Across every major industry—from financial services to healthcare to government—regulators are watching. And they’re not impressed.
As enterprises embrace hybrid work, mobile-first cultures, and increasingly AI-powered collaboration tools, they’re also creating dangerous gaps in their compliance posture.
Data retention, call recording, and policy enforcement are under the spotlight as regulators intensify scrutiny. And many organizations, especially those relying on patchwork solutions or personal devices, are quietly falling behind.
“Companies often overlook the extent or the options that their employees have to communicate—and those modes that require compliance and security controls,” says Doug Jones, AVP of Product Management, Voice & Collaboration at AT&T. “You need to think about this end to end—across any device, any app, any mode of communication.”
The Evolving Compliance Landscape: More Devices, More Risk
Five years ago, enterprise compliance strategies largely focused on email and traditional phone systems.
Now, regulators expect organizations to demonstrate control across a vast landscape of communication channels:
- Microsoft Teams and many more
- Contact center platforms (CCaaS)
- Mobile-native apps
- Personal devices used in remote or hybrid work settings
- AI-generated meeting summaries and screen captures
For highly regulated sectors such as finance and healthcare, the bar is rising fast.
“Remote work has enabled flexibility – but also created a nightmare for companies trying to ensure compliance across all these modes of communication,” says Jones.
“Now you’ve got half a dozen different ways an employee might interact with clients or partners. They all need to be secure—and compliant.”
The Hidden Risks of Personal Devices
Many organizations embraced BYOD strategies early in the hybrid work era, hoping to balance flexibility with cost savings. But today, personal device usage creates significant blind spots—especially in high-stakes environments like trading floors or healthcare contact centers.
While BYOD can be an enabler, Jones warns that oversight and policy enforcement must be fully integrated—not an afterthought.
“Just because a UC app is installed on a device doesn’t mean it’s the only way users will communicate,” he explains. “Without tight integration, employees can bypass apps and use native calling—and that’s where compliance risk creeps in.”
AT&T and Microsoft Teams Phone: Securing Communications End-to-End
To help enterprises meet this challenge, AT&T has developed deep integrations with leading UC platforms—including Microsoft Teams Phone.
“We’ve worked with our UC partners and integrated AT&T wireless and wireline networks to provide true end-to-end security and compliance,” says Jones. “When you combine native calling capabilities with UC apps through fixed-mobile convergence, now you’ve got that embedded compliance and security—no matter how the call is placed.”
That matters not just for call recording and data retention, but also for advanced AI capabilities—like transcription and intelligent recap tools—where regulators now expect auditable records.
Learning from the Front Lines: Finance as a Cautionary Tale
Recent regulatory enforcement actions in the U.S. banking sector provide a cautionary tale.
Public reports have highlighted multi-million-dollar fines imposed on banks where personal device use and non-compliant communication went unmonitored.
Jones cites the finance vertical as a key driver of demand for AT&T integrated solutions:
“We’ve seen firsthand how large financial institutions are now coming to us, wanting to secure all forms of communication—whether it’s a UC app, a mobile device, or a fixed line. They want one unified compliance posture across the board.”
By combining centralized policy control, secure voice transport, and native integration with Microsoft Teams Phone and Cisco Webex, AT&T is helping enterprises avoid the painful fines and reputational damage that can come from compliance gaps.
What CIOs and Compliance Leaders Need to Hear
For CIOs, compliance leaders, and technology buyers, the message is clear:
Your roadmap starts here—with secure, enterprise-grade connectivity.
“If you’re building an AI strategy or modernizing collaboration, you need to start with the plumbing first,” says Jones. “Consolidate redundant lines, optimize connectivity, and embed compliance from the foundation up. If you don’t, all the advanced features you layer on top could put your organization at risk.”
The AT&T mantra?
“Your roadmap starts here—with connectivity. Everything else, including AI, is just enriching the features of whatever platform you choose.”
In a world of ever-expanding communication channels, getting the basics right has never mattered more. Because when regulators come calling, excuses won’t be enough.
