Cloud Confessions: Q&A with CTO on Communications Compliance

Cloud Confessions: Q&A with CTO on Communications Compliance

Kyle Ansari

Kyle Ansari

CTO|Kerv Communications Compliance

Tech Enthusiast, Mountain Biker Responsible for Engineering, Product and Development at Kerv communication Compliance.  

Published 12/12/22 under:

Have a question?

Get in touch

Kyle Ansari is CTO of Kerv’s Compliance practice, he’s responsible for the engineering and development of new products in this fast-moving area of business technology.

Our CMO Helen Lancaster caught up with Kyle to find out more about his journey to becoming a CTO. Helen also finds out what he has learned from working for both Financial Service organisations and service providers in the compliance market.

Helen: Hi Kyle, can you tell us a bit about your background and how you became a CTO?

Hi Helen, my background is actually in the theatre, which I know is an unusual training ground for a CTO! But today’s theatres employ more technology in sound engineering and lighting than you may think!

My background is actually in the theatre, which I know is an unusual training ground for a CTO!

My role was basic, but I was interested in how things actually worked. I started reading the engineer’s notes to see how they solved common problems.

Over time I became a senior engineer and went to work on-site for one of our large banking clients, Deutsche Bank.  I was offered a position designing their back-end voice recorders globally. This skill was in high demand for banks at the time and I subsequently ended up doing similar work for two other major financial institutions.

My big break came when I was approached by a new company.  They needed an architect to design a new voice recording solution and a robust transformation plan. Over time I did similar work for other major clients, which resulted in me becoming a director of the company and ultimately the CTO.

Helen: Interesting. So, what have you learned from implementing these compliance solutions?

I think the first thing I learned is how critical compliance is to financial services clients. The stakes are high, non-compliance can result in major fines, reputational damage and ultimately revenue loss.

Secondly, financial service organisations take compliance very seriously, but it is hard for them to have the experience and the technical staff to cover every eventuality. There are always processes and controls in place to handle non-compliance events. Without the expertise on hand, they sometimes don’t get followed. It’s a fast paced, high-pressure environment and needs 24×7 attention to get systems back online in the case of an incident. For a financial services organisation a gap in call recording is not only unacceptable, it immediately makes them non-compliant.

Financial service organisations take compliance very seriously, but it is hard for them to have the experience and the technical staff to cover every eventuality.

There is also now a new challenge for financial institutions. Their data is no longer 100% contained in-house. This means that somebody else is managing the infrastructure, which creates the security problem of who is authorised to access call recordings and data. This becomes even more acute when it is hosted in cloud infrastructure from a service provider.

The answer to this problem is to work with a specialist provider, like Kerv. We have rigorous, audited and tested data environments that mean only our clients can access their data, we can’t even access it ourselves. To ensure that only authorised personnel can gain access to sensitive data we conduct, penetration testing, extensive security audits and provide documented evidence of our security controls.

Helen: You mentioned that there are security challenges when financial service organisations host their data in cloud infrastructure. How can these be dealt with?

Ironically, the key benefit of cloud infrastructure, is also the organisations main concern. Which is the clinical separation of the data that is stored for compliance purposes.

At Kerv, we provide a level of audit across our customer’s data that they simply could not achieve in-house.

On one hand they fear a loss of control, but on the other, the benefit far exceeds the risk. This is because their call recordings are stored and archived in a totally separate environment, managed by a team of dedicated professionals. At Kerv, we provide a level of audit across their data that they simply could not achieve in-house. They don’t have to control their data, we do it for them.

Helen: Is moving to cloud a simple one-time decision or a journey?

It is definitely a journey. It makes a lot of sense to make the transition, but the execution is necessarily a lengthy process, that requires planning and a great deal of due diligence.

I have talked about the importance of security, for some clients it can take 6 months to complete a cloud migration for this reason. This may feel like a long time, but it is critical for them to demonstrate the safety and security of putting their important data in the cloud.

For some clients it can take 6 months to complete a cloud migration.

At Kerv, even when our customers have gone live their journey isn’t over. We are constantly looking for ways to streamline their processes or upgrade security controls to improve their ability to audit.

We recently had a client who needed to be able to transcribe their call records. Because we had their data in the cloud, we were able to easily deliver their transcriptions in a searchable and secure manner.

Helen: What do you think clients look for from a compliance service provider?

I think there are two key things that a service provider can bring to the table, that it is hard for financial institutions to replicate.

The first is experience. It’s essential that a vendor understands the compliance issues a bank faces, the problems that can occur during migration and the typical financial security requirements.

The second is best practice. It’s very hard for a financial institution to know how their competition have solved similar problems. At Kerv, we have seen numerous deployments and without breaking any confidence we usually know the problems that will be encountered and the best ways to overcome them.

Helen: I heard a rumour that that Kerv is currently the only service provider that provides CDR reconciliation for Teams recording. Is that true and why is it important?

Well, it’s always hard to say exactly what other suppliers are doing. But, yes, I believe that is currently the case. We have the capability to give clients a full list of the calls that are made in their Teams environment and we already have this live and working with a major financial customer.

CDR reconciliation is not strictly a compliance requirement, so it can be easily overlooked. But it’s an important data point because it gives customers confidence that in the event of a failure, they will have much better information about exactly what has happened and why.

Helen: What recommendations would you make to a CIO who is selecting a vendor to implement compliant call recording?

There are three attributes that are essential for a successful partnership in this space.

The first is a thorough investigation into the credentials of the company selected. What are their resiliency processes? How do they deal with failures?

The second is their maturity in implementing access controls and data security, as I said earlier, security for financial organisations is paramount.

Finally, I would want to understand how they will integrate their security policies with those of the customer. Each financial institution is different and ensuring that the vendor can respond to these variations is key for success.

Helen: That’s very interesting Kyle, thanks for sharing your thoughts with us today.

About Kerv

Kerv Communications Compliance Practice has years of experience and unrivalled technical knowledge, delivering ground-breaking compliance projects for global financial institutions, assisting customers in taking the next steps in the migrating, capturing and managing the evolving state-of-the-art communications compliance.

Related Articles

You might also be interested in

From our world to yours

Casting An Eye On A CoE

From our world to yours

Growing Our Group Capabilities with Monochrome Consultancy

From our world to yours

Uncovering Unconscious Bias

From our world to yours

Life @ Kerv Digital As A Solution Architect

From our world to yours

CX & EX Reimagined: Driving customer loyalty and employee wellbeing through Genesys...

From our world to yours

Facilitating Your Finance Department With Business Central

From our world to yours

Artificial Intelligence: The Dawn Of A New Era

From our world to yours

6 Benefits of Managed Security Service Providers

From our world to yours

Kerv Digital Events: Microsoft Cloud For Nonprofit Live Demo

From our world to yours

Kerv Digital SNT 2023

From our world to yours

All About Automation

From our world to yours

Life @ Kerv Digital As A Business Central Support Consultant

From our world to yours

Why the SLA isn’t enough – what really matters when choosing an...

From our world to yours

Accelerate your communications compliance with MS Teams

From our world to yours

What Makes a Good Managed Service Provider

From our world to yours

A Deep Dive Into Data Science

From our world to yours

Life at Kerv as a Commercial Director

From our world to yours

The Importance of Sustainability and the Changes We Need to Make

From our world to yours

Decision Making Problems & How To Navigate Them

From our world to yours

Microsoft Cloud For Nonprofit: Campaigns

From our world to yours

Email vs Messaging: The Search for a Better Customer Experience

From our world to yours

Life @ Kerv Digital As A Full Stack Developer

From our world to yours

Microsoft Cloud For Nonprofit: Volunteers

From our world to yours

A Kerv Digital & Firebrand Training Success

From our world to yours

Going Beyond The Theory: Kerv Digital & The DVSA

Have a question?

Leave your details and a member of the team will be in touch to help.

"*" indicates required fields

By pressing send, you agree to our Terms and Conditions and Privacy Policy.
This field is for validation purposes and should be left unchanged.