Our Blog

Mobile Voice Recording in Singapore - a legal perspective

Mobile Voice Recording - a legal perspective

Business organisations record mobile calls for several reasons. Some record customer calls for training and quality assurance purposes. Others do so because they are required by law or to comply with regulatory requirements, such as those imposed by MiFID II or by the Monetary Authority of Singapore (MAS), as detailed in the Singapore Guide to Conduct & Market Practices for the Wholesale Financial Markets, or the Singapore Exchange (SGX), in its Rulebook.

There are many aspects to consider before an organisation can start recording mobile voice calls. Technical considerations are crucial, as not all products and services can handle voice recording on mobile phones. Companies should also consider security issues, such as where and how long to store the recorded voice calls.

Care should be taken to ensure that only authorised personnel can retrieve the recordings when necessary. Underpinning all other aspects is the cost. Every organisation wants a cost-effective solution since a prohibitively expensive one serves very little purpose.

Mobile Voice Recording for compliance purposes

Many organisations are obliged to record conversations, which means they also have to consider mobile voice recording. When doing so, it’s important to consider the legal requirements, because organisations may have to follow several laws and rules at once.

For instance, the General Data Protection Regulation (GDPR) applies to any company that collects data on EU citizens. Despite not being part of the EU, many companies in Singapore are still be subject to GDPR laws under a variety of circumstances[1].

In a similar vein, the Markets in Financial Instruments Directive II (MiFID II) imposes an obligation on finance professionals within the EU to record voice calls including those that happen on mobile phones. However, just like the GDPR, MiFID II requirements can impact a significant number of Singaporean companies[2].

Therefore, a Singaporean company providing financial services to EU citizens would have to comply with the PDPA, GDPR and MiFID II – as well as conditions imposed locally by the MAS and SGX.

Personal Data Protection Act

Different nations have their own legislation regarding the legality of recording mobile voice calls. Personal data including call recordings is covered by the Personal Data Protection Act (PDPA) in Singapore. Businesses have had to adjust many business processes to comply with the provisions of the PDPA.

However, this does not mean that Singaporean companies are complying with the stricter provisions of the GDPR.  There are key differences in terms of consent (how to collect and manage), purpose (specified, explicit, and legitimate), and penalties.

The PDPA allows both explicit consent when provided in writing and deemed consent when data is given voluntarily by the individual. The Act also does not differentiate between personal data and sensitive personal data. Singaporean businesses need not specify the activities they will undertake on the collected data, but they do need to provide objectives and purpose of collection to the consenting individual.

GDPR Requirements

The GDPR specifies that organisations intending to record customer calls should obtain consent before proceeding. Unlike other laws, the bar for what is considered valid consent is significantly higher under the GDPR. Valid consent must be freely given by informed individuals for a specific purpose. Consent must be unambiguous, in other words, implied or tacit consent is no longer sufficient.

Businesses that record mobile voice calls will be required to justify the lawfulness of such recording for GDPR – and, in Singapore, PDPA. They need to demonstrate that the purpose of recording falls under one of the following conditions[3]:

  • Necessary for the performance of a contract to which the participant is a party
  • Needed for compliance with a legal obligation to which the business is subject
  • Required in order to protect the vital interests of the participants

MAS Blue Book and SGX Rulebook

Both the MAS Blue Book and SGX Rulebooks contain reference to call recording practice. These rules are applicable to all Singapore companies that operate in the relevant service domain, as well as overseas companies that trade in Singapore. Compliance with these is necessary and the rules explain how call recording should be used as an audit tool.

MiFID II requirements

The MiFID II directive took effect on 3 January 2018 and is the most extensive regulatory framework covering the complex financial services market within the EU. It is applicable to all EU firms and professionals who provide financial services to individuals and businesses – and firms from outside the EU that wish to do business there in regulated financial markets. 

Unlike earlier regulations, MiFID II has recording requirements for all telephone and electronic communications that pertain to activities intended to result in a transaction, even if the activity does not conclude in a transaction. In other words, firms are required to capture and record any relevant communication, including voice calls made on mobile phones.

Touch call recording service

If some or all these legislations affect your business, you’ll need to ensure that your call recording policies comply. You’ll also need to be able do so cost effectively. If your team uses mobile phones, then these need to be covered too. The Touch Call Recording Service provides a comprehensive service to record calls made on several communications channels.

A business may use multiple channels including mobile phones, apps such as Microsoft Teams, and landlines for business calls. The Touch service captures and records all calls made on various platforms.

Touch recording is a managed service which means organisations do not have to worry about acquiring and implementing a recording system. The service integrates directly with carrier networks allowing for seamless and automatic call recording. Businesses need not purchase additional equipment or dedicate resources such as bandwidth for call recording.

Finally, the Touch service is fully compliant with GDPR, PDPA, MiFID II, and relevant MAS and SGX rules. Recorded call data is stored securely and only accessible to authorised employees. Businesses can rest assured that calls are recorded legally with minimal intervention.

 

[1] GDPR Compliance in Singapore

[2] MiFID Compliance in Singapore

[3] GDPR-info

Written on 18 June 2020
touch logo

Get in touch

Photo of Kjetil Abo

If you have an enquiry or a question, send an email to Kjetil Abo, CEO Asia.

This email address is being protected from spambots. You need JavaScript enabled to view it.
  • Linkedin
  • Twitter
  • blog