The use of instant messaging apps in business is on the rise globally.

In Asia in particular, apps like WeChat, WhatsApp, KakaoTalk, and Line are challenging, or have overtaken, traditional mediums of business communication like email and phone calls. Their prevalence has created unique obstacles for businesses and law enforcement agencies when it comes to the retention of business records.

Consistent with these trends, in March 2019, the United States Department of Justice (DOJ) revised key provisions of the Foreign Corrupt Practices Act (FCPA) Corporate Enforcement Policy relating to use of instant and ephemeral messaging services and platforms for business communications.

While the policy, which outlines criteria for corporate cooperation and self-disclosure in FCPA cases, previously restricted the use of certain communication software, the revisions introduce requirements on “appropriate guidance and controls” for such communications.

As a result, companies will have to strike the right balance between fulfilling new policy requirements with the practicalities of how different markets approach business communications. We explore this development and its implications on businesses subject to the FCPA below.

The Policy and Revisions

The policy, first announced in November 2017, details the DOJ’s standards for evaluating and rewarding corporate cooperation and self-disclosure in FCPA cases. These standards, in turn, provide guidance to companies designing compliance programs and navigating disclosure decisions.

To encourage companies to take active steps to self-report misconduct and address compliance shortcomings, the policy provides a “presumption” that the DOJ will not prosecute a company, if the company satisfies certain standards for voluntary self-disclosure, full cooperation, and timely and appropriate remediation (assuming no aggravating factors exist).

To secure full cooperation credit under the original policy, companies had to prohibit employees from using “software that generates but does not appropriately retain business records.”

Many interpreted this provision to prohibit the use of instant messaging apps like WhatsApp, WeChat, KakaoTalk, Line, and Skype, which are ephemeral and/or outside companies’ communications records ecosystem. Because these messaging apps are a prevalent and indispensable component of business, in practice, this requirement would have effectively prevented many companies from earning full cooperation credit under the policy.

However, there is no indication that the DOJ enforced this requirement—based on a review of published DOJ declination letters since the policy’s adoption in 2017, no declination letter has cited a company’s prohibition on software as a remediation factor considered (see Table 1 below).

The revised policy affords companies more flexibility to design internal policies and procedures to satisfy the business records and communication requirement.

While companies are still required to appropriately retain business records to earn full cooperation credit, the revised policy eliminates the blanket prohibition on communication software and instead calls for the implementation of “appropriate guidance and controls on the use of personal communications and ephemeral messaging platforms that undermine the company’s document retention policies or legal obligations[.]”

The DOJ’s revision is a practical response to the realities of today’s global marketplace. When Deputy Attorney General Rod Rosenstein announced the policy in 2017, he declared that the DOJ will enforce the FCPA “against both foreign and domestic companies that avail themselves of the privileges of the American marketplace.”

Indeed, half of the DOJ’s corporate FCPA resolutions in 2018 were coordinated with foreign authorities. Yet, strict enforcement of the original policy in markets where instant messaging apps are a necessary component of business would have precluded many companies from complying with the policy and discouraged the DOJ’s stated goal of providing “incentives for companies to engage in ethical corporate behavior.”

Compliance Under the Revised Policy

In light of the DOJ’s revised policy, companies should consider establishing or revising compliance policies, IT systems, and controls governing communication devices, tools, and applications, including with respect to retention and recordkeeping.

In doing so, companies should keep in mind that instant messaging platforms offer an array of technical features to facilitate business communication and transactions beyond chat, file transfer, and voice calls.

For instance, some platforms contain functions that may heighten the risk of bribery and corruption, including money transfers and the ability to purchase meals, travel, and merchandise. Conversely, other features like enterprise accounts may give companies more autonomy and control over business records.

On balance, the revisions to the business records and communication requirements of the policy are a practical shift in enforcement policy that provide more flexibility to companies and greater discretion to DOJ prosecutors.

Future declination decisions may provide insight into the DOJ’s enforcement of the revised policy. Until then, companies should be mindful of the policy’s new requirements.

This column does not necessarily reflect the opinion of The Bureau of National Affairs, Inc. or its owners.

Author information

Ryan Rohlfsen is a Litigation and Enforcement partner in the Chicago office of Ropes & Gray. He is a former U.S. federal prosecutor with the DOJ’s Criminal Fraud Section, FCPA Unit.

Mimi Yang is a Litigation and Enforcement partner and a Senior Foreign Legal Consultant in the Hong Kong office of Ropes & Gray.

Geoffrey M. Atkins is a Litigation and Enforcement partner in the Hong Kong office of Ropes & Gray.

David Zhang is a Litigation and Enforcement partner and a Senior Foreign Legal Consultant in the Hong Kong office of Ropes & Gray.

Karen Oddo is a Litigation and Enforcement associate in the Hong Kong office of Ropes & Gray.

Christopher Nienhaus is a Litigation and Enforcement associate in the Boston office of Ropes & Gray.