All Things Compliance with VanillaIP
Iain Sinnott talks to UC Today about PCI, MiFID II and GDPR
I catch up with Iain Sinnott, Sales and Marketing Director at VanillaIP, usually once a month. We speak about Unified Comms innovations and the latest technology. This month our conversation was scheduled to be around compliance. I opened our call by saying it’s not a thrilling topic. However, by the end of my chat with Iain, we concluded compliance is still incredibly important and still very much misunderstood. We broke compliance down into the three main regulations that are still hot topics at the moment.
VanillaIP is introducing a full-blown agent anonymised service that swaps between an agent call and an automated call for taking credit card details. This will slot into the VanillaIP BroadSoft solution and integrate into payment gateways and CRM software to cover all angles. Starting with enabling an agent able to access CRM information, go through a payment process, have the payment handled automatically and back to the agent to close the call.
We spoke about businesses that are still unsure of what PCI compliance actually means. Lots of businesses ask for their phone system to be made PCI compliant, but it is, in fact, the business and its processes that are required to be PCI compliant. Iain suggested this is the case across all types of compliance.
“People need to understand that compliance is not the same for every type of business”
Iain pointed out MiFID II as particularly interesting. If a small business selling pensions to consumers needs to be MiFID II compliant, they are not expected to have the same levels of compliance as someone like Deutsche Bank. As long as call recordings are turned on, compliance is near enough ensured. Whereas Deutsche Bank needs compliance to the nth degree. They will need to go much further to satisfy a regulator.
“What our industry needs to remember is that we need to deliver the tools, but the business needs to take care of their processes and principles”.
“Our BroadSoft users need to remove call forwarding to ensure their call recording is compliant. They can use BroadWorks Anywhere as this is recorded and on the phone system. However, when you divert the call out to the PSTN, you break that compliance”. Iain said that when partners are building users, you obviously need to ensure call recording is turned on, but you need to be diligent and untick the call forwarding option. This ensures every phone call made or received is recorded and cannot leave the network.
The right to be forgotten against always-on recording argument rages on. Iain said that to be GDPR compliant, users need to be set up for pause and resume if you also need to be PCI compliant, but for that to be turned off if you need to adhere to MiFID II. Iain praised the Uboss platform that makes it easy for a partner to provision users in line with their respected regulations.
For more information on making your business compliant, be it PCI, MiFID II or GPDR, check out VanillaIP’s guide to compliance.