International Legal Highlights - May 2021

McDermott Will & Emery

EXPECT MORE CRIMINAL ENFORCEMENT & WHAT YOU CAN DO TO MINIMIZE YOUR RISK

Justin P. Murphy | Alexandra Lewis

Antitrust cartel and related collusive scheme enforcement is poised to increase. Several factors support this: (1) the Antitrust Division (the Division) has a 10% budget increase for Fiscal Year (FY) 2021; (2) proposed legislation that would increase its budget by $300 million; (3) Democratic administrations have traditionally been more aggressive in enforcing antitrust laws; (4) according to the US Department of Justice (DOJ), last year the Division opened the most grand jury investigations in almost 20 years and by the end of 2020 had the most open grand jury investigations in a decade; (5) increased coordination with international law enforcement agencies, including the Division recently signing a number of cross-border agreements, maintaining active memberships in multilateral organizations dedicated to cross-border antitrust enforcement cooperation and a DOJ official recently noting they have been working at strengthening their relationships with international law enforcement agencies during the pandemic and they expect this to benefit international coordination on investigations and (6) as pandemic limitations on in-person investigative tactics subside (including search warrants and knock and talk interviews, among others), expect a return to overt tactics related to open grand jury investigations.

SHOW MORE

NEW EUROPEAN COMMISSION GUIDANCE: ACQUISITIONS OF NASCENT COMPETITORS ON THE RADAR

Hendrik Viaene | David Henry

The European Commission wants to be able to block or conditionally approve transactions, mainly in the digital economy and in the pharmaceutical sector, even when the thresholds for notification are not met. In publishing its new Article 22 Guidance, the Commission has significantly expanded its ability to review transactions. Parties to a transaction, especially in the digital economy and in the pharma sector, should bear this in mind when strategising on deal timing and any potential remedies. They will also have to take into account the possibility that the transaction will be blocked. For third parties, this opens another possibility to stop a transaction, to extract remedies from the notifying parties or to even roll back an implemented transaction.

SHOW MORE

INTELLIGENTLY EVOLVING YOUR CORPORATE COMPLIANCE PROGRAM

Michael S. Stanek | Sarah E. Walters | Martha K. Louks | Michelle Lowery | Katharine O'Connor

All companies—big and small—are collecting a tsunami of data. The US Department of Justice (DOJ) has now challenged corporate America to harness and analyze that data to improve corporate compliance programs by going beyond the risk profile of what has happened to better understanding the risk profile of what is happening. But where to begin? Artificial intelligence, which is already used to assist in the review and production of documents and other materials in response to government subpoenas and in corporate litigation, is invaluable in proactively reviewing data to identify and address compliance risks.

Takeaways

  • DOJ expects compliance programs to be well resourced and to continually evolve.
  • DOJ wants companies to assess whether their compliance program is presently working or whether it is time to pivot.
  • DOJ uses data in its own investigations and it expects the private sector to rise to the occasion and analyze its own data to identify and address compliance risks.
  • The data is there—mountains of it—and the key is to find an efficient way to analyze that data to improve the compliance program.
  • Artificial intelligence is an important tool for solving the challenge of big data and identifying and remediating compliance risks effectively, quickly and regularly, in conjunction with further periodic review.

BACKGROUND

In June 2020, DOJ updated its guidance on the Evaluation of Corporate Compliance Programs. The guidance, which was first issued in 2017 and updated in 2019, lays out a series of factors for prosecutors to consider when assessing the effectiveness of corporate compliance programs as part of making charging decisions and negotiating resolutions. The overarching theme of the updated guidance, which provides a roadmap for designing and implementing compliance programs, is a renewed emphasis on the substance and adequacy of resources made available to the compliance program. It also reflects a focus on the need to both continually assess whether the compliance program is working, and use data in a meaningful way to assess the program.

Leadership in DOJ’s Fraud Section has “embraced, wholesale, the proposition that data can and does serve as a significant indicator of fraud, foreign bribery, and other white-collar offenses.” In November 2020, at the Latin American Compliance Conference, Acting Deputy Assistant Attorney General Robert Zink emphasized the premium that DOJ is placing on data analytics. Zink explained that DOJ itself uses data analytics in the Foreign Corrupt Practices Act, healthcare fraud and securities fraud spaces to identify leads and potential misconduct. Zink went on to say that to the extent a company has “ready access to data that could be probative of misconduct, [DOJ] would hope and expect they would avail themselves of the opportunity to mine that data to figure out whether bad stuff is happening.” And so, Zink concluded, “companies that invest and take the time to invest and develop robust data analytics programs are certainly viewed favorably” by Zink and other prosecutors evaluating corporate compliance programs.

OVERVIEW OF DOJ’S UPDATED GUIDANCE: EMPHASIS ON DATA COLLECTION AND ANALYSIS

DOJ’s guidance for corporate compliance programs asks three key questions, each of which companies should answer affirmatively to satisfy the Department’s expectations:

  • Is the corporation’s compliance program well designed?
  • Is the corporation’s compliance program adequately resourced and empowered to function effectively?
  • Does the corporation’s compliance program work in practice?

In weighing whether a compliance program is adequately resourced and empowered to function effectively, the guidance instructs prosecutors to assess whether compliance and other control personnel have “sufficient direct or indirect access to relevant sources of data to allow for timely and effective monitoring and/or testing of policies, controls, and transactions.” The guidance also directs prosecutors to determine whether any “impediments exist that limit access to relevant sources of data,” and, if there are, what the company is doing to address those impediments. The Department views this in light of whether a compliance officer has sufficient autonomy and adequate resources: just like having appropriate seniority, access to the board of directors, and an appropriate team, compliance officers must have a view into the business through its data.

In assessing whether the compliance program works in practice, prosecutors are again guided to evaluate a compliance program’s use of data. DOJ has explained that an effective compliance program will improve and evolve along with the changing risk profile of a company’s business, environment, customers, laws and standards. A key way to ensure continuous improvement is to analyze corporate data and data from the compliance function itself, in conjunction with other methods of risk assessment and control testing.

APPLYING DOJ’S GUIDANCE

In practice, the DOJ’s focus on the use of data means two things for a compliance program.

  • First, compliance officers must have access to the right kinds of data, and they must have the technical capability to do something with it.
  • Second, a compliance program, according to DOJ’s guidance, must timely and effectively monitor adherence to its policies, its controls and any transactions. It should also use this data to continually understand the risks faced by the company.

Basic email monitoring tools often do not provide the level of visibility into the business that a compliance officer needs. But, it often is impracticable and cost-prohibitive to set trained human eyes on large swaths of corporate data in the ordinary course of business. Using search terms often misses information in this broad context and still requires a significant manual review effort. The updated guidance admonishes compliance officers that they should address impediments that prevent them from meaningfully accessing and using company data, and there are tools that can facilitate overcoming these challenges.

USING ARTIFICIAL INTELLIGENCE

In 2020, roughly 306.4 billion emails were sent and received worldwide each day, and that number is predicted to reach 319.6 billion by 2021 with further increases for the foreseeable future. In addition to the ever-increasing number of emails, there has also been extraordinary growth in the use of collaboration platforms to support remote work during the COVID-19 pandemic. The number of daily active users just for Microsoft Teams increased from 44 million in mid-March 2020 to 75 million in late April to 115 million by October. The sheer number of communications presents a complex challenge for compliance initiatives.

Artificial intelligence (AI) helps address these problems. AI is able to analyze the data and extract a wealth of information quickly, without the need for humans to read an impossibly large number of documents or guess which search terms may be effective. Instead of spending time looking for the proverbial needle in a haystack or relying on a team of people to manually review documents to understand the story in the data, AI can expose that information quickly. When compliance teams use AI tools, they not only gain an early understanding of facts in the documents, they can also see what isn’t in the data.

HOW TO MAKE ARTIFICIAL INTELLIGENCE WORK FOR A COMPLIANCE PROGRAM

Without any human input, AI can analyze the content of millions of documents and extract information like the emotional sentiment of a communication, the people and organizations mentioned or the social network connections among key players. Legal and compliance teams can use patterns identified by the system to point the way toward smarter search techniques that yield rich results. For example, unusual spikes in communication after business hours or with external parties could reveal inappropriate conduct. Or review could focus on documents with high negative sentiment or fraud signals that the system identified automatically. Visualizing the social network to see who is interacting with whom can also guide the direction of an investigation.

Compliance teams can also use machine learning to prioritize relevant documents and avoid review of irrelevant data. As a person indicates which documents are relevant, the system learns from this input and classifies the rest of the dataset for relevance, building a model tailored to the issues of the investigation. The system continually refines and adjusts the algorithm in response to reviewers’ input, and the most relevant documents are prioritized first. Review efforts can focus on higher-level analysis instead of spending time shuffling through an unnecessarily large number of documents.

Another effective approach is to use pre-trained models to classify the data. Pre-trained models are algorithms that have been configured for specific purposes. For example, a model for gifts and entertainment kickbacks may be useful for certain investigations; perhaps a model for pricing and fees is more effective in another scenario. Another example identifies communications with competitors that may show an implicit or explicit agreement. Pre-trained models can identify documents related to those topics without any human input, and they can be further adjusted and customized to fit the specific needs of an investigation.

As the volume of business communications continues to increase with no end in sight, AI is a critical component to a data-driven compliance initiative. Advanced technologies empower compliance officers to be proactive rather than reactive, finding potential problems quickly and mitigating risk to the business.

ARTIFICIAL INTELLIGENCE + HUMAN INTELLIGENCE = GENUINE INTELLIGENCE AND COMPREHENSIVE COMPLIANCE

An experienced team of compliance, e-discovery and subject matter experts can use AI to gain insight into elusive or unpredictable activity that threatens an organization and that may otherwise have been undetectable. Meeting DOJ’s expectations does not mean that organizations must constantly take on comprehensive compliance reviews. Taking a tailored, data-driven compliance approach will allow organizations to review their risk on a regular basis in a precise and efficient manner. When done in partnership with the right team, organizations can do so while protecting privilege and managing a full array of legal and reputational risks. This approach, when coupled with more periodic and comprehensive reviews of policies and procedures, can substantially decrease compliance risk and directly addresses DOJ’s requirements for an effective compliance program.

SHOW LESS

UPDATE ON EUROPEAN DATA PROTECTION LAW

In mid-January 2021, the European Data Protection Board (EDPB) announced by press release that it has adopted jointly with the European Data Protection Supervisor (EDPS) written Opinions on the European Commission’s drafts for new standard contractual clauses according to Art. 46 of the General Data Protection Regulation (GDPR) and Art. 48 of the European Union Data Protection Regulation (EUDPR). In the near future, there will be two new sets of standard contractual clauses: one for the transfer of personal data between controllers and processors within the European Union/European Economic Area (EU/EAA), and another for the transfer of personal data to third countries outside of the EU/EEA.

SHOW MORE

WHAT ARE THE IMPLICATIONS OF BREXIT IN CORPORATE LAW?

Renate Prinz | Dr. Philipp Grenzebach

Since January 1 of this year, the Brexit is final and, as a result of UK leaving the EU, the binding effect of EU-law no longer applies. But what does this actually mean for corporate law? We briefly summarize the most important changes for companies.1

SHOW MORE

刑事エンフォースメントの増加に備える

Justin P. Murphy | Alexandra Lewis

刑事エンフォースメントの増加に備える:リスク最小化のために今できること

反トラスト法上のカルテルおよび関連する談合に対する執行件数は、増加する見通しだ。これを裏付ける要因として、(1) 米司法省反トラスト局の2021年度予算が10%増額していること、(2) 予算を3億ドルまで増額する法案が提出されていること、(3) 民主党政権は伝統的に反トラスト法の執行に積極的であること、(4) 米司法省によると、昨年、反トラスト局は過去約20年間で最も多くの大陪審捜査を開始し、2020年末までには過去10年間で最多の件数に上ったこと、(5) 司法省が最近、いくつかの国際協定に署名し、反トラスト法の国際的な執行協力を目的とする国際機関での積極的な役割を維持するなど、国際的な執行機関との連携を強化しており、また司法省高官が、コロナ禍中、国際的な執行機関との関係強化に努めており、これが捜査の国際的な連携に役立つことを期待していると述べていること、 (6) コロナ禍による対面での捜査手段の制限(捜索(search)令状や立入質問(knock and talk interviews)等)が緩和されると、進行中の大陪審捜査での公然の捜査が再開されると予想されることが挙げられる。

SHOW MORE

欧州委員会の企業結合審査に関する新たなガイダンス

Hendrik Viaene | David Henry

欧州委員会の企業結合審査に関する新たなガイダンス:新興企業の合併が照準に

概要

欧州委員会は、主にデジタル経済及び医薬品分野において、届出が必要となる基準に満たない場合でも、取引(transaction)を阻止または条件付きで承認できるようにする意向である。新たに発表した第22条に関するガイダンスで、欧州委員会は取引を審査する権限を大幅に拡大した。取引当事者は、特にデジタル経済や医薬品分野に関係する場合、取引のタイミングや対応措置について戦略を立てる際に、このガイダンスを念頭に置く必要がある。また、取引を阻止される可能性も考えなければならない。第三者にとっては、取引を中断したり、届出当事者に対して救済を求めたり、さらに一旦成立した取引を取り消したりできる新たな状況が生じることになる。

SHOW MORE

AI技術を活用したコンプライアンスプログラムの構築

 

Michael S. Stanek | Sarah E. Walters | Martha K. Louks | Michelle Lowery | Katharine O'Connor

AIを活用したコンプライアンスプログラムの構築 – コンプライアンスをインテリジェントに進化させるために –

概要

あらゆる企業は、その規模の大小にかかわらず、津波のように押し寄せるデータを日々収集している。 現在、米国司法省(DOJ)は、米国企業のコンプライアンスプログラムを改善するために、収集したデータを活用し、分析することを求めている。DOJは、起きてしまったことに対するリスクプロファイルにとどまらず、今起きていることに対するリスクプロファイルをよりよく理解するよう求めているのである。 しかし、どこから手を付ければいいのだろうか。 人工知能(AI)は、政府の召喚状に回答するため、あるいは会社訴訟の際に、文書やその他の資料を確認・作成する目的ですでに利用されており、コンプライアンスリスクを先回りして特定し対処するためのデータ確認作業においても非常に有効である。

SHOW MORE

欧州のデータ保護法に関するアップデート

欧州のデータ保護法に関するアップデート

2021年1月中旬、欧州データ保護会議(EDPB)は、新しい標準契約条項に関する欧州委員会の草案に対する意見書を、欧州データ保護監察機関(EDPS)と共同で決定したことを発表した。この新しい標準契約条項は、一般データ保護規則(GDPR)第46条及びEUデータ保護規則(EUDPR) 第48条により基礎づけられる。近い将来、二つの新たな標準契約条項、すなわち欧州連合/欧州経済地域(EU/EAA)内の管理者と処理者の間での個人データの移転に関する条項と、EU/EEA外の第三国への個人データの移転に関する条項が用意されることになる。

SHOW MORE

企業法務におけるブレグジットの影響とは


Renate Prinz | Dr. Philipp Grenzebach

企業法務におけるブレグジットの影響とは?

概要

2021年1月1日、ブレグジットの手続きが終了し、英国がEUを離脱した結果、EU法は英国に対する拘束力を失った。しかし、結局のところブレグジットは企業法務にとって実務上どのような意味があるのだろうか。本稿では企業にとって最も重要な変更点を簡単に説明する。

SHOW MORE

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© McDermott Will & Emery | Attorney Advertising

Written by:

McDermott Will & Emery
Contact
more
less

McDermott Will & Emery on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.