Ask an Expert: With 2025 underway and the new guidance and trends in the compliance sphere, what improvements and updates can you make to your compliance program without needing a huge overhaul?
It is true to that compliance enforcement guidance, including an update to the Evaluation of Corporate Compliance Programs from the DOJ in September 2024, has mentioned new technologies and the risks associated with using artificial intelligence (AI) and other assessment tools for their compliance programs.
AI is becoming a part of even the investigations on corrupt practices by the DOJ, and it can save your compliance team time and effort, but it must be used properly and with caution. Tools like AI can be excellent for parsing through large amounts of data, to spot any potential red flags in financials or other record-keeping, for example. But it should not be a replacement for human efforts and review altogether within compliance. When using such technologies, it is advised that you do so at the scale, risk, and means by which your company can properly address and review the findings.
As a part of a compliance program review, checking policies, especially those on whistleblowing, should be top of mind. The DOJ in its recent guidance, has stressed that companies must have a clear and easy way for individuals to report any misgivings or red flags internally, and that protections for whistleblowers should be in place. Review recent policies and ensure that any changes are documented and employees are trained on these updates.
Simple steps like these reviews can be done, in part, by new technologies like AI, to help save the compliance team’s time. AI can help to summarize current policies, but then the compliance team itself should evaluate what may be lacking and write in changes with the help of leadership, legal, HR and other overlapping departments.
2025 can be a time to create efficiencies with the latest in compliance technology. The DOJ notes in its latest update that a compliance program and training should evolve based upon lessons learned from other enforcement actions in one’s industry or region, or even compliance concerns within one’s own company. This can only be done by a compliance officer with the knowledge and skillset to interact with compliance peers across their industry and across the globe, with the institutional knowledge of a company’s internal workings and procedures and processes, and who possesses a knowledge of the risk associated with doing business at their own company. Again, AI can help to review articles and learn about recent enforcement action, allowing the compliance team to more quickly update trainings based on these findings.
Use technology to supplement and support the compliance team and updating a program will take fewer resources, less time, and allow the compliance team to dedicate more bandwidth to putting these efforts into practice within an organization.
Associate Director, Compliance Training, TRACE
This post is part of our “Ask an Expert” series where we take questions submitted by readers and ask an expert in the compliance field to provide insight. If you have a question you would like answered, please submit here. |