The New York Department of Financial Services (“DFS”) announced today that it had reached agreement with four banks under its jurisdiction regarding their proposed use of a new chat and messaging platform being offered by Symphony Communications LLC (“Symphony”). Symphony’s early marketing efforts had promoted the platform’s “guaranteed data deletion” feature, which had raised an issue among legislators and regulators that such a feature might be used to hide improper activities by employees at banks and other financial institutions.
Concerned about the potential loss of what could be critical evidence in an enforcement action, the DFS in July sent letters to Symphony and those banks reminding banks of their recordkeeping obligations and asking for detailed information on how the banks would use the new platform, particularly how they intended to use the data deletion feature.
Under the agreements, each of the banks agreed to the following actions:
- Symphony will be required to maintain copies of all e-communications sent through the platform to or from the bank for at least seven years;
- If messages are encrypted, the bank will store a copy of the associated decryption keys with an independent third party custodian that will be identified to the DFS; and
- No more than five years after the date of the agreement, the DFS and the banks will agree to discuss whether any changes are needed in the agreement due to the impact of any new technology developments in the intervening years.