Welcome to The Demo Room – your front-row seat to the future of RegTech, RiskTech, and AI innovation.
In this series, Parker & Lawrence Research documents its research interviews with the most forward-thinking vendors tackling the industry’s biggest challenges. Each blog is built around a comprehensive product demo, providing clear insights into how these innovations address industry challenges. On this occasion, the firm spoke with James Hogbin, Founder & CEO of Fingerprint, an end-to-end communications compliance platform for regulated firms and compliance service providers.
This interview was part of the wider Global State of RegTech report conducted by RegTech Analyst and Parker Lawrence Research. To download the full report, click here.
Communications supervision has quietly become one of the most operationally demanding and consequentially high-stakes areas of compliance — and the old model of simply capturing and storing data is no longer enough.
For much of the past two decades, the approach taken by regulated firms was largely evidential: capture email, voice, chat and messaging data, store it in an archive, and retrieve it when a regulator, auditor or investigator came knocking. That model has not kept pace with either the scale of risk now embedded in communications data or the expectations regulators have placed on firms.
Billions of dollars in fines have been levied globally in recent years for communications failures, off-channel messaging and weak supervision controls. Much of the scrutiny has centred on recordkeeping breaches involving WhatsApp and other unauthorised platforms, but the underlying issue is far broader. Firms are increasingly expected not merely to retain communications, but to actively supervise them.
The scope of what communications data needs to cover has expanded considerably. The same conversation thread can simultaneously contain signals relevant to market abuse, customer treatment, financial promotions, information leakage, cultural or non-financial misconduct, and attempts to shift activity onto unsupervised channels. This convergence is colliding with an uncomfortable operational reality: around 80% of compliance teams still depend in part on manual processes, while the communications landscape continues to fragment across email, voice, Microsoft Teams, Slack, WhatsApp, Bloomberg and a growing range of collaboration tools.
Fingerprint founder and CEO James Hogbin said, “An archive isn’t an archive unless it’s supervised.”
The problem hidden in plain sight
Most regulated firms already capture some communications data. Many maintain an archive — some, several. But the difficulty arises when a compliance officer is required to demonstrate what was reviewed, why it was reviewed, which risks were being monitored, who conducted the review, what was found, what was escalated, and whether the firm’s own supervision policy was followed throughout.
Manual workflows make this almost impossible to evidence clearly. Teams log into multiple systems. Voice, email, Teams, Slack, WhatsApp and Bloomberg may all sit in entirely separate environments. Evidence is assembled retrospectively rather than in real time. Supervision policies are tracked in one document, review activity in another, and cases somewhere else entirely.
The richness of communications data is both its value and its complexity. Context, tone and relationships between individuals matter enormously. A message that appears entirely unremarkable in isolation can become significant when placed alongside a trading pattern, a separate conversation thread or a broader behavioural trend. That is precisely where manual approaches break down: reviewing communications thoroughly at scale is expensive in both time and operational cost, and fragmented workflows make consistent supervision increasingly difficult to maintain.
The challenge is especially acute for smaller and mid-market firms, where compliance teams are lean and regulatory expectations are rising. It is also sharply felt by regulatory hosts, principals, compliance consultancies and outsourced chief compliance officer (CCO) providers, who may oversee numerous separate businesses — each requiring ring-fenced supervision, discrete reporting and clear auditability. For larger institutions managing multiple jurisdictions and business functions, maintaining consistent conduct visibility across the organisation presents a different but no less serious set of challenges.
Hogbin said, “Wherever there’s potentially people at risk, you should be monitoring your communications.”
Commercial pressure is adding to the urgency. Investors, counterparties and operational due diligence teams are increasingly demanding evidence that firms are adhering to their own stated policies. A failed due diligence process can be as damaging to a compliance officer as a regulatory finding — the firm may have good intentions, but be unable to demonstrate them.
How Fingerprint approaches the problem
Fingerprint is a communications supervision platform designed to bring policy, review activity, case management, reporting and evidence into a single operational environment, rather than managing them across disconnected systems.
The platform starts with the firm’s own supervision policy. Monitoring categories, channels, risk phrases, review tasks, key performance indicators and investigation timeframes are all configured against that policy — meaning review activity is not simply a search exercise, but is directly tied to purpose, scope and accountability. Risk terms are structured as phrases rather than isolated keywords, which improves relevance and reduces the kind of crude matching that generates high volumes of false positives.
Cross-channel investigation is central to the platform’s design. Reviewers can work across email, voice, chat and collaboration platforms in a single environment, with the ability to search, risk-rank, review, close or escalate communications, and add them to cases. This matters because misconduct does not respect channel boundaries: a conversation might begin in Teams, shift to WhatsApp, continue by voice and conclude by email. Analysts need the full timeline, not a series of isolated fragments.
Fingerprint is particularly well-suited to multi-entity oversight environments. The platform supports separate supervisory environments with role-based visibility, enabling regulatory hosts and principal firms to maintain clear data segregation. A host overseeing appointed representatives (ARs) can monitor portfolio-level risk while ensuring each AR’s data remains appropriately ring-fenced. One UK regulatory hosting firm with responsibility for more than 70 ARs used Fingerprint to centralise monitoring across segregated environments; a five-person compliance team was able to provide proactive oversight of 100% of ARs, with each analyst overseeing 14 separate businesses.
Reporting is designed to demonstrate activity, not just outcomes — supporting audit readiness, due diligence processes and regulatory examination. The platform also uses artificial intelligence and machine learning in targeted ways: natural language processing isolates substantive email content from footers and reply chains; anomaly detection can flag unusual patterns such as language shifts or encrypted attachments; and AI can support policy drafting and score tuning. Importantly, the approach is controlled — where machine learning cannot process a message with sufficient confidence, the system defaults to surfacing more content rather than less, and scoring adjustments remain with the compliance officer.
Why this matters now
Fingerprint addresses a gap that has become increasingly difficult to ignore: active, policy-led supervision for firms that need structured monitoring and audit-ready evidence, but do not require a large-bank-style surveillance infrastructure. Its core value lies in making supervision operational — defining what should be reviewed, routing that work to the right people, documenting outcomes, and producing evidence that holds up under scrutiny.
The barriers to wider adoption are increasingly cultural rather than technical. Communications supervision has long been treated as a standalone compliance obligation — something separate from wider organisational risk management. That position is becoming harder to sustain as conduct, operational, regulatory and behavioural risks increasingly converge around the same datasets. Firms that recognise this shift and build a more connected view of risk will be better placed to manage what is coming — whether from regulators, investors or their own internal governance requirements.
Read the original post from Parker & Lawrence Research here.
Copyright © 2026 RegTech Analyst
Copyright © 2018 RegTech Analyst
