When it comes to creating a compliance strategy, there are a number of steps that organisations must take into account. Such a strategy must encompass the entire organisation, multiple channels, and both office and remote workers, as well as contractors.
There are a number of steps required in creating a compliance strategy
The first step is to understand the compliance regulations that apply to your organisations and workers. For example, MiFID II was brought into force across the European Union on 3 January 2018. Its aim was to provide a legislative framework to regulate financial markets, standardise practices across the EU and restore confidence in the industry after the 2008 financial crisis.
An important requirement for financial services companies as part of the legislation is to record all fixed and mobile calls, and digital communications intended to bring about a transaction, with organisations obliged to store communications for at least 5 years.
Post-Brexit, the UK on-shored MIFID II with some adjustments to make the regime operate better from a UK-only perspective. Likewise, the US has a similar regulation known as Dodd-Frank, which was enacted for similar reasons.
In the context of creating a compliance strategy, it means that financial services organisations that may have clients in the UK, Europe, or the US – regardless of where they are based – may need to ensure compliance with different versions of regulations.
Likewise, the General Data Protection Regulation (GDPR), introduced in the EU on 25 May 2018 is one of the strongest personal data protection regulations in the world. It applies to any organisation that collects, processes or stores data on customers and individuals, and ensures individuals’ fundamental rights to know what data a company holds on them, and the right to be forgotten (i.e., to ask for the data to be deleted).
Consider cross-border compliance obligations
Again, following Brexit, the UK has its own version – the Data Protection Act 2018 (DPA 2018). So, if an organisation holds personal data on citizens in the UK and the EU, it needs to comply with both sets of regulations. Countries around the world have their own versions, and the same applies. Put simply, organisations first need to understand their own obligations, including industry standards and broader, often country-specific, legislation.
The second step is to understand the steps required to meet compliance obligations. For example, call recording of conversations that contain personal or financial data is mandatory. So too is secure storage (for specific periods of time, which could be 5 years for financial transactions or for the duration of a customer contract). Recordings must be tamper-proof, securely stored, and only accessible by authorised personnel.
Of course, all channels – fixed and mobile calls, enterprise applications, SMS, chat, audio and video conference calls, MS Teams, and so on – must be covered. In addition, personal data must be transparent and offer the individual the opportunity to have it deleted.
Finally, a compliance strategy needs to consider risk management. Penalties and fines, for personal data breaches or financial data mismanagement, can be severe, and can also have a serious impact on a company’s reputation – serious personal data breaches and hacks are often front-page news. In short, it’s essential to work with a specialist, experienced partner when it comes to compliance.
Touch has nearly two decades of expertise in creating compliance strategies
Touch Call Recording Service has been helping organisations in the Nordics and Europe to meet compliance obligations since 2006. We were the first company in Europe to offer call recording as a managed service and have shared our expertise with multinational organisations and financial services firms for over a decade. We opened our Singapore office in 2018 and are expanding to other regions.
Our call recording managed service covers more than 50 channels – its network based and requires no software or hardware deployments. It just works, whether it’s a mobile call, an MS Teams session, or a Bloomberg conversation, or even a PBX integration. Users are on-boarded quickly and easily, and policy filters can be applied to each user. Once users are onboarded, they cannot tamper with the service, eliminating human error about what should be recorded and, worse, fraudulent activity.
Every time an administrator accesses users or call recordings, the session is logged by username, data, time, and so on, ensuring absolute transparency. Every conversation is available for review in an easy-to-use web-portal. A two-stage encryption process is then applied to ETSI TR 102 661 standards for all individual recordings.
Security and uptime are key
A new, random secret key is generated for each data file (AES, 256 bits). The encrypted, secret key is then stored in the database together with a reference to the encrypted data file, which means that no content is stored in the database, only metadata. Recordings are also duplicated to our geo-redundant site, providing peace of mind.
We also target 100% system availability for day-to-day operations – it means that, aside from planned maintenance and downtime, we aim to deliver our service on a 24x7 basis. Our on-going compliance and technology roadmap also means that our customers are covered now and in the future – any amended or new compliance rules are quickly incorporated into our service.
Touch is a specialist call recording as a service provider, and we can help you to ensure that your compliance strategy covers every base required. We have been sharing our knowledge and expertise with organisations of all sizes for nearly two decades. So, to find out more about how we can help with your compliance challenges, and help you to build a comprehensive strategy, contact us today.
On-demand recording mode for Microsoft Teams
On-demand recording is integral to the Touch Call Recording Service, which offers tight integration with MS Teams. Its flexibility allows organisations to switch recording mode at the touch of a button.
Ensuring compliance call recording with Microsoft Teams
MS Teams is an integral component of many organisations’ daily operations meaning that it must adhere to compliance obligations – this is particularly important when it comes to call recording policies. Leaving it to users to turn on call recording does not meet compliance requirements. What’s needed is a fully integrated call recording solution for MS Teams.