Compliance: important ownership changes while adapting for flexible remote workforces
Managing Director|Kerv Collaborate
Published 31/03/22 under:
Have a question?Get in touch
Managing ever-growing regulatory demands was tough even before COVID-19. Now controls have to cover a remote workforce increasingly using diverse collaboration tools and messaging apps. And compliance is no longer solely a company responsibility. UK regulators are also coming after individuals under Senior Managers and Certification Regime (SM&CR) legislation.
Discussed in detail in our white paper, here are the key takeaways for board members, compliance leaders and IT managers.
Technology: friend or foe?
Home or hybrid working looks set to stay. One year on from the first national lockdown the FCA has made it clear UK firms have had ample time to put compliance recording measures in place for remote workers. That’s easy to say and hard to do. Especially when they’re using more devices and channels than ever before.
Old-world surveillance technology focused mainly on phone, mobile and email. Today, the only way to ensure continuous compliance is to record and monitor all business-related communications across all channels on all devices – phone, PC, laptop, tablet and mobile. Increasingly, this includes interactions over video platforms like Teams, Skype and Zoom plus messaging apps like WhatsApp, Signal, Telegram, LINE and WeChat.
Also, in the case of financial firms, all communications relating to deals and investment must be recorded and kept – even if they don’t result in a financial transaction. That’s a lot of data storage. And a lot of unbudgeted expense.
SM&CR rules firmly place senior managers on the front line. They are personally accountable for their actions with the threat of misconduct investigation, fines, prosecution and possible suspension or dismissal. While effective governance models with clearly defined roles, responsibilities and processes go a long way to helping, they still don’t solve the basic problem. Your clients want to choose how and when they engage with your business. However, unless you can monitor and record conversations, you can’t offer those services, leaving your company out in the cold and falling behind rivals who can.
When I talk to our customers, they’re understandably spooked. Some are looking to get started with a specific solution for, say, capturing calls on Microsoft Teams. Others want to simplify a spaghetti of legacy compliance recording, archiving, and reporting products. It’s not uncommon for PBX recordings to reside in one archive, Trader Voice in another, emails in another, IM chat messages in another, and so on. Standalone systems with multiple archives can be spread across various regions and legal jurisdictions.
Assuring the compliance journey
At Kerv, we have market-leading solutions and experts to assist at all points of the compliance journey. Our professional services team provide assessments and end-to-end solutions including MS Teams deployments, from licencing and solution design to PBX integration and compliance recording.
Along with maximising savings from retiring legacy systems, we help customers avoid hidden pitfalls and gotchas. For example, by designing always-on solutions for only those employees who need to be recorded, not those who don’t. So, there’s no need to over-engineer storage for peak loads such as a large weekly Microsoft group call. Storage costs are further minimised through automated record de-duping. Total cost of ownership and bandwidth are also lowered using technologies to reduce file size and frame rates.
Using AI automation we take the heavy lifting out of tasks like transcription, translation and proactive monitoring. And we boost ROI with infrastructure-related features like permissions-controlled access, active-active resilience across geographies, and PowerShell scripts to cut deployment times from days to hours.
So, however daunting compliance recording may appear, our customers are in safe hands.
You might also be interested in
Have a question?
"*" indicates required fields