Compliance Vulnerabilities in the Contact Center

Running a contact center requires multiple skill sets.  Managers are expected to be technology experts, finance whizzes, inspirational coaches, and occasionally amateur psychologists. Dare we add lawyers? Not necessarily, but compliance is playing a larger role in the contact center than ever before. Violations can be very costly - not just in financial terms but customer credibility. There are four key reasons why the contact center represents a potential compliance vulnerability

  1. The sheer volume of interactions, coupled with the high employee turnover, produces a likelihood that someone at some time is going to misstate a corporate policy, omit a required disclosure, misrepresent an offer, or carelessly recite aloud credit card numbers.
  2. Agents and supervisors are not well-versed on regulations - No contact center manager can be an expert on the myriad legalities but because of the high-risk factor they must at least understand key provisions of laws and regulations such as the Telemarketing Sales Rule, Payment Card Industry Data Security Standard, and state Consent to Record laws.
  3. Intense pressure to meet KPIs and sales goals can lead to costly errors and omissions.  In some cases, fines and restitution exceeding $100 million have been assessed to corporate violators.  
  4. Ardent desire to please the customer - Customer service representatives strive to deliver memorable experiences. This can lead to instances where agents skip some content in the script for the sake of pleasing the customer and getting a favorable post-call satisfaction review.

Complicating this challenge is the ever-expanding volume of state and federal laws, regulations, and industry standards.  In the United States there is no federal legal standard for such basic issues as consumer privacy.  Europe is well ahead of the United States in bringing clarity and uniformity with the adoption of GDPR and MIFID II.  The GDPR, because of its multinational scope, could well set a template for other nations.  

Assuring compliance within the contact center environment requires frequent training, vigilant supervision, and coordination with the corporate compliance team.  It also requires investments in core technology that supports the mission.  For compliance purposes, the heart of the contact center is the recording system.  Many legacy systems can only record voice communications.  At a minimum, your company's recording system must capture and retrieve both voice and digital interactions from multiple channels. Other essential requirements are the ability to encrypt sensitive information and issue alerts to potential violations.  Rounding out a comprehensive compliance suite would be the addition of speech and data analytics.  These modern tools simplify the process of retrieving and reconstructing multichannel interactions and isolating potential exposures.

To help contact centers comply with federal and state laws, regulations, and industry standard that directly affect their operations I have written a whitepaper together with NICE which covers all the most pertinent regulations for contact centers, including, PCI DSS, GDPR, MIFID II, HIPAA, etc. It includes practical tips that organizations can take to help avoid costly violations.

Want to learn more about compliance in contact centers? Read the our Call Recording on the Record - Regulations in the Contact Center whitepaper