NY financial regulators reach agreement with 4 banks to retain records for 7 years

ALBANY, N.Y. – New York financial regulators have reached agreements with Goldman Sachs, Deutsche Bank, Credit Suisse and Bank of New York Mellon that require them to retain electronic records with a new cloud-based communications service for seven years.

The agreements are meant to help ensure the banks responsibly use Symphony Communications’ chat and messaging platform, which includes a feature described as “guaranteed data deletion,” the Department of Financial Services said Monday.

Symphony also provides end-to-end encryption of chat and instant messages, where only the sending and receiving institutions can decipher messages using a private decryption key. The agreements require the banks store a copy of the decryption keys with independent custodians.

“This is a critical issue since chats and other electronic records have provided key evidence in investigations of wrongdoing on Wall Street,” said Anthony Albanese, department superintendent. “It is vital that regulators act to ensure that these records do not fall into a digital black hole.”

Symphony called it “another positive development” on the eve of its launch, and that the platform protects against cyber threats while strengthening compliance operations. “Symphony provides state-of-the-art cybersecurity for institutions operating in complex regulatory environments,” chief executive David Gurle said.

In July letters, the department told the banks and Symphony it was concerned the service, created through a consortium of 14 financial institutions, could hinder the ability of regulators and prosecutors to investigate misconduct.

The four are those in the consortium the DFS regulates, but it suggested the same requirements apply to all regulated financial institutions in the future.