Regulations Relevant to XOVOX In Servicing Clients

The banking and insurance industries are subject to some of the world’s most stringent and prescriptive records retention requirements. And it is getting more challenging every day, particularly for voice data.

In each country, there are multiple levels of regulations; in the US, for example, you have individual states AND the Federal government. This is compounded for international companies. Further, there are also industry-specific privacy and recording standards. 

Here are some of the regulations that XOVOX has helped organizations comply with over the past two decades. 

Regulation Jurisdiction Industry Record Type Requirements

Dodd-Frank USA Financial Services All records that relate to swaps Five years retention
ECPA (Electronic Communications Privacy Act) USA All Electronic communications, which includes voice recordings Strict requirements when preserving and disclosing voice recordings
FINRA (Financial Industry Regulatory Authority) USA Financial Services Electronic communications, including voice recordings, for broker-dealers and other financial institutions Various rules governing the retention and supervision of electronic communications
FTC Act (Federal Trade Commission Act) USA All Voice recordings that involve consumer interactions Compliance with various consumer privacy and data security requirements
HIPAA (Health Insurance Portability and Accountability Act) USA Healthcare Voice recordings containing protected health information (PHI) Strict requirements for storage, access, and disclosure
Sarbanes-Oxley Act (SOX) USA All publicly listed corporations All records related to financial transactions, which includes voice recordings related to financial reporting Seven years retention
SEC 17a-4 USA Financial Services Broker-dealer voice recordings Retention of three years total, with first two years in an easily accessible location
CCPA (California Consumer Privacy Act) USA All business collecting personal information on California residents Personal information, which may include voice recordings Compliance with data subject access requests (DSARs) and deletion requests related to voice recordings; ensure secure storage and retrieval
FCA (Financial Conduct Authority) UK Financial Services Recorded telephone conversations Six months retention
FSC (Financial Services Commission) S. Korea Financial Services Voice recordings related to trading of financial investment instruments Ten years retention
PCI DSS (Payment Card Industry Data Security Standard) Global Any company collecting or processing credit card information Voice recordings which capture credit card information during customer interactions Strict requirements for secure storage and handling
GDPR (General Data Protection Regulation) EU All businesses that collect personal information on EU residents Voice recordings containing personal data Strict requirements for handling, including the right to erasure and data subject access requests (DSARs)
MiFID II (Markets in Financial Instruments Directive) EU Financial Services Transaction-related voice recordings and electronic communications Retention of at least five years
NAFR (National Administration of Financial Regulation, formerly CBRC) China Financial Services Sound recordings relating to sales of wealth management products Various rules governing the retention of transaction records
ASIC (Australian Securities and Investment Commission) Australia Financial Services All relevant electronic and telephone communication records Seven years retention

Recent Posts

Structured vs. Unstructured Data – Part 2

In the first part of our Structured vs Unstructured Data conversation, we talked about Defined vs. Undefined Data and Qualitative vs. Quantitative Data. In our second installment, we discuss differences [...]

Structured vs. Unstructured Data – Part I

Data is either structured or unstructured. It is not monolithic. And as businesses become more data-driven and are leveraging  analytics and AI, the ability to harness these two distinct types [...]

Surviving Life after EOL

What to do when your voice recording platform becomes obsolete A dreaded moment for any enterprise technology customer is to be informed that a certain piece of computer software or [...]

The Legacy Voice Data Decision

Many companies that record voice traffic are required to store the date for five or more years. But what if you upgrade your recorder? What should you do with your [...]

The Voice Recording Regulatory Landscape

The banking and insurance industries are subject to some of the world’s most stringent and prescriptive records retention requirements. And it is getting more challenging every day, particularly for voice [...]