Why Communications Compliance Is a Priority for Financial Services Firms

In an industry where compliance and regulatory scrutiny is ever more of a factor, finance companies need a smart, forward-looking approach to stay in control, says Richard Mill

Ultimately, a financial services brand success depends on reputation and public trust, which are put into question every time a new industry scandal emerges – such asarogue trading incident or PPI-level product mis-selling.

There will be other scandals too–and the financial services industry needs to protect itself to not just limit the risk of such events taking place, which are hugely costly but also to remain on the right side of the regulators.

Financial organisations must keep peerless records of all dealings and communications. But as well as being comprehensive and robust, these must be easy to access – and, in the case of voice recordings specifically of trader conversations, easy to replay in the event of an audit or investigation.

But this can be a difficult technical challenge. Over time, city organisations have amassed multiple call recording solutions to capture calls, each with its own particular call capture protocol, leaving them with disconnected silos of data, usually as a result of merger and acquisition activity or organic growth. These are critical for providing indisputable evidence of agreements and advice given, and ensuring regulatory compliance. But these systems are only a help if a specific interchange can be easily isolated and played back. And that’s where financial service providers are being tripped up, particularly as they try to consolidate and modernise their call recording systems.

What’s more,financial service providers now live and trade in an era which has seen communication trails broaden to encompass web, email, SMS, Skype/VoIP and WhatsApp. Financial services organisations must be able to manage all of these channels from a compliance perspective – and be able to track the conversational journey that may start out on email, progress to the phone, and span at least two further communication channels. As these channels expand and the volume of data increases, organisations need flexible and scalable solutions to manage this.

This presents financial services companies with a substantial and expensive issue, especially where controls are imposed on the market and financial organisations must adhere to regulations, such as MiFID II, KYC, which demand that compliance teams are able to produce records at short notice (Dodd Frank specifies within 72 hours).

The records involved could potentially be years old. If you note that for an annuity record,organisations need to keep data on the customer for their lifetime and beyond – records will inevitably span generations of call recording technology. But technology moves on, suppliers go out of business or get acquired, and formats go in and out of favour – all of which poses a huge issue for organisations if they are faced with managing legacy recording systems which are no longer being unsupported.

Meanwhile how does a financial services provider address challenges that could arise over mis-selling or compliance? The organisation will need to be able to defend its position. The harder it is to find calls quickly, the greater the chance of hefty customer pay-outs and of being penalised and exposed for non-compliance: this is a serious organisational risk. So it’s very much in a finance company’s interest, to ensure that its systems are future-proofed and able to facilitate timely call data retrieval when needed.

 A scalable, reliable company memory bank

Technology vendors also have a reprehensible habit of producing software that has proprietary elements so as to promote vendor lock-in. As a result, financial services organisations must protect themselves by taking the appropriate steps to ensure that their data is always compatible with alternate and dissimilar systems.

Not to put this check in place would be highly if not grossly negligent. Preventative measures are far more cost-effective than corrective action and the sooner these measures are taken the better. Let’s consider a real life user case: a major US Investment Bank realised it was exposed by having multiple sites, each with its own individual call recording system – and to make matters worse, these individual systems were of various models, various ages, and various release versions.

That meant the customer had zero ability to provide any form of federated compliance control. Without such control, each individual location applied its own rules and without knowing which specific recordings needed to be retained and which didn’t,everything was kept‘just to be on the safe side’.

This in turn meant the bank faced the collective risk of having huge volumes of data residing on legacy systems, with the added issue of also spending considerable sums supporting expensive and unnecessary technology. In this case the bank’s first idea was to use the supplying vendor’s own tool kit to address these issues, but this didn’t solve the problem because the data lay across multiple product versions which weren’t uniformly compatible.

The good news is that the bank then adopted and applied a federating policy resulting in an extremely successful project – after the successful consolidation of its recordings and meta data, it was able to purge over 40% of its calls bringing about the additional benefits of lowering risk and reducing costs.

What does a smart federated approach look like?

Just as modern content management platforms exist that allow companies to search and access a whole spectrum of seemingly incompatible documents, there are solutions that can extract and manage data from a diverse range of capture and storage solutions, and yes, from multiple vendors, wherever it resides and present it in one single central management portal.

Such a single central management portal provides your legal team with the ability to self-serve, eliminating a lot of the heavy lifting that IT was previously having to do, plus enabling you to be more proactive with data, with multiple departments easily extracting voice recordings so that data can be analysed for trade reconstruction. Voice recordings (on multiple systems, across multiple locations) that fall outside of retention periods can also be identified and deleted driving huge savings and eliminating risk.

Adopting such an approach helps you avoid any need for having expensive auditing teams locked away for weeks on end, sifting through monotonous call recordings to extract the relevant interactions. So a central, vendor neutral portal that can draw recording data from any number of systems, from multiple vendors or locations, whether these are legacy, live, cloud-based or on premise that offers a single point from which authorised users can view, manage, replay, store, extract and run reports makes good business – and compliance – sense.