The Conduct Chronicles – Can AI boost conduct and culture?
Emma Parry highlights the benefits of AI in defining a culture that enables self-reporting, working to analyze large data sets and detect areas for further investigation.
Written by a human
If you’re an avid reader of regulatory enforcement notices (and frankly, who isn’t?), you may have noticed that regulators around the world are increasingly focused on firms self-reporting violations. In fact, where firms have failed to do so, regulators are increasingly calling it out.
The ramifications for firms facing enforcement action – and who had the opportunity to self-report but didn’t – are significant. It ranges from reputational damage, to, at worst, the inference that they have a culture that doesn’t take compliance seriously. This latter risk is especially acute for those firms that have had multiple violations over many years. Firms are understandably squirming uncomfortably under the spotlight.
A case in point is the recordkeeping fines (also referred to as the ‘WhatsApp fines’) that have continued – almost relentlessly – to hit the headlines since 2021. The latest, a press release in August 2024, issued by the U.S. Securities and Exchange Commission (SEC) revealed that twenty-six firms would be paying in excess of US$390 million (combined) to settle the SEC’s charges for widespread recordkeeping failures. What was particularly noteworthy about this press release was that the SEC highlighted that, out of the twenty-six firms, three self-reported the issues, and that they would pay reduced civil penalties as a result.
Why don’t firms self-report?
If self-reporting is so important, why aren’t more firms doing it? Is it a case of willful wrongdoing, a lack of governance, or perhaps firms have so much data that they can’t see the wood for the trees?
In the case of monitoring for market abuse, some firms are reporting that they are indeed drowning in alerts and ‘noise’ from their surveillance systems, and this is hampering their ability to identify instances of actual manipulative trading. However, it’s not just technical issues that are impeding their capabilities, some firms have broader operational, governance, and cultural challenges.
FINRA is, unsurprisingly, very eloquent on the matter. Indeed, in its 2025 Annual Oversight Report, it outlined some very specific compliance issues which serve to highlight why self-reporting isn’t as commonplace as one might expect. Alongside setting out technical deficiencies (e.g. issues with surveillance alert parameters and teams not documenting alert review findings), FINRA also pointed to procedural and governance deficiencies that also suggest cultural weaknesses, including:
- A lack of clear roles, responsibilities, and accountabilities
- Poorly designed procedures (i.e. not reflecting the types of business the firm engages in)
- Poorly designed, or indeed a lack of, escalation processes
- Insufficient resources, and
- Inadequate training
The benefits of self-reporting
As demonstrated by the SEC recordkeeping enforcement actions, there are undeniable benefits to self-reporting. And it’s not just the opportunity for negotiated settlements! Alongside a more predictable resolution – compared to waiting for the inevitable regulatory investigation – other benefits include:
- Strong governance: Self-reporting demonstrates that firms have the capabilities, governance, and effective escalation paths implemented to quickly identify and report issues.
- Control and transparency: Self-reporting allows a firm to manage the timing and content of the information shared, demonstrating a commitment to transparency and cooperation. Importantly, it gives the CEO, Board and communications teams time to investigate the facts, and draft the press release and the internal briefings for staff.
- Reduced reputational damage: Self-reporting can help minimize the potential reputational damage that accompanies the inevitable front-page headline and press coverage.
- Culture: Self-reporting demonstrates a proactive and robust compliance culture that takes ownership and accountability for violations, alongside a commitment to preventing future misconduct.
CTFC’s enforcement advisory on self-reporting
In a bid to increase the number of self-reported cases, and to drive greater transparency around its enforcement actions, the CFTC issued an enforcement advisory on self-reporting in February 2025. In it, it outlines the framework the Division will use “to assess self-reporting, cooperation, and remediation in investigations and enforcement actions.”
The CFTC states that self-reporting will be evaluated on a three-tier scale: “No Self-Report; Satisfactory Self-Report; and Exemplary Self-Report. To receive full credit, disclosures must be voluntary, made to the Commission, made in a timely manner, and complete.” The framework will also consider the level of cooperation it has received, alongside whether a firm engaged in substantial remediation efforts to prevent a future violation.
Announcing the CFTC’s enforcement advisory, Division of Enforcement Director Brian Young stated that its goal “is to obtain accountability while encouraging efficiency and conserving government resources by giving entities a clear reason to self-report and cooperate.”
The CFTC’s approach follows that of other regulators such as the U.S. Department of Justice (DOJ) which has a Voluntary Self-Disclosure Policy.
Can AI boost conduct and culture?
In a strong and vibrant culture, teams have clear roles and responsibilities, accountabilities are documented and adhered to, and governance and escalation paths are effective and efficient. Critically, individuals feel confident and comfortable to speak up and constructively challenge. All these factors contribute to firms being able to quickly mobilize to investigate and address emerging issues, and where needed, to alert the relevant regulator.
However, as discussed, self-reporting is hindered by a number of factors, and these differ across different firms. Factors can range from teams drowning in data, to poorly defined escalation paths, to too few employees who – to compound issues – haven’t received adequate training.
However, AI might be able to provide some solutions. In fact, Global Relay’s 2025 Industry Insights Compliant Communications report reveals that, of the firms who responded to the survey, almost a third are already using AI for compliance.
Deployed thoughtfully, and strategically, AI can work alongside teams as a ‘co-pilot,’ for example, to collate and analyze disparate and vast amounts of data, and to quickly pinpoint the areas that require further investigation.
In addition, AI can be used to support reporting processes, thereby providing more effective, robust, and comprehensive audit trails and records.
Ultimately, in partnership with robust governance and escalation paths, AI can enable firms to self-report violations faster, more accurately, and more effectively, signaling to the regulator that they have a proactive compliance culture.
In a world where conduct and culture are highly prized, firms must be able to demonstrate that they embrace ‘doing the right thing’.
