July 23, 2025

 Jade Potot-Warren

compliance best practices trends

The rise of working from home and exponential growth in the use of unmonitored platforms such as WhatsApp to share work-related information has brought intense scrutiny on eComms monitoring within the financial industry – and with it, a sharp rise in related enforcement actions. In fact, regulatory risk intelligence firm Corlytics, has revealed US$47.05 billion in regulatory fines since 2020.

Just last year in the US, the Securities and Exchange Commission (SEC) uncovered serious communications monitoring failures at 26 financial firms. The firms’ failure to capture, archive, and retain off-channel communications, along with a failure to reasonably supervise personnel and so prevent and detect those violations, cost them fines totaling over US$390 million.

The Virtues of Self-Reporting

Although this type of books-and-records violation is subject to strict liability under the Foreign Corrupt Practices Act, it’s important to note that Gurbir S. Grewal, then Director of the SEC’s Division of Enforcement, highlighted in the 2024 investigation that ‘Among this group of firms, there are several that differentiated themselves by self-reporting prior to the staff’s investigation, demonstrating once again the real benefits of proactive cooperation.’ Those firms received significantly reduced penalties – the firms with the highest fines paid US$50 million, whereas the self-reporting firms paid penalties between 3-11% of that figure.

There was a similar outcome in an SEC investigation that concluded in January 2025. In that investigation, nine investment advisors and three broker/dealers agreed to pay fines totalling US$63M for their use of unapproved (off-channel) communication methods and failure to retain those communications. Again, one firm was given a significantly lower penalty for self-reporting. The highest penalties in this investigation exceeded US$12M, but the self-reporting firm paid just 5% of that figure.

Other jurisdictions have generally imposed lower fines, but fines in the UK have reached £5 million. The UK’s Financial Conduct Authority (FCA) has indicated there will be a tightening of requirements likely to align with the SEC’s approach.

Humans-in-the-Loop Remain Crucial

Faced with this level of scrutiny, it is unlikely that policies and procedures that rely on employee cooperation go far enough. Financial institutions need dedicated off-channel communications oversight that actively prevents misconduct before it occurs and raises the alarm as soon as possible after misconduct has happened.

The truth is that although the right technology is essential, full risk mitigation still requires human-in-the-loop support.

Technology, including AI, can help identify potentially concerning words and phrases, but it cannot yet provide the kind of holistic and contextualised review that a human can. This is especially critical when dealing with the more complex or ‘grey’ areas of policy and regulation. For example, whether an unmonitored platform has been mentioned is a binary issue, a yes or no question – perhaps one that technology would accurately answer. However, meaning, context, and intent are all highly nuanced – very human – and often highly situation-specific. For example, only human review can identify whether an unmonitored platform was actually used, and if so, in which context, for what purpose. These are the questions that distinguish a compliance violation from a non-issue, and where technology fails to fully bridge the risk gap.

The Advantages of External Reviewers

Not only are humans essential to Comms monitoring, but having the right humans is even more so. Most financial institutions do this by engaging external review teams because this brings several key advantages – the least of which is taking the burden off their shoulders and giving them the peace of mind that not only the review work itself, but the entire day-to-day oversight of this workflow is in the hands of dedicated specialists. Businesses will only have to address what really matters.

Additionally, company cultural bias is a major threat to any compliance program that depends on internal reviewers. Discomfort around pointing the finger at colleagues, even those you’ve never met, is very human and a proven threat to accuracy. External reviewers offer an objective perspective that can help home in on trends while avoiding bias – all whilst still demonstrating sufficient knowledge and understanding of the sector to provide meaningful review and working seamlessly with existing staff.

The explosion of new eCommunications platforms, heightened regulatory scrutiny, and the financial and reputational consequences of a passive approach make it crucial to establish a rigorous monitoring and compliance effort for Comms. Delaying that effort courts significant harm that, with the help of an external review effort, is easily avoided. The time is now to do what is necessary.