DOJ Updates Evaluation of Corporate Compliance Programs: The Impact of Emerging Technologies

The U.S. Department of Justice (DOJ) recently updated its Evaluation of Corporate Compliance Programs, emphasizing the need for organizations to critically assess the effectiveness of their compliance programs. At the heart of this evaluation, the DOJ has maintained a framework centered around three key questions:

1. Is the program well-designed?
2. Is it applied in good faith?
3. Does the program work in practice?

These questions form the foundation of the DOJ's assessment of corporate compliance, guiding prosecutors in evaluating whether a company’s compliance program is sufficient to prevent and detect misconduct. However, the 2024 update places new emphasis on five crucial aspects:

1. Risks Associated With New and Emerging Technologies
2. Incentivizing and Protecting Whistleblowers
3. Access to Data and Resources for Compliance Functions
4. Incorporating Lessons Learned
5. Post-Transaction Compliance Integration in Mergers & Acquisitions

While each of these points is critical to maintaining a robust compliance program, the first—Risks Associated With New and Emerging Technologies—has taken center stage, given the rapid evolution of technological landscapes and the potential for these innovations to introduce new risks.

The Growing Challenge of Emerging Technology in Compliance

The DOJ’s focus on new and emerging technologies reflects the increasing complexity businesses face in today's digital world. The proliferation of technologies such as artificial intelligence (AI), machine learning, blockchain, and automation brings about both opportunities and challenges. While these tools can significantly enhance operational efficiency, they also introduce unprecedented compliance risks. Here’s how this updated guidance affects organizations:

1. Emerging Technology and Compliance Risks

The DOJ recognizes that emerging technologies present unique risks that must be identified, assessed, and mitigated. These risks can arise from several areas:

• AI Decision-Making: AI systems are increasingly used for decision-making in areas such as hiring, performance management, and even risk assessments. However, the opacity of some AI systems, often referred to as "black box" algorithms, can create risks related to unintentional bias, discriminatory practices, and lack of transparency in decision-making processes.
• Data Privacy: The collection, storage, and use of personal data by new technologies must comply with data protection regulations such as the General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA) in the U.S. Failure to comply can expose companies to significant legal and reputational risks.
• Cybersecurity Threats: The rise of cyber threats and data breaches is exacerbated by the growing use of cloud services, remote work technologies, and interconnected devices (IoT). Companies must ensure that their compliance programs include robust cybersecurity policies and regular assessments to mitigate these risks.

2. Ensuring Technological Accountability

The DOJ stresses that companies must demonstrate accountability when implementing new technologies. This includes ensuring that compliance teams have a thorough understanding of the technologies being deployed and the risks associated with their use. Organizations should have processes in place for:

• Ongoing Monitoring and Auditing: Compliance teams must actively monitor the use of emerging technologies to detect any potential violations or ethical concerns. Regular audits and assessments should be built into the compliance framework to ensure that technology is being used in alignment with both legal and ethical standards.
• Training and Awareness: Employees, particularly those in decision-making roles involving technology, must receive training on the potential compliance risks associated with AI, machine learning, and other emerging technologies. This includes understanding how to interpret and act on technology-driven insights while remaining compliant with the law.

?

Carlos E. Landazabal is an international lawyer and compliance expert with over 20 years of experience in global compliance, investigations, and anti-bribery initiatives across the Oil & Gas, energy, FMCG and aviation industries. He has held leadership roles in multinational corporations, Connect with Carlos on LinkedIn.