On September 23, 2024, the Criminal Division of the US Department of Justice (DOJ) announced the latest revision of its Evaluation of Corporate Compliance Programs (ECCP) since the previous update in March 2023.
Under these new revisions, companies should evaluate:
Emerging technology risks
- Assess risks of new tech, including AI
- Implement policies for governance, monitoring, and training
- Rigorous frameworks for ongoing risk management with regular review and update
Whistleblower incentives
- Promote and incentivize internal reporting, ensure anti-retaliation
- Maintain strong anti-retaliation policies and fair treatment for whistleblowers
Compliance resources & data access
- Ensure compliance functions have access to timely data and advances data analytics tools for identifying risks and measuring effectiveness
- Use data-driven insights to optimize compliance operations, track performance, and improve program efficiency
Learning from experience
- Update policies and training based on past misconduct, internal issues, and industry trends
- Regularly incorporate lessons learned into risk assessments and compliance programs
Post-M&A compliance integration
- Ensure compliance roles in due diligence and post transaction phases, including regular program evaluations and tailored training
CRA’s Forensic Services Practice regularly advises clients on complex regulatory compliance issues, including compliance program design and enhancement, compliance audits and assessments, and assistance with investigations related to alleged non-compliance. We invite you to reach out to continue the conversation.
