This site uses cookies to provide you with a more responsive and personalized service. By using this site you agree to our use of cookies. You can learn more about our use of cookies and similar technologies and your choices by reviewing our Privacy Policy. By clicking “I agree” you agree to our use of cookies and similar technologies.
DOJ Has Issued New Compliance Guidance. Now What?
What to Make of the US Justice Department’s Significant Compliance Guidance Updates
On September 23, 2024, the U.S. Department of Justice (“DOJ”) released updates to its Evaluation of Corporate Compliance Programs (“ECCP”) guidance. In a move that surprised no one (especially if companies have been reading DOJ’s tea leaves[1]), the updated guidance integrates and incorporates artificial intelligence (“AI”) and other emerging technologies. While the updated guidance maintains its core focus on designing and implementing a risk-based compliance program, these updates suggest in the strongest terms yet that managing the impact of technology on an organization’s compliance risks, and separately leveraging the data that an organization creates and collects, should be among the core pillars.
Compliance practitioners know that DOJ’s ECCP guidance sets expectations for the practices an organization should have in place for a successful defense to reduce or eliminate enforcement penalties or other actions should it find itself under investigation for illegal or improper conduct. Along these lines, the guidance serves as a helpful tool for compliance practitioners to drive change and compliance culture in their company to obtain support for the adoption and implementation of compliance best practices.
Many areas of the guidance received updates, reflecting DOJ’s continually evolving analysis of the practices that result in a successful compliance program. Below is an overview of the most significant updates in the guidance and how in-house counsel and compliance officers should manage and address those updated expectations within your organization.
Emphasis on AI and Emerging Technologies
The updated DOJ corporate compliance guidance strongly emphasizes the importance of using AI and advanced technology in compliance programs:
Don’t Forget Data Compliance
While the AI-related updates are receiving most of the attention at the moment, organizations should equally prioritize understanding and addressing the data-related updates in the ECCP guidance:
There are several other areas of note that DOJ updated including additional guidance around the role of compliance in mergers and acquisitions and directives around how the company measures the effectiveness and success of its compliance program.
In a speech announcing the revised ECCP guidance, Deputy Assistant Attorney General Nicole M. Argentieri underscored the importance of robust compliance programs: “Companies are the first line of defense against corporate crime. And compliance professionals are charged with holding the line on compliance and good corporate culture.
We know how important it is for compliance programs to be robust and well-resourced and for compliance officers and their staff to be .”[2]
What Should You Do Next?
So, if you are a compliance, legal, or risk leader where should you go from here?
- Perform a technology audit, with a focus on AI, to understand and mitigate the compliance risks they create;
- Expand your data assessments to include the type of business data created and that compliance can use to improve its assessment of risk, as well as assessing the type of data compliance collects and how it can be leveraged by compliance to improve compliance risk assessment decisions;
- Ensure that your company has a merger and acquisitions process where compliance issues and risks drive post-transaction resource allocation and integration oversight strategy (this, of course, is in addition to a comprehensive post-transaction enterprise risk assessment); and
- Create a strategy to regularly measure the effectiveness of your compliance program, including periodically engaging a third-party to assess and verify its effectiveness and success.
Engaging with a compliance expert, like Guidepost, can be highly beneficial for your organization. Compliance experts bring a wealth of knowledge and experience in navigating complex regulatory landscapes, ensuring that your company adheres to all relevant laws and regulations. This not only helps in avoiding costly fines and legal issues but also enhances your company’s reputation and trustworthiness in the market.
Moreover, compliance experts can provide valuable insights and guidance on best practices, helping your organization to implement effective compliance programs and policies. This proactive approach can lead to improved operational efficiency, reduced risk, and a stronger overall governance framework.
[1] See Deputy Attorney General Lisa Monaco’s March 2024 remarks announcing that prosecutors would begin considering how companies mitigate the risk of misusing artificial intelligence. https://www.justice.gov/opa/speech/deputy-attorney-general-lisa-monaco-delivers-keynote-remarks-american-bar-associations
[2] https://www.justice.gov/opa/speech/principal-deputy-assistant-attorney-general-nicole-m-argentieri-delivers-remarks-society
Allison Spagnolo CIPP
Chief Privacy Officer, Senior Managing Director
As Chief Privacy Officer and Senior Managing Director, Allison Spagnolo leads the Artificial Intelligence (AI) practice, ensuring governance and compliance for clients’ AI usage, and compliance engagements across sectors including financial institutions, healthcare, and government contractors. This includes reviewing anti-money laundering (AML) and sanctions (OFAC) issues for global banks and multi-national companies, as well as advising on financial crime compliance issues specific to cryptocurrency exchanges and Fintech companies. She has traveled extensively in Europe and Asia for the purpose of leading and conducting on-site inspections and reviews related to NYDFS and Federal Reserve monitorships, BSA/AML audits and other compliance matters.
Crystal R Jezierski
Senior Managing Director
Crystal R. Jezierski works with clients to manage governance and risk requirements and to design, implement, and lead compliance programs. Ms. Jezierski is a compliance expert and former compliance executive with 25 years of government and private sector experience. She has served as associate general counsel, assistant secretary for the U.S. Chamber of Commerce, senior vice president for Global Ethics at Walmart, a partner with the global law firm Baker McKenzie and as chief counsel for Oversight and Investigations with the Judiciary Committee of the U.S. House of Representatives.
InvestigationHotlines