AI will help change financial communications surveillance from a rules-based morass of red herrings to a surgical, risk-based discipline, freeing up time to investigate true non-compliance threats.
As financial services sectors increasingly adopt large language models (LLM) and other generative AI (genAI) models, policymakers and regulators have focused on understanding the potential risks, like opaque data collection, data manipulation, privacy violations, and exacerbation of biases. FINRA and the DOJ have stressed that all communications—including those generated by AI like ChatGPT—must be captured and monitored.
2024 was the year of recordkeeping and off-channel communications enforcements with massive price tags. In 2025, the SEC has urged self-reporting of off-channel communications issues as it cracks down on ephemeral messaging apps like SnapChat. Meanwhile, the public friction from the recent Signal messaging US airstrike leak has proven less than ephemeral. We are on the cusp of a time when genAI will completely change how communications surveillance works, marking a significant industry shift, especially given that communication monitoring has remained fundamentally the same for the last 10 years, relying heavily on lexicons, keyword searches, Boolean logic, and word proximity.
Let’s consider the challenges in AI adoption for communications surveillance and why the adoption curve is worth navigating.
See also: MCP: Enabling the Next Phase of Enterprise AI
Modernizing communications surveillance to muffle false positives’ noise
We have improved our use of lexicons and identifying risks using keyword searches, word proxies, and numerous filters. But fundamentally, if your phrase or word isn’t within the approved lexicon, then you’re not going to find it—nor the associated risk. Perhaps the most vexing byproduct of current lexicon-based methodologies is the sheer volume of irrelevant alerts that analysts and surveillance professionals must parse.
The surveillance monitoring function burns through the greatest number of resources and person-hours than any other compliance activity. It is no wonder then that stress, depression, and anxiety are prevalent in the compliance profession, with only 27% saying they’re adequately resourced.
Because of LLMs’ already high level of voice transcription accuracy, AI surveillance is able to target relevant risks without generating the barrage of false positive alerts you typically see with keyword-driven solutions. Context is king. GenAI-powered automation is a revelation to help eliminate firms’ enormous alert backlog and false positive count because it can understand the context of the messages and keyword usage.
A look under the hood at the AI off-channel comms police cruiser
We’re all going to be prompt engineers, to some extent. People who work in compliance and surveillance are going to move into the prompt engineering space as the LLMs advance to understand not only how finance works but also how the firm’s risk management works. As the daily alerts change from 90% false positives to 80%-90% real risks, the focus of front-line reviewers will also shift. They will be more engaged in the business of addressing risk and much less concerned with the tools to process noise. AI needs only to review the important parts of messages and can ignore the superfluous metadata items that make up around 25-40% of messages. Thus, a surveillance operative will need to be able to instruct precisely how they want the data to be interrogated and how detailed the response is to look when it does flag an alert.
Targeting the model by asking the right questions is mission critical. Compliance pros need not sweat extensive upskilling to become prompt engineers; they can write prompts in English, not in code. In reducing relevant alerts, AI will also help reduce errors while identifying true risks that were previously undetectable.
Why data completeness is non-negotiable
Data completeness is crucial for regulated firms to avoid fines from regulators. Almost every large financial services firm that has been fined by the SEC for recent recordkeeping and off-channel communications failures was fined for not having complete communications cover. For example, in one of the penalized institutions in the January tranche of enforcements, which failed to supervise or preserve communications records, a senior managing director exchanged messages “with multiple colleagues on an unapproved platform concerning proposed investment advice for a client.” An audit trail with one gap is not a complete audit trail.
Business communications data completeness includes technology that will be developed in the future, as well as current mobile applications, social media applications, voice applications, trading venues, and bilateral communications applications. Regulators have not been bashful about declaring the importance of data completeness by doling out imposing regulatory fines of over $3 billion since 2021.
AI for comms surveillance goes from scattershot to surgical
This risk-based rigor demands a more collaborative approach between recordkeeping and surveillance teams. Both of these teams benefit from better data organization, indexing, high-performance searches for discovery and surveillance, and reduced third-party risk. Recordkeeping archives are often completely siloed from those undertaking the surveillance. A more collaborative approach would include surveillance leaders taking a more proactive role in recordkeeping. This single recordkeeping archive, where data is ordered and indexed accurately, benefits the surveillance teams and also enables high-performance searches through discovery—which benefits many other teams as well.
A turning point for surveillance and recordkeeping
This will be a moveable feast, an iterative, educational journey that we’re all on. It’ll be a steep learning curve to master such transformative technology. The integration of genAI will take time for all stakeholders (surveillance teams, auditors, regulators) to become comfortable. AI will help change financial communications surveillance from a rules-based morass of red herrings to a surgical, risk-based discipline, freeing up time to investigate true non-compliance threats.
GenAI occupies a beachhead on both sides of the frontier as it is poised to help organizations stay within guardrails while policymakers simultaneously ensure AI’s use stays compliant with current data privacy and security regulations. Needless to say, this is a very exciting time for business communications compliance.
