Table of Contents
Andreessen Horowitz published a piece this week arguing that AI has finally crossed the trust threshold in regulated industries. Compliance is becoming a revenue driver, not just a cost centre, and the software hasn't caught up yet. It's a sharp read, and they're right.
But they built their case entirely around financial crime: KYC, AML, transaction monitoring, suspicious activity reports. There's a parallel compliance obligation sitting inside every FINRA and SEC-regulated firm with the same problem profile, the same regulatory heat, and roughly two fewer years of software maturity.
The obligation to supervise what employees say is not new. What's new is the scale at which it's breaking.
Regulation: Old Rules, New Channels
The billions in fines that landed on financial services firms between 2022 and 2024 weren't because regulators invented new standards. They applied existing ones to channels firms had chosen to ignore.
SEC Rules 17a-4 and 204-2 have not changed. They require that all business communications are retained and available to produce. They never specified email. They never excluded WhatsApp. The firms that paid those fines knew the rules. They just assumed the rules wouldn't follow their advisors onto their personal devices.
That assumption is gone. The current regulatory climate has softened in some respects, and some firms are watching that closely. But the underlying rules haven't been repealed, examination activity continues, and enforcement history suggests that periods of relative quiet tend to be followed by periods that aren't. The firms that used the last lull to shore up their supervision infrastructure were better positioned when attention returned. The ones that treated it as permission to stand still were not.
Software: The Infrastructure That Wasn’t Built for This
a16z name Smarsh in their piece, briefly, under employee oversight. They describe it as legacy infrastructure and move on. That brevity is accurate.
The platforms that defined the communications compliance space were built for a different environment: fewer channels, lower volumes, email as the dominant medium. They were designed to capture communications. They were never built to understand them.
The alert logic sitting on top of most supervision platforms fires on keywords without context. A message containing the word "guarantee" in a clearly personal exchange triggers the same flag as one that might warrant review. The system doesn't distinguish between them because it was never designed to. Analysts work through queues of hundreds of flagged messages a week, most generated by pattern matching that hasn't meaningfully evolved in a decade.
This is what a16z mean when they describe compliance as "schlep work": painful, manual, and resistant to improvement, not because the problem is hard, but because the tools were built to a standard that no longer fits. The channel landscape has changed completely. The software layer, for most firms, has not.
People: Where the Pressure Lands
The a16z piece opens with a line that applies here as precisely as it does to financial crime: "As the world has grown more complex and legal requirements for corporations have risen, the response of enterprises has been simple: throw more people at the problem. More people, it turns out, has not meant better outcomes."
In communications supervision, that failure mode is specific and well-documented. You hire more analysts. You give them bigger queues. The queues are full of alerts the system generated without any real sense of whether they matter. Over time, the process degrades not because people stop working hard, but because the signal-to-noise ratio makes real vigilance unsustainable.
One CCO put it plainly: "After a while, your team stops trusting the alerts. That's when mistakes happen."
That erosion of confidence is the real compliance risk, not the volume. a16z cite figures that will be familiar to anyone who has tried to hire into this function: 87% of entrants eventually leave the field, annual churn above 20%. Communications review is among the most repetitive, high-volume work in the compliance function, and structurally the work most likely to drive people out. The workload has already outpaced human capacity. The question is what you do with the human capacity that remains.
Augmenting the People Layer
a16z describe the opportunity as directing human expertise toward the decisions that actually require it, and absorbing the rest. Mira, MirrorWeb's AI supervision agent, is built on that principle. It doesn't replace the analyst. It changes what the analyst spends their time on, moving the cases that need real judgement to the front and absorbing the noise that doesn't.
The proof point that illustrates this best isn't a volume number. A financial advisor recommends a restaurant to a client. A keyword-based system flags it against the firm's third-party recommendation policy. A contextually aware system understands it isn't investment advice, and the analyst never sees it. Firms using Mira have cut review time by 80% while remediating more issues, not fewer. The capacity recovered moves to the scenarios that require it.
The a16z piece is worth your time. It's good to see these arguments getting the audience they deserve.
See how Mira works here.
.webp?width=352&name=Inbox%20Overwhelm%20-%20Blog%201920x1080%20(1).webp)
