About a-team Marketing Services
The knowledge platform for the financial technology industry
The knowledge platform for the financial technology industry

A-Team Insight Blogs

Why is Comms Surveillance Still a Problem? Key Insights from RegTech Summit 2024

Subscribe to our newsletter

More than $3 billion in fines and even higher legal costs have underscored the persistent challenges firms face in e-communications surveillance. Despite abundant evidence of the regulatory, financial, and reputational risks at stake, this problem continues to vex compliance teams worldwide.

This provided the context for a group of senior practitioners and RegTech experts convened at  A-Team Group RegTech Summit, to explore the root causes behind ongoing surveillance hurdles and offer practical, future-focused guidance.

Their discussion illuminated why new channels keep proliferating faster than organizations can onboard them, how user experience often lags far behind rapidly shifting communication norms, and what measures—both technological and cultural—can help firms avoid hefty penalties and stay aligned with regulators’ evolving demands.

The expert panel comprised Stan Yakoff, RegTech Advisor and Law Professor (NYU); Alexander Aronov, Senior Director, AI Compliance and Data Intelligence, Citi; Peter Kenny, Managing Director, ACA Group, Patrick Palomo, Principal Solutions Architect, Smarsh and Garth Landers, Global Director, Product Marketing, Theta Lake.

The panel highlighted two different perspectives on persistent e-comms surveillance challenges,  categorizing them as “a business management problem” and “a technology management problem.” The business side frequently proposes new communication platforms to enhance client interactions without adequately weighing the time, cost, and regulatory investment required to onboard these platforms,” adding that “onboarding some of these different communication mechanisms channels in a bank… probably takes about two years.”

The discussion focused on the importance of user interfaces and user experience long before data capture even begins. A panelist noted that multiple disconnected solutions cause firms to find themselves “staring at eight different technologies doing the same thing,” ultimately missing a cohesive approach to archival, surveillance, and regulatory readiness. Another expert underscored that “there’s one area… where I think prudential regulators and SROs have an extraordinary consistency…it’s the importance of record keeping,” explaining that this foundational principle has persisted through more than two decades of enforcement actions.

On the topic of channel bans, sparked by recent news of specific platforms being prohibited at a major firm, one speaker suggested that “channel bans are a losing strategy over the medium to long term,” with another panelist advocating instead for bringing widely adopted applications like WhatsApp – with over 2 billion users in 2020 – “under control.” Another speaker noted that “you will always have approved and unapproved channels,” stressing how the sheer volume of new platforms guarantees ongoing challenges in keeping pace with employees’ and clients’ preferences and behaviours.

Build, buy, or hybrid?

Discussions around the feasibility of building vs. buying technology solutions prompted several insights from the panel. One speaker noted that “if you look at building or buying, you want to think about how unique your firm’s requirements are relative to the market.” In-house developments are expensive and  time consuming so unless the firm’s needs are markedly different from industry peers, a SaaS based vendor solution might be the best approach.

Another panelist agreed, adding that “we don’t see a tremendous amount of appetite to build solutions in our space,” pointing to the potential benefits of leveraging off-the-shelf platforms for common regulatory and compliance challenges.

Yet, the panel cautioned that even a vendor-provided solution requires careful integration with existing processes. A panelist explained that “certain things can definitely be brought in-house, but technology management needs to be considered,” underscoring that the success of any approach—be it build, buy, or hybrid—hinges on how seamlessly it fits into an organization’s established infrastructure and process architecture.

Another speaker highlighted the growing regulatory emphasis on transparency, remarking that firms should ask vendors “how explainable is your solution?” Insist that they demonstrate auditability using test data that you supply and build integrity checks into downstream processes. No compliance professional wants to rely on a “black box” when a regulator asks you to explain the data lineage and control flow behind a particular decision.

Several speakers underscored the importance of training and culture in maximizing the effectiveness of advanced surveillance tools. As one panelist put it, “users are usually doing the wrong thing for the right reasons i.e. using off-channel communications to be more productive.” Employees will often seek convenient ways to communicate, even if it bypasses formal systems.

The panel emphasized that no technological solution could succeed unless firms cultivate a culture where staff recognize both the benefits and the boundaries of approved communication platforms.

Meanwhile, another speaker noted the growing complexity introduced by multiple platforms, remarking that “compliance departments have this tremendous challenge… not merely the communications content but how people are communicating.”

Personal vs. Business Communications

The session was opened up for audience questions and the first asked, “How do you disentangle personal relationships among professional colleagues?”

The discussion began with a direct acknowledgment that “you can’t” easily separate personal connections from professional ones. As one panelist explained, the most pragmatic approach lies in establishing clear boundaries for each type of exchange, with the speaker suggesting, “I think you use different communication channels for each of them… I think that’s the answer.”

This comment reflected the consensus that while total separation of personal and work interactions is unfeasible, firms can at least guide employees toward using designated platforms for business communication.

Several experts underscored that compliance policies must recognize human behaviour and the myriad ways employees stay connected, acknowledging that personal and professional lives inevitably intersect. The panel encouraged organizations to devise guidelines for channel usage, rather than attempting to eradicate informal communication outright.

One speaker observed that strict prohibitions often fail because they do not account for genuine relationship dynamics. Staff are more apt to circumvent bans if the mandated tools do not align with their everyday habits and clients’ expectations.

Staying Current, Getting Ahead

The next audience question asked, “How can firms make sure comms technology remains adaptable to new communications platforms and emerging risks?”

The panel emphasised the importance of partnering with providers that align closely to the evolution of leading communication platforms. One panelist observed that “you always want to look at providers… that are working… at the core,” emphasizing that vendors must keep up with frequent updates from services such as Zoom, Microsoft Teams, and Cisco Webex.

The panel urged firms to be on the alert for compliance gaps where a vendor is “chasing functionality,” noting that software-as-a-service models can launch numerous new features each quarter—far more quickly than an unprepared firm can monitor.

Further remarks tied this point back to the build vs. buy debate, as another speaker cautioned that not all solution providers share the same dedication to the financial markets and recommended verifying a vendor’s capacity to adapt and maintain regulatory readiness “over the long haul.”

Successful deployments rely on a “classic change management” perspective noted one expert. Rather than viewing vendor management as a stand-alone function, the panel urged firms to adopt a holistic end-to-end process approach with considerations for the touch points across business functions—compliance, HR, vendor management, cybersecurity within each project.

A final point addressed the ongoing need for real-time feedback loops from surveillance analysts, as one expert described it, “the actual, active feedback loop,” indicating whether or not the technology continues to meet the obligation. A holistic approach supports firms transitioning from merely reactive monitoring to a more proactive approach. By focusing on human behaviour and subtle cues in communication, advanced models can potentially detect nascent compliance risks before they escalate.

Multi-Lingual Support

The next audience question asked, “What about multilingual communication surveillance—two or more languages in a single conversation?”

One expert noted that “it comes down to recognizing which languages are being spoken and that is a branch of AI in and of itself.” The challenge, they explained, lies not only in accurate transcription but also in “transcreation,” which focuses on the “idiomatic sense” unique to each culture.

Another panelist echoed these sentiments by calling the issue a “tower of Babel,” pointing out that even within the same language, regional variations demand heightened awareness of context.

Several experts agreed that technology has made substantial progress in this realm. One speaker detailed how they are conducting “a proof of concept right now with a very large multinational financial services org,” testing models capable of detecting and understanding multilingual communications, including “Singlish” and phonetic Hindi.

Yet, another participant cautioned that “you still need to do additive things” beyond baseline transcription by applying machine learning and natural language processing to handle real-world conditions and mixed-language usage in a single transcript.

Another panelist proposed a hybrid approach, suggesting that while “English, Spanish, French, can probabl be taken care of by a technology solution,” less frequently spoken or written languages might still require manual review or sampling. This human-in-the-loop methodology, they indicated, becomes especially valuable when on-the-ground knowledge can uncover inconsistencies—such as an address not matching the claimed office location—an example that underscores how “AI is only as good as the data that’s given.”

Training and Test Data for LLMs

Another audience question asked “How do we handle data sets and test sets in the new AI environment? (GenAI, LLMs, voice, etc.)”

The panel turned its attention to the complexities introduced by large language models (LLMs) and the role of synthetic data in building and evaluating surveillance systems. One speaker explained that their team began using LLMs “in the first instance… for demos,” noting that it proved easier to generate sample material for showcasing the software’s capabilities than to craft realistic scenarios manually. However, they cautioned that if “there is bias in that LLM… that can influence the performance of the model,” thereby complicating its use for training production-grade surveillance solutions.

Another panelist reinforced these reservations, pointing out that they have also “used LLMs to create fake phone calls… for the purpose of a demo,” but described such test data as insufficient to meet regulatory standards. Instead, this speaker advocated leveraging “public… enforcement records” as a more credible data source and working “in partnership with our customers” to incorporate real, labelled scenarios. Several experts agreed that truly robust testing requires blending synthetic data with authentic material – particularly in voice surveillance – because migrating “historical analogue data” into modern digital formats remains a persistent challenge.

Expanding on this, one expert described how different branches of AI might employ a range of data strategies. They offered an example of gathering “comments from Amazon” to detect language indicating customer complaints, later refining these to the “much more pertinent” terms used in financial contexts. Another speaker underscored how the surveillance team must often be directly involved: “We… ask them to give us examples… voice call… email,” thereby building a repository of realistic messages for training. Through this collaborative approach, the panel emphasized that data sets become both nuanced and contextually relevant, ultimately strengthening the effectiveness of AI-driven surveillance models.

Balancing Surveillance and Privacy

A final audience questions asked, “How can firms balance thorough communication surveillance with privacy concerns?”

Several experts tied the privacy challenge directly to evolving technology. One panelist explained that “there’s a lot of work that can be done from a behavioural analytics perspective without looking at the text of communications,” citing metadata fields such as ‘to, from, CC, roles, and departments.’ By focusing on how individuals collaborate—rather than capturing message content—compliance teams can gain a “network analytics perspective” while respecting user privacy. This approach, the panelist argued, offers a unique opportunity to identify whether a problematic individual’s influence extends to other team members, effectively distinguishing between isolated breaches and more pervasive cultural risks.

Privacy considerations have also intensified in light of generative AI (GenAI) tools and new regulations, such as the EU AI Act. One participant remarked, “I’m on the phone with legal  on privacy pretty much on a daily basis,” highlighting that any change in a firm’s surveillance program often requires formal privacy impact assessments.

Another speaker recounted how organizations rushing to adopt GenAI-powered assistants like “copilot” have encountered performance and accuracy issues before even getting to privacy hurdles. The consensus was that employees crave productivity-boosting tools, yet internal guardrails and thorough audit trails are critical to ensure data remains secure and compliant with regulations.

The panel noted that sometimes these technologies can inadvertently create more records than necessary. As one participant cautioned, “it may potentially put you in a position where you create a record, where no record is required,” thus compounding privacy and retention risks. All in all, the conversation underscored the delicate balance between leveraging innovative surveillance technologies and safeguarding individual rights—an equilibrium that calls for ongoing collaboration among compliance, privacy legal, and operational teams.

Final Takeaways

The panel urged firms to exercise heightened due diligence when evaluating the claims of third-party solutions, noting that many providers tout AI or machine learning features that do not necessarily address the genuine challenges of detecting risk. Rigorous due diligence, complete with proof-of-concept testing and clear documentation, remains the surest path to ensuring that new tools truly improve surveillance risk outcomes.

Ultimately, the panel agreed that the final check against compliance blind spots and privacy pitfalls is a well-rounded strategy; one that combines strong due diligence, a clear focus on data integrity, and an acute awareness of changing communication habits across the industry.

Subscribe to our newsletter

Related content

WEBINAR

Recorded Webinar: Effective due diligence, screening and monitoring to mitigate financial crime risk

Managing financial crime risk requires a comprehensive approach to due diligence, screening, and continuous monitoring. Financial institutions face increasing regulatory scrutiny and staying compliant in today’s dynamic environment requires advanced technologies. Failure to comply is resulting in severe enforcement penalties. This webinar will explore practical strategies and tools for mitigating financial crime risk, focusing on...

BLOG

Corlytics Enforcement Data Signals Elevated Compliance Risks

Regulators worldwide have ramped up enforcement actions at unprecedented levels in the latter half of this year, with historic fines and new precedents being established across the various sectors. According to the latest enforcement data from RegTech consolidator, Corlytics, the total value of enforcement penalties in the third quarter of 2024 is up by 300%...

EVENT

Data Management Summit London

Now in its 15th year, the Data Management Summit (DMS) in London brings together the European capital markets enterprise data management community, to explore how data strategy is evolving to drive business outcomes and speed to market in changing times.

GUIDE

Regulatory Data Handbook 2024 – Twelfth Edition

Welcome to the twelfth edition of A-Team Group’s Regulatory Data Handbook, a unique and useful guide to capital markets regulation, regulatory change and the data and data management requirements of compliance. The handbook covers regulation in Europe, the UK, US and Asia-Pacific. This edition of the handbook includes a detailed review of acts, plans and...