Roland Cloutier, a U.S. Air Force veteran and former law enforcement officer, stepped down as TikTok’s Global Chief Security Officer in July 2022 as the Biden administration continued to evaluate the national security risks posed by TikTok’s Chinese ownership.

AChina-based ByteDance team led multiple audits and investigations into TikTok's U.S.-based former Global Chief Security Officer, who had been responsible for overseeing efforts to minimize China-based employees' access to American user data, according to internal company materials reviewed by Forbes.

TikTok hired Roland Cloutier as its Global Chief Security Officer in March 2020, shortly after the Treasury Department’s Committee on Foreign Investment in the U.S. (CFIUS) opened an investigation into TikTok’s ties to China. In public statements, TikTok touted the work of Cloutier, a U.S. Air Force veteran and former veterans affairs police detective, as evidence that TikTok was taking cybersecurity and data concerns seriously.

But according to current and former employees, as well as internal materials reviewed by Forbes, Cloutier’s efforts to build out a robust security team were hamstrung by ByteDance’s Internal Audit and Risk Control department, which is led by Song Ye, an executive in Beijing.

The materials show that Internal Audit launched multiple audits and investigations into Cloutier, alleging that he had pushed contracts worth millions of dollars to U.S.-based security vendors who were his personal friends. Forbes did not view materials that conclusively substantiated or refuted the veracity of these allegations.

Some current and former employees, though, characterized the probes into Cloutier as pretextual fishing expeditions designed to find a reason to push him out of the company. They noted that TikTok’s Chief Internal Auditor, Chris Lepitak, had argued that some work managed by Cloutier’s TikTok team should instead be owned by ByteDance’s Internal Audit team. The sources said Lepitak indicated that Internal Audit should oversee areas like digital forensics and insider risk, which are key to ensuring the security of user data. Lepitak reports to Song Ye, who reports to ByteDance cofounder and CEO Liang Rubo. (Disclosure: In a past life, I held policy positions at Facebook and Spotify.)

TikTok and ByteDance did not answer questions about why Cloutier was investigated, whether he was fired or whether he was pushed out of the company because of his work on data access controls. ByteDance spokesperson Jennifer Banks said that “[a]ny internal investigation is done with the intent to maintain a safe and compliant workplace,” but declined to comment on specific investigations.

One investigation into Cloutier focused specifically on the Global Security Organization’s relationship with consulting giant Booz Allen Hamilton. Several former employees at Booz currently work on TikTok’s security team. Among other things, Booz was helping TikTok manage China-based employees’ access to U.S. user data. Previously, Booz declined comment on its relationship with TikTok, and did not immediately respond to a comment request.

TikTok is currently negotiating a national security contract with CFIUS which will govern the way the Chinese-owned social media app handles Americans’ personal user data. Before he left his post at the company in July 2022, Cloutier had been working on reducing China-based employees’ access to data: In an April 2020 blog post, he wrote, “Our goal is to minimize data access across regions so that, for example, employees in the APAC region, including China, would have very minimal access to user data from the E.U. and U.S.”

Cloutier did not respond to multiple requests for comment. TikTok announced that he was stepping down from his role as Chief Security Officer in July, and his LinkedIn profile says he left the company in September.

ByteDance spokesperson Banks said in a statement that the Internal Audit team is “responsible for objectively auditing and evaluating the company and our employees’ adherence to our codes of conduct.”

TikTok did not comment on a detailed list of points and questions from Forbes about the Cloutier investigations and other investigations conducted by ByteDance’s Internal Audit team. However, in response to Forbes’s earlier report about the team, TikTok’s communications department tweeted: “Our Internal Audit team follows set policies and processes to acquire information they need to conduct internal investigations of violations of the company codes of conduct[.]”

Despite TikTok’s claim that Internal Audit is “our” team, internal materials indicate that the Internal Audit team does not report to any members of TikTok’s executive team, and instead reports directly to ByteDance executives in China. TikTok did not answer a question about why it referred to the Internal Audit team in this way.

Materials also show that the probes conducted by Internal Audit have often been extensive, including contracts with outside security firms and reviews of many thousands of emails, employee correspondences and messages in Lark, ByteDance’s internal workplace management software. Materials also show that some investigations have been kept confidential from employees’ managers and from HR.

Cloutier is also not the only U.S. executive who was targeted by the Internal Audit department. Two sources also said that at least one other executive, former TikTok Global Head of Marketing Nick Tran, was also pushed out over allegations of conflicts of interests due to personal relationships, which the sources characterized as an excuse to terminate the employee. Tran declined to comment.