Why This Is Not Optional

If you work in financial services, call recording is not a "nice to have." It is a legal requirement. The regulations are clear:

MiFID II (EU) — requires recording of all client communications related to transactions, with 5-year retention

Dodd-Frank Act (US) — mandates recording of communications related to swaps and securities

FINRA Rules 3110 and 4511 (US) — require broker-dealers to record and retain business communications

FCA (UK) — requires firms to record telephone conversations and electronic communications relating to client orders

MAS (Singapore) — requires recording of communications related to specified transactions

FINMA (Switzerland) — mandates recording of client communications for financial intermediaries

Non-compliance is not a theoretical risk. Fines run into millions, and in some jurisdictions, individuals can face criminal charges.

How Teams Compliance Recording Works

Microsoft supports compliance recording through a bot-based architecture. Here is how it works:

An admin creates a Compliance Recording Policy in Teams

The policy is assigned to users who need to be recorded

When a recorded user makes or receives a call, Teams automatically invites a compliance recording bot into the call

The recording bot captures the media stream (audio, video, screen sharing)

The bot sends the media to the recording vendor's platform for storage and processing

This is fundamentally different from the built-in Teams recording (the "Record" button users can press). Compliance recording is:

Automatic — users cannot choose to not be recorded

Policy-based — admins control who is recorded and when

Tamper-proof — recordings cannot be deleted or modified by users

Always on — every call by a recorded user is captured, no exceptions

Option 1: Certified Recording Partners (Buy)

Microsoft maintains a list of certified compliance recording partners that have been tested and validated to work with Teams. The major ones for financial institutions:

ASC Technologies (Recording Insights)

Deployment: Cloud-hosted on Azure

Features: Records voice, video, chat, screen sharing. AI-powered transcription via Microsoft Cognitive Services. Advanced search, playback, and export.

Compliance: MiFID II, Dodd-Frank, FINRA, FCA, GDPR

Strengths: Purpose-built for regulated industries. Recently won a major Australian bank. Strong in EU and APAC markets.

Pricing model: Per-user per-month subscription

AudioCodes SmartTap 360 Live

Deployment: Cloud or on-premises (for organizations that require local storage)

Features: Records all Teams interactions (voice, video, IM). Policy-based recording with pause/resume for PCI compliance. Dedicated retention and deletion policies. Full audit trail.

Compliance: MiFID II, GDPR, FINMA, Dodd-Frank, E-Discovery

Strengths: Integrates deeply with AudioCodes SBC infrastructure. On-premises option for strict data sovereignty requirements. Well-established in European financial institutions.

Pricing model: Per-user license (perpetual or subscription)

Other Certified Partners

Vendor	Key Strength
NICE	Largest compliance recording vendor, deep analytics
Verint	Workforce optimization + recording
Dubber	Cloud-native, embedded AI analytics
Red Box	On-premises option, strong in UK financial market
Theta Lake	AI compliance for chat and meetings
CallCabinet	Cost-effective cloud recording

Option 2: Build Your Own with Media Server (Build)

Some organizations consider building a custom recording solution using:

Azure Media Services or a custom media server

Microsoft Graph Communications API to access call media streams

Bot Framework to create a recording bot

Custom storage (Azure Blob, on-premises NAS)

Why Organizations Consider This

"We want full control over our recording infrastructure"

"We do not want to pay per-user licensing fees"

"We have specific requirements that no vendor meets"

Why I Almost Always Recommend Against It

1. Regulatory Certification

Certified vendors have been through compliance audits and have attestations for MiFID II, FINRA, etc. Your custom solution has no such certification. When the regulator asks "is your recording solution compliant with MiFID II Article 16(7)?" you need a defensible answer. "We built it ourselves" is not a defensible answer.

2. Tamper-Proof Storage

Compliance recording requires WORM (Write Once Read Many) storage with cryptographic integrity verification. Building this correctly is non-trivial. Certified vendors have it built into their architecture.

3. Search and Playback

The regulator asks for all recorded calls between Trader X and Client Y between January and March. Can your custom solution search by participant, date range, phone number, and return results in minutes? Certified platforms can.

4. Retention Management

MiFID II requires 5 years. FINRA requires 3 to 6 years depending on the record type. Different regulations require different retention periods. Your solution needs automated retention policies that delete recordings at exactly the right time — not too early (violation) and not too late (data minimization under GDPR).

5. Ongoing Maintenance

Microsoft updates Teams APIs regularly. When a breaking change ships, your custom bot needs to be updated within days or calls stop being recorded. Vendors handle this as part of their service. Your internal team will need to maintain this indefinitely.

6. Total Cost of Ownership

Component	Certified Vendor	Custom Build
Development	$0	$200K-500K initial
Infrastructure	Included	Azure compute + storage
Compliance certification	Included	$50K-100K for audits
Ongoing maintenance	Included in subscription	1-2 FTE developers
Regulatory updates	Vendor handles	Your team handles
Per-user cost (1000 users, 3 years)	$5-12/user/month	Estimated $8-15/user/month all-in

The math rarely works in favor of building your own, especially when you factor in the risk of a compliance gap.

My Recommendation

For Most Financial Institutions: Buy a Certified Solution

Pick a vendor based on your specific needs:

ASC or AudioCodes SmartTap if you need on-premises storage for data sovereignty

NICE or Verint if you need deep analytics and workforce optimization

Dubber if you want cloud-native with AI analytics and a simpler deployment

Red Box if you are a UK-regulated firm with existing Red Box infrastructure

The Only Scenario Where "Build" Makes Sense

If you are a very large financial institution (think tier-1 global bank) with:

An existing in-house recording infrastructure for other platforms

A dedicated team of 5+ developers who maintain communication compliance tools

Specific regulatory requirements that no vendor can meet

Budget and risk appetite for a multi-year development project

Even then, I would start with a certified vendor for immediate compliance and develop the custom solution in parallel.

Implementation Checklist

Map regulatory requirements to recording features needed

Determine data residency requirements (cloud vs on-premises)

Evaluate 2 to 3 certified vendors with proof-of-concept deployments

Define retention policies per regulation

Test recording quality, searchability, and export formats

Train compliance team on the recording platform

Document the recording policy and communicate to all recorded users (some regulations require user notification)

Implement monitoring to detect recording failures immediately

---

Need help with the Teams Phone side of your compliance recording deployment? SwiftM365 generates voice configurations, user provisioning scripts, and policy assignments at scale.

Call Recording for Microsoft Teams in Financial Institutions: Build vs Buy