On September 12, 2019, the U.S. Department of Justice announced that federal prosecutors will assess whether compliance officers make adequate use of data analytics in their reviews of companies that are under investigation.
In a speech at a compliance and ethics conference, Matthew Miner, deputy assistant attorney general in the Justice Department's criminal division, stated that prosecutors will inquire whether compliance departments have access to internal data that could help them identify misconduct.
This announcement provides further color to the Department's initial guidance relating to economic crime and corporate enforcement. In April 2019, the Department offered insight into how prosecutors will evaluate compliance programs in its Evaluation of Corporate Compliance Programs Guidance Document ("the Guidance"). The initial Guidance provided a framework for how the Justice Department expects prosecutors to evaluate corporate compliance programs.
The Guidance posed three fundamental questions that prosecutors must ask:
- "Is the corporation's compliance program well designed?"
- "Is the program being applied earnestly and in good faith?" In other words, is the program being implemented effectively?
- "Does the corporation's compliance program work" in practice?
Milner's speech provided additional detail regarding what prosecutors expect to see when evaluating these three questions. Miner also stated that the Justice Department recognizes that data analytics "expedites case development, saves resources," and makes the overall program of enforcement more effective
Miner explained that the Justice Department has had success in identifying fraud in the health-care and securities industries by relying on data analytics. Specifically, Miner noted that the Justice Department has been able to identify "indicators or anomalies that are suggestive of market manipulation and other fraudulent activity" through data analytics.
As a result, according to Miner, prosecutors expect compliance officers to be able to identify potential misconduct using similar methods, where appropriate. While the Justice Department can identify potential fraud from market-wide data, "companies have better and more immediate access to their own data." If misbehavior occurs at a company, prosecutors will inquire about whether the company has analyzed or tracked its own data resources.
Miner highlighted the Justice Department's focus on data analytics in the spirit of transparency, but also to alert companies that this is an area of focus in evaluating compliance programs. The Justice Department is openly undertaking enforcement with a "data-driven approach."
Miner's remarks are further evidence that the Justice Department expects data analytics to be a component of an effective compliance program, particularly in the commodities industry. Companies will need to consider how the Justice Department's expectations should influence the way they design and implement their compliance programs.
Likewise, Companies that operate in the United Kingdom ("UK") will need to consider the role of data analytics in their compliance programs. Recently, the Financial Conduct Authority in the UK announced that it, too, will focus on how firms analyze their own data in an effort to comply with financial regulations. Additional information is available here.
Ropes & Gray has been on the forefront of thinking about the use of data analytics in corporate compliance programs and global risk management. Additional information on Ropes & Gray's global risk management practice and our recent report on data and behavioral science in compliance is available here.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.