On Sept. 23, the U.S. Department of Justice (DOJ) updated its Evaluation of Corporate Compliance Programs (ECCP)1 guidance document for prosecutors to consider the impact of emerging artificial intelligence (AI) technology on a company's compliance program structure. Originally published in 2017, the ECCP outlines elements that prosecutors should consider when evaluating the effectiveness of a company's compliance program when facing criminal enforcement.
A highlight from the updated evaluation placed importance on ensuring that companies maintain appropriate compliance policies in an age when rapid AI development and implementation remain largely unregulated for companies.2 The ECCP encourages prosecutors in their investigation of companies' compliance programs to assess whether a company has implemented the appropriate technology, governance, and safeguards to minimize risks, as well as considering the potential long-term ethical consequences of new AI technology. The ECCP urged prosecutors to consider the following questions:
Conscious Development and Governance | Continuous Risk Monitoring | Long-term Impact Assessments |
---|---|---|
|
|
|
How Does the ECCP Impact Your Company?
Whether you are a company that has already embedded AI into its daily practice or a company that is still contemplating the use of AI, it is imperative to ensure your company has the appropriate technology and security infrastructure, policies, procedures, and data requirements in a manner that maintains the safety, privacy, and integrity of customer data. A few considerations for companies looking to implement or enhance their current AI use include:
Governance and Monitoring
- Setting and enforcing clear guidelines, policies, and procedures for the development, implementation, and monitoring of AI technology.
- Ensuring that the appropriate leadership is involved in critical and ethical decision-making processes.
- Educating internal and external stakeholders on ethical considerations and risks associated with AI use.
Structuring Data
- Developing data models that train AI using accurate, diverse, and non-biased models to enhance customer trust.
- Ensuring that AI models have the capability to handle growing datasets and evolve to customer needs while maintaining data integrity.
Risk Reduction
- Routinely identifying and evaluating data privacy concerns, biased algorithms, malicious actors, and other types of misuse in AI use and developing effective mitigation strategies.
- Adjusting compliance program requirements as international, federal, and state AI regulations continue to emerge and fluctuate depending on changing regulatory landscapes and new technologies.
- Performing periodic monitoring and auditing of AI systems to identify compliance issues, track performance, and ensure adherence to established policies and procedures.
Now is the time to ensure that internal compliance controls are enforced as future non-compliance with AI regulations can cost your company financial and criminal penalties and a loss of business integrity.
What Do You Need To Do?
To stay ahead of the ever-changing and complex rules in AI compliance, companies need to proactively conduct regular risk assessments, monitor evolving federal and state regulations, implement robust data governance practices, prioritize transparency and explainability in their AI systems, actively address potential bias in algorithms, and develop comprehensive policies and procedures for responsible AI development and deployment, including human oversight mechanisms.
Seeking guidance from professionals to navigate these complex compliance needs can ensure that your company engages in AI technology using the most knowledgeable and safe measures, leading to time-saving and cost-efficient benefits.
Footnotes
1. U.S. Department of Justice Criminal Division, "U.S. Department of Justice Criminal Division Evaluation of Corporate Compliance Programs (Updated September 2024)" (September 22, 2024), https://www.justice.gov/criminal/criminal-fraud/page/file/937501.
2. White & Case, "AI Watch: Global regulatory tracker - United States" (May 13, 2024), https://www.whitecase.com/insight-our-thinking/ai-watch-global-regulatory-tracker-united-states#:~:text=Laws%2FRegulations%20directly%20regulating%20AI,AI%20albeit%20with%20limited%20application.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.