10 key themes
Corporate compliance programmes
Are your compliance programmes fit for purpose in 2020?
Identifying illegal conduct and risk areas in your business
As antitrust authorities use increasingly sophisticated tools to uncover suspected anti-competitive behaviour, it is essential for companies to tackle risk areas within their businesses with effective compliance systems.
Detecting potential infringements at an early stage can protect companies from large and costly investigations and follow-on litigation. It both increases the chance of securing immunity from, or a reduction of, fines, and – more importantly – enables the company to prevent or stop certain conduct before it becomes a serious infringement.
However, there is no ‘one-size-fits-all’ compliance programme:
- companies must tailor the programme to their activities and risk profile;
- programmes must evolve and adapt to changes in the company or the market; and
- training must be continually updated to reflect developments in the law and the business.
Effective risk mapping and tailored training are the key pillars in the fight against misconduct. Companies need to ensure that their compliance training is effective, is up to date and also allows employees to understand the more complex conduct risks. In order to provide a targeted compliance training, a company needs to know which employees require training and on what subjects. The employees should be tested afterwards on their understanding of the training.
Audits and training are obviously essential but what is often missing in many organisations is an efficient follow-up process on identified issues. Companies must make sure that the issue is not only identified but also solved for the future. Compliance is not only a task for legal and compliance teams – it is a top management obligation and their engagement is a prerequisite for success.
Agency guidance on the elements of an effective compliance programme
As more authorities publish guidance on the essential elements of an effective compliance programme, a few common themes emerge:
- as noted above, employees must be properly trained with regular refresher sessions;
- compliance needs to be monitored closely; and
- causes of wrongdoing must be analysed.
Companies that are serious about antitrust compliance should implement effective compliance programmes. Antitrust agencies are in fact sceptical about classic compliance programmes, which do not include concrete elements and safeguards.
Gian Luca Zampa
Recent examples include guidance published by authorities in the US and Italy:
- guidance issued by the US Department of Justice (DOJ) sets out how the DOJ looks at the design of the programme, how effectively the programme is implemented and whether the compliance programme works in practice; and
- the Italian guidelines note that a compliance programme must be designed and implemented consistently with the characteristics of the company concerned and must take account of the market environment. Compliance must be an integral part of corporate culture and policy and must be backed up by effective training and a system that manages processes exposed to risk.
Recent DOJ guidelines establish a baseline for evaluating an effective antitrust compliance programme – at least in the US. This provides an opportunity for companies to meet this standard and potentially benefit from it going forward, but it also puts companies on notice that failure to meet DOJ standards will be a mark against them in seeking a positive resolution in a criminal cartel investigation in the US.
Credit for effective compliance
More authorities and courts are considering whether to credit compliance efforts when imposing fines, but only when compliance programmes are well designed and effectively implemented:
- the DOJ’s updated policy for assessing antitrust compliance programmes in the context of criminal investigations signals the importance of compliance programmes to the DOJ and is intended to incentivise compliance by rewarding companies that have effective programmes in place. The most significant change is that the DOJ will now evaluate compliance programmes when considering whether to charge companies for criminal antitrust violations, which it has declined to do in the past;
- the UK already allows for a reduction of up to 10 per cent where adequate steps have been taken with a view to ensuring antitrust compliance;
- the German Federal Court of Justice held that effective compliance programmes can lead to a reduced antitrust fine;
- the Italian Antitrust Authority issued its official guidelines for compliance programmes, setting out in detail the minimum content that a compliance programme must have to qualify for a fine reduction and the conditions that must be met to obtain a fine reduction ranging from 5 per cent to 15 per cent; and
- Australia operates a similar system as the UK whereby the existence of an effective programme may be a mitigating factor.
It’s good to see competition authorities following the approach of other prosecuting agencies in giving credit for effective compliance. Whilst the detailed guidance may differ across authorities, at its heart it is about culture and conduct. An organisation needs to convince colleagues and agents that it wants them to behave in a compliant manner, not just create the appearance of doing so. A holistic approach that focuses on behaviours is key.
The growing role of AI and data analytics in antitrust audits and investigations
More companies are using tech solutions to verify antitrust compliance. This can be done in many ways: from automating periodic antitrust audits of leadership staff to (near) real-time analysis of correspondence and documents to ensure compliance and increase the likelihood of preventing or detecting potential infringements.
The digitisation of workplaces and new channels of work-related digital communication lead to an ever-growing number of documents. As a result, AI supported tools may soon become the gold standard in antitrust compliance.
AI and data analytics tools may be able to help manage misconduct risk and deal with the amount of data. Proper integration of AI tools into your workflow is therefore key. As the authorities invest more in innovation in the ‘regulatory tech’ space, companies need to think about solutions that match the data potentially available to authorities to train algorithms.
The future gold standard for antitrust compliance is certainly AI-enabled and looks at communication and documents in real or near-real time. It will check findings against other data sources (HR, finance) to make results more accurate.
Andreas von Bonin
Nine factors the DOJ will consider when evaluating an antitrust compliance programme
Design and comprehensiveness: is it integrated into the business, updated regularly and accessible by employees?
Culture of compliance: do senior management’s actions reflect the importance of the programme?
Responsibility for the compliance programme: do those with responsibility for the programme have sufficient autonomy, authority and seniority within the company’s governance structure? How does the programme compare to other company functions in terms of structure?
Risk assessment: is the programme tailored to the company’s business to account for antitrust risk?
Training and communication: is the programme understandable by employees? Do the appropriate employees receive training effectively and often?
Periodic review, monitoring and auditing: how often is the programme updated? Does the company have monitoring and audit mechanisms in place to detect antitrust violations?
Reporting: are employees able to report antitrust violations anonymously or confidentially without fear of retaliation?
Incentives and discipline: are employees appropriately incentivised to comply and disciplined for committing antitrust violations?
Remediation and role of the compliance programme in the discovery of the violation: recognising that compliance programmes may not detect every antitrust violation, what remedial efforts and improvements have been made to prevent recurrence of a violation?
Looking ahead in 2020:
Review your compliance programmes to meet the new higher standard: compliance programmes must map out the antitrust risks associated with the company’s specific activities and allow the company meaningfully to measure their effect and the degree to which employees follow their rules. Evidence is key when persuading authorities that employees have been properly trained.
Identify IT and AI-enabled solutions that work for your company: a bespoke compliance system that is continually updated is key for successfully monitoring risk. AI and machine learning supported tools are likely to become the gold standard in the near future.
Understand which tech solutions are being developed by the authorities: as authorities invest in tech and computing power to detect markets where competition is not working and conduct investigations, companies should be ready to meet the challenges that tech-enabled investigations bring.
Download the Freshfields Antitrust 101 app
Are your agreements with competitors, customers, distributors and suppliers antitrust compliant?
Explore our guide to risk assessment and minimise your exposure to expensive and damaging investigations.
Premium and bespoke versions also available.