In this blog post, Nate Lankford and Dawn Murphy-Johnson discuss a recent update to DOJ's FCPA Corporate Enforcement Policy, which reflects an evolution in the agency's expectations for companies to control employee use of ephemeral messaging apps such as WhatsApp, Signal, and Viber. In the original policy, issued by DOJ in December 2017, the agency appeared to require companies to prohibit the use of such software in order to receive full credit for "timely and appropriate remediation" of potential FCPA violations. By contrast, the updated policy, issued on March 8, 2019, suggests that companies should develop risk-based controls for communications and messaging platforms. "Perhaps the most important bottom-line takeaway is that the DOJ expects companies to carefully consider and implement controls around communications and messaging platforms in advance of any FCPA investigation. Companies that fail to do so risk not only losing full credit for timely and appropriate remediation under the FCPA Corporate Enforcement Policy, but also a general loss of credibility in future dealings with U.S. enforcement agencies if they ask for employee messaging data that the company cannot locate," the authors wrote.