In March, the U.S. Department of Justice (DOJ) issued revised guidance for the Foreign Corrupt Practices Act’s (FCPA) Corporate Enforcement Policy (CEP) concerning the adoption of rules and regulations around the use of ephemeral messaging platforms, such as Snapchat, WeChat or Telegram for business communications. What does this revision imply for corporations all around the world and how can it support your company’s fight against corruption and bribery?
The FCPA: A global anti-corruption enforcement tool?
First, we should look at how the Corporate Enforcement Policy credits and encourages corporations to voluntarily cooperate, deliberately self-disclose and show appropriate remediation in case of misconduct. The FCPA was introduced in 1977 to prevent U.S. businesses and their representatives from influencing foreign officials through any personal payments or rewards. Since then, other countries have started developing their own enforcement mechanisms in response to the rising importance of anti-bribery and anti-corruption regulations in the U.S.
Contemporary legal experts have argued that this increased global understanding of the negative effects bribery and corruption has led to a rise in greater cross-border collaboration among regulators—giving U.S. prosecutors access to foreign intelligence and information—turning the FCPA into a comprehensive and global tool against all kinds of bribery.
Through its expanded Corporate Enforcement Policy, introduced and adopted in late 2017, the DOJ enables international corporations to reduce the potential penalties of an FCPA violation through voluntary disclosure and cooperation with investigators. Such considerations are not available, however, to repeat offenders.
Legal experts were quick to point out that the policy’s wording undermined the value of modern and global business communication where messaging apps are often used daily.
Up until last month, this meant that international corporations seeking consideration under the FCPA Corporate Enforcement Policy had to prevent their employees and representatives from using ephemeral messaging systems which did not store transcripts, such as Snapchat, WeChat or Telegram.
Rather than a general ban on these modern communications tools, the most recent policy amendment by the DOJ gives credit to the reality of businesses all around the world, which conduct part of their communication through these platforms. Their CEP now emphasizes the importance of implementing appropriate guidance and controls on the use of personal communications and ephemeral messaging platforms in order to safeguard the corporations business records.
Simultaneously, this easing of the DOJ’s policy towards the corporate handling of third-party ephemeral messaging apps calls for enhanced due diligence solutions when it comes to raising awareness for the internal usage of these apps and the extensive documentation of business records and communication, ensuring that corporations protect and preserve an audit trail as part of their legal obligations.
How should your company approach these amendments?
Data is one of the most crucial capitals in the 21st century, both for governmental and nongovernmental actors and there are various reasons why corporations want to secure and retain their data. This is why operating with business records or communication calls for a comprehensive approach and why your company should follow these three recommendations:
1. Know your legal retention obligations
Your company should perform due diligence when assessing and revising internal protocols and policies in order to meet various record retention obligations. Assessing the current forms of communication within a company and analyzing its applicability to legal obligations should also be made part of this process.
2. Implement appropriate data retention controls
Once the legal obligations have been identified, your company should make sure to implement necessary data retention controls that conform to these obligations. Keeping in mind the recent implementation of the EU’s General Data Protection Regulation, you should also consider revising the list of applications permitted for usage and to define the content and the purpose of different means of communication within your company.
3. Practice makes perfect
Your company should consider possible changes and keep track of further amendments when it comes to legal retention obligations. Furthermore, it is crucial that your company raise awareness among employees related to the storage and correct handling of business records and other forms of communication linked to your company. Obtain consents for monitoring and collection of necessary data and in case of wrongdoing, establish disciplinary measures to best meet legal obligations.
These recent policy amendments introduced by the DOJ reflect a continuing international trend of governments introducing new regulations aimed at clarifying methods for the comprehensive storage and usage of business records. Only a month prior to these new DOJ amendments, the People’s Republic of China issued new regulations authorizing national authorities to access business records stored in foreign systems when conducting criminal investigations.