Financial firms have long struggled to comply with rules requiring records of business conversations, especially on private, encrypted messaging apps like WhatsApp, Signal, and iMessage.
Their privacy features make it nearly impossible for companies to archive required communications. Between 2021 and 2023, U.S. regulators fined Wall Street firms over $3.5 billion for failing to record these “off-channel” communications.
Regulators now require companies to record and prepare all business communications for audit, no matter which app or device employees use.
Why This Matters to Employers
Companies long managed corporate email easily but struggled with text messages, since employees used personal phones or consumer apps lacking record-keeping features.
A major regulatory investigation revealed leaders at top firms used WhatsApp to negotiate major deals, leaving no record.
This violated rules, such as the Securities Exchange Act, as evidenced by JPMorgan’s $200 million fine. Businesses clearly needed a better solution for storing their chats.
The Regulatory Gauntlet
FINRA Rule 4510 and SEC Rule 17a-4 require investment firms to keep tamper-proof records of all business communications.
In 2023, 11 firms paid $1.1 billion in penalties for using unmonitored apps at work, with an additional $81 million in fines imposed later.
Government agencies and healthcare firms have similar rules. Since most messaging now uses end-to-end encryption, old telecom log requests are ineffective.
End-to-End Encryption and The Archival Challenge
Modern messaging apps, including Google Messages and Apple’s iMessage, now default to end-to-end encryption. This encryption prevents anyone from reading a message unless they possess the sender’s or recipient’s device.
Not even the messaging company can decrypt messages in transit. While this greatly enhances user privacy, it poses a challenge to compliance officers, who must maintain readable records for several years.
Old approaches, such as server-level scanning, are no longer effective on apps like WhatsApp and Signal, as even providers cannot access message content.
Google’s new RCS Archival feature captures message content directly from the employee’s phone—before encryption or after decryption. Companies keep messages protected during transit but archive them for compliance only on work‑managed devices.
How Google RCS Archival Works
Google announced RCS Archival in November 2025, initially making it available for fully managed Android Enterprise devices, particularly Google Pixel phones, and plans to support more devices in 2026.
The system links Google Messages to third-party compliance apps, such as Celltrust, Smarsh, or 3rd Eye. When IT enables this feature, Google Messages sends alerts to the compliance app whenever users send, receive, edit, or delete a message.
The compliance app, on work-managed phones, pulls message content from the phone, batches it, and sends it to the company-managed server. This server is controlled by the company’s IT or compliance team. Messages remain encrypted in transit; nothing is intercepted.
Only device-based archiving occurs, and users get notified—no hidden monitoring is involved.
Who Benefits the Most
The financial sector benefits the most from adopting RCS Archival because it faces the strongest regulatory scrutiny. Broker-dealers, investment firms, and advisors are required to ensure all business conversations are recorded and retrievable.
This sector was an early adopter due to facing repeated multi-million-dollar penalties for lapses in communication monitoring.
Healthcare firms also face strict HIPAA rules for patient communication, and government agencies must keep public records for FOIA compliance. Insurance and lenders have additional requirements.
RCS Archival enables these industries to capture business texting on managed devices, thereby lowering compliance risk. As a result, employees in these fields have less privacy on work phones, even for casual chat.
The Employee Perspective
When RCS Archival activates on a work device, employees see a clear notification. IT must inform users if chat archiving is active. Still, every message could be reviewed during a compliance audit.
Employees worry that monitoring may stifle honest conversations. Most experts agree that the law allows monitoring when the company owns the device and informs employees. Employees still often feel intruded on when they know the system saves even deleted or unsent messages.
In regulated industries, employers often write this kind of monitoring into contracts and require workers to accept it as a condition of employment.
How Compliance Vendors Fit In
Today, three major compliance vendors integrate with Google RCS Archival. Unlike older systems, these apps do not copy data to an external vendor’s cloud.
When Google Messages detects a message event, it notifies the vendor app, and the app extracts the message and securely sends it to the company’s own compliance server.
Employers control all aspects—from selecting the app to setting storage and review procedures, rather than the vendors.
The market is expected to grow, with Google and vendors announcing broader support and additional options for 2026.
Technical Details and Limitations
When a message event occurs on a managed Pixel, Google Messages logs it.
The compliance vendor app, with Android permission, reads new data, notes the event (sent, received, deleted), and sends it to the compliance server.
This only applies to RCS and SMS messages on managed devices—personal devices or unmanaged apps aren’t affected.
The Truth About “Deleted” Messages
Archiving deleted messages is a controversial feature that requires careful explanation. When an employee deletes a message on their phone, it actually remains in the phone’s database for a short time.
RCS Archival records a “deletion event,” logging exactly what was deleted and when. This does not mean the employer can recover messages completely purged from every device—but it does mean that deleting a message on a work phone is not an effective way to make it disappear from company records.
IT auditors can see the full message journey: sent, changed, deleted, and when. This is intended to create a crystal-clear audit trail for regulators and is a big part of why the system satisfies legal requirements for business transparency.
As companies navigate these advances
From a legal standpoint, RCS Archival targets regulatory requirements exactly—without overreach. SEC Rule 17a-4 and FINRA Rule 4510 require broker-dealers to maintain full, accurate, and accessible records of communication, but they do not require companies to monitor or archive personal communications.
The law requires organizations to notify employees, and archiving should only cover business use on managed devices.
Many privacy experts argue that monitoring company-owned devices is fully legal in the U.S., the U.K., Canada, and Australia when organizations give proper notice. In the EU and the U.K., stricter rules prevent firms from ‘over-collecting’ or archiving personal exchanges, so some companies may adopt the technology more slowly there.
Company Rollout and Global Reach
The feature was first launched on Pixel phones because these devices are often chosen by companies over personal ones for secure work use. As of late 2025, around 30 million Pixel devices are active worldwide—but not all are work devices.
Early adopters are mostly large corporations and regulated organizations. In 2026, Google plans to expand RCS Archival to more Android Enterprise devices, making it available to a much wider pool of corporate phones.
The feature is only available on devices that the company completely manages, not on bring-your-own devices or personal phones. In practice, this means most ordinary Android users aren’t affected—just those in regulated industries with work-managed devices.
Privacy Policy and Transparency
Google’s documentation and industry standards require clear, ongoing notification when RCS Archival is enabled. Transparency is required both by law and good policy.
Companies typically include these rules in handbooks, onboarding documents, and device acceptance forms, and IT always provides a warning before enabling archiving. Some privacy advocates argue that notification is insufficient, as it doesn’t truly give workers a choice and may encourage self-censorship.
However, in most Western countries, following notification and adhering to “data minimization” principles generally satisfies the law. In Europe, where the GDPR is stricter, companies may need to avoid archiving all messages and instead exclude clearly personal conversations.
Balancing Employer and Employee Rights
While RCS Archival clarifies company expectations, it highlights a deeper truth: workers have limited privacy on company equipment. Courts in the U.S. have consistently ruled that employees should not expect privacy when they use employer‑owned devices, as long as employers properly warn them.
Canada and Europe offer more rights, expecting employers to act reasonably and refrain from collecting more than necessary. For Google’s system, archiving only applies to company devices and business communications.
Still, employees sometimes use work phones for family or private messages, and the system can unintentionally capture those messages. Some employers attempt to block certain numbers or filter messages to address this issue, but not all do.
Market Effects and Regulatory Trends
Google’s RCS Archival drives rapid growth in the compliance technology market. Microsoft Teams, Slack, Zoom, and others already allow archiving through employer IT tools, and Apple faces growing pressure to add work archiving to iMessage as well.
U.S. regulators show no signs of relaxing rules, and may soon ask firms to explain why they aren’t archiving messages if the technology is available.
RCS, as a business messaging protocol, grew significantly after Apple announced its support in 2024, and analysts expect its traffic to reach 50 billion RCS business messages in 2025 and then quadruple by 2029. With the increasing use of digital communication, compliance scrutiny is likely to rise.
Beyond the Finance Industry
Although finance adopted RCS Archival first, healthcare institutions, law firms (which must protect attorney‑client privilege), federal agencies, and insurance companies now consider using it.
Government agencies may soon rely on RCS Archival to meet sunshine law and FOIA duties, and hospitals can use it to simplify HIPAA compliance when they configure and manage it correctly.
If widely adopted, recording work phone chats may become standard across many industries, leading some to worry about new norms of workplace monitoring.
Media Reactions and Public Perception
When Google announced RCS Archival, media reactions ranged from accurate news analysis to clickbait headlines, such as “Google Lets Your Boss Read Deleted Messages.”
Social media fueled confusion, with some posts falsely claiming that Google would archive all messages on any Pixel or all Android devices, when in truth it only applies to fully managed company devices.
Tech press, including outlets such as The Verge and Android Central, provided more accurate details, helping to debunk some myths. Still, expectations and anxieties around digital privacy continue to shape the debate about the future of work.
Email Archival
The move to archive text messages mirrors how companies changed work email from something private or optionally saved into something they regularly store, index, and review.
Following the Enron scandal and the introduction of updated SEC rules in the early 2000s, resistance to archiving waned, and it became standard practice in regulated industries.
The speed of the RCS Archival rollout is much faster due to recent regulatory pressure, but the long-term expectation is the same: work communications on company devices are never private.
Responsible Use and The Road Ahead
RCS Archival provides companies with a powerful tool to stay compliant with stringent regulations, particularly in finance and other highly regulated industries.
For employees, this system sets clear boundaries: they must assume that anything they do on a work phone can be recorded and reviewed, even when they use encrypted messaging apps.
For employers, the responsible approach means keeping archiving limited to business needs, being transparent with staff about monitoring, and respecting local privacy laws.
By 2027, this type of chat archiving will likely become routine in finance, healthcare, and government work. The big question in the privacy debate is not whether companies can, but whether they will use this technology fairly, transparently, and only as much as truly required.