On September 23, 2024, the Department of Justice (DOJ) updated its guidance on how prosecutors are supposed to evaluate the effectiveness of a company’s compliance program in the context of making prosecutorial decisions, including whether to proceed with a criminal case and sentencing recommendations. This is the latest update since March 2023 to the “Evaluation of Corporate Compliance Programs,” which was initially issued in 2017. The Guidance discusses such topics as compliance program design (risk assessments, policies and procedures, training and communications confidential reporting and internal investigations, managing third parties, and mergers and acquisitions); whether a compliance program isadequately resourced and empowered (management commitment, autonomy and resources, compensation and consequences tied to compliance); and whether a compliance program works in practice (continuous improvement, testing and review, investigation of misconduct, and remediation).
Noteworthy updates include:
- The use of AI and other technology to assist in risk assessments and mitigation (and preventing misuse of AI);
- Incorporating into policies, procedures, and training the lessons learned from other companies operating in the same industry and/or geographical region;
- Commitment to encouraging internal whistleblowing, including anti-retaliation policies;
- Incorporating new businesses into risk assessments and the integration of compliance programs;
- Comparing technology and resources committed to compliance to those committed to other aspects of the business; and
- Exercising due diligence and leveraging technology to prevent and detect criminal and other misconduct.
A comparison showing the updated September 2024 language is available here.