E-Mail Communications: The Devil is on the Server
It is hard to imagine how prosecutors were able to bring cases before there was email communications. When I was a prosecutor, we looked for evidence in a lot of other sources, internal memos, calendars and other places where people would write incriminating messages.
The routine use of emails, texting and instant messaging systems has changed everything. Each of these technologies are often used by criminals who cannot help themselves from making incriminating statements or arrangements.
As one example, in the Pfizer FCPA enforcement action, the government was able to cite a small number of emails that basically made its case – a promise to send foreign official physicians and nurses to medical conferences in exchange for a promise by the physicians to purchase a number of Pfizer units (of a medical device). Bing! Bang! Zoom! – Pfizer was toast.
In another example, the Justice Department’s criminal prosecution of foreign exchange traders was largely made through replays of instant messaging in chat rooms among the traders that included a host of unsavory comments while ensuring that traders adhered to anti-competitive agreements to refrain from trades and stay within certain pricing agreements.
In a similar vein, email and other communications users are under the mistaken impression that if they delete these communications from their computers, the company or the government will never be able to recover the deleted communications. In almost every internal investigation involving a major scandal you will inevitably discover an executive who deletes emails and other files thinking that they are escaping detection. Little do they know, their failed attempts to delete incriminating information only confirm their guilty intent to violate the law – for prosecutors, such evidence is golden.
All of this begs an important question – should a CCO train executives, managers and employees on communications technologies or is there a risk that the CCO will be seen as promoting lawlessness?
Company employees have a responsibility to communicate in a professional fashion. Rude, offensive and obnoxious communications are contrary to such a principle. No one has a problem with reinforcing this principle. However, a CCO or an IT professional should not necessarily “teach” employees how to disguise or avoid communications to further an illegal scheme. The employees should not be engaged in such communications in the first place since illegal conduct is contrary to the company’s code and its commitment to avoid breaking the law.
Just to play devil’s advocate, what about training employees on avoiding communications that may increase civil litigation risks – for example, writing about competitive strategies that may involve questionable language like, “drive our competitor out of the market,” or other phrases that may raise civil litigation antitrust risks? This is walking a fine line between making sure employees never get caught when engaging in illegal behavior and reducing civil litigation risks.
A CCO has enough risks on his/her plate. Adding communications training seems like a lower priority. We always hear the phrase (after the investigation of course has already started), “don’t write down in an email anything you would never want to see reported in a newspaper.”
A company executive who has spent hours before government prosecutors reviewing a stack of old emails and being asked to explain minute phrases, and even individual words, when used in various contexts usually spearheads the need for controls in this area. The executive will moan and groan while reviewing the emails wishing he/she and their colleagues never wrote anything down in an email.
Unfortunately, we have to return to the old adage – telling the truth is easy because it easy to remember the truth – except when you write a lot of emails.