A 2021 internal audit of ByteDance’s systems revealed that the company needed to make significant changes to its fraud prevention systems.
Key Details
- TikTok owner ByteDance received an internal report in 2021 detailing the need for investment in anti-fraud programs in order to prevent fraud within its systems.
- The report warned that failure to make these changes could result in significant, billion-dollar fines, forced reporting to an outside monitor, criminal indictment of executives, and prohibition of operating in major markets like the U.S.
- The risk assessment evaluated typical risks for large companies such as embezzlement and potential conflicts of interest, but the report also focused on the risk caused by Chinese ownership.
- According to information provided in the report provided by an employee, “it was ‘impossible’ to avoid ‘sensitive and/or regulated data’ from being ‘improperly’ kept in servers in China,” Forbes reports.
- Further, the reports found that company policies, document retention, and executive communication with teams were lacking.
Why it’s news
TikTok is currently in ongoing negotiations with U.S. officials regarding concerns over data collection and storage in the video-sharing app.
Multiple U.S. officials have spoken out about security concerns surrounding the social media app and some have even called for its complete removal.
Already, reports have shown that ByteDance employees have access to TikTok user’s data. ByteDance’s close connection with the Chinese government creates a national security concern.
The internal report assessing ByteDance lumped TikTok in with its assessments.
A ByteDance Representative says of the report, “ByteDance regularly conducts risk assessments to identify potential risks and improve compliance, but this report is not one of them. This document was created within one department nearly two years ago, never presented internally beyond that, and is largely inaccurate, with outdated details which are made irrelevant by regular updates to our practices in the years since.”
ByteDance has not addressed what parts of the report they believe are inaccurate. The assessment was written by a now former ByteDance employee who was an attorney with state and federal government experience, Forbes reports.
The report also addressed security concerns surrounding the Lark—the internal messaging app for TikTok and ByteDance. The messages sent through the app are stored in China. Additionally, the company would not be able to provide records of internal communication conducted through the app, meaning ByteDance could be unable to turn over communications even if legally required.
Beyond concerns about internal communication, the report also found that there are few prevention methods in place to prevent embezzlement and other fraud. Many payments to vendors were made without an existing contract. Many of these payments had little to no documentation explaining what the payment was for.
“Based on expense data obtained for this FRA and verbal confirmations from system administrators, it appears that ByteDance’s data systems simply do not collect or retain data about multiple critically important matters related to company expense transactions,” read the report.
