Corporate Compliance Programs: Updated DOJ Guidance In Antitrust Investigations

The Department of Justice (Department or DOJ) considers the "adequacy and effectiveness of [a] corporation's compliance program" as a factor in "conducting an investigation of a corporation, determining whether to bring charges, and [in] negotiating plea or other agreements." (See Department of Justice Manual, Principles of Federal Prosecution of Business Organizations, 9-28.300.) In September, the Department's Criminal Division updated its guidance on the Evaluation of Corporate Compliance Programs ("Evaluation of Criminal Compliance Programs") to "assist prosecutors in making informed decisions as to whether, and to what extent, [a] corporation's compliance program was effective."

There are three "fundamental questions" the Department considers in evaluating a corporate compliance program:

(1) Is it well designed?

(2) Is the program being applied earnestly and in good faith; that is, is it adequately resourced and empowered to function effectively?

(3) Does it work in practice?

The guidance document identifies various factors relevant to answering these "fundamental questions" in the affirmative and should be consulted closely by internal counsel in designing and implementing a compliance program. Evaluation of Criminal Compliance Programs at 1-2.

In November, the Antitrust Division (Division) provided guidance specific to the Evaluation of Corporate Compliance Programs in Criminal Antitrust Investigations (Evaluation of Antitrust Compliance Programs). (Criminal antitrust conduct is generally limited to price fixing, bid rigging, and market allocation schemes, but can extend to certain monopolization matters). While "even an effective antitrust compliance program may not deter every violation" the guidance notes that "an effective compliance program should enable a company to swiftly detect and address" potential antitrust issues. Evaluation of Antitrust Compliance Programs at 2. Notably, the Division indicated that the guidance is relevant to the investigation, evaluation, and settlement of civil antitrust matters. Id. at 3. The Division's guidance draws heavily on the framework articulated in the Criminal Division's recent updated guidance, and the principles in the Department of Justice Manual, Principles of Federal Prosecution of Business Organizations.

The Division will consider the company's compliance program: (i) when making charging decisions; and (ii) when making sentencing recommendations, assessing the program at the time of the violation and improvements after the identification of the offense. Id. at 2. When making charging decisions, the compliance program is evaluated in accordance with the three fundamental questions set out above; the Division's guidance identifies nine elements of an effective compliance program.

1. Design and Comprehensiveness: In considering the design, format and comprehensiveness of an antitrust compliance program, the Division considers, among other things: (i) the format of the antitrust compliance program, and how it fits into the company's broader compliance program; (ii) how the program is implemented and how often it is updated; (iii) who has the responsibility for integrating antitrust policies and procedures into the company's business practices; (iv) what guidance is provided to those employees most likely to identify potential antitrust violations – such as participation in meetings with competitors, and those with approval for price changes; (v) mechanisms the company has put in place to manage and preserve communications, including electronic communications; (vi) whether the company has clear guidelines on the use of "ephemeral messaging" or "non-company methods of communication;" and (vii) the guidance the company provides to employees about document destruction and obstruction of justice. Id. at 5-6.
   
   
2. Culture of Compliance: The Division will examine "the extent to which corporate management – both senior leadership and managers at all levels – has clearly articulated and conducted themselves in accordance with the company's commitment to good corporate citizenship." Specific factors in evaluating the culture of compliance include, but are not limited to: (i) the company's leadership's efforts – through their words and actions – to convey the importance of antitrust compliance to company employees; (ii) how, and how often, the company measures the effectiveness of its compliance program; (iii) whether and how the company's commitment to compliance is reflected in its hiring practices and design of incentives (including compensation incentives); and (iv) the role and expertise of the board of directors with respect to compliance. Id. at 6 7.
   
   
3. Responsibility for the Compliance Program: "Those with operational responsibility for the [compliance] program must have sufficient qualifications, autonomy, authority, and seniority within the company's governance structure, as well as adequate resources for training, monitoring, auditing and periodic evaluation of the program." The Division will consider, among other factors: (i) whether there is a chief compliance officer or executive within the company responsible for antitrust compliance; (ii) how the compliance function compares with other functions in the company, in terms of stature, experience, compensation, rank or title, resources, and access to key-decision makers; (iii) whether compliance personnel are dedicated to compliance responsibilities or have additional non-compliance responsibilities within the company and, if so, what proportion of their time is dedicated to compliance responsibilities; (iv) whether compliance personnel report to senior leadership of the company, including the board of directors, and the format of such reporting; and (v) who reviews the effectiveness of the compliance function, and the review process for such evaluation. Id. at 7-8.
   
   
4. Risk Assessment: "An effective antitrust compliance program should be appropriately [designed and] tailored to account for antitrust risk." Factors relevant to the Division's evaluation of the compliance programs risk assessment include whether: (i) the antitrust compliance program is tailored to the company's lines of business, the industry, and consistent with industry best practices; (ii) the company collects information or metrics that will help detect antitrust violations; (iii) the company's risk assessment is current and subject to periodic review; and (iv) the company's program addresses its use of technology to conduct business, including new technologies such as artificial intelligence and algorithmic revenue management software, how the company mitigates any risk associated with its use of such tools and technology, and whether compliance personnel are involved in the deployment of new technologies, so as to assess the risks such technologies may raise. Id. at 8-10.
   
   
5. Training and Communication: "An effective antitrust compliance program includes adequate training and communication so that employees understand their antitrust compliance obligations." Consideration will be given to, among other factors, whether: (i) the company has mechanisms in place to ensure that employees follow the compliance policy; (ii) employees certify that they have read the compliance policy; (iii) antitrust policies and principles are included in a company Code of Conduct; (iv) training is required before attending trade shows or trade association meetings; (v) employees and senior leadership receive antitrust compliance training, how often such training occurs, including whether attendance at such training is recorded and preserved; and (vi) training is revised and updated, and what factors help determine when and how such training is revised. Id. at 10-12.
   
   
6. Periodic Review, Monitoring and Auditing: "An effective compliance program includes monitoring and auditing functions to ensure that employees follow the compliance program." The Division will consider, among other similar factors: (i) the methods the company uses to evaluate the effectiveness of the compliance program; (ii) the frequency of evaluation, and whether the company has revised its compliance program in response to any prior antitrust violations or compliance failures; (iii) the monitoring and auditing mechanisms the company has in place to detect violations, such as routine or unannounced audits of documents and communications; (iv) whether the company uses analytic or statistical tools to identify potential antitrust violations; and (v) how monitoring and auditing influence changes to the compliance program. Id. at 12-13.
   
   
7. Confidential Reporting Structure and Investigation Process: "An effective compliance program includes reporting mechanisms that employees can use to report potential antitrust violations anonymously or confidentially and without fear of retaliation." The Division will consider, among other similar and related factors, whether (i) the company has a publicized system in place for employees to report or seek guidance about potentially illegal conduct; (ii) there are positive or negative incentives for reporting antitrust violations; (iii) supervisors or employees have a duty to report potential antitrust violations, and the disciplinary measures the company has in place for those who fail to report such conduct; (iv) the company has mechanisms to allow for confidential or anonymous reporting; and (v) the company's use of non-disclosure agreements or other restrictions deter whistleblowers from reporting violations. Id. at 13-14.
   
   
8. Incentives and Discipline: "[R]elevant to an antitrust compliance program's effectiveness are the 'systems of incentives and discipline that ensure the compliance program are well-integrated into the company's operations and workforce.'" The Division will consider and evaluate: (i) the incentives, if any, the company provides to promote compliance; (ii) whether the company has considered the implications for antitrust compliance of its incentives, compensation structure and rewards; (iii) whether the company has taken specific actions in response to compliance violation – e.g., promotions denied, compensation clawed back; (iv) the disciplinary measures the company has in place for those who engage in illegal antitrust conduct or who fail to take reasonable steps to prevent or detect violations; (v) the employment status of culpable executives; and (vi) whether antitrust violations are disciplined in the same manner as other types of misconduct. Id. at 14-15.
   
   
9. Remediation and Role of the Compliance Program in the Discovery of the Violation: The Division's prosecutors are instructed to "assess whether and how the company conducted a comprehensive review of its compliance training, monitoring, auditing, and risk control functions following [an] antitrust violation" and "should also consider what modifications and revisions the company has implemented to help prevent similar violations from reoccurring, and what methods the company will use to evaluate the effectiveness of its antitrust compliance program going forward." In evaluating the company's remediation efforts, the Division will consider, among other things: (i) whether the company has conducted a "root-cause" analysis of the antitrust misconduct; (ii) what controls of the existing antitrust compliance program failed; (iii) whether the company revised its antitrust compliance program as a result of the antitrust violation and any lessons learned; (iv) what role the senior leadership of the company played in addressing the antitrust violation, identifying and disciplining employees and supervisors, and revising the compliance program to better detect the conduct that resulted in the antitrust violation; and (v) whether the company reported the antitrust violation to the government before learning of the government's investigation, and how long after learning of the conduct did the company report it to the government. Id. at 15-16.

When a decision is made to charge a company with a violation, the Division's prosecutors may also recommend a sentencing reduction based on an evaluation of the effectiveness of a company's compliance program. Where a company does not have an adequate compliance program, a prosecutor may recommend a corporate defendant face probation, and will also consider whether a monitor should be put in place to implement a compliance program. Creation of or improvements to an antitrust compliance program, the incorporation of disciplinary procedures for violations, and the demonstration of efforts to ensure future compliance and a change in corporate culture may result in reduction of criminal fines. Id. at 17-19.

The development, maintenance and implementation of, and allocation of sufficient resources to an antitrust compliance program is a critical component of a company's protection from the bad acts of its employees. An antitrust compliance program may not deter or identify, in a timely manner, all antitrust violations. However, significant and reasonable efforts to comply with the law and develop a culture of compliance, and of improvement and evaluation of compliance efforts, are a relatively low-cost method of protecting the corporation from criminal liability. Compliance officers, senior company officials and board members, working with inside and outside counsel, should consider improvements to their corporate compliance programs based on the new and updated guidance from the Criminal and Antitrust Divisions of the Department of Justice.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.