With human-to-AI communication now embedded in many workplaces, a new category of business communication – ‘aiComms’ – has emerged, along with a new participant: AI itself. The volume of aiComms looks set to increase significantly, with nearly all firms (99%) surveyed for our seventh annual Digital Communications Governance Report planning to implement or expand AI capabilities. This includes those embedded directly into communications and collaboration platforms, such as Teams, Zoom, Webex, and RingCentral. While the productivity benefits are clear, findings from the report show that most firms are not yet equipped to manage the governance and data security implications of these AI tools. Our research, based on independent surveys of 500 IT and compliance leaders across financial services, highlights five key areas requiring focused attention.
1. Conduct and data risks in AI-generated content
AI-related governance and data security are challenges reported by 88% of respondents. The accelerating volume and velocity of digital communications – including AI-generated outputs – are placing unprecedented pressure on existing compliance frameworks.The most frequently cited concerns include:
- Ensuring accuracy and regulatory compliance of AI-generated content
- Detecting exposure of confidential or sensitive data in AI outputs
- Identifying risky end-user behaviour in AI interactions
- Tracking where problematic AI-generated content is shared and with whom
These risks directly affect firms’ ability to meet obligations around conduct, data protection and market integrity. Even if guardrails are in place, firms remain exposed to misuse. Techniques like ‘jailbreaking’ – crafting prompts designed to override an AI system’s safeguards or influence outputs in unintended ways – may lead to the generation of harmful, misleading or non-compliant content, or the inadvertent disclosure of confidential or sensitive information.
2. Compliance blind spots in fragmented communications environments
Most firms now operate across multiple communications platforms, with 82% using four or more unified communications and collaboration (UCC) tools, such as those listed above. They also rely on at least three separate compliance tools for recording, archiving and supervising communications – a significant shift from legacy monitoring systems, which were designed around siloed channels or single functions, such as recording voice without analysing accompanying chat and video. This fragmentation creates operational inefficiencies and growing oversight blind spots.The research shows that firms are facing:
- Search and ediscovery gaps – for example, the email archive may be complete, but chat messages from a Teams channel or digital whiteboard aren’t captured, resulting in incomplete data retrieval when responding to regulatory requests, litigation or internal investigations.
- Surveillance gaps affecting risk detection and remediation – for example, the monitoring tool only scans text-based communications, so it won’t pick up contextual information like emojis and reactions, or screen-shared content during a video call.
- Difficulties reconstructing multi-platform conversations – for example, if audio, video and file sharing are used within the same meeting but stored separately, it is difficult to establish who said what and when. Whether for investigations, complaints handling or regulatory reviews, the inability to reconstruct a conversation creates both gaps in oversight and operational inefficiencies.
