Most people in financial services know what MNPI is. Fewer realize how often it leaks through the one channel nobody's watching closely enough: internal email.

Inside an investment bank, that risk is supposed to be managed through information barriers and restricted lists maintained by the control room.

At its core, material non-public information refers to information about a public company that isn't available to the market and could influence an investor's decision — and is strictly regulated for good reason. Trading on it is illegal. Sharing it carelessly isn't much better.

The problem isn't that bankers don't know the rules. It's that deal communications move fast, and compliance controls haven't kept pace.

Here's where it gets complicated: MNPI doesn't have to be a smoking gun to be a liability. A casual mention of a pending acquisition in a Teams message. A deal codename dropped in an email chain that crosses information barriers. A ticker or crypto symbol missed by restricted list technology because it is a common word. A banker on a live deal responding to an inquiry from the equity research side. None of these feel like violations in the moment. All of them can become one on review.

What This Looks Like in a Real Communication

Example internal message:

“Let’s discuss shop after the call.”

In an ordinary conversation, that sentence looks harmless. But if the firm is advising Shopify and the security is on the firm's restricted list, the same message becomes a reference to a restricted issuer in internal communications.

Many ticker symbols — CAT, HAS, LIFE, SHOP — are also ordinary English words. That makes them difficult for traditional keyword surveillance systems to monitor reliably.

Regulators don't need intent. They need a pattern.

The SEC and FINRA have consistently made clear that firms are expected to have supervisory systems that can detect and prevent these kinds of information flows — not just policies that prohibit them. That's a meaningful distinction. A written policy is not a control. It's documentation that you knew the risk existed.

What does an effective control actually look like? It catches the language in context, before or immediately after it's sent. It flags covert communication attempts when someone tries to move a conversation to a personal device or an unmonitored channel. It maintains an audit trail that holds up under examination.

The firms getting this right aren't relying solely on keyword alerts. They're using systems that can detect when a message actually refers to a restricted issuer — even when the ticker symbol is also a common English word. They're using AI that understands the regulatory significance of what's being said and the content of the communication, not simply scanning for keywords. 

Your bankers' emails aren't going to stop being a liability on their own. The question is whether your compliance stack is built to detect the communications your policies are designed to prevent.

Book a free demo of HarmCheck today: http://harmcheck.ai/demo

By Alphy staff

HarmCheck by Alphy is an AI communication compliance solution that detects and flags language that is harmful, unlawful, and unethical in digital communication. Alphy was founded to reduce the risk of litigation from harmful and discriminatory communication.