It is important to recognise that unless a company provides financial services or takes credit card details over the phone, compliance is not required in line with Ofcom regulations. Where compliance is a business priority, it is often led by card providers / financial establishments that have individual requirements in line with these regulations. These requirements may vary based on the amount of transactions made or expenditure, for example. Any business should look at the level of compliance required within their industry and business circumstances when they are looking to implement a call recording solution.
Whether the reason for deploying call recording is regulatory compliance or internal compliance, the actual call recording software remains a small element of a business’s overall compliance strategy. Compliance is not simply about technology, it’s about overall business processes.
The common misunderstanding is that the purchase of a PCI-DSS compliant call recording solution will make a company compliant with relevant regulations and directives. Until the call recording solution is fully automated, whereby the business does not need to rely on staff to follow correct procedures, there will always be room for human error. Being compliant 70% of the time makes a company liable, not compliant.
The challenges are the same for SMEs as they are for larger corporations, for example:
- Manual stop/start is under the control of the agent, so liable to human error / deliberate action. Essential details from a call can simply be lost or not recorded.
- Even when call recording is used correctly, a call handler could repeat information out loud for others to hear.
- Once calls have been recorded it is then important to store calls securely to avoid sensitive information being accessed without permission.
Tollring believes that in addition to automated functionality within call recording software, the communication of customer responsibilities is of paramount importance when looking to achieve any form of compliance. Following deployment of a call recording solution, one could argue that it is not the solution itself that is compliant, but how the company uses the solution. A call recording solution can certainly mitigate risk, but every company must understand its responsibilities to become fully compliant.
Customers are looking to their Service Provider to help them achieve compliance. SP’s who rise to this challenge by delivering a robust product experience which also differentiates them from the competition are the ones most likely to win their customer’s hearts, minds and more importantly – their business and loyalty.