Businesses need to rethink their corporate compliance structure after the U.S. Department of Justice (“DOJ”) updated its Evaluation of Corporate Compliance Programs (“ECCP”) in September 2024. Prosecutors turn to the ECCP when conducting investigations, determining whether to bring charges, and negotiating plea agreements with corporations. The DOJ’s updates expand upon the March 2023 version, emphasizing a heightened awareness of evolving risks, such as advancements in technology like artificial intelligence (“AI”).
The DOJ’s latest update introduces significant changes that will impact companies' compliance strategies. Key areas of focus include:
1. Managing Risks Associated with AI:
The updated ECCP emphasizes the importance of assessing and mitigating risks related to emerging technologies, particularly AI. Companies are now expected to evaluate how AI affects their risk landscape and ensure that AI systems comply with legal and ethical standards. This includes demonstrating the company will have human oversight in AI-related decision-making to prevent potential compliance issues.
2. Enhancing Risk Management Processes:
Organizations are encouraged to adopt proactive and continuous risk assessment practices. This involves regularly reviewing and updating risk assessments to adapt to evolving market conditions, regulations, and technological advancements. Learning from past compliance failures, both within the organization and industry-wide, is now a critical expectation.
3. Integrating Compliance with Enterprise Risk Management (ERM):
The updated guidance calls for the integration of compliance functions into broader ERM efforts. Managing compliance risks alongside other business risks, such as financial or operational vulnerabilities, ensures a holistic view of the company's overall risk exposure.
4. Tailoring Compliance Training:
The DOJ now expects companies to provide targeted and effective compliance training programs to their employees. Such training should be relevant to specific employee roles, and companies should monitor engagement and evaluate the effect on employee performance.
These DOJ updates require companies to adopt a more proactive, integrated, and technology-aware approach to compliance. By aligning practices with these updates, businesses can mitigate potential risks and ensure compliance with the DOJ’s expectations.
Christen McGlynn is a member of the Masuda Funai Litigation Practice Group and would be happy to answer any questions you have regarding the ECCP or other corporate compliance issues. She can be reached at cmcglynn@masudafunai.com.
Masuda Funai is a full-service law firm with offices in Chicago, Detroit, Los Angeles, and Schaumburg.
©2025 Masuda, Funai, Eifert & Mitchell, Ltd. All rights reserved. This publication should not be construed as legal advice or legal opinion on any specific facts or circumstances. The contents are intended solely for informational purposes and you should not act or rely upon information contained herein without consulting a lawyer for advice. This publication may constitute Advertising Material.