Financial regulators have fined Wall Street firms over $3.5 billion between 2021 and 2023 for failing to maintain records of business conversations on encrypted messaging apps, including WhatsApp, Signal, and iMessage. JPMorgan Chase alone paid $200 million after executives used WhatsApp to negotiate major deals without leaving any record.
In 2023 alone, eleven firms paid a combined $1.1 billion in penalties, with the SEC imposing an additional $81 million in fines shortly thereafter. Investment firms, broker-dealers, and financial advisors must adhere to strict rules under FINRA Rule 4510 and SEC Rule 17a-4, which mandate the maintenance of tamper-proof records of all business communications.
The problem grew worse as employees increasingly used consumer messaging apps on personal devices to conduct negotiations and close deals—apps that companies could not monitor or archive.
Google’s RCS Archival technology, announced in November 2025, represents the first major solution to this enforcement crisis. This new system enables companies to record text messages on managed Android devices while keeping messages encrypted as they travel across the internet.
How Google’s New Technology Solves the Encryption Problem
Modern messaging apps, such as Google Messages, Apple’s iMessage, and Signal, use end-to-end encryption by default, which means that only the sender and recipient can read messages—even the messaging company cannot decrypt messages in transit.
This strong privacy protection helps users, but creates headaches for compliance officers who must maintain readable records of business communications for regulatory audits that can last for years. Companies cannot use traditional methods to scan messages on company servers because providers cannot access encrypted content.
Google solved this problem by capturing message data directly from the employee’s device, either before encryption occurs or after the device decrypts it locally. This approach allows companies to maintain encryption protection during transit while still archiving messages on work-managed servers.
Google’s RCS Archival initially launched on fully managed Android Enterprise devices, particularly Google Pixel phones, with expansion planned for 2026. The system integrates Google Messages with third-party compliance apps, including Celltrust, Smarsh, and 3rd Eye.
When IT administrators activate the feature, Google Messages alerts the compliance app whenever users send, receive, edit, or delete a message. The compliance app extracts message content from the phone, securely batches it, and transmits it to the company’s managed server.
Employees receive clear notifications that archiving is active, and no secret monitoring occurs. The technology applies only to fully managed company devices, not personal phones or employee-owned devices, so most ordinary users remain unaffected.
Privacy Laws and the Future of Workplace Monitoring
From a legal perspective, RCS Archival meets regulatory requirements without excessive monitoring. SEC and FINRA rules require organizations to maintain complete records, but they do not mandate that companies monitor personal communications.
U.S., Canadian, and Australian law allows employers to monitor company-owned devices if they provide proper notice to employees beforehand. European regulations impose stricter rules that prevent firms from collecting or storing personal data beyond what is necessary for business purposes.
Courts have consistently ruled that employees cannot expect privacy when using employer-owned devices, provided that employers have warned them in advance. However, RCS Archival highlights a fundamental reality: workers have limited privacy on company equipment.
By 2027, message archiving is expected to become a routine practice across the financial, healthcare, and government sectors. Healthcare institutions must comply with HIPAA requirements for patient communications, government agencies must maintain records for FOIA compliance, and insurance companies and lenders face additional documentation requirements.
These organizations can use RCS Archival to significantly reduce compliance risk by capturing business text messages on managed devices. This trend raises important questions about whether organizations will deploy this technology fairly, transparently, and only to the extent required by law.
Financial regulators, healthcare regulators, and government agencies all drive adoption based on their specific compliance mandates. As this technology becomes standard practice, businesses must strike a balance between regulatory compliance and employee privacy expectations, while maintaining transparency about their monitoring activities.
Sources:
SEC Official Press Releases
CNBC
New York Times
Investopedia
International Banker
BGR Tech News