Managing Voice Data is Critical to Corporate Compliance

The headlines capture your attention: “$4 Billion Settlement Reached for FOREX Manipulation!” In November, 2014, six of the largest international financial institutions agreed to more than $4 billion in settlements with both US and UK regulators regarding improper trading activities in the foreign exchange market. According to the Wall Street Journal, the regulators cited the banks for “inadequately supervising their traders and other employees and lacking sufficient controls to prevent them from engaging in allegedly improper behavior.” (WSJ, Nov. 12, 2014.)

The FOREX scandal is just the latest in a recent stretch that includes investigations into LIBOR trading, credit default swaps and many other activities that regulators have been cracking down on since the financial collapse of 2008. There is now a much higher degree of oversight and activity among regulators such as the CFTC, SEC and United States DOJ, as well as the creation of a whole new agency, the Financial Conduct Authority (FCA) in the UK. In fact, eight months after the passage of the US Dodd-Frank Act in 2010, the CFTC had conducted 93 investigations with 45 settlements totaling more than $155 million in penalties and disgorgement of unjust profits.

In this environment, financial institutions and other firms subject to this heightened oversight are wise to implement rigorous systems to ensure the compliance and legality of all employee activities. While much of the employee activity is conducted digitally—through emails, trading systems and even personal solutions such as texting—there is still a great deal of activity that occurs through our oldest and most traditional form of communication: the human voice.

Voice traffic can take many forms, from individual calls made between traders, to “party line-style” talks on a turret system that connects people to the trading floor, and voicemails which are increasingly being sent and stored as email attachments in a unified messaging system. All of these communications are part of the electronic record of a company’s activity, and they are subject to the same review and discovery as any other evidence. In fact, the 2006 changes to the Federal Rules of Civil Procedure even spelled this out in Rule 34(a), which specifically noted “sound recordings” as a type of electronically stored information (ESI).

General counsel and compliance officers need to factor voice traffic into their information management program to provide compliance and to be ready to answer regulatory investigations in a timely manner. However, when compared to email and other electronic forms of communication, voice activity is generally managed by different systems and different people in an organization, and voice data has a unique set of attributes that make it potentially more challenging to manage than regular electronic data.

Components of a Successful Voice Compliance Solution

Using the Electronic Discovery Reference Model (EDRM) as a guide, the preservation and collections of voice data is the first issue companies must address. Many institutions already have call recording or “logging” systems in place, and these loggers capture not only the call but any metadata about the call, including the data/time, agent or custodian, calling party ID or customer number, etc. Still, companies must be diligent with their call recording vendors to be certain the system permits rapid access to their calls, and that they are not restricted by proprietary database or encryption schemes that prevent them from exporting and analyzing calls in a timely manner.

It is in the review and analysis phases of the EDRM that the differences between voice and textual electronic data really arise. While there have been technical methods for searching electronic text for decades, reliable methods for doing this with voice are relatively new. These technologies do exist today, and they must be considered a vital part of any company’s voice compliance system.

The most important aspect of voice compliance technology is accuracy; in other words, does the system index the content and allow systematic or ad-hoc review so that companies can accurately track and monitor what’s being spoken? As a search medium, audio is traditionally more difficult to search than text; it is subject to accents, quality issues like background noise and file compression, and other variables that can make the same words sound very different when spoken. A voice review system that uses phonetic indexing and search—in which the audio is broken down into its component parts, or phonemes—has shown to be the best method for accurately searching large amounts of unstructured audio. This is the system that has been adopted by all the major regulators including the CFTC, SEC, CFPB and DOJ.

Also critical is a system that can economically analyze compliance across 100% of a company’s voice content. In this day of heightened regulatory oversight and heavy penalties, companies must be able to analyze every single voice data record they produce. Measuring a small sample is no longer sufficient to satisfy regulatory demands for proper behavior. Here again, a phonetic indexing and search approach has proven to handle even the largest voice compliance projects, with some systems indexing nearly 100,000 hours of audio per day with just a few servers.

Finally, a voice review system cannot be an island; it must fit within a company’s overall compliance monitoring function. Voice data must be analyzed in concert with emails, chats and other electronic records, to track the journey of these different employee interactions across the organization. The system must automatically discover potential violations across all these data sources, route suspected communications to the appropriate reviewers, and track the final disposition for each potential violation through the system.

With voice as a vital component of a total compliance monitoring solution, financial services and other companies can take a vital step toward ensuring that their employees’ behavior stays within the guidelines established in this new age of regulatory oversight. And this, in turn, should help those companies stay out of the headlines.