All Article / Blogs & News / Unlock the power of conversations with AI
Tagged:

Blog Post

Innovative Solutions to the Challenges of New APAC Regulations

Innovative Solutions to the Challenges of New APAC Regulations

With the countdown to the MiFID II regulations on the financial sector within the EU continuing apace – we take a look at the APAC call recording regulations that have been put in place since the Global Financial Crisis of 2007.

Eleven members of the G20 summit, including Australia, China, Hong Kong, and Singapore, have committed to a host of regulations for their banks. The aim of these regulations is to improve transparency in the financial industries and reduce risk culture. These measures should restore the trust in investors and consumers that may have been lost in recent years.

With MiFID II mandating the recording of all mobile calls and text messages relating to financial advice and wealth management, it is unsurprising that Asia-Pacific should follow suit with its own extensive regulations.

Burden of proof

Although there is not a cohesive set of compliance guidelines for the region, the unifying theme of the regulations is financial services providers acting in the best interests of their consumers.

The Future of Financial Advice (FoFA) Act introduced by the Australian government, designed to nurture trust in customers and encourage transparency in financial service providers, states that financial advisors must act in the best interests of their clients. Best practice guidelines released by the Australian Securities & Investments Commission describe how records should be kept to show how this is being upheld. In order to comply with these guidelines, all communications with clients will need to be captured and stored securely.

The Hong Kong Monetary Authority also requires that institutions selling investment products maintain adequate records to demonstrate that they have advised their clients appropriately – this includes audio recording. Where repeated transactions are requested over the phone, these calls must be recorded to prove that customers are aware of any continued risks before continuing with their investments. Any waivers of risk disclosure should also be recorded as evidence.

Chart from Nielsen Q4 2016 Consumer Confidence Report

Similarly, the Chinese Protection of Consumer Rights and Interests Amendment places the burden of proof on service providers in the event of a dispute. Chinese and Hong Kong banks, are also required to keep records of client communications, including audio recordings, in all derivatives transactions. These must be kept readily accessible for a minimum of five years after the transaction has matured or been terminated. The Nielsen Consumer Confidence Index (see chart above) shows that Chinese consumer confidence has increased in Q4 of 2016, which shows promising signs for the new regulations.

The Monetary Authority of Singapore, in its guidelines on risk management practices, states that institutions should maintain records of telephone calls involving trades and discussions with customers on proposed transactions. Transaction information should be stored ‘in a manner that is reasonably practicable to retrieve’ until at least five years after the last date of expiry or termination of a contract. Storage for this length of time tends to be a major challenge for legacy call recording solutions, especially as financial organisations grow. The costs involved can increase dramatically with the storage requirements. With a native cloud solution, scalability is built into the service – allowing organisations to manage their data without any extra hardware.

Chart from World Economic Forum

It’s not all doom and gloom

As regulations and guidelines around financial services tighten to protect taxpayers and consumers, technology providers strive to innovate solutions to help organisations along this road. For instance we have seen solutions such as Dubber working with service providers to provide finance-focused call recording solutions to overcome these challenges.

Solutions such as Dubber’s native cloud call recording will be an instrumental service for organisations wishing to comply with these guidelines. Just like the paper trail of emails, it provides proof that specific information was supplied to a client, ensuring advice was given in their best interest. Not only is the implementation of this service quick and easy, there are numerous commercial benefits that accompany it.

Keeping customer service and user experience at the forefront of your business strategy is vital for success, and there is no reason that this shouldn’t be the case when maintaining compliance with regulations. The systems that have been put in place by financial authorities to maintain consumer interests can actually help banks to identify consumer behaviour patterns that can help them to understand their customers and improve their business.

Safe storage that is easily accessible, is something that you can expect from native cloud solutions. Without the need for any hardware, Dubber can provide long-term secure storage for your calls, which can be accessed in a flash. Solutions such as Dubber’s platform offering, which utilise third party infrastructure as a service solutions such as Amazon Web Services, experience vast benefits such as scalable storage and enhanced cloud security.  Prioritising security is all part of the AWS cloud infrastructure, which is constantly evolving to protect your data.

 

Cloud vs Cloud: How to Spot a Fake

Cloud vs Cloud: How to Spot a Fake

“The cloud is a principal, not a software version”

– GovSense

The internet is full of companies labelling themselves as a “cloud based solution”. Unfortunately, not all of these are true cloud products, but what have been nicknamed ‘fake’ cloud products. There are two forms of cloud based platforms from which companies deploy their technology solutions: hosted cloud platforms and true or native cloud platforms. Many companies who claim to be cloud based are often actually operating from a hosted cloud platform, which is both less efficient and less functional than true cloud based offerings. In fact, hosted cloud solutions sometimes simply add to the plethora of problems that accompany on-premise solutions.

A hosted cloud solution is a technology service offered by providers that host physical servers which actually defer the service elsewhere. Hardware is still required, which means that the solutions are not truly cloud based solutions, and are unable to be scalable – a feature that is one of the key attractions of native cloud solutions. Hosted cloud solutions are not built, maintained or managed by the provider themselves, as they are usually off-the-shelf products. Instead, they shift accountability to others, which causes the usual complications of third party involvement. Amongst other things, this creates a barrier between users and their data.

A true cloud solution is operated entirely from a native cloud platform, eliminating any need for hardware. Once hardware requirements are eliminated, the associated restraints of using hardware are simply eliminated as well. End users can benefit from efficient solutions without the need for any hardware, and the associated headaches. True cloud solutions can therefore provide best in the industry services. The list of benefits of true cloud platforms is extensive, and includes:

  • Seamless integration into any application
  • Unlimited scalability
  • Open APIs – giving users the flexibility to adapt solutions to fit their requirements
  • No tedious upgrade processes
  • Speed and ease of use
  • Greater value for money
  • Highly secure
  • Highly accessible
  • Many others

Undoubtedly, the most significant benefit of true cloud platforms is their capacity for unlimited scalability, which enables end users to scale the processing power and storage capacity of solutions to fit their individual requirements. True cloud solutions have been built securely to perform in a multi-tenant cloud environment.They therefore support multi-tenancy, as well as data redundancy. They are often deployed with open APIs, providing users the flexibility to adapt the solution to fit their individual requirements. This agility perfectly compliments the dynamic and constantly changing demands of the modern world. In all these ways and more, true cloud solutions differ from hosted cloud solutions. Hosted cloud solutions are simply attempting to blur the lines between true and hosted platforms.

“Connecting an internal solution to the web and calling it ‘cloud’ is a bit like waterproofing a truck and calling it a submarine: it might technically fit the description, but it’s clearly not meant for that.”

– IT News Africa

The long list of applications and benefits that true cloud solutions offer simply cannot be matched by hosted cloud solutions, and so true cloud solutions are better equipped to help companies provide best in the industry solutions for their clients. The leading true cloud platforms are Amazon Web Services (AWS), the Google Cloud Platform and Microsoft Azure. Two notable examples of companies using these platforms to deploy their service include Netflix and Spotify. AWS enables Netflix to rapidly deploy data content on an enormous scale, to servers all over the world. It is AWS that enable Netflix to manage their huge user base and volume of data. Spotify use Google’s Cloud Platform to host their data centre, having opted to focus on data user queries to provide the best possible user experience. The Google Cloud Platform enables Spotify to scale their service to fit their popularity, and to answer user queries within seconds, by hosting their data centre on their scalable and secure platform.

In an increasingly tech-heavy world, a company’s reputation and ability to stand out from substantial competition is vital to its success, and providing best in industry solutions is the best way to secure a good reputation. True cloud platforms enable companies to deploy their solutions in a Software as a Service format, which guarantees unlimited scalability and global availability. Companies using hosted cloud solutions therefore have two problems. Firstly, they risk the displeasure of their customers at what could be perceived as false advertising – their products are not truly cloud based, and have none of the benefits of a true cloud based solution. Secondly, in providing none of the benefits that true cloud solutions do, they are far from being the best in industry.

Although true cloud solutions offer so many benefits, organisations must design their platform to take advantage of the built in seamless integration and elasticity, in order to realise these benefits. For this reason, Dubber built its recording platform with these true cloud features at its core, and is able to fully benefit from the AWS true cloud platform. Dubber therefore provides a call recording solution that functions as a Software as a Service and offers unlimited scalability, high security, an open API, rapid deployment and no upfront costs. As other true cloud solutions have done for their industries, Dubber has revolutionised the telephony industry and opened up a myriad of benefits for users: making call recording highly relevant and useful for everyone.

Top 3 sectors in UK with call recording regulations

Top 3 sectors in UK with call recording regulations

Laws and regulations put in place to protect consumers have been a large driving force behind recording communications between businesses and their customer. As remote communication overtakes face to face human interaction, it’s paramount to have procedures in place to ensure people are who they say they are at other the end of the line and also to make sure that the communication is safely recorded to resolve any incidents in future.

We’ve all come across the common line when you’re waiting to get through to a customer service agent: “This call maybe recorded for monitoring and training purposes.”. However some organisations may be recording calls to follow regulations, which you might not be aware of. Here’s are some key industries who are keeping their consumers safe through intelligent communications recording:

Contact Centres (Non-financial)

The most common use case for call recording regulations is seen in contact centres where customer service resolve an array of users’ issues. For training purposes and to resolve potential disputes, calls often get recorded at call centres. According to Ofcom’s (the UK’s communications regulator) guidance for recording calls in the UK, contact centres who look to monitor, record calls and communications are required to adhere to a combination of UK & EU legislation which includes but is not limited to:

To summarise the legislation, a home or business user may record communications without permission of the correspondent as long as they do not share the data with a third party, where then they would need to have their consent.

Additionally through the aforementioned LBP Regulations. A business can monitor and record communications as long as they are for a series of laid out circumstances such as preventing or detecting crime or to measure quality. The purpose of most other legislation is to avoid misuse and abuse of recordings.

Financial Services

According to the UK’s financial regulator, the  Financial Conduct Authority (FCA) a series of financial firms are bound by law to record and safely store their communications. These call recording regulations were put in place to “tackle market abuse by identifying and punishing those responsible”.

To begin with, only some financial services companies are required to adhere to call recording. For example retail finance advisors, mortgage brokers, insurance brokers and some others are not required to capture their communications. More stringent rules apply to firms which are in a highly influential position such as investment advisors and stock brokers.

The type of calls that need to be recorded are specifically outlined as ones which:

  • conclude an agreement with any client or with another regulated firm on behalf of a client;

or

  • are conducted with a professional client or eligible counterparty with a view to concluding an agreement.

 

Payment Card Industry (PCI Compliance)

On the back of an earlier initiative by VISA, in 2004, the major card companies aligned to form the Payment Card Industry Security Standards Council (PCI DSS).  On December 15th 2004, the PCI DSS 1.0 was released. Over the following years PCI DSS has evolved to not only provide greater security to the industry, but also to accommodate new technology advancements and is today the global data security standard for payment cards.

If your organisation is looking be PCI compliant then as part of the PCI Data Security Standard (PCI DSS), you’ll be facing the issue of recording sensitive authentication data (SAD) when taking payments through the phone or other devices.

It is a violation of PCI DSS requirement 3.2 to store any SAD, including card validation codes and values, after authorisation – even if the data has been fully encrypted. It is therefore prohibited to use any form of digital audio recording (using formats such as wav, mp3 etc) to store CAV2, CVC2, CVV2 or CID codes after authorisation if that data can be queried; recognising that multiple tools exist that potentially could query a variety of digital recordings.

Dubber or similar services, could assist organisations to become PCI DSS compliant when it comes to recording their communication. Dubber does this in two ways:

  • Dubber’s PCI integration technology with Automated Pause/Resume helps a customer to comply with the Payment Card Industry’s Data Security Standard (PCI DSS). This is accomplished by automatically muting and unmuting a recording when pre-defined system events are detected.
  • The Dubber PCI Payment Node can easily implement PCI compliant payments using the new Dubber PCI Payment Node.  During a call, a PCI compliance transaction is required and the process is triggered by agent. At that point the agent transfers call to the PCI Payment Node (hotkey or phone number) the Node scripts take over, requesting the relevant details (e.g. amount, card number etc).  The captured payment details are sent automatically to the merchant for completion.  Once the transaction is completed, the caller is connected back with the agent to complete the call.

If you’re looking to implement call recording and you’re not sure about the relevant compliance which you’ll need to adhere to, contact your industry authority for further information on specific regulations and legislations.