In recently released updated guidance,[1] the Antitrust Division (“Antitrust Division”) of the U.S. Department of Justice (“DOJ”) outlined how its prosecutors will assess corporate compliance programs when conducting criminal antitrust investigations. The updated Antitrust Division guidance, called Evaluation of Corporate Compliance Programs in Criminal Antitrust Investigations, is the first amendment to guidance that was first published 2019. The guidance tracks the DOJ Criminal Division’s recently updated Evaluation of Corporate Compliance Programs policy.[2]
During the charging and sentencing stages of the criminal process, prosecutors will evaluate a company’s compliance program in effect at the time of the offense as well as any subsequent changes that the company made to improve the compliance program. At the charging stage, for example, prosecutors will ask three preliminary questions:
- Does the compliance program address and prohibit criminal antitrust violations?
- Did the compliance program detect and facilitate prompt reporting of the violation?
- To what extent was a company’s senior management involved in the violation?
These answers to these questions will guide the prosecutor’s evaluation of nine additional factors in assessing an antitrust compliance program. Those factors are:
- Design and Comprehensiveness. The Antitrust Division will give little weight to an antitrust compliance program that is in-name-only. Companies should have a real, rather than paper, antitrust compliance program that establishes standards and procedures to detect criminal conduct. The Antitrust Division will also look at whether the antitrust compliance program is integrated into the company’s business and whether compliance resources are available to employees. In particular, companies should have clear guidelines regarding the use of ephemeral messaging or off-channel means of communication, including addressing whether such communications are required to be preserved.[3]
- Culture of Compliance. Companies need to put their antitrust compliance programs into practice and emphasize to employees the importance of participation. The guidance emphasized that companies should not only encourage a “culture of compliance” at the top, but also “from the middle” and at all levels.
- Responsibility for the Compliance Program. Whoever is responsible for the antitrust compliance program must have the qualifications, autonomy, and resources to implement an effective program. The Antitrust Division will review the infrastructure that a company has created to oversee and carry out the compliance function. Companies may improve on this factor by ensuring antitrust compliance efforts are meaningfully communicated to senior leadership, including the board of directors.
- Risk Assessment. Compliance programs should be evaluated and tailored to the unique antitrust risks that the company faces. Compliance personnel should be responsive to the challenges that an effective compliance program uncovers. In this factor specifically, compliance programs should address the risks posed by artificial intelligence (AI), algorithmic revenue management software, and other new technology tools.
- Training and Communication. Employees need to understand their obligations in carrying out an effective antitrust compliance program. This factor looks at the steps a company took to train employees on how to avoid antitrust violations. Whether training is adequate will depend on steps the company has taken to distribute training materials, certify training, and ensure compliance after training takes place.
- Periodic Review, Monitoring and Auditing. Periodic review of an antitrust compliance program is essential for reaffirming commitment to compliance, assessing efficacy, and detecting illegality. Indeed, the Antitrust Division calls this factor “critical.” Companies should develop the capacity to conduct prompt audits to detect antitrust violations and policies to use audit findings to improve compliance.
- Confidential Reporting Structure and Investigation Process. Employees must be able to report antitrust violations without fear of retaliation. The ability to report violations confidentially is integral to facilitating an antitrust compliance program. This factor also considers whether there are mechanisms in place for ensuring that compliance personnel receive and act upon a report.
- Incentives and Discipline. Companies need to implement incentive structures that promote antitrust compliance and discipline violations. On the incentive side, prosecutors will consider whether compliance has factored into employee compensation or promotion decisions. As for discipline, prosecutors will evaluate the procedures that exist to discipline employees for antitrust violations and whether an employee has ever been disciplined in that manner.
- Remediation and Role of the Compliance Program in the Discovery of the Violation. When a company detects an antitrust violation, it should revise its compliance program to try to prevent recurrence of the detected violation (or similar conduct). While a compliance program cannot prevent every antitrust violation from occurring in the first place, detection is relevant to whether the program was effective. After a violation has occurred, prosecutors will be especially interested in how companies revise their compliance programs to prevent similar violations going forward.
Sentencing Considerations
The updated guidance also addresses how the Antitrust Division will determine whether to bring criminal charges against a company, and if so, how it will evaluate potential sentencing reductions to a company deemed to have an effective antitrust compliance program:
- By implementing an effective compliance program according to the factors identified in the Antitrust Division’s guidance, a company can avoid charges and the criminal process altogether even when a violation occurs.
- When the Antitrust Division does decide to bring charges, an effective compliance program may entitle a company to credit under the sentencing guidelines, including reductions in statutory fines.
Key Takeaways
Companies should review their existing compliance policies and procedures in light of the updated Antitrust Division guidance and should consider the following:
- Assess Risks: Companies should identify risks that have emerged since the last time the policy was evaluated (such as AI, pricing algorithms, and new other technology) and should review the adequacy of the compliance policy’s substance and procedures for addressing those risks.
- Update Policies and Procedures: Companies should ensure that their policies comply with critical components of the updated guidance, such as robust training and communications regarding authorized use of AI and clear provisions on the use and preservation of ephemeral messaging.
Reviewing compliance policies can help companies not only to mitigate criminal risk, but also to reduce the risk of civil antitrust claims. As the updated guidance notes, “[a] strong culture of compliance can allow a company to steer clear of civil antitrust violations and, if violations do occur, to promptly self-disclose and remedy them and cooperate with a civil antitrust investigation.”
By understanding these updates and implementing these key takeaways, companies can strengthen their antitrust compliance programs and demonstrate a commitment to a “culture of compliance.”
[2] DOJ Updates the Evaluation of Corporate Compliance Program Memorandum, Emphasizing Emerging Technologies, Data Analytics, and Whistleblower Protections | News & Resources | Dorsey.
[3] This guidance tracks updated guidance from DOJ and the Federal Trade Commission regarding the requirement that the government’s standard preservation letters and subpoenas include language about the preservation of ephemeral messages. Office of Public Affairs | Justice Department and the FTC Update Guidance that Reinforces Parties’ Preservation Obligations for Collaboration Tools and Ephemeral Messaging | United States Department of Justice.