Skip to content

Internet Explorer is no longer supported by this website.

For optimal browsing we recommend using Chrome, Firefox or Safari.

Client Alerts

DOJ Updates Corporate Compliance Programs Guidance

November 2024

Client Alerts

DOJ Updates Corporate Compliance Programs Guidance

November 2024

By Aaron Howell

On September 23, 2024, the Criminal Division of the United States Department of Justice (DOJ) announced updates to its Evaluation of Corporate Compliance Programs (ECCP).

The updates cover three areas of increased interest for the DOJ: (1) Whistleblower Protection and Encouragement; (2) Data Access for Company Compliance Programs; and (3) Artificial Intelligence Risk Mitigation.

The ECCP guidance serves as a roadmap for DOJ prosecutors to evaluate the quality and effectiveness of a company’s compliance program. The guidance helps DOJ prosecutors in determining whether and to what extent a company should be held accountable in connection with a criminal investigation. The ECCP is also a great reference for companies seeking guidance regarding the quality of their compliance programs.

Whistleblower Protection and Encouragement

Under the updated ECCP, DOJ prosecutors will evaluate company policies and training related to whistleblowers, with a focus on internal reporting systems and anti-retaliation policies. As of August 1, 2024, whistleblowers can now submit original information directly to the DOJ at: www.justice.gov/CorporateWhistleblower. Whistleblowers who report information to the DOJ about corporate misconduct and cooperate with the investigation are eligible to receive awards of up to 30% of the penalties collected from successful enforcement actions. The program widens the scope of corporate wrongdoing available for potential whistleblowers to include foreign and domestic corruption, healthcare fraud involving private insurers, and financial institution misconduct.

The increased incentives for whistleblowers to provide information directly to the DOJ along with the DOJ’s emphasis on DOJ prosecutors evaluating a company’s internal compliance programs underscores the need for companies to cultivate a culture of ethical behavior and to have strong internal compliance programs. Companies should be proactive in preparing for the possibility of whistleblower claims by maintaining effective reporting channels and providing training about company reporting and anti-retaliation policies. Companies should also be prepared to promptly conduct internal investigations related to complaints.

Data Access for Company Compliance Programs

DOJ prosecutors will consider whether a company’s compliance program has sufficient access to company data and data analytics to proactively identify misconduct and to monitor company policies and transactions.

The updated ECCP demonstrates the DOJ’s focus on whether a company’s compliance personnel have adequate access to necessary data to evaluate the effectiveness of the company’s compliance program. Necessary data includes, but is not limited to, information regarding the company’s past compliance issues, known issues of other companies in the same industry and geographic area, and financial data. DOJ prosecutors will look at whether the company allocates adequate resources to the company’s compliance program commensurate with the company’s operations.

Companies should self-assess their compliance programs through this lens. Companies must identify past compliance issues and take steps to ensure that the compliance programs have sufficient resources and access to data to properly inform compliance policies.

Artificial Intelligence Risk Mitigation

Under the updated ECCP, DOJ prosecutors will evaluate whether a company uses artificial intelligence (AI) to conduct business and whether the company has conducted risk assessments related to the use of AI. DOJ prosecutors will look at whether the company has policies and controls in place to monitor the use of AI to ensure compliance with federal criminal laws and whether the company has trained its employees on the use of AI.

The DOJ is interested in whether the company is vulnerable to criminal schemes enabled by AI, including fraud schemes and data breaches. The DOJ is clearly placing the burden on companies to develop robust policies and procedures to mitigate AI-fueled negative outcomes.

Conclusion

The DOJ’s Whistleblower Awards Pilot Program and updates to the ECCP signify DOJ’s heightened expectations for corporate compliance programs and provide valuable insight to companies as to what they should consider when evaluating and enhancing their compliance programs.

Companies should adapt quickly, taking steps to ensure that their compliance programs meet and exceed DOJ expectations.

ADDITIONAL INFORMATION

For more information, please contact:

This Client Alert has been prepared by Tucker Ellis LLP for the use of our clients. Although prepared by professionals, it should not be used as a substitute for legal counseling in specific situations. Readers should not act upon the information contained herein without professional guidance.

Authors

Related News

FTC Revamps Antitrust Clearance Process to Address Evolved Deal Practice

Tod Northman, Ryan D. Kray, published in Reuters Legal News, Westlaw Today More

Developing Your Company’s Generative AI Policy: Start With an Agile “5Ws” Framework

Arthur E. Mertes, published in Reuters Legal News, Westlaw Today More