For organisations working within the financial markets, changing regulations are a constant challenge.
And as more businesses recentre themselves around customer experience, with the hopes of excelling in the future marketplace, call recording compliance is becoming a matter of increasing importance.
Read on to learn the 6 key need-to-knows of FCA compliance measures, and how you can establish and uphold faultless call recording practices that don’t put your customers and their information at risk.
1. Which correspondence must be recorded?
In 2018, the Marketing and Financial Instruments Directive – or MiFID – was updated, and since then, financial markets organisations have had to adhere to the controls of MiFID II.
Under MiFID, only the telephone conversations of individuals directly involved in trading needed to be recorded.
MiFID II requires firms to record ALL communications relating to the “reception, transmission and execution” of orders and trading.
This essentially means that any conversation involving the sale, marketing or promotion of financial services or products must be recorded.
That even goes for those that don’t lead to a successful transaction, such as a customer simply calling with questions about your service offering.
2. But it’s not just calls...
Further to the requirements detailed above, the recording in question applies to communications across all channels, not just conversations over the phone.
This means SMS text messages, emails, instant messages, video conferences and even face-to-face meetings involving the “reception, transmission and execution” of orders and trading must be recorded.
This is where having a more advanced communications infrastructure is vital.
Cloud-hosted telephony or unified communications solutions can streamline the process of recording correspondence and securely storing data from all channels. Even for remote staff who mostly communicate using mobile devices.
Microsoft Teams* Integration unifies teams across all locations and devices via one number and interface
3. Consistency of format and key details
Financial firms have two choices when it comes to how they store communications data from correspondence related to orders and trading.
They can either record them, or manually transcribe their contents.
However, when noting the call information as opposed to recording it, it is important to be comprehensive, or to quote the FCA themselves, to “capture all the main points of the full conversation that are relevant to the order”.
These points can be easily identified and logged manually, or automatically by call recording software, including:
- Date and time of correspondence
- Identity of attendees/recipients
- Initiator of correspondence
- Relevant information about the client order including the price, volume, type of order and when it shall be transmitted or executed
Whether you choose to opt for call recording, or manual note taking, decide which mode of recording is best for you, and apply it consistently across all relevant communications.
4. Length of data retention
MiFID II requires records to be stored and accessible for a duration of five years – a significant jump from the initial six-month duration specified under the previous directive.
In some cases, this length of time can even be extended to seven years at the request of the regulator.
5. Explaining that a call is being recorded
Under GDPR, it is important that firms also explain to those on the receiving end that their call is being recorded, and justify the reasons for this.
For your call recording to be compliant with GDPR, the recipient must be aware that:
- All parties involved must consent to the call being recorded
- The recording is a legal requirement
- The recording is in the public interest
- The recording is in the interests of the recorder.
And for those wondering, these stipulations apply to UK businesses as well, under UK-GDPR.
Want to know the differences between these two regulations? Here is a quick rundown
6. Can you be both FCA and PCI compliant?
A common misconception in the financial sector is that it is not possible to be both compliant with the Payment Card Industry Data Security Standard (or PCI DSS) and FCA measures such as MiFID II.
The reason for this is that, under the rules of PCI DSS, it is prohibited for vendors to store any sensitive payment authentication data. Even if it is encrypted.
FCA regulations on the other hand, as detailed above, insist that financial organisations store sufficient detail of all conversations related to orders and trading for years at a time.
It sounds like a paradoxical demand, but there is a way to achieve both.
With the right telephone systems or contact centre technology, organisations can maintain accurate records of relevant correspondence without any sensitive payment data ever passing through their organisation.
Market-leading technologies can re-route customers just before the point of payment, allowing them to enter their information using their telephone keypad, which is then processed directly by their bank.
This means PCI compliance is achieved, as the payment information never passes through your organisation, which enables you to still record the call in line with FCA compliance.
The 6 need-to-knows of FCA compliant call recording: Takeaways
Regardless of whether you are trying to adhere to FCA measures or PCI compliance, call recording should always be carried out responsibly and efficiently.
The business benefits offered by call recording are numerous, particularly for those looking to raise their standards of customer experience.
But if customer care is to be your ultimate goal, your duty of care should also cover the preservation of their information, assets, and privacy, at all costs.
Here are the 6 key things to remember about call compliance if you’re a business in the finance space:
- FCA compliance requires firms to record all communications relating to the “reception, transmission and execution” of orders and trading.
- This applies to communications across all channels, not just phone calls – text messages, emails, instant messages, video conferences and even face-to-face meetings are included.
- Data can either be recorded automatically, or manually written down, but if so, there are a number of details that must be included.
- MiFID II requires records to be stored and accessible for a duration of five years. This can be extended to seven at the request of the regulator.
- In order to comply with GDPR, it is vital that when a call must be recorded, the reasons for this are clearly explained and justified to the recipient.
- It IS possible to be both FCA and PCI compliant while recording calls – all it takes is smart contact centre technology or the right telephony solution.
At NFON, we supply cloud-hosted telephony, unified communications and contact centre software that can help you uphold the highest standards of compliance. Talk to a member of our team today to find out more.
*Microsoft Teams is a trademark of the Microsoft group of companies