DOJ wants companies to curb employees’ business-related chats on encrypted apps like WhatsApp and Telegram that are increasingly hindering federal white collar criminal probes.
The Justice Department says it will put more emphasis on whether companies hand over employee digital communications when considering leniency for cooperation, a step designed to yield more evidence against individual bad actors.
The directive included in a wide-ranging corporate crime memo issued by Deputy Attorney General Lisa Monaco earlier this month comes after regulators reached a massive civil settlement with JPMorgan Chase over employees’ inaccessible chats. Sixteen additional Wall Street firms reached settlements with the Securities and Exchange Commission—over unauathorized messaging apps—totalling $1.1 billion, the SEC announced Tuesday.
“A lot of employees are more careful, and are using Signal or other encrypted systems, and that poses a real challenge to what DOJ is trying to do on increased corporate enforcement and individual employees,” said Justin Weitz, a former supervisor in DOJ’s criminal fraud section, overseeing finance industry investigations.
“But it is also a challenge for companies that are working to ensure a clean corporate culture,” added Weitz, who left the department in July to become a white-collar defense partner at Morgan Lewis.
A decade ago, investigators relied on emails easily recovered from search warrants and subpoenas to catch traders openly discussing details of their crimes, former prosecutors said. In more recent years, chats that recreate a minute-by-minute crime scene have largely shifted to texting apps with disappearing functions.
“More and more,” US prosecutors struggle to access evidence in corporate criminal cases because it’s hosted on encrypted platforms, said Dwight Draughon, a former federal prosecutor in Maryland.
In her Sept. 15 memo, Monaco ordered the Criminal Division to update guidance to prosecutors on how they evaluate a company’s electronic messaging policies when considering whether to bring criminal charges.
It’s among a host of measures the department is using to entice companies to self-disclose criminal activity at an early stage, with a goal of indicting more senior executives.
When determining how much lenience to give cooperating companies, prosecutors should assess whether the business “has instituted policies to ensure that it will be able to collect and provide to the government” documents such as “texts, emessages, or chats” from “devices that are used by its employees for business purposes,” Monaco stated in the memo.
Depending on how Monaco’s guidance is applied by criminal prosecutors, companies may face a greater threat from an issue that they’ve already been grappling with in other contexts.
“It has the potential to put companies in a really difficult bind trying to enforce an unenforceable policy—if it turns out the DOJ wants companies to completely restrict the use of these messages,” said Billy Jacobson, an Allen & Overy partner and former manager in DOJ’s fraud section.
‘Level the Playing Field’
The Justice Department’s emphasis on how companies handle messaging apps and personal texts follows similar scrutiny by banking regulators.
Investment banks are subject to heightened record-keeping requirements for brokers and traders that don’t apply in other industries.
Even before the department’s corporate enforcement announcements, lawyers were wondering if the fines expected to be paid by Goldman Sachs and other banking giants would soon lead to DOJ criminal enforcement and scrutiny in more industries.
“Does the government start saying, ‘let’s use that as a model; that companies should really be following this more broadly?’' said Ryan Rohlfsen, a Ropes & Gray partner and former senior trial attorney at DOJ’s fraud section. “There’s been a lot of rumblings about this is what’s coming down the pike, while recognizing that” the SEC Wall Street “cases involved particular regulations around the financial institutions.”
The memo doesn’t grant DOJ the authority to punish companies solely for not retaining chats. But it does extend concerns to industries beyond the banking sector.
“I think what DOJ is trying to do is level the playing field and say, ‘look, this is an issue not just for highly-regulated entities but for everyone,’” said Ellen Zimiles, a former federal prosecutor and government-appointed compliance monitor who is now a partner at consultancy Guidehouse.
Yet the department will experience hurdles in successfully translating this effort into senior executive convictions.
It would require not only that companies effectively ban the use of personal devices and encrypted apps for business communications, but employees to then discuss misconduct in a more open forum.
“That, realistically speaking, seems less likely,” said Laura Perkins, a former fraud section supervisor who’s now the co-managing partner at Hughes Hubbard & Reed. “If they know they’re having improper communications, they won’t want to move them back to email.”
Despite that limitation, the policy’s section on encrypted and ephemeral chats has prompted white-collar defense bar strategizing over how to prepare clients.
Some companies will immediately have outside counsel interview employees to gather a baseline understanding of how many people and at what level employees “are engaged in talking about the corporate work on external messaging apps,” said Draughon, who in July left his prosecutor post to join Steptoe & Johnson as a partner.
Once the Criminal Division reveals more detailed enforcement instructions to prosecutors, those companies “will be able to act as soon as possible,” Draughon said.
Many multinational companies subject to Foreign Corrupt Practices Act enforcement are already accustomed to tightening their ephemeral messaging policies to impress DOJ. In 2017, the department demanded that companies seeking cooperation credit in FCPA cases must prohibit employees from using apps that don’t properly retain messages. It relaxed those rules in 2019.
Monaco’s latest directive marks a possible return to the tougher approach—signaling that merely having a policy to disfavor unmonitored chats won’t be enough.
“That was the big message that I got out of it, which was, OK, there’s a policy, but show us where you train people on it,” said Audrey Harris, a managing director at compliance services firm Affiliated Monitors Inc. “Show us where you’re enforcing against it, and not turning a blind eye.”