Now you see it, now you don’t – Why ephemeral messaging capture remains critical for compliance

Business communication is no longer limited to “traditional” channels like email, fax, or telephone. Increasingly, organizations permit the use of myriad channels for business, from Microsoft Teams or Slack to WhatsApp or Signal. As long as these channels of communication are approved and – in the case of financial services in particular – captured and preserved, there is relatively little at stake.

Problems arise, however, when organizations are not able to capture, record, and monitor the communications that employees are conducting for business purposes, as record-breaking fines for “off-channel communications” have shown. Ephemeral messages are a particularly pressing challenge, as messages containing business communications can disappear or self-destruct without a trace, potentially undermining investigations or internal risk monitoring.

While U.S. regulators have slowed the pace of large-scale enforcements over the past year, recent guidance continues to emphasize the importance of effective compliance programs and proactive monitoring to keep risk in check: a message to firms that preserving and producing business communications, including ephemeral messages, is important in uncovering and addressing misconduct.

What risks do ephemeral messages pose to organizations?

Disappearing messages present multiple risks to organizations:

• They may be used by bad actors as a means of concealing misconduct or unauthorized communications
• They may cause organizations to fall outside of regulatory recordkeeping requirements that oblige firms to capture and retain business communications for set periods of time
• They break consistency in a firm’s audit trail, so in the event of a regulatory or criminal investigation, a firm is unable to present investigators with a full picture of events

Disappearing messages present an easy and almost untraceable way for individuals to conceal valuable data – which may in time become valuable evidence. In a recent enforcement matter from the Delaware Court of Chancery, individual shareholders faced scrutiny for “acting recklessly” by using the Signal platform to destroy evidence of conversations despite litigation hold notices.   

The memorandum opinion from the Court states that “After receiving litigation holds, the controlling stockholder…did not take any steps to check the settings on their Signal apps and chats” and “manually changed the auto-deletion settings for individual Signal chats to implement short-fuse destruction periods.”

This case illustrates how, without appropriate communications compliance and risk detection controls, relevant conversations can easily be altered or tampered with, compromising the preservation of key evidence. 

What does DOJ, CFTC, and FTC guidance say about ephemeral messages?

U.S. governmental bodies are increasingly aware of the risks of ephemeral messages, especially with regard to regulatory and criminal investigations. We’ve previously seen a focus on this topic from the DOJ and the FTC, which have issued a series of messages around this topic.

Initially, in March 2023, the DOJ released amendments to its Evaluation of Corporate Compliance Program (ECCP), in which it set out data retention expectations for personal devices and, specifically, ephemeral messages. In a keynote related to the published amendments, Assistant Attorney General Kenneth A. Polite, Jr., commented that:

“During an investigation, if a company has not produced communications from these third-party messaging applications [including ephemeral messages], our prosecutors will not accept that at face value. They’ll ask about the company’s ability to access such communications, whether they are stored on corporate devices or servers, as well as applicable privacy and local laws.”

In January 2024, the FTC and DOJ updated this guidance that “reinforces parties’ preservation obligations for collaboration tools and ephemeral messaging”. This guidance reviewed the language around the preservation of communication “to address the increased use of collaboration tools and ephemeral messaging platforms in the modern workplace.” 

The DOJ released its updated Corporate Enforcement Policy (CEP) in May 2025, which outlined increased benefits for self-disclosure for firms that “see something, report something, and make sure your company can work with the Department.” In other words, the firms that monitor and identify potential misconduct within communications will be leading in the compliance race. 

Most recently, the CFTC referenced the retention of business communications, including ephemeral messages, in a May 2026 advisory on cooperation and self-reporting in enforcement matters, stating that the “implementation of appropriate record-retention measures, including…policies prohibiting the improper destruction or deletion of business records…including ephemeral messaging platforms,” is required for firms to receive full credit for timely and appropriate remediation.

What does regulatory guidance on ephemeral messaging mean for organizations?

In short, guidance from the DOJ, CFTC, and FTC obliges firms to have robust, clear policies around the use of ephemeral messaging channels, to capture communications made through such channels and – if firms have not been able to capture such communications – to have a good reason why. “A company’s answers – or lack of answers – may very well affect the offer it receives to resolve criminal liability,” said Polite.

How can organizations manage the risks of ephemeral messaging?

• Develop clear, robust policies that directly tackle the use of ephemeral messaging

Although seemingly simplistic, regulators have made it clear that they will be looking to see that firms have robust policies in place that set out their expectations around disappearing messages. These policies should be clear, easy to follow, readily accessible, and proactively communicated to all affected staff.

• Deliver engaging training that sets out the expectations and consequences of failure

Once policies have been established, training must be delivered to explain to employees what the policy means for them. Training should be engaging, offering real-life examples and context as to why the policy exists. Training should explain what the consequences may be in the event that an employee fails to adhere to the policies – in this instance, criminal liability is at stake. This should be clearly emphasized to employees to encourage adherence.

• Implement technology solutions that limit access to ephemeral messaging options

Aside from manual policies and training, technological solutions exist that can aid in the mitigation of compliance risks. Mobile device management (MDM) solutions offer the ability to switch ephemeral messaging options on or off remotely, within in-app settings. Similarly, compliant communication apps, such as Global Relay App, allow employees to communicate via WhatsApp or text, but remove the option to use disappearing messages – so all communications are captured and archived by default, and available in the event of an investigation.

• Implement solutions that enable you to capture communications made through ephemeral messaging applications

Another technological consideration is data Connectors, which seamlessly connect communication data from any source and deliver that data into a compliant archive for comprehensive, complete data retention. Connectors capture data at source, so, depending on the communication channel you’re looking to retain, may facilitate the capture of ephemeral messages sent – before they disappear.

Ephemeral messaging retention expectations aren’t disappearing

Ephemeral message capture remains essential, but the rationale has evolved as regulatory priorities have pivoted. Instead of focusing solely on off-channel communications as standalone violations, regulators are concerned with how disappearing messages could impact investigations, such as by obscuring misconduct or deleting key evidence. Now, ephemeral messaging capture is a core component of a well-built and effectual compliance program.