Custodia has published regulatory insights on compliance risks linked to AI-generated communications and unified communications platforms in financial services, highlighting a broader shift in how firms are expected to monitor and retain business records.
The report says compliance teams now face scrutiny beyond the traditional monitoring of email and voice calls. It identifies collaboration platforms, messaging apps, cloud systems and AI-generated content as areas drawing closer regulatory attention.
Focused on financial institutions, the findings centre on what Custodia describes as changing expectations for record-keeping, supervision and governance. Regulators, it says, are increasingly looking at the full range of digital communications used inside firms rather than a narrower set of established channels.
Chris Hartley, Chief Executive Officer at Custodia, said the change marks a new stage for the sector. “Communications compliance is entering a new phase,” he said.
According to Hartley, firms now face broader obligations across newer communications tools.
“Firms are no longer just monitoring email or voice calls, or even ‘off-channel communications’. Regulators now expect organisations to capture, supervise and retain communications across collaboration platforms, messaging apps and increasingly AI-generated content. The regulatory scrutiny goes beyond market manipulation and will also consider misconduct,” Hartley said.
AI Records
One of the main themes is the rise of AI-generated communications as a potential new category of regulated records. The analysis says tools including generative assistants, meeting summarisation software and autonomous agents may produce material that falls within record-keeping rules.
This would widen the scope of compliance work for banks, insurers and other regulated firms already managing large volumes of communications data. It also raises questions about how organisations identify, store and retrieve records created partly or wholly by software tools embedded in daily workflows.
Conduct Risks
The report also argues that behavioural misconduct is becoming a more important regulatory concern. It points to the UK Financial Conduct Authority’s growing focus on non-financial misconduct, suggesting surveillance of communications may increasingly support investigations into workplace conduct and cultural issues.
This marks a notable development for compliance teams, which have historically focused more heavily on market abuse, insider dealing and other financial offences. Monitoring systems may now be expected to support a wider range of internal risk and conduct investigations.
Cloud Oversight
Another area highlighted is operational resilience and oversight of software suppliers. The report says regulators are paying closer attention to cloud services and the third-party vendors that support regulated firms, particularly under rules such as the EU Digital Operational Resilience Act.
For financial institutions, that means communications compliance is becoming more closely tied to outsourcing, system resilience and access to records. Firms using multiple software providers for calling, messaging, meetings and archiving may need clearer controls over how communications data is captured and preserved.
The report also points to the growing complexity of communications environments as organisations use unified communications tools across distributed teams. In practice, many firms now combine platforms such as team messaging and video meetings with older voice and messaging systems, creating fragmented data trails across several channels.
Custodia says its services are designed to capture and manage communications across voice systems, messaging platforms and collaboration environments, including on-premises channels. The company is based in Knutsford and works with organisations in financial services, energy, life sciences and other regulated sectors.
Its analysis suggests the central compliance challenge is no longer limited to collecting records from a few well-defined systems. Instead, firms are dealing with a broader communications estate in which regulated content may be generated by people, platforms and AI tools at the same time.
Leave a comment