client Information rule, restricts disclosure of confidential client information without specific consent. Sending client data into a third-party AI service is a disclosure. The rule does not prohibit it, but you should have a documented policy and ideally specific language in your engagement letters acknowledging the use of AI tools in service delivery.
Where AI actually saves a CPA firm hours
In rough order of return on time invested:
Tax-season document organization. Pulling 1099s, K-1s, brokerage statements, and prior-year returns from a client's Drive into the right folder structure with the right naming convention saves real hours.
Month-end close for client bookkeeping engagements. The Claude for Small Business close workflow looks well-suited to monthly bookkeeping clients on QuickBooks Online.
Internal staff training and review. Drafting first-pass review notes that a senior accountant reviews and finalizes. Higher-quality reviews, less rework.
Marketing and proposal generation, with AICPA-compliant review.
What I would not do yet: anything that touches actual return preparation logic. Tax law is too nuanced and the stakes of a wrong answer are too high. AI as the prep tool is not where this technology is today.
Insurance Agencies
Independent insurance agencies are an underrated AI use case. The workflows are admin-heavy, the regulatory layer is mostly at the state level, and the operational return on automating AR, AOR processes, and renewal management is substantial.
State Insurance Commissioner Posture
Insurance regulation in the US is state-by-state. State commissioners have been publishing AI guidance over the last two years. Most state guidance focuses on three areas: claims handling decisions, underwriting and rating decisions, and customer-facing communications.
For an independent agency (versus a carrier), most of the regulatory weight falls on customer-facing communications and on the duty of care under your state's producer licensing rules. Carriers handle the underwriting and claims AI questions on their end.
GLBA and Customer Data
Insurance producers are subject to GLBA and the state-level NAIC Insurance Data Security Model Law, adopted in roughly half of states as of 2026; the NAIC publishes a state adoption map that is updated regularly. These create obligations on how customer non-public information is shared with third parties, including AI vendors. Standard vendor assessment, standard documentation, standard incident response. The mechanics are familiar to any agency that has gone through a cyber liability renewal recently.
Where AI moves the needle for agencies
Renewal management. Pulling lists of upcoming renewals, drafting outreach, tracking responses, escalating non-responses.
AOR (Agent of Record) document processing. Identifying, preparing, and submitting AOR letters.
Commission reconciliation. Most agencies do this manually. AI handles it well.
Marketing and content, with attention to state-specific advertising rules.
Cross-cutting: Automated Decisions and Fair Lending
One topic that applies across all three sub-verticals: be careful about anything that looks like an automated decision affecting a consumer.
If your AI workflow is selecting which clients get which level of service, deciding which prospects to engage, or flagging which clients to retain versus let go, you may be inside the scope of Regulation B for any credit-adjacent decision, NYC Local Law 144 for any hiring-adjacent decision, Colorado SB21-169 for any insurance-adjacent decision involving external consumer data or algorithms, and the Colorado AI Act (SB24-205) for broader consequential decisions if and when its enforcement resumes (a federal court paused the law in April 2026 ahead of its scheduled June 30, 2026 effective date). On top of all that, your own fiduciary duty applies for any client-facing prioritization.
The fix is not to avoid AI in these areas. The fix is to require human approval, document the criteria, and audit the outcomes for disparate impact. Same playbook you would use for any other decision tool.
What I Would Actually Deploy in an FS Firm Today
If I were the COO of a financial services SMB today, here is the order I would pilot.
1. Invoice chasing on AR. Lowest regulatory risk, highest immediate ROI.
2. Internal reporting and weekly business pulse. Pure operational lift, no client-facing exposure.
3. Month-end close prep. High ROI for finance teams. This fits cleanly inside existing close procedures.
4. Contract review for non-client-facing vendor contracts. Practice ground for the team before stakes get higher.
5. Tax-season document organization, specifically for CPA firms.
What I would not touch yet: client communication drafting at scale without robust review gates, anything that interacts with custody systems, anything that generates performance claims, and any automated-decision workflow without explicit human approval and audit trails.
If you want to talk through how a Managed AI program could be scoped for your firm with the right approval gates and audit trail, reach out to the team.
Disclosure: Techvera is an MSP serving small and medium businesses across North Texas (Denton headquarters), Oklahoma (Tulsa), and New York, including financial services firms in our customer base. Our internal operations are powered in part by Anthropic's Claude. Nothing in this post constitutes legal, compliance, or investment advice. The regulatory landscape for AI in financial services is evolving rapidly. Consult counsel and your compliance officer for specific guidance.
About the Author
Todd Mitchell
Chief Operating Officer
Todd Mitchell is the COO of Techvera, bringing operational expertise and strategic vision to help businesses transform their IT infrastructure.