The Department of Justice released new Enforcement Policy for the Foreign Corrupt Practices Act (FCPA). The revisions include a new provision that many believe impairs the use of instant messaging software and other third-party messaging apps by employees. In order to receive a declination and full credit for cooperating with investigators under the Enforcement Policy, U.S. companies must appropriately retain business records by “prohibiting the improper destruction or deletion of business records, including prohibiting employees from using software that generates but does not appropriately retain business records or communications.”
This new remedial factor from November 2017 appears designed to stop the destruction of potentially valuable evidence of nefarious conduct by virtue of using third-party software applications on portable electronic devises—some of which automatically delete communications.
Avoid Overreaction
It is easy to overestimate the scope of this provision by concluding that the use of any instant message or social media software precludes a company from receiving full credit for timely remediation. Indeed, not all communication software compromises a company’s ability to appropriately retain documents and information. For instance, a typical text message thread is stored on a user’s mobile device until the thread is deleted. Other instant messaging services like Whatsapp and Wechat similarly store chat history, as does the instant messaging service available in Microsoft Outlook. It is important to distinguish these from third-party software like Telegram and Snapchat that can be programed to automatically delete messages from the device of both the sender and receiver.
Not Implemented Yet
Interestingly, DOJ’s only declination letter since releasing its Enforcement Policy makes no mention of its new records retention standard. In its letter dated April 23, 2018, DOJ explained that its decision not to prosecute the company for FCPA violations is based several factors, including steps taken by the company to remediate the behavior. Those steps included enhancements to the company’s compliance program, terminating the employment of 11 individuals, reducing bonuses and salaries for other employees, issuing formal reprimands, and disgorging in full an amount determined by the SEC. See USAM 9-47.120(3)(c).
Compliance Consideration
The Department may be working through how best to weigh this variable before using it in its declination calculous, which would explain why it was absent from the declination letter. As a practical matter, though, conducting business through such applications—that automatically delete communications—likely runs afoul of a company’s existing confidentiality and/or document retention policies. Companies should consider including this topic in annual compliance trainings and, where necessary, revise IT policies and procedures to curb future abuses.