Tag: Nicole Argentieri

Categories
Blog

Supporting Whistleblowers: Lessons from Lon Chaney’s The Wolfman

Ed. Note: This week, leading up to Halloween, I will examine lessons for compliance professionals through the lens of the great Universal Movie Monsters: Frankenstein, Wolfman, Dracula, and The Mummy. Today, we use Lon Chaney’s original film version of The Wolfman. 

===========================================================

Of all the great Universal movie monsters, my favorite is found in the 1941 film The Wolfman. Lon Chaney’s portrayal of Larry Talbot offers more than just a classic horror story about a man who becomes a werewolf. It’s a tale of isolation, fear, and a struggle for survival in the face of an overwhelming and terrifying transformation. In short, it is the most psychological of all the Universal movie monsters. Much like a corporate whistleblower, Talbot finds himself caught in a situation where the truth is a burden, and no one wants to listen. Instead of being understood and supported, he is feared, rejected, and left to fend for himself.

For compliance professionals, The Wolfman provides a vivid metaphor for the journey of whistleblowers. Whistleblowers often find themselves isolated, facing potential retaliation, and struggling to navigate the consequences of their decision to report wrongdoing. In this post, we’ll explore how to create a culture that encourages whistleblowers to come forward, keeps them informed throughout the process, and protects them from retaliation, all through the lens of The Wolfman. We will also assess the 2024 Evaluation of Corporate Compliance Programs (2024 ECCP) and Nicole Argentieri’s commentary on these issues.

Creating a Safe Space: Encouraging Whistleblowers to Come Forward

In The Wolfman, Larry Talbot is plagued by the knowledge of his transformation, but he finds no one willing to help or believe him. He is trapped in his new reality, just as whistleblowers can feel trapped by the knowledge of corporate misconduct. The first step in supporting whistleblowers is creating an environment where they feel safe and encouraged to speak up.

The 2024 ECCP underscores the importance of building a culture where employees feel empowered to raise concerns without fear. It emphasizes the need for companies to proactively encourage internal reporting mechanisms, making it clear that the company values integrity and transparency. Compliance professionals must ensure that reporting channels are available, actively promoted, and trusted.

In her commentary on the 2024 ECCP, Nicole Argentieri highlights that one key element in encouraging whistleblowers is leadership’s tone from the top. Executives and senior management must demonstrate a commitment to ethical behavior, ensuring that whistleblowing is accepted and valued. Whistleblowers need to know that their reports will be taken seriously and their concerns will be addressed.

Talbot’s cries for help go unheard in The Wolfman, leading to disastrous consequences. In the corporate world, businesses must avoid this fate by ensuring whistleblowers are not ignored or dismissed. The 2024 ECCP recommends that companies provide multiple, accessible channels for reporting, including anonymous options so that employees feel comfortable coming forward regardless of their circumstances.

Transparency Throughout the Process: Keeping Whistleblowers Informed

Just as Larry Talbot struggles with the unknown and is left in the dark about his fate, whistleblowers often find themselves cut off after making a report. They may need clarification about what’s happening with their complaint, whether it’s being investigated, and the next steps. This lack of communication can discourage future whistleblowers and lead to feelings of abandonment.

The 2024 ECCP stresses the importance of maintaining open lines of communication with whistleblowers throughout the investigation process. Once a report has been made, it is critical to keep whistleblowers informed about the status of their complaint. This does not mean sharing sensitive investigation details but providing regular updates so that the whistleblower knows their concerns are being taken seriously.

Argentieri has echoed this sentiment, noting that one of the most common frustrations whistleblowers face is a lack of transparency after they come forward. She argues that compliance teams must ensure whistleblowers are not wondering what will happen next. A well-managed whistleblower program includes clear communication protocols that keep whistleblowers engaged and reassured.

In The Wolfman, Talbot’s inability to find answers drives him to despair. Businesses must avoid this by ensuring whistleblowers feel supported and heard throughout the process. Compliance officers should regularly touch base with whistleblowers, letting them know that their concerns are being addressed, that their identity is being protected and that appropriate actions are being taken.

Protection from Retaliation: Safeguarding Whistleblowers

One of the central themes in The Wolfman is Larry Talbot’s fear of being hunted and rejected. Similarly, whistleblowers often fear retaliation, whether in the form of termination, demotion, or ostracization. Protecting whistleblowers from retaliation is a legal obligation and a moral imperative that helps foster a culture of compliance and trust.

The 2024 ECCP strongly emphasizes retaliation protections. It advises that companies must have robust policies to prevent retaliation and provide clear avenues for whistleblowers to report any retaliatory behavior. This means more than just having a policy on paper—compliance teams must actively enforce these protections and monitor for any signs of retaliation.

Nicole Argentieri has weighed in on this issue, noting that while many companies claim anti-retaliation policies, enforcement can be lacking. She emphasizes the need for companies to create a system of checks and balances to ensure that retaliation does not occur, particularly in the form of subtle, indirect actions that might otherwise go unnoticed. Retaliation doesn’t always come as a formal firing—it can be a change in duties, exclusion from meetings, or a negative shift in workplace relationships.

In The Wolfman, Talbot becomes a hunted figure, chased down by those who fear and misunderstand him. In the corporate world, whistleblowers must never feel like they are being hunted or targeted for their decision to report misconduct. The ECCP advises companies to protect whistleblowers and offer additional support services, such as counseling, if needed, to help them navigate the emotional strain of coming forward.

Building a Culture of Trust and Integrity

The most important lesson from The Wolfman is the need for trust. Larry Talbot finds himself abandoned and isolated because the people around him refuse to trust his warnings. A strong compliance program must avoid this trap by building a culture of trust and integrity. Employees need to believe that they will be treated fairly, protected, and supported if they come forward with a report.

The 2024 ECCP highlights that trust is the foundation of a successful compliance program. Companies must work to build an environment where whistleblowers are seen as vital contributors to the company’s ethical health. This includes recognizing the courage it takes to come forward and offering praise or acknowledgment for whistleblowers who help protect the company from greater risks.

Argentieri has noted that companies should integrate their whistleblower programs into the broader corporate culture, making whistleblowing a routine and accepted part of the business rather than an extraordinary act of bravery. This normalization of whistleblowing helps to remove the stigma and encourages more employees to speak up when they see something wrong.

Creating a Supportive Whistleblower Program

The Wolfman offers us a powerful analogy for the journey of whistleblowers within a company. Like Larry Talbot, whistleblowers often face fear, isolation, and a lack of support. However, the lessons from The Wolfman, coupled with the guidance from the 2024 ECCP and Nicole Argentieri’s commentary, provide a roadmap for how companies can create a more supportive environment for whistleblowers.

Encouraging whistleblowers starts with creating a culture where employees feel safe and empowered to report misconduct. Keeping them informed throughout the process is essential for maintaining their trust and confidence. Finally, protecting whistleblowers from retaliation ensures that they—and others—continue to feel comfortable raising concerns.

By building a robust and transparent whistleblower program, compliance professionals can help their organizations navigate the complexities of corporate risk, protect their employees, and safeguard the company’s reputation. In doing so, they avoid the tragic fate of The Wolfman and create an environment where the truth is not a burden but a pathway to a stronger, more ethical company.

Join us tomorrow for our final consideration of compliance through the classic Universal Movie Monsters lens as we consider corporate culture and Boris Karloff’s version of The Mummy.

Categories
Blog

When New Business Risks Emerge: Lessons for Compliance from The Creature from the Black Lagoon

Ed. Note: This week, leading up to Halloween, I will examine lessons for compliance professionals through the lens of the great Universal Movie Monsters: Frankenstein, Wolfman, Dracula, and The Mummy. Today, we consider what compliance needs to do when new business risks emerge through the lens of the 1954 monster movie classic The Creature from the Black Lagoon. 

============================================================

We move from the 1930s to the 1950s to look at the classic horror film The Creature from the Black Lagoon. In this movie, a team of scientists stumbles upon an uncharted and dangerous lagoon in the Amazon rainforest, only to discover the terrifying Gill-man. What starts as a routine scientific expedition quickly becomes a struggle for survival as the group faces an unexpected threat from an unknown entity. As compliance professionals, this scenario is an apt metaphor for when new business risks emerge or your business model changes unexpectedly.

The film offers valuable lessons on preparedness, adaptability, and vigilance in the face of the unknown lessons echoed in the latest guidance from the 2024 Evaluation of Corporate Compliance Programs(2024 ECCP) and commentary from industry experts like Nicole Argentieri. In this post, we will explore what *The Creature from the Black Lagoon* teaches us about managing new business risks, assess the 2024 ECCP’s guidance on this issue, and consider how Principal Deputy Assistant Attorney General Lisa Argentieri’s views on the 2024 ECCP further inform our approach to compliance in a changing business landscape.

Identifying the Uncharted Waters: Recognizing New Risks

The scientists in The Creature from the Black Lagoon ventured into unknown territory, unaware of the dangers lurking beneath the surface. Similarly, when a business undergoes a shift in its business model, whether through entering new markets, launching new products, or facing changes in regulatory environments, new risks can emerge that were previously uncharted. The first step in managing these risks is recognizing them.

The 2024 ECCP stresses the importance of continuously assessing and identifying new risks as part of an effective compliance program. The ECCP notes that businesses should engage in ongoing risk assessments, particularly when significant changes in business operations occur. Compliance officers must have a mechanism to detect these changes early and respond accordingly.

Nicole Argentieri emphasizes this point, highlighting the need for businesses to be proactive rather than reactive. In her commentary on the ECCP, Argentieri notes that one of the key elements of a robust compliance program is its ability to evolve with the business. Companies must quickly recalibrate their risk assessments and compliance strategies when new risks appear. As the film illustrates, failing to anticipate or identify new threats can leave you vulnerable, just as the scientists were unprepared for the dangers in the lagoon.

 Assessing the Threat: The Need for a Swift and Comprehensive Risk Evaluation

Once the scientists in the film realize that the Gill-man is a threat, they must quickly reassess their entire situation. In the corporate world, the appearance of a new risk demands a similar response: swift and comprehensive evaluation. Businesses must assess the immediate risk and its broader implications on the company’s operations, reputation, and compliance obligations.

The 2024 ECCP strongly emphasizes the need for businesses to adapt their risk assessments to reflect changes in operations or the external environment. Whether the company is expanding into a new geographic area, introducing new products, or dealing with changing regulations, the risk landscape will shift. Compliance officers must ensure their risk management frameworks are flexible enough to incorporate these new threats.

Argentieri has noted that when new risks emerge, companies must act swiftly to integrate them into their compliance programs. This involves conducting fresh risk assessments and ensuring that any changes in the business model are reflected in compliance policies, training, and monitoring systems. Like the characters in the film, who adapt their strategies as they learn more about the Gill-man, compliance teams must evolve their strategies based on a full understanding of the new risk landscape.

Adapting Your Strategy: Revising Policies, Procedures, and Controls

The central characters in The Creature from the Black Lagoon must quickly adapt their approach to survive. Similarly, when new business risks arise, compliance officers must reevaluate and adjust existing policies, procedures, and internal controls. The 2024 ECCP clearly states that policies and controls should not remain static. Instead, they must be revised to reflect the changing nature of business operations and risks.

When your business model changes, you cannot assume that your existing compliance framework will continue to be effective. For example, expanding into new geographic regions may introduce new risks related to anti-bribery and corruption (ABAC), data privacy, or supply chain integrity. New product offerings bring consumer protection, product safety, or intellectual property risks to the forefront. The ECCP recommends reviewing and updating your internal controls, third-party risk management processes, and compliance training to ensure that all aspects of your compliance program remain relevant.

Argentieri’s analysis of the 2024 ECCP reinforces this point. She has argued that businesses must build dynamic and agile compliance programs. The compliance function should be involved in key decision-making processes as the business grows and changes. When new risks emerge, the compliance department must be ready to overhaul procedures and policies swiftly. This could mean expanding due diligence efforts, revising conflict-of-interest policies, or rolling out new training programs to address the specific nature of the risk.

Vigilance and Monitoring: Ongoing Risk Management

In The Creature from the Black Lagoon, the characters must always stay vigilant to avoid the creature’s attacks. When new risks emerge, businesses must maintain a heightened level of vigilance through ongoing monitoring and testing of their compliance programs. The 2024 ECCP underscores the importance of regular monitoring to ensure compliance programs work as intended, especially in the face of new business risks.

The ECCP recommends incorporating data analytics and other technological tools to monitor compliance activities in real-time. For example, if your business is expanding into new regions, you may want to enhance monitoring of third-party relationships in those areas to ensure compliance with local laws and regulations. Continuous monitoring allows businesses to spot emerging risks early and respond before they become critical issues.

Argentieri has highlighted the need for compliance professionals to stay engaged with the business as it evolves. She suggests that compliance officers must work closely with business leaders to understand the company’s strategic direction and anticipate new risks before they fully materialize. Compliance professionals can avoid potential threats by actively participating in business discussions and decision-making and adjusting their monitoring programs accordingly.

Training and Communication: Keeping Everyone in the Loop

In the film, survival depends on everyone being aware of the danger and working together to manage it. Similarly, once new risks have been identified, ensuring that all employees, from the C-suite to the front lines, are informed and equipped to handle them is essential. The 2024 ECCP stresses the importance of communication and training as key components of an effective compliance program, especially when new risks are introduced.

When a business model changes or a new risk emerges, compliance officers must update training programs to reflect these developments. Employees should understand the nature of the new risks and how to navigate them within the company’s compliance framework. Regular communication from leadership about the importance of compliance and the role employees play in managing risk is critical for building a culture of compliance.

Argentieri has noted that training should be tailored to address the risks that have arisen. For example, if a company is entering a market with heightened anti-corruption risks, the compliance training should focus on identifying red flags for bribery and navigating local regulatory requirements. Just as the characters in The Creature from the Black Lagoon needed to work as a team to survive, businesses must ensure everyone is on the same page when managing new risks.

The lessons from The Creature from the Black Lagoon offer valuable insights for today’s compliance professionals. When faced with new and unforeseen threats, quickly adapting and responding is crucial for survival. The 2024 ECCP reinforces this need for agility, emphasizing the importance of ongoing risk assessments, the revision of policies and procedures, and vigilant monitoring.

Nicole Argentieri’s commentary on the ECCP provides further guidance, urging companies to build compliance programs that can evolve in real-time with the business. Just as the characters in the film had to adapt to survive, compliance officers must ensure their programs are flexible enough to respond to new risks and changing business models. By staying alert, adapting quickly, and fostering a culture of compliance, businesses can navigate uncharted waters and emerge stronger on the other side.

Join us tomorrow, where we will consider the 1954 movie version of The Creature from the Black Lagoon and how companies must assess and manage new and emerging risks.

Categories
Compliance and AI

Compliance and AI: Navigating AI Compliance: The EC Gang Reviews The 2024 ECCP

What is the role of Artificial Intelligence in compliance? What about Machine Learning? Are you using ChatGPT? These questions are but three of the many questions we will explore in this cutting-edge podcast series, Compliance and AI, hosted by Tom Fox, the award-winning Voice of Compliance.

In this episode, Matt Kelly leads the Everything Compliance quartet of Susan Divers, Jonathan Marks, Karen Moore and Tom Fox through a look at Compliance and AI from the prism of the 2024 Evaluation of Corporate Compliance Programs (ECCP).

Kelly examines the complexities of integrating artificial intelligence into corporate compliance frameworks, highlighting the DOJ’s recent guidance on managing AI risks as laid out in the 2024 ECCP. In Deputy Attorney General Nicole Argentieri’s SCCE speech, she noted the overlooked AI risks and compliance requirements and emphasized the need for businesses to assess both internal AI applications and external threats from malicious uses by scammers or fraudsters.

The gang then delved into the dual aspect of AI risk—its creation and reception—and underlining the importance of comprehensive risk assessment and control measures in AI deployment, such as developing bug bounty programs and ensuring anti-fraud mechanisms are robust. We explored the role of compliance officers in AI oversight, focusing on the challenges in governing AI-generated decisions compared to human actions. With various insights on the legal and operational aspects of AI compliance, the discussion urges companies to evaluate the implications of AI use, both in risk management and ethical execution.

Key Highlights:

  • Understanding AI Risks
  • Compliance Guidelines for AI
  • AI in Fraud Prevention
  • Challenges in AI Oversight
  • Compliance Officers and AI
  • Model Validation and AI

Resources:

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Compliance Tip of the Day

Compliance Tip of the Day: Highlights from Argentieri Speech

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law.

Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

Today, we look at the key highlights for compliance professionals from the recent speech by Nicole Argentieri announcing the 2024 Update to the Evaluation of Corporate Compliance Programs.

Categories
Blog

Argentieri on the DOJ’s Corporate Whistleblower Awards Pilot Program

The Department of Justice (DOJ) recently unveiled the Corporate Whistleblower Awards Pilot Program (CWA) to bolster corporate enforcement efforts. Although the program has only been operational for a few weeks, it has already started receiving promising tips. This initiative reflects a strategic effort by the DOJ to harness financial incentives in the fight against white-collar crime, offering new opportunities for whistleblowers and reshaping the landscape of corporate compliance.

In her recent speech at the Society of Corporate Compliance and Ethics 23rd Annual Compliance & Ethics Institute. Principal Deputy Assistant Attorney General Nicole M. Argentieri spoke about the CWA and reviewed its early developments. (A copy of her remarks can be found here.) There was also updated information on the DOJ approach to whistleblowers and anti-retaliation found in the 2024 Update to the Evaluation of Corporate Compliance Programs (2024 ECCP). This new language found in the 2024 ECCP will be the subject of a separate blog post.

Why Whistleblower Programs Matter

Argentieri noted that whistleblower programs have a proven track record of success. Programs at other agencies, such as the Securities and Exchange Commission (SEC), have led to thousands of tips and hundreds of millions of dollars in awards and have been instrumental in holding wrongdoers accountable. However, these existing programs do not cover the full spectrum of white-collar and corporate crime that the DOJ prosecutes. The CWA was designed to fill these critical gaps.

The CWA targets four priority areas not currently covered by other whistleblower programs: abuses of the financial system by financial institutions and insiders, foreign corruption and bribery schemes, domestic corruption, and health care schemes targeting private insurers. Importantly, the program is not limited to these categories. If a whistleblower has information about misconduct outside of these areas, the DOJ is still interested in hearing from them.

Encouraging Internal Reporting and Enhancing Corporate Compliance

Interestingly, Argentieri believes one of the CWA’s most innovative aspects is its focus on encouraging internal reporting. Whistleblowers who first report internally within their companies will be eligible for an award if they report to the DOJ within 120 days of their internal report. Furthermore, making an internal report before coming forward to the DOJ is a factor that will increase the potential whistleblower award.

This approach serves a dual purpose. It incentivizes employees to utilize internal reporting mechanisms, reinforcing the importance of strong internal compliance programs. At the same time, it creates a powerful incentive for companies to take internal reports seriously and to act swiftly in response to potential misconduct.

For companies, the stakes are high. The DOJ has clarified that the CWA will alter the calculus when considering whether to make a voluntary self-disclosure. Alongside the whistleblower program, the DOJ amended its Corporate Enforcement and Voluntary Self-Disclosure Policy (CEP). Under this amendment, if a company receives an internal whistleblower report and then reports the misconduct to the DOJ within 120 days—before the DOJ reaches out to the company—it will be eligible for the greatest benefit under the CEP: a presumption of a declination provided the company fully cooperates and remediates. This is a significant departure from the usual approach, as it allows a company to qualify for a declination even if the whistleblower comes to the DOJ first.

Protecting Whistleblowers: A Priority for the DOJ

The DOJ’s whistleblower program is about receiving tips and protecting those who come forward. The DOJ is fully committed to safeguarding whistleblowers’ identities to the fullest extent allowable under the law. Moreover, the DOJ will closely monitor any actions against whistleblowers who report misconduct internally. Compliance departments play a crucial role in this process by implementing robust anti-retaliation policies and training employees on these protections.

Under the 2024 ECCP, the DOJ will scrutinize a company’s commitment to whistleblower protection and the promotion of a “speak-up” culture. Companies retaliating against whistleblowers risk losing credit for cooperation and remediation and could face severe consequences, including sentencing enhancements and even prosecution for obstruction of justice.

Early Successes and Corporate Lessons

Argentieri said the CWA is already off to a strong start, with over 100 tips received in just a few weeks. If these whistleblowers also report internally, as the program incentivizes, companies must take their reports seriously and consider coming forward to the DOJ.

Turning to recent corporate resolutions, the DOJ’s approach to recognizing and rewarding cooperation and remediation is instructive. A prime example is the recent declination granted to Boston Consulting Group (BCG) under the CEP. BCG’s timely and voluntary self-disclosure of a potential FCPA violation and its complete and proactive cooperation led to the DOJ’s decision to decline prosecution. BCG’s remediation efforts were particularly noteworthy, including the termination of personnel involved in the misconduct and the imposition of compensation-based penalties, such as requiring certain partners to forfeit their equity and withholding bonuses.

On the other hand, SAP, mentioned earlier, earned a 40% reduction in its criminal penalty—near the maximum reduction available for companies that do not voluntarily self-disclose. SAP’s proactive cooperation began shortly after news reports surfaced, and its swift remediation, including disciplining responsible employees and enhancing its compliance program, was critical in earning this reduction.

In contrast, Trafigura received only a 10% reduction for cooperation and remediation. The company’s delayed preservation and production of evidence and a posture during resolution negotiations that caused significant delays limited its cooperation credit. Moreover, Trafigura’s remediation efforts were mixed, as it was slow to discipline certain employees, further diminishing its potential credit.

The Takeaways for Compliance Officers

The lessons from these cases and the CWA are clear for compliance professionals. First, fostering a strong internal reporting culture is crucial. Companies encouraging internal whistleblowing and acting swiftly on these reports are better positioned to benefit from DOJ policies like the CEP. Second, the importance of proactive and thorough cooperation must be considered. Companies that fully cooperate and remediate—going above and beyond in their efforts—stand to receive significant benefits in any DOJ investigation.

Finally, the CWA emphasizes the need for robust whistleblower protections. Compliance departments must implement, actively promote, and enforce policies that protect whistleblowers from retaliation. The DOJ is watching closely, and companies that fail to protect their whistleblowers will face serious consequences.

A New Era of Corporate Accountability

The launch of the Corporate Whistleblower Awards Pilot Program marks a new era in corporate accountability. By leveraging financial incentives and protecting those who come forward, the DOJ is creating a powerful tool for combating white-collar crime. For companies, the message is clear: invest in strong compliance programs, encourage internal reporting, and act decisively on misconduct. Doing so aligns with ethical business practices and positions the company to achieve the most favorable outcomes in any DOJ investigation. As the CWA continues to gain traction, compliance professionals will play a critical role in guiding their organizations through this evolving landscape, ensuring they remain on the right side of the law and public trust.

Categories
Blog

The Argentieri Speech: Mid-Point Reflections on the DOJ’s Compensation Clawback Pilot Program

Principal Deputy Assistant Attorney General Nicole M. Argentieri spoke at the Society of Corporate Compliance and Ethics 23rd Annual Compliance & Ethics Institute. ( A copy of her remarks can be found here.) She reiterated the long-stated policy that compliance professionals play a critical role in ensuring companies comply with the law and foster a culture of ethics and integrity. She noted that the Department of Justice (DOJ) has made it clear that companies are the first line of defense against corporate crime, and compliance officers are on the front lines of this defense. The 2024 update to the DOJ’s Evaluation of Corporate Compliance Programs (ECCP) and the introduction of new pilot programs in 2024 underscored the increasing importance of the roles of compliance professionals. This blog post will review her remarks on the DOJ Compensation Incentives and Clawbacks Pilot Program (Clawbacks Program).

The Early Impact: Changing Corporate Behavior

Argentieri believes that early indications suggest these innovations are changing corporate behavior. One notable example comes from a company under agreement with the Criminal Division that required adherence to compliance standards and reporting misconduct as part of its annual performance reviews. Coupled with a company-wide messaging campaign, these efforts have increased reporting of potential compliance issues—a clear sign that employees are responding to the new incentives.

Moreover, the DOJ has observed companies integrating assessments of how employees demonstrate core values into their performance reviews. For example, one company now evaluates employees across categories such as individual and team performance, goal accomplishment, and demonstration of core values. These metrics are then factored into both compensation and promotion decisions. This approach reinforces the importance of ethical behavior and embeds compliance into the fabric of corporate culture.

Dual Pillars of the Clawbacks Program

The program is built on two foundational pillars. The first involves mandating that every corporate resolution under the Criminal Division’s supervision include compliance-related criteria in its compensation and bonus systems. This mandate compels companies to establish metrics that reward compliance-promoting behavior and deter misconduct. While similar language has been included in some corporate resolutions, the pilot program has made it a requirement in every Criminal Division resolution since its inception. So far, this requirement has been incorporated into nine corporate resolutions spanning five industries: tech, finance, crypto, manufacturing, and energy.

This shift is a formality and a strategic realignment in how companies approach compensation. By linking financial incentives to ethical behavior, these nine companies set a precedent for others in their industries. They align compensation with financial performance and the broader goal of conducting business ethically. This is a significant move, one that has the potential to set a new tone across the marketplace.

The Second Pillar: Fine Reductions for Financial Accountability

The second part of the Clawbacks Program offers a tangible incentive for companies to hold individuals financially accountable for misconduct. Specifically, companies that recoup or withhold compensation from culpable employees—or those who had supervisory authority and were aware of or willfully blind to the misconduct—are eligible for a fine reduction. The reduction is equal to the amount of the withheld compensation, reflecting the DOJ’s commitment to promoting financial accountability as a cornerstone of corporate compliance.

Argentieri reviewed the two companies that have benefited from this aspect of the clawbacks program; both come from Foreign Corrupt Practices Act (FCPA) enforcement actions. Albemarle, for instance, implemented procedures to freeze future bonuses for those suspected of misconduct, those who directly oversaw employees involved in misconduct, or those who ignored red flags. As a result, Albemarle received a reduction in its criminal monetary penalty equal to the amount of the withheld bonuses. In recognition of its substantial cooperation and significant remediation efforts, Albemarle also received a 45% reduction from the low end of the applicable penalty range—the highest percentage reduction to date.

Similarly, SAP withheld compensation from culpable employees and defended this decision through litigation, reinforcing the message that misconduct would have individual financial consequences. SAP’s actions not only earned the company a fine reduction equal to the amount of the withheld compensation but also played a critical role in the DOJ’s decision to grant a 40% reduction in its overall fine.

Lessons for Compliance Professionals: The Power of Financial Incentives

The lessons from the DOJ’s clawbacks pilot program are clear and compelling for compliance professionals. First, integrating compliance into compensation structures is a powerful tool for driving ethical behavior and deterring misconduct. Companies that make compliance a critical factor in determining compensation send a strong message to their employees: engaging in ethical behavior is not just encouraged but essential for business success.

Second, the importance of financial accountability must be balanced. The DOJ’s willingness to reduce fines for companies that recoup compensation from culpable employees highlights the agency’s commitment to holding individuals responsible for their actions. This aspect of the pilot program is particularly significant as it underscores the role of individual accountability in fostering a strong culture of compliance.

Finally, continuous evaluation is key. The DOJ is urging companies to regularly assess the effectiveness of their compliance-linked compensation systems, seek feedback, and make necessary adjustments. This iterative process ensures compliance metrics remain relevant and effective, allowing companies to stay ahead of emerging risks and maintain a robust compliance culture.

As we move towards the second half of the DOJ’s pilot program, the early successes in promoting compliance through compensation-linked incentives and financial accountability are setting the stage for a new era in corporate governance. The evidence so far suggests that this approach is feasible and effective in driving meaningful change in corporate behavior.

For those in the compliance profession, this is a pivotal moment. Integrating compliance into compensation and emphasizing financial accountability are significant advancements in corporate ethics and governance. It’s an opportunity to champion these changes within your organization and to be part of a broader movement that aligns financial success with ethical business practices.

In the long run, this pilot program’s true test will be its enduring impact on corporate behavior. But if the early indicators are anything to go by, we are witnessing the beginning of a new chapter in compliance—one where doing the right thing is not just the ethical choice but also the smart one.

Categories
Data Driven Compliance

Data-Driven Compliance: The DOJ Mandate on Transforming Compliance Through Data Analytics and AI with Vince Walden

Are you struggling to keep up with the ever-changing compliance programs in your business? Look no further than the award-winning Data Driven Compliance podcast, hosted by Tom Fox, is a podcast featuring an in-depth conversation around the uses of data and data analytics in compliance programs. Data Driven Compliance is back with another exciting episode. Today, Vince Walden, founder of KonaAI, the sponsor of this podcast, returns to talk about the recent speech by Nicole Argentieri and the release of the 2024 Update to the Evaluation of Corporate Compliance Programs (ECCP).

Walden shares insights from the Nicole Argentieri’s keynote and ECCP update, emphasizing the DOJ’s focus on data access in compliance. We explore the importance of utilizing both compliance and business data for effective fraud and risk management. Walden underscores the necessity for compliance professionals to collaborate with internal audit and finance departments, advocating for a risk-based approach to data analytics and continuous controls monitoring. The discussion also delves into leveraging AI and machine learning to improve compliance efficacy and overall business operations, arguing for the proportional allocation of resources to match the company’s sophistication level.

Key Highlights:

  • DOJ’s Focus on Data Access
  • Understanding Compliance Data Analytics
  • Training Compliance Officers on Data
  • Implementing Continuous Controls Monitoring
  • Cost Savings and ROI in Compliance
  • Proportionate Resource Allocation
  • Documentation and Transparency

Resources:

Vince Walden on LinkedIn

KonaAI

Tom Fox 

Connect with me on the following sites:

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

Argentieri Speech and 2024 ECCP: Argentieri on Navigating AI Risks

Deputy Assistant Attorney General Nicole M. Argentieri’s speech highlighted a critical shift in the Department of Justice’s (DOJ) approach to evaluating corporate compliance programs. As outlined in the updated 2024 Evaluation of Corporate Compliance Programs (2024 ECCP), the emphasis on data access signals a new era where compliance professionals are expected to wield data with the same rigor and sophistication as their business counterparts. This week, I am reviewing the speech and 2024 ECCP. Over the next couple of blog posts, I will look at the most significant addition, that around AI. Today, I will review Argentieri’s remarks to see what she has said. Tomorrow, I will dive deeply into the new areas in the 2024 ECCP around new technologies such as Artificial Intelligence (AI).

In her remarks, Argentieri said, “First, … Our updated ECCP includes an evaluation of how companies assess and manage risk related to using new technology such as artificial intelligence in their business and compliance programs. Under the ECCP, prosecutors will consider the technology that a company and its employees use to conduct business, whether the company has conducted a risk assessment of using that technology, and whether the company has taken appropriate steps to mitigate any associated risk. For example, prosecutors will consider whether the company is vulnerable to criminal schemes enabled by new technology, such as false approvals and documentation generated by AI. If so, we will consider whether compliance controls and tools are in place to identify and mitigate those risks, such as tools to confirm the accuracy or reliability of data the business uses. We also want to know whether the company monitors and tests its technology to evaluate its functioning as intended and consistent with its code of conduct.”

Argentieri emphasizes the importance of managing risks associated with disruptive technologies like AI. These updates signal a clear directive for compliance professionals: you must take a proactive stance on AI risk management. You can take the following steps to align your compliance program with the DOJ’s latest expectations.

Conduct a Comprehensive Risk Assessment of AI Technologies

The first step in meeting the DOJ is to thoroughly assess the risks that AI and other disruptive technologies pose to your organization.

  • Identify AI Use Cases. Start by mapping out where AI is being used across your business operations. This could include everything from automated decision-making processes to AI-driven data analytics. Understanding the scope of AI use is essential for identifying potential risk areas.
  • Evaluate Vulnerabilities. Once you have a clear picture of how AI is utilized, conduct a detailed risk assessment. Look for vulnerabilities, such as the potential for AI to generate false approvals or fraudulent documentation. Consider scenarios where AI could be manipulated or fail to perform as expected, leading to compliance breaches or unethical outcomes.
  • Prioritize Risks. Not all risks are created equal. Prioritize them based on their potential impact on your business and the likelihood of occurrence. This prioritization will guide the allocation of resources and the development of mitigation strategies.

Implement Robust Compliance Controls and Tools

Once risks have been identified, the next step is to ensure that your compliance program includes strong controls and tools specifically designed to manage AI-related risks.

  • Develop AI-Specific Controls. Traditional compliance controls may not be sufficient to address AI’s unique challenges. Develop or adapt controls to monitor AI-generated outputs, ensuring accuracy and consistency with company policies. This might include cross-referencing AI decisions with manual checks or implementing algorithms that flag unusual patterns for further review.
  • Invest in AI-Compliance Tools. Specialized tools are available that can help compliance teams monitor AI systems and detect potential issues. Invest in these tools to enhance your ability to identify and mitigate AI-related risks. These tools should be capable of real-time monitoring and provide insights into the functioning of AI systems, including the accuracy and reliability of the data they generate.
  • Regular Testing and Validation. AI systems should not be a set-it-and-forget-it solution. Regularly test and validate your AI tools to ensure they function as intended. This should include stress testing under different scenarios to identify any weaknesses or biases in the system. The DOJ expects your company to implement AI and rigorously monitor its performance and alignment with your compliance objectives.

Monitor, Evaluate, and Adapt

AI technology and its associated risks constantly evolve, so your compliance program must be flexible and responsive.

  • Ongoing Monitoring. Continuously monitor AI systems’ performance to ensure they align with your company’s code of conduct and compliance requirements. This involves technical monitoring and assessing the ethical implications of AI decisions.
  • Adapt to New Risks. As AI technology advances, new risks will emerge. Stay informed about the latest developments in AI and disruptive technologies, and be ready to adapt your compliance program accordingly. This may involve updating risk assessments, enhancing controls, or revising your company’s overall approach to AI.
  • Engage with Technology Experts. Compliance professionals should work closely with IT and AI experts to stay ahead of potential risks. This collaboration is crucial for understanding the technical nuances of AI and ensuring that compliance strategies are technically sound and effectively implemented.

Ensure Alignment with the Company’s Code of Conduct

Finally, all AI initiatives must follow your code of conduct and ethical standards.

  • Training and Awareness. Ensure that all employees, particularly those involved in AI development and deployment, are trained on the ethical implications of AI and the company’s code of conduct. This training should cover the importance of transparency, fairness, and accountability in AI operations.
  • Ethical AI Use. Embed ethical considerations into the AI development process. This means complying with the law and striving to use AI to reflect your company’s values. The DOJ will be looking to see if your company is avoiding harm and proactively promoting ethical AI use.

Argentieri’s remarks underscore the importance of managing the risks associated with AI and other disruptive technologies. Compliance professionals must take a proactive approach by conducting thorough risk assessments, implementing robust controls, and continuously monitoring AI systems to ensure they align with regulatory requirements and the company’s ethical standards. By taking these initial steps, you can meet the DOJ’s expectations and leverage AI to enhance your compliance program and overall business integrity. Join us tomorrow to take a deep dive into the new language of the 2024 ECCP and explore how to implement it.

Categories
Blog

Argentieri Speech and 2024 ECCP: Data Access and Data Analytics

Deputy Assistant Attorney General Nicole M. Argentieri’s speech highlighted a critical shift in the DOJ’s approach to evaluating corporate compliance programs. As outlined in the updated 2024 Evaluation of Corporate Compliance Programs (2024 ECCP), the emphasis on data access signals a new era where compliance professionals are expected to wield data with the same rigor and sophistication as their business counterparts.

In her remarks, Argentieri said, “Third, under the updated ECCP, our prosecutors will assess whether a compliance program has appropriate access to data, including to assess its effectiveness. We have added questions about whether compliance personnel have adequate access to relevant data sources and the assets, resources, and technology available to compliance and risk management personnel. As part of this assessment, we will also consider whether companies are putting the same resources and technology into gathering and leveraging data for compliance purposes they use in their business.”

Her remarks were paired with new language in the 2024 ECCP, which stated:

Data Resources and Access – Do compliance and control personnel have sufficient direct or indirect access to relevant data sources for timely and effective monitoring and/or testing of policies, controls, and transactions? Do any impediments exist that limit or delay access to relevant data sources, and if so, what is the company doing to address the impediments? Do compliance personnel know of and have the means to access all relevant data sources reasonably timely? Is the company appropriately leveraging data analytics tools to create efficiencies in compliance operations and measure the effectiveness of components of compliance programs? How is the company managing the quality of its data sources? How does the company measure the accuracy, precision, or recall of any data analytics models it uses?

Proportionate Resource Allocation – How do the assets, resources, and technology available to compliance and risk management compare to those available elsewhere in the company? Is there an imbalance between the technology and resources used by the company to identify and capture market opportunities and the technology and resources used to detect and mitigate risks?

The speech and the 2024 ECCP put new and additional requirements around a corporate compliance program in the areas of data and data analytics. But how exactly should compliance teams navigate these heightened expectations? Here’s what you must do to ensure your compliance program meets these new standards.

Evaluate Your Data Access to Ensure Unimpeded Access to Relevant Data

The first step in aligning with the DOJ’s expectations is to conduct a comprehensive audit of your current data access. Compliance professionals must ask:

  • Conduct a Data Access Audit. Identify all the critical data sources for monitoring and testing your compliance policies, controls, and transactions. This includes financial transactions, communications, third-party interactions, and other data relevant to your risk profile.
  • Identify and Eliminate Barriers. Once you have a map of your data landscape, scrutinize it for any impediments that may limit or delay access to critical data. These barriers could be technical, such as legacy systems that do not integrate well, or organizational, like departmental silos that restrict data flow. Develop a plan to remove these impediments, whether through technology upgrades, process improvements, or changes in data governance.
  • Educate and Empower Compliance Teams. It is not enough for data to be accessible; your compliance personnel must also have the knowledge and tools to access it effectively. Invest in training programs that enhance data literacy among your team members, ensuring they can navigate and leverage data to its full potential.

The DOJ will scrutinize whether your compliance team has the same data visibility as other business units. If you find gaps, now is the time to bridge them.

Assess Resource Allocation for Data Analytics

Argentieri’s remarks also underscore the importance of resourcing. It is more than having data; your corporate compliance function must have the tools and talent to analyze it effectively. The 2024 ECCP emphasizes the importance of using data analytics tools to create efficiencies in compliance operations and measure the effectiveness of compliance programs.

  • Technology Investment. Are you using advanced analytics tools? Leverage AI and machine learning to proactively identify patterns, anomalies, and potential compliance risks.
  • Invest specifically in Advanced Analytics Tools. Ensure that your compliance program is equipped with state-of-the-art data analytics tools. These tools should be capable of processing large volumes of data, identifying patterns, and flagging potential risks in real-time. Artificial intelligence (AI) and machine learning (ML) can be particularly useful in predictive analytics, helping you stay ahead of emerging risks.
  • Human Resources. Do you have data-savvy compliance professionals on your team? Consider upskilling current staff or hiring data analysts who understand the technical and regulatory landscapes.
  • Benchmark Resources Across the Organization. Start by comparing the assets, resources, and technology available to your compliance and risk management teams with those available in other departments, particularly those focused on capturing market opportunities. Look for any imbalances that could undermine the effectiveness of your compliance efforts.
  • Make a case for compliance. If compliance is underresourced, build a compelling business case for increased investment. Highlight the risks associated with inadequate compliance resources, including the potential for regulatory breaches, reputational damage, and financial losses. Use data to demonstrate how enhanced resources could improve compliance outcomes and protect the organization.

Implement Real-Time Monitoring

The DOJ’s focus on data access and analytics also means that real-time monitoring should be a cornerstone of your compliance strategy. Static, periodic reviews are no longer sufficient.

  • Continuous Data Feeds. Implement systems that provide compliance officers with ongoing, real-time data. This allows for immediate detection of potential issues.
  • Automated Alerts. Set up automated alerts for key risk indicators, such as unusual transaction patterns or policy violations. This ensures that your team can respond to potential breaches before they escalate.
  • Integrate Compliance into Business Strategy. To ensure ongoing support, integrate compliance more closely with business strategy. Show how robust compliance efforts contribute to long-term success, aligning compliance goals with the company’s objectives.

Leverage Data to Assess Compliance Program Effectiveness

The ultimate goal of data access and analytics is to measure and improve the effectiveness of your compliance program. The DOJ is looking for companies that can demonstrate how they use data to inform their compliance efforts.

  • KPIs and Metrics. Develop key performance indicators (KPIs) that track compliance program success. Metrics might include the number of detected compliance incidents, response times, or the effectiveness of training programs.
  • Data-Driven Adjustments. Use data insights to make real-time adjustments to your compliance strategy. If the data shows a particular area of concern, pivot quickly and address it with targeted interventions.
  • Measure the Effectiveness of Analytics Models. Develop metrics to evaluate the performance of your data analytics models. These could include detection rates, false positive/negative ratios, and the speed at which issues are identified and resolved. Review and refine these models to ensure they deliver accurate and actionable insights.

Ensure Transparency and Documentation

Finally, remember that the DOJ will be looking for transparency. Be prepared to demonstrate how you use data, make decisions, and allocate resources.

  • Document, Document, Document. Keep thorough records of your data access, analysis processes, and any adjustments based on data insights.
  • Audit Trails. Maintain clear audit trails that show how data influenced compliance decisions. This will be critical in demonstrating to the DOJ that your program is reactive and proactively leveraging data to prevent compliance failures.
  • Monitor Data Quality. High-quality data is the backbone of effective compliance. Regularly assess the quality of your data sources, checking for accuracy, precision, and recall. Implement data governance frameworks that ensure data integrity and reliability, ensuring your analytics models are based on the best available data.

Finally, under Part III of the 2024 ECCP, in the section entitled, Does the Corporation’s Compliance Program Work in Practice?, the DOJ said prosecutors would pose the following question, “Prosecutors should also assess how the company has leveraged its  data to gain insights into the effectiveness of its compliance program and otherwise sought to  promote an organizational culture that encourages ethical conduct and a commitment to  compliance with the law.”

Coupling that language from the 2024 ECCP with Nicole Argentieri’s speech, you see a clarion call for compliance professionals to elevate their programs through the availability and utilization of data and data analytics to meet the DOJ’s evolving expectations. The message is clear: data is not just a business asset but a compliance imperative. By ensuring unimpeded and robust data access, investing in analytics, implementing real-time monitoring, leveraging data to assess program effectiveness, and achieving resource parity for compliance, your compliance program will meet the DOJ’s standards and drive greater organizational integrity and resilience. In this new era of data-driven compliance, the key to success lies in strategic investment and proactive management.

The stakes have never been higher, but with the right approach, the rewards—reducing risk and increasing trust—are worth the effort.

Categories
Compliance Into the Weeds

Compliance into the Weeds: Argentieri Speech and Updated ECCP – The First Analysis

The award-winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds!

In this episode, Tom Fox and Matt Kelly take a deep dive into the speech by Principal Deputy Assistant Attorney General Nicole M. Argentieri at the Society of Corporate Compliance and Ethics 23rd Annual Compliance & Ethics Institute.

Argentieri, revealed substantial updates to the department’s Evaluation guidelines for effective compliance programs, focusing on whistleblower protections and the effectiveness of reporting mechanisms. Matt, reporting live from Dallas, discussed the implications of these updates, especially regarding the DOJ’s increased scrutiny on companies speak-up cultures and the protection of whistleblowers.

Tom and Matt explored the practical steps compliance officers need to take to meet these new DOJ expectations, including ensuring anonymous reporting mechanisms are well-publicized and effectively utilized, fostering a culture that encourages reporting without fear of retaliation, and aligning company policies with the latest external whistleblower protection laws. They also touched on the potential challenges of balancing AI risks with these new guidelines and the broader impact on compliance programs.

Key Highlights:

  • Key focus on enhancing whistleblower protections.
  • Compliance officers must ensure that reporting mechanisms are well-publicized.
  • Importance of aligning internal policies with external whistleblower protection laws to ensure comprehensive employee training.
  • Balancing the challenges of AI risks with the need to adhere to new DOJ guidelines.
  • The practical steps for compliance professionals to align their programs with DOJ’s evolving expectations.

Resources:

Matt in Radical Compliance

Tom in the FCPA Compliance and Ethics Blog

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn