DOJ Wants Data-Savvy Compliance Departments

In a Sept. 23, 2024, speech, Principal Deputy Assistant Attorney General Nicole Argentieri announced changes in how the U.S. Department of Justice (DOJ) evaluates corporate compliance programs and updates as to other DOJ initiatives.[1] Of particular note, the DOJ expects compliance departments to use data analytics to strengthen their compliance programs, and to ensure that whistleblowing and self-reporting of employee misconduct are encouraged. These changes, and the others set forth below, are part of continuing efforts by prosecutors to empower and activate corporate compliance departments to prevent, detect, report and remediate misconduct, and that highlight the increased expectations placed on the corporate compliance function. 

Background

Although prosecutors approach each case individually, in recent years the DOJ has increasingly published and promoted various policies and frameworks that are designed to promote compliance with the federal laws, and to identify and root out wrongdoing. In February 2017, the Fraud Section of the DOJ’s Criminal Division first identified factors relevant for its Evaluation of Corporate Compliance Programs (ECCP). The ECCP sets forth the questions and factors that the DOJ will consider in evaluating corporate liability as part of its investigations, and Argentieri’s speech identified three modifications that are part of the DOJ’s most recent set of revisions.[2] 

ECCP Encourages Compliance Department’s Use of Data Analytics 

First, as to the ECCP, the DOJ announced a set of factors that examine the data resources available to corporate compliance programs. The ECCP now specifically asks if “compliance personnel have knowledge of and means to access all relevant data sources in a reasonably timely manner” and whether the company is “appropriately leveraging data analytics tools to create efficiencies in compliance operations and measure the effectiveness of components of compliance programs.” These changes underscore that there are a wealth of data and technology tools that can support compliance functions, and companies are expected to leverage them to deter and detect misconduct. Just as data has become an important asset or resource for the world’s biggest companies, the DOJ will presume that compliance officers have “the necessary [technological] resources to do their jobs” and that compliance departments in general have the same analytical tools and timely access to data as other business-facing functions. 

Second, the ECCP now includes an entirely new set of factors concerning whether companies are identifying and managing emerging risks relating to new technologies such as artificial intelligence. Argentieri specifically called out whether a company is “vulnerable to criminal schemes enabled by new technology, such as false approvals and documentation generated by AI.” Set against the backdrop of increasingly powerful and widely used AI applications, and DOJ prosecutions over the use of AI to spread disinformation on social media platforms[3], this change is yet another example of federal prosecutors expecting companies to keep up with emerging threats and new technology.   

Third, and consistent with the whistleblower updates below, the ECCP now explicitly evaluates corporate anti-retaliation policies and whether employees receive training on whistleblower protection laws. As part of encouraging whistleblowers to come forward, the DOJ will evaluate whether companies are doing enough to prevent retaliation and to make individuals feel comfortable reporting misconduct. The explicit addition of anti-retaliation policies to the ECCP is reason for companies to revisit their policies on this topic and ensure that they are consistent with these latest revisions.  

Argentieri Notes DOJ Success With Whistleblower and Compensation Programs

Argentieri also promoted the DOJ’s success thus far with its programs and policies for whistleblowers, corporate incentives and corporate self-disclosures. The DOJ’s Corporate Whistleblower Award (CWA) program has been operational for only a few weeks and is part of a trend among federal law enforcement agencies to use both carrots and sticks to encourage the reporting of misconduct both by whistleblowers and corporate compliance departments.[4] Argentieri touted that the DOJ has already received tips from over 100 individuals and noted that the CWA is structured to encourage internal whistleblowing before contacting the DOJ. 

Relatedly, the DOJ’s Corporate Enforcement and Voluntary Self-Disclosure policy provides that a company can presume to not be prosecuted if it receives an internal whistleblower report, reports the misconduct to the DOJ within 120 days and before the DOJ contacts the company, and properly cooperates and remediates. Argentieri noted that this incentive is a departure from the usual approach because it allows for a presumptive declination even if the whistleblower contacts the DOJ first. In contrast, Argentieri threatened that companies that retaliate against whistleblowers can “lose credit for cooperation and remediation and could face sentencing enhancements—and even prosecution—for obstruction of justice.” 

Concerning corporate responses to wrongdoing, Argentieri noted that the DOJ’s Compensation Incentives and Clawbacks program is in its third year, and identified examples where it is changing corporate behavior. The DOJ encourages companies to incorporate incentives for reporting misconduct in annual reviews and offers fine reductions to companies that recoup or withhold compensation from culpable employees and willfully blind managers. Argentieri identified companies that received benefits, including fine reductions, under these programs, and also a company that received limited cooperation credit because it failed to preserve evidence in the early stages of an investigation and its remediation was mixed. At bottom, the DOJ wants compliance departments to know about its new tools and incentive structures and all the ways that compliance programs can be strengthened.  

Takeaways

Argentieri’s speech confirms that expectations on corporate compliance departments have increased. The DOJ is unlikely to find that merely maintaining compliance policies and procedures and investigating potential misconduct when it comes up is enough. Among recent additions, compliance teams are expected to have access to up-to-date information about the functioning of the company based on sophisticated data analytics systems, encourage reporting, prevent retaliation, and build out compliance programs that respond to emerging technology and risks. Fortunately, technology can indeed help with these burdens, but companies should take note that increased budget, focus and creative thinking may be necessary to keep up with the DOJ’s efforts to raise the bar on corporate compliance obligations and standards. 

Contact any of the authors for more insight and information into these policy changes and their potential effect on your company. 

[1] https://www.justice.gov/opa/speech/principal-deputy-assistant-attorney-general-nicole-m-argentieri-delivers-remarks-society

[2] https://www.justice.gov/criminal/criminal-fraud/page/file/937501/dl

[3] https://www.justice.gov/opa/pr/justice-department-leads-efforts-among-federal-international-and-private-sector-partners

[4] https://briefings.brownrudnick.com/post/102iza0/new-sdny-whistleblower-program-encourages-individuals-to-report-financial-fraud