Beyond Recordkeeping: The New Role of Communications Supervision (The Demo Room #17)

Welcome to The Demo Room – your front-row seat to the future of RegTech, RiskTech, and AI innovation. 

​

In this series, we document our research interviews with the most forward-thinking vendors tackling the industry's biggest challenges. Each blog is built around a comprehensive product demo, providing clear insights into how these innovations address industry challenges.

On this occasion, we spoke with James Hogbin, Founder & CEO of Fingerprint, an end-to-end communications compliance platform for regulated firms and compliance service providers.

Communications supervision has become one of the most complex and consequential areas of market conduct and compliance.

For decades, the focus was largely evidential. Firms captured email, voice, chat and messaging data, stored it in archives, and retrieved it when required by regulators, auditors or investigators. That model no longer reflects either the scale of communications risk or the expectations now being placed on firms.

Regulators globally have imposed billions of dollars in fines linked to communications failures, off-channel messaging and weak supervision controls in recent years. Much of the attention has focused on recordkeeping failures across WhatsApp and other unauthorised channels, but the underlying issue is broader: firms are increasingly expected not only to retain communications, but to actively supervise them.

At the same time, the scope of communications risk is expanding. Communications data now sits at the centre of market abuse, customer treatment, financial promotions, information leakage, culture, non-financial misconduct and operational oversight. The same conversation that reveals insider dealing risk may also reveal conduct issues, disclosure failures, inappropriate marketing language or attempts to move business onto unsupervised channels.

This shift is colliding with operational reality. 80% of compliance teams still rely on some amount of manual processes, while communications environments continue to fragment across email, voice, Teams, Slack, WhatsApp and collaboration platforms, as well as organisational silos.

Firms are increasingly recognising that communications supervision can no longer operate as a standalone archive or review process. It is becoming a central point where conduct, compliance, behavioural and operational signals come together, helping firms build a more connected view of risk across the organisation.

“An archive isn’t an archive unless it’s supervised.” – James Hogbin, Founder & CEO, Fingerprint

The Problem for Firms

The communications supervision problem is often hidden in plain sight.

Most regulated firms already capture some communications data. Many have an archive; some, several. The difficulty comes when a compliance officer needs to show what has been reviewed, why it was reviewed, which risks were being monitored, who reviewed it, what was found, what was escalated, and whether the firm’s own policy was followed.

Manual processes make this difficult. Teams log into multiple systems. Voice, email, Teams, Slack, WhatsApp and Bloomberg may all sit in different places. Evidence is assembled after the fact. Policy requirements are tracked in one document, review activity in another, and cases somewhere else.

The challenge is compounded by the nature of communications data itself. Its richness is what makes it valuable. Conversations can reveal conduct concerns, customer harm, disclosure failures, behavioural patterns, cultural issues or attempts to circumvent controls. The same dataset may help connect risks across compliance, HR, legal, operations and front-office supervision.

That richness is also what makes communications data difficult to analyse at scale. Context, tone and relationships matter. A message may appear harmless in isolation, but significant when viewed alongside a trading pattern, another conversation, or a broader behavioural trend.

This is where manual approaches begin to fail. Reviewing communications thoroughly becomes expensive in both time and operational cost, while fragmented workflows make consistent supervision increasingly difficult. As communication volumes grow across channels, firms face a widening gap between the data they retain and the data they can realistically supervise.

The result is that valuable intelligence is often left unused, while important risks remain unmanaged across the organisation.

This is particularly difficult for lower and mid-market firms, where compliance teams are small and expectations are rising. The challenge grows with complexity — larger institutions managing multiple jurisdictions, departments and business functions often struggle to maintain consistent visibility into conduct and behaviour across the organisation. The issue is also sharp for regulatory hosts, principals, compliance consultancies and outsourced CCO providers, who may oversee many separate businesses, each requiring ring-fenced supervision, separate reporting and clear auditability.

“Wherever there’s potentially people at risk, you should be monitoring your communications.” – James Hogbin, Founder & CEO, Fingerprint

The commercial driver is also changing. Investors, counterparties and operational due diligence teams increasingly want to see evidence that the firm is doing what its policy says it will do. For a compliance officer, a failed due diligence process can be as painful as a regulatory finding. The firm may be compliant in intention, but unable to evidence it clearly.

A Solution: Fingerprint’s Communications Supervision Platform

Fingerprint brings communications data into one supervisory workflow, with policy, review activity, cases, reporting and evidence managed in the same environment.

1. Policy-led supervision

Fingerprint starts with the firm’s supervision policy. Monitoring categories, channels, risk phrases, review tasks, KPIs and investigation timeframes are configured against that policy.

This is a useful design choice. It keeps the product tied to how the firm has said it will supervise communications. That means review activity is not just a search exercise. It is connected to purpose, scope, accountability and evidence.

Risk terms are configured as phrases rather than isolated words, improving relevance and reducing crude keyword matching. Review categories can then support different use cases, including market abuse, client treatment, culture, HR, sales, marketing and off-channel communication.

2. Cross-channel investigation

Fingerprint allows reviewers to work across email, voice, chat and collaboration channels in one place. Communications can be searched, risk-ranked, reviewed, closed, added to cases or escalated.

This matters because misconduct rarely respects channel boundaries. A conversation can start in Teams, move to WhatsApp, continue by voice and end in email. Analysts need the full timeline, not just an isolated message.

The system supports investigation, review and sign-off workflows, helping teams evidence how a case moved through the process and why a decision was taken.

3. Multi-tenant oversight

Fingerprint is especially strong where a single compliance team needs to supervise multiple firms, departments, offices or client books.

The platform supports separate environments with role-based visibility, allowing service providers and principal firms to maintain clear segregation. A regulatory host overseeing appointed representatives (AR) can see portfolio-level risk while ensuring each AR’s data remains properly ring-fenced.

4. Reporting for audit, due diligence and supervision

Fingerprint’s reporting layer is designed to show activity, not just outcomes. It supports KPI reporting, activity logs, supervision reports and examination-style outputs.

That supports the way firms are increasingly assessed. The question is not only whether wrongdoing was found. It is whether the firm performed the required supervision, within the expected timeframe, using the right criteria, and with a traceable record.

5. AI used carefully

Fingerprint uses AI and machine learning where they improve supervision quality and workflow efficiency. Natural language processing helps isolate useful email body content from footers, disclaimers and reply chains. Anomaly detection can highlight unusual behaviour, such as language shifts or encrypted attachments. AI can also support policy drafting, tuning and score adjustment suggestions.

The approach is controlled. Where machine learning cannot confidently process a message, the system falls back to showing more rather than less. Changes to scoring remain in the hands of the compliance officer.

Parker & Lawrence’s View

Fingerprint addresses a clear gap in the eComms market: active supervision for firms that need policy-led monitoring and evidence, but do not need a large-bank surveillance stack.

Fingerprint’s unique value is in making supervision operational: defining what should be reviewed, routing that work, documenting the outcome, and producing evidence that stands up to audit, due diligence and regulatory review.

The platform is especially well suited to multi-entity oversight. A UK regulatory hosting firm with responsibility for more than 70 appointed representatives used Fingerprint to centralise monitoring across segregated environments. A five-person compliance team was able to supervise 100% of ARs proactively, with each analyst overseeing 14 businesses.

Those results matter because communications supervision can otherwise become a growth constraint. If adding another appointed representative means adding more manual review burden, compliance becomes a commercial bottleneck. If the oversight model scales, compliance can support growth more confidently.

Fingerprint has also identified the broader potential of technologies in this space to go beyond traditional market abuse use cases, and into wider, people-led risk of all kinds.

Barriers to adoption are increasingly cultural over technical. Communications supervision has often been treated as a standalone compliance obligation rather than part of wider organisational risk intelligence.

That position is becoming harder to sustain. As operational, conduct, regulatory and behavioural risks converge, firms need the fuller context that communications data provides. Fingerprint’s policy-led approach is designed for that environment. It helps firms supervise communications in a way that is structured, proportionate and evidence-led, while supporting a more connected understanding of risk across the business.