The New York State Department of Financial Services has reached agreements with Goldman Sachs, Deutsche Bank, Credit Suisse, and Bank of New York Mellon on record-keeping requirements and other protections “to ensure the banks’ responsible use of the new Symphony Communications chat and messaging platform.”

Under the terms of the agreements, announced on Monday: Symphony will retain all e-communications sent through its platforms to or from the four banks for seven years; banks will store duplicate copies of the decryption keys for their messages with independent custodians not controlled by the banks; and the banks agree to, within five years, meet with regulators to assess whether any modifications of the deal are appropriate.

Symphony, a new chat service aimed at banks, is funded by a consortium that includes Goldman Sachs, Bank of America, BNY Mellon, BlackRock, Citigroup, Deutsche Bank, JPMorgan, Morgan Stanley, Wells Fargo, and others. The service boasts state-of-the-art security and privacy controls, including those intended to prevent “government spying.” Among the features that drew the concern of NYDFS officials is “guaranteed data deletion,” that could hinder regulatory investigations.

That claim caught the attention of Sen. Elizabeth Warren (D-Mass.). In August she laid out her concerns to bank regulators, the Securities and Exchange Commission, and other regulators in writing. “The communications that Symphony will allow companies to hide from ‘government spying,’ such as text messages and chat room transcripts, have proven to be key evidence in many previous regulatory and compliance cases that have uncovered criminal action by Wall Street,” she wrote.

In July, Anthony Albanese, NYDFS’ acting superintendent, wrote to participating banks, demanding that they report back on how they intend to use Symphony products; what personnel will be using them; whether Symphony will be used in conjunction with or to the exclusion of other communications services; how messages will be retained; and whether the encryption technology can be used to prevent review by compliance personnel or regulators.

“We are pleased that these banks did the right thing by working cooperatively with us to help address our concerns about this new messaging platform,” Albanese said this week. “It is vital that regulators act to ensure that these records do not fall into a digital black hole.”

Topics