Glassbox: The Solution for Digital Conduct Compliance

Glassbox: The Solution for Digital Conduct Compliance

by Andrew Stacy Posted on Dec 02, 2020

As we continue to invest in protecting our customers and their users, Glassbox is delighted to have been selected for the REGTECH100 2021. This annual list showcases 100 of the world’s most innovative RegTech companies. Glassbox was designed and built as a compliance solution to operate in high volume, data sensitive environments and solve the challenges of managing digital conduct compliance.  

The list judges solutions based on:

  • Industry significance of the problem being solved
  • Company growth (capital raised, revenue, customer traction)
  • Innovation of the technology solution
  • Proven cost savings, efficiency improvements, impact on the value chain and revenue enhancements

Glassbox help firms to automate the essential regulatory requirements to comply with digital conduct regulations by increasing the effectiveness of digital compliance processes, reducing risk on digital channels and reducing the cost of compliance.

Digital challenges need digital solutions

Glassbox has long recognised that the growth in digital business would require specialist tools to help firms meet their regulatory obligations. For example, providing the basic capability to do the equivalent of something as simple as recording every phone conversation and being able to play it back to check that all the necessary steps have been completed. Arguably with digital, these basic capabilities are even more important. Unlike a phone call, there is no human-to-human interaction in the process—it is completely disintermediated. So, it is essential that firms have the tools to record every session and monitor what is happening.

6 ways Glassbox supports digital conduct compliance 

1. Captures and maintains forensic records to meet regulatory requirements

Every session is captured exactly as seen by the customer at the time. It captures the device, the browser and version used. This is essential to see what the customer saw and did. Sessions can be retrieved and replayed in real time, and all the data is indexed so can be searched with ”Google-like” terms. There’s no need to pre-define or pre-configure how you want to interrogate the data. Data is compressed 20:1 using patented technology reducing the cost of storage. Data is also tamperproof so can be used forensically.

2. Automatically monitors every session to ensure requirements are being met

You can automatically monitor every session as it happens rather than rely upon sampling after the event. You can also create real-time alerts that align to your compliance goals (e.g. customers are only spending two seconds on terms and conditions, customers are hesitating on a form field for too long, etc.).

Define the dashboards you need to get real-time visualizations of what’s happening. scheduled and ad hoc reports can help with data sharing, and data can be exported in real time if required.

Glassbox also supports co-browsing of a session so you can monitor customer behavior before it impacts your business (e.g. suspicious activity). Plus, you get automated behavioural insights, struggle scores, and journey maps to monitor digital experiences. Remember, CX is a compliance issue when it comes to digital journeys.

3. Helps you resolve and prevent complaints

Because Glassbox captures and replays sessions in real time, you can investigate complaints immediately and proactively to resolve complaints straightaway since there’s no need to wait for data export. From here, you can find other similar cases and undertake effective root cause analysis (process, technology, usability, comprehension, etc) and prevent recurring complaints. You can also share the session with the customer as part of your response or make it available to the Financial Ombudsman.

4. Makes reviews and investigations more efficient

Glassbox supports past business reviews by proving exactly what happened, what was shown to the customer and if they read it. Your business assurance or audit teams can automate their data collection and analysis by identifying all relevant sessions which meet the criteria for further investigation or review. Plus, they can export data to combine with other sources for further analysis or external reporting. Investigating fraudulent or suspicious activity is made easy, and you can set alerts for future occurrences.

5. Helps you support vulnerable customers

Glassbox enables you to create automated alerts to identify potentially vulnerable customers in real-time and intervene as appropriate. Your customer team can then reach out to vulnerable customers in real-time or even co-browse with them to support their digital journey.

6. Supports the Senior Managers and Certification Regime (SM&CR)

Glassbox gives senior managers the ability to review digital sessions to confirm that everything is in order just like they would listen to a selection of recorded phone calls. Break down silos and get all functions working collaboratively from the same data source.

Data protection is crucial

When you are operating in a high-volume, data sensitive environment, it is fundamentally important to have the technology and processes in place to ensure the privacy and security of your customers’ data in accordance with the strictest standards and best practices. It is our philosophy that privacy and transparency are key to compliance. As such, out-of-the-box, Glassbox does not record customer inputs including sensitive information like payment card information (PCI), personal health information (PHI) and personally identifiable information (PII).

However, we realize there are times when recording PII is not only needed for your business but is a regulatory requirement. For these scenarios, Glassbox has an extensive range of capabilities including data masking according to role, end-to-end encryption, role-based access controls and audit logs. This ensures that when it is necessary to capture PII, it can be done securely and in full compliance with all the relevant regulations.

Glassbox is both SOC 2 and ISO 27001 certified, and our high security standards are examined on a biannual basis. In addition, Glassbox is the first and only digital experience analytics provider to receive the ISO 27701 certification for our privacy management framework. With this certification we are able to demonstrate compliance with major privacy protection regulations including HIPAA, GLBA, PCI, CCPA and GDPR. In addition, we believe that transparency is a major aspect of privacy, and as such, we strongly recommend that organizations disclose openly that they are capturing every session for the benefit and protection of their customers as well as meeting regulatory requirements.

More resources about digital conduct compliance

Over the last year, we’ve been publishing a series of pieces designed to help you understand how new technologies like record and replay can enable and reduce the risk of new digital operating models and solve the regulatory challenges of conduct compliance in a digital environment.

Here’s more information about a few of the key white papers we’ve published on the topic of conduct compliance.

Record Keeping & Digital Channels

Regulation always lags behind technological advances, and it’s up to firms to interpret the record keeping guidance published for other formats and decide what is the digital equivalent. That’s why we put together this deep dive into record keeping for digital channels and how technology can help you meet your regulatory requirements for record keeping now.

Vulnerable Customers & Digital Channels

While we wait for the final guidance from the Financial Conduct Authority (FCA), check out this white paper for examples of how the best practices described in the draught consultation can be delivered by the right technology. The FCA estimates that half of adults living in the UK (25.6 million people) display one or more characteristics of vulnerability. Is your firm doing as much as it could to support vulnerable customers?

Clarity in a Crisis: Driving Digital Conduct in a Pandemic Age

In the midst of the Covid crisis, the FCA 2020/21 Business Plan was published setting out their hastily re-arranged priorities in which they recognize that digital is an even more important channel during lockdown.

Amidst all of the change, regulated firms have felt particular pressure to maintain compliance and minimize the conduct risks associated with going digital. The Business Plan emphasised the need for the continued protection and fair treatment of customers—particularly those that are vulnerable—especially as the use of digital channels has risen dramatically in lockdown. Check out this white paper to get an overview of the FCA’s 2020/21 Business Plan and learn opportunities and best practices for financial services firms.

Suitability of advice via digital channels – How would you respond?

Customers still need help in making informed decisions about which products are right for them. The advent of robo-advice may be part of the solution, but there are many regulatory requirements that have to be overcome to offer a compliant proposition, not least of which is the need to have a complete record of the process.

The FCA has requested copies of registers of personal recommendations of all advice. How would you respond to this scenario in a digital/robo environment? Download this white paper to learn more about what the FCA wants to see from advisors on suitability and how you can prepare for a file review.

Managing Digital Conduct Risk

Digital conduct risk has risen to the top of agendas for firms and regulators in recent years. The FCA expects conduct risk management to be embedded into firms’ risk management frameworks supported by actionable management information. When it comes to digital channels, this means automated tools to monitor all activity and flag issues and concerns as they arise.

In this overview, co-authored with Huntswood, we’ll show you how you can take maximum advantage of the potential of digital channels whilst making sure that you are meeting all of your regulatory obligations for conduct risk.

Would you like to know more?

If you’d like to know more about how Glassbox can support your digital conduct compliance needs, get in touch!

Sign up for insights

Sign up for insights