In the aftermath of the global financial crisis, trust and relationships in transactions and communications with financial services companies hit an all-time low. Financial services regulators were faced with a significant task to reinforce trust in both the integrity and security of the financial system. Among many measures, they responded to the 2007/2008 financial crash by enforcing much stricter communications compliance regulations, introducing a number of directives to improve communications and increase transparency in order to mitigate future risk.
Strict regulatory compliance
The FCA, MIFID, PCI DSS and the EU Data Directive are very clear about the requirement for cutting-edge call archiving for all customer-facing staff, and secure, compliant credit card payment solutions. MiFID regulations require the recording of all calls, while MiFID II, which came into effect in 2017, expands on this mandate to anyone involved in the trading process, including those providing trading advice. All call recordings are required to be kept on file for 5 years.
The SEC has strict requirements in place around data security and the ability to instantly archive and retrieve calls while FCA requirements now state that anyone involved in financial trading even has to have their mobile calls recorded. Meeting compliance is continuing to become even more complex and expensive for companies in the financial services sector.
Confidence in the cloud
The financial services sector has previously been hesitant to engage with cloud communications platforms due to misconceptions about cloud telephony security and loss of control of highly sensitive data. However the recognition from regulatory agencies and standards bodies regarding the value of cloud services in meeting compliance has seen large scale adoption of cloud telephony by financial services companies. In November 2015, the Financial Conduct Authority (FCA) said that “there are no reasons why cloud technology should not be implemented should appropriate safeguards be in place”. The FCA believes that cloud technology “can facilitate entry and/or expansion, and increase the ability of financial services providers, overall, to renew their IT systems in a more efficient manner.”
Support from such governing bodies has given private and public financial service companies the confidence to finally make the move and embrace cloud communications. Companies in the sector are fast realizing that switching to cloud telephony solutions ensures they are fully compliant with industry regulations. To date, firms have met communications compliance through heavy investment in disjointed, outdated on-premise technologies that consume significant capital on a continuing basis. However, cloud based telephony now means there is a more secure, seamless and cost effective way to tackle these issues.
The features & functionality to exceed compliance requirements
Cloud telephony solutions can provide a number of revolutionary features and functionality to efficiently and securely meet today’s demanding FCA, MIFID, Central Bank, HIPAA and PCI DSS compliance requirements.
Credit card handling
Cloud telephony provides financial services companies with the capability to handle and collect credit card details in a manner which even exceeds PCI DSS compliance requirements. Customers can provide their credit card details through a secure IVR (Interactive Voice Response) facility which integrates with the company’s credit card processing provider. Where the company is recording communication between a customer and an agent (whether via a voice or video call), and IVR is used during the call to collect credit card details, this will not be included in the recording to ensure that only the credit card processing provider is able to access the details, as is required by regulatory bodies.
Voice verification
Certain cloud telephony platforms like Solgari can facilitate voice verification functionality enabling financial service companies to verify that the customer they are speaking with is exactly who they say they are. Likewise, the customer is offered the option of listening to a recording that they made when they first spoke with or contracted to a financial services company. Such functionality constitutes as active measures on a financial services company’s behalf to combat phishing and fraud, which are key requirements of regulatory compliance.
Full call log reporting & archiving
Under strict regulations set out by FCA in the UK, SEC in the US, the Central Banks across the globe and the incoming MiFID II guidelines, financial service companies are expected to record all customer communications which involve trades or contracts. These regulations include calls via both mobile and fixed lines as well as web-based meetings. Cloud telephony solutions can seamlessly meet all such regulatory requirements. Unlike on-premise legacy systems which can only archive calls for a set period, calls can be recorded, logged and archived in the cloud forever with far more efficient search and retrieval capability.
In the event of a customer dispute or audit by a governing body, all call information and recordings from any device can be searched and retrieved within seconds with only basic information required such as the date of the call, the user or the customer number to perform the search.
Word & phrase searching
In addition, the company could search for specific words or phrases within the archived call and video communications and extract only those excerpts and share instantly with the customers or even the regulator. This application can be also be used by financial analysts and data scientists identify and minimise any potential risks to or violations of regulatory compliance. This capability helps financial services companies to comply with regulations such as Anti-Money Laundering (AML) and Know Your Customer (KYC) analysis.
Call encryption
To meet HIPAA and PCI DSS compliance regarding fraud prevention and customer data security, financial services companies must demonstrate the use of highly secure data encryption. Cloud telephony solutions use TLS and SRTP (Secure Real-Time Transport Protocol) to securely encrypt all voice traffic, whether via voice calls, video calls or web-based meetings. Such encryption algorithms ensure a level of security far beyond the standard industry compliance requirements, ensuring that financial services companies are equipped to meet both current and future HIPAA and PCI DSS encryption requirements.
Cloud telephony – future-proofing financial services communications
By moving communications to the cloud, financial services companies can take a significant leap forward in terms of ensuring data security and meeting regulatory compliance. Ultimately, cloud telephony offers one of the safest, most efficient means of managing communications in the financial services sector by minimizing opportunities for breaches of data security and industry regulations. Financial services companies can not only satisfy current regulatory compliance requirements but be safe in the knowledge that they are fully equipped to seamlessly meet future communications regulations too.
Why is FinancesOnline free?
I never thought about financial services crossing over into cloud telephony. That could be seen as a helpful step for a lot of people. If you could get the right security, you could make the service really helpful to a lot of people.
Leave a comment!