Most companies already have policies in place to manage the retention of any electronic information considered business records. There’s one communications channel that’s sometimes overlooked: publicly available messaging apps, which offer various forms of user confidentiality. Reasons for the appeal of these messaging apps are their security, ubiquity and ease of use. While practical for users, they can pose a legal problem for organizations.
In November 2017, the US Department of Justice (DOJ) released a new FCPA Corporate Enforcement Policy aimed at providing additional benefits to companies based on their corporate behavior once they learn of misconduct. In order to receive specified credits for cooperation, companies must prohibit “the improper destruction or deletion of business records, including prohibiting employees from using software that generates but does not appropriately retain business records or communications.”
In short: you must maintain an appropriate record, including the provenance, of any and all data that could constitute a business record — and failure to do so can lead to steeper penalties.
In some regions, secure messaging services such as WhatsApp are among the most commonly used forms of communication. While the reasons for this may vary—custom, convenience, practical necessity (especially in regions lacking reliable telecommunications), or a desire to shield communications from unwelcome eyes—it is important to not underestimate the cultural challenge in overriding these factors.
An all-out prohibition of such platforms may be met with heavy resistance from employees charged with implementing company strategies in the field. Such a prohibition may be ignored, or encourage users to flip channels to a service that’s not even on the company’s radar (a technique often used by criminals), further increasing risk to the company.
Once FCPA-related misconduct has come to light, the DOJ provides guidance when considering leniency to companies based on their behavior both before and after its discovery. Given the challenges these messaging apps present when it comes to supporting a company’s retention strategy, you should focus on the following tenets in order to be considered for a reduction in potential fines: