Corporate boards will be called upon to renew their oversight of corporate compliance following the recent announcement of several new corporate fraud enforcement initiatives by the U.S. Department of Justice (DOJ). Most notably, these include a new whistleblower program and the expectation that effective compliance programs will monitor the risks of companies’ misuse of emerging technologies, with a focus on artificial intelligence.
The announcements were made in conjunction with the American Bar Association’s 39th National Institute on White Collar Crime in early March, in which senior DOJ leaders reaffirmed the department’s focus on corporate responsibility and provided updates on existing initiatives pursuant to its ongoing corporate enforcement efforts.
Whistleblower Program
The basic elements of DOJ’s new whistleblower rewards program are derived from the department’s 2022 series of initiatives aimed at fortifying its overall corporate enforcement approach. The enhancement of corporate compliance through the implementation of financial incentives and disincentives has remained a consistent focal point for DOJ in retooling its policies. In a speech on March 7, Deputy Attorney General (DAG) Lisa Monaco introduced plans for a new incentive program intended to strengthen corporate enforcement efforts through monetary rewards.
In her introduction, the DAG referenced the historical use of whistleblower programs at the federal law enforcement level (e.g., Securities and Exchange Commission and Commodity Futures Trading Commission programs authorized under Dodd-Frank as well as similar programs implemented by the Internal Revenue Service and the Financial Crimes Enforcement Network). Monaco noted, however, that such programs only cover misconduct within their agencies’ jurisdictions. She also noted that qui tam actions, which offer their own whistleblowing incentives, are only available for fraud against the government (e.g., allegations of False Claims Act violations).
DOJ’s new whistleblower program is thus intended to fill the gaps within the patchwork of existing whistleblower programs. DOJ’s objective is to expand use of this tool and the government’s net in corporate misconduct cases. Virtually any aspect of corporate business that may not have fit within an existing federal whistleblower incentive program may now become a target for tipsters interested in a financial stake in the enforcement outcome. Monaco went so far as to reference going back to the days of “Wanted” posters across the Old West.
DOJ’s new whistleblower rewards plan will start with “a 90-day sprint to develop and implement a pilot program” with a formal start date to be announced later this year. In addition, there are some important limits to the new program. In particular, it would offer payments resulting from government forfeiture actions:
- Only after all victims have been properly compensated;
- Only to those who submit truthful information not already known to the government;
- Only to those not involved in the criminal activity itself; and
- Only in cases where there isn’t an existing financial disclosure incentive – including qui tam or another federal whistleblower program.
The primary areas of focus for the new whistleblower program will include (i) criminal abuses of the U.S. financial system; (ii) foreign corruption cases outside the jurisdiction of the Securities and Exchange Commission; and (iii) domestic corruption cases, especially involving illegal corporate payments to government officials. Examples offered by DOJ included a company paying bribes in exchange for regulatory approvals and “doctoring the books” to conceal those, as well as a chief financial officer forging loan documents.
Artificial Intelligence and Compliance Programs
The second new initiative arises from rapidly emerging technology and DOJ concerns with the potential for artificial intelligence (AI) to be used by criminals to “supercharge their illegal activities, including corporate crime.”
Monaco noted that while the department is alert to the risks of AI, the core criminal activity remains the same (e.g., “fraud using AI is still fraud; price fixing using AI is still price fixing; manipulating markets using AI is still market manipulation”). She did, however, advise that DOJ will be using its tools in new ways to address AI-enhanced corporate crime. Prosecutors will seek sentencing enhancements “where AI is deliberately misused to make a white-collar crime significantly more serious” – for both individual and corporate defendants.
The DOJ’s new AI focus may have a more practical and immediate impact on an organization’s corporate compliance program. According to Monaco, any future DOJ review of an organization’s compliance program will include the government’s assessment of how well the program manages AI-related risks as part of its overall compliance efforts.
More broadly, DOJ’s Criminal Division has been directed to incorporate the assessment of disruptive technology risks (including risks associated with AI) into its guidance on Evaluation of Corporate Compliance Programs (ECCP). This guidance is frequently considered by corporations as they review and refine their existing compliance program documents.
DOJ’s focus on AI will be supported by a new initiative – “Justice AI” – “a series of convenings with stakeholders across industry, academia, law enforcement, and civil society to address the impacts of AI.” Nevertheless, as of this writing the scope of what DOJ might consider as constituting “AI-related risks” is vague. Whether the revised ECCP will offer more specifics is unclear.
Governance Implications
These two new initiatives, as well as related DOJ messaging on its existing corporate fraud enforcement efforts, will for several reasons likely have a notable impact on leadership’s Caremark-related responsibilities to monitor the compliance risks of an organization.
First and foremost, the initiatives are a reminder of DOJ’s continuing commitment to corporate fraud enforcement and especially of is commitments to individual accountability. Among all the strategic and tactical challenges facing a company, the importance attributed to corporate responsibility is a constant. This may affect the board’s allocation of resources to the compliance function and its expectation of coordination between legal, compliance, and executive compensation functions.
Second, officers and directors will be called on to adjust the corporate compliance program to address an entirely new regime of risks arising from potential whistleblowers who are focused on indications of corporate fraud. Internal controls with respect to potential fraud must be sharpened, and overt efforts to demonstrate “tone at the top” should be increased to convince potential whistleblowers of the organization’s commitment to effective compliance. In addition, 24 Hour “hotline” reporting systems should be improved and anti-whistleblower retaliation protections enhanced.
Third, leadership should request a significant increase in the level of coordination between those responsible for internal direction of the company’s AI efforts and appropriate compliance and risk management executives. Until DOJ more clearly defines “disruptive technology risks,” this coordination should extend not only to the known risks and harms that can arise from AI and related technology, but also to the ways in which AI can be used to facilitate corporate fraud. Without further guidance from DOJ, this could require significant time and resources from the company.
Leadership may also anticipate resistance in effecting such coordination from technology officers who may not appreciate the importance of addressing corporate compliance concerns.
The chief legal officer, teaming with the chief compliance officer and chief technology officer, can be particularly valuable advisers to the board in this regard.
This post comes of us from Michael W. Peregrine and Ashley C. Hoff at the law firm of McDermott, Will & Emery LLP.