MiFID II came into effect on January 3, 2018, implementing a zero-tolerance policy. This legislation enhances existing rules while addressing changes in the trading environment since the original MiFID. Its purpose is to promote more efficient, resilient, and transparent financial markets, particularly in response to the financial crisis.
Under MiFID II, all forms of communication that aim to result in a transaction, including voice calls, VoIP calls, SMS, emails, and chat-based applications, must be recorded and stored for a maximum of 5 years. Additionally, companies are required to have effective control over call recording policies, including monitoring recorded calls for compliance and ensuring the logging of any communications that are not fully recorded due to network problems, for example.
As a result, many financial firms may need to update their existing infrastructure and platforms or implement new ones to meet the recording and storage requirements of MiFID II. This legislation necessitates secure storage capacity with virtually no limitations, as well as the ability to record and store communications from remote workers or those working from home. Among the security options for call recordings, there is also an item about data encryption. This is important for call recording privacy and should be enforced by all companies that record and store calls.
Table of Contents
Why Encrypt Recorded Phone Conversations?
You have several options for organizing call recording and the iPhone call recorder app is one of them. The easiest way to record calls on a smartphone is through an application since they do not have a built-in function. With an iPhone phone recorder, you can record incoming and outgoing calls in good quality. If you are looking for something to download on the App Store, then try iCall. This is one of the leaders in the call recorder segment and enjoys a good reputation. Moreover, the service offers a free trial version.
#1 Compliance Regulations
Stringent recordkeeping and data protection regulations, such as CCPA, NARA, FINRA, and MiFID II, necessitate the use of call recording software for compliance. This software helps companies avoid substantial fines and penalties, which can exceed millions of dollars. The new CCPA regulation specifically outlines encryption requirements. Failure to encrypt sensitive data not only violates CCPA but also demonstrates a failure to provide reasonable security procedures for protecting sensitive information. Breaches in 2020 are projected to cost $150 million, emphasizing the need for data encryption across various channels like phone calls, emails, and text messages. It is anticipated that more states will introduce regulations similar to CCPA, with some, like New York, already in the process of drafting their versions.
#2 Transparency and Traceability
Gartner’s technology trends incorporated transparency and traceability. The trust crisis caused by new technology has heightened consumer awareness regarding data storage. Thus, businesses must ensure transparency and customer focus. By addressing their privacy and trust concerns through encryption of phone calls, emails, and data, businesses can enhance customer satisfaction, elevate NPS scores, and increase retention rates.
#3 Protect From Hacks
Thousands of daily attacks cost businesses billions each year, highlighting it as a top concern for companies worldwide. It is crucial to prioritize the protection of your intellectual property and customers’ data, regardless of the industry you operate in. Hackers can easily obtain sensitive data when customer transactions occur via phone calls, making it necessary to safeguard this information. By March 2019, over 14 billion data records had already been lost or stolen, with a mere 4% of these breaches being encrypted to render them useless to hackers. Adopting a proactive stance towards encrypting all stored data, not just calls, is essential for businesses, as the costs associated with reacting after a breach are exorbitant in terms of finances, brand image, and customer trust.
Regulator Requirements
The goal of each company is to achieve MiFID compliance. Every organization must set up and prepare to comply with regulatory requirements. There are SaaS services that enable organizations to swiftly, securely, and cost-effectively fulfill all aspects of MiFID II compliance.
A crucial requirement of MiFID II is the secure storage of all communications for 5 years. To comply with ISO27001, your call recording service must operate across two geographical sites: one production site and one disaster recovery site. A prerequisite is that recorded calls must be securely transferred from the Call Recorder to the recording facility via a protected connection.
According to the rules, the files then undergo a two-stage encryption process, following ETSI TR 102 661 guidelines. Firstly, each data file is assigned a new random secret key (AES, 256 bits). Then, the secret key is encrypted using an RSA asymmetric encryption algorithm with a key length of 2,048 bits. The encrypted secret key is stored alongside the encrypted data file in the database, ensuring that no content is stored, only metadata.
Conclusion
Any successful business understands the importance of encrypting crucial data. Surprisingly, 96% of stolen phone records lack proper encryption. However, the reality often differs from the ideal in many companies. To avoid the financial repercussions of a cyberattack and the subsequent loss of customer trust, immediate implementation of encryption is recommended.