December 27, 2023 | 3 minute read

The Department of Justice has published — and continues to update and emphasize — a set of practical guidelines on what it views as an effective compliance program and how it makes decisions about bringing charges and evaluating resolutions. Companies that are struggling to address the current hot trends in compliance and enforcement, and new ones that could potentially emerge, can use the Department’s explicit expectations to create a roadmap.

Below we summarize a few of these latest trends, including artificial intelligence and workplace use of personal devices, and provide a blueprint to building a culture of integrity strong enough to avoid potential pitfalls.

Hot Trends in Compliance and Enforcement

Artificial Intelligence

The broadest category of emerging compliance issues stem from technology, especially generative artificial intelligence (AI), such as use of ChatGPT and similar tools. AI is a complicated topic that has forced companies to build compliance structures based on predicting how regulators will respond to technology that may replace tasks that humans currently do. While not necessarily a set of federal agency regulations, Biden’s recently issued Executive Order on AI outlined actions, principles and expectations for federal agencies. Companies should review the order and its potential impact on their operations as they consider planning for how to adapt compliance policies to the use of AI. In particular, data protection compliance is anticipated to become even more important as generative AI technology advances.

Personal Devices and Messaging Platforms

The emergence and increased use of new workplace communication platforms coupled with increased remote workers create new challenges for corporate compliance programs. For instance, reviewing employee emails is often a fundamental component of an effective internal investigation of potential misconduct. Also, regulators expect companies to be able to produce relevant business-related communications in any government investigation. However, instead of company-supported emails, employees are increasingly using messaging platforms (such as WhatsApp and Signal) on personal devices for business-related communications to which the company often does not have the right to obtain. Additionally, the mass use of video conferencing technology, such as Zoom and WebEx, and platforms such as Microsoft Teams that exponentially grew from the pandemic, have fundamentally changed how employees communicate, but bring their own challenges to preserve and access the use of that technology. The failure to address these issues through policies and training can not only impact the effectiveness of a compliance program, but draw the ire of government investigators if records were not properly preserved.  

Ethical Conduct

Another top area of concern for companies is employee ethics and personal conduct toward each other. A company’s reputation is one of its most important assets so companies should view a robust compliance program as an investment in the retention and enhancement of its culture rather than a “cost of doing business.” It shouldn’t be unexpected that bad behavior may occur, but focusing on minimizing the risks on the front end and then responding to miscues effectively when they happen goes a long way toward building a culture of integrity.

Building Culture Through Compliance

Below is a roadmap for how companies can proactively address the underlying risks of these trends and build an effective compliance program that supports a strong culture of integrity. A well thought out and strong compliance scheme is the glue and fabric that holds a company together in a positive way and its culture reflects whether the compliance program is working. Having discipline and the right controls in place also builds confidence that companies know how to take the honest risks that are necessary for succeeding at business without hitting potholes.

The Roadmap

  • Reward employees for making good decisions and developing honest habits that comport with the principles and expectations articulated by regulators.
  • Set honest, supportive and realistic expectations for employees ahead of time so there’s an expectation of transparency in how they communicate and less to worry about when your company receives a subpoena, or a hold notice related to preservation of records.
  • Pursue a risk-based approach of proactively elevating attention to areas that are more likely to face scrutiny so your company can better handle regulator enforcement sweeps related to new trends that come along, such as cryptocurrency developments or new international sanctions.
  • Avoid creating overbroad obligations and burdens throughout your company.
  • Anticipate where trends are heading by having conversations with business leaders as early as possible before making any decisions that may need to be backtracked.
  • Emphasize and remind employees of your company’s values through training.
  • Adopt a balanced, healthy appetite for risk that allows room for creativity and employees know where the realistic boundaries are.
  • Don’t punish employees for unintentional mistakes that occur in good faith.
  • Enforce discipline at all levels of an organization for non-compliance with company policy or encouraging employees, direct reports or others not to comply.