Your call recording for compliance checklist
1 December 2020
The twenty features you need to ensure your call recording solution meets your compliance needs.
Are your recordings clear and accurate?
Recording for compliance is all about accurate record keeping. If all you’re recording is background noise, or broken speech from a poor connection, you’re not really fulfilling your compliance requirements. Your call recording solution should record directly from the network to make sure that every word is crystal clear, no matter the quality of the call.
Is your storage secure enough?
When it comes to compliance, particularly in the financial services industry, you’ve got to be in it for the long-haul. Regulations such as MiFID II can require companies to store their recorded conversations for up to 7 years, or even longer. Your call recording solution must have the storage capacity to securely store recorded calls long-term. Cloud storage has a significant advantage over on-premise storage here, as there are no worries about ever running out of space.
Can your call recording solution scale to meet demand?
Speaking of storage and capacity...to make sure you capture every single conversation, your call recording solution will need to be scalable enough to cope with multiple concurrent recordings. If you’re running a huge global organisation, there could be hundred or even thousands of conversations happening at once. You need to ensure that all of these calls are recorded.
Are your recordings encrypted?
Captured calls need to be protected. With conversations containing highly sensitive personal data, these recordings must be encrypted. And we don’t just mean in storage. Data should be encrypted in transit with transport layer security, as well as at rest. AES-256 is one of the strongest block ciphers available – we encrypt every protected object with a unique encryption key. The object key itself is then encrypted with a regularly rotated master key, for that extra layer of protection.
Are you able to record every single call?
We’ve never navigated as many communication channels as we do today. Whether taking client calls on your mobile while we work from home, or chatting with colleagues over Microsoft Teams, for regulatory compliance you need a Unified Call Recording solution that can capture calls across every device and channel.
Is your data protected by geographic redundancy?
To really ensure stored data is fully protected, there should be redundancy measures in place to mitigate risk. On-premise solutions can’t compete with the ability of cloud platforms to deploy across multiple data centres within a geographic region. Platform loads can be spread across data centres to provide full redundancy across all elements, including storage.
Is your solution available, even in unprecedented events?
Another area that cloud solutions excel in is availability. The various elements of cloud platforms can be decoupled and run as separate services, while processing can be swapped to different servers without downtime. Cloud platforms deploy load balancers to manage traffic and scale processes. Data centre connectivity can be managed and, in the event of catastrophic failure, moved accordingly across the platform architecture.
Is all of your data held in one place?
Having data stored in multiple locations is a compliance nightmare. In order to reduce the complexity of compliance, all of your organisation’s recorded conversations should be stored in one unified repository.
Do you have a retention policy in place?
Deleting data once it’s no longer required is as equally important as storing it securely in the first place. Particularly when it comes to compliance with regulations like the GDPR, it’s vital that organisations erase data when they no longer have a legitimate purpose to store it. Your call recording for compliance solution should include the option to set retention periods for recordings so they are automatically deleted after a specified period.
Are you prepared for a legal hold request?
Legal hold requests can happen at any time. These events mandate the preservation of information, including recorded calls, and can cause hassle for businesses if their data isn’t stored in a unified repository. To cover legal hold requests, your call recording solution needs to have a feature to preserve recorded calls no matter what. This should override standard retention periods, the deletion of a user or the expiration of overall storage periods.
Who can access recordings?
Access to recorded calls should be restricted to appropriate users for data protection, so your call recording solution should enable strict and secure permissions and team structures. Make sure you can group users into teams and control who can listen to recordings within a team. As standard, users should only be able to listen to their own recordings and users outside a team shouldn’t be able to access recordings.
How is access to recordings authenticated?
To ensure data is transmitted securely, access to recorded calls should be monitored and your call recording solution should employ stringent password policies and granular permissions that control user access to system features, functionality, and recorded data. For extra security, access to content should be via tokenised sessions.
Can you instantly retrieve recordings?
Often regulatory compliance requires instant access to data in order to comply with audits or other requests for information. All recorded calls should be instantly available to prepare for these kinds of situations. Cloud solutions are the ultimate solution – with recorded call data immediately available to replay, securely download, review, or delete on request.
Are your recordings time-stamped?
As part of regulatory audits, legal hold requests, or dispute resolution, organisations are often required to retrieve all calls from a specific time or date. Your recording solution should time-stamp all calls and allow search results to be filtered by date or time as well as user.
Can you pause and resume recording for PCI DSS?
Any organisations that take card payments over the phone will be familiar with the requirements of PCI DSS compliance. Certain payment card information is not allowed to be collected so your call recording solution must have the ability to pause and resume recording.
Does your call recording solution proactively mitigate risk?
Most industry regulations have been put into place in order to protect consumers and promote best practices. Your call recording solution can actually be a useful tool for proactive improvements and risk mitigation when it includes voice AI. When calls are transcribed, keyword searches can be put in place for the early detection of risky behaviour – deterring potential bad actors.
Can you securely export your data for visualisation?
Exporting voice data, securely of course, for analysis is another way to get a really clear picture of how your organisation is operating in order to reduce your level of risk. By visualising trends across a company, business leaders can get clear visibility over their operations.
Do you receive alerts for risky behaviour?
In order to respond to compliance risks instantly, you need real-time alerts to risky behaviour within your organisation. Using transcription, your call recording solution should provide the ability to create instant alerts for keywords specific to your industry or even your organisation. When these words are spoken during a call, managers or supervisors will receive an email warning them and giving them a link to the recording of the conversation in question.
Can you implement intuitive workflows and rule-based automation?
Automation shouldn’t stop at keyword alerts. To streamline processes within a business, your call recording solution should include an open API that allows you to create intuitive workflows and rule-based automation. These can automatically populate other business applications with call data for increased productivity and visibility across operations.
Can you ensure business continuity?
Business continuity really came to the forefront in 2020 and is a key component of any organisation’s risk and compliance management. Ensuring that your business can continue to operate securely, no matter where your workforce is based is essential. With remote working looking increasingly like it is here to stay, your call recording solution must not be confined to your office. Likewise with data storage. Ensure your voice data is protected by storage that will continue to operate securely, even in the face of unprecedented events.