FCA expectations and where firms commonly struggle

While specific rules vary across sectors and regulatory regimes, the FCA’s expectations around call recording are consistent in spirit. Firms are expected to record relevant conversations, inform customers clearly and transparently, store recordings securely, retain them for appropriate periods, and make effective use of them to monitor conduct and outcomes.

In practice, many FCA findings arise not from deliberate non-compliance, but from operational drift. Calls that should have been recorded are missed due to configuration gaps or process changes. Customer disclosures become inconsistent as scripts evolve or agents work under pressure. Recordings exist but are difficult to locate, fragmented across systems, or slow to retrieve during complaint investigations.

Security and access control are another frequent area of concern. Recordings contain sensitive personal and financial data, yet in some organisations access is too broad, audit trails are weak, or recordings are downloaded and stored outside controlled environments. Retention practices can also fall out of alignment, with recordings either deleted too early to support complaints and reviews, or retained indefinitely without a clear justification, creating data protection risks.

The use of pause-and-resume functionality presents additional operational challenges. While designed to protect sensitive information such as payment card details, it is often applied inconsistently. Agents may pause recording unnecessarily, forget to resume it, or misunderstand when its use is permitted. Process payments quickly becomes really difficult for agents unless you have bespoke software specifically designed for businesses to be PCI DSS compliant.

Governance, Oversight, and Operational Ownership

One of the most persistent issues identified by regulators is unclear ownership. Call recording frequently sits at the intersection of operations, IT, compliance, and quality assurance, and when responsibilities are not clearly defined, gaps emerge. Operational teams may assume the technology team is responsible for coverage, while compliance assumes monitoring is taking place, and IT assumes requirements are clearly defined elsewhere.

Strong firms address this by treating call recording as an operational control with clear governance. Responsibilities are documented, recording coverage is tested regularly, retrieval processes are rehearsed, and findings from call reviews feed directly into training and process improvements. Frontline staff are trained not only on how recording works, but why it matters for both customers and the firm.

Common FCA findings on call recording

Most findings arise not from deliberate misconduct, but from operational weaknesses or process drift. Understanding these pitfalls is essential for managers responsible for maintaining effective and compliant recording practices.

A recurring issue highlighted by the FCA is the failure to record calls that should have been captured. This can result from misconfigured systems, new products or queues being overlooked, or remote working arrangements not being fully integrated into the recording infrastructure. When conversations are missed, firms lose the primary evidence of how customer interactions were conducted, creating exposure for complaints and regulatory scrutiny.

Another common concern relates to customer disclosure. The FCA expects firms to clearly inform customers when calls are being recorded and why. Yet, in practice, disclosures are often inconsistent, rushed, or buried in scripts, leaving customers uncertain about how their data will be used. Such gaps not only undermine compliance but can also erode customer trust.

Accessibility and storage of recordings is another area where firms commonly fall short. Recordings may exist, but if they are difficult to retrieve, fragmented across systems, or lack clear ownership, the firm cannot demonstrate timely responsiveness in investigations or audits. Similarly, weak access controls and insufficient audit trails are frequent findings. Recordings contain sensitive personal and financial information, and regulators expect firms to protect them from unauthorised access or tampering.

Retention practices are also under scrutiny. Both under-retention and over-retention create issues. Deleting recordings too early can compromise the firm’s ability to respond to complaints or regulatory requests, while retaining them indefinitely without a clear policy risks data protection breaches. Additionally, pause-and-resume functions, intended to protect sensitive information such as payment details, are sometimes misused or inconsistently applied, undermining the integrity of recordings.

The FCA also notes that some firms fail to actively use recordings to manage conduct risk. Recording calls without reviewing them, analysing themes, or feeding insights back into training or process improvement is a missed opportunity, and, increasingly, a regulatory expectation. Finally, unclear governance over call recording (where responsibilities are assumed to lie elsewhere across operations, IT, or compliance) frequently contributes to these shortcomings.

How call recording is developing thanks to AI

Recorded calls can now be transcribed with AI technology, providing valuable material for training, creating concise summaries, and producing a reliable text record of customer conversations. Past calls can also be analysed with AI to interpret tone, sentiment understanding the customer’s underlying intent, and deliver valuable guidance for agent development and training.

Final thoughts

Call recordings are only valuable when they are comprehensive, secure, accessible, and actively used to improve service delivery. Operational managers who ensure robust processes, clear ownership, and regular monitoring can not only avoid FCA findings but also strengthen customer protection and operational resilience.