Exploring Compliance Regulations And The Role Of Speech Analytics

Exploring Compliance Regulations And The Role Of Speech Analytics

by Scott Kendrick, VP Marketing, CallMiner – October 23, 2018

Exploring Compliance Regulations and the Role of Speech Analytics

by Scott Kendrick, VP of Marketing at CallMiner

Taking risks in business involves looking at the potential reward, and then judging if you can pull it off. You have to take risks with innovation, with marketing strategies, and even some hiring decisions in order to stay competitive and stand out. Risk taking isn’t always wise of course. When it comes to your contact center’s regulatory compliance, you can’t have “risk” because the downsides are severe in the form of potentially massive FTC fines. There’s really no “reward” for poor compliance standards or ignoring new regulations beyond perhaps saving a little bit of time.

Contact center managers must handle all of the compliance requirements facing their firm, an onerous task that can involve many different regulatory acts. Here’s a quick explanation of eleven of the most pertinent regulations:

1.       Fair Debt Collection Practice: The Fair Debt Collection Practice Act (FDCPA) was passed in 1977 and was intended to prevent debt collectors from acting abusively towards debtors. This act applies to those centers that are actively collecting personal debts from consumers including utility payments, car payments, and credit card bills. The act contains a wide-ranging number of requirements for collectors, including restrictions on early morning or nighttime calls, and rules on providing debtors with written communications.

2.       Do Not Call Registry: The do not call registry gives consumers a way to opt-out of some telemarketing calls by placing their number or numbers on a registry of numbers. Contact centers must access the registry to ensure they exclude all the current registrants. The act also details several criteria for exempt organizations.

3.       Call monitoring consent rules: The federal law mandates that only one-party is aware of and consents to call monitoring. However, several states have their own rules, so contact centers should closely adhere to the most stringent requirements to avoid running afoul of regulations.

4.       GDPR: General Data Protection Regulation (GDPR) is a recent regulation that applies to any business that accepts and stores information for EU residents. It does not matter if the center is not located in Europe, only if they are contacting residents. Contact centers should perform careful review of their affected contacts to be sure they can erase information if necessary.

5.       Truth in Lending Act: The Truth in Lending Act requires contact centers to disclose information about terms, interest rates, and late fees. It contains special rules for mortgages and is intended to reduce borrowers’ confusion about financial matters.

6.       The Dodd-Frank Act: This Obama-era law requires contact centers record all phone conversations with a time stamp so they can be searched and analyzed at a later date if necessary. It mainly effects financial services firms.

7.       Sarbanes-Oxley Act: This act was passed to require firms to keep recorded calls unchanged for certain time periods. It was created to prevent companies from willfully destroying evidence and to stop accounting-based public company scandals.

8.       HIPAA: This act applies to contact centers and businesses storing personally identifiable health information. It includes regulations on how personally information can move between different entities and the steps organizations must take to protect the data.

9.       PCI-DSS: Established in 2006 by leading credit card companies, the Payment Card Industry Data Security Standard (PCI DSS) offers credit card payment specific rules regarding the storage and transmission of related data.  

10.   Equal Credit Opportunity Act: The ECOA prohibits businesses from using race, age, color, religion, gender, marital status, etc. to determine qualifications for loans or credit.

11.   Gramm-Leach-Bliley Act: Contact centers must provide customers with information about data-sharing that is conducted with partners, and give customers the option to opt-out.  

The Role of Speech Analytics

The “alphabet soup” of the different rules and regulations place pressure on contact center managers to both understand and follow all of the required practices. Sometimes the rules can contradict or they’ve vague, so contact centers must have strong systems in place to ensure compliance at all times.

One tool that should be in every contact centers arsenal is speech analytics software. These tools are able to listen to every call and then turn every word into searchable data. This allows centers to review the data so they can gauge agent performance and uncover trends about their business, and also provides them with views into compliance standards. By reviewing calls in aggregate and individually, managers can determine if agents are adhering to the proper compliance-approved language or if they’re frequently going “off script.”

Advanced speech analytics platforms will use various rules to spot non-compliance language and send automated notifications to management. The speech analytics can provide them with an early warning of such occurrences, so hopefully the agents can be retrained and the issue fixed before there’s the need for compliance review and perhaps fines.

Call recording is a valuable tool, but it often causes centers to fall out of compliance. This is because the captured information might be restricted, and by recording and storing the data the company is not following certain guidelines such as PCI-DSS which mandate how credit card data can be kept.

Advanced speech analytics tools such as those offered by CallMiner feature dynamic redaction which can remove sensitive information from call recordings. The system can recognize when the agent or customer say for example a credit card number, and then replaces those words with dummy information. This ensures compliance because the information is never actually recorded. Some systems perform redaction after the recording, but this falls out of compliance regulations because the protected data is still stored in some fashion. Advanced redaction removes the information automatically. The agent does not need to press a button for manual redaction, it just removes it and ensures compliance.

Managing these 11 (and more) compliance rules isn’t an easy task. Speech analytics doesn’t solve all of these compliance issues, but it does provide centers with a record of conversations and a way to categorize calls and any potential problems. And such solutions provide the centers with additional “rewards” to balance out the compliance risks including improved agent monitoring and smoother customer experiences.