This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
Subscribe

Social Media Links

| 3 minute read

Artificial Intelligence: DOJ Update to the Evaluation of Corporate Compliance Programs

On Sept. 23, the U.S. Department of Justice (DOJ) updated its Evaluation of Corporate Compliance Programs (ECCP)1 guidance document for prosecutors to consider the impact of emerging artificial intelligence (AI) technology on a company’s compliance program structure. Originally published in 2017, the ECCP outlines elements that prosecutors should consider when evaluating the effectiveness of a company’s compliance program when facing criminal enforcement. 

A highlight from the updated evaluation placed importance on ensuring that companies maintain appropriate compliance policies in an age when rapid AI development and implementation remain largely unregulated for companies.2 The ECCP encourages prosecutors in their investigation of companies' compliance programs to assess whether a company has implemented the appropriate technology, governance, and safeguards to minimize risks, as well as considering the potential long-term ethical consequences of new AI technology. The ECCP urged prosecutors to consider the following questions: 

Conscious Development and Governance 

Continuous Risk Monitoring 

 Long-term Impact Assessments

  • What is the company’s approach to governance regarding the use of new technologies such as AI in its commercial business and compliance program?
  • What baseline of human decision-making is used to assess AI? How is accountability over use of AI monitored and enforced? 
  • How does the company train its employees on the use of emerging technologies such as AI?

 

  • Is management of risks related to the use of AI and other new technologies integrated into broader enterprise risk management (ERM) strategies? 
  • To the extent that the company uses AI and similar technologies in its business or as part of its compliance program, are controls in place to monitor and ensure its trustworthiness, reliability, and use in compliance with applicable law and the company’s code of conduct? 
  • Do controls exist to ensure the technology is used only for its intended purposes? 

 

  • How is the company curbing any potential negative or unintended consequences resulting from the use of technologies, both in its commercial business and in its compliance program? 
  • How is the company mitigating the potential for deliberate or reckless misuse of technologies, including by company insiders? 

 

 

 

 

 

 

 

 

How Does the ECCP Impact Your Company?

Whether you are a company that has already embedded AI into its daily practice or a company that is still contemplating the use of AI, it is imperative to ensure your company has the appropriate technology and security infrastructure, policies, procedures, and data requirements in a manner that maintains the safety, privacy, and integrity of customer data. A few considerations for companies looking to implement or enhance their current AI use include: 

Governance and Monitoring

  • Setting and enforcing clear guidelines, policies, and procedures for the development, implementation, and monitoring of AI technology.
  • Ensuring that the appropriate leadership is involved in critical and ethical decision-making processes.
  • Educating internal and external stakeholders on ethical considerations and risks associated with AI use. 

Structuring Data

  • Developing data models that train AI using accurate, diverse, and non-biased models to enhance customer trust.  
  • Ensuring that AI models have the capability to handle growing datasets and evolve to customer needs while maintaining data integrity.  

Risk Reduction

  • Routinely identifying and evaluating data privacy concerns, biased algorithms, malicious actors, and other types of misuse in AI use and developing effective mitigation strategies. 
  • Adjusting compliance program requirements as international, federal, and state AI regulations continue to emerge and fluctuate depending on changing regulatory landscapes and new technologies. 
  • Performing periodic monitoring and auditing of AI systems to identify compliance issues, track performance, and ensure adherence to established policies and procedures. 

Now is the time to ensure that internal compliance controls are enforced as future non-compliance with AI regulations can cost your company financial and criminal penalties and a loss of business integrity.

What Do You Need To Do?

To stay ahead of the ever-changing and complex rules in AI compliance, companies need to proactively conduct regular risk assessments, monitor evolving federal and state regulations, implement robust data governance practices, prioritize transparency and explainability in their AI systems, actively address potential bias in algorithms, and develop comprehensive policies and procedures for responsible AI development and deployment, including human oversight mechanisms. 

Seeking guidance from professionals to navigate these complex compliance needs can ensure that your company engages in AI technology using the most knowledgeable and safe measures, leading to time-saving and cost-efficient benefits.   

How Can Ankura Help You?

Ankura has an expert team of compliance, privacy, data scientists, AI developers, and security experts that can provide services on how to identify risks associated with the use of AI technology and how to develop controls and risk mitigation methods using a variety of models. 

[1] U.S. Department of Justice Criminal Division, “U.S. Department of Justice Criminal Division Evaluation of Corporate Compliance Programs (Updated September 2024)” (September 22, 2024), https://www.justice.gov/criminal/criminal-fraud/page/file/937501.

[2] White & Case, “AI Watch: Global regulatory tracker - United States” (May 13, 2024), https://www.whitecase.com/insight-our-thinking/ai-watch-global-regulatory-tracker-united-states#:~:text=Laws%2FRegulations%20directly%20regulating%20AI,AI%20albeit%20with%20limited%20application.

© Copyright 2024. The views expressed herein are those of the author(s) and not necessarily the views of Ankura Consulting Group, LLC., its management, its subsidiaries, its affiliates, or its other professionals. Ankura is not a law firm and cannot provide legal advice.

Tags

compliance, article, f-risk, healthcare & life sciences, healthcare compliance, healthcare operations

Let’s Connect

We solve problems by operating as one firm to deliver for our clients. Where others advise, we solve. Where others consult, we partner.

I’m interested in

I need help with