New DOJ Compliance Evaluation Criteria Is Manageable, Industry Official Says

Compliance departments are “well-poised to handle” DOJ’s recently revised policies for how it assesses corporate compliance programs’ approach to communications platforms (see 2303030056), and “it’s totally within their competency and wheelhouse to do so,” said Julie DiMauro, a compliance professional with Global Relay, which helps businesses supervise and report communications intelligence. DiMauro rebutted comments from a former DOJ official who said this month that the new policies are “virtually unenforceable” (see 2304050081).

“Today’s compliance department is already equipped professionally -- and can be equipped technologically -- to meet yet another challenge in an ever-changing risk landscape,” DiMauro said in an April post for the Foreign Corrupt Practices Act Blog.

She pointed to the fact that most people use social networking platforms regularly, “which means the way we communicate with each other, including the way we do business, has changed completely.” It’s the responsibility of compliance departments and law enforcement agencies to “evolve with these changes,” DiMauro said.

“The decision to adopt and use any new technology to transact business and certainly to communicate about such transactions has always needed a proper analysis of the compliance risk,” she said, adding that it’s “logical” that DOJ is now including that risk in its Evaluation of Corporate Compliance Programs (ECCP). DiMauro said compliance departments can use regulatory technology to help them “monitor, store, produce, and report effectively on communications from a variety of channels,” including from email, social media, instant messaging, video conferencing or other methods that may be captured by the agency’s revised policies.