Data security – are your call recordings secure?

MiFID II took effect, with a zero-tolerance policy, on January 3, 2018. It expanded on existing rules, under MiFID, and was designed to take into account changes in the trading environment since MiFID and, in light of the financial crisis, to improve the functioning of financial markets making them more efficient, resilient and transparent.

So now, all communications intended to result in a transaction, including voice calls, VoIP calls, SMS, emails and chat-based applications such as Skype for Business, need to be recorded and stored for up to 5 years.

A further requirement of MiFID II was that company management must have effective control over policies related to call recording, including the need to monitor recorded calls to meet compliance, and to log all communications that are either not recorded, or partially recorded, for example, if there are network problems.

It means that many financial firms may still need to implement new, or update existing, infrastructure and platforms to be able to record and securely store all communications. MiFID II requires near-unlimited, secure storage capacity and the ability to record and store, for example, communications made by remote workers or those working from home, which on-premise PBX hardware simply cannot meet.

Multi-channel, cloud-hosted solution

Touch Call Recording and Storage is a multi-channel, cloud-hosted service that has been helping our existing customers to meet MiFID compliance requirements for nearly a decade. It is also ‘MiFID II-ready’. It requires no costly or time-consuming on-premise deployments and, put simply, enables organisations to quickly, securely and cost effectively meet all aspects of MiFID II compliance.

One of the main components of MiFID II is the need to securely store all communications for 5 years. The Touch call recording service is maintained as part of an ISO27001 certified information system. It is located on two geographical sites with one production site and one disaster recovery site. Data is mirrored across multiple sites, with near-instant access to recordings through an intuitive interface.

Recorded calls are immediately transferred from Touch Call Recorder to the recording facility via a secure connection. Files then undergo a two-stage encryption process, according to ETSI TR 102 661. First, a new, random secret key is generated for each data file (AES, 256 bits). Then the secret key is encrypted with an RSA asymmetric encryption algorithm with key length of 2,048 bits.

The encrypted, secret key is then stored in the database together with reference to the encrypted data file, which means that no content is stored in the database, only metadata.

Secure access

Access to, and retrieval of, files from the database is enabled by an easy-to-use, intuitive web interface. Access can be assigned only to those with permissions rights. The database solution also assures the integrity of stored data and provides full traceability for database operations.

The actual query (type of query and search parameters) is logged in the database together with the specific session ID that refers to an individual web user’s account.

Touch Call Recorder and Storage has additional benefits. As well as ensuring compliance with MiFID II, it enables audit trails, documentation, dispute resolution, training, and the ability to gain more value from all your communications. It also supports the upcoming General Data Protection Regulation (GDPR) and UK Data Protection Act 1998, as well as industry, national and international requirements.

It’s a simple answer to your challenges. Contact us now to find out how we can ensure that you continue to meet your MiFID II, and other compliance and legal, requirements.