By Jamie Hoyle.
Compliance officers are, by any reasonable measure, experts. They hold qualifications that take years to earn, develop an understanding of regulatory frameworks that most people in financial services never fully acquire, and build institutional knowledge that no keyword-matching system can replicate.
At their best, they’re the professionals who can separate a real risk from a false alarm – and explain precisely why. There’s a craft to it that takes years to develop and that, when properly applied, is the difference between a firm that manages risk and one that gets blindsided by it.
Ask them to describe last Tuesday, though, and the picture looks rather different.
How False Positives Took Over the Compliance Officer’s Day
To understand how we got here, it helps to remember the pressure compliance teams have operated under. The Dodd-Frank Act, passed in the wake of the 2008 financial crisis, significantly expanded the scope of what firms were expected to supervise. Then came the smartphone – and eventually, an explosion of communication channels that regulators were determined to bring inside the supervision perimeter. When the SEC and FINRA began issuing nine-figure fines for off-channel communications, the message to compliance functions was unambiguous: if it isn’t captured, it’s a liability. Cover everything.
Recommended Articles
Technology March 9, 2026
AuditBoard is Now Optro
Technology February 25, 2026
Using AI to Win Tax Season
Technology February 4, 2026
FlexTecs Secures Investment From PE Firm Cohere Capital
The technology industry responded with tools optimized for breadth – comprehensive capture, generous flagging, maximum coverage. The logic was entirely defensible, and comprehensive capture remains non-negotiable. But without the intelligence layer to filter what’s genuinely relevant, the burden falls squarely on the compliance officer. In practice, that means reviewing a message to a spouse, a doctor’s appointment, a birthday text – communications that have no business being in a review queue, but end up there because the underlying technology was never designed to tell them apart.
A 2025 benchmark study of 200+ compliance leaders found that firms lose an average of $232,457 annually to false positives in mobile communications alone. The more consequential number, though, is in the calendar. Those dollars represent hours of expert attention applied to low-signal noise – hours that belong to the work compliance officers trained for, and consistently don’t get to do.
The Personal Communications Problem
Blanket mobile surveillance captures everything – including communications that have no compliance relevance whatsoever. Medical appointments, messages to family members, conversations that belong to an advisor’s personal life, not their professional one. Compliance officers end up reviewing this material not because it’s useful, but because the system doesn’t distinguish between the two.
For the compliance officer, this is wasted time on material that will never yield a finding – hours that could be spent on substantive review, pattern analysis, or building out the kind of proactive supervision program that impresses an examiner. Instead, they’re clearing a queue of personal communications that should never have reached them. It’s not just inefficient, it’s a misallocation of some of the most expensive professional attention in the firm.
The discomfort runs both ways, too. Advisors who know their personal messages are being reviewed are less likely to engage openly with the compliance function, creating friction that makes the compliance officer’s job harder across the board.
There’s a secondary consequence worth naming. Advisors who feel over-surveilled look for workarounds – unmonitored devices, off-channel conversations. Every workaround is a compliance gap, and compliance officers end up managing the fallout from a surveillance approach that created the problem it was meant to solve.
More Alerts, Less Judgment
The false positives that make it through represent a different kind of problem. Triaging at volume is not the same as exercising professional judgment. It’s a different mode of working entirely, and it systematically crowds out the thinking that genuine risk assessment requires. The cost isn’t just efficiency – it’s that when real issues surface in a context saturated with noise, they’re easy to miss.
There’s a regulatory dimension here too. SEC and FINRA examination priorities increasingly reward firms that demonstrate proactive, effective risk management. A compliance officer buried in irrelevant alerts is less able to build that kind of program, less able to document it defensibly, and less available for the strategic work that actively shapes how the firm manages risk.
What the Industry Is Getting Wrong
Compliance officers came into this profession to exercise judgment where it counts – to catch the pattern that signals something harmful before it becomes a regulatory problem. The industry has spent years building infrastructure that makes that harder. More volume, more noise, more time spent on material that never warranted attention.
The compliance officers making the biggest impact on their firms aren’t the ones processing the most alerts. They’re the ones who’ve carved out enough space to think – to spot patterns, stay ahead of regulatory shifts, and build supervision programs that hold up under examination. That quality of work requires time, attention, and the cognitive bandwidth that a perpetually overloaded review queue systematically destroys.
The technology decisions firms make about surveillance architecture aren’t just operational choices. They’re decisions about how much of their compliance officers’ expertise gets used – and the current default is leaving a significant amount of it on the table.
==
Jamie Hoyle is VP, Product at MirrorWeb where he leads product strategy for the company. He joined MirrorWeb as Lead Software Engineer in 2017, eventually transitioning to Product and spearheading the development of their flagshift communications supervision platform, MirrorWeb Insight. In 2024, Jamie relocated to Austin, Texas to embed himself in the heart of the US compliance landscape and stay close to the customers shaping the future of digital communications oversight.
Thanks for reading CPA Practice Advisor!
Subscribe Already registered? Log In
Need more information? Read the FAQs
