Prosecutors in the DOJ’s Criminal Division are watching how companies use technology like AI and whether they have adequately mitigated risks associated with it, Principal Deputy Assistant Attorney General Nicole Argentieri announced in a keynote address Sept. 23 at the Society of Corporate Compliance & Ethics’ 23rd annual Compliance & Ethics Institute.
In addition to formally addressing how the Criminal Division will approach companies’ use of AI, Argentieri outlined other changes to the division’s “Evaluation of Corporate Compliance Programs” guidance, the second update in about 18 months.
“Just as we expect corporations to continuously review and update their compliance programs to account for emerging risk factors, we regularly evaluate our policies and enforcement tools, including the ECCP, to account for changing circumstances and new risks,” said Argentieri, who was not present at the Dallas-area event but spoke live via video conference.
According to the ECCP update, prosecutors will review:
- The technology a company and its employees use to conduct business
- Whether the company has conducted a risk assessment regarding the technology’s use
- Whether the company has taken appropriate steps to mitigate risks associated with the technology’s use
She offered an example of prosecutors questioning whether a company left itself vulnerable to schemes enabled by emerging technologies, including false approvals and documentation, which can be generated at scale using AI. And, crucially, whether companies are testing technology to ensure it’s doing what was intended.
“We will consider whether compliance controls and tools are in place to identify and mitigate those risks, such as tools to confirm the accuracy or reliability of data used by the business,” Argentieri said.
She also touched on the importance of speak-up culture and warned that advanced data capabilities aren’t just for the finance function.
“We have added questions about whether compliance personnel have adequate access to relevant data sources and the assets, resources and technology that are available to compliance and risk management personnel,” Argentieri said. “As part of this assessment, we will also consider whether companies are putting the same resources and technology into gathering and leveraging data for compliance purposes that they are using in their business.”
In other words, a disparity in resource allocation may draw attention from the DOJ, Davis Polk partner Daniel Kahn said in a session the day after the ECCP updates were announced.
“What they are now saying is if you’re a company that is using artificial intelligence, we want to understand when there is a disparity in the resources being given to the business as opposed to in compliance.”
Updates to pilot programs
Argentieri also provided updates to a pair of ongoing DOJ initiatives on clawbacks and whistleblower incentives, as she encouraged companies to learn lessons from both their own past misconduct as well as issues at other companies.
Clawbacks & incentives
Since launching its three-year pilot program on clawbacks and incentives, the Criminal Division has included in nine corporate resolutions requirements that companies provide clear metrics “to reward compliance-promoting behavior and to deter misconduct,” wording that was included in some resolutions before the pilot program, which is about halfway through its run, but is now mandated in every resolution the division reaches.
Policies and procedures across Corporate America are changing as a result, Argentieri said.
“Early indications are that these innovations are changing corporate behavior,” she said. “For example, one company under agreement with the Criminal Division required consideration of adherence to compliance standards and reporting of misconduct in its annual reviews. As a result of these efforts, and a company-wide messaging campaign, the company is seeing more reports of potential compliance issues.”
In addition to requiring companies to detail their compensation structures, the pilot program also seeks to entice companies to clawback or withhold compensation in cases of misconduct by offering dramatic fine reductions.
For example, both Albemarle and SAP were able to secure fine reductions under the pilot program, with both companies facing allegations that they violated the Foreign Corrupt Practices Act (FCPA). Albemarle’s 45% reduction from the low end of the applicable penalty range is the highest percentage reduction to date, Argentieri said.
Whistleblower awards
Since it launched its own whistleblower pilot program at the beginning of August, the DOJ has received tips from more than 100 individuals, Argentieri reported.
The department’s program was created to fill gaps in whistleblower incentive programs at other federal agencies, covering four areas of white-collar enforcement not covered by other programs: abuse of the financial system by institutions or insiders, foreign corruption and bribery schemes, domestic corruption and healthcare schemes targeting private insurers.
Whistleblowers are encouraged not only to contact the department but to use internal channels as well.
“A whistleblower who makes an internal report at their company will be eligible for an award if they report to the department within 120 days of their internal report,” Argentieri said. “And critically, making an internal report before coming forward to the department is a factor that will increase the amount of a potential whistleblower award.”
The whistleblower pilot program is a boon not only to individuals but to companies as well, as they can earn bonus points — including up to the presumption of a declination — by timely self-reporting and remediating misconduct reported by an internal whistleblower.
‘A seat at the table’
In her address to the assembled group of compliance, risk and governance professionals, Argentieri repeatedly emphasized the impact such individuals can have on the fate of companies facing potential criminal prosecution by the DOJ.
With its recent updates to the ECCP — and even the presence of the ECCP altogether — DOJ has been regularly elevating the compliance profession and cementing its importance alongside business units, said Saul Ewing partner Joe Valenti.
“If a compliance failure occurs at a company that has gone all-out to invest in the best technology for business development but has skimped mightily on compliance personnel, software, training and auditing, DOJ seems more likely to disregard that compliance program as classic ‘window dressing’ instead of reducing any penalties.”
Indeed, Argentieri pointed to positive examples of doing the right thing (or making good-faith efforts to do so), including SAP, Albemarle and Boston Consulting Group (BCG), which in August received a DOJ declination over its conduct in Angola despite there being clear evidence of bribery. Timely disclosure and full cooperation were central to the department’s decision in the BCG case, Argentieri said.
Not all remediation efforts are created equal, however, and at the other end of the spectrum, Argentieri called out Trafigura, which received a 10% reduction for its cooperation and remediation, which Argentieri said was connected to failures to preserve and produce some evidence in a timely manner, for its posture during resolution negotiations and its mixed remediation efforts.
In any case, corporate leaders (not just compliance officers) would be wise to pay close attention to DOJ resolutions, she said.
“Through our resolutions, we seek to highlight what a company did, or failed to do, to get more or less credit for cooperation and remediation,” Argentieri said. “We do that to provide transparency and to guide other companies, and to make clear that we provide the greatest benefits to companies that act with urgency and truly go above and beyond.”
Ensuring compliance has a seat at the table is of critical importance, Argentieri said, and when companies do uncover misconduct, whether directly through the compliance program or not, it’s best to “call us before we call you.”