Mounting regulatory focus on voice surveillance

Published on September 6, 2024 by Taqiya Khanum

In today’s regulatory environment, organisations face pressure to regulate and monitor all types of communications to protect their business and customers from risk and fraud.

For verbal communication, voice monitoring has become an essential tool to alleviate risk and maintain transparency between stakeholders. It has been developed as a fundamental part of the latest security frameworks, focusing on the need to ensure data safety, enforce workplace controls and assist in scrutiny and probes. Voice surveillance technology also helps companies improve customer service and business processes, providing valuable insights and innovative ideas for enhancing security.

Voice surveillance, an extensive feature of monitoring, recording and analysis of verbal communication, has emerged as an effective tool for financial organisations. The ability to track and examine voice data at the workplace has transformed how threats and issues are detected and managed. Voice surveillance has helped organisations predict bad actors, enabling pre-emptive involvement and acting as a compliance and quality-control mechanism.

However, this technology also has drawbacks in terms of employee privacy and security of the organisation, but the compliance landscape, combined with technical solutions and best practices, can safeguard both employees and organisations. While voice surveillance has several benefits, the balance between protection and privacy remains a significant challenge in its application.

Importance of voice surveillance

• Regulatory compliance and legal obligations: Regulators are more concerned about the business-related activity conducted on calls for which they have come up with robust guidelines and rules for voice surveillance. To keep up with these regulatory obligations, organisations need to engage in voice monitoring of transaction-related calls to protect their customers and their business. This applies to sectors such as banking, insurance and legal services, where disputes and conflicts of interest may arise and lead to regulatory breaches.

• Helps identify and avoid deception: The voice surveillance process helps detect suspicious activity such as fraudulent dealings, unlawful transactions, unauthorised approvals, cancellations of security already booked for unknown reasons, insider trading, security breaches and other market manipulations. The compliance and operational risk teams would review voice calls and conduct further investigation to prevent fraud.

• Improves efficiency of operations: Companies can improve compliance, determine red flags and adhere to internal policies and procedures by using voice surveillance. This can also help identify patterns of breaches, enhance quality by creating awareness within the company and lead to reviewing communication policy if necessary.

• Facilitates internal audit and investigation: With internal calls recorded, issues with conduct, production or operations can be identified. Voice surveillance ensures all the necessary interactions are recorded and preserved as evidence of compliance and enables auditors to trace communication, identify issues and ensure compliance with internal policies and controls and external regulations.

Best practices when deploying a voice surveillance system

• Prioritise privacy and implement robust security: Ensure employees’ personal information is not disclosed and calls are encrypted, to avoid unauthorised access and misuse of voice data. Voice and video recordings need to be protected from unofficial access, exploitation, misuse, manipulation or data breaches by implementing strong security measures such as encryption, two-step authentication and frequent security audits and tests to identify and rectify any area of compromise.

• Maintain transparency: The parties concerned must be made aware of the reason for surveillance, the intended use of the recordings and their rights relating to gathering and storage of data. Consent must be unambiguous, and the surveillance process must be transparent. Organisations must ensure accountability by conducting quality checks, routine audits and compliance monitoring.

• Limit the quantity of data collected and retained: Organisations must adhere to the "principle of data minimisation and purpose limitation", which states that information should be gathered and used only for the purpose for which it was collected. Explicit guidelines for deleting or removing data in line with regulatory requirements and industry practice should also be provided.

Regulatory framework

Laws and regulations pertaining to voice surveillance differ, depending on the sector and jurisdiction; there are specific legal requirements governing the gathering, storage, use and safeguarding of the different forms of voice communication.

For example, the US has two main acts that govern the monitoring of electronic communication, including voice surveillance: the Electronic Communication Privacy Act (ECPA) and the California Consumer Privacy Act (CCPA).

The European Union has two main laws: the General Data Protection Regulation (GDPR) and the Financial Conduct Authority’s (FCA’s) rules on recording electronic communication, derived from the MiFID II directive, which outline how personal data should be processed during surveillance, including disclosure of voice recordings to third parties.

Fines due to lack of voice surveillance monitoring

• In August 2023, one of the world’s largest international investment banks was fined USD5.5m by the US Commodities Futures Trading Commission (CFTC) for improperly recording and maintaining specific voice communications.

• In December 2022, the UK's FCA fined two companies approximately EUR5m for violating voice-monitoring laws.

Conclusion

The voice surveillance process offers substantial benefits for the companies by enhancing the ability to adhere to regulatory requirements by providing detailed oversight of communications and ensuring that practices align with legal standards. Voice surveillance aids in detecting compliance breaches early, preventing potential legal and financial repercussions. Additionally, it supports the creation of a transparent and accountable business environment, where risks are managed proactively. By integrating voice surveillance into their compliance strategy, companies can strengthen their adherence to governing guidelines, safeguard their reputation and foster a culture of integrity and diligence.

How Acuity Knowledge Partners can help

We help companies conduct a thorough review of electronic communication. Our team of experts review voice data and escalate potential issues for review and resolution. We aim to provide clients with scalable, cost-effective solutions to eliminate risk and increase service quality by offering compliance expertise and a wide array of other services. For more details on our compliance offering, see here: https://www.acuitykp.com/solutions/central-compliance.

Sources:

• COBS 11.8 Recording telephone conversations and electronic communications – FCA Handbook

• Electronic Communications Privacy Act of 1986 (ECPA) | Bureau of Justice Assistance (ojp.gov)

• Audio Surveillance Laws by State: Everything You Need to Know (upcounsel.com)

• Audio and Video Surveillance Laws (byuh.edu)

---

---