Navigating the Slippery Slope
of Call-Recording Compliance

By Tony Procops

June 2010

The laws, regulations, and stipulations surrounding call recording are tenuous at best.  In many cases, it is hard to find specific language pertaining directly to the mandate for the capture and storage of voice and screen recordings.  However, in order to maintain full regulatory and industry compliance across a variety of industries - and avoid costly penalties - many organizations might want to consider the utilization of a call-recording system that can provide the necessary level of protection and archiving management. 

You see, there are numerous foundational provisos in many of these laws that create the need to record and securely store customer interactions.  Many of these conditions center on the necessity of protecting sensitive customer information (account numbers, for example) from unauthorized personnel.  The only way to ensure such compliance is to audit the front-end staff that interact with customers; the best means of accomplishing this is by recording both the calls and the screen activity of these employees - whether they are call center representatives, financial traders, etc.  

Failure to effectively protect sensitive customer data can have serious consequences for the noncomplying organization.  This can amount to expensive fines, costly litigation, a damaged public reputation, customer attrition, and lost partnerships.  These detriments are simply too great for any organization to bear.  Fortunately, there are secure, robust, and highly resilient call-recording systems available today that can facilitate much of this work for you, and they typically feature the necessary automation to simplify and manage this whole process of capturing, auditing, and storing.

Maintaining Compliance with Intelligent, Centralized Storage: Two of the more prevalent laws - the Payment Card Industry Data Security Standard (PCI-DSS) and the Health Insurance Portability Accountability Act (HIPAA) - center on an organization's ability to protect its customers' sensitive personal information.  The most effective way to manage this whole data management lifecycle is with an integrated call- and screen-recording system with an intelligent storage area network (SAN).  Working hand-in-hand, these two systems can automatically capture, store, and control access to such sensitive information while also adhering to both internal and external policies and requirements.

Moreover, the integrated recording and storage system will encrypt the recording and securely store it for as long (or as short) a time as needed.  It also has the ability to set automatic-deletion parameters based on how long you want or need to keep the file.  

Ensuring Verbal Compliance with Speech Analytics: Both the Fair Debt Collections Practices Act (FDCPA) and the Telemarketing Sales Rule (TSR) require relevant organizations to say certain things during the course of a customer interaction.  For instance, the FDCPA stipulates that agents must identify themselves, the name of their firm, and state that the purpose of the call is to collect on a debt.  Similarly, with the TSR, telemarketers have to provide seven specific pieces of information during a call - such as the identity of the seller, the full cost of goods and services offered, and so on.  Additionally, the law actually requires telemarketers to record all interactions in which an agent is engaging in a free-to-pay conversion discussion with a customer whose free trial period has just ended. 

In the average call center, it can be arduous and difficult to closely audit agent behavior to ensure proper compliance by all customer-facing staff.  Managers have to listen to every call or physically sit with agents to hear the interaction live.  Furthermore, with minimal resources at their disposal, these supervisors are never really able to audit every call; it just isn't feasible.  Therefore, many interactions go by without any auditing - during or post interaction.  This is a frightening scenario when you think about how costly each of the potential infractions could be.

Fortunately, with the help of the latest speech-analytics applications on the market (some of which are tightly integrated with leading call-recording systems), these challenges can be easily and efficiently overcome.  This advanced software enables a business to automatically flag specific keywords, such as "debt" or "cost," so they can be easily identified post interaction to ensure compliance.  The right call-recording system can also send real-time alerts directly to supervisors to provide them with the information they require to maintain compliance.  

Overseas Laws: The issues outlined in this article are not germane solely to the United States.  In the United Kingdom, for example, the Financial Services Authority (FSA) has impending legislation that could force financial companies to record all mobile calls and store them for six months.  This same authority also mandates that such organizations already record customer interactions that relate to certain types of investments (when receiving or executing client orders or arranging for their execution are two examples). 

In Finland, organizations across the board fall under many of the same types of privacy and data protection laws as those in the US.  India has very strict laws that require certain types of recordings to be approved by the Union Home Secretary personally before the conversation ever takes place.  Moreover, in Australia there are regulatory restrictions related to listening to and recording telephone calls according to interception and listening devices laws.

All of these forms of regulation can be best managed and complied with if an organization has a robust, flexible, and integrated call-recording and centralized archiving system.

Conclusion: The reigns of regulation continue to tighten the world over, and the forecast doesn't call for anything less.  Therefore, smart organizations must arm themselves with the tools necessary to comply with such laws to minimize risk, mitigate liability, protect their reputation, keep customers, and avoid costly fines.  Businesses that attempt to navigate these tumultuous waters without the aid of an intelligent recording and archiving system run the risk of falling victim to these consequences.  In today's business climate, can you really afford this?

Tony Procops is president and CEO of CyberTech North America.  CyberTech is a global call-recording provider offering secure, open solutions for organizations to improve performance, optimize service, mitigate risk, lower cost, and maintain compliance.