Compliance Briefing — March 3, 2023

Executive briefing: The U.S. Department of Justice Criminal Division issued a refreshed Evaluation of Corporate Compliance Programs (ECCP) on March 3, 2023. Prosecutors assessing corporate misconduct will now scrutinise messaging platform preservation, compensation clawback mechanisms, and the data used to monitor compliance effectiveness.

Immediate compliance priorities

Messaging retention. Document policies covering personal devices, ephemeral messaging, and collaboration platforms, including disciplinary consequences for improper deletion (ECCP pp. 13–15).
Incentives and discipline. Review bonus, promotion, and clawback frameworks to ensure compliance performance factors meaningfully influence outcomes (pp. 16–19).
Data-driven monitoring. Inventory compliance data sources—hotline, investigations, audits—and demonstrate how metrics inform programme adjustments (pp. 5–6).

Control alignment

Technology governance. Implement mobile device management and archive tools that capture business communications while respecting privacy and local law constraints.
Compensation documentation. Update HR systems to log compliance-linked incentive decisions and clawback actions for evidentiary support during DOJ inquiries.
Continuous improvement. Formalise risk assessment cadences, root-cause analysis, and feedback loops that tie investigative findings to policy or control changes.

Enablement moves

Conduct cross-functional workshops with legal, HR, and IT to reconcile retention rules across jurisdictions and implement device attestation processes.
Benchmark disciplinary outcomes to detect uneven enforcement and recalibrate training or accountability structures.
Prepare board and audit committee briefings that summarise the ECCP updates, current programme maturity, and remediation roadmaps.

Sources

Zeph Tech aligns messaging preservation, incentive governance, and compliance analytics so clients can evidence programme effectiveness to DOJ prosecutors.