If you run a control room at an investment bank, you already know the feeling.

A deal gets announced. You go back through the communications. And somewhere in the thread, there's a message that shouldn't exist — a question that crossed the wall, a response that acknowledged too much, a forwarded email that nobody flagged.

Nothing necessarily illegal. Just enough to make you wonder what a regulator would think.

This is the reality of modern deal supervision, and it's getting harder, not easier.

The volume of digital communication inside a bank during a live transaction is staggering. Email, Teams, Bloomberg chat, internal messaging — multiple channels, all moving fast across teams that are supposed to be separated. The control room's job is to maintain those separations in real time. The tools most firms are using were not built for that job.

Keyword filters catch some of the obvious problems. But restricted list monitoring creates an additional challenge. Many securities trade under ticker symbols that are also common English words.

What This Looks Like in a Real Communication

“We should revisit cat this afternoon”

A message like this may or may not refer to Caterpillar. If that issuer is on the firm's restricted list, compliance needs to know when the message is actually referencing the security rather than ordinary language.

Traditional surveillance tools struggle with distinguishing the meaning of ambiguous words like this. They’ll flag enormous volumes of irrelevant messages, creating irritation that leads employees to disregard the warnings, just like a smoke detector on the fritz. If the warning is ignored, that tool is ineffective for compliance. 

These keyword matching tools will likely miss other compliance risks — language signaling document tampering or attempts to move conversations off-platform. These are the patterns that show up in enforcement actions. These are signals that keyword filters are essentially blind to, and that require a mix of restricted list detection and communication surveillance. 

The other issue is timing. Post-send review means the message has already been sent. The damage to a deal, or a client relationship, or the firm's regulatory standing is already done. A compliance team reviewing yesterday's communications is managing liability, not preventing it.

What control room managers need is a system that operates pre-send, flags deal-specific risk in context in real time, and gives them a dashboard that displays real risk rather than drowning them in false positives.

The control room function exists for a reason. It's the firm's last line of defense between deal intelligence and the rest of the market. It deserves infrastructure that can actually do that job.

If you're still relying on manual review and keyword filters to protect that boundary, the sleepless nights make sense. But this isn’t just a tooling problem — it’s an architectural one. The way firms monitor communication hasn’t kept pace with how communication actually happens.

In the next piece, we’ll look at what a modern approach looks like: How real-time detection, context-aware systems, and integrated surveillance can shift control rooms from reactive review to true prevention.

Book a free demo of HarmCheck today: http://harmcheck.ai/demo

By Alphy staff

HarmCheck by Alphy is an AI communication compliance solution that detects and flags language that is harmful, unlawful, and unethical in digital communication. Alphy was founded to reduce the risk of litigation from harmful and discriminatory communication.