Keeping Up with Compliance in the Financial Sector

Organizations have had to face a myriad of challenges during the COVID-19 pandemic as they have taken their previously office-bound workforces remote. While many organizations have had a cloud transition in their roadmap for some time now, the plan was probably closer to a roll out over the course of three years, not three months. In the rush to get their workforce connected and operations continuing at full steam ahead, some of the transition challenges have been fairly straightforward. Checklist items for most businesses like making sure that everyone has a laptop, home internet connection that is up to snuff, and a way to make their calls are obvious.

However, for some industries that face stricter regulations, they face compliance hurdles that need to be addressed. In hopes of gaining a better handle on what the challenges are and how organizations are working to overcome them, we caught up with Alexander Grafetsberger, Luware’s Executive Director in the UK for some of his insights.

Regulated Industries — More Regulations, More Obstacles in Going Remote

Everyone wants companies to treat our data with care and respect. Standard security best practices are usually sufficient for most, but in some cases, we demand that organizations take a number of extra precautions for ensuring transparency.

In the financial sector, regulations such as MiFID II and Dodd-Frank are aimed at protecting investors while ensuring that operations are kept above board. One of the ways in which they increase transparency over interactions taken by employees at regulated firms is by requiring that all communications be tracked and recorded.

This regulation has become standard practice across the financial industry. However, the move to remote has made recording conversations a significant challenge that many organizations have struggled to find solutions for as they move from the office to remote.

Maintaining Compliance in and out of the Office

“Covid has put many of our customers into a situation where they had to establish a compliance solution within a very short time,” Luware’s Grafetsberger tells UC Today, explaining that, “With Microsoft Teams they could enable employees to communicate with customers while working from home and at the same time forced them to put a compliance solution into place immediately.”

When work was the place that you went, it was easy enough for the IT team to set up phones for making calls with the necessary features built in to start recording every call automatically. Now that work is something that we do from everywhere, often on our personal devices, recording is a harder lift to comply with.

“Due to their entire workforce being sent home, many of our customers migrated to Microsoft Teams before they established a proper compliance tool,” says Grafetsberger, adding that “Many of them disabled the calling feature as they could not record customer communication as required by regulations.”

He explains that some companies are attempting a workaround by redirecting their office telephones to the employee’s mobile phones to ensure compliance recording.

But this is far from an ideal or effective solution for the long term.

While tools like Microsoft Teams can of course record conversations, it is not done automatically. This is important since it can allow for manipulation by bad actors who decide when to turn recording off and on.

Speaking of Luware’s experience of helping customers respond to the crisis, Grafetsberger says that they were able to help their customers reach compliance within days. This included meeting the regulation that requires recording be done for all modes of communication.

“To ensure their business continuity and to remain compliant they need a solution that covers all communication channels and devices,” he explains, noting that, “If someone from the organization communicates, then it needs to be archived and easily retrievable.”

Alexander Grafetsberger Luware UK Director
“To remain compliant companies need a solution that covers all communication channels and devices.” Alexander Grafetsberger, Executive Director at Luware UK

5 Must Haves for Recording Requirement Compliance Solutions

The list of requirements for meeting compliance are long, but here are a few of the must have features that any compliance solution must have.

  • Capture: All communications need to be recorded: voice, video, screen sharing. On all devices – mobile, desktop, tablet.
  • Archiving: All info must be stored in a secure archive and must be available.
  • Voice Transcription: Must allow to run free text speech and search filters.
  • Quality Check: Must ensure that all communication is recorded and must ensure the voice quality.
  • Infrastructure Monitoring: Must ensure that all components are running and operating properly.

Deciding on How to Deploy

Every organization is going to have its own considerations when it comes to how they choose to set up and deploy a compliance solution for working with Microsoft Teams.

Some teams will have the resources and internal knowledge of how to go about self-managing their deployment of the compliance solution. This includes organizing your own space on the Microsoft Azure cloud, installing the service, setting up firewalls, carrying out security updates, among other tasks.

However, most organizations are probably looking for ways to avoid taking on additional headcount and operational costs. Therefore, they are more likely to seek out an “all inclusive” type of option through a Managed Service Provider (MSP).

The advantage here is that the MSP will handle the deployment end-to-end. This includes tasks like installing and maintaining the software, implementing security patches, and the like. In this scenario, all the data remains on the organization’s own infrastructure, mitigating concerns for a widening threat surface or other data safety issues.

Figuring Out the Way Forward

As we enter into the fall, organizations are starting to find their footing in the new normal. Regulators have been lenient when it comes to allowing for added flexibility as organizations work to fall in line with the requirements, and it is likely that many of the rules that were written for “in the office” work will change.

However, the one thing that is certain is that we are unlikely to find ourselves back where we started the year. Even as many begin to appear more often at the office, the structure of work has undergone a seismic shift that demands that organizations prepare themselves for a hybrid future where remote is a core part of how they think about their infrastructure and services.
How exactly this path towards the remote-hybrid model is shaped is still an open question. For advice from experts, we suggest joining the webinar on September 10 that is being organized by Luware and Verint.