Microsoft Teams Call Recording

6 Important Microsoft Teams Compliance Gaps In Banking and Finance

Jessica Kruger | January 6, 2022
CallCabinet-Blog-Social-6-Important-Microsoft-Teams-Compliance-Gaps-In-Banking-and-Finance

I feel like I’m repeating myself when I say that Microsoft Teams has gained immense market share in the Unified Communications space in a short time. However, it deserves repeating because it sets up an emerging position many companies find themselves in, namely, closing Microsoft Teams compliance gaps in the wake of significantly increased connectivity.

Interactions with customers that were once handled in-person or over the phone now occur through a hybrid model; the Teams meeting. MS Teams meetings are more than just video calls; they can consist of audio, video, file transfer, shared screens, and a load of extra data that your company should be acquiring to hone your customer service. More on that later. 

Brokerage firms, banks, insurance agencies, healthcare providers, and financial advisors using MS Teams must adhere to regulations like MiFIDII, Dodd-Frank and PCI-DSS. This means:

  • Recording all customer calls
  • Informing every customer that the call is being recorded
  • Redacting customer credit card and account numbers from every recording
  • Securely storing all calls with encryption
  • Preventing data deletion (for years in most instances)

As with many other technological advancements that throttle the business world forward rapidly, it’s easy to miss these Microsoft Teams compliance gaps that can wind up being costly. Any company that fails to carry out the basics listed above can become vulnerable to a long list of legal risks.

When data is exposed due to compliance failures, your company is at risk of:

  • Customer lawsuits
  • Government fines
  • Credit card company lawsuits
  • Crippling legal fees 

Let’s not set ourselves up for this kind of failure. 

Microsoft Teams Compliance Gap 1: Using Teams to Record Teams

The most basic rule of recording calls is that the audio is clear, and there’s no question as to who said what on the call. Microsoft Teams makes that even easier by allowing for a video, making it very easy to distinguish who is speaking. The temptation could be to use the internal recording functions available to you in Microsoft Teams, and that’s where the “Gap” begins.

Microsoft Teams can absolutely record your meetings, but it does not claim to be a compliance solution. It offers no secure storage or redaction capabilities, and why should it? It’s an outstanding engagement platform, and compliance is its own industry. Your Microsoft Teams compliance recording platform needs to integrate easily to ingest every last bit of data it produces, but securely. 

So let’s say you’re recording all of the audio and video from the Teams meeting compliantly; you’re off to a good start. However, there are several things that compliance laws insist you record that no one sees on the call. Let’s look at those next.

Microsoft Teams Compliance Gap 2: Not Recording Data… (about your data)

The call you’ve recorded happened at a specific time, and a long list of technological interactions happened just to connect you to your customer. Compliance laws are extremely concerned with some of those connections because they prove when and how an interaction took place. This data is checked first in any legal dispute that involves a company and a customer on the phone.

Every call recording should have key pieces of metadata attached to it, such as incoming and outgoing numbers, caller ID, time-stamps, agent ID, and so forth. Again, you might be able to get some of that data using Microsoft’s internal recording mechanism, but this is where a call compliance platform should really shine for you. It should centralize every byte of data about a call in a redundant storage space that allows you to rapidly retrieve specific calls with ease. 

Numerous compliance laws, especially for financial institutions, require you to have your house in order in regards to retrieving and presenting data when necessary. A proper Microsoft Teams compliance platform is precisely built around that need. 

Microsoft Teams Compliance Gap 3: Storage Wars

All right, maybe that’s a little dramatic. It’s not really that there’s a war for storage, more so that it’s a struggle to stay compliant when you set up your own storage configuration. Maybe it sounds patronizing to say “leave it to the experts” when it comes to storage, but we should all “really leave it to the experts” when it comes to storage, and here’s why:

The number of issues that can lead to a Microsoft Teams compliance failure stemming from poor file storage practices is constantly growing. Answer these questions, and you’ll be able to figure out how much you want to set up your own storage network or look for a compliance platform that provides the answers.

Are You Encrypting Your MS Teams Recordings?

It should go without saying that you’ll need to encrypt your data if you want to protect it.  As you probably know by now, encryption makes it nearly impossible for anyone without the encryption key to unlock a piece of encrypted data. This subject will come up later when we talk about compliantly sharing call audio. 

Is Your Storage Network Redundant?

You must back up your data in the event of a storage facility failure. The law will not take kindly to a “dog ate my call recordings” defense if your files go missing. 

Are all your calls stored in the geographic region where they were recorded?

Compliance laws like GDPR require you to store your customer data in the same territory where you acquired it. This is called data sovereignty, and it becomes an issue when you have to record many different Microsoft Teams clients, including remote agents. If you run a sizable multi-tenant call operation that includes on-site and remote agents, you will need to have strict control over how you store every call that you record. Is that something you want your IT personnel to spend time on, or would it be better to have a Microsoft Teams compliance platform ready to manage the issue? 

Microsoft Teams Compliance Gap 4: Too Many Admins

When you set up your own call compliance system, another thing you’ll need to account for is who can see and hear your MS Teams recordings. When too many parties have access to your call data, the risk of data exposure or manipulation is considerably higher. Therefore, your MS Teams recordings should only be accessible by those who absolutely need to review them in order to minimize risk.

Setting up storage and permissions on your own can add a considerable amount of work to your IT team. Or, you could use a call recording platform that lets you set up granular user permissions for every single facet of your call recording operation. 

Microsoft Teams Compliance Gap 5: Financial Data In The Recordings

Most companies take credit cards over the phone, which is certainly true of Microsoft Teams calls. The Payment Card Industry Data Security Standard (PCI DSS) is a compliance law that requires credit card numbers to be redacted (or masked) from interaction recordings (which includes speech-to-text transcripts and agent screen captures).

If you choose to go the difficult route, you can always have your agent manually stop the recording while taking credit card numbers from customers. That’s bound to go perfectly, right?

Your alternate plan is to use a call recording platform that gives you multiple options for removing PCI data from your MS Teams recordings. With AI, your call recorder can take this burden off the agent entirely because the AI recognizes number strings and immediately redacts them. 

Microsoft Teams Compliance Gap 6: Sharing Call Data

Microsoft Teams offers you more data than a plain old phone call ever could. What happens when you have to share that data? For example, your company is dealing with a customer dispute. The customer claims that your employee made certain promises over the phone, and after reviewing the call, you don’t agree, but you also know there are some grey areas in the call the customer might take you to court over.

No problem, let’s just have the legal team have a look at the call, right? The only problem is that you’re in Switzerland and your legal firm is located in Dubai. Someone says, “just email them the recording; what’s the big deal?” First, do not email that recording unless you want to test out Microsoft Teams compliance gap number 5. After all the work you’ve done to encrypt and store your recordings in a redundant cloud facility, you’ll still break Microsoft Teams compliance by sending somebody a physical file. 

What you need is the ability to send an encrypted link that will only stream the recording temporarily to the recipient. This functionality keeps the data stored in its safe location and allows you to set the length of time that the link is accessible. To some, it might seem like a lot of fuss because your legal team would probably never share that recording with anyone. But why give human error any chance at all to harm your company? 

Close The Gaps

When you first deployed MS Teams, there was excitement in using an incredible new platform to interact with your customers. However, you quickly realized that you had an abundance of data to protect and treat compliantly. If that realization added some worry to your excitement, relax, there’s good news. Call compliance, as I mentioned before, is its own industry. What was once a practice that required a lot of hardware and constant upkeep is now happening inside a cloud-driven revolution that doesn’t just make you compliant; it provides you with customer intelligence. Let the certified Microsoft Teams compliance pros close those gaps for you


Brian Gocher

Brian Gocher

Brian is a freelance technology writer and media editor based out of Central New Jersey. He’s logged 20 years of experience in the Telecom industry and side-hustles in the record industry. Brian started his career in technology at a company that made analog modems. He migrated to a marketing career in the call recording industry where he learned exactly how and why calls are monitored for quality assurance. These days Brian fuses his skills together to deliver his researched observations about telephony and compliance laws in polished articles and videos. He’s also composed the music for a long list of big Hollywood trailers. He does not miss the sound of analog modems but he is endlessly fascinated with phones.

Recent Posts

Best Practices For Implementing Call Recording In Your Business
Call Recording

Best Practices For Implementing Call Recording In Your Business

Implementing compliant call recording in your business involves more than simply capturing

CallCabinet | 10, Dec 2024

How To Optimize Call Recording Compliance In 11 Steps
Call Recording Compliance

How To Optimize Call Recording Compliance In 11 Steps

Maintaining call recording compliance in a business environment is no longer just an optio

CallCabinet | 5, Dec 2024

Understanding PCI DSS Call Recording Requirements
PCI Compliance

Understanding PCI DSS Call Recording Requirements

PCI DSS (Payment Card Industry Data Security Standard) regulations apply to organizations

CallCabinet | 3, Dec 2024

The owner of this website has made a commitment to accessibility and inclusion, please report any problems that you encounter using the contact form on this website. This site uses the WP ADA Compliance Check plugin to enhance accessibility.