The biggest compliance risks don't always come with obvious warning signs. And they rarely announce themselves with a keyword.
As communication volumes explode across channels, traditional compliance systems are struggling to separate genuine risk from a flood of false positives.
Kamesh Tumsi, Chief Product Officer of Smarsh, explores why the industry is moving beyond static rules and keyword matching toward AI-powered systems that can understand context, intent, and behavior. He shares how this shift is helping organizations uncover hidden risks and move from reactive reviews to proactive supervision.
In my early Microsoft days, it was all about the internet, with a focus on open architecture where trust was the default and risk was understood primarily as technical (e.g., servers going down). Social platforms, cloud, and mobile phones changed that equation.
Tech companies have moved beyond infrastructure to intermediating human relationships, attention, and commerce. Trust has almost become a product feature, evidenced by ratings/reviews on e-commerce platforms. Risk has shifted from technical to behavioral instances such as spam, fraud, or harassment, but oversight remained self-regulatory, with platforms writing and enforcing their own standards. As these platforms grew in popularity, they also increased the risk for systems optimized for engagement at scale to facilitate harmful outcomes at scale, regardless of their intended purpose. After this shift, technology platforms were no longer assumed to be neutral, and oversight moved from voluntary to mandatory. Tech companies started being held accountable for outcomes, not just intent or explicit violations.
As we move into the current era, AI is changing the terms of how trust, risk, and oversight are being managed. AI enables structural shifts across several domains. Across industries, it is replacing static rules with dynamic models, periodic audits with continuous monitoring, and extensive human review with human judgment on exceptions.
The traditional compliance model is more people-focused. In fact, even to this day, more than 70% of all spend in compliance is people-based and less than 30% is spent on software. The traditional model is based on rules and lexicons that are static, manual, and labor-intensive. This is now transformed into a proactive model where intelligence is used to alert when misconduct and other bad behaviors occur, almost in real time.
The traditional lexicon-based model simply measured the presence of words, not the presence of intent or patterns. That approach cannot scale to the modern proliferation of communication channels, where people communicate with slang and multilingual phrases. Fundamentally, the traditional compliance model was designed as an audit function to provide a “paper trail” and not as a supervisory function to prevent real harm. Smarsh continues to see more opportunities to move intelligence to the root of where the communication really occurs. Smarsh is working on applying intelligence at the point of message capture to filter noise and classify messages into relevant categories. This will enable organizations to archive communications more intelligently while focusing supervision efforts on a smaller, pre-classified set of higher-risk messages.
Legacy rule-based compliance systems flag keywords without understanding context, generating false positives. As communication volumes explode across email, chat, voice, and social, even low false-positive rates translate into thousands of meaningless daily alerts. Reviewers that are drowning in noise lose their ability to distinguish real risk from irrelevant flags — a phenomenon called alert fatigue. Static rules also can't keep pace with evolving language, slang, and new communication channels without constant manual updates.
AI solves this by understanding meaning and intent rather than just surface-level patterns. The tools assign risk confidence scores so reviewers work with a prioritized queue instead of a flat flood of alerts. Behavioral baselining lets AI flag deviations based on what is normal for each specific advisor or team, not just general keyword matches. Multi-channel context allows AI to connect signals across platforms and over time, catching patterns no single rule could identify. The result is fewer false positives, sharper reviewer focus, and compliance programs that actually catch risks that matter.
Our AI approach uses a combination of Small Language Model and Large Language Model. The Small Language Model is trained in 100 languages and a parallel corpus of data so that semantics are captured. We fine-tune it for behaviors such as secrecy or rumors, and with a few examples, it generalizes to capture these across multiple languages, detecting behaviors rather than keywords. In practice, even if the tool is not trained on specific words, it knows the secrecy and triggers when it sees it, unlike a keyword-based lexicon.
If behaviors are sentence-based, the "second pass" review is done with the whole message and LLM. The LLM makes sure the business context and relevant information are necessary rather than based on the language. The AI assistant includes an explanation mode that maps detected language to specific behavioral indicators, providing a clear rationale for why content was flagged and how it relates to a particular misconduct scenario.
Voice has always been one of the most underutilized yet information-rich channels, primarily because it has traditionally been difficult to analyze at scale. At Smarsh, we saw a clear opportunity: across thousands of customers, vast volumes of call recordings were being stored for compliance, but not leveraged for insight. This represented a significant, untapped source of enterprise risk intelligence.
The breakthrough came with transcription: by converting voice into structured text, we unlocked the ability to analyze 100% of interactions rather than just the 2–3% typically reviewed through manual QA. This shifted organizations from limited, labor-intensive sampling to full visibility across critical risk areas such as customer dissatisfaction, employee sentiment, churn risk, fraud, insider trading, and off-channel activity.
From there, the opportunity evolved beyond analytics into proactive intelligence. Today, capabilities like automated QA, AI-driven topic mining, agentic AI, and real-time notifications enable organizations to move from reactive hindsight to proactive risk management—surfacing issues as they happen and triggering immediate action.
Importantly, while the initial traction has been in the contact center, the larger opportunity is enterprise-wide. Risk is not confined to frontline interactions; significant exposure exists in back-office communications. Extending AI-driven analytics across the full communication ecosystem closes this visibility gap, enabling organizations to detect hidden risks earlier, protect against regulatory and financial exposure, and make faster, evidence-based decisions. Ultimately, the opportunity was to transform voice from a passive recording function into an active, enterprise-wide intelligence layer, turning every conversation into actionable insight that drives measurable risk reduction and business performance.
AI has been integral to Smarsh’s product capabilities for several years. We’ve partnered with top financial institutions to create our own models for several use cases, and these form the basis of several AI capabilities embedded in our products. Teams responsible for building AI services are part of my overall product organization. All members of my team, including myself, work directly on the AI roadmap and are constantly pushing the envelope when it comes to delivering AI features across our products.
“Outside in” feedback from our customers, partners, and industry is a crucial input to our roadmap. Additionally, when it comes to customer signals, we pay close attention to behavioral signals like usage or adoption and commercial signals like renewals and upsell to shape our product roadmaps. To prioritize investments, we also leverage feedback from customer forums like CABs/QBRs, CSAT data points like NPS, analyst research, competitive landscape, and other regulatory and compliance signals.
It’s all about the accountability gap: what did your AI do, and can you defend it? The best analogy to describe this would be to compare how mature enterprises treat system observability.
As new regulations and litigations evolve and model behavior drifts, enterprises will wish they had treated AI decision reasoning and explainability as infrastructure from day one. When regulatory, legal, and reputational issues occur, you cannot reconstruct what was never recorded, and you cannot defend what you cannot explain.
Kamesh Tumsi, Chief Product Officer at Smarsh, shapes the company’s product strategy and innovation roadmap. Most recently, he served as Senior Vice President and Head of Product at HealthEquity. Kamesh brings extensive experience leading product, strategy, and user experience across fintech and consumer tech organizations, including Marqeta, Fiserv, Turner, and Microsoft. He holds 11 patents and earned a master’s degree from the University of Minnesota and an MBA from UC Berkeley.
More about Kamesh: 
Smarsh enables companies to transform oversight into foresight by surfacing business-critical signals from the most in-demand communications channels. Regulated organizations of all sizes rely upon the Smarsh portfolio of cloud-native digital communications capture, retention, and oversight solutions to help them identify regulatory and reputational risks within their communications data before those risks become fines or headlines.
To discover more about the future of communications capture, archiving, and oversight, visit www.smarsh.com.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.
