The Department of Justice (DOJ), equivalent to the Public Prosecutor’s Office in the U.S., released the latest version of the “Evaluation of Corporate Compliance Programs” guide in September, which serves as a reference for prosecutors when analyzing the Compliance Programs of companies involved in criminal investigations.
Since its launch in 2017, the guide has been frequently updated to remain an effective tool for evaluating companies’ conduct. The most recent version emphasizes the importance of integrating emerging technologies, reinforcing the need for Compliance Programs to adapt to rapid technological changes. This reflects the current landscape, where constant innovation requires companies to be prepared to face new risks and challenges.
The document details the criteria that prosecutors from the DOJ’s Criminal Division must consider when assessing the effectiveness of Compliance Programs. Its purpose is to support decision-making regarding the programs’ effectiveness, both at the time of the infraction and during the indictment or case closure phases. This analysis plays a key role in determining financial penalties and compliance obligations, such as monitoring or periodic reporting.
Though directed at prosecutors, the guide is a valuable tool for companies looking to improve their Compliance Programs, offering clear insight into the criteria used by the DOJ in potential investigations. The 2024 update highlights the DOJ’s commitment to keeping the guide a dynamic tool, evolving with the new challenges and realities that companies face.
Key Updates in the 2024 Version
The 2023 update already highlighted the need for continuous adaptation of Compliance Programs based on past failures and experiences. Now, in 2024, the focus shifts even more toward technological aspects and the integration of emerging technologies, while maintaining an emphasis on whistleblower protection and the use of data to strengthen these programs. Here are the main updates:
- Risks of New Technologies: The 2024 guide expands its focus on disruptive technologies like artificial intelligence (AI) and blockchain. It now suggests that prosecutors consider a company’s ability to identify and mitigate the risks associated with these technologies.
- KLA Comment: The new version of the guide emphasizes the need for continuous monitoring of these technologies, highlighting DOJ’s concern with crimes enabled by advanced technological tools.
- Data Access for Compliance Functions: The guide reinforces that companies must ensure the Compliance department has prompt access to relevant data, using analytical tools to detect irregularities and monitor program performance.
- KLA Comment: The 2024 version suggests that technology investments for Compliance should be proportional to those made in key business areas.
- Whistleblower Protection and Incentives: The DOJ continues to emphasize the importance of robust policies that encourage reporting of misconduct and protect whistleblowers from retaliation.
- KLA Comment: The 2024 version deepens this issue, suggesting that companies actively encourage misconduct reporting, even with rewards.
- Lessons Learned: The updated version of the guide underscores the importance of updating Compliance Programs based on lessons learned, including insights from the experiences of other companies in the sector.
- KLA Comment: The 2024 update goes further, suggesting continuous benchmarking with other companies in the same segment.
- Post-Acquisition Integration: The guide reinforces the need for solid integration of Compliance Programs in mergers and acquisitions, with an emphasis on post-acquisition due diligences.
- KLA Comment: The 2024 version suggests that this integration should be comprehensive and that the risks associated with the acquired company should be incorporated into the buyer’s Compliance Program.
These updates demonstrate a clear trend toward greater rigor in the use of technology, data management, and the promotion of a proactive Compliance culture aligned with emerging challenges. The DOJ makes it clear that it expects companies to be swift in identifying risks and adjusting their programs accordingly.
In Brazil, the guide remains a key reference and can influence the evaluation of Compliance Programs by national authorities, especially in Administrative Accountability Proceedings (PARs) conducted by the CGU and other competent entities. Adhering to the guide’s recommendations strengthens a company’s position before Brazilian authorities and demonstrates a serious commitment to corporate integrity.
KLA’s Compliance team is closely following these trends and is prepared to assist companies in adjusting their Compliance Programs, always respecting the legislation and specificities of the Brazilian regulatory environment.