3 Ways to Apply New DOJ Guidance to Antitrust Compliance

Matt_Kelly.png

The Justice Department gave compliance officers a significant piece of guidance in June with its latest update to the evaluation of corporate compliance programs. The guidance begs the fundamental question: Is the compliance program “adequately resourced and empowered to function?”  In practical terms: Do you have the budget, tools, and authority to put your compliance program into practice? If your answer is no, you’re in serious trouble.

When I read those words my mind raced to another piece of guidance the Justice Department published last year about antitrust compliance programs specifically.

How does this latest guidance, emphasizing resources, autonomy, and authority, intersect with the issues raised in the DOJ’s antitrust document? 

Clearly both pieces of guidance share a lot of Justice Department DNA. They raise the same points about risk assessment, training, corporate culture, and so forth; all descending from their common ancestor, the U.S. Sentencing Guidelines. 

Most corporate compliance officers, however, look at their programs through a Foreign Corrupt Practices Act lens. That’s not wrong; the Justice Department has been banging the drum about FCPA enforcement and effective compliance programs for years. 

It’s just very different from the antitrust world. Antitrust involves more types of misconduct, from boycotts to bid-rigging to price gouging. It can sweep up many more companies, including U.S.-only businesses that never encounter the FCPA.   

Until that antitrust compliance guidance came along in 2019, a company settling antitrust charges wouldn’t receive any credit for having an antitrust compliance program — but with that pronouncement last year, now you can.

Now companies have more incentive to build an effective antitrust program. How does that imperative fit into the “adequately resourced and empowered to function” exhortation from the latest guidance we received in June? 

3 Fundamental Ways to Test Your DOJ Antitrust Compliance

The details of antitrust compliance — the exact policies, legal rationales for enforcement, procedures to rectify abuses, and so forth —  are too many to fit into one blog post. That said, a few fundamental considerations do emerge right away. These are considerations every compliance officer will need to ponder, to meet Justice Department expectations that your antitrust program is “adequately resourced and empowered to function.”

1. Where and how do you treat antitrust compliance?

Will it be within the purview of the legal function, or the compliance function? 

People can make spirited arguments for both sides. Antitrust law is complex, and especially as one wanders into matters of market dominance and consent decrees that might involve divesting assets — those issues play to the legal department’s strengths. On the other hand, a lot of antitrust misconduct revolves around employees not following policy or procedure, and emphasizing the significance of doing so is something compliance teams have done for years with FCPA and other misconduct issues.

2. Do your policies and training focus on preventing antitrust violations? Are they risk-based? 

Pursuant to the point above, a lot of antitrust misconduct is small-bore employee misbehavior. It’s employees plotting with competitors at a business conference to carve up several lucrative customer contracts; or forcing customers to buy Product B if they want Product A; or similar violations of law.

None of that is as glamorous as a multi-billion-dollar merger that drags two corporate giants before a regulatory review, but such moments are relatively rare. Much of antitrust compliance is parallel to the world of risk assessment, policy development, and training that we’ve had in FCPA world for years. Tools to address those issues are the resources you need to be “adequately resourced.” 

3. Are you, the compliance officer, reaching the right level of executive? 

Business conduct related to antitrust can be fundamentally different from business conduct related to corruption, accounting fraud, or secretive data collection practices. Those latter things are misconduct: people breaking the rules. 

Antitrust issues can often veer into strategic questions without readily apparent answers. (This is especially so recently, when European and U.S. regulators alike are focusing more on questions of market power rather than pure harm to consumers.) Compliance officers need to be sure they are reaching the right level of executive, who might be exploring M&A deals or strategic growth plans — up to and including the CEO. 

We could say this starts with a risk assessment: what types of antitrust misconduct is your firm likely to experience? Then ask: which executives in the enterprise play an oversight role to help prevent that misconduct? And finally: do I have the authority to raise compliance issues with them, especially if that means potentially thwarting some project they want to execute? 

Again, that shouldn’t be a novel process for veteran compliance officers, who have been forcing their way into conversations about anti-corruption for years. But we’re starting with a different issue, so you may end up with a different list of names. However, your basic objective — getting seen and getting heard — remains the same. 

Get the Anti-Bribery and Corruption Risk Assessment Checklist!


Chat with a solutions expert to learn how you can take your compliance program to the next level of maturity.



5 Steps for Building Better Board Engagement

This year's Definitive Risk & Compliance Benchmark Report identified 7 drivers of compliance program performance – key compliance elements and activities linked with program success. This week, we take a look at how compliance practitioners can use board engagement to enhance their programs and protect their organizations from risk. 

Previous/Next Article Chevron Icon of a previous/next arrow. Previous Post

4 Ways to Protect ePHI Beyond HIPAA Compliance

HIPAA compliance is even more challenging with the Dark Web's bounty on electronic protected health information. Such data is worth a pretty penny. That's why healthcare organizations look for solutions that can provide tighter control over ePHI,whether it's hackers exposing vulnerabilities or the weakest link is a business associate or the intentional/unintentional employee.  

Next Post Previous/Next Article Chevron Icon of a previous/next arrow.