Enhancing Surveillance and Reducing Risk in Financial Compliance with AI

Financial service providers around the world and at every tier, from local firms to multi-national enterprise, all face the same challenge of ever-growing complexity. Simply put, every day there are more channels through which to interact with clients, and more legislation with which to govern them.   

At no point in the foreseeable future will either undergo any kind of simplification or consolidation. Should a business decide to simply not engage with or prepare for a new channel for the sake of simplicity, then they can be sure their competition won’t hesitate to take advantage.    

Both private individuals and businesses face an ever-expanding array of channels in addition to what now feels like the ‘traditional’ ones of email, voice, and even instant messaging platforms like Microsoft Teams and WhatsApp.

Regulatory authorities are constantly playing catch-up, and as such are virtually guaranteed to have either under- or over-legislated for the reality of the situation facing financial service providers by the time those rules come into force.     

Gartner’s Services Business Priority Tracker for 2024 Q4 reported a surge in compliance costs, with 76% of financial services firms having significantly increased compliance expenditure over the previous year.  

Over the same period, regulators made clear their intention to punish unrecorded use of channels like Signal, WhatsApp and iMessage by issuing fines of more than €177 billion, according to the news desk at NASDAQ. 

Despite significantly increased spend and the motivation of more punitive fines, financial service professionals are not optimistic about their digital exposure. RMA’s Q4 CRO Outlook Survey quoted a respondent talking of the compliance landscape and digital liability, saying: “It’s just changing so rapidly. If you can even stay a step and a half behind you’re lucky…every time we shut the window and bar the door, they’re going to come in sideways. It’s a constant fight that takes time, talent, and money.”  

This industry-wide squeeze of spending more while achieving less is, in a large part, due to failures in legacy approaches and highlights the powerful need for a technological shift away from reactive ‘step and a half behind’ rules-based surveillance to a dynamic and predictive paradigm. 

In the financial service industry, it’s hardly fresh news that adopting Artificial Intelligence (AI) is an essential tool for proactively mitigating regulatory risk.

The IMF estimates that machine-learning and neural networks have been core to sophisticated investment firms for “at least ten years”.  

However, this accelerating pace of the technological has opened up a ‘governance gap.’  

The real-world impact of AI 

If there was ever a tipping point between AI taking a strong foothold in enterprise ambition or not, that point has long since passed. AI is not just here to stay; rather, it is reshaping the world of business in ways we could never have imagined.  

Some statistics: 

• The AI market for financial products and solutions is projected to grow from €6.28 billion back in 2021 to €19.44 billion by the end of 2026, and to accelerate towards more than €1.5 trillion by 2030.  

• Already, 85% of financial institutions globally report having implemented AI in some capacity in their daily governance.

• In the world of finance, 66% of banks cite performance gains from AI in their risk management. The primary business drivers are clear, and initial reports are very encouraging, with 40% of firms having improved the quality of their investigations and 38% reducing operational costs.  

Yet, this rapid deployment has significantly outpaced the development or implementation of corresponding oversight.  

• Research by Deloitte in mid 2024 revealed that while 81% of enterprise-tier firms felt competitive pressure to adopt AI, only 32% had any kind of formal AI solution oversight program in place.  

• What’s more, a hair-raising 66% of responding organisations had just plugged generative AI into their daily workflow without any kind of update to governance.  

This rush to keep up with innovation at the expense of oversight introduced a whole new and formidable layer of risk. Driven by competitive pressure, and the ready availability of relatively cheap off-the-shelf solutions, service providers are accumulating a technological ‘compliance debt’ by integrating AI tools to address immediate operational pain points while indefinitely deferring the long and costly job of developing a comprehensive governance and risk management framework.  

This debt is now coming due. Financial regulators on both sides of the Atlantic are shifting focus to digital channels, model explainability, and the ability to ‘forensically recreate’ trades – all of which are made almost impossible when using ungoverned AI tools.  

Financial service providers that adopted AI without integration assistance from a specialised technology partner have exposed themselves to significant liability, along with all the enforcement actions and reputational damage that attracting regulatory attention always comes with.    

Lexicon surveillance  

For a long time before ChatGPT was a thing, lexicon-based surveillance has been the bedrock of compliance monitoring.  

It’s a simple approach that doesn’t require much in the way of specialised hardware or software. The system automatically scans text transcriptions and flags predefined keywords for review. This straightforward approach is easy to implement, quick to cross-reference, and simple to present to regulators.  

However, in the face of modern communication's volume and variety, this simplicity is its flaw. Such a system is built to find words and not meaning. Context is now essential, especially with the regulatory agencies having clearly stated that they now put great weight to intent when punishing infractions.  

What defeats lexicon-based surveillance is the sheer volume of data now generated (including emojis), overwhelming the system with false positives. Because these tools flag every instance of a keyword regardless of context, compliance teams are inundated with noise.  

According to a PWC Market Abuse Surveillance Survey, over a period of twelve months, 17 of participating the banks raised a combined global total of 40 million trade alerts – 99.99% of which were false positives.  

This rate for tier-one banks using lexicon systems isn’t unusual. This kind of ratio was a nuisance but manageable when there might only have been a few hundred interactions per day. But as the rate of connectivity increased exponentially, to the thousands or hundreds of thousands, it became a massive and unsustainable burden on compliance departments, costing firms millions annually in wasted resources.  

This operational strain leads to ‘alert fatigue’, where reporting departments became utterly desensitised to anything but the most glaring threat.  

The incompatibility of lexicon-based systems with the modern telco landscape stems from their lack of contextual sensitivity. Language is nuanced, ambiguous, and constantly evolving. These systems cannot differentiate between personnel trying to ‘fix’ a trade and colleagues planning to ‘fix’ an IKEA table.  

An increasingly mobile financial services workforce now uses many of the same devices both professionally and personally, and the increased casualness of communication in the financial sector is ether the mark of democratisation or of standards slipping, depending on who you ask. Lexicon systems are rapidly defeated by sarcasm, irony, and even double-negatives, and will struggle with slang and misspellings.    

Simplicity also means predictability, and predictability makes a system easy to circumvent. Simply knowing what vocabulary to avoid, bad actors can use coded language, metaphors, or jargon not listed in the lexicon to discuss illicit activities without triggering an alert.  

This has been a popular method for criminal endeavour for a very long time. The word slang originally meant “to get the better of a person by dishonest means” and was first recorded in court proceedings against notorious pickpocket Jenny Diver in 1740. While now immortalised in Bertolt Brecht’s The Threepenny Opera, Jenny was executed at Tyburn in 1741, illustrating that regulatory agencies have always taken a rather stern view of financial malfeasance.  

In modern times, lexicon systems are also vulnerable to channel hopping, where as soon as a conversation becomes potentially in breach, the participants move from a monitored channel like corporate email to an unmonitored platform like an instant messenger. The lexicon system is blind to the switch, and to the sudden end of the interaction after an alternative channel is adopted. The widespread uptake of remote work has made this vulnerability all the more acute, where messaging apps are common and significantly less suspicious than a sudden shift from a corporate landline to a mobile device.  

Intelligent Surveillance 

The weaknesses inherent to lexicon-based systems have driven the paradigm shift toward AI-powered surveillance.  

Where legacy tools performed simple keyword matching, AI offers contextual understanding and intent analysis. This shift has dramatically improved the quality and dependability of alerts, reducing false positives down to less than 10% of previous rates.   

While lexicon tools are static and easily gamed with slang, AI systems are self-learning and adaptive, making them difficult to evade because they understand nuance and sentiment.  

A universal feature of sophisticated and future-proof cybersecurity is that they’re holistic.  AI can holistically correlate comms logs with trade data and behavioural patterns; a capability far beyond the scope of older technologies. The only time this kind of cross-checking would happen was in a forensic context, and then certainly too late to do anything about it.  

The two main technologies being used by AI for compliance surveillance are Natural Language Processing and Machine Learning. They empower financial institutions to move beyond inefficiently sifting for keywords to understanding intent, building a more predictive and proactive surveillance framework.    

Natural Language Processing  

Natural Language Processing (NLP) is a software solution for interpreting human language in a way that is contextually relevant. While not a specific product, the category is defined by a large and dynamically expanding set of techniques, three of the most currently relevant being:  

Sentiment Analysis 
This categorises and tags distinct blocks of communication as positive, negative, or neutral, and identifies perceived emotional factors like aggression or pressure. This can flag high-pressure sales tactics or signs of client confusion.

Named Entity Recognition  
This sub-system identifies, categorises and cross-refences identifiers like names, organisations, and financial products to automate the creation of audit trails, map relationships, and defeat a great deal of obfuscation through jargon.     

Topic Modelling  
Not dissimilar to the summarise function now used by a lot of business email, this automatically identifies the main themes in large volumes of text and creates concise summaries, allowing analysts to quickly grasp the essence of a communication and reduce review times. More than just a timesaver for monitoring staff, this allows much more accurate and rapid record delivery to the authorities.     

Machine Learning 

While NLP is very good at understanding individual conversations, it’s not necessarily enough when an organisation has to monitor activity at massive scale. Within the financial services industry it’s entirely possible for no single individual or conversation to amount to a regulatory breach, but taken as a whole can still be a punishable offence.   

Machine Learning (ML) provides the ability to detect constructive misconduct at scale, primarily through a ‘supervised learning’ process where the system is given very large datasets of historical information that has since been confirmed as a case of non-compliance, market manipulation, or fraud. The system then learns to recognise characteristic patterns can then identify similar patterns in the new data it is set to monitor.  

This is often used in parallel with ‘Unsupervised Learning’, where there is no prior data provided and the system builds up its own model of normal structures, establishing a baseline of standard behaviour, and flagging anomalies or deviations.  

While still occasionally prone to making conclusions that would surprise a human, this function is critical for detecting novel or emerging threats before they become a case file of evidence of what to look out for next time.      

While both techniques are powerful when correctly leveraged, the true advantage of surveillance AI lies in its ability to create a holistic view of risk by correlating structured data such as trade logs with unstructured data such as emails and voice transcripts to build comprehensive behavioural profiles.  

This is the kind of forensic ‘spade work’ that monitoring departments of even the biggest enterprises would only have the time and resources for after a compliance breach had been detected.  

These AI systems have transformed surveillance from a reactive, event-based process, to a proactive, behavioural one.    

AI & Oversight 

The rapid integration of AI has not gone unnoticed by global regulators, and it comes as little surprise to most financial service providers that the official position is that the burden of rising to the technological challenge will fall squarely on themselves.  

Regulators on both side of the Atlantic have agreed on the benign-sounding ‘principle of technological neutrality’. In practical terms, this means that they’ll not be creating any separate rules specifically for new technologies, including AI, and it will be up to the individual businesses to maintain compliance in the face of them.  

This explicitly includes both ‘current and emergent’ areas of potential non-compliance and cybersecurity, so simply that a risk didn’t exist at the time of legislation is not going to be a defence to regulatory scrutiny.   

On the one hand, applying existing regulatory frameworks to AI just as it would to any other technology is simple to understand. On the other, AI is fundamentally not any other technology.  

While sharing the principle of neutrality, the US and UK have different approaches. 

The U.S. Securities and Exchange Commission (SEC) has recently demonstrated a new enforcement-led philosophy including what it refers to as ‘AI Washing’, which it defines as ‘false or exaggerated claims’ about a business’s AI capabilities.  

It wasted no time in bringing enforcement actions for what it considered AI misrepresentation and will give no leeway to companies using ‘black box’ tech where the business may themselves not be aware of product function making the detection and reporting process unclear.  

Slightly differently, the UK's Financial Conduct Authority (FCA) has adopted what it calls a collaborative tech-positive stance to foster innovation but also make it clear that it will not be offering any new guidance, and that businesses are liable to maintain compliance and cybersecurity up to the existing standard.  

Meanwhile in Europe, the Digital Operational Resilience Act (DORA) significantly impacts the regulation of AI in financial communications compliance by expanding the scope of operational risk management to explicitly cover information and communication technology (ICT).   

For AI use in compliance, this means a business must not only know what risks like ‘algorithmic bias’ actually are, but must also have a detailed plan of what happens when those things go wrong.  Furthermore, DORA places strong emphasis on third-party risk management, meaning a business can no longer just pay a partner technologist to make their recording and reporting tech problems go away. Instead, they will have to ensure that contractual agreements with compliance service providers also include provisions for operational resilience, incident reporting, and audit rights.  

Despite differing terms and tones, all three jurisdictions agree on the critical point that robust compliance is non-negotiable and, as of now, will require the tools to be proactive rather than reactive. Financial service providers are expected to have a clear governance framework, meaningful human oversight, model explainability, and rigorous third-party risk management.  

In the age of AI, a predictive regulatory stance is a significant competitive advantage, with well-governed businesses far better positioned to earn the confidence of regulators and clients.    

1GLOBAL & AI-driven compliance 

 When considering topics like AI that are so emergent and dynamic, it’s useful to benchmark using concrete examples and use-cases, even though the state-of-the-art is constantly moving forward.  As technology-driven telco pioneers, 1GLOBAL’s solutions naturally provide one of the most informative case studies.  

By combining its core competency in global connectivity with a purpose-built, AI-enhanced compliance platform, 1GLOBAL has built a holistic ecosystem designed to solve the fundamental challenges of fragmentation and data management that plague legacy surveillance approaches.  

This integrated model is trusted by eight of the ten largest investment banks, a testament to its viability at the highest levels of.  

With fragmentation being a primary source of compliance risk, 1GLOBAL directly addresses this challenge by providing a single, integrated network, platform and solution suite all designed in concert to capture, monitor, and reconcile interactions across disparate channels. This unified approach not only closes potential compliance gaps but also radically simplifies administration and lowers overall costs.    

To streamline messaging, 1GLOBAL launched its Message+ service in April 2025. This extends the platform's capture capabilities to include SMS and WhatsApp communications, integrating them through the ubiquitous Microsoft Teams interface.  

Further enhancing its analytical capabilities, 1GLOBAL has partnered with Verint to offer Communications Analytics within their Financial Compliance archive as of Q4 2025. This solution layers advanced, AI-powered speech transcription and analytics on top of the captured communications data.  

Crucially, the platform's Large Language Models (LLMs) and speech AI are pre-trained specifically for the financial industry, enabling them to understand and transcribe complex, trade-related conversations with market-leading accuracy. Many a real-world security force has found itself severely impaired by not speaking the local language, but 1GLOBAL’s assets are all fluent and aware of lingual nuances.  

The system can even be further tuned to recognise a specific firm's unique terminology, ensuring precision and returning even fewer false positives. This powerful engine also provides automatic language detection for multilingual calls, sentiment gradient analysis to flag unusual emotional shifts, and speaker identification to detect unauthorised participants, all of which help compliance teams proactively identify and prevent conduct risk.    

This technology directly addresses mobile voice calls, a channel that has historically been difficult to monitor, or was often deprioritised. With 'Communications Analytics', every word spoken on a call is condensed into both searchable but more importantly insightful transcription, allowing analysts to instantly pinpoint specific keywords, topics, or activities.  

Furthermore, these complete and accurate transcripts can be flexibly exported, allowing firms to upload the data directly into their own e-comms surveillance engines for holistic, cross-channel analysis. 1GLOBAL platforms are built on a suite of REST APIs, allowing for deep integration with a firm's existing systems, including leading surveillance vendors like Verint and Smarsh. This is all underpinned by robust security certifications, including ISO 27001 and GSMA SAS-SM, critical for financial institutions.   Next steps 

Financial service providers looking to remain competitive and avoid regulatory scrutiny must not only adopt the new technology paradigm but also build the strategic and governance frameworks to manage it. The goal is to create an AI-powered compliance function that’s resilient to current risks but adaptive to future challenges. 

Predictive recording analytics enabled by AI will increasingly be used to stay ahead of compliance breaches before they occur, letting financial service providers make the absolutely essential move from a reactive to a proactive posture.    

Once there, that’s not going to be the end of the journey as jurisdictions are all set to intensify their scrutiny and inexplicable ‘black box’ products become equally indefensible to the SEC, FCA and under DORA.  

The automation of daily compliance is fundamentally altering the financial services profession. The compliance department of the future may well be smaller, particularly as cloud-based Regulation-as-a-Service (RaaS) models make sophisticated solutions less hardware dependent. However, such departments will also be a far more specialised team with a hybrid skillset combining regulatory principles with technical literacy.  With compliance tech no longer an issue to be handed off to an IT silo, but rather an imperative top-level strategy, financial institutions face an urgent re-skilling imperative to train existing staff and seek trusted partnerships with telco leaders.    

While the adoption of AI in financial compliance is born of necessity, its real value lies in transforming the compliance strategy from defensive damage-mitigation into a proactive source of actionable insight that drives measurable competitive advantage. 

Contact 1GLOBAL Compliance to discuss how we can help your financial organization stay compliant and adhere to evolving technological and regulatory challenges.