When worlds collide: BYOD, Mobility and Compliance

The workplace is under siege. Australian companies are facing an unprecedented level of compliance and regulatory issues and extra challenges added as BYOD continues to cement itself in the workplace.

The need to ensure compliance wherever business is done is a big challenge for IT, and BYOD creates a new wave of challenges for business in ensuring their compliance needs are met.

A new wave of regulation

The 'Global Financial Crisis' (GFC) has seen a new wave of regulations being introduced around the world. The UK, USA and Japan have mandatory requirements already in place to record all calls automatically.  This includes mobile conversations that involve security or foreign exchange activity.

In the APAC region Japan, Hong Kong and Singapore have introduced varying degrees of regulatory requirements associated with security and foreign exchange trading. Australia is following with the Future of Financial Advice (FoFA) reforms that came into effect on July 2012 and are mandatory from July 1 2013.

The common theme across all this global regulatory legislation is a requirement to prove ‘best interest’ when providing ‘relevant advice’ to a customer. One of the challenges facing business is how to meet these regulatory requirements in a world which is increasingly mobile and where “Bring Your Own Device” (BYOD) is the norm.  How does a business prove ‘best interest’ and the ‘relevant advice’ was given when the conversation is on someone’s mobile device?

This convergence of regulation and mobility are driving the need to record all conversations, particularly in foreign exchange and security trading, be it on landline or mobile, in the office or out of office. 

"This call may be recorded for training and quality purposes"

In Australia, the requirement to record mobile calls is not mandatory, but it is highly recommended as a means of proving best interest.  Likewise, in Hong Kong and Singapore, call recording is not mandatory but they are expected to update their legislation later this year to include mandatory call recording elements.

Of greater significance is the broadening of the Dodd Frank legislation in the US.  This has been refined and broadened to the point that it now impacts any financial institution that has a presence in the US (foreign owned or not) and these requirements extend to their businesses globally.  Financial institutions that have any presence in the US are now looking to implement mandatory call recording globally. 

This convergence of regulation and mobility is what drives the need to record all conversations, particularly in foreign exchange and security trading, be it on landline or mobile, in or out of office. This is possibly the best way a business can prove ‘best interest’ and the ‘relevant advice’ was given when the conversation is on someone’s mobile device. No matter where the conversation takes place, no matter on what phone the conversation takes place and no matter at what time the conversation takes place, if you talk to a customer then financial institutions want that call recorded.

PCI, data breaches and fraud detection

Another compliance issue causing Australian companies headaches is the Payment Card Industry Data Security Standards (PCI DSS) introduced in 2006 by major credit card companies to improve protection against data breaches. Currently, the average data breach is costing Australian companies more than $2 million per incident.

In the past fortnight it was reported that Smart Service Queensland (SSQ), a business unit of the Queensland Department of Science, Information Technology, Innovation and the Arts (DSITIA), was found to be recording and storing Australians' credit card numbers, in clear breach of the PCI DSS.

Even businesses with large teams of IT professionals are struggling to keep ahead of the changes and stay compliant. It may well be that your company prides itself on customer privacy, but from the customer’s view, the confirmation of the safekeeping of their personal details is paramount in creating customer loyalty and gaining their trust. 

Compliance can add value to your business

Many C-level executives are applying best practice in their businesses and recording all calls coming in and out of their organisations, mobile or fixed , ensuring regulatory requirements are met. Due to the nature of mobility, cloud recording services are providing unique flexibility ensuring all calls are recorded, in the same country or roaming to some sunny place on the other side of the world.

With many CIO’s driving analytics projects, we are starting to see the data stored in the call recordings assist business to spot trends, identify risks and learn insights to enrich your businesses understanding and deliver results that affect the bottom-line.

Regulation is not going away, you might find that the information you capture and the way you implement your compliance tools can help drive your processes, enhance your business and ultimately your bottom line.