MNPI and AI Meeting Notes: What Financial Services Firms Need to Know
•
7
MIN READ
AI Summary by Fellow
AI meeting assistants have moved from novelty to near-default infrastructure at investment firms, advisors, and other financial services businesses. But as adoption grows, so does scrutiny, and no risk category comes up more consistently in how firms govern these tools than material nonpublic information, or MNPI.
Unlike general confidentiality, MNPI carries specific regulatory weight: capturing it in the wrong context can raise insider trading, Regulation FD, and fiduciary exposure that goes well beyond an awkward leak. Firms that have thought seriously about AI meeting notetakers treat MNPI as its own category of risk, with its own controls, not something that gets folded into a generic "keep things confidential" clause.
If your firm is rolling out an AI meeting assistant, or tightening up an AI meeting assistant usage policy you already have, here's what a thoughtful approach to MNPI actually looks like in practice.
Why MNPI deserves its own policy section
Most sensitive-information categories (HR matters, personnel issues, ordinary business confidences) carry reputational or contractual risk if mishandled. MNPI is different. It's tied to specific statutory and regulatory obligations, and the exposure isn't limited to the firm; it can extend personally to individuals who trade or tip based on it.
That distinction matters for how you write a policy. A blanket "be careful what you say" instruction isn't enough. Firms need to think about MNPI as something that can surface unpredictably, in a diligence call, a portfolio company check-in, an expert network conversation, and build controls that work in the moment, not just categories decided in advance.
What are the recordkeeping obligations for AI-generated meeting notes?
For SEC-registered investment advisers, existing books-and-records rules govern which business records must be created, retained, and made available for examination. AI-generated meeting transcripts and summaries sit in a genuinely unsettled area here: regulators have not issued clear, tool-specific guidance on whether AI-generated notes constitute records under existing rules. This is a developing area, and firms should confirm current requirements with legal or compliance counsel.
The more conservative, and increasingly common, approach among compliance teams is not to wait for that guidance to arrive. Some firms are choosing to treat AI-generated summaries as business records subject to existing retention and supervisory obligations, on the theory that it's easier to defend an over-inclusive records policy in an exam than to explain why AI output was excluded from recordkeeping entirely.
How can firms structure MNPI controls: prevention and remediation
Looking at how mature policies handle MNPI, a consistent pattern emerges: good policies operate on two layers: prevention and remediation.
Layer 1: prevention
The first layer is about keeping MNPI out of the transcript in the first place. Two mechanisms can do most of the work here.
Meeting-type exclusions: Certain meeting categories carry inherent MNPI risk simply by what they are: investment committee meetings, board meetings, LP and investor calls, active deal or pipeline discussions. These aren't judgment calls made meeting by meeting. They're structural exclusions built into the policy itself, because the likelihood of MNPI surfacing is high enough that it's not worth relying on someone remembering to pause.
→ Learn how to set up workspace-wide auto-record restrictions in Fellow
Real-time pause controls: For everything else (sourcing calls, diligence sessions, portfolio company check-ins, expert network conversations) MNPI risk is situational rather than guaranteed. The better approach isn't banning AI notetakers from these meeting types altogether. It's giving participants a fast, reliable way to pause capture the moment a conversation drifts into sensitive territory, and resume once it's passed. This treats MNPI as a moment within a meeting, not a property of the meeting type as a whole, which is a meaningfully more usable model for firms that don't want to lose the benefit of AI notes on every call that could theoretically touch something sensitive.
The firms getting this right are explicit that meeting-type exclusions and in-meeting pausing aren't substitutes for each other. Exclusions handle the meetings where risk is close to certain. Pausing handles the much larger set of meetings where risk is possible but not guaranteed.
If losing context on the meetings your team can't fully record sounds like a familiar tradeoff, Fellow was built to close that gap: pause-and-resume without losing the rest of the conversation, plus redaction as a backstop.
Layer 2: remediation
No prevention system is perfect, and mature policies plan for that. If MNPI does end up captured in a recording or transcript, the standard is to redact it from the transcript as soon as it's identified, not to leave it in place because the meeting has already ended, and not to treat it as an isolated IT cleanup task disconnected from compliance.
This second layer matters because it's often the piece missing from weaker policies. A lot of internal guidance stops at "don't record sensitive topics" and never addresses what happens when that instruction is followed imperfectly, which, in practice, it sometimes will be. Building a clear, fast redaction workflow into the policy closes that gap.
→ Learn about Fellow's redaction feature
Are retention windows an MNPI decision or a storage decision?
Shorter retention windows for raw recordings and transcripts reduce the amount of potentially MNPI-containing material that exists at any given time, which matters directly if a regulator issues a document request. In practice, some firms use windows in the range of five to seven days for raw content, though this varies by firm and isn't a fixed standard. At the same time, the window has to be long enough for the relevant team member to actually review the AI summary for accuracy before it becomes the only record left.
Firms that have thought this through tend to separate the retention clock for two different artifacts:
Raw recordings and transcripts: the highest-risk artifacts, since they capture everything said verbatim, including anything that shouldn't have been said on the record. These typically get the shortest retention window, and some firms configure zero-day retention in Fellow so raw content is never retained past processing at all.
AI-generated summaries and notes: a step removed from the raw content, and often retained longer (sometimes indefinitely, subject to manual deletion) since they represent a curated, reviewed record rather than an unfiltered capture.
If your policy doesn't distinguish between these two retention clocks, it's worth revisiting. Treating a five-minute snippet of raw audio the same way you treat a reviewed, human-approved summary means treating very different risk levels identically.
Who should own MNPI governance for AI meeting tools?
A policy that lives only in a document employees skim once during onboarding tends to erode in practice. The firms with stronger MNPI controls pair the written policy with clear ownership: a compliance officer, IT lead, or dedicated governance function responsible for periodically sampling AI notes, confirming pause and redaction workflows are actually being used, and escalating exceptions.
This isn't bureaucracy for its own sake. MNPI exposure through AI meeting tools is a new enough risk that "we have a policy" and "the policy is actually working" are genuinely different claims, and only ongoing oversight closes that gap.
What should firms require from an AI meeting assistant vendor?
Whatever your internal policy looks like, it depends on the underlying tool supporting it. When evaluating an AI meeting assistant for MNPI-sensitive environments, a few vendor requirements come up consistently among compliance and IT teams:
No training on customer data, under any circumstances. MNPI captured in a meeting should never become training data for anyone's model, including the vendor's own.
Real-time pause functionality that's fast and reliable enough that people actually use it mid-conversation, rather than a feature that exists but gets ignored because it's clumsy.
Redaction capability so that if MNPI is captured despite best efforts, it can be removed from the transcript without waiting on a support ticket.
Access controls and audit logging. Visibility into who can see a given recap should be limited to people who were actually on the call, and the firm should be able to demonstrate lineage from recording through transcript, summary, and any subsequent distribution if a regulator ever asks.
Separate retention controls for recordings and transcripts versus summaries, so the firm can implement the two-layer retention approach described above rather than being stuck with a single blanket setting.
Fellow is the AI notetaker for regulated industries that does not train on customer data, supports pause-and-resume for sensitive moments mid-meeting, offers redaction, and provides a zero-day retention option so raw recordings and transcripts never need to persist at all. Access permissioning and review workflows are designed to help a compliance team evaluate AI adoption with more confidence, rather than restricting it out of uncertainty.
The bottom line
MNPI is the risk category that shows up most consistently in how sophisticated financial services firms think about AI meeting notetakers, and for good reason, given the regulatory stakes involved. The firms handling it best aren't the ones with the longest exclusion lists. They're the ones combining structural exclusions for the highest-risk meeting types, real-time pause controls for everything else, a fast redaction workflow as a backstop, retention windows that reflect actual risk exposure, and real ownership to keep the whole system honest over time.
If you're building or revisiting your firm's policy, that two-layer model (prevention plus remediation, backed by clear governance) is a solid place to start. Contact our sales team to learn how Fellow's governance and privacy controls support that model.
Frequently asked questions
Record, transcribe and summarize every meeting with the only AI meeting assistant built with privacy and security in mind.






