ARTICLE
14 November 2024

Artificial Intelligence: DOJ Update To The Evaluation Of Corporate Compliance Programs

AC
Ankura Consulting Group LLC

Contributor

Ankura Consulting Group, LLC is an independent global expert services and advisory firm that delivers end-to-end solutions to help clients at critical inflection points related to conflict, crisis, performance, risk, strategy, and transformation. Ankura consists of more than 1,800 professionals and has served 3,000+ clients across 55 countries. Collaborative lateral thinking, hard-earned experience, and multidisciplinary capabilities drive results and Ankura is unrivalled in its ability to assist clients to Protect, Create, and Recover Value. For more information, please visit, ankura.com.
On Sept. 23, the U.S. Department of Justice (DOJ) updated its Evaluation of Corporate Compliance Programs (ECCP) guidance document for prosecutors...
United States Technology

On Sept. 23, the U.S. Department of Justice (DOJ) updated its Evaluation of Corporate Compliance Programs (ECCP)1 guidance document for prosecutors to consider the impact of emerging artificial intelligence (AI) technology on a company's compliance program structure. Originally published in 2017, the ECCP outlines elements that prosecutors should consider when evaluating the effectiveness of a company's compliance program when facing criminal enforcement.

A highlight from the updated evaluation placed importance on ensuring that companies maintain appropriate compliance policies in an age when rapid AI development and implementation remain largely unregulated for companies.2 The ECCP encourages prosecutors in their investigation of companies' compliance programs to assess whether a company has implemented the appropriate technology, governance, and safeguards to minimize risks, as well as considering the potential long-term ethical consequences of new AI technology. The ECCP urged prosecutors to consider the following questions:

Conscious Development and Governance Continuous Risk Monitoring Long-term Impact Assessments
  • What is the company's approach to governance regarding the use of new technologies such as AI in its commercial business and compliance program?
  • What baseline of human decision-making is used to assess AI? How is accountability over use of AI monitored and enforced?
  • How does the company train its employees on the use of emerging technologies such as AI?
  • Is management of risks related to the use of AI and other new technologies integrated into broader enterprise risk management (ERM) strategies?
  • To the extent that the company uses AI and similar technologies in its business or as part of its compliance program, are controls in place to monitor and ensure its trustworthiness, reliability, and use in compliance with applicable law and the company's code of conduct?
  • Do controls exist to ensure the technology is used only for its intended purposes?
  • How is the company curbing any potential negative or unintended consequences resulting from the use of technologies, both in its commercial business and in its compliance program?
  • How is the company mitigating the potential for deliberate or reckless misuse of technologies, including by company insiders?

How Does the ECCP Impact Your Company?

Whether you are a company that has already embedded AI into its daily practice or a company that is still contemplating the use of AI, it is imperative to ensure your company has the appropriate technology and security infrastructure, policies, procedures, and data requirements in a manner that maintains the safety, privacy, and integrity of customer data. A few considerations for companies looking to implement or enhance their current AI use include:

Governance and Monitoring

  • Setting and enforcing clear guidelines, policies, and procedures for the development, implementation, and monitoring of AI technology.
  • Ensuring that the appropriate leadership is involved in critical and ethical decision-making processes.
  • Educating internal and external stakeholders on ethical considerations and risks associated with AI use.

Structuring Data

  • Developing data models that train AI using accurate, diverse, and non-biased models to enhance customer trust.
  • Ensuring that AI models have the capability to handle growing datasets and evolve to customer needs while maintaining data integrity.

Risk Reduction

  • Routinely identifying and evaluating data privacy concerns, biased algorithms, malicious actors, and other types of misuse in AI use and developing effective mitigation strategies.
  • Adjusting compliance program requirements as international, federal, and state AI regulations continue to emerge and fluctuate depending on changing regulatory landscapes and new technologies.
  • Performing periodic monitoring and auditing of AI systems to identify compliance issues, track performance, and ensure adherence to established policies and procedures.

Now is the time to ensure that internal compliance controls are enforced as future non-compliance with AI regulations can cost your company financial and criminal penalties and a loss of business integrity.

What Do You Need To Do?

To stay ahead of the ever-changing and complex rules in AI compliance, companies need to proactively conduct regular risk assessments, monitor evolving federal and state regulations, implement robust data governance practices, prioritize transparency and explainability in their AI systems, actively address potential bias in algorithms, and develop comprehensive policies and procedures for responsible AI development and deployment, including human oversight mechanisms.

Seeking guidance from professionals to navigate these complex compliance needs can ensure that your company engages in AI technology using the most knowledgeable and safe measures, leading to time-saving and cost-efficient benefits.

Footnotes

1. U.S. Department of Justice Criminal Division, "U.S. Department of Justice Criminal Division Evaluation of Corporate Compliance Programs (Updated September 2024)" (September 22, 2024), https://www.justice.gov/criminal/criminal-fraud/page/file/937501.

2. White & Case, "AI Watch: Global regulatory tracker - United States" (May 13, 2024), https://www.whitecase.com/insight-our-thinking/ai-watch-global-regulatory-tracker-united-states#:~:text=Laws%2FRegulations%20directly%20regulating%20AI,AI%20albeit%20with%20limited%20application.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More