Updated Guidelines for Evaluation of Corporate Compliance Programs With Focus on AI and Analytics

November 4, 2024

Updated Guidelines for Evaluation of Corporate Compliance Programs With Focus on AI and Analytics

The U.S. Department of Justice (DOJ) Criminal Division recently updated its Evaluation of Corporate Compliance Programs (ECCP) guidance, emphasizing corporate safeguards around emerging technologies, particularly artificial intelligence (AI). 

According to an article by Holland & Knight, this revision, effective September 23, 2024, reflects the DOJ’s focus on ensuring companies implement safeguards to prevent deliberate or reckless misuse of AI that could breach laws or company policies. The ECCP sets out criteria for prosecutors to evaluate corporate compliance programs, influencing prosecutorial decisions on potential charges, penalties, and compliance obligations.

The article highlights key updates that address risk management related to new technologies. Prosecutors are now instructed to assess whether a company has established processes to identify and manage risks tied to AI and other technologies, integrated these risk assessments into broader enterprise risk management (ERM), and implemented governance protocols. Additional focus areas include mechanisms for monitoring AI use, ensuring compliance, limiting unintended misuse, and training employees on proper technology use.

The Evaluation of Corporate Compliance Programs also adds criteria around data analytics. Prosecutors are directed to evaluate whether compliance teams have access to relevant data systems and whether companies leverage data analytics effectively. This includes assessing data quality, accuracy, and model performance to improve compliance monitoring and operational efficiency.

The article notes that this revision signals the DOJ’s expectation that companies actively manage AI risks and grant compliance teams the data resources needed to enforce compliance. Deputy US Attorney General Lisa Monaco underscored the DOJ’s stance: “Fraud using AI is still fraud,” reinforcing that companies must rigorously address compliance in AI-driven operations.

Critical intelligence for general counsel

Stay on top of the latest news, solutions and best practices by reading Daily Updates from Today's General Counsel.

Daily Updates

Sign up for our free daily newsletter for the latest news and business legal developments.

Scroll to Top