A new methodology demonstrates how to design AI-enabled systems with built-in controls that materially reduce compliance risk and prevent unauthorized outputs.
Late 2023. Asset managers faced a question: could generative AI work in regulated industries?
GPT-4 came out, and companies saw the problem immediately. The technology could generate content at scale – investor memos, DDQ responses, fund presentations. But it hallucinated. Made up numbers. Invented policies that didn’t exist. In regulated industries, where the SEC scrutinizes every performance claim and LPs compare your answers across documents, that’s not a risk you can take.
Institutional investors are demanding ever more information. A decade ago, a standard Due Diligence Questionnaire might have been 20 pages. Today? It could run over 200 questions. The SEC Marketing Rule tightened requirements around performance disclosures and any inconsistency across documents becomes a red flag for sophisticated limited partners.
Could AI be used for investor communications at all? One error in performance figures can trigger regulatory sanctions and erode trust among your LP base.
Ekaterina Dmitrieva published a methodology for managing institutional content in asset management, drawing on her tenure at a global placement agent where she observed the challenges of content management in institutional fundraising across the private equity industry. One chapter got particular attention from practitioners: AI. How do you actually deploy it without introducing hallucinations or unverifiable statements into regulated disclosures?
The author’s path
Ekaterina studied economics at Moscow State University before completing her MBA at Columbia Business School—a background that shaped a fundamentally different approach to the problem than that of engineers building traditional content platforms.
“I kept asking: why are we starting with technology?” she says. “Most firms were shopping for platforms, comparing features. But they hadn’t figured out the basics – how knowledge flows through their organization, who owns what, how things stay current.”
At a global PE platform, she built a content infrastructure system that processed hundreds of DDQs annually while supporting multiple fundraising campaigns and serving hundreds of institutional investors.
The experience revealed that the operational challenge was not unique to one firm. IR professionals and operations teams across the industry were facing the same question: how to scale investor processes without sacrificing quality, how to maintain consistency when volumes grow, and how to deploy AI without creating compliance risk.
AI that knows its limits
In institutional due diligence, not all content carries the same disclosure risk. Certain categories, such as fund performance, fee calculations, legal terms, regulatory statements, and track-record representations, must be answered verbatim because they constitute factual or contractual disclosures that investors rely on for formal investment and compliance decisions.
Any paraphrasing, reinterpretation, or generative rewriting of this information introduces the risk of inconsistency, misstatement, or regulatory exposure. By contrast, descriptive content, such as investment philosophy, process narratives, team structure, or operational overviews, can be generated safely when grounded in verified facts and prior disclosures, as these sections primarily provide contextual explanation rather than legally sensitive claims.
AI agents can distinguish between these content types by classifying each question against predefined risk and disclosure rules: identifying references to performance metrics, fees, legal language, or regulatory obligations triggers verbatim-only handling, while questions framed around qualitative description or process explanation are routed to controlled generation. This separation enables AI to accelerate low-risk drafting while preserving human and compliance oversight where precision and accountability are non-negotiable.
The system doesn’t rely on a single large model. Ekaterina’s framework uses specialized agents: one classifies questions, another retrieves approved content, a third generates text, others screen for compliance issues and check consistency. Separating these functions limits how much any single agent can do wrong.
The architecture is built around specialized agents, each with clearly defined authority. Not one “smart” model making judgment calls across all content types – that’s where the risk lives. Instead, multiple agents with hard boundaries.
First: the Policy & Risk Router. Every question gets classified. Three questions: verbatim quoting required? Generation from facts allowed? Needs human escalation?
Performance data goes to verbatim-only processing. So do fee calculations and legal disclaimers. No paraphrasing, no rewriting. It pulls exact text from pre-approved sources that compliance has signed off on.
From there, content splits into two paths.
High-risk content goes through the Verbatim Lane. When a DDQ asks about fund performance, it locates the approved content block and assembles the answer without modification. The design principle: fail-closed logic. Can’t find an approved source with high confidence? It doesn’t try to generate an alternative and escalates to an expert immediately. This prevents hallucinating figures or making unverified claims.
Descriptive content goes through the Generated Lane, where verified facts get extracted from the library and organized into a fact pack with full source attribution. The generative model produces text strictly based on these verified facts. A post-generation layer checks every sentence against source material. If a statement has no source, it gets flagged or removed.
Running across both paths are safety mechanisms. One agent scans for compliance sensitive wording – attestations like “we confirm,” absolute statements like “never,” forward-looking projections. Another checks for internal contradictions.
Here’s how this works in practice. A European pension fund sends over a DDQ. One question: “Describe your investment committee process and confirm its independence from management.”
The Router sees two different tasks. Process description? This can be generated from documented facts. But “confirm” is a legal attestation.
It generates the description, citing each element back to approved content. The attestation gets escalated to Compliance with a note: “Attestation requires legal review.”
What would have taken an analyst an hour gets done in 15 minutes, with human oversight applied exactly where it matters.
Another question: “Confirm that your fund has never had any conflicts of interest.” The combination of “confirm” and “never” triggers immediate escalation. No attempt to generate a response. Routes directly to Legal with full context about why this needs human judgment.
Intentional design. Built to fail safely – when AI does not have a reliable answer, it declines to generate one rather than guessing.
Results
A year in, the results were clear. Time savings averaged 40-65% per DDQ. But the bigger changes were operational.
Every statement had full traceability – linked to an approved source with a clear owner and review date. Teams reallocated their time fundamentally. IR professionals cut manual input by 50%. That freed capacity for strategic investor engagement. The implementation validated a core principle that shaped the entire approach: AI doesn’t replace expertise. It amplifies it by eliminating the mechanical work that was preventing people from applying judgment where it actually matters.
What they learned
You can’t fix hallucinations with better prompts. AI systems are probabilistic. The only solution is designing systems that are architecturally insulated from hallucinating in high-risk contexts.
That means verbatim-only processing for critical content and mandatory source attribution.
Accountability needs to be architectural. Can you trace every statement back to a source? Is every action logged? When a regulator asks for the audit trail, can you produce it in minutes?
A core insight of the Content Management Methodology is simple: AI governance must come before AI deployment when producing investor-facing materials. The framework doesn’t let AI operate freely on institutional documentation. Before any generative system touches content, there’s a controlled knowledge infrastructure: defined ownership, audit trails, and review cycles already in place. Every AI-generated statement traces back to a source record in the content library. When a regulator asks where a claim came from, you can produce the exact approved disclosure it referenced—and show who reviewed it, when.
Human review isn’t a temporary limitation. It’s permanent architecture. The methodology specifies three review layers even for automatically generated content, which sounds like overhead until you realize it’s more efficient than the manual process it replaced.
There are limits to what AI can do. Determining whether certain information is appropriate to disclose to a specific investor remains a judgment call. Interpreting questions from consultants needs human review. Mandatory human review stays because the consequences of errors can be costly.
Beyond one platform
The methodology proved adaptable across fund types and scales. “Turns out every fund faces the same question,” Ekaterina says. “Just at different scales. The fundamental tension is universal. How do you scale investor communications without sacrificing accuracy or increasing workload for your team?”
The question is no longer whether AI can be used in compliance-sensitive environments. It’s how to build systems that are safe by design.
