In this blog post, Nate Lankford and Aiysha Hussain* discuss the Department of Justice's (DOJ's) new Foreign Corrupt Practices Act (FCPA) Corporate Enforcement Policy, which requires companies to prohibit employees from using software for business matters that does not properly store relevant data. "Specifically, under the new DOJ policy, for a company to receive full credit – e.g., the presumption of a declination – for timely and appropriate remediation in the context of cooperating with a government investigation, the company must meet the following criteria (among others): Appropriate retention of business records, and prohibiting the improper destruction or deletion of business records, including prohibiting employees from using software that generates but does not appropriately retain business records or communications [emphasis added].This language is unprecedented in prior DOJ guidance on FCPA enforcement, and shows a significant evolution in the DOJ’s expectations for data controls," Lankford and Hussain wrote. "For compliance professionals, it is important to first understand the perspectives and work habits of business personnel. With a solid understanding of such factors, one can more effectively develop practical data controls that help companies address risk and position themselves to qualify for substantial benefits under the DOJ’s new enforcement Policy, with minimal disruption to legitimate business processes."

This post was included in the December 15, 2017 issue of GIR Just Anti-Corruption.

*Former Miller & Chevalier attorney