Calculating risk and the potential reward is a normal part of doing business. When it comes to managing a contact center, the one time you should never take a risk is in regards to regulatory compliance. Failure to comply with industry and call center regulations only results in extensive fines and litigation. Just recently, Infocision, a telemarketing service that has represented American Heart Association and March of Dimes, was recently fined $250,000 by the Federal Trade Commission.
Depending on the contact center’s industry, they can find themselves lost in numerous compliance and regulatory mandates. Here is a look at eleven compliance acts that contact centers should be aware of.
- Call monitoring consent: Federal laws and most state laws require that at least one party is aware a call is being recorded and consents to it. And several states require that all parties be notified. Since contact centers often manage calls in several states, it is a good rule of thumb to follow the strictest requirements to assure 100% compliance. On incoming calls, all callers should receive notice before being connected with an agent and on outgoing calls; the required wording should be part of the agent’s script.
- Fair Debt Collection Practice: The Fair Debt Collection Practice Act (FDCPA) was passed in 1977 and prohibits the use of abusive or threatening language or unfair debt collection practices. This act applies to contact centers that collect personal consumer debts including credit card payments, utility payments, cell phone bills, and late auto loan payments. It does not include business debts.
- Do Not Call Registry: The do not call registry gives consumers a way to opt out of telemarketing calls by registering their phone numbers online. Contact centers can access the do not call registry online. Failure to comply can result in fines of over $40,000.
- GDPR: General Data Protection Regulation (GDPR) is the most recent regulation that contact centers need to comply with. GDPR applies to any business that accepts and stores information for EU residents even if the business is not located in Europe. The purpose of the GDPR is to grant ownership of sensitive information to individuals. They can request all stored data and for it to be erased. Businesses need to have a way to provide requested information to individuals and be able to delete it quickly to remain in compliance.
- Truth in Lending Act: The truth in lending act requires contact centers to disclose information about terms, interest rates, and late fees to customers.
- The Dodd-Frank Act: This law requires contact centers record all phone conversations and save them with date and time stamp in a searchable format.
- Sarbanes-Oxley Act: This act was passed after scandals like Enron and requires businesses implement a system to assure recorded calls cannot be changed or deleted prior to the end of the mandated timeframe.
- HIPAA: This act applies to contact centers and businesses storing personally identifiable health information. Businesses must take steps to restrict the flow of personal health information and prevent it from being shared with other parties.
- PCI-DSS: The Payment Card Industry Data Security Standard (PCI DSS) was established in 2006 by five major credit card companies. It outlines a set of standards contact centers must abide by if they want to be able to process credit card payments including limitations on how data is stored.
- Equal Credit Opportunity Act: The ECOA prohibits businesses from using race, age, color, religion, gender, marital status, etc. to determine if you qualify for loans or credit.
- Gramm-Leach-Bliley Act: This act requires contact centers to share the information sharing practices with borrowers giving them the option to opt-out. In addition, it requires that businesses must maintain written documentation of their security protocols.
How Speech Analytics Can Keep You Compliant
Since there are so many rules and regulations for contact centers to abide by, it is crucial they have an established system to track, record, and assure compliance over time. A commonly used solution is speech analytics software. Speech analytics improves compliance by automatically listening to every call, transcribing it into searchable data, and automatically scoring calls.
To assure agents are adhering to scripts, call centers can utilize speech analytics to listen for required wording or common missteps. Failure to utilize required wording should send a notification to management and be reflected negatively in their automatic scorecard. In addition, speech analytics software like CallMiner includes redaction software that can remove sensitive information like credit card information so you can store the conversation and remain in compliance with multiple regulations outlined above. It is more important than ever to make sure your contact center is compliant and up to date on regulations.