Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

NYDFS Reaches Fifth Agreement Regarding Symphony Chat System; Issues Regulatory Guidance

Electronic Records Data Collection / Aggregation NYDFS

Privacy, Cyber Risk & Data Security

On October 13, the NYDFS announced that it reached its fifth agreement with a bank regarding record keeping requirements and other protections to ensure that the bank is responsibly using Symphony Communication Services, LLC’s chat and messaging platform (Symphony). In September, the NYDFS reached similar agreements with four banks after expressing concern that some Symphony features, most notably its promised service of “Guaranteed Data Deletion,” had the capability to hinder regulators’ and prosecutors’ investigations of misconduct at banks. Per the agreements reached with the NYDFS, the banks must (i) require Symphony to maintain copies of all communications sent through the chat and messaging platform for at least seven years; (ii) provide an independent custodian with a copy of decryption keys for encrypted messages sent through Symphony; and (iii) inform the NYDFS of the location of the decryption keys. Acting Superintendent Anthony Albanese outlined these requirements in the October 13 guidance issued to all NYDFS-regulated institutions, stressing that “any [NY]DFS-regulated institution that is considering using the Symphony platform should ensure that the entity’s anticipated use conforms to the standards included in the Agreements.”