DOJ Revises Compliance Evaluation Criteria to Include Access to Past Messages, Emails
DOJ last week announced “significant changes” to how it assesses corporate compliance programs’ approach to communications platforms, which could impact whether the agency offers to resolve an investigation without criminal charges. Under the revised policies, companies that claim to not have access to emails and other electronic information related to a DOJ probe may have to prove to the agency that they can’t access those messages, Assistant Attorney General Kenneth Polite said.
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
“A company’s answers -- or lack of answers -- may very well affect the offer it receives to resolve criminal liability,” Polite said during a March 3 conference hosted by the American Bar Association. “So when crisis hits, let this be top of mind.”
The changes will update the criteria the agency uses in its Evaluation of Corporate Compliance Programs (ECCP) to take into account a company’s “approach to the use of personal devices” and “various communications platforms and messaging applications,” Polite said. DOJ will “consider how policies governing these messaging applications should be tailored to the corporation’s risk profile and specific business needs,” including to make sure companies are keeping records or can access past messages, electronic data and other information that may be relevant to a DOJ investigation.
The agency will ask companies how they “communicate the policies to employees” and whether those policies are enforced. Investigators may also ask “about the electronic communication channels used by the business and their preservation and deletion settings.”
And if a company declines to give DOJ messages from third-party platforms, “our prosecutors will not accept that at face value,” Polite said. “They’ll ask about the company’s ability to access such communications, whether they are stored on corporate devices or servers, as well as applicable privacy and local laws, among other things.”
Polite said the new policy will help DOJ investigations better assess the effectiveness of corporate compliance programs. “In today’s day and age, the use of these services is ubiquitous,” he said. “Just as we expect corporations to adapt to the realities of modern life and update their policies and practices accordingly, so too does the department.”
Polite also touched on Foreign Corrupt Practices Act issues, saying the agency plans to issue a Spanish version of its Foreign Corrupt Practices Act Resource Guide later this month. "This is a concrete example of how we stand with our partners in our collective fight against corruption," Polite said.