Question to the HM Treasury:

To ask Her Majesty's Government what assessment they have made of the consequences for accountability including under data protection legislation of the use by banks and other financial services providers of the Symphony suite of software, which allows for the instant and permanent deletion of email files.

The Financial Conduct Authority (FCA) does not directly regulate the activities of Symphony Communication Services LLC or any other electronic messaging platform. However, firms that are authorised by the FCA who use messaging services such as Symphony are subject to a range of applicable requirements, including the recording and storage of such tapes and electronic communications.

MiFID II extended the UK’s existing record keeping requirements for telephone conversations and electronic communications from six months to a minimum of five years (this change came in on 3 January 2018). This will give the FCA an enhanced ability to investigate historic concerns.

With regards to firms’ compliance with data protection legislation, it is the responsibility of the Information Commissioner to regulate compliance with the Data Protection Act. The Commissioner may act on complaints about companies which are not complying with the law.