Search for:

Amendments to FCPA Corporate Enforcement Policy

In March 12, 2019, the US Department of Justice (DOJ) modified the FCPA Corporate Enforcement Policy (the “Policy”). This Policy credits corporations that voluntarily self-disclose, provide full cooperation, and demonstrate timely and appropriate remediation in FCPA matters with a presumption of declination absent aggravating factors. A key change is to now allow the use of “ephemeral messaging platforms”, such as WeChat and WhatsApp, for business communications as long as controls are put in place to ensure appropriate retention of business records. These “controls” however require careful consideration as we discuss below.

Obligations to control or retain WeChat and WhatsApp business communications

In November 2017, the DOJ adopted the Policy to provide corporations with further certainty around the benefits of cooperating with the DOJ and how to obtain a declination. Many observed that the original language in the Policy indicated that to effectively remediate, business records could not be stored on messaging platforms because such platforms could not effectively retain business records. This was practically difficult as messaging apps are routinely used in the modern business context. The Policy amendments acknowledge the reality that business communications occur over these platforms – including as part of employees’ personal communications – and advise corporations to implement “appropriate guidance and controls” to ensure that the corporation retains these business records or communications as part of its document retention policies or legal obligations.

This development continues the trend seen in the People’s Republic of China issuing new rules to clarify procedures for collection of electronic data in criminal cases, which took effect in February 2019 – see our alert.

In addition to the guidance on the adoption of policies and controls around business communications on messaging apps, the amended Policy reflects two additional clarifications:

  1. In the M&A context, the Policy reflects the DOJ’s position that there will be a presumption of a declination where a company undertakes an M&A transaction where misconduct is uncovered through thorough and timely due diligence or post-acquisition compliance integration efforts; and
  2. Further guidance on “de-confliction” when the DOJ may request a deferral of investigative steps by a company for a limited period of time.

Actions to take

With the proliferation of messaging apps and the migration of business records to these platforms, it is essential that companies reconsider their policies and controls around the use of these apps to comply with the Policy’s expectations. In addition, it is important for companies to have access to these business communications when seeking to conduct credible internal audits and investigations. Depending on the industry and the legal requirements, we recommend that companies:

  • Control the use of messaging applications and restrict their use to devices that the company owns and/or can control and review. For high risk business functions (ie. procurement, government touchpoints), we recommend issuing a company device and ensuring that company policies will enable access and review of business communications respectful of relevant employment and data privacy laws.
  • Review IT and data privacy policies and procedures that apply to the use of messaging apps. These include carefully crafting “Bring Your Own Device” policies to clearly allow access to business records, should the company wish to allow employees to use their own devices for business communications.
  • In certain limited circumstances, prohibit the use of messaging apps for business communications. Note that messaging apps may not provide sufficient privilege protection for attorney-client communications.
Author

Author

Vivian Wu is a partner in Baker McKenzie's Beijing office, advising US and European corporations on regulatory, compliance and FCPA-related matters in China. Ms. Wu worked at our Washington D.C. office in 2014, graduated from Harvard Law School, and is admitted to practice in New York and China.

Author

Henry Chen has more than 17 years of experience in handling cross-border compliance and investigation matters. As a US- and PRC-trained lawyer, he has advised many multinational corporations on navigating and managing compliance risks in a variety of areas, including anti-bribery and corruption, anti-money laundering, anti-unfair competition, customs, data protection and cybersecurity, employee misconduct, ESG, financial crime, fraud, and whistleblower allegations.

Prior to joining the Firm, Henry acted as the Asia Pacific Director for Investigations at a Fortune 500 pharmaceutical company and led its regional compliance investigations. Besides Shanghai, he had also worked in Washington, DC, Hong Kong and Beijing as a compliance professional.

Author

Peter Andres is a Special Counsel in the Firm’s Compliance and Investigations practice group based in Hong Kong. Prior to joining the Baker McKenzie's Hong Kong office, Peter worked in the Washington, D.C. and Sydney offices of the Firm. During his time in Washington, D.C., Peter spent significant time assisting in the representation of companies before the Department of Justice and the Securities and Exchange Commission on FCPA investigations. In addition, Peter regularly speaks on issues related to technological innovation in the legal practice and has helped push the Firm’s adoption and development in Asia Pacific of e-discovery tools, data analytics, and Technology Assisted Review in investigations.