Listen closely: Why voice capture should be a compliance priority

Written by a human

While it seems that people may be making fewer phone calls than ever in our personal lives, we are increasingly surrounded by voice, from iMessage voice memos to an avalanche of celebrity podcasts. But for some industries, calls are very much part of the day-to-day.

Voice channels allow bankers to easily touch base with clients or traders to communicate quickly and freely on the trading floor, enabling split-second decision-making.

However, the regulatory focus on text-based digital communications over the last few years and the practical challenges of capturing and surveilling voice may have lulled some into a false sense of security. By not leaving a “paper trail,” bad actors may see voice as a convenient channel to hide misconduct. But, with regulators increasingly focusing on financial crime, firms need to ensure they’re listening closely to signs of potential risk.

Compliance is still on the line

The industry has seen a substantial shift in approach from regulators, including the Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC), over the past year. Where recordkeeping was a primary focus, regulators have begun to shift attention from technical compliance violations to financial crime to maintain investor protection and market function.

While it may sound like regulators are easing scrutiny of communications compliance, firms should listen more closely to the expectations that lie underneath. With regulators doubling efforts to deter misconduct, firms that maintain strong compliance programs to monitor for suspicious behavior hidden within all business communications – including voice – will be best positioned to identify risks before they escalate.

The Department of Justice (DOJ) has reformed its self-disclosure policies, offering firms the chance to resolve enforcement actions if they take a proactive and cooperative approach. Likewise, the CFTC announced that firms meeting high levels of self-reporting could receive reduced financial penalties or even no penalties whatsoever, underscoring the benefits of proactive risk monitoring.

In its 2026 Annual Report, the Financial Industry Regulatory Authority (FINRA) highlighted that firms should ensure they’re “retaining and reviewing non-email electronic communications conducted through firm-approved channels”– a clear indication that voice should be on firms’ radar as well as any other method of business communication.

 It is well worth remembering that the CFTC has released regulations that outline expectations for audio retention applicable to security-based swap dealers who often trader over the phone. CFTC Rules 1.31 and 1.35 underscore that firms should capture all oral communications related to commodity interest transactions on telephone, voicemail, and mobile devices.

Set your AI-generated voice records straight

Artificial intelligence (AI) should also be part of the voice surveillance conversation, especially regarding transcription and translation capabilities and conversational AI model chatbots.

Advancing AI tools offer firms the ability to strengthen risk detection by automatically transcribing audio files into written documents and translating between languages where required. This enables compliance teams to maintain oversight of complete audio conversations instead of “randomly sampling” recordings – an imperfect approach that left resource poor teams relying on a great deal of luck to identify risk.

While these AI-enabled transcription tools offer compliance teams the opportunity to reduce manual workloads and focus on genuine risk, firms must also consider whether they need to retain transcripts as business records. Those that capture voice channels but fail to retain AI-enabled transcriptions may well be creating a new compliance gap.

Regulators are increasingly taking a pro-innovation stance and are building out guidance as the pace of AI adoption increases. FINRA noted that summarization and information extraction are among the primary GenAI use cases that firms are deploying. In the case of voice content, this applies to transcribing calls, summarizing meetings, and even conversational chatbots like ChatGPT Voice mode.

Additionally, firms should be aware of AI-enabled threats as the threat landscape advances. In its 2026 Annual Oversight Report, FINRA flagged that threat actors are socially engineering voices with AI or creating GenAI deepfakes, prompting firms to consider how they should adjust cybersecurity and risk detection policies to account for these concerns.

How can firms ensure effective voice oversight?

It’s imperative that firms regularly evaluate and refresh their voice compliance strategy to stay in step with industry developments and regulations. Failure to maintain a proactive risk detection could land firms in the hot seat, especially when conversations indicating misconduct fly under the radar due to a lack of monitoring controls.

Firms should keep the following points in mind to maintain effective oversight of voice communications:

• Audit your channels: Some of the most prevalent business communications channels employees use may offer audio features, from Slack’s voice clip recording to LinkedIn’s audio messages. If capturing these channels, firms must ensure they’re taking account of these audio notes and call options and have established tools that can transcribe these conversations to maintain oversight of business communications.
• Don’t “phone in” voice data completeness: Voice recordings can take up considerable storage space compared to text communications, and the sheer number of conversations that take place day-to-day across businesses can make maintaining complete records a logistical and financial challenge. Firms need to assess how they are capturing and retaining voice communications, whether call transcriptions can be considered their “gold copy,” and if they are leaving gaps in their data completeness that regulators may call into question.
• Retain records of AI-generated content: If firms use AI tools to transcribe content, these qualify as business communications and should be retained alongside communications data from other sources. Similarly, if prompts generated by LLM voice chatbots, such as ChatGPT Voice mode, contain business advice, firms must determine whether it needs to be captured and monitored.
• Don’t get hung up on “deregulation”: Regulatory priorities may be shifting, but compliance expectations aren’t. The SEC and CFTC may have pulled back in issuing recordkeeping violations, but they are still encouraging firms to maintain supervision controls to identify suspicious behavior. While administration is taking a certain stance currently, expectations could change in the future as regulatory leadership turns over, and future investigations may look at firms’ compliance conduct today.
• Document your details: Without thorough documentation evidencing the ways that your firm has built out compliance and surveillance controls to detect misconduct within voice data, regulators may still penalize firms for lacking risk governance. Regulators want to see evidence of how firms are embedding compliance policies into operations, and how they’re enforcing these policies to account for every risk avenue – voice included.

Voice oversight is a critical element of robust risk monitoring, enabling firms to meet regulatory obligations around financial crime deterrence. Identify misconduct, reduce false positives, and mitigate the risk of gaps in your communication records with Global Relay’s AI-enabled voice-to-text transcription solution.