Introduction

The U.S. Department of Justice (DOJ) has taken significant steps to address corporate compliance in the age of emerging technologies. Recent updates to the Evaluation of Corporate Compliance Programs (ECCP), issued on September 23, 2024, direct federal prosecutors to scrutinize how companies manage risks associated with artificial intelligence (AI) and other new technologies.

These changes reflect the DOJ’s intensified focus on preventing the misuse of AI in criminal schemes and ensuring companies use their technological capabilities to enhance compliance programs. The ECCP revisions have broad implications for businesses, particularly those operating in regulated sectors such as healthcare, finance, and government contracting.

In March 2024, Deputy Attorney General Lisa Monaco delivered keynote remarks at the American Bar Association’s 39th National Institute on White Collar Crime, emphasizing the Department of Justice's commitment to holding both individuals and corporations accountable for misconduct. She highlighted the importance of identifying serious wrongdoers and focusing the Department's full energy on ensuring they face consequences, thereby promoting fairness, driving deterrence, and fostering respect for the rule of law.

Key Updates to the ECCP

1. Safeguards Against Technology-Related Risks

The DOJ’s revised ECCP outlines new criteria for evaluating whether companies effectively manage risks associated with emerging technologies, including AI. Prosecutors will consider the following questions:

• Does the company have processes for identifying and managing internal and external risks from new technologies?

• How does the company assess the impact of AI on its ability to comply with criminal laws?

• Is the management of AI risks integrated into the company’s broader enterprise risk management (ERM) strategies?

• What governance measures exist to oversee the use of new technologies in business operations and compliance programs?

• How does the company address unintended or negative consequences from AI deployment?

• Are controls in place to prevent deliberate or reckless misuse of AI, both internally and externally?

• Does the company have a baseline of human oversight and decision-making to monitor AI applications?

These questions emphasize the DOJ’s expectation that companies safeguard against AI-related risks while leveraging the technology responsibly.

2. Leveraging Technology for Compliance

The DOJ also encourages companies to utilize data analytics tools and other resources to strengthen their compliance programs. The updated ECCP focuses on the integration of data into compliance operations, with prosecutors assessing:

• Whether compliance personnel have access to data systems needed to monitor compliance effectively.

• How the company manages the quality and accuracy of its data sources.

• Whether the company measures the effectiveness of its compliance efforts using data analytics tools.

Companies are expected to allocate adequate resources to their compliance programs, ensuring they are proportionate to the company’s use of technology in other business areas.

Implications for Businesses

1. Emerging Technologies Pose New Risks

The DOJ is signaling that fraud involving AI or other emerging technologies will be treated as seriously as any other fraudulent activity. Businesses using AI in their operations must ensure their compliance programs are robust enough to mitigate risks of misuse, including AI-generated documentation, deepfakes, and insider abuse.

2. Compliance Programs Under Greater Scrutiny

The revised ECCP confirms that DOJ will evaluate compliance programs based on their ability to proactively address technological risks. Companies must demonstrate they are:

• Integrating technology risk management into enterprise strategies.

• Providing compliance personnel with the tools and data necessary to monitor compliance effectively.

3. Strengthened Role of In-House Counsel

In-house legal teams have a critical role to play in reviewing and updating corporate compliance policies to meet DOJ’s expectations. The ECCP can serve as a valuable resource for aligning compliance programs with DOJ’s priorities.

Takeaways for MZLS Clients

Businesses operating in Virginia, Washington, D.C., Puerto Rico, and across the federal spectrum must assess how these DOJ updates affect their compliance obligations. Key actions include:

• Reviewing Compliance Programs: Evaluate whether your compliance program incorporates safeguards against AI misuse and other technology-related risks.

• Updating Governance Structures: Ensure oversight processes for AI and emerging technologies are aligned with enterprise risk management strategies.

• Leveraging Data for Compliance: Implement data analytics tools to enhance monitoring, reporting, and risk mitigation efforts.

How MZLS Can Help

At MZLS, we understand the complexities of managing compliance in today’s rapidly evolving regulatory environment. Our experienced attorneys provide strategic guidance to help businesses comply with DOJ’s updated ECCP requirements and mitigate risks associated with emerging technologies like AI.

We offer:

• Compliance Program Audits: Comprehensive reviews to ensure your compliance policies meet DOJ standards.

• Technology Risk Mitigation: Tailored strategies to address risks posed by AI and other new technologies.

• Data Analytics Integration: Assistance in leveraging data tools to enhance compliance monitoring and effectiveness.

• Regulatory Advisory Services: Guidance on aligning your business practices with federal and state regulations.

With offices in Puerto Rico, Virginia, and Washington, D.C., MZLS is uniquely positioned to assist clients operating in both federal and regional markets.

Contact Us Today

If you have questions about the DOJ’s updated ECCP or need assistance strengthening your compliance program, contact MZLS today. Our team is ready to help you navigate the challenges of managing emerging risks while ensuring your business stays compliant.

Schedule a consultation online or visit us in-person at one of our offices.