Justice Department Amends FCPA Policy Manual Amid Increasing Use of Encrypted Apps
The Department of Justice updated its policy manual provisions on Foreign Corrupt Practices Act enforcement to reflect changes in the requirements for retention of business records, according to the department. The new guidance, which took effect March 8, lifts a ban on the use of third-party messaging apps, including WeChat, WhatsApp and Snapchat, according to a report from Skadden Arps. The changes were made in light of “certain fast-growing economies, such as China and India, where WeChat and similar messaging apps are used extensively for legitimate business communications,” the report said.
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
Previously, in order for companies to receive “full credit for timely and appropriate remediation” for violations, the FCPA prohibited employees “from using software that generates but does not appropriately retain business records or communications,” according to the report. WhatsApp, for example, encrypts messages sent through the app, making retention of records difficult. “Almost immediately after the promulgation of this now-superseded policy, businesses and legal commentators criticized it as unrealistic,” the report said, adding that some companies in those growing-economy countries exclusively use WeChat to send messages.
However, even though the department lifted the ban on certain apps, it did not provide guidelines for retaining records when using them, according to the Skadden Arps report. Instead, the FCPA now notes that full remediation will only be granted to companies who implement “appropriate guidance and controls on the use of personal communications and ephemeral messaging platforms,” according to the guidance. The change does not specify what qualifies as appropriate controls. In many ways, the responsibility has fallen on companies to ensure they are retaining business records when using external apps, according to Skadden Arps. “While the elimination of the blanket ban is a welcome development, companies bear the risk of being second-guessed by the authorities with the benefit of 20/20 hindsight and should carefully evaluate the adequacy of their internal policies and practices,” Skadden Arps said.