UC companies share their latest thoughts on compliance in Microsoft Teams
1. Which businesses are most affected by communications compliance?
Giles Houston, Director, Microsoft Alliance – Dubber: “Financial Services remains the most affected – and directly following it are any businesses conducting financial transactions.
“Hybrid working has created a new wave of demands for conversational AI and recording solutions that are both compliant and, delivering compliance outcomes across HR, dispute resolution, customer experience and more.
“The focus has shifted from discrete compliance solutions to how we can capture and mine conversations in the network or solution – effectively transforming any video, voice or text interaction into a source of valuable data.
“Most sectors are now leveraging compliance recording and benefiting from the visibility it provides.”
Lee Garf, General Manger, NICE Compliance Line of Business: “Due to the extensive scope of regulations governing financial institutions, every firm needs to be concerned about communication compliance. Adding to this, with remote and hybrid work, the modalities of communication solutions that regulated employees use are changing.
“For example, today, the number of regulated employees working from remote locations is considerably higher than it was two years ago. This in turn has resulted in the accelerated adoption of Microsoft Teams, along with Teams’ embedded collaboration tools which include phone, video, chat and more.
“As with all regulated employee conversations, Teams’ communications must also be captured and retained under Dodd-Frank, MiFID II, MAR and other laws and regulations. But the specifics of how these communications must be recorded and stored can vary based on jurisdiction.
“Large multinational financial services firms may be subject to multiple data jurisdictional requirements, depending on the regions they operate in.
“When you consider that there are 195 sovereign nations in the world, different countries are going to have different requirements about whether data must be captured, and within what geographical boundaries it can be stored. For this reason, it’s essential to work with a solution provider that has a solid understanding of these global regulatory impacts.
“Additionally, there are intricacies with different regulations. For example, MiFID II requires firms to maintain electronic records of communications, including voice calls and texts, in a WORM-compliant storage medium, as do the SEC and FINRA, under Rule 17a-4.
“The UK’s Financial Conduct Authority (FCA) also requires regulated communications to be stored in a format that can’t be intentionally, or accidentally, altered or deleted. Popular cloud services like Microsoft Azure and AWS help fulfil this requirement by supporting storage of electronic records in a format that is non-rewritable and non-erasable, for the solution specified retention period.
“In short, if your firm has adopted Microsoft Teams for regulated employee use, if you want to stay in compliance with regulations, you’ll need a reliable solution to record and archive these communications.”
Alexander Grafetsberger, VP of Luware Recording: “Financial institutions and the insurance industry. They deal with sensitive information and have high pressures to uphold legal regulations, which require them to record all their enterprise interactions, such as phone and video calls and chats.”
Garth Landers, Director of Global Product Marketing at Theta Lake: “Financial services, public sector and healthcare are some of the most regulated sectors grappling with the volume and velocity of multimodal (voice, video, text) communications today.
“Financial services are a good example of a sector that has multiple requirements for recordkeeping and supervisory review of these communications. SEC, FINRA, ESMA and FCA are financial services regulatory bodies with strong enforcement mechanisms.
“The penalties for noncompliance- and failure to retain/review communications such as chat, voice, SMS text can be quite severe, as evidenced by the numerous fines handed out recently – totaling $1B (USD).
“Public sector agencies have numerous recordkeeping retention requirements- some which overlap with privacy requirements. For example, HMRC in the UK has record retention requirements that must align with a number of regulations including PRA 1958, FOIA 2000, DPA 2018 and UK GDPR.”