Tag: Nicole Argentieri

Categories
Compliance and AI

Compliance and AI: Demystifying AI Integration in Compliance: Insights from the DOJ

What is the role of Artificial Intelligence in compliance? What about Machine Learning? Are you using ChatGPT? These questions are but three of the many we will explore in this cutting-edge podcast series, Compliance and AI, hosted by Tom Fox, the award-winning Voice of Compliance. In this episode, Tom reflects on recent DOJ speeches on AI and the 2024 ECCP revisions concerning AI and compliance.

Tom discusses Deputy Assistant Attorney General Nicole Argentieri’s September speech and the 2024 Evaluation of Corporate Compliance Programs (ECCP). He also unpacks how compliance professionals are expected to manage AI-related risks rigorously. He offers actionable steps, such as conducting comprehensive risk assessments, implementing robust compliance controls, and ensuring ongoing monitoring and employee training. This episode is essential listening for compliance professionals aiming to stay ahead of AI-related challenges and align with the DOJ’s latest expectations.

Key highlights:

  • DOJ’s New Approach to AI in Compliance
  • Steps to Align Compliance Programs with DOJ Expectations
  • 2024 ECCP: Key Questions for Compliance Professionals
  • Proactive Strategies for Managing AI Risks

Resources:

For additional information check out the FCPA Compliance and Ethics Blog.

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

Navigating the DOJ’s Complex Whistleblower Landscape: Key Insights for Compliance Professionals

The Department of Justice (DOJ) recently launched its Corporate Whistleblower Awards Pilot Program to tackle corporate misconduct under various laws. However, unlike the structured and familiar whistleblower frameworks of the SEC and CFTC, the DOJ’s approach has introduced a more fragmented system. Compliance professionals and company executives must prepare for the unique challenges and opportunities this evolving regulatory landscape presents. In a recent Law360 article, Navigating DOJ’s Patchwork Whistleblower Regime authors Patrick Campbell, Jonathan New, and Jimmy Nguyen explored these frameworks. Based on their article, I want to explore what compliance professionals need to know about the DOJ’s new whistleblower regime, the associated pilot programs, and practical steps to bolster your compliance program in light of this shift.

DOJ’s New Whistleblower Programs: A Patchwork Approach

Over the last year, the DOJ’s Criminal Division and several U.S. Attorney’s Offices have introduced several pilot programs, each designed to encourage individuals to report corporate misconduct in exchange for monetary rewards, Deferred Prosecution Agreements (DPAs) or Non-Prosecution Agreements (NPAs). These initiatives build on DOJ’s previous decade-long efforts to foster self-reporting and corporate accountability through clear compliance guidelines and structured voluntary disclosure policies. But this time, the DOJ has opted for a diverse, patchwork system of whistleblower programs instead of a unified framework.

The DOJ’s new whistleblower regime is primarily split into two types of programs:

  1. Monetary Awards Program. Launched on August 1, the Main Justice Pilot Program offers financial rewards for whistleblowers who come forward with information about specific types of corporate misconduct. The program focuses on financial crimes, foreign and domestic corruption, and healthcare fraud targeting private insurers.
  2. NPA Programs. Several U.S. Attorney’s Offices are more focused on granting leniency to whistleblowers who disclose information, even if they had a role in the misconduct. However, the specifics vary across different U.S. Attorney’s Offices, making it difficult for individuals and companies to anticipate how these programs will apply in practice.

Key Components of the DOJ’s Monetary Awards Program

The Pilot Program, which closely resembles the whistleblower programs of the SEC and CFTC, is designed to reward whistleblowers with up to 30% of forfeited proceeds for the first $100 million and 5% for amounts up to $500 million. To qualify, the information provided must:

  • This led to a successful enforcement action with over $1 million in net forfeiture proceeds.
  • Involve original information—meaning information independently obtained and not derived from public sources.
  • Be reported voluntarily and without a preexisting legal obligation to report.

To further incentivize individuals, the DOJ has clarified that any company retaliating against whistleblowers risks losing its cooperation credit and could face additional charges for obstruction of justice. Moreover, the DOJ amended its corporate enforcement policy, giving companies a 120-day window to self-report misconduct raised by an internal whistleblower before DOJ intervention.

U.S. Attorney’s Offices’ Programs: Encouraging Cooperation from Insiders

The U.S. Attorney’s Office’s whistleblower programs are aimed at insiders who may be involved in misconduct, providing them with an opportunity for leniency in exchange for cooperation. However, these programs vary significantly by jurisdiction. For instance, some offices exclude Foreign Corrupt Practices Act (FCPA) violations, while others include specific offenses relevant to their dockets, like intellectual property theft in Northern California and healthcare provider crimes in New Jersey.

This variation means that companies and whistleblowers need to understand the specific requirements of each U.S. attorney’s office program to maximize their eligibility and cooperation credit potential. While individuals can gain leniency for cooperating, the program’s qualifying factors—such as whether the whistleblower’s actions were voluntary and original—make it essential for companies to encourage internal reporting systems.

Implications of a Fragmented Whistleblower Framework

Unlike the SEC’s uniform and straightforward whistleblower program, the DOJ’s approach brings potential confusion. The variability across the DOJ and U.S. attorney’s offices creates a complex decision-making process for whistleblowers and their counsel, particularly when determining which office to approach and under which program. This lack of clarity may impact the quality and volume of tips the DOJ receives, as potential whistleblowers may hesitate due to perceived ambiguity in eligibility criteria, confidentiality protections, and financial award guarantees.

What This Means for Companies and Compliance Programs

While the DOJ’s whistleblower regime may seem daunting, it also significantly emphasizes voluntary disclosure and corporate accountability. Companies would be wise to address the DOJ’s renewed focus on whistleblowers proactively.

Here are several practical steps that compliance professionals should consider:

  1. Strengthen Internal Reporting Channels. Ensure that employees feel comfortable reporting potential misconduct internally without fear of retaliation. Employees should know they have a safe, reliable method for voicing concerns and that their reports will be taken seriously. Develop clear policies and protections for whistleblowers, as retaliation can cost a company valuable cooperation credit.
  2. Promptly Investigate Reports. DOJ’s policy now includes a 120-day grace period for self-reporting misconduct discovered through internal whistleblower channels. This means companies must prioritize timely investigations and decisions on whether to self-report to the DOJ, especially for conduct that could fall under the whistleblower programs’ target areas.
  3. Update Compliance Training Programs. Employees should be informed of their role in supporting the company’s compliance framework, particularly regarding ethical reporting. Conduct regular training on your whistleblower policies, emphasizing the importance of truthfulness, internal reporting channels, and the protections against retaliation. Training should be targeted, effective, and engaging.
  4. Incentivize Ethical Behavior. Compliance should be more than just an annual checkbox exercise. Companies must incentivize employees to uphold ethical standards by incorporating compliance criteria into performance reviews, compensation structures, and promotion decisions. This strongly conveys that ethical conduct is a priority and will be rewarded.
  5. Establish a Self-Disclosure Protocol. Given the DOJ’s new initiatives, companies need a clear process for evaluating whether and when to self-disclose misconduct to qualify for leniency. Ensure your compliance team is equipped to make quick assessments, especially for serious misconduct that may lead to forfeiture or prosecution.
  6. Align with DOJ Expectations on Compliance Programs. The DOJ’s 2024 Update to the Evaluation of Corporate Compliance Programs stressed the importance of having robust, responsive compliance structures that support a culture of ethical behavior. Companies should benchmark the number and nature of internal reports received, the speed of investigations, and corrective actions against publicly available data to assess their program’s effectiveness.

Looking Ahead: The DOJ’s Expanding Whistleblower Framework

The DOJ’s whistleblower regime is still evolving, with many current programs designated “pilots.” However, with U.S. attorney’s offices adopting new programs rapidly, we’ll likely see further developments, including more offices launching their versions of whistleblower awards and NPA initiatives. For companies, this means a sustained focus on compliance practices that support transparency, encourage reporting, and prioritize swift, decisive responses to misconduct.

Principal Deputy Assistant Attorney General Nicole Argentieri recently noted that the DOJ’s “tip line is open,” a clear message to compliance leaders that the agency is leveraging every available tool to uncover corporate misconduct. This heightened regulatory scrutiny means companies must ensure compliance programs meet DOJ standards and actively encourage a speak-up culture.

Final Thoughts: Navigating the New Whistleblower Regime

The DOJ’s fragmented whistleblower framework challenges companies, whistleblowers, and compliance teams. Nevertheless, these programs underscore the DOJ’s commitment to rooting out corporate misconduct through increased reliance on whistleblowers and internal disclosures. Compliance professionals play a critical role in this environment, as companies must have the right systems in place to respond promptly to reports of misconduct, protect whistleblowers, and, when necessary, self-report to the DOJ within the stipulated timeframe.

In this evolving regulatory landscape, companies must remain vigilant, ensuring that their compliance programs are robust, responsive, and capable of supporting a culture that values ethical conduct. By aligning internal practices with the DOJ’s expectations, companies can better navigate the complexities of the new whistleblower regime and position themselves for success in an increasingly scrutinized business environment.

Categories
Blog

Supporting Whistleblowers: Lessons from Lon Chaney’s The Wolfman

Ed. Note: This week, leading up to Halloween, I will examine lessons for compliance professionals through the lens of the great Universal Movie Monsters: Frankenstein, Wolfman, Dracula, and The Mummy. Today, we use Lon Chaney’s original film version of The Wolfman. 

===========================================================

Of all the great Universal movie monsters, my favorite is found in the 1941 film The Wolfman. Lon Chaney’s portrayal of Larry Talbot offers more than just a classic horror story about a man who becomes a werewolf. It’s a tale of isolation, fear, and a struggle for survival in the face of an overwhelming and terrifying transformation. In short, it is the most psychological of all the Universal movie monsters. Much like a corporate whistleblower, Talbot finds himself caught in a situation where the truth is a burden, and no one wants to listen. Instead of being understood and supported, he is feared, rejected, and left to fend for himself.

For compliance professionals, The Wolfman provides a vivid metaphor for the journey of whistleblowers. Whistleblowers often find themselves isolated, facing potential retaliation, and struggling to navigate the consequences of their decision to report wrongdoing. In this post, we’ll explore how to create a culture that encourages whistleblowers to come forward, keeps them informed throughout the process, and protects them from retaliation, all through the lens of The Wolfman. We will also assess the 2024 Evaluation of Corporate Compliance Programs (2024 ECCP) and Nicole Argentieri’s commentary on these issues.

Creating a Safe Space: Encouraging Whistleblowers to Come Forward

In The Wolfman, Larry Talbot is plagued by the knowledge of his transformation, but he finds no one willing to help or believe him. He is trapped in his new reality, just as whistleblowers can feel trapped by the knowledge of corporate misconduct. The first step in supporting whistleblowers is creating an environment where they feel safe and encouraged to speak up.

The 2024 ECCP underscores the importance of building a culture where employees feel empowered to raise concerns without fear. It emphasizes the need for companies to proactively encourage internal reporting mechanisms, making it clear that the company values integrity and transparency. Compliance professionals must ensure that reporting channels are available, actively promoted, and trusted.

In her commentary on the 2024 ECCP, Nicole Argentieri highlights that one key element in encouraging whistleblowers is leadership’s tone from the top. Executives and senior management must demonstrate a commitment to ethical behavior, ensuring that whistleblowing is accepted and valued. Whistleblowers need to know that their reports will be taken seriously and their concerns will be addressed.

Talbot’s cries for help go unheard in The Wolfman, leading to disastrous consequences. In the corporate world, businesses must avoid this fate by ensuring whistleblowers are not ignored or dismissed. The 2024 ECCP recommends that companies provide multiple, accessible channels for reporting, including anonymous options so that employees feel comfortable coming forward regardless of their circumstances.

Transparency Throughout the Process: Keeping Whistleblowers Informed

Just as Larry Talbot struggles with the unknown and is left in the dark about his fate, whistleblowers often find themselves cut off after making a report. They may need clarification about what’s happening with their complaint, whether it’s being investigated, and the next steps. This lack of communication can discourage future whistleblowers and lead to feelings of abandonment.

The 2024 ECCP stresses the importance of maintaining open lines of communication with whistleblowers throughout the investigation process. Once a report has been made, it is critical to keep whistleblowers informed about the status of their complaint. This does not mean sharing sensitive investigation details but providing regular updates so that the whistleblower knows their concerns are being taken seriously.

Argentieri has echoed this sentiment, noting that one of the most common frustrations whistleblowers face is a lack of transparency after they come forward. She argues that compliance teams must ensure whistleblowers are not wondering what will happen next. A well-managed whistleblower program includes clear communication protocols that keep whistleblowers engaged and reassured.

In The Wolfman, Talbot’s inability to find answers drives him to despair. Businesses must avoid this by ensuring whistleblowers feel supported and heard throughout the process. Compliance officers should regularly touch base with whistleblowers, letting them know that their concerns are being addressed, that their identity is being protected and that appropriate actions are being taken.

Protection from Retaliation: Safeguarding Whistleblowers

One of the central themes in The Wolfman is Larry Talbot’s fear of being hunted and rejected. Similarly, whistleblowers often fear retaliation, whether in the form of termination, demotion, or ostracization. Protecting whistleblowers from retaliation is a legal obligation and a moral imperative that helps foster a culture of compliance and trust.

The 2024 ECCP strongly emphasizes retaliation protections. It advises that companies must have robust policies to prevent retaliation and provide clear avenues for whistleblowers to report any retaliatory behavior. This means more than just having a policy on paper—compliance teams must actively enforce these protections and monitor for any signs of retaliation.

Nicole Argentieri has weighed in on this issue, noting that while many companies claim anti-retaliation policies, enforcement can be lacking. She emphasizes the need for companies to create a system of checks and balances to ensure that retaliation does not occur, particularly in the form of subtle, indirect actions that might otherwise go unnoticed. Retaliation doesn’t always come as a formal firing—it can be a change in duties, exclusion from meetings, or a negative shift in workplace relationships.

In The Wolfman, Talbot becomes a hunted figure, chased down by those who fear and misunderstand him. In the corporate world, whistleblowers must never feel like they are being hunted or targeted for their decision to report misconduct. The ECCP advises companies to protect whistleblowers and offer additional support services, such as counseling, if needed, to help them navigate the emotional strain of coming forward.

Building a Culture of Trust and Integrity

The most important lesson from The Wolfman is the need for trust. Larry Talbot finds himself abandoned and isolated because the people around him refuse to trust his warnings. A strong compliance program must avoid this trap by building a culture of trust and integrity. Employees need to believe that they will be treated fairly, protected, and supported if they come forward with a report.

The 2024 ECCP highlights that trust is the foundation of a successful compliance program. Companies must work to build an environment where whistleblowers are seen as vital contributors to the company’s ethical health. This includes recognizing the courage it takes to come forward and offering praise or acknowledgment for whistleblowers who help protect the company from greater risks.

Argentieri has noted that companies should integrate their whistleblower programs into the broader corporate culture, making whistleblowing a routine and accepted part of the business rather than an extraordinary act of bravery. This normalization of whistleblowing helps to remove the stigma and encourages more employees to speak up when they see something wrong.

Creating a Supportive Whistleblower Program

The Wolfman offers us a powerful analogy for the journey of whistleblowers within a company. Like Larry Talbot, whistleblowers often face fear, isolation, and a lack of support. However, the lessons from The Wolfman, coupled with the guidance from the 2024 ECCP and Nicole Argentieri’s commentary, provide a roadmap for how companies can create a more supportive environment for whistleblowers.

Encouraging whistleblowers starts with creating a culture where employees feel safe and empowered to report misconduct. Keeping them informed throughout the process is essential for maintaining their trust and confidence. Finally, protecting whistleblowers from retaliation ensures that they—and others—continue to feel comfortable raising concerns.

By building a robust and transparent whistleblower program, compliance professionals can help their organizations navigate the complexities of corporate risk, protect their employees, and safeguard the company’s reputation. In doing so, they avoid the tragic fate of The Wolfman and create an environment where the truth is not a burden but a pathway to a stronger, more ethical company.

Join us tomorrow for our final consideration of compliance through the classic Universal Movie Monsters lens as we consider corporate culture and Boris Karloff’s version of The Mummy.

Categories
Blog

When New Business Risks Emerge: Lessons for Compliance from The Creature from the Black Lagoon

Ed. Note: This week, leading up to Halloween, I will examine lessons for compliance professionals through the lens of the great Universal Movie Monsters: Frankenstein, Wolfman, Dracula, and The Mummy. Today, we consider what compliance needs to do when new business risks emerge through the lens of the 1954 monster movie classic The Creature from the Black Lagoon. 

============================================================

We move from the 1930s to the 1950s to look at the classic horror film The Creature from the Black Lagoon. In this movie, a team of scientists stumbles upon an uncharted and dangerous lagoon in the Amazon rainforest, only to discover the terrifying Gill-man. What starts as a routine scientific expedition quickly becomes a struggle for survival as the group faces an unexpected threat from an unknown entity. As compliance professionals, this scenario is an apt metaphor for when new business risks emerge or your business model changes unexpectedly.

The film offers valuable lessons on preparedness, adaptability, and vigilance in the face of the unknown lessons echoed in the latest guidance from the 2024 Evaluation of Corporate Compliance Programs(2024 ECCP) and commentary from industry experts like Nicole Argentieri. In this post, we will explore what *The Creature from the Black Lagoon* teaches us about managing new business risks, assess the 2024 ECCP’s guidance on this issue, and consider how Principal Deputy Assistant Attorney General Lisa Argentieri’s views on the 2024 ECCP further inform our approach to compliance in a changing business landscape.

Identifying the Uncharted Waters: Recognizing New Risks

The scientists in The Creature from the Black Lagoon ventured into unknown territory, unaware of the dangers lurking beneath the surface. Similarly, when a business undergoes a shift in its business model, whether through entering new markets, launching new products, or facing changes in regulatory environments, new risks can emerge that were previously uncharted. The first step in managing these risks is recognizing them.

The 2024 ECCP stresses the importance of continuously assessing and identifying new risks as part of an effective compliance program. The ECCP notes that businesses should engage in ongoing risk assessments, particularly when significant changes in business operations occur. Compliance officers must have a mechanism to detect these changes early and respond accordingly.

Nicole Argentieri emphasizes this point, highlighting the need for businesses to be proactive rather than reactive. In her commentary on the ECCP, Argentieri notes that one of the key elements of a robust compliance program is its ability to evolve with the business. Companies must quickly recalibrate their risk assessments and compliance strategies when new risks appear. As the film illustrates, failing to anticipate or identify new threats can leave you vulnerable, just as the scientists were unprepared for the dangers in the lagoon.

 Assessing the Threat: The Need for a Swift and Comprehensive Risk Evaluation

Once the scientists in the film realize that the Gill-man is a threat, they must quickly reassess their entire situation. In the corporate world, the appearance of a new risk demands a similar response: swift and comprehensive evaluation. Businesses must assess the immediate risk and its broader implications on the company’s operations, reputation, and compliance obligations.

The 2024 ECCP strongly emphasizes the need for businesses to adapt their risk assessments to reflect changes in operations or the external environment. Whether the company is expanding into a new geographic area, introducing new products, or dealing with changing regulations, the risk landscape will shift. Compliance officers must ensure their risk management frameworks are flexible enough to incorporate these new threats.

Argentieri has noted that when new risks emerge, companies must act swiftly to integrate them into their compliance programs. This involves conducting fresh risk assessments and ensuring that any changes in the business model are reflected in compliance policies, training, and monitoring systems. Like the characters in the film, who adapt their strategies as they learn more about the Gill-man, compliance teams must evolve their strategies based on a full understanding of the new risk landscape.

Adapting Your Strategy: Revising Policies, Procedures, and Controls

The central characters in The Creature from the Black Lagoon must quickly adapt their approach to survive. Similarly, when new business risks arise, compliance officers must reevaluate and adjust existing policies, procedures, and internal controls. The 2024 ECCP clearly states that policies and controls should not remain static. Instead, they must be revised to reflect the changing nature of business operations and risks.

When your business model changes, you cannot assume that your existing compliance framework will continue to be effective. For example, expanding into new geographic regions may introduce new risks related to anti-bribery and corruption (ABAC), data privacy, or supply chain integrity. New product offerings bring consumer protection, product safety, or intellectual property risks to the forefront. The ECCP recommends reviewing and updating your internal controls, third-party risk management processes, and compliance training to ensure that all aspects of your compliance program remain relevant.

Argentieri’s analysis of the 2024 ECCP reinforces this point. She has argued that businesses must build dynamic and agile compliance programs. The compliance function should be involved in key decision-making processes as the business grows and changes. When new risks emerge, the compliance department must be ready to overhaul procedures and policies swiftly. This could mean expanding due diligence efforts, revising conflict-of-interest policies, or rolling out new training programs to address the specific nature of the risk.

Vigilance and Monitoring: Ongoing Risk Management

In The Creature from the Black Lagoon, the characters must always stay vigilant to avoid the creature’s attacks. When new risks emerge, businesses must maintain a heightened level of vigilance through ongoing monitoring and testing of their compliance programs. The 2024 ECCP underscores the importance of regular monitoring to ensure compliance programs work as intended, especially in the face of new business risks.

The ECCP recommends incorporating data analytics and other technological tools to monitor compliance activities in real-time. For example, if your business is expanding into new regions, you may want to enhance monitoring of third-party relationships in those areas to ensure compliance with local laws and regulations. Continuous monitoring allows businesses to spot emerging risks early and respond before they become critical issues.

Argentieri has highlighted the need for compliance professionals to stay engaged with the business as it evolves. She suggests that compliance officers must work closely with business leaders to understand the company’s strategic direction and anticipate new risks before they fully materialize. Compliance professionals can avoid potential threats by actively participating in business discussions and decision-making and adjusting their monitoring programs accordingly.

Training and Communication: Keeping Everyone in the Loop

In the film, survival depends on everyone being aware of the danger and working together to manage it. Similarly, once new risks have been identified, ensuring that all employees, from the C-suite to the front lines, are informed and equipped to handle them is essential. The 2024 ECCP stresses the importance of communication and training as key components of an effective compliance program, especially when new risks are introduced.

When a business model changes or a new risk emerges, compliance officers must update training programs to reflect these developments. Employees should understand the nature of the new risks and how to navigate them within the company’s compliance framework. Regular communication from leadership about the importance of compliance and the role employees play in managing risk is critical for building a culture of compliance.

Argentieri has noted that training should be tailored to address the risks that have arisen. For example, if a company is entering a market with heightened anti-corruption risks, the compliance training should focus on identifying red flags for bribery and navigating local regulatory requirements. Just as the characters in The Creature from the Black Lagoon needed to work as a team to survive, businesses must ensure everyone is on the same page when managing new risks.

The lessons from The Creature from the Black Lagoon offer valuable insights for today’s compliance professionals. When faced with new and unforeseen threats, quickly adapting and responding is crucial for survival. The 2024 ECCP reinforces this need for agility, emphasizing the importance of ongoing risk assessments, the revision of policies and procedures, and vigilant monitoring.

Nicole Argentieri’s commentary on the ECCP provides further guidance, urging companies to build compliance programs that can evolve in real-time with the business. Just as the characters in the film had to adapt to survive, compliance officers must ensure their programs are flexible enough to respond to new risks and changing business models. By staying alert, adapting quickly, and fostering a culture of compliance, businesses can navigate uncharted waters and emerge stronger on the other side.

Join us tomorrow, where we will consider the 1954 movie version of The Creature from the Black Lagoon and how companies must assess and manage new and emerging risks.

Categories
Compliance and AI

Compliance and AI: Navigating AI Compliance: The EC Gang Reviews The 2024 ECCP

What is the role of Artificial Intelligence in compliance? What about Machine Learning? Are you using ChatGPT? These questions are but three of the many questions we will explore in this cutting-edge podcast series, Compliance and AI, hosted by Tom Fox, the award-winning Voice of Compliance.

In this episode, Matt Kelly leads the Everything Compliance quartet of Susan Divers, Jonathan Marks, Karen Moore and Tom Fox through a look at Compliance and AI from the prism of the 2024 Evaluation of Corporate Compliance Programs (ECCP).

Kelly examines the complexities of integrating artificial intelligence into corporate compliance frameworks, highlighting the DOJ’s recent guidance on managing AI risks as laid out in the 2024 ECCP. In Deputy Attorney General Nicole Argentieri’s SCCE speech, she noted the overlooked AI risks and compliance requirements and emphasized the need for businesses to assess both internal AI applications and external threats from malicious uses by scammers or fraudsters.

The gang then delved into the dual aspect of AI risk—its creation and reception—and underlining the importance of comprehensive risk assessment and control measures in AI deployment, such as developing bug bounty programs and ensuring anti-fraud mechanisms are robust. We explored the role of compliance officers in AI oversight, focusing on the challenges in governing AI-generated decisions compared to human actions. With various insights on the legal and operational aspects of AI compliance, the discussion urges companies to evaluate the implications of AI use, both in risk management and ethical execution.

Key Highlights:

  • Understanding AI Risks
  • Compliance Guidelines for AI
  • AI in Fraud Prevention
  • Challenges in AI Oversight
  • Compliance Officers and AI
  • Model Validation and AI

Resources:

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Compliance Tip of the Day

Compliance Tip of the Day: Highlights from Argentieri Speech

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law.

Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

Today, we look at the key highlights for compliance professionals from the recent speech by Nicole Argentieri announcing the 2024 Update to the Evaluation of Corporate Compliance Programs.

Categories
Blog

Argentieri on the DOJ’s Corporate Whistleblower Awards Pilot Program

The Department of Justice (DOJ) recently unveiled the Corporate Whistleblower Awards Pilot Program (CWA) to bolster corporate enforcement efforts. Although the program has only been operational for a few weeks, it has already started receiving promising tips. This initiative reflects a strategic effort by the DOJ to harness financial incentives in the fight against white-collar crime, offering new opportunities for whistleblowers and reshaping the landscape of corporate compliance.

In her recent speech at the Society of Corporate Compliance and Ethics 23rd Annual Compliance & Ethics Institute. Principal Deputy Assistant Attorney General Nicole M. Argentieri spoke about the CWA and reviewed its early developments. (A copy of her remarks can be found here.) There was also updated information on the DOJ approach to whistleblowers and anti-retaliation found in the 2024 Update to the Evaluation of Corporate Compliance Programs (2024 ECCP). This new language found in the 2024 ECCP will be the subject of a separate blog post.

Why Whistleblower Programs Matter

Argentieri noted that whistleblower programs have a proven track record of success. Programs at other agencies, such as the Securities and Exchange Commission (SEC), have led to thousands of tips and hundreds of millions of dollars in awards and have been instrumental in holding wrongdoers accountable. However, these existing programs do not cover the full spectrum of white-collar and corporate crime that the DOJ prosecutes. The CWA was designed to fill these critical gaps.

The CWA targets four priority areas not currently covered by other whistleblower programs: abuses of the financial system by financial institutions and insiders, foreign corruption and bribery schemes, domestic corruption, and health care schemes targeting private insurers. Importantly, the program is not limited to these categories. If a whistleblower has information about misconduct outside of these areas, the DOJ is still interested in hearing from them.

Encouraging Internal Reporting and Enhancing Corporate Compliance

Interestingly, Argentieri believes one of the CWA’s most innovative aspects is its focus on encouraging internal reporting. Whistleblowers who first report internally within their companies will be eligible for an award if they report to the DOJ within 120 days of their internal report. Furthermore, making an internal report before coming forward to the DOJ is a factor that will increase the potential whistleblower award.

This approach serves a dual purpose. It incentivizes employees to utilize internal reporting mechanisms, reinforcing the importance of strong internal compliance programs. At the same time, it creates a powerful incentive for companies to take internal reports seriously and to act swiftly in response to potential misconduct.

For companies, the stakes are high. The DOJ has clarified that the CWA will alter the calculus when considering whether to make a voluntary self-disclosure. Alongside the whistleblower program, the DOJ amended its Corporate Enforcement and Voluntary Self-Disclosure Policy (CEP). Under this amendment, if a company receives an internal whistleblower report and then reports the misconduct to the DOJ within 120 days—before the DOJ reaches out to the company—it will be eligible for the greatest benefit under the CEP: a presumption of a declination provided the company fully cooperates and remediates. This is a significant departure from the usual approach, as it allows a company to qualify for a declination even if the whistleblower comes to the DOJ first.

Protecting Whistleblowers: A Priority for the DOJ

The DOJ’s whistleblower program is about receiving tips and protecting those who come forward. The DOJ is fully committed to safeguarding whistleblowers’ identities to the fullest extent allowable under the law. Moreover, the DOJ will closely monitor any actions against whistleblowers who report misconduct internally. Compliance departments play a crucial role in this process by implementing robust anti-retaliation policies and training employees on these protections.

Under the 2024 ECCP, the DOJ will scrutinize a company’s commitment to whistleblower protection and the promotion of a “speak-up” culture. Companies retaliating against whistleblowers risk losing credit for cooperation and remediation and could face severe consequences, including sentencing enhancements and even prosecution for obstruction of justice.

Early Successes and Corporate Lessons

Argentieri said the CWA is already off to a strong start, with over 100 tips received in just a few weeks. If these whistleblowers also report internally, as the program incentivizes, companies must take their reports seriously and consider coming forward to the DOJ.

Turning to recent corporate resolutions, the DOJ’s approach to recognizing and rewarding cooperation and remediation is instructive. A prime example is the recent declination granted to Boston Consulting Group (BCG) under the CEP. BCG’s timely and voluntary self-disclosure of a potential FCPA violation and its complete and proactive cooperation led to the DOJ’s decision to decline prosecution. BCG’s remediation efforts were particularly noteworthy, including the termination of personnel involved in the misconduct and the imposition of compensation-based penalties, such as requiring certain partners to forfeit their equity and withholding bonuses.

On the other hand, SAP, mentioned earlier, earned a 40% reduction in its criminal penalty—near the maximum reduction available for companies that do not voluntarily self-disclose. SAP’s proactive cooperation began shortly after news reports surfaced, and its swift remediation, including disciplining responsible employees and enhancing its compliance program, was critical in earning this reduction.

In contrast, Trafigura received only a 10% reduction for cooperation and remediation. The company’s delayed preservation and production of evidence and a posture during resolution negotiations that caused significant delays limited its cooperation credit. Moreover, Trafigura’s remediation efforts were mixed, as it was slow to discipline certain employees, further diminishing its potential credit.

The Takeaways for Compliance Officers

The lessons from these cases and the CWA are clear for compliance professionals. First, fostering a strong internal reporting culture is crucial. Companies encouraging internal whistleblowing and acting swiftly on these reports are better positioned to benefit from DOJ policies like the CEP. Second, the importance of proactive and thorough cooperation must be considered. Companies that fully cooperate and remediate—going above and beyond in their efforts—stand to receive significant benefits in any DOJ investigation.

Finally, the CWA emphasizes the need for robust whistleblower protections. Compliance departments must implement, actively promote, and enforce policies that protect whistleblowers from retaliation. The DOJ is watching closely, and companies that fail to protect their whistleblowers will face serious consequences.

A New Era of Corporate Accountability

The launch of the Corporate Whistleblower Awards Pilot Program marks a new era in corporate accountability. By leveraging financial incentives and protecting those who come forward, the DOJ is creating a powerful tool for combating white-collar crime. For companies, the message is clear: invest in strong compliance programs, encourage internal reporting, and act decisively on misconduct. Doing so aligns with ethical business practices and positions the company to achieve the most favorable outcomes in any DOJ investigation. As the CWA continues to gain traction, compliance professionals will play a critical role in guiding their organizations through this evolving landscape, ensuring they remain on the right side of the law and public trust.

Categories
Blog

The Argentieri Speech: Mid-Point Reflections on the DOJ’s Compensation Clawback Pilot Program

Principal Deputy Assistant Attorney General Nicole M. Argentieri spoke at the Society of Corporate Compliance and Ethics 23rd Annual Compliance & Ethics Institute. ( A copy of her remarks can be found here.) She reiterated the long-stated policy that compliance professionals play a critical role in ensuring companies comply with the law and foster a culture of ethics and integrity. She noted that the Department of Justice (DOJ) has made it clear that companies are the first line of defense against corporate crime, and compliance officers are on the front lines of this defense. The 2024 update to the DOJ’s Evaluation of Corporate Compliance Programs (ECCP) and the introduction of new pilot programs in 2024 underscored the increasing importance of the roles of compliance professionals. This blog post will review her remarks on the DOJ Compensation Incentives and Clawbacks Pilot Program (Clawbacks Program).

The Early Impact: Changing Corporate Behavior

Argentieri believes that early indications suggest these innovations are changing corporate behavior. One notable example comes from a company under agreement with the Criminal Division that required adherence to compliance standards and reporting misconduct as part of its annual performance reviews. Coupled with a company-wide messaging campaign, these efforts have increased reporting of potential compliance issues—a clear sign that employees are responding to the new incentives.

Moreover, the DOJ has observed companies integrating assessments of how employees demonstrate core values into their performance reviews. For example, one company now evaluates employees across categories such as individual and team performance, goal accomplishment, and demonstration of core values. These metrics are then factored into both compensation and promotion decisions. This approach reinforces the importance of ethical behavior and embeds compliance into the fabric of corporate culture.

Dual Pillars of the Clawbacks Program

The program is built on two foundational pillars. The first involves mandating that every corporate resolution under the Criminal Division’s supervision include compliance-related criteria in its compensation and bonus systems. This mandate compels companies to establish metrics that reward compliance-promoting behavior and deter misconduct. While similar language has been included in some corporate resolutions, the pilot program has made it a requirement in every Criminal Division resolution since its inception. So far, this requirement has been incorporated into nine corporate resolutions spanning five industries: tech, finance, crypto, manufacturing, and energy.

This shift is a formality and a strategic realignment in how companies approach compensation. By linking financial incentives to ethical behavior, these nine companies set a precedent for others in their industries. They align compensation with financial performance and the broader goal of conducting business ethically. This is a significant move, one that has the potential to set a new tone across the marketplace.

The Second Pillar: Fine Reductions for Financial Accountability

The second part of the Clawbacks Program offers a tangible incentive for companies to hold individuals financially accountable for misconduct. Specifically, companies that recoup or withhold compensation from culpable employees—or those who had supervisory authority and were aware of or willfully blind to the misconduct—are eligible for a fine reduction. The reduction is equal to the amount of the withheld compensation, reflecting the DOJ’s commitment to promoting financial accountability as a cornerstone of corporate compliance.

Argentieri reviewed the two companies that have benefited from this aspect of the clawbacks program; both come from Foreign Corrupt Practices Act (FCPA) enforcement actions. Albemarle, for instance, implemented procedures to freeze future bonuses for those suspected of misconduct, those who directly oversaw employees involved in misconduct, or those who ignored red flags. As a result, Albemarle received a reduction in its criminal monetary penalty equal to the amount of the withheld bonuses. In recognition of its substantial cooperation and significant remediation efforts, Albemarle also received a 45% reduction from the low end of the applicable penalty range—the highest percentage reduction to date.

Similarly, SAP withheld compensation from culpable employees and defended this decision through litigation, reinforcing the message that misconduct would have individual financial consequences. SAP’s actions not only earned the company a fine reduction equal to the amount of the withheld compensation but also played a critical role in the DOJ’s decision to grant a 40% reduction in its overall fine.

Lessons for Compliance Professionals: The Power of Financial Incentives

The lessons from the DOJ’s clawbacks pilot program are clear and compelling for compliance professionals. First, integrating compliance into compensation structures is a powerful tool for driving ethical behavior and deterring misconduct. Companies that make compliance a critical factor in determining compensation send a strong message to their employees: engaging in ethical behavior is not just encouraged but essential for business success.

Second, the importance of financial accountability must be balanced. The DOJ’s willingness to reduce fines for companies that recoup compensation from culpable employees highlights the agency’s commitment to holding individuals responsible for their actions. This aspect of the pilot program is particularly significant as it underscores the role of individual accountability in fostering a strong culture of compliance.

Finally, continuous evaluation is key. The DOJ is urging companies to regularly assess the effectiveness of their compliance-linked compensation systems, seek feedback, and make necessary adjustments. This iterative process ensures compliance metrics remain relevant and effective, allowing companies to stay ahead of emerging risks and maintain a robust compliance culture.

As we move towards the second half of the DOJ’s pilot program, the early successes in promoting compliance through compensation-linked incentives and financial accountability are setting the stage for a new era in corporate governance. The evidence so far suggests that this approach is feasible and effective in driving meaningful change in corporate behavior.

For those in the compliance profession, this is a pivotal moment. Integrating compliance into compensation and emphasizing financial accountability are significant advancements in corporate ethics and governance. It’s an opportunity to champion these changes within your organization and to be part of a broader movement that aligns financial success with ethical business practices.

In the long run, this pilot program’s true test will be its enduring impact on corporate behavior. But if the early indicators are anything to go by, we are witnessing the beginning of a new chapter in compliance—one where doing the right thing is not just the ethical choice but also the smart one.

Categories
Data Driven Compliance

Data-Driven Compliance: The DOJ Mandate on Transforming Compliance Through Data Analytics and AI with Vince Walden

Are you struggling to keep up with the ever-changing compliance programs in your business? Look no further than the award-winning Data Driven Compliance podcast, hosted by Tom Fox, is a podcast featuring an in-depth conversation around the uses of data and data analytics in compliance programs. Data Driven Compliance is back with another exciting episode. Today, Vince Walden, founder of KonaAI, the sponsor of this podcast, returns to talk about the recent speech by Nicole Argentieri and the release of the 2024 Update to the Evaluation of Corporate Compliance Programs (ECCP).

Walden shares insights from the Nicole Argentieri’s keynote and ECCP update, emphasizing the DOJ’s focus on data access in compliance. We explore the importance of utilizing both compliance and business data for effective fraud and risk management. Walden underscores the necessity for compliance professionals to collaborate with internal audit and finance departments, advocating for a risk-based approach to data analytics and continuous controls monitoring. The discussion also delves into leveraging AI and machine learning to improve compliance efficacy and overall business operations, arguing for the proportional allocation of resources to match the company’s sophistication level.

Key Highlights:

  • DOJ’s Focus on Data Access
  • Understanding Compliance Data Analytics
  • Training Compliance Officers on Data
  • Implementing Continuous Controls Monitoring
  • Cost Savings and ROI in Compliance
  • Proportionate Resource Allocation
  • Documentation and Transparency

Resources:

Vince Walden on LinkedIn

KonaAI

Tom Fox 

Connect with me on the following sites:

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

Argentieri Speech and 2024 ECCP: Argentieri on Navigating AI Risks

Deputy Assistant Attorney General Nicole M. Argentieri’s speech highlighted a critical shift in the Department of Justice’s (DOJ) approach to evaluating corporate compliance programs. As outlined in the updated 2024 Evaluation of Corporate Compliance Programs (2024 ECCP), the emphasis on data access signals a new era where compliance professionals are expected to wield data with the same rigor and sophistication as their business counterparts. This week, I am reviewing the speech and 2024 ECCP. Over the next couple of blog posts, I will look at the most significant addition, that around AI. Today, I will review Argentieri’s remarks to see what she has said. Tomorrow, I will dive deeply into the new areas in the 2024 ECCP around new technologies such as Artificial Intelligence (AI).

In her remarks, Argentieri said, “First, … Our updated ECCP includes an evaluation of how companies assess and manage risk related to using new technology such as artificial intelligence in their business and compliance programs. Under the ECCP, prosecutors will consider the technology that a company and its employees use to conduct business, whether the company has conducted a risk assessment of using that technology, and whether the company has taken appropriate steps to mitigate any associated risk. For example, prosecutors will consider whether the company is vulnerable to criminal schemes enabled by new technology, such as false approvals and documentation generated by AI. If so, we will consider whether compliance controls and tools are in place to identify and mitigate those risks, such as tools to confirm the accuracy or reliability of data the business uses. We also want to know whether the company monitors and tests its technology to evaluate its functioning as intended and consistent with its code of conduct.”

Argentieri emphasizes the importance of managing risks associated with disruptive technologies like AI. These updates signal a clear directive for compliance professionals: you must take a proactive stance on AI risk management. You can take the following steps to align your compliance program with the DOJ’s latest expectations.

Conduct a Comprehensive Risk Assessment of AI Technologies

The first step in meeting the DOJ is to thoroughly assess the risks that AI and other disruptive technologies pose to your organization.

  • Identify AI Use Cases. Start by mapping out where AI is being used across your business operations. This could include everything from automated decision-making processes to AI-driven data analytics. Understanding the scope of AI use is essential for identifying potential risk areas.
  • Evaluate Vulnerabilities. Once you have a clear picture of how AI is utilized, conduct a detailed risk assessment. Look for vulnerabilities, such as the potential for AI to generate false approvals or fraudulent documentation. Consider scenarios where AI could be manipulated or fail to perform as expected, leading to compliance breaches or unethical outcomes.
  • Prioritize Risks. Not all risks are created equal. Prioritize them based on their potential impact on your business and the likelihood of occurrence. This prioritization will guide the allocation of resources and the development of mitigation strategies.

Implement Robust Compliance Controls and Tools

Once risks have been identified, the next step is to ensure that your compliance program includes strong controls and tools specifically designed to manage AI-related risks.

  • Develop AI-Specific Controls. Traditional compliance controls may not be sufficient to address AI’s unique challenges. Develop or adapt controls to monitor AI-generated outputs, ensuring accuracy and consistency with company policies. This might include cross-referencing AI decisions with manual checks or implementing algorithms that flag unusual patterns for further review.
  • Invest in AI-Compliance Tools. Specialized tools are available that can help compliance teams monitor AI systems and detect potential issues. Invest in these tools to enhance your ability to identify and mitigate AI-related risks. These tools should be capable of real-time monitoring and provide insights into the functioning of AI systems, including the accuracy and reliability of the data they generate.
  • Regular Testing and Validation. AI systems should not be a set-it-and-forget-it solution. Regularly test and validate your AI tools to ensure they function as intended. This should include stress testing under different scenarios to identify any weaknesses or biases in the system. The DOJ expects your company to implement AI and rigorously monitor its performance and alignment with your compliance objectives.

Monitor, Evaluate, and Adapt

AI technology and its associated risks constantly evolve, so your compliance program must be flexible and responsive.

  • Ongoing Monitoring. Continuously monitor AI systems’ performance to ensure they align with your company’s code of conduct and compliance requirements. This involves technical monitoring and assessing the ethical implications of AI decisions.
  • Adapt to New Risks. As AI technology advances, new risks will emerge. Stay informed about the latest developments in AI and disruptive technologies, and be ready to adapt your compliance program accordingly. This may involve updating risk assessments, enhancing controls, or revising your company’s overall approach to AI.
  • Engage with Technology Experts. Compliance professionals should work closely with IT and AI experts to stay ahead of potential risks. This collaboration is crucial for understanding the technical nuances of AI and ensuring that compliance strategies are technically sound and effectively implemented.

Ensure Alignment with the Company’s Code of Conduct

Finally, all AI initiatives must follow your code of conduct and ethical standards.

  • Training and Awareness. Ensure that all employees, particularly those involved in AI development and deployment, are trained on the ethical implications of AI and the company’s code of conduct. This training should cover the importance of transparency, fairness, and accountability in AI operations.
  • Ethical AI Use. Embed ethical considerations into the AI development process. This means complying with the law and striving to use AI to reflect your company’s values. The DOJ will be looking to see if your company is avoiding harm and proactively promoting ethical AI use.

Argentieri’s remarks underscore the importance of managing the risks associated with AI and other disruptive technologies. Compliance professionals must take a proactive approach by conducting thorough risk assessments, implementing robust controls, and continuously monitoring AI systems to ensure they align with regulatory requirements and the company’s ethical standards. By taking these initial steps, you can meet the DOJ’s expectations and leverage AI to enhance your compliance program and overall business integrity. Join us tomorrow to take a deep dive into the new language of the 2024 ECCP and explore how to implement it.