Jump to main content
Blog

Ensure Recording Compliance in the Cloud

Cloud, Compliance, Contact Center, Financial Services

The recording of communications is no longer a need, but a real necessity that is becoming more and more common in many sectors of activity. The digital transformation accelerates the application of new regulations related to the protection of personal data and its conservation. Each need requires a customized migration to a 100% cloud infrastructure, respecting the constraints of each project at deployment.

Companies also articulate their needs, depending on the constraints that govern their sectors, according to the different compliance recording solutions. Marius Wantong, Chief Operating Officer of the French subsidiary ASC Technologies, shares with us some recommendations to ensure both the recording of communications in the cloud and its compliance.

1. What is registration compliance?

A compliant solution is one that not only records but also enforces the rules that companies are subject to depending on their industry. A compliant recording solution must allow for the possibility of changing the retention period, inform the customer that he is going to be recorded, and encrypt the data so that it cannot be used even if it is hacked.

Some sectors, such as finance, contact centers and public institutions, have registration needs and obligations, either to comply with legal regulations or for service quality management.

  • Contact centers, as well as public institutions, have been subject to the GDPR since 2018. This European regulation governs the conditions for processing and storing personal data of Internet users. It also offers them more rights and protection such as the right to information, right of access, right of withdrawal, right to erasure, right of opposition...
  • Call or contact centers also record communications to evaluate and improve their customer service. By replaying communications, they can determine the level of training an agent has received on a product or understand why an exchange with a customer went wrong.
  • Financial institutions, on the other hand, are particularly governed by numerous regulations such as MiFID II, IDD, FinVermV, Dodd-Frank Act. This set of rules governs the obligation to record all communications concerning financial exchanges to keep a trace and a history of all transactions in case of litigation or control.

Two events have recently changed the way companies deal with registration compliance issues:

  • The technological evolution that has driven companies to migrate from private record systems to the cloud.
  • The pandemic context has accelerated this phenomenon of migration due to the near generalization of teleworking and recording systems have adapted.  The "cloudification" of the recorders allows to break this physical border, no matter where you are, the recording is operational.

2. How do regulatory authorities monitor and control compliance with registration?

The supervisory bodies are particularly conscientious about compliance with the established guidelines for data processing and compliance. All companies affected by the compliance regulations - mainly companies in the financial sector - are subject to regular audits, at least once a month, and random checks are also carried out.

The structures subject to its controls need efficient and practical tools that allow them to permanently hold metric data, to check the good working order of the recorders, as well as the consistency of its use.

The most appropriate recording solutions provide analysis tools that are very much in demand, particularly by the internal compliance departments, which allow them to better monitor daily operations and detect any irregularities or improvements. This simplifies the production of reports for external control or supervisory bodies.

3. What does a company need to put in place to ensure that its records are compliant?

For the implementation of an internal recording solution, the prerequisite is that information is provided upstream to the persons concerned: employees, customers, prospects, staff representatives, as well as those who contact the company by means of a pre-hit message.

Audit and traceability of events are the key issues to ensure compliance of records. Some tools have been specifically developed to meet regulatory constraints: storage conditions, data retention, encrypted and non-alterable data, partitioning and data confidentiality.

4. What are the consequences of not complying with registration compliance for a company?

Depending on the sector, the sanctions, and consequences of not having a compliant registration system are impactful for the company or organization.

  • The financial sector is the most heavily sanctioned for non-compliance with the directives governing it, which can result in financial penalties ranging from a few thousand euros to the loss of a company's license, depriving it of its right to operate.
  • Call centers, meet a requirement of internal quality, to optimize their activities and meet the ongoing needs of customer satisfaction. Nevertheless, the constraints of the GDPR, which expose these structures to gradual sanctions in case of non-compliance, passing from administrative to criminal sanctions.
  • For public institutions, sanctions exist and are heavy in case of proven failure in the context of critical missions and operations.

5. How can a company ensure that it complies with the various laws or standards to which it is subject?

The sustainability of certain activities depends on the respect of these new standards, it is thus advisable for companies to inform themselves on all the existing regulations and directives, if necessary to audit the existing internal solutions, to make them compliant, or to accompany in the implementation of new registration solutions.

The companies that provide cloud solutions are constantly developing and improving their solutions to obtain compliance certifications for various sectors and to provide their customers with the best possible support. Thus, they obtain certifications that allow them to attest that the constraints of recording, storage and processing of data are well respected and compliant for several sectors. If we take the example of Microsoft's cloud computing solution, Azure, we can see that the solution is developing its offer around numerous regulations such as GDPR, MiFID II, FinVermV, Dodd-Frank and many others.

6. How does ASC support companies in implementing registration compliance?

ASC supports its customers through its network of partners, who participate in the construction of customizable and coherent solutions according to the sector of activity and the related regulatory obligations. The development of cloud solutions is a major challenge today, as the cloud gives companies of all sizes the possibility to access services and tools that they did not have access to before because they were too expensive, for example.

There are also two major issues related to the development of the Cloud:

  • Security: a company must be sure that its information is protected and that no unauthorized person can access its data.
  • Accessibility: The great advantage of the cloud is that it makes information and tools accessible in any environment at any time. This gives companies the opportunity to transform the way they work and reinvent collaboration and business structure.
Marius Wantong
Chief Operating Officer ASC France

Marius Wantong, Chief Operating Officer of the French subsidiary at ASC Technologies. Marius Wantong oversees the Business Unit in charge of the design, deployment and maintenance of content acquisition and analysis architectures in cloud and private (Client) environments. He works with key accounts in the financial sector, call centers and public security to help them create custom architectures and deploy them in compliance with the relevant legislation.