by Bethany Hengsbach and Steve Solow
In a speech at the Program on Corporate Compliance and Enforcement at NYU School of Law, Nicole Argentieri, Acting Assistant Attorney General of the Criminal Division, announced key revisions to the March 2023 Evaluation of Corporate Compliance Programs (ECCP). The September 17, 2024 speech was followed by the release of the updated ECCP on the DOJ website. The revised ECCP converts leading edge compliance efforts into standard operating procedures (SOPs) against which companies will be judged by the Department of Justice (DOJ) when making prosecution decisions. The primary changes include three new areas of focus, and a fourth important expansion of a pre-existing idea:
- AI: Has the company mitigated risks of the misuse of AI, and has the company sought to use AI to mitigate its own risks of non-compliance?
- Whistleblowers: In keeping with DOJ’s emphasis on whistleblowing and whistleblower awards, what concrete efforts can be shown that increase the likelihood of employees’ willingness to speak up and report misconduct? Conversely, DOJ will look to see if there are ways that a company has reduced the likelihood of having a “speak up culture.”
- Data and Resources: The new ECCP creates the expectation that companies will push data and resources into their compliance efforts. Presumably tied to the above focus on AI, the government expects to see creative, risk-based efforts to use resources and technology for compliance at comparable levels as those being used to enhance business efforts and increase revenues.
- Incorporating Lessons Learned: DOJ notes that companies will be judged not only on what they do, but on what they have learned from their own shortcomings and from the shortcomings of other companies. DOJ will expect to see evidence that the company has incorporated those lessons learned into their compliance efforts.
These changes fit into the increasing sophistication DOJ brings to the analysis of compliance. This includes a focus on culture, and consideration of prior compliance failures across the totality of compliance obligations, as set forth in a 2022 talk at NYU by Deputy Attorney General Lisa Monaco.
Long gone are the days when a company could come to DOJ armed with information about how they have met the seven factors for compliance found in Chapter 8 of the US Sentencing Guidelines, or even the guidance contained in the original ECCP. Now there are the added expectations above, including that compliance programs cast a wider net to identify and learn from compliance shortcomings, including those of their competitors.
Bethany Hengsbach is Managing Director of Global Corporate Compliance at Affiliated Monitors, Inc. (AMI). Steve Solow is Principal of Solow, PLLC and Managing Director of Global Compliance and Corporate Culture at Affiliated Monitors, Inc. (AMI). This post first appeared as a client alert for Solow, PLLC.
The views, opinions and positions expressed within all posts are those of the author(s) alone and do not represent those of the Program on Corporate Compliance and Enforcement (PCCE) or of the New York University School of Law. PCCE makes no representations as to the accuracy, completeness and validity or any statements made on this site and will not be liable any errors, omissions or representations. The copyright of this content belongs to the author(s) and any liability with regards to infringement of intellectual property rights remains with the author(s).