Goldman Sachs Tightens AI and Communications Rules: What PR and Communications Teams Need to Know
Goldman Sachs has updated its Code of Business Conduct and Ethics to tighten controls around AI, internal communications, and market conduct. This isn't cosmetic. It changes how deal teams, technologists, and front-office staff work day to day-and it has direct implications for PR and Communications.
The firm consolidated behavior expectations, clarified reporting channels, and explicitly linked AI guidance to existing market-conduct policies. With board oversight emphasized and entity-level adoption tied to SEC and NYSE standards, this is a signal: AI governance and communication controls now sit inside market-conduct risk management, not beside it.
What changed
The revised language reaffirms that the firm is committed to compliance with market conduct laws across conduct and supervision, confidentiality and communication, market manipulation, collusion, conflicts of interest, and inappropriate sales practices. That framing translates into concrete rules PR teams will feel every day.
- Business communications must run on firm-approved systems. Personal messaging apps like WhatsApp or WeChat are not authorized for business communications beyond logistics.
- AI use is tied directly to market conduct expectations. Expect tighter controls on models, data, prompts, and outputs-plus more attestations and training.
- Escalation is mandatory. Employees are expected to raise market-conduct concerns per issue escalation guidelines, and failure to report can be a breach on its own.
- Discipline can be severe, up to termination. Violations may also carry civil or criminal exposure for individuals and the firm.
- Vendors fall under the Vendor Code of Conduct. Suppliers must align policies across their supply chains, cooperate with regulators, and promptly disclose issues to their Goldman relationship manager.
Why this matters for PR and Communications
PR sits on the fault line between markets, media, and internal information flows. A single off-channel message, casual embargo leak, or AI-assisted draft with sensitive data can create conduct risk.
- Selective disclosure and embargo slips: One premature email or DM can trigger market manipulation or confidentiality issues.
- Off-channel conversations with journalists or influencers: Even "quick clarifications" on personal apps can be out of bounds and unrecorded.
- AI-generated content: Feeding internal or client data into unapproved tools can expose confidential information and violate policy.
- Crisis comms: Fast-moving approvals must still run through approved systems with records retained.
Practical to-do list for PR leaders
- Audit channels: Map every comms pathway (email, chat, social DMs, press wires). Lock down to firm-approved systems and cut off personal messaging for business.
- AI controls: Define approved tools, permissible data inputs, and review steps before publishing. Document prompts and outputs when content informs market-facing communications.
- Records and retention: Ensure spokesperson prep, Q&A documents, embargo lists, and media interactions are captured on recordkeeping-compliant platforms.
- Brief spokespeople: Reinforce what can be said, to whom, and on which channels. Rehearse escalation steps if sensitive topics surface.
- Crisis workflows: Build a rapid approval path that still leaves an audit trail-no side texts, no personal apps.
- Vendors and agencies: Update SOWs to reflect the Vendor Code, approved tools, and reporting obligations. Require their subcontractors to comply too.
- Training and attestations: Schedule role-specific training for PR, social, IR, and exec spokespeople. Track completion and annual attestations.
- Monitoring and escalation: Stand up a simple intake channel for potential breaches, with clear criteria for Compliance notification.
Records, reporting, and escalation
Goldman's update elevates escalation and accountability. PR leaders should translate that into documented approval flows, centralized issue logs, and clear ownership for notifying Compliance.
Set expectations that "if unsure, escalate." Make it easy: a single inbox or ticket type, templated summaries, and an agreed response SLA. The goal is speed with traceability.
Board oversight and the regulatory backdrop
The entity-level codes cite Sarbanes-Oxley and NYSE listing standards, and note SEC requirements around codes of ethics for investment companies. For PR leaders, this signals sustained board attention and tighter supervision-not a one-off memo.
Expect phased rollouts: updated guidance, training on approved systems and AI use, and routine attestations. Plan communications in advance so your team isn't caught flat-footed.
If your team needs AI upskilling
As firms formalize AI approvals and guardrails, PR teams benefit from practical training on prompt hygiene, data handling, and review workflows. Start with job-aligned learning that mirrors your daily work.
Bottom line
Goldman's revisions bring AI and communications under the same market-conduct umbrella-with real consequences. For PR, the playbook is simple: move all work to approved systems, tighten AI usage, document everything, and escalate early.
Do this well and you'll get two wins: fewer compliance surprises and cleaner operations that move faster, not slower.
Your membership also unlocks:
