Resilience, Risk, and Readiness: What We Heard at Smarsh Connect

1. Staying the course amid shifting political winds

With a recent US election and global regulatory relationships evolving, many attendees acknowledged the potential for change — but emphasized that their overall risk management strategies are not being reimagined.

The dominant mindset: keep moving forward, grounded in what has worked. Despite uncertainty on how new regulatory agency leadership may produce fewer exams or slower enforcement actions due to reduced agency staffing, firms aren’t making assumptions. Instead, they’re preparing for the “long tail” where decisions made today may have implications years down the line.

“My read was that the impacts are unknown,” one attendee noted. “We’re managing risk the way we always have. Things will change quickly and often — that’s the only certainty.”

For firms with a global footprint, a few shared concerns about the extent of continued cross-border cooperation. Still, most agreed that foundational compliance practices will carry them through whatever shifts may come.

2. AI moves from hype to hands-on

Interest in AI has shifted from exploratory to essential. Sessions on generative AI, transcription, and compliance automation were packed, and the message was clear: firms want to move forward with real, measurable use cases — especially those that enhance productivity and reduce manual oversight.

Many firms are no longer just exploring AI — they are actively piloting tools, finalizing governance frameworks, and accelerating adoption. What was once seen as experimental is quickly becoming integrated into strategic compliance roadmaps.

Still, concerns remain. Many asked: What are the regulatory obligations? How do we ensure proper governance? How do we separate real value from marketing“AI-washing”?

Rather than waiting for definitive regulatory instructions, firms are taking a proactive approach — standing up AI working groups, establishing internal guardrails, and beginning to incorporate AI into compliance workflows.

Regulators, for their part, have yet to signal that they will issue hard-and-fast rules around AI use. In fact, the posture so far suggests they intend to remain largely tech-agnostic, focusing more on outcomes and intent than on the tools themselves. As one SIFMA guest noted, “in spite of efforts to modernize rules, the rules themselves are meant to be technology agnostic.”

As a result, firms can look to enforcement actions, alerts, and notices for practical examples of acceptable behavior, and use those to shape policies that can extend across any platform or communication type.

3. Fear still moves budget

One truth came through clearly across conversations: budget follows risk. More specifically, budget follows fear, particularly fear of being the next big headline. Despite the perception that regulatory agencies may be applying a softer hand to enforcement, many firms are still unlocking funding for compliance initiatives based on the potential for large fines.

The fear of being next on the enforcement list remains a powerful motivator — and for many, it justifies continued investment in everything from surveillance programs to archive modernization and communication channel oversight.

Even firms trying to “do more with less” are finding creative ways to prioritize compliance. And as peer behavior becomes more transparent, industry pressure is adding urgency. Leadership teams are not only watching the regulators — they’re watching each other.

4. The need for clarity persists — even when it’s unlikely

Whether it was off-channel communications or AI-driven interactions, one request surfaced repeatedly: clearer guidance. There’s a long-standing desire for regulatory clarity around what constitutes “business as such,” particularly when evaluating internal vs. external communication requirements.