As communication channels develop and regulatory pressures increase, businesses are grappling with the challenges of managing electronic communications (eComms) effectively amid outdated technologies and shifting compliance expectations. Here we explore everything you need to know about eComms and how to navigate an increasingly complex comms world.
What is eComms and why does it matter?
eComms (short for electronic communications) refers to any form of digital communication used in a business context. It includes:
- Emails
- Instant messages (e.g., Slack, Microsoft Teams, Bloomberg Chat)
- Text messages and mobile messaging apps (e.g., WhatsApp, WeChat, SMS)
- Video conferencing platforms (e.g., Zoom, Teams)
- Social media messaging (e.g., LinkedIn messages, BlueSky DMs)
In heavily regulated industries like finance, eComms are considered official business records and are subject to compliance, monitoring, and retention requirements.
eComms surveillance is the practice of recording, monitoring, and analyzing these communications to ensure compliance and protect firms from legal and reputational risk.
Firms must capture, archive, and supervise these communications to:
- Comply with regulatory frameworks (like SEC, FINRA, FCA)
- Detect potential misconduct (like insider trading or market abuse)
- Avoid hefty fines for missing or improperly managed records
This pressure was exacerbated by the COVID-19 pandemic, which expanded remote work – making mobile communication a primary channel and exposing huge compliance gaps.
What firms are getting wrong
Donald McElligott, VP Compliance Supervision, at Global Relay identified three main areas of concern:
- The “quick and dirty” approach: Many firms have rushed to adopt piecemeal solutions, leading to fragmentation and unreliable capture
- Consequences: Major fines – especially in the US – often stem from missing mobile data and unsupported platforms like WhatsApp and WeChat
- The risk of blackouts: Tools that aren’t API-compliant break without notice; firms often can’t even answer what was missed during outages
He notes that surveillance technology is “great,” but it can only survey what’s there, what’s been successfully captured. Compliance professionals must attest to the fact that they supervised what was captured and must confirm that everything was captured.
Regulators require proof of a plan of capture—”You’ve got to show them; this is what I do to make sure I’ve got everything.” Many firms cannot answer that question, and recordkeeping fines are evidence of that disconnect.
Why APIs and vendor partnerships matter
Some firms have taken shortcut approaches to capture encrypted platforms like WhatsApp or WeChat. Many initially took the “scraping” route – using unofficial or reverse-engineered tools to intercept messages. While these quick fixes may have offered temporary access, they proved unstable and unreliable. Updates from platform providers like Meta would often break these tools, leaving firms with silent blackouts where critical data was missed – and no reliable way to recover it.
The more innovative, sustainable approach is a direct partnership with platform providers via supported APIs. For example, working directly with Meta allows firms to integrate with WhatsApp through official channels, ensuring data is captured in a compliant and consistent way. This method not only enhances reliability but also comes with built-in support, monitoring alerts, and the ability to backfill any data missed during temporary outages.
But the most important shift in thinking isn’t just around how to capture data – it’s understanding what might be missing. Regulatory scrutiny is increasingly focused on gaps in surveillance, particularly in periods where systems were down or non-compliant methods were used. It’s no longer enough to say, “we’re capturing communication;” regulators want evidence of proactive monitoring.
AI: Not a silver bullet
Artificial Intelligence is transforming the compliance and surveillance landscape – but it’s not magic. AI isn’t a standalone solution; it’s a force multiplier that amplifies the effectiveness of your existing data architecture.
AI is only as good as the data it receives. If surveillance data is messy – spread across vendors, inconsistently formatted, or partially captured – AI’s effectiveness diminishes rapidly.
That’s why unified architecture is essential. AI can deliver far more accurate outcomes when surveillance data flows through a single system, with standardized formats and centralized archiving. This enables faster discovery, more meaningful pattern recognition, and real-time compliance reporting.
Building vs. Buying
There are several routes in the eComms market.
Some providers take the acquisition route, buying up smaller vendors to quickly expand capabilities. Others, like Global Relay, choose to build everything in-house – favoring integration and long-term innovation over speed to market.
Acquisitions can offer fast access to new tools and client bases – but they often bring hidden costs.
An in-house build approach may be slower initially, but it provides complete control over the data lifecycle, from capture to archiving to analysis. This leads to tighter integration, better performance, and a more stable foundation for future innovation.
Summary
The way companies approach eComms surveillance is changing. Relying on a mix of disconnected tools and short-term fixes is no longer sustainable. Instead, the focus is shifting to well-integrated systems built specifically for this purpose. That means working directly with platform providers, moving toward centralized solutions, and making sure any AI tools are fed with clean, consistent data.
Whether it’s through supported APIs, unified platforms, or carefully developed internal tech, businesses need to rethink their surveillance setup – not only to meet compliance requirements, but to stay ahead in a fast-moving industry.
Because going forward, it won’t be enough to ask, “Did we capture that message?”
The real question will be: “Are we certain we didn’t miss anything?”
