Alerts
New DOJ Guidelines for Evaluating Compliance Programs: Impacts on Brazilian Companies
On September 24, the U.S. Department of Justice (“DoJ“) published an updated version of the Guidelines for Evaluating Compliance Programs, which are used by the agency’s prosecutors in the context of violations of the Foreign Corrupt Practices Act (FCPA).
The last update took place in March last year, when the DoJ focused on two topics at the time: (i) compensation and clawbacks; and (ii) use of personal equipment, communication channels, and messaging apps.
This new update addresses the corporate use of data and technology, based on the premises: (i) how companies have dealt with technological advances; and (ii) whether their compliance programs are adherent to the use of these technologies, including in cases where data is stored by third parties.
To this end, the DoJ added a section to the guide, with 10 questions on compliance risk management in the field of technology, with a focus on artificial intelligence (AI):
- Does the company have a process in place to identify and manage emerging internal and external risks that may affect its ability to comply with the law, including risks related to the use of new technologies?
- How does the company assess the potential impact of new technologies, such as AI, on its ability to comply with criminal laws?
- Is risk management related to the use of AI and other new technologies integrated into broader enterprise risk management (ERM) strategies? What is the company’s approach to governance regarding the use of new technologies, such as AI, in its commercial business and compliance program?
- How is the company curbing any potential negative or unintended consequences resulting from the use of technologies, both in its business and in its compliance program?
- How is the company mitigating the potential deliberate or reckless misuse of technologies, including by members of the company?
- To the extent that the company uses AI and similar technologies in its business or as part of its compliance program, are there controls in place to monitor and ensure its reliability, reliability, and use in compliance with applicable law and the company’s code of conduct?
- Are there controls in place to ensure that the technology is only used for its intended purpose?
- What baseline of human decision-making is used to evaluate AI?
- How is accountability over the use of AI monitored and enforced?
- How does the company train its employees in the use of emerging technologies such as AI?
- Does the company consider migrating or combining critical enterprise resource planning systems as part of the integration process in M&A cases? To what extent did compliance and risk management functions play a role in the design and implementation of the integration strategy?”
The DoJ also added other relevant issues regarding the importance of lessons learned, which should be reflected in policies and training.
Reporting mechanisms and incentives received subtle but relevant attention: the DOJ added a marker on “Commitment to Whistleblower Protection and Anti-Retaliation”, which highlights the importance of a true and practical whistleblowing channel.
It is evident that the DoJ is attentive to the innovations and demands of the global business environment, so much so that it has been updating the Guidelines more frequently, as its content is extremely material for organizations.
These Guidelines have a direct impact on U.S. companies operating in Brazil, other companies subject to the FCPA, as well as on domestic corporations that are not directly under U.S. jurisdiction. This is because U.S. practice in this field tends to influence and inform the evolution of our system in Brazil.
As a result, adopting mechanisms that enable the identification and control of the risks involved in a company’s operations is key to an effective compliance program. The Guidelines enact additional requirements aimed to ensure the effectiveness of such program. Companies should review these guidances and apply them to their operations as a means to prevent future problems.
Access the new guide here.
Our team specialized in Compliance and Investigations closely monitors changes and updates affecting the market. For further clarification on this or other topics of interest, please contact our team.