On Monday, September 14, 2015, four major banks signed agreements with New York’s Department of Financial Services to regulate their use of a new financial messaging platform provided by Symphony Communication Services Holdings LLC (“Symphony”).
The Silicon Valley start-up took off on October 1, 2014, when 14 financial institutions made a $66 million capital investment to develop a cloud-based collaboration and communication platform for the financial services industry. The initial contributors to Symphony were: Bank of America, BNY Mellon, BlackRock, Citadel, Citi, Credit Suisse, Deutsche Bank, Goldman Sachs, Jefferies, JPMorgan, Maverick, Morgan Stanley, Nomura, and Wells Fargo. Of these, BNY Mellon, Credit Suisse, Deutsche Bank, and Goldman Sachs are regulated by New York’s Financial Services Department.
Symphony developed its platform by acquiring Perzo, which had a secure communication technology, and integrating it with Goldman Sachs’ proprietary enterprise collaboration platform. Symphony’s product is promoted as providing a secure, industry-wide communication platform for financial-service professionals. However, some of Symphony’s claims regarding its platform sparked compliance concerns by government officials.
In a letter dated July 22, 2015, New York’s Acting Superintendent of Financial Services, Anthony J. Albanese, asked Symphony’s CEO for more information regarding Symphony’s claims of guaranteed permanent data deletion, end-to-end encryption keys known only to the banks, and Symphony’s open source licensing model. The letter expressed concern that, in light of recent cases charging market manipulation, banks could potentially use Symphony’s platform to circumvent compliance controls and regulatory review. Albanese further stated that he would reach out to the four banks regulated by New York to secure information regarding their intended use of the Symphony platform.
A few weeks later, on August 10, 2015, Senator Elizabeth Warren of Massachusetts penned a similar letter to the Director of the Consumer Financial Protection Bureau to express her concerns regarding Symphony’s publicly available descriptions of its platform. In particular, Senator Warren took issue with Symphony’s claims that its platform has special tools to prevent government spying. The Senator advised the Bureau that these tools could be used by banks to thwart the Bureau’s ability to obtain and interpret relevant compliance-related communications, which would impact the Bureau’s enforcement efforts.
Most recently, the four banks that invested in Symphony and are regulated by New York agreed to two main conditions for using Symphony’s platform. First, the banks agreed to require Symphony to maintain copies of all of their e-communications sent through the platform for seven years. Second, the banks agreed to store a copy of their decryption keys with independent custodian(s). Both parties agreed to revisit the terms of these agreements in five years. To view copies of these agreements, please click here.
The reaction to Symphony’s platform by government officials demonstrates the inherent tension that exists between new technology and the regulation and compliance of financial services. As banks seek more secure (and more private) methods of e-communication and data storage, we are likely to see similar agreements used to bridge the gap between the demand for these technologies and compliance with government regulatory oversight.