When the regulator knocks on the door of any financial organization with a trading floor, the organization needs to be able to respond immediately to audits or investigations and provide guaranteed recording and retention evidence of all trades undertaken. That being said, trades need to be reconstructed and documented, pre-trade and post-trade, across all channels of communication. Communications must be consistently monitored for potential irregularities and misconduct, and call recordings retained in searchable format for a minimum period of 180 days. This now includes trades conducted on mobile devices; however, since the UK’s Financial Service Authority (FSA) first introduced new rules on mobile call recording for financial institutions in 2011 it appears that many organizations still don’t have a sustainable solution to help meet their obligations for mobile recording compliance.
At the time when the FSA first mandated that organizations need to implement mobile call recording, the technology available in the market had not matured enough to deliver long term sustainable solutions. This led to many organizations delaying implementation, thus leaving many vulnerable to heavy penalties.
Recording mobile phones is more complex than recording fixed line devices. A fixed line device always has a guaranteed network connection, whether that is IP or TDM, therefore, the network connection can be tapped for recording purposes. This network tapping is carried out at a network level and is outside of the end-users control, meaning that tampering and disabling are not possible.
Mobile recording is inherently more complicated as the end-user has a device that is not physically connected to a network. Compliance regulations state that all calls (and other media types such as text and messaging) now need to be recorded, therefore the technology used must be tamper-proof and able to record inbound and outbound communications (voice and text), and the solutions needs to work wherever the user is located (home network or roaming).
Since the regulations were introduced we have seen three techniques emerge for recording mobile devices in regulated markets outside of the service providers’ network, with the experience for both the company trying to record and the individual user being far from ideal.
This works regardless of which mobile network operator provides connectivity to a trading floor, however it is limited to the mobile operating system on which it sits. In addition there is no compliant app for an Apple phone.
PBX Simultaneous Ring
This controls the call recording directly through the company’s PBX system using a service called Simultaneous Ring. The user gives out a landline number so that all incoming calls are directed through the PBX. The big disadvantage with this method is that if a user gives out their mobile number directly then they bypass the recording – hence this is not a regulatory compliant solution.
This method is typically offered by mobile virtual network operators (MVNOs). A recording capability is installed into their network and the company then has to migrate their mobile estate to the MVNO who issues the new SIM cards. Subscriber numbers have special routing instructions within the network to ensure calls are then routed through the recorders. Whilst this method is handset agnostic and cannot be tampered with or bypassed, it does mean that the company needs to migrate to the services of an MVNO and difficulties in roaming coverage can then become quite restrictive, which will be problematic as the compliance regulations state calls need to be recorded regardless of location.
While each of the above provide some solution none of them have long term viability, making them unsuitable for the finance sector, which is in need of a network-based solution in order to achieve compliance.
In-Network Mobile Recording A Sustainable Approach for Compliance
For financial institutions that need to meet compliance the benefits of a network-based approach are numerous.
• Handset agnostic – helping to support a BYOD strategy
• No service setup delay – end user experience is seamless
• Roaming is included – provided through the Provider’s CAMEL/WINS gateways
• Tamper proof – users cannot disable
Network-based mobile recording is currently the only sustainable approach for meeting regulatory requirements and mission critical enterprise mobile recording needs. Whilst regulatory compliance within the financial sector has been a key driver of this trend, end user preferences and the introduction of BYOD have played a big part in driving how quickly the technology market matured to meet that need.
So when the regulator calls – are your mobile recordings compliant?