Demo Environment — Illustrative Data Only
Verity Layer

Confidential

Communications Archive Reconciliation Report

Meridian Capital Partners

Reporting Period: February 1, 2026February 28, 2026

Prepared: March 3, 2026 | Archive Vendors: Smarsh, Global Relay

1. Executive Summary

Verity Layer performed daily automated reconciliation of Meridian Capital Partners's electronic communications archive for the period February 1, 2026 through February 28, 2026. The reconciliation compared source-system message counts against archive ingestion records across 5 monitored channels.

During the reporting period, 6,017,820 messages were identified at the source systems, of which 5,922,780 were confirmed captured by the designated archive vendors, yielding an overall capture rate of 98.42%.

The reconciliation identified 3 archiving gaps requiring attention: 1 critical finding and 2 warnings. Detailed analysis and recommended remediation steps are provided in Section 4 below.

2. Capture Rate by Channel

The following table summarizes message volumes and capture rates for each monitored communication channel during the reporting period.

ChannelVendorSourceArchiveDeltaRate
EmailSmarsh3,218,4473,217,89155699.98%
TeamsSmarsh1,847,2031,812,46134,74298.10%
SlackGlobal Relay892,104834,20957,89593.50%
ZoomSmarsh12,84712,8311699.90%
WhatsAppGlobal Relay47,21945,3881,83196.10%
Total6,017,8205,922,78095,04098.42%

3. 30-Day Trend Analysis

Daily reconciliation revealed stable capture rates for Email (consistently 99.98%) and Zoom (99.9%) throughout the reporting period. Two significant deviations were observed:

  • Slack: Capture rate dropped from 99.0%+ to below 88% beginning February 14, following the expiration of the Discovery API OAuth token. The gap persisted through the remainder of the reporting period.
  • Teams: A single-day capture rate dip to approximately 91.2% on February 19, caused by Microsoft-imposed rate limiting on the Export API. Rates returned to baseline on February 20 following vendor remediation.

WhatsApp capture rates showed a brief decline from February 7-9 related to unenrolled devices, resolving after device enrollment on February 10.

4. Gap Analysis & Findings

Three archiving gaps were identified during the reporting period. Each finding includes a root cause analysis, estimated impact, and recommended remediation.

Finding 1: Slack Discovery API Token Expired[critical]

Gap Window: Feb 14 – Feb 28, 2026
Messages Affected: 57,895
Channel: Slack
Detected: Feb 15, 2026

Root Cause: The Global Relay Slack connector authenticates via a Slack Discovery API OAuth token that must be rotated every 90 days. The token issued on November 15, 2025, expired at midnight on February 14, 2026. Global Relay's connector silently failed — it continued polling but received 401 responses, which were logged as warnings rather than errors. No automated token refresh was configured, and the monitoring dashboard showed the connector as 'active' because the polling process itself remained running. The gap was detected by Verity Layer's daily reconciliation when the February 14 archive count dropped to zero against a source count of 32,847 messages.

Recommended Actions:

  1. Regenerate Slack Discovery API OAuth token and re-authenticate Global Relay connector immediately
  2. Configure automated token refresh with 14-day advance alerting in Global Relay admin console
  3. Trigger retroactive backfill for February 14–28 via Global Relay's gap recovery API
  4. Validate backfill completeness by running targeted reconciliation against Slack Discovery API message IDs
  5. File regulatory gap notification with compliance team — 15-day window exceeds most firm thresholds
  6. Update runbook to include token expiry monitoring as a critical operational check

Regulatory Exposure: A 15-day gap affecting 57,895 messages across all Slack workspaces represents a material recordkeeping failure under SEC Rule 17a-4 and FINRA Rule 4511. The extended duration and full-channel scope would likely trigger a regulatory inquiry if discovered during examination. Firms are expected to detect and remediate archiving failures within 24-48 hours.

Finding 2: Teams Export API Rate-Limited[warning]

Gap Window: Feb 19, 2026 (6:00 AM – 11:45 PM EST)
Messages Affected: 34,742
Channel: Teams
Detected: Feb 20, 2026

Root Cause: On February 19, Microsoft applied an unannounced rate limit reduction to the Teams Export API for tenants exceeding 5,000 licensed users. Smarsh's connector, configured for 600 requests/minute, began receiving HTTP 429 (Too Many Requests) responses at approximately 6:00 AM EST. The connector's retry logic backed off exponentially but was unable to process the full message queue within the 24-hour window. Approximately 34,742 messages from high-volume channels (Trading Floor, Sales Desk, Client Services) were not ingested before the daily export window closed. Smarsh deployed a hotfix on February 20 reducing request rate to 200/minute with parallel worker threads, which restored normal capture rates.

Recommended Actions:

  1. Confirm with Smarsh that the February 20 hotfix has been applied and sustained capture rates have returned to baseline
  2. Request Smarsh trigger a targeted backfill for February 19 using the Teams Export API's historical access endpoint
  3. Verify backfill completeness by cross-referencing Verity Layer reconciliation counts for February 19
  4. Engage Microsoft account team to confirm new rate limits and request enterprise-tier API allocation
  5. Document the incident and remediation for the compliance file

Regulatory Exposure: A single-day gap of 34,742 messages is significant but contained. The prompt detection (next-day) and vendor remediation within 24 hours demonstrate reasonable supervisory controls. Recommend documenting the incident proactively to demonstrate gap detection capabilities if questioned during examination.

Finding 3: 12 WhatsApp Devices Not Enrolled[warning]

Gap Window: Feb 7 – Feb 9, 2026
Messages Affected: 1,831
Channel: WhatsApp
Detected: Feb 10, 2026

Root Cause: Twelve new WhatsApp Business devices were provisioned by the firm's mobile team between February 5-6 as part of a headcount expansion in the Sales and Private Wealth divisions. The devices were activated and began sending client communications on February 7, but were not enrolled in LeapXpert's capture bridge until February 10. The gap occurred because the device provisioning workflow in the firm's ITSM system does not include a compliance checkpoint to trigger LeapXpert enrollment. Messages sent from these 12 devices during February 7-9 were not routed through the capture bridge and therefore not archived by Global Relay.

Recommended Actions:

  1. Verify all 12 devices are now enrolled in LeapXpert and actively capturing
  2. Attempt to retrieve February 7-9 messages from device-level WhatsApp Business backups where available
  3. Update the ITSM device provisioning workflow to include mandatory LeapXpert enrollment as a prerequisite before device activation
  4. Conduct an audit of all active WhatsApp Business devices against LeapXpert enrollment records to identify any other unenrolled devices
  5. Document the gap and process remediation for the compliance file

Regulatory Exposure: While the message count (1,831) is relatively small, the gap represents a complete failure to capture communications for 12 specific users over 3 days. Regulators view per-user coverage gaps as a systemic control weakness. The remediation should emphasize the process fix (enrollment checkpoint) rather than the backfill, as it demonstrates the firm's commitment to preventing recurrence.

5. Methodology

Verity Layer performs daily automated reconciliation by comparing message metadata counts between source communication systems and designated compliance archives. The reconciliation process follows these steps:

  1. Source Count Retrieval: Verity Layer connects to each source system's administrative API (Microsoft Graph, Slack Discovery API, Zoom Admin API, LeapXpert Bridge) to retrieve definitive message counts for the reconciliation window.
  2. Archive Count Retrieval: Parallel queries are executed against each archive vendor's ingestion logs and export APIs to retrieve confirmed capture counts.
  3. Reconciliation: Source and archive counts are compared at the daily level. Discrepancies exceeding configurable thresholds generate findings with severity classification.
  4. Root Cause Analysis: Automated diagnostic routines identify probable causes for detected gaps, including API errors, authentication failures, rate limiting, and enrollment gaps.

This analysis is based exclusively on message metadata (counts, timestamps, and system identifiers). No message content is accessed, stored, or transmitted by Verity Layer at any point in the reconciliation process.

This report was generated by Verity Layer's automated reconciliation engine on March 3, 2026.

Data reflects metadata counts only — no message content is accessed or stored.

Meridian Capital PartnersFebruary 2026 — Confidential