· Luke Faragher · Compliance  · 7 min read

Dodd-Frank text message recording: SMS capture for CFTC Rule 1.35

CFTC recordkeeping treats a text about a trade like any other record. SMS is the hardest channel to capture — here's why, and how SIM-level recording helps.

CFTC recordkeeping treats a text about a trade like any other record. SMS is the hardest channel to capture — here's why, and how SIM-level recording helps.

When people talk about the off-channel communications crackdown, they usually talk about the SEC. But some of the largest penalties came from the other side of the street: in September 2022, the CFTC ordered swap dealer and FCM affiliates of 11 financial institutions to pay over $710 million for recordkeeping and supervision failures. The conduct was texting — personal-device SMS, WhatsApp and Signal messages about firm business that were required records and were never kept.

Voice recording is a solved problem on trading floors. Turrets have been taped for decades. The channel that actually caught these firms out was the humble text message — and SMS is, by some distance, the hardest channel to capture properly.

This post covers what the CFTC’s rules under Dodd-Frank actually require for SMS, why texting is technically awkward, and how SIM-level capture handles it. This is not legal advice — rule scope under the Commodity Exchange Act is genuinely fiddly, so speak to your compliance counsel about your firm’s position.

Dodd-Frank, the CFTC, and where texts fit

Dodd-Frank (2010) brought the swaps market under CFTC regulation and created the swap dealer registration regime. The recordkeeping obligations that matter for mobile live in the CFTC’s rules underneath it, chiefly:

CFTC Rule 1.35 — the general “records of commodity interest transactions” rule. It requires FCMs, retail foreign exchange dealers, certain introducing brokers, and members of designated contract markets and swap execution facilities to keep:

all oral and written communications provided or received concerning quotes, solicitations, bids, offers, instructions, trading, and prices, that lead to the execution of a transaction in a commodity interest… whether communicated by telephone, voicemail, facsimile, instant messaging, chat rooms, electronic mail, mobile device, or other digital or electronic media.

“Mobile device” is in the rule text. A text message negotiating a futures order is as much a record as the order ticket.

CFTC Rules 23.202 and 23.203 — the swap dealer equivalents. Swap dealers and major swap participants must keep daily trading records including pre-execution trade communications, oral and written, and retain swap records generally for the life of the swap plus five years. Since the CFTC’s 2017 recordkeeping modernization, records of pre-execution communications may be retained for five years from creation.

The retention asymmetry is worth knowing: under 1.35, written communications are generally kept for five years, identifiable and searchable by transaction, while oral recordings need only be kept for one year. Your text messages have a longer regulatory life than your tapes.

And on the oral side, the recording obligation is scoped: it covers FCMs, RFEDs, and introducing brokers with more than $5 million in aggregate gross revenues over the preceding three years — smaller IBs are exempt from taping. Nobody in scope is exempt from the written side. Which makes SMS the floor of a CFTC mobile-compliance program, not the ceiling.

(If your firm is dual-registered, the SEC’s books-and-records regime runs in parallel — we’ve written up SEC Rule 17a-4 and mobile recording separately, and the FINRA supervision layer in FINRA mobile compliance.)

Why SMS is the hard channel

Firms archived email in the early 2000s and chat in the 2010s because both run through servers the firm controls. Archiving them is a server-side switch.

SMS is different. A text message travels through the mobile carrier’s network and terminates on the SIM in the handset. There’s no corporate server in the path. The firm never touches the message unless it puts itself in the path deliberately. That leaves two architectures:

App-based capture. Staff install a messaging app (or an MDM container), and messages sent through that app are archived. The structural flaw is the same one that produced $3 billion+ in off-channel fines: the native Messages app is still on the phone, one tap away, and it works with every counterparty’s number. The compliant app requires cooperation; the native channel doesn’t. Apps also get deleted, logged out, and quietly broken by OS updates — and when a regulator asks you to demonstrate that capture was complete, “we believe everyone used the app” is not an answer.

SIM-level (network-level) capture. The business number lives on an ONSIM SIM or eSIM, and every SMS sent or received on that number is captured inside the mobile network — including messages sent from the phone’s native Messages app. There’s nothing on the device to install, configure, bypass or delete. The user texts normally; the network keeps the record.

This is the same argument as for voice, but it bites harder on SMS because with texting there’s no “recorded line” for staff to defect from — the native channel is the channel. The only way to make the native channel compliant is to own the network layer. That’s what ONSIM is: a mobile network, not an app vendor. The underlying service is described at Mobile Call & SMS Recording.

SMS in the flow: validate before delivery, not just archive after

Most capture solutions are passive — a copy of the message lands in the archive after it’s sent, and surveillance finds problems later.

Because ONSIM operates the network the SMS travels through, we can do something stronger: put your firm in the flow of the message. An SMS sent from a recorded number can be passed to your systems for checking and validation before it’s delivered to the recipient. That opens up controls that after-the-fact archiving can’t offer — policy checks, content screening, or holding messages that trip a rule for compliance review before they leave the firm.

For CFTC use cases, we also support SMS-only capture: if your obligation (or your gap) is written communications rather than voice — say, a sub-$5M IB with no taping duty, or a desk whose calls are already captured on turrets — you can deploy ONSIM to capture just the text channel.

Either way, everything is timestamped, tied to the user and the business number, and delivered to your archive in a form that supports the “identifiable and searchable by transaction” standard your five-year retention has to meet.

The practical deployment shape

A typical CFTC-driven mobile deployment looks like this:

  1. Business numbers move to ONSIM SIMs/eSIMs. With eSIM, a captured business identity can sit alongside a personal number on the same dual-SIM handset — corporate-liable capture without confiscating anyone’s personal phone.
  2. Capture scope is configured — voice + SMS, or SMS-only, per desk or per user. In-the-flow validation is enabled where you want pre-delivery control.
  3. Records flow to your archive. ONSIM is bring-your-own-archive: export with full metadata via API, SFTP push, SIP-REC or HTTPS POST into platforms like Bloomberg Vault, Global Relay, Smarsh, SteelEye, Verint, ASC, NICE or Theta Lake, or straight to AWS S3 / Azure Blob / Google Cloud. Your existing surveillance and reconstruction tooling then treats mobile as just another channel.
  4. Retention runs on your schedule — five years for written comms, one year for oral, longer where swap-dealer rules or your counsel require it.

Full product detail, including security and the compliance frameworks we support (Dodd-Frank among them), is on the Mobile Compliance Recording page.

Honest limits, and next steps

ONSIM is a UK-headquartered global mobile network already trusted by large banks for network-level call and SMS recording. We operate internationally through partner Tier 1 networks and can run centrally managed deployments across multiple geographies — but US deployment is scoped case-by-case, so speak to our solutions team about your specific footprint before assuming coverage.

If texting is the gap in your CFTC recordkeeping program — and after 2021–2025, every firm should assume a regulator will eventually ask for its texts — we’re happy to walk through the architecture with you and your compliance team.

Request a quote at onsim.uk/quote or call +44 333 880 4008.


This article is general information, not legal or compliance advice. Whether Rule 1.35, the Part 23 swap dealer rules, or parallel SEC/FINRA obligations apply to your firm depends on your registrations and activities — confirm with your compliance counsel. Sources: 17 CFR 1.35; 17 CFR 23.202–23.203; CFTC 2017 recordkeeping amendments (82 FR 24479); CFTC press releases 8470-21 and 8599-22.

Back to Blog

Related Posts

View All Posts »
ONSIM Launch 3CX SIM

ONSIM Launch 3CX SIM

ONSIM launches a native mobile 3CX SIM service in the UK, simplifying PBX connectivity without apps or VoIP.