Compliance and CX – SEC Fines & PCI Penalties
Compliance and CX – SEC Fines & PCI Penalties are Enforcing CX Compliance
November 6, 2023
By Andy Miller, Managing Partner at True North Advisory
There is a lot of buzz, and rightly so about AI in today’s CX conversations, but one of the underlying and most relevant focus areas for companies is in the area of Compliance.
Compliance, in the CX world means many things, and it is a lot to digest in terms of all of the acronyms that exist. How data is properly safeguarded is top of mind, and that is why regulations such as GDPR, PCI, SOX, HIPAA, TCPA, IRAP and others exist today.
Each vendor in the CX space has a differing focus on Compliance, depending on the sector (vertical such as Health Care, FINSERV or Federal) that they service. To bring all the acronyms down to a example of how several of our clients look at Compliance, we have highlighted two examples below of True North clients:
Journey.ai (www.journeyid.com)
GDPR, CCPA, PCI, HIPAA and state biometric privacy laws all share things in common- they put rules in place for businesses and individuals who have access/exposure to the protected material (Ex: Pll, Credit Card numbers, biometrics, health care data).
Rather than making it easier to demonstrate compliance through documentation and data redaction policies, Journey instead reduces the scope of compliance by removing people and processes from the flow of data in the first place using Zero Knowledge cryptography and their patented Zero Knowledge Network. As an example, Journey empowers contact centers, both agents or self service bots, to guide callers to share and verify sensitive data without any of the data ever touching the agent interface or contact center staff.
In a clear example of how Journey’s solution assists Enterprises is around Credit Card payments. Because banks and other credit card issuers will generally refund their customers in these situations, they have a vested interest in ensuring that credit card numbers remain secure as they are transmitted across the economic ecosystem. PCI non compliant fines are not in the same sense that, say, you would pay for violating some government regulations, they are penalties between merchants. payment processors, and credit card brands.
To see in real time how Journey handles payments via the contact center, see https://journeyid.com/products/interactions-transactions/zero-knowledge-payments/.
LeapXpert (https://www.leapxpert.com/)
Data privacy laws, such as the EU’s General Data Protection Regulation( GDPR) and the California Consumer Privacy Act (CCPA) establish strict guidelines for the collection, storage and processing of personal information. Sector specific laws, like the financial regulations oversson by bodies such as the Financial Industry Regulatory Authority (FINRA) and the Securities and Exchange Commision (SEC) mandate strict record retention for auditing purposes.
LeapXpert removes the barrier to Instant Communication. LeapXpert’s Communication Platform enables organizations to securely communicate with their clients wherever they are, on the world’s most popular IM applications, while integrating with their business critical systems and processes. LeapXpert maintains a complete record of all conversations between enterprise employees and customers to ensure that data privacy and governance standards are met.
LeapXpert is a great example of a company that is solely focused on Digital Communications Governance. With over 123 billion SMS and WhatsApp messages that are sent each day, it’s a challenge to create an effective governance infrastructure. Areas such as Data Volume and Variety, Data Privacy and Compliance, Security Threats, Integration Challenges and real time continuing technological advances create a challenge for all Enterprises.
Enterprises, such as large financial institutions have been fined over $1.5 Billion in penalties to curb employees’ use of ‘off channel messages’.
In summary, the SEC risk based initiative to find, and curb employees use of unreported instant messages for work in the highly regulated securities space has allowed LeapXpert to create a leading edge solution focused on Compliance and create industry leadership in this space.
About True North Advisory
At True North, we focus our efforts in advising clients in all aspects of growth initiatives and strategy. Clearly, there will always be opportunities created by industry events, and the two examples of Journey and LeapXpert prove how leadership and foresight to solve real world problems around Compliance launches great companies.