1. Which businesses are most affected by communications compliance?
Giles Houston, Director, Microsoft Alliance – Dubber: “Financial Services remains the most affected – and directly following it are any businesses conducting financial transactions.
“Hybrid working has created a new wave of demands for conversational AI and recording solutions that are both compliant and, delivering compliance outcomes across HR, dispute resolution, customer experience and more.
“The focus has shifted from discrete compliance solutions to how we can capture and mine conversations in the network or solution – effectively transforming any video, voice or text interaction into a source of valuable data.
“Most sectors are now leveraging compliance recording and benefiting from the visibility it provides.”
Lee Garf, General Manger, NICE Compliance Line of Business: “Due to the extensive scope of regulations governing financial institutions, every firm needs to be concerned about communication compliance. Adding to this, with remote and hybrid work, the modalities of communication solutions that regulated employees use are changing.
“For example, today, the number of regulated employees working from remote locations is considerably higher than it was two years ago. This in turn has resulted in the accelerated adoption of Microsoft Teams, along with Teams’ embedded collaboration tools which include phone, video, chat and more.
“As with all regulated employee conversations, Teams’ communications must also be captured and retained under Dodd-Frank, MiFID II, MAR and other laws and regulations. But the specifics of how these communications must be recorded and stored can vary based on jurisdiction.
“Large multinational financial services firms may be subject to multiple data jurisdictional requirements, depending on the regions they operate in.
“When you consider that there are 195 sovereign nations in the world, different countries are going to have different requirements about whether data must be captured, and within what geographical boundaries it can be stored. For this reason, it’s essential to work with a solution provider that has a solid understanding of these global regulatory impacts.
“Additionally, there are intricacies with different regulations. For example, MiFID II requires firms to maintain electronic records of communications, including voice calls and texts, in a WORM-compliant storage medium, as do the SEC and FINRA, under Rule 17a-4.
“The UK’s Financial Conduct Authority (FCA) also requires regulated communications to be stored in a format that can’t be intentionally, or accidentally, altered or deleted. Popular cloud services like Microsoft Azure and AWS help fulfil this requirement by supporting storage of electronic records in a format that is non-rewritable and non-erasable, for the solution specified retention period.
“In short, if your firm has adopted Microsoft Teams for regulated employee use, if you want to stay in compliance with regulations, you’ll need a reliable solution to record and archive these communications.”
Alexander Grafetsberger, VP of Luware Recording: “Financial institutions and the insurance industry. They deal with sensitive information and have high pressures to uphold legal regulations, which require them to record all their enterprise interactions, such as phone and video calls and chats.”
Garth Landers, Director of Global Product Marketing at Theta Lake: “Financial services, public sector and healthcare are some of the most regulated sectors grappling with the volume and velocity of multimodal (voice, video, text) communications today.
“Financial services are a good example of a sector that has multiple requirements for recordkeeping and supervisory review of these communications. SEC, FINRA, ESMA and FCA are financial services regulatory bodies with strong enforcement mechanisms.
“The penalties for noncompliance- and failure to retain/review communications such as chat, voice, SMS text can be quite severe, as evidenced by the numerous fines handed out recently – totaling $1B (USD).
“Public sector agencies have numerous recordkeeping retention requirements- some which overlap with privacy requirements. For example, HMRC in the UK has record retention requirements that must align with a number of regulations including PRA 1958, FOIA 2000, DPA 2018 and UK GDPR.”
2. What are the challenges for an organisation implementing compliance in Teams?
Giles Houston, Director, Microsoft Alliance – Dubber: “One of the most consistent challenges to compliance will always be: Are we capturing all conversational data points in a compliant manner? From fixed line and mobile to OTT applications. Organisations are now expected to record and create actionable insights from all endpoints.
“It’s only natural that a diverse range of communications options create complexity when delivering compliance solutions. The challenge of exponentially growing data sets and collaborative platforms should be viewed as an opportunity for solution providers to better serve their customers.
“When it comes to implementing compliance in Teams, the speed of tech development can be impressive and frustrating in equal measure. New capabilities and modalities are released fervently by Microsoft and companies are charged with playing a game of ‘compliance catch up’.
“Of course, the topical challenge posed by remote working seems set to stay. As far as the regulators are concerned, hybrid workers should not risk or compromise their organisation’s ability to follow rules, obligations and auditable standards.
“Despite this, the WFH landscape often involves increased personal device use, multi-channel communication and unknown user location representing a very real challenge to effective compliance in Teams.
Lee Garf, General Manger, NICE Compliance Line of Business: “Here at NICE, we see a number of challenges for organisations implementing compliance in Teams.
“Teams, by definition, is a cloud solution. But even if you’re recording Teams, you still have the option to implement compliance recording as an on-premises solution or as a SaaS solution in the cloud. Many firms are now leaning toward the SaaS option.
“Cloud-based recording does open new considerations for firms that have traditionally deployed on-prem software.
“Considerations include, for example, are there any data residency concerns, given the global regulatory landscape? How can I easily migrate my regulated users (that are already using other communication modalities) to the new cloud recording platform? How do I handle historical data (archived voice recordings)? How can I best achieve resilience? Should I strive for a single or multi-tenant approach? How can I ensure my data is secure? And so on…
“Another key thing to remember when it comes to compliance recording is that traders and other regulated employees communicate through many modalities beyond Teams – they may use turrets, mobile phones, chat services, and traditional PBXs (phone systems) too.
“Regardless of the modality they use, their regulatory obligations do not change. For this reason, firms need to look beyond addressing individual compliance recording and surveillance needs in a vacuum and move toward solutions that facilitate holistic capture and surveillance.
“By deploying holistic solutions that cover your ‘old and new’ systems, you can ensure that you’re applying policies and surveillance consistently across everything you need to protect.
Alexander Grafetsberger, VP of Luware Recording: “A big challenge for organizations with high compliance obligations is that they often can’t even migrate to Teams before having a compliance recording solution in place.
“Then, during the transition, there are often different systems, some of which are on-prem and others that are in the cloud and managing these can be challenging.
“What is also often new to organizations is that on Teams, they must ensure that all communication channels, not just phone calls but also chat, video, and screenshare, are recorded according to regulations.
Garth Landers, Director of Global Product Marketing at Theta Lake: “For compliance officers, there becomes a balancing act—between the increased productivity and value added by collaboration tools vs. the associated risk and potential compliance violations when the data becomes much too cumbersome to monitor and archive effectively.
“Employees may seek to circumvent the use of collaboration tools that use recording and will share confidential information via other means. Reviewers need to know if there are incidents involving such activity, but these may be missed using traditional review tools and procedures.
“Screensharing of sensitive information can occur during video conferencing and because the document being shared isn’t included in chat or mentioned in the transcript, there is no easy way to screen for such issues using current tools without having a compliance officer watch every single recording.
“Automated transcripts of voice or video calls may be inaccurate or incomplete, leading to missing compliance violation red flags if only screening the transcripts for keywords.”
3. Which technologies could help companies to become compliant on Teams?
Giles Houston, Director, Microsoft Alliance – Dubber: “Within Teams, certified solution providers are helping organisations to navigate the changing landscape of risk.
“In-app recording features that provide rudimentary capabilities are rarely equipped to service complex enterprise needs. Recording should be integrated and delivered as a direct service or through a service provider to ensure accuracy and storage.
“The development of AI insights makes a real difference to how companies remain compliant on MS Teams. With AI features being built into recording platforms, we are now in a place to leverage raw data and turn it into actionable tasks.
“For organisations adhering to tight compliance protocol, the ability to tag ‘red flag’ keywords, use sentiment analysis and improve decision making will be game changing as we move into the future of UC recording.
“AI analysis is rapidly developing and we’re already seeing its capacity to transform compliance. Our platform’s ability to not only record and store but to review topics and create notes provides a holistic view of every conversation that ultimately accelerates your journey to compliance.”
Lee Garf, General Manger, NICE Compliance Line of Business: “NICE’s NTR-X compliance recording and SURVEIL-X holistic surveillance solutions form Compliancentral, the industry’s most comprehensive, end-to-end communication and trade compliance platform.
“Compliancentral helps firms build trust by enabling regulatory compliance, and shining the spotlight on misconduct, so firms can stamp it out at its source.
“Compliancentral does this by capturing every regulated employee communication, and then holistically applying AI and advanced analytics to trade, communication and behavioural data to help firms gain a complete understanding of what regulated employees are saying and doing.
“At NICE we recognize that a one-size-fits-all approach to data residency doesn’t work in today’s world. What’s right for one firm may not be right for another.
“NICE offers a multi-region, multi-location deployment capability that gives financial institutions the option to choose the right region based on their needs.”
Alexander Grafetsberger, VP of Luware Recording: “Verint offers a world-leading Microsoft-certified solution that can capture, archive, analyze, and retrieve interactions across all modes of communication from Teams voice calling, meetings, and collaboration streams.
“If you don’t have the resources to manage this solution yourself, we at Luware host and manage the solution for companies and add value through our world-class compliance recording engineers. That way, companies have the peace of mind that they obey all regulations.”
Garth Landers, Director of Global Product Marketing at Theta Lake:
“Microsoft Teams is a powerful platform spanning chat, voice, and video. A commensurate compliance solution should include recording, compliant archiving, deep supervision, and risk detection.
“Theta Lake provides an AI-based, compliance and risk management suite for Teams meetings, helping firms scale their security and regulatory compliance across video, voice, chat, and more.
“It includes: comprehensive capture, search and retrieval, legal hold case management, 3rd party archive & eDiscovery integration, supervision, and SEC 17A-4 archiving.”