Mercredi 9 décembre 2015
Article paru dans Financial News
Symphony out of tune with regulators; Bank-backed chat service has had an enthusiastic response from the financial industry, but politicians on both sides of the Atlantic have been less impressed
James Rundle
(c) 2015 Financial News Ltd. All rights reserved.
During the investigations into rate-rigging and currency-market manipulation by major banks in recent years, chat logs and instant messages provided a substantial amount of evidence that wrongdoing had taken place on trading floors.
The banks and brokers in question were fined more than $9 billion as a result and criminal prosecutions continue.
The investigations would have been impossible if firms had been able to delete chat records – and US and EU politicians are concerned that new communication tools might allow them to do exactly that.
The platform that has attracted the most attention is Symphony. The company, known as Perzo until it was bought in October 2014 by a consortium of 15 firms led by Goldman Sachs, operates software designed to allow bank employees to communicate inside and beyond their firms. It has been feted as a serious challenger to Bloomberg’s chat system, Instant Bloomberg, which dominates communications between trading floors. Symphony’s chat service, which began operating in September 2015, says it has 45,000 users, predominantly in financial services but also in other industries, including healthcare.
But on October 20, three members of the European Parliament – Anneliese Dodds, Elisa Ferreira and Pervenche Berès, a former chair of the Committee on Economic and Monetary Affairs, or Econ – released a joint statement in which they said that the use of Symphony and similar platforms could undermine rules designed to prevent market abuse, due to its alleged ability to delete data and encrypt communications. The MEPs also wrote to the European Securities and Markets Authority and other European regulators, expressing these concerns.
EU measures
Speaking to Financial News, Ferreira said: “We became aware that this kind of structure was being created, and we really think it’s very important that, from the EU side, we take appropriate measures. This kind of secrecy and encryption, then deletion, completely contradicts what we have been trying to do in financial markets.”
During an Econ meeting in Brussels on November 17, the chairman of Esma, Steven Maijoor, confirmed that it would bring Symphony and other platforms like it to the attention of financial regulators in EU member states. He said: “We will share this with the national regulators – they have the supervisory responsibility and, on that basis, we can then see if there are problems with similar types of tools regarding record-keeping.”
However, Symphony’s spokesman said it was “a topic that was in the news several months ago, and has been settled”. He said: “Symphony doesn’t have, and has never had, the ability to instantaneously delete messages sent through the system. Every communication that goes through a financial institution’s Symphony platform is recorded in the retention interface, and is preserved in the institution’s records. Users don’t have the ability to override that.”
He added that while the company could not comment on specific meetings or confirm if it had been in touch with either Esma or national regulators, it “welcomed the opportunity to discuss how our platform works with regulators”.
The retention of communication logs is common to most pieces of financial regulation issued after the crisis. The Dodd-Frank Act in the US, for example, forces derivatives trading firms to keep records of communications related to trade execution for the lifetime of a swap contract, plus five years.
Meanwhile, in Europe, the review of the Markets in Financial Instruments Directive will make it mandatory for firms to keep call and text-based records for a minimum of seven years, once it comes into force.
Deletion concerns
Regulators’ concern that Symphony could delete data is not confined to Europe. Symphony claimed that it had “designed a specific set of procedures to guarantee that data deletion is permanent and fully documented”, according to a letter to David Gurle, chief executive of Symphony, from Anthony Albanese, the acting superintendent at the New York Department of Financial Services, in July 2015.
The letter asked for information about specific functions of the Symphony chat platform. Like the MEPs, Albanese was concerned that users might be able to delete and encrypt communications.
The DFS investigation ultimately led to four banks signing agreements on September 11 – Goldman, Credit Suisse, BNY Mellon and Deutsche Bank – that compelled them not to delete communications sent through the platform for at least seven years and to store codes that can decrypt the messages with an independent custodian.
Concern was also expressed by US politicians. Elizabeth Warren, a Democratic senator from Massachusetts, wrote to the US regulatory agencies on August 10, asking for information about Symphony’s capabilities. She said that she was concerned over banks “making this information difficult for regulators to obtain and interpret”.
In his letter to Gurle in July, Albanese said that Symphony’s claim about data deletion was made in “marketing materials” that also claimed that “Symphony is completely private. Your data is 100% protected by encryption keys known only by you, never by us”.
That material is no longer on Symphony’s website, and cannot be found on cached versions of it.
Symphony said that the use of encryption is not intended to block regulators from viewing communications records but, instead, is a cyber-security feature, and pointed to high-profile cyber-attacks on press-release depositories and financial institutions this year alone. The spokesman added that Symphony itself has no access to the records, as the decryption codes are the property of the user.
Whether Esma has met national regulators to discuss Symphony is unclear. An Esma spokeswoman said that the regulator had no further comment beyond Maijoor’s remarks to Econ, but emphasised that “Esma’s focus is that record-keeping requirements are respected”. A spokesman for the UK Financial Conduct Authority declined to comment on whether it had met Esma about Symphony.
Data retention
In the Econ meeting, Maijoor said that existing European legislation provided a “solid legal basis” for the retention of communication records, implying that any attempt to work around these would be in breach of compliance.
Spokespeople for Dodds and Ferreira said that they would not be able to make the contents of a letter they received from Esma in response to their concerns available, as it was not public correspondence, and Berès’s office did not respond to a request for comment.
Both Dodds and Ferreira said that they would be observing the progress of discussions closely.
Dodds said in an interview: “The concern we have is that, obviously, at European level, there has been a huge amount of work done to create new architecture for financial regulation. It’s been debated over months, and indeed years, and it would be enormously frustrating if we end up in a situation where the very requirements of that legislation can’t be followed because of a new business model that has been adopted by some banks.”
Symphony’s spokesman said that these concerns were “a case of not understanding how it works”, and added: “Symphony, if you think about the initial 15 founding firms, was designed with the input of many firms’ compliance departments, who are very focused not just on meeting the current state of the art of how this type of retention is done, but also having better record-retention, a better compliance platform available to really move things ahead.
“I think we know that, historically, there are a number of messaging platforms in the financial space where there have been compliance issues in the past. Symphony was designed to really address many of those issues, and to provide a stronger and more compliant platform for the future.”
This article first appeared in the print edition of Financial News dated December 7, 2015