Nov. 20, 2024

DOJ’s 2024 Edits to the ECCP: Data Analytics to Find Risks and Measure Effectiveness

Principal Deputy Assistant Attorney General Nicole Argentieri gave top billing to artificial intelligence when she announced recent changes to the Evaluation of Corporate Compliance Programs (2024 Edits). Getting into the weeds, however, a larger proportion of the 2024 Edits relate to how companies use more straightforward data collection and analytics to monitor, optimize and improve their compliance programs. In this second article of our series analyzing the 2024 Edits, we examine the new questions added that implicate how data is used in a compliance program to identify and mitigate risks, as well as how data analytics can be used to see how well the compliance program is working, providing value and improving company culture. The first article focused on the changes related to artificial intelligence; the third and final article will take a look at new language related to whistleblowers, compliance resources and incorporating lessons learned. See “Thoughts From DOJ Experts on Using Data Analytics to Strengthen Compliance Programs” (May 22, 2024).

Loose Lips Sink Ships: Maintaining Confidentiality in Investigations

During World War II, the U.S. Office of War Information launched a poster campaign with the slogan “Loose lips sink ships,” urging Americans to avoid careless talk that could jeopardize the war effort. In our modern context, “loose lips” can sink not ships, but entire investigations, careers and even companies. In a guest article, Ann Sultan, a member of Miller & Chevalier, and Ian Moolman, an ethics and business integrity manager at Emirates Global Aluminium (EGA), examine best practices for protecting investigations from leaks, factors that influence confidentiality measures and the role of emerging technologies. See “Navigating U.S. Privacy Laws in Internal Investigations” (Aug. 28, 2024).

Moog’s $1.7M SEC Deal Spotlights Subsidiary Liability, Third-Party Risk and Self-Reporting

The SEC’s announcement in October 2024 that U.S.-based aerospace and defense company Moog, Inc. had settled FCPA allegations might be easy to overlook with its small-scale bribery and modest settlement amount. Still, even a $1.7‑million slap on the wrist can sting, and the settlement may enlighten the broader regulated community on subsidiary liability, third-party risk, and the pros and cons of self-reporting. The Anti-Corruption Report spoke to experts in the field to glean insights from the settlement. See “Loose Practices and Imprecise Recordkeeping Prompt SEC Scrutiny, Even When Investors Are Unharmed” (Jan. 3, 2024).

Managing Technological Complexity When the Government Comes Knocking

In the past two decades or so, the number of ways humans can communicate with each other has multiplied exponentially. With the advances in technologies, involvement in a government investigation, where prosecutors want to see all relevant evidence, has become increasingly complicated. This article synthesizes insights from Christian Nauvel, Deputy Chief Counsel for Corporate Enforcement at the DOJ, Venable partner Matt Murphy and Johnson & Johnson senior counsel Nick Connor on how companies can get out ahead of investigations. See “Compliance Challenges in Records Management” (Aug. 16, 2023).

Emerging Issues in Workplace Privacy: Regulations and Compliance Strategies

As employers increasingly turn to automated tools to monitor and collect information on employees to increase efficiency, assess safety issues, streamline candidate screening and assess performance, federal and state regulators are examining privacy issues unique to such practices. Companies should understand the types of surveillance tools available to them as well as the risks and benefits of their use. Counsel from the California Privacy Protection Agency, Sidley Austin and Center for Democracy & Technology delved into workplace monitoring trends and issues at IAPP’s Privacy.Security.Risk. 2024 conference. This second article in a two-part series distilling their insights examines the legal and regulatory landscape applicable to employee privacy and offers compliance considerations. Part one discussed the types of employee data that companies are collecting and how and why they collect it, as well as employees’ concerns and how to navigate them. See “Privacy and Data Security Regulators Discuss Enforcement Priorities and Collaborative Efforts” (Jul. 31, 2024).

White-Collar Partner Joins Shook in Chicago

Shook, Hardy & Bacon has expanded its government investigations and white collar practice by adding Jay Schleppenbach as a partner in Chicago. He arrives from Dechert.