MANAGING RISKS ASSOCIATED WITH EPHEMERAL MESSAGING APPLICATIONS
In the modern-day work and personal lives of many people, applications such as WhatsApp, Signal and Telegram have become ubiquitous tools for communication, offering convenience, speed and accessibility. It has become common to discuss business affairs over a WhatsApp chat, with email increasingly being relegated to introductions, meeting requests and final, more formal documents.
However, this proliferation of non-corporate communication channels has raised significant concerns about the effectiveness of record-keeping, especially in the context of internal investigations and regulatory compliance, particularly for financial institutions (FIs).
Indeed, enforcement authorities are increasingly scrutinising the use of these applications in the workplace, recognising the potential risks associated with off-the-record conversations and the circumvention of official communication channels, with many already imposing large financial penalties.
As far back as 2017, the US Department of Justice (DOJ) commented on this issue in its ‘FCPA Corporate Enforcement Policy’, indicating that organisations should be “prohibiting employees from using software that generates but does not appropriately retain business records or communications”. The DOJ built on this guidance in its 2023 revisions to its ‘Criminal Division’s Evaluation of Corporate Compliance Programs’.
Crucially, in the DOJ’s guidance documents, the issue is closely linked to organisations gaining “cooperation credit” in connection with DOJ investigations. The message is clear: in order to be recognised as cooperating with investigations, organisations must be in a position to produce all relevant communication data, something which may not be possible if crucial business discussions take place on non-corporate channels, including apps which periodically auto-delete messages.
Jul-Sep 2024 issue
Accuracy