It has been one year since the Department of Justice announced updated guidance on use of ephemeral messaging platforms for corporate communications. Since then, the DOJ and other regulators continue to sound alarms about these tools, which automatically erase conversations between parties. Their stance is clear: Companies with strong policies will be rewarded, and companies that fail to act face potentially tougher penalties if those communications ever become relevant.
To mitigate risks, companies should implement clear policies on ephemeral messaging, offer alternative means to send company-related texts, and develop training programs for employees.
Regulatory Focus
Government regulators see text messages, including those sent over ephemeral messaging platforms, as vital evidence. While the DOJ’s guidance is easy to understand, it could be difficult to follow in practice. Prosecutors would no longer accept “at face value” a company’s failure to turn over ephemeral communications and noted that “[a] company’s answers—or lack of answers [concerning ephemeral messages]—may very well affect the offer it receives to resolve criminal liability.”
The widely understood implication was that the DOJ expected companies to play an active role in guiding and monitoring employees’ use of messaging applications for company business. Yet it was unclear how the policy would work in practice or if the DOJ’s focus would wane.
Regulators’ focus on ephemeral messaging didn’t turn out to be a passing fad, and the DOJ has continued to broadcast how important it believes this type of evidence can be. In January, the DOJ antitrust division and Federal Trade Commission announced that they are changing language in their standard preservation letters, grand jury subpoenas, and compulsory legal processes to specifically address increased use of ephemeral messaging platforms.
These changes ensure that companies can no longer “feign ignorance” when it comes to their need to monitor and preserve ephemeral messaging. The DOJ even warned that, under this new guidance, the failure to produce such documents can result in criminal charges for the company, including obstruction of justice charges.
Companies with clear policies concerning ephemeral messaging have been rewarded. For example, DOJ officials have consistently praised Corsa Coal Corp. for making voluntary disclosures to the DOJ that resulted in two former executives of the company being charged with offenses related to the Foreign Corrupt Practices Act.
In declining to prosecute the company, the DOJ cited Corsa Coal’s significant cooperation as one of the factors leading to the decision not to prosecute. It also identified the case as an example of “the need for companies to develop policies concerning these messaging applications and, where appropriate, retrieve and then produce such communications.”
On the other hand, failure to adequately preserve messages can create additional risks for a company and its employees. Issues concerning ephemeral messaging were front and center in the criminal trial of FTX Trading Ltd. co-founder Sam Bankman-Friedin the Southern District of New York. There, the jury heard evidence concerning the involvement of FTX lawyers in creation and implementation of document retention policies.
This included testimony that company policies allowed for certain communication applications to be set to auto-delete, as well as testimony that Bankman-Fried had discussed with counsel the fact that certain messaging applications were so configured. Bankman-Fried was convicted of all charges and is awaiting sentencing.
Mitigating Risks
The past year has shown ephemeral messaging remains a source of significant peril for companies, particularly because regulators are unlikely to excuse companies’ inaction when their employees use these platforms.
In certain regulated industries, an employee’s use of ephemeral messaging can trigger an enforcement action for failure to abide with recordkeeping requirements. For example, the Securities and Exchange Commission in September 2023 charged several broker-dealers and investment advisers with recordkeeping violations in connection with failure to preserve off-channel communications.
There are actionable steps companies can take to mitigate these risks.
Have a policy. Implement a clear policy that bans the use of ephemeral messaging applications for company communications. This policy should be harmonized with the company’s acceptable use policies for technology. Company policies should also clarify that, should an employee use ephemeral (or any non-sanctioned) messaging communications, the company has a right to collect relevant data from the employee’s phone and make any disclosures to law enforcement as necessary.
Offer an alternative. In place of ephemeral messaging applications, companies should offer employees alternate messaging applications that are company-controlled and accessible for review, with practical retention policies that comply with applicable rules and regulations. Companies should also design and use functional mobile device policies and software to manage applications on devices used for business purposes, including personal devices.
Use training to understand the risks. Companies should develop training programs aimed at educating and empowering employees to understand their role in helping the company manage risks, including by using company-approved messaging applications.
Reproduced with permission. Published March 13, 2024. Copyright 2024 Bloomberg Industry Group 800-372-1033. For further use please visit https://www.bloombergindustry.com/copyright-and-usage-guidelines-copyright/.