Smarsh Connect 24: Stronger, Faster and Smarter

Generative AI

As expected, Generative AI discussions were everywhere, illustrating that GenAI remains one of the most overhyped—and simultaneously underhyped—topics in recent memory. After our many conversations, it appears clear that every firm is under tremendous executive pressure to adopt the technology. At the same time, compliance teams continue to proceed with caution, given the potential collision with existing regulations and new risks that can arise in the misuse of the technology.

As SIFMA’s Melissa MacGregor noted on our mainstage panel, regulators are not standing still. She highlighted recent SEC enforcement actions against AI washing and potential conflicts of interest resulting from client-facing use cases that embed AI in their platforms. She also spoke about the work SIFMA is doing to advocate against additional regulatory obligations that will stifle industry innovation. Other observations on this topic include the following:

• Firms are moving beyond prohibition policies and looking at lower-risk internal use cases, such as document reviews and meeting summaries, as a way to test the benefits and risks across specific use cases
• Most firms are assessing the compliance policy decisions that need to accompany these use cases, such as whether they have obligations to capture and retain the output of these use cases, along with the question of proper treatment for prompts
• The embedding of GenAI into existing communications tools is quickly becoming pervasive. This is best illustrated by the embedding of Copilot into Microsoft Teams, which is increasing pressure from the industry to have APIs and reliable, scalable mechanisms for those features to be captured by compliance vendors. That trend will likely impact the majority of other communications tools very quickly
• In terms of compliance and risk use cases, AI technology innovation is moving significantly faster than regulation. This is creating a clear separation in the market between AI-enabled technologies designed specifically for regulatory-intensive use cases and those that are not
• The use of AI within the communications surveillance function is almost certain as firms look to move past the use of lexicons that remain plagued by high false positive rates. In a recent survey published by Smarsh, 91% of compliance practitioners expect this in the short term. What we heard over the course of the day reinforced that perspective again and again

Off-channel communications

The other headline topic was the industry response to ongoing enforcement actions related to the use of unapproved communications tools. As we've heard in our engagement with industry experts and advisory firms, the consensus is that regulators are far from finished focusing on this topic. Generally, firms concur with the SEC's perspective that enforcement actions have begun to change industry behavior, although best practices remain lacking. Regulators have not yet turned their attention to additional communications modalities, such as voice, whiteboards, and break-out rooms that can also attract unapproved use. But that move seems inevitable. As Wilmer Hale's Susan Schroeder noted, "texting is the tip of the iceberg. Firms are thinking about Zoom and Microsoft Teams that allow communications to be exchanged."

Other observations include the following:

• Many firms have moved beyond low-hanging fruit adjustments, including policy adjustments and training program updates
• Decision-making processes, such as governance councils, have become more operationalized and have updated benefit vs. cost vs. risk analyses in light of the larger enforcement actions
• Discussions are moving from mobility strategies to technology solutions. Decision-making of corporate-owned vs. BYOD vs. hybrid is not straightforward given regulatory differences across geographies, but industry awareness is now higher than ever for available solutions in the market to address each model
• Oversight processes are beginning to move, both in terms of lexicon updates as well as an acceleration in the use of large language models specifically designed to identify employee misbehavior

The US Department of Justice has also indicated its intent to focus on the corporation's compliance programs in this area, which means that the issue is not going away. It will more likely become a thread in the discussions across all areas of communications compliance for the balance of 2024.

The next network and more regulation

Finally, a widely discussed topic throughout the day was the subject of the growing challenge of simply keeping up. Firms face the business reality of new technologies that drive deeper client relationships and internal team productivity. That, coupled with new modalities, API changes, and content source monetization strategies of tools already approved for use, is more than a full-time job to keep up with. When firms face the reality of technology, along with the expected introduction of 30 new regulations from the SEC alone in 2024, the pressure for compliance programs to be stronger, faster, and smarter has never been more significant – and the importance of the partnership between the firms, Smarsh, and regulatory influencers never more critical.

FEATURED GUIDE

Generative AI and Compliance

Risk mitigation across use cases

GET GUIDE

Share this post!

• Author
• Recent Posts

Robert Cruz

Vice President, Information Governance at Smarsh

Robert Cruz is Vice President, Information Governance for Smarsh. He has more than 20 years of experience in providing thought leadership on emerging topics including cloud computing, information governance, and discovery cost and risk reduction.

Latest posts by Robert Cruz (see all)

• REGULATORY ALERT: SEC Targets Its Own Staff’s Text Messaging - April 30, 2024
• Smarsh Connect 24: Stronger, Faster and Smarter - April 24, 2024
• The Big Question at SIFMA C&L Orlando: “Can We Just Be Done with Off-Channel Enforcement Now?” - March 25, 2024

Smarsh Blog

Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.