The Department of Justice (Department or DOJ) considers the "adequacy and effectiveness of [a] corporation's compliance program" as a factor in "conducting an investigation of a corporation, determining whether to bring charges, and [in] negotiating plea or other agreements." (See Department of Justice Manual, Principles of Federal Prosecution of Business Organizations, 9-28.300.) In September, the Department's Criminal Division updated its guidance on the Evaluation of Corporate Compliance Programs ("Evaluation of Criminal Compliance Programs") to "assist prosecutors in making informed decisions as to whether, and to what extent, [a] corporation's compliance program was effective."
There are three "fundamental questions" the Department considers in evaluating a corporate compliance program:
(1) Is it well designed?
(2) Is the program being applied earnestly and in good faith; that is, is it adequately resourced and empowered to function effectively?
(3) Does it work in practice?
The guidance document identifies various factors relevant to answering these "fundamental questions" in the affirmative and should be consulted closely by internal counsel in designing and implementing a compliance program. Evaluation of Criminal Compliance Programs at 1-2.
In November, the Antitrust Division (Division) provided guidance specific to the Evaluation of Corporate Compliance Programs in Criminal Antitrust Investigations (Evaluation of Antitrust Compliance Programs). (Criminal antitrust conduct is generally limited to price fixing, bid rigging, and market allocation schemes, but can extend to certain monopolization matters). While "even an effective antitrust compliance program may not deter every violation" the guidance notes that "an effective compliance program should enable a company to swiftly detect and address" potential antitrust issues. Evaluation of Antitrust Compliance Programs at 2. Notably, the Division indicated that the guidance is relevant to the investigation, evaluation, and settlement of civil antitrust matters. Id. at 3. The Division's guidance draws heavily on the framework articulated in the Criminal Division's recent updated guidance, and the principles in the Department of Justice Manual, Principles of Federal Prosecution of Business Organizations.
The Division will consider the company's compliance program: (i) when making charging decisions; and (ii) when making sentencing recommendations, assessing the program at the time of the violation and improvements after the identification of the offense. Id. at 2. When making charging decisions, the compliance program is evaluated in accordance with the three fundamental questions set out above; the Division's guidance identifies nine elements of an effective compliance program.
- Design and Comprehensiveness: In considering the design, format
and comprehensiveness of an antitrust compliance program, the
Division considers, among other things: (i) the format of the
antitrust compliance program, and how it fits into the
company's broader compliance program; (ii) how the program is
implemented and how often it is updated; (iii) who has the
responsibility for integrating antitrust policies and procedures
into the company's business practices; (iv) what guidance is
provided to those employees most likely to identify potential
antitrust violations – such as participation in meetings with
competitors, and those with approval for price changes; (v)
mechanisms the company has put in place to manage and preserve
communications, including electronic communications; (vi) whether
the company has clear guidelines on the use of "ephemeral
messaging" or "non-company methods of
communication;" and (vii) the guidance the company provides to
employees about document destruction and obstruction of justice.
Id. at 5-6.
- Culture of Compliance: The Division will examine "the
extent to which corporate management – both senior leadership
and managers at all levels – has clearly articulated and
conducted themselves in accordance with the company's
commitment to good corporate citizenship." Specific factors in
evaluating the culture of compliance include, but are not limited
to: (i) the company's leadership's efforts – through
their words and actions – to convey the importance of
antitrust compliance to company employees; (ii) how, and how often,
the company measures the effectiveness of its compliance program;
(iii) whether and how the company's commitment to compliance is
reflected in its hiring practices and design of incentives
(including compensation incentives); and (iv) the role and
expertise of the board of directors with respect to compliance. Id.
at 6 7.
- Responsibility for the Compliance Program: "Those with
operational responsibility for the [compliance] program must have
sufficient qualifications, autonomy, authority, and seniority
within the company's governance structure, as well as adequate
resources for training, monitoring, auditing and periodic
evaluation of the program." The Division will consider, among
other factors: (i) whether there is a chief compliance officer or
executive within the company responsible for antitrust compliance;
(ii) how the compliance function compares with other functions in
the company, in terms of stature, experience, compensation, rank or
title, resources, and access to key-decision makers; (iii) whether
compliance personnel are dedicated to compliance responsibilities
or have additional non-compliance responsibilities within the
company and, if so, what proportion of their time is dedicated to
compliance responsibilities; (iv) whether compliance personnel
report to senior leadership of the company, including the board of
directors, and the format of such reporting; and (v) who reviews
the effectiveness of the compliance function, and the review
process for such evaluation. Id. at 7-8.
- Risk Assessment: "An effective antitrust compliance
program should be appropriately [designed and] tailored to account
for antitrust risk." Factors relevant to the Division's
evaluation of the compliance programs risk assessment include
whether: (i) the antitrust compliance program is tailored to the
company's lines of business, the industry, and consistent with
industry best practices; (ii) the company collects information or
metrics that will help detect antitrust violations; (iii) the
company's risk assessment is current and subject to periodic
review; and (iv) the company's program addresses its use of
technology to conduct business, including new technologies such as
artificial intelligence and algorithmic revenue management
software, how the company mitigates any risk associated with its
use of such tools and technology, and whether compliance personnel
are involved in the deployment of new technologies, so as to assess
the risks such technologies may raise. Id. at 8-10.
- Training and Communication: "An effective antitrust
compliance program includes adequate training and communication so
that employees understand their antitrust compliance
obligations." Consideration will be given to, among other
factors, whether: (i) the company has mechanisms in place to ensure
that employees follow the compliance policy; (ii) employees certify
that they have read the compliance policy; (iii) antitrust policies
and principles are included in a company Code of Conduct; (iv)
training is required before attending trade shows or trade
association meetings; (v) employees and senior leadership receive
antitrust compliance training, how often such training occurs,
including whether attendance at such training is recorded and
preserved; and (vi) training is revised and updated, and what
factors help determine when and how such training is revised. Id.
at 10-12.
- Periodic Review, Monitoring and Auditing: "An effective
compliance program includes monitoring and auditing functions to
ensure that employees follow the compliance program." The
Division will consider, among other similar factors: (i) the
methods the company uses to evaluate the effectiveness of the
compliance program; (ii) the frequency of evaluation, and whether
the company has revised its compliance program in response to any
prior antitrust violations or compliance failures; (iii) the
monitoring and auditing mechanisms the company has in place to
detect violations, such as routine or unannounced audits of
documents and communications; (iv) whether the company uses
analytic or statistical tools to identify potential antitrust
violations; and (v) how monitoring and auditing influence changes
to the compliance program. Id. at 12-13.
- Confidential Reporting Structure and Investigation Process:
"An effective compliance program includes reporting mechanisms
that employees can use to report potential antitrust violations
anonymously or confidentially and without fear of
retaliation." The Division will consider, among other similar
and related factors, whether (i) the company has a publicized
system in place for employees to report or seek guidance about
potentially illegal conduct; (ii) there are positive or negative
incentives for reporting antitrust violations; (iii) supervisors or
employees have a duty to report potential antitrust violations, and
the disciplinary measures the company has in place for those who
fail to report such conduct; (iv) the company has mechanisms to
allow for confidential or anonymous reporting; and (v) the
company's use of non-disclosure agreements or other
restrictions deter whistleblowers from reporting violations. Id. at
13-14.
- Incentives and Discipline: "[R]elevant to an antitrust
compliance program's effectiveness are the 'systems of
incentives and discipline that ensure the compliance program are
well-integrated into the company's operations and
workforce.'" The Division will consider and evaluate: (i)
the incentives, if any, the company provides to promote compliance;
(ii) whether the company has considered the implications for
antitrust compliance of its incentives, compensation structure and
rewards; (iii) whether the company has taken specific actions in
response to compliance violation – e.g., promotions denied,
compensation clawed back; (iv) the disciplinary measures the
company has in place for those who engage in illegal antitrust
conduct or who fail to take reasonable steps to prevent or detect
violations; (v) the employment status of culpable executives; and
(vi) whether antitrust violations are disciplined in the same
manner as other types of misconduct. Id. at 14-15.
- Remediation and Role of the Compliance Program in the Discovery of the Violation: The Division's prosecutors are instructed to "assess whether and how the company conducted a comprehensive review of its compliance training, monitoring, auditing, and risk control functions following [an] antitrust violation" and "should also consider what modifications and revisions the company has implemented to help prevent similar violations from reoccurring, and what methods the company will use to evaluate the effectiveness of its antitrust compliance program going forward." In evaluating the company's remediation efforts, the Division will consider, among other things: (i) whether the company has conducted a "root-cause" analysis of the antitrust misconduct; (ii) what controls of the existing antitrust compliance program failed; (iii) whether the company revised its antitrust compliance program as a result of the antitrust violation and any lessons learned; (iv) what role the senior leadership of the company played in addressing the antitrust violation, identifying and disciplining employees and supervisors, and revising the compliance program to better detect the conduct that resulted in the antitrust violation; and (v) whether the company reported the antitrust violation to the government before learning of the government's investigation, and how long after learning of the conduct did the company report it to the government. Id. at 15-16.
When a decision is made to charge a company with a violation, the Division's prosecutors may also recommend a sentencing reduction based on an evaluation of the effectiveness of a company's compliance program. Where a company does not have an adequate compliance program, a prosecutor may recommend a corporate defendant face probation, and will also consider whether a monitor should be put in place to implement a compliance program. Creation of or improvements to an antitrust compliance program, the incorporation of disciplinary procedures for violations, and the demonstration of efforts to ensure future compliance and a change in corporate culture may result in reduction of criminal fines. Id. at 17-19.
The development, maintenance and implementation of, and allocation of sufficient resources to an antitrust compliance program is a critical component of a company's protection from the bad acts of its employees. An antitrust compliance program may not deter or identify, in a timely manner, all antitrust violations. However, significant and reasonable efforts to comply with the law and develop a culture of compliance, and of improvement and evaluation of compliance efforts, are a relatively low-cost method of protecting the corporation from criminal liability. Compliance officers, senior company officials and board members, working with inside and outside counsel, should consider improvements to their corporate compliance programs based on the new and updated guidance from the Criminal and Antitrust Divisions of the Department of Justice.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.