New DOJ guidance stresses importance of data analytics | EY
DOJ signals the increasing importance of data analytics
The Evaluation of Corporate Compliance Programs (revised June 2020) (ECCP) provides guidance to DOJ attorneys when conducting an investigation of a corporation, determining whether to bring charges, or negotiating plea or other agreements (Justice Manual 9-28.300). The June 2020 revisions added specific guidance on the DOJ’s expectations for data collection and use. These revisions and updates reflect, in part, the DOJ’s own evolution and their experience applying data analytics tools to identify and investigate fraud schemes. The revised guidance outlines the DOJ’s specific expectations for data collection and use. The ECCP directs DOJ attorneys to ask:
Do compliance and control personnel have sufficient direct or indirect access to relevant sources of data to allow for timely and effective monitoring and/or testing of policies, controls and transactions? Do any impediments exist that limit access to relevant sources of data and, if so, what is the company doing to address the impediments?
The revised guidance emphasizes using compliance metrics and data to ensure the effectiveness of a compliance program. Examples used in the guidance include understanding which policies and procedures are being accessed by relevant employees; evaluating how training impacts employees’ behavior or operations; measuring helpline awareness and effectiveness; and monitoring investigations and resulting discipline for consistency.
Going forward, we anticipate that the use of compliance analytics will play a role when companies attempt to benefit from the DOJ’s Foreign Corrupt Practices Act (FCPA) Corporate Enforcement Policy. The policy requires a company to demonstrate that it had an effective compliance program, including a system of internal and accounting controls which enabled the identification of the misconduct and led to the company’s voluntary self-disclosure. As part of this analysis, data analytics can (1) demonstrate and enhance how the compliance program effectively measures, reports and operates; (2) be used to identify trends and create insights; and (3) assist with monitoring.
Importantly, the DOJ has also recently hired several former chief compliance officers including (1) Glenn Leon as the chief of the Fraud Section, who was previously the CECO of Hewlett Packard Enterprise; and (2) Matt Galvin, former CECO of AB InBev, to a new role within the Fraud Section as Counsel, Compliance and Data Analytics. They bring deep in-house experience and perspective to the DOJ. Their recent statements indicate a pragmatic expectation for companies to use the data and technology that they have access to — it isn’t about using the “shiniest tool in the toolbox.”