On October 13, 2015, the New York Department of Financial Services (“DFS”) announced that it had reached another agreement with a DFS-regulated institution regarding its proposed use of a new chat and messaging platform being offered by Symphony Communications LLC (“Symphony”). Symphony’s early marketing efforts promoting its “guaranteed data deletion” feature had raised an issue among legislators and regulators that such a feature might be used to hide improper activities by employees at banks and other financial institutions.
This new agreement is the same as those the DFS announced on September 14, 2015 with four other DFS-regulated institutions. Under these agreements, each of the banks agreed to require Symphony to maintain copies of all e-communications sent through the platform from or to bank personnel for at least seven years, and if messages are encrypted, the bank will store a copy of the associated decryption keys with an independent third party custodian that will be identified to the DFS.
The DFS also issued general guidance that same day stating that any other DFS-regulated institution wishing to use Symphony must execute a similar agreement with the DFS containing the same standards as those set forth in the already-executed agreements.