DOJ’s 2024 update to its "Evaluation of Corporate Compliance Programs"

DOJ’s 2024 Compliance Update: What’s New and What You Need to Know

The DOJ’s 2024 update to its "Evaluation of Corporate Compliance Programs" brings some significant revisions and new considerations that every compliance officer should be aware of. As compliance professionals, our role is continuously evolving, and staying ahead of the curve is essential to mitigating risk. So, what’s different in this latest update? Let’s dive into the key revisions, what’s new, and most importantly, what it all means for you.

What’s New: The 2024 Update

1. Artificial Intelligence (AI) Risk Management AI is rapidly becoming a central part of how businesses operate, but it also introduces a range of compliance risks. The DOJ now explicitly addresses how companies should manage AI-related risks—such as ethical decision-making, data privacy, and the risk of algorithmic misuse.

   What to Do Now: Ensure your compliance program assesses AI-related risks, and integrate controls to monitor the use of AI. Provide human oversight where AI is involved in decision-making processes.

2. Data Analytics Integration Data is no longer just for auditing or reporting. The update emphasizes using data analytics in real-time to detect compliance issues, assess risks, and measure program effectiveness.

   What to Do Now: Build data-driven compliance dashboards that offer insights into high-risk activities and red flags. Use this data to proactively address risks before they escalate.

3. BYOD and Messaging Platform Compliance In today’s world, employees often use personal devices and ephemeral messaging apps for work, which poses challenges for compliance. The DOJ now recommends clear policies for managing business-related communications on personal devices and ensuring they are preserved and accessible for investigations.

   What to Do Now: Implement strong BYOD policies and ensure compliance communications, including ephemeral messages, are properly retained. Train your employees on these policies to avoid any lapses in data retention.

4. Continuous Improvement and Testing of Compliance Programs The DOJ is calling for more frequent testing and auditing of compliance controls, with a focus on keeping programs updated as risks evolve. It's not enough to have a program in place—you need to constantly refine it.

   What to Do Now: Establish a schedule for ongoing reviews and testing of your compliance program. Regularly audit your controls, and update them based on lessons learned from internal audits or industry developments.

Key Revisions: What’s Been Enhanced

1. Stronger Emphasis on Risk Assessments Companies must now demonstrate that they have an ongoing process for identifying, assessing, and addressing emerging risks. This includes continuously updating risk assessments to reflect changes in the industry, new regulatory requirements, and evolving technology.

   What to Do Now: Revisit your risk assessment process. Make sure it’s not just a one-off exercise, but a dynamic tool that evolves as your business and the external environment change.

2. Broader Policy and Procedure Requirements The update stresses that compliance policies must adapt to technological advancements and regulatory changes. DOJ wants to see that these policies are not only up-to-date but are easily accessible and well-communicated across the organization.

   What to Do Now: Review your compliance policies to ensure they reflect current legal and technological challenges. Ensure they are easily accessible and well understood by employees at all levels.

3. Tailored Training for Employees Compliance training can no longer be generic. The update encourages companies to develop more practical, role-specific training that focuses on real-world applications of compliance policies and addresses risk areas relevant to particular departments.

   What to Do Now: Revise your training strategy by introducing interactive, risk-based content. Use real-life scenarios and ensure that training is tailored to the responsibilities of each employee.

4. Leadership and Oversight The revised guidelines underscore the importance of senior and middle management in driving a culture of compliance. The DOJ expects active involvement from leadership in not just creating, but living the compliance culture. This includes direct oversight from the board and senior management.

   What to Do Now: Strengthen the connection between your board and compliance function. Ensure that compliance leaders have direct access to the board and senior management to address significant issues effectively.

Final Thoughts: How Ready Is Your Compliance Program?

The 2024 DOJ update is a clear signal that compliance programs must continue to evolve—not just to meet regulatory expectations but to anticipate the future. The focus on AI, data, and proactive risk management are key indicators that static compliance frameworks will no longer suffice.

So, ask yourself:

• Is your compliance program keeping up with technological risks like AI?

• Are you leveraging data analytics to stay ahead of potential red flags?

• Is your leadership truly invested in a culture of compliance?

Now’s the time to assess whether your compliance strategy is ready for the challenges ahead—or if it’s time to implement some of these key revisions to strengthen your program. The companies that embrace these updates will be the ones setting the compliance standard in the years to come.

https://www.justice.gov/criminal/criminal-fraud/page/file/937501/dl