Companies Should Beware Of Employees Texting Business Communications

Text messaging is convenient. It is an informal and instant mode of communication now available through numerous apps, which allow an individual to use their synced phone, tablet, and computer to quickly fire off messages. It's no wonder that text messaging has extended beyond the realm of friends and family, taking hold in our daily business communications.

However, intra-company text messages and other off-channel business communications have drawn scrutiny from the federal government because they undermine a company's ability to maintain effective recordkeeping.

For some companies, that recordkeeping is a regulatory requirement. On September 27, 2022, the U.S. Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC) announced that they had entered into settlements with various financial institutions for violations of recordkeeping requirements in the use of electronic communications. Through the SEC's consent orders, 15 broker-dealers and one affiliated investment adviser admitted to having violated certain recordkeeping provisions of the Securities Exchange Act of 1934. Separately, 11 financial institutions with CFTC-registered businesses settled charges that they had failed to maintain, preserve, or produce records governed by CFTC recordkeeping requirements, and had failed to diligently supervise matters related to their businesses as CFTC registrants. The combined penalties for the involved entities total more than $1.8 billion. In addition to being hit with fines, each firm agreed to retain compliance consultants, who will conduct comprehensive reviews of their policies and procedures relating to the retention of electronic communications on personal devices.

These settlements may be part of a broader and ongoing regulatory crackdown against off-channel communications at financial institutions. For example, this summer HSBC told investors that it was facing scrutiny from U.S. regulators over the use of "unapproved electronic messaging platforms for business communications," yet it was not among the firms in this round of settlements. The SEC noted its own investigation into this issue is ongoing.

For companies that are not subject to securities or commodities laws or regulations, off-channel communications nevertheless present a compliance problem. Take, for example, FCPA enforcement. In 2017, the U.S. Department of Justice (DOJ) issued its FCPA Corporate Enforcement Policy, setting forth the DOJ's approach to the investigation, prosecution, and resolution of Foreign Corrupt Practices Act violations. The policy provided that a company could not receive full credit for remediation of a potential FCPA violation without demonstrating that it "prohibit[ed] employees from using software that generates but does not appropriately retain business records or communications." This guidance led to uncertainty among companies about whether to prohibit messaging apps like WhatsApp or apps with ephemeral (disappearing) messages like SnapChat, or to purchase company versions of such apps to ensure that business communications would be stored appropriately and could be accessed by the company.

In 2019, the DOJ updated its FCPA policy, clarifying that companies do not have to prohibit employees from using these messaging apps but must at least "implement[] appropriate guidance and controls" regarding the use of these apps, which undermine the company's recordkeeping capabilities. This policy shift freed companies from having to impose blanket prohibitions on messaging apps but required them to make difficult decisions about what kind of guidance and controls would be considered "appropriate" by a potential DOJ investigator, based on the particular circumstances of the business or the type of communication at issue.

The bottom line is that intra-company text messaging may present a compliance issue. Even if the communications within your company are not subject to specific recordkeeping rules, you should carefully consider what sort of guidelines and training are necessary to ensure that the company maintains a proper level of recordkeeping.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.