Skip to main content
Touch blog

Data security – are your call recordings secure?

One of the main changes that will be introduced by the upcoming Markets in Financial Instruments Directive II, (MiFID II), and the accompanying Markets in Financial Instruments Regulation (MiFIR) will be a requirement for financial services companies and individuals to record all fixed and mobile calls, and other electronic communications intended to bring about a transaction, and store them for 5 years. Failure to comply will mean hefty fines.

MiFID II took effect, with a zero-tolerance policy, on January 3, 2018. It expanded on existing rules, under MiFID, and was designed to take into account changes in the trading environment since MiFID and, in light of the financial crisis, to improve the functioning of financial markets making them more efficient, resilient and transparent.

So now, all communications intended to result in a transaction, including voice calls, VoIP calls, SMS, emails and chat-based applications such as Skype for Business, need to be recorded and stored for up to 5 years.

A further requirement of MiFID II was that company management must have effective control over policies related to call recording, including the need to monitor recorded calls to meet compliance, and to log all communications that are either not recorded, or partially recorded, for example, if there are network problems.

It means that many financial firms may still need to implement new, or update existing, infrastructure and platforms to be able to record and securely store all communications. MiFID II requires near-unlimited, secure storage capacity and the ability to record and store, for example, communications made by remote workers or those working from home, which on-premise PBX hardware simply cannot meet.

Multi-channel, cloud-hosted solution

Touch Call Recording and Storage is a multi-channel, cloud-hosted service that has been helping our existing customers to meet MiFID compliance requirements for nearly a decade. It is also ‘MiFID II-ready’. It requires no costly or time-consuming on-premise deployments and, put simply, enables organisations to quickly, securely and cost effectively meet all aspects of MiFID II compliance.

One of the main components of MiFID II is the need to securely store all communications for 5 years. The Touch call recording service is maintained as part of an ISO27001 certified information system. It is located on two geographical sites with one production site and one disaster recovery site. Data is mirrored across multiple sites, with near-instant access to recordings through an intuitive interface.

Recorded calls are immediately transferred from Touch Call Recorder to the recording facility via a secure connection. Files then undergo a two-stage encryption process, according to ETSI TR 102 661. First, a new, random secret key is generated for each data file (AES, 256 bits). Then the secret key is encrypted with an RSA asymmetric encryption algorithm with key length of 2,048 bits.

The encrypted, secret key is then stored in the database together with reference to the encrypted data file, which means that no content is stored in the database, only metadata.

Secure access

Access to, and retrieval of, files from the database is enabled by an easy-to-use, intuitive web interface. Access can be assigned only to those with permissions rights. The database solution also assures the integrity of stored data and provides full traceability for database operations.

The actual query (type of query and search parameters) is logged in the database together with the specific session ID that refers to an individual web user’s account.

Touch Call Recorder and Storage has additional benefits. As well as ensuring compliance with MiFID II, it enables audit trails, documentation, dispute resolution, training, and the ability to gain more value from all your communications. It also supports the upcoming General Data Protection Regulation (GDPR) and UK Data Protection Act 1998, as well as industry, national and international requirements.

It’s a simple answer to your challenges. Contact us now to find out how we can ensure that you continue to meet your MiFID II, and other compliance and legal, requirements.

Explore touch call recording

Touch call recording

The benefits of self-training in contact centres

As technological innovation continues to reshape the contact centre landscape, the role of the live agent is actually becoming more important that ever, especially when it comes to building and maintaining customer relationships. As a result, it’s vital that agents are well trained and develop excellent ‘soft skills’.

Why MiFID II will require a multi-channel approach

Today, businesses are likely to use multiple channels for communicating with each other, and with customers, partners and clients. Employees rely on a multitude of communications channels, including fixed and mobile phones, laptops and devices that support not only voice calls, but also email, SMS, VoIP and enterprise-based chat solutions, such as Skype for Business, in order to perform their daily tasks efficiently and smartly.

Sign up today with touch call recording service

Get started with Touch Call Recording Service

Start recording in minutes, not months. Need something specific? Get in touch.

Touch is

Touch Call Recording was recently awarded 'eco-lighthouse' certification, Norway's most widely used certification scheme for enterprises seeking to document their environmental efforts and demonstrate social responsibility.
Eco-lighthouse logo