Finance AI and Pre-Announcement Earnings Exposure: How AI Tools Create MNPI Leakage
Pre-announcement earnings exposure inside finance teams now flows through AI tools that finance teams use for drafting, modeling, and summarization. The exposure is functionally a material non-public information leak when an employee pastes a draft press release, a working forecast, or a board-pack excerpt into an unauthorized AI tool. SEC Regulation FD, insider trading regimes, and individual market-abuse regulations in the EU and the UK reach the conduct regardless of whether the leak was intentional. This piece walks through where the AI exposure sits inside the financial close and earnings preparation cycle, what controls regulators expect, and the inspection architecture that prevents MNPI from leaving the perimeter.
A finance team three weeks from a quarterly earnings release has drafts of the press release, the CFO commentary, the working forecast, the segment performance breakdown, and the board pack moving across Microsoft 365, Google Workspace, and the FP&A platform. Some portion of that work is now drafted, summarized, or modeled inside AI tools. When an employee pastes a draft press release into ChatGPT to "rewrite this for clarity," the draft becomes part of the request that crosses the perimeter to the model provider. The draft is material non-public information until the release goes out. The leak is functionally MNPI exposure regardless of whether the model provider trains on it, retains it, or surfaces it. SEC Regulation FD, US insider trading regimes, EU MAR, and UK MAR all reach the conduct on a strict-liability basis for the entity. The conduct of a single employee becomes the exposure of the listed issuer.
I want to walk through where AI exposure sits inside the earnings preparation cycle, what the relevant regimes expect of controls, and the inspection architecture that prevents MNPI from leaving the perimeter.
Where AI exposure sits inside the earnings cycle
The earnings preparation cycle runs in four overlapping streams. AI exposure now sits in each.
Drafting and review of public-facing language
The press release, the earnings call script, the CFO scripted commentary, and the investor Q&A prep sit in the drafting stream. AI tools are used to "tighten the language," "make this consistent with last quarter," "summarize the key points," and "draft talking points." Each of these workflows pastes pre-announcement content into a model prompt. The content is MNPI by definition until the release.
Modeling and scenario analysis
The FP&A team runs scenarios inside spreadsheets, the planning platform, and an array of AI-assisted modeling tools. A typical workflow uploads a CSV of segment performance to a model and asks for variance commentary, segment narratives, or a chart concept. The CSV contains pre-announcement results and any associated dimensional breakdowns. The upload sends the file content to the model provider.
Investor communication preparation
The investor relations team prepares materials for the call, the supplemental, and the post-call follow-up. The preparation includes peer comparison, investor segmentation analysis, and message testing. AI tools are used for transcript analysis of competitor calls, sentiment analysis of prior IR feedback, and message refinement. The inputs include the company's own pre-announcement positioning.
Internal review and audit
The internal audit and compliance teams review the close, the disclosure controls, and the management representation letters. AI tools are used to summarize the working papers, draft the management response language, and run a compliance check. The inputs include the company's pre-announcement results and the audit findings on them.
In each stream, the AI usage may be sanctioned, unsanctioned, or partially sanctioned. The sanctioned tools are subject to whatever vendor controls the procurement team negotiated. The unsanctioned tools are shadow AI. The partially sanctioned tools (Enterprise ChatGPT, Copilot, Gemini at Work) operate under vendor commitments that limit retention and training but do not eliminate the question of whether MNPI left the perimeter.
What the regulatory regimes expect
The relevant regimes treat MNPI as a category of information that has to be controlled by the issuer until public disclosure. AI-related controls do not have their own regime yet. The existing regimes reach AI conduct through the general controls obligation.
Reg FD and the US insider trading regime
Reg FD requires issuers to make material disclosures simultaneously to the public and to investors. The selective disclosure prohibition reaches inadvertent disclosures that move MNPI to a non-permitted recipient. A pre-announcement draft sent to a model provider is functionally a transmission to a non-permitted recipient until the release. The strict-liability nature of Reg FD violations does not require an intent finding.
The US insider trading regime under Section 10(b) and Rule 10b-5 reaches the use of MNPI for trading. An AI tool that is part of an automated workflow that produces trades, or that informs a trading decision, can create exposure if the AI's inputs included MNPI.
EU MAR and UK MAR
The Market Abuse Regulation (EU MAR) and the UK MAR establish prohibitions on insider dealing, unlawful disclosure of inside information, and market manipulation. The unlawful disclosure prohibition reaches transmissions of inside information outside the course of the normal exercise of an employment, profession, or duties. A finance team member pasting an earnings draft into an unsanctioned AI tool is a candidate for unlawful disclosure even when no trading follows.
The MAR insider list obligations require issuers to maintain lists of persons with access to inside information. The lists rarely identify the AI providers as recipients. The MAR record-keeping obligation expects evidence that the issuer controlled the inside information until the disclosure event.
NIS2 and DORA for in-scope financial entities
Financial entities under DORA are subject to ICT third-party risk management obligations that cover AI providers. The unauthorized use of AI providers for handling MNPI is a third-party risk event. The reporting obligations apply when the event qualifies as a major incident.
The compliance gap
The standard finance environment has DLP rules tuned for the prior generation of data exfiltration paths: email, USB, cloud storage uploads, and webmail. The AI exfiltration path runs through HTTPS to api.openai.com, api.anthropic.com, generativelanguage.googleapis.com, and the equivalents. The HTTPS body is encrypted at the network layer.
Network-layer DLP runs underneath the TLS encryption. It cannot inspect the prompt content. CASB tools see that an employee is using ChatGPT but do not see the prompt. Email DLP catches PDFs leaving as attachments and is blind to drafts pasted into a model prompt. The combined gap is that the issuer has no record of which MNPI moved into which AI tool at which moment by which employee.
The control architecture the regimes expect is one in which the issuer can demonstrate that MNPI did not move outside the permitted perimeter. The existing tooling cannot produce that demonstration for AI traffic.
DeepInspect
This is the gap DeepInspect closes for finance teams during the earnings cycle. DeepInspect sits inline between corporate endpoints and the AI tools employees use, including OpenAI, Anthropic, Google, Microsoft Copilot, and the long tail. Every prompt and response passes through the inspection layer. PII, MNPI patterns specific to the issuer (ticker, draft press release fingerprints, working forecast structures, financial close marker phrases), and pre-announcement data classifications are detected at the prompt boundary. The policy enforces redaction, block, or alert based on the rule the issuer's compliance team set.
Every AI interaction produces a per-decision audit record bound to the employee's identity, the data classification applied, the policy version in effect, and the outcome. The records serve the issuer's MAR record-keeping obligation, the Reg FD evidentiary need, and the DORA incident reporting requirement when a control fires.
If you are running a finance organization with an earnings calendar and AI tools embedded across the close cycle, let's talk.
Frequently asked questions
- Are vendor commitments from OpenAI or Anthropic enough to satisfy MAR record-keeping?
The vendor commitments cover retention, training, and access. They are part of the issuer's vendor risk file. They do not satisfy the issuer's record-keeping obligation under MAR. MAR record-keeping is the issuer's obligation to maintain evidence of who had access to inside information and when. The vendor records, where they exist, sit inside the vendor's environment and are not under the issuer's control. The issuer has to maintain its own record of which AI interactions touched MNPI. Without that record, the issuer is unable to discharge the obligation on a regulator's request.
- Does Enterprise ChatGPT or Copilot solve the MNPI exposure?
Enterprise plans shift where the risk sits contractually but do not eliminate it architecturally. The vendor commits to not training on the customer's content. The retention is constrained. The audit trail the customer sees is the vendor's view of API calls under the enterprise tenant. The customer's view of which employee submitted which prompt with which content is incomplete. For MNPI controls, the issuer needs a per-interaction record under the issuer's control, not a vendor-side summary. Enterprise plans are necessary; they are not sufficient.
- How does shadow AI expose pre-announcement earnings information?
Shadow AI is unauthorized AI tool usage by employees. During the earnings cycle, employees use shadow AI tools to draft sections, summarize working papers, model scenarios, and prepare investor materials. The tools sit outside the issuer's sanctioned environment. The prompts that cross the perimeter carry whatever MNPI the employee was working with. The issuer has no record of the transmission, no policy that gated it, and no ability to recall the content once it left. The Cloud Radix data is that 77% of employees using unauthorized AI tools admit to pasting sensitive business data into the prompts.
- Can DLP solve the AI prompt content problem?
Network-layer DLP runs underneath the TLS encryption. It is blind to prompt content. Endpoint DLP can inspect the prompt before it is sent if the DLP is configured for the specific browser, the specific application, and the specific protocol, and if the user does not bypass it through a personal account or unmanaged device. The configuration matrix is large, the bypass paths are many, and the result is that endpoint DLP catches a fraction of the AI traffic. Inline inspection at the AI request layer catches the rest because the policy is evaluated at the AI request boundary regardless of which client originated the call.
- What is the right control for MNPI during the financial close?
The control architecture is layered. Sanctioned AI tools at the application layer. Endpoint DLP on managed devices. Inline inspection at the AI request layer for all AI traffic regardless of source. Per-interaction audit records bound to identity, classification, and policy. Compliance review of the records during and after each close. The combined architecture produces the demonstration the regimes expect: the issuer controlled the MNPI, the issuer can produce the evidence, and the issuer can respond to a regulator's question with records that survive scrutiny.