Update to the United States Department of Justice Guidance on the Evaluation of Corporate Compliance Programs
In September 2024, the United States Department of Justice (DOJ) released an update to its guidance on the Evaluation of Corporate Compliance Programs (ECCP). This document aims to provide prosecutors with guidance on investigating and assessing the effectiveness of organisations’ Corporate Compliance Programs, emphasising the need for strategies to adapt to the emerging technological and regulatory challenges of the 21st century.
The guidance is structured around three (3) fundamental questions that should guide the evaluation of Corporate Compliance Programs:
1. Is the corporation’s Compliance Program well designed?
2. Is the Program being applied earnestly and in good faith? In other words, is the Program adequately resourced and empowered to function effectively?
3. Does the corporation’s Compliance Program work in practice?
These questions seek to ensure that Corporate Compliance Programs are not merely symbolic but are integrated tangibly and effectively into the organisation’s structure. To that end, in the context of increasing disruptive innovation, one of the most relevant aspects of the update is the emphasis on the risks associated with emerging technologies, particularly artificial intelligence (hereinafter AI).
The updated guidance on the Evaluation of Corporate Compliance Programs highlights the importance of organisations implementing appropriate mechanisms to manage and mitigate the risks linked to these technologies. The DOJ suggests that Corporate Compliance Programs should include controls and policies to ensure the ethical and lawful use of technological tools, and that organisations should actively monitor the use of AI, demonstrating that they have assessed and managed associated risks.
Another key point of the update is the strengthening of whistleblowing mechanisms, indicating that organisations must provide training to their employees on both internal and external reporting systems (for example, governmental channels). Additionally, there is an emphasis on the need for effective anti-retaliation policies and the evaluation of how employees who report irregularities are treated.
Due diligence and the integration of Compliance into the mergers and acquisitions (M&A) processes is another area of interest in the update. The DOJ highlights the importance of implementing controls not only prior to acquisitions but also in post-acquisition audits and monitoring, ensuring the orderly integration of the acquired entity into the existing Corporate Compliance Programs and internal controls.
Finally, the DOJ underscores that an effective Corporate Compliance Programs must be dynamic, capable of adapting and evolving in the face of new risks and emerging technologies. The importance of continuous employee training is also highlighted, based on lessons learned from both internal incidents and those of other organisations.
In short, the DOJ update provides essential guidelines in the current context of technological disruption, and at Molins Defensa Penal we consider it crucial to integrate these global references when designing and implementing Corporate Compliance Programs. The United States is consolidating its position as one of the most advanced countries in terms of Compliance, and organisations wishing to expand or operate in the US, or establish business relationships with US organisations, must take these guidelines into account when implementing their Corporate Compliance Programs. Alignment with international standards, such as those proposed by the DOJ, is not only a key competitive advantage, but also a fundamental measure to mitigate legal and regulatory risks in an increasingly demanding global environment.