Fatal Error Compliance Call Audit

Inspection template for reviewing calls for fatal compliance violations or data breaches that fail the interaction regardless of other scores.

Audit Scope and Call Identification

• Call or interaction identified correctly
  Record the interaction ID, date/time, agent, queue, and customer segment if applicable.
• Applicable compliance policy or script version confirmed
  Document the policy, disclosure script, or SOP used for this audit.
• Audit reason documented
• Recording quality sufficient for review
  Audio or transcript quality allows reliable compliance assessment.
• Reviewer notes and evidence captured
  Summarize key evidence supporting the audit outcome.

Identity Verification and Authentication

• Identity verification completed before account-specific discussion
  No sensitive account, personal, or protected information was discussed before authentication was completed.
• Authentication method followed approved procedure
  Agent used the approved verification steps and did not skip required checks.
• Security questions or one-time codes handled appropriately
  Verification data was requested, received, and handled according to policy without exposure.
• No unauthorized account access or impersonation risk observed
  Interaction did not indicate bypassed controls, social engineering success, or unauthorized access.
• Verification exceptions documented and approved
  Any exception to normal authentication was supported by policy and supervisor approval.

Fatal Compliance and Privacy Violations

• No unauthorized disclosure of personal or sensitive data
  Check for disclosure of PII, PHI, payment data, credentials, account details, or other protected information to an unauthorized party.
• No payment card or banking data exposed improperly
  Card numbers, CVV, bank account numbers, or similar data were not spoken, repeated, stored, or displayed in violation of policy.
• No prohibited promises, guarantees, or legal commitments made
  Agent did not make unauthorized commitments, legal advice, regulatory statements, or promises outside authority.
• Required disclosures delivered accurately and in full
  Mandatory disclosures, consent language, or notices were delivered in the correct sequence and content.
• No deceptive, coercive, or misleading statements
  Interaction did not include misrepresentation, concealment of material facts, or pressure tactics that violate policy.
• No prohibited instructions or unsafe guidance provided
  Agent did not instruct the customer to bypass controls, ignore warnings, or take unsafe or non-compliant actions.

Regulatory and Script Compliance

• Opening disclosure delivered when required
  Any required opening statement, monitoring notice, or consent language was provided at the start of the interaction.
• Call flow followed approved script or decision tree
  Agent stayed within the approved process and did not omit mandatory steps.
• Escalation or transfer criteria applied correctly
  Required escalation, supervisor transfer, or specialist referral occurred when policy thresholds were met.
• Customer consent captured where required
  Consent for recording, data use, account changes, or other regulated actions was obtained and documented.
• Regulatory references or jurisdiction-specific requirements followed
  Document any applicable regulation, internal control, or jurisdiction-specific requirement relevant to the call.

Outcome, Corrective Action, and Escalation

• Overall audit result
• Fatal error or breach type
• Corrective action assigned
  Describe retraining, coaching, containment, incident reporting, or escalation required.
• Supervisor or compliance escalation required
  Indicate whether the issue must be escalated to compliance, legal, security, or management.