Regulations Relevant to XOVOX In Servicing Clients

The banking and insurance industries are subject to some of the world’s most stringent and prescriptive records retention requirements. And it is getting more challenging every day, particularly for voice data.

In each country, there are multiple levels of regulations; in the US, for example, you have individual states AND the Federal government. This is compounded for international companies. Further, there are also industry-specific privacy and recording standards. 

Here are some of the regulations that XOVOX has helped organizations comply with over the past two decades. 

Regulation Jurisdiction Industry Record Type Requirements

Dodd-Frank USA Financial Services All records that relate to swaps Five years retention
ECPA (Electronic Communications Privacy Act) USA All Electronic communications, which includes voice recordings Strict requirements when preserving and disclosing voice recordings
FINRA (Financial Industry Regulatory Authority) USA Financial Services Electronic communications, including voice recordings, for broker-dealers and other financial institutions Various rules governing the retention and supervision of electronic communications
FTC Act (Federal Trade Commission Act) USA All Voice recordings that involve consumer interactions Compliance with various consumer privacy and data security requirements
HIPAA (Health Insurance Portability and Accountability Act) USA Healthcare Voice recordings containing protected health information (PHI) Strict requirements for storage, access, and disclosure
Sarbanes-Oxley Act (SOX) USA All publicly listed corporations All records related to financial transactions, which includes voice recordings related to financial reporting Seven years retention
SEC 17a-4 USA Financial Services Broker-dealer voice recordings Retention of three years total, with first two years in an easily accessible location
CCPA (California Consumer Privacy Act) USA All business collecting personal information on California residents Personal information, which may include voice recordings Compliance with data subject access requests (DSARs) and deletion requests related to voice recordings; ensure secure storage and retrieval
FCA (Financial Conduct Authority) UK Financial Services Recorded telephone conversations Six months retention
FSC (Financial Services Commission) S. Korea Financial Services Voice recordings related to trading of financial investment instruments Ten years retention
PCI DSS (Payment Card Industry Data Security Standard) Global Any company collecting or processing credit card information Voice recordings which capture credit card information during customer interactions Strict requirements for secure storage and handling
GDPR (General Data Protection Regulation) EU All businesses that collect personal information on EU residents Voice recordings containing personal data Strict requirements for handling, including the right to erasure and data subject access requests (DSARs)
MiFID II (Markets in Financial Instruments Directive) EU Financial Services Transaction-related voice recordings and electronic communications Retention of at least five years
NAFR (National Administration of Financial Regulation, formerly CBRC) China Financial Services Sound recordings relating to sales of wealth management products Various rules governing the retention of transaction records
ASIC (Australian Securities and Investment Commission) Australia Financial Services All relevant electronic and telephone communication records Seven years retention

Recent Posts

The Legacy Voice Data Decision

Many companies that record voice traffic are required to store the date for five or more years. But what if you upgrade your recorder? What should you do with your [...]

The Voice Recording Regulatory Landscape

The banking and insurance industries are subject to some of the world’s most stringent and prescriptive records retention requirements. And it is getting more challenging every day, particularly for voice [...]

Regulations Relevant to XOVOX In Servicing Clients

The banking and insurance industries are subject to some of the world’s most stringent and prescriptive records retention requirements. And it is getting more challenging every day, particularly for voice [...]

Record Keeping For Compliance

This is the first in a series of articles about enterprise-level voice data. Here we discuss compliance. Subsequent articles will address record keeping regulations, data normalization, data consolidation and AI. [...]

Introducing XOVOX – Unleash Your Data

Electrical Science is now known as XOVOX, as part of a broader effort to better align our brand with what we do. Managing your voice data and keeping it accessible [...]