FCPA investigations and "private" messaging apps: What you need to know now

Start adding items to your reading lists:
or
Save this item to:
This item has been saved to your reading list.

February 2019

Overview

Most companies already have policies in place to manage the retention of any electronic information considered business records. There’s one communications channel that’s sometimes overlooked: publicly available messaging apps, which offer various forms of user confidentiality. Reasons for the appeal of these messaging apps are their security, ubiquity and ease of use. While practical for users, they can pose a legal problem for organizations.

The DOJ takes note

In November 2017, the US Department of Justice (DOJ) released a new FCPA Corporate Enforcement Policy aimed at providing additional benefits to companies based on their corporate behavior once they learn of misconduct. In order to receive specified credits for cooperation, companies must prohibit “the improper destruction or deletion of business records, including prohibiting employees from using software that generates but does not appropriately retain business records or communications.”

In short: you must maintain an appropriate record, including the provenance, of any and all data that could constitute a business record — and failure to do so can lead to steeper penalties.

Cultural resistance to change

In some regions, secure messaging services such as WhatsApp are among the most commonly used forms of communication. While the reasons for this may vary—custom, convenience, practical necessity (especially in regions lacking reliable telecommunications), or a desire to shield communications from unwelcome eyes—it is important to not underestimate the cultural challenge in overriding these factors. 

An all-out prohibition of such platforms may be met with heavy resistance from employees charged with implementing company strategies in the field. Such a prohibition may be ignored, or encourage users to flip channels to a service that’s not even on the company’s radar (a technique often used by criminals), further increasing risk to the company.

I'm being investigated and my employees use messaging apps for company business: now what?

Once FCPA-related misconduct has come to light, the DOJ provides guidance when considering leniency to companies based on their behavior both before and after its discovery. Given the challenges these messaging apps present when it comes to supporting a company’s retention strategy, you should focus on the following tenets in order to be considered for a reduction in potential fines:

  1. Judiciousness. Voluntarily self-disclosing all relevant facts known to the company, including all relevant facts about all individuals involved in the violation of law, “within a reasonably prompt time” after becoming aware of the offense. 
  2. Cooperation. Timely preservation, collection, and disclosure of relevant documents and information relating to their origin. 
  3. Remediation. Appropriate retention of business records, and a policy prohibiting the improper destruction or deletion of business records, including prohibiting employees from using any software “that generates but does not appropriately retain business records or communications.”

Contact us

Dustin Spinks

Dustin Spinks

Director, PwC US

Follow us
Hide