Ten Things to Know About the Antitrust Division’s Updated Compliance Guidance

Earlier this week, the Antitrust Division updated its compliance guidance. The Division first issued guidance on its evaluation of corporate compliance programs in July 2019. This week’s updates follow multiple updates to the Criminal Division’s guidance and updates to the Justice Manual.

Much is the same. But ten additions warrant attention:

1.    Use of communication platforms & personal devices: Like the Department and its own messaging, several additions relate to prosecutors’ expectation that companies should have and enforce policies governing the use of personal devices and communication platforms that ensure business communications, however they occur, can be appropriately preserved. See Justice Manual § 9-28.800.

• In particular, the Division asks whether companies have “clear guidelines regarding the use of ephemeral messaging or non-company methods of communication including the extent to which those communications are permitted and when employees must preserve those communications.” Guidance at 6.

2.    Communications: The guidance also adds expectations when training employees to avoid using “antitrust ‘hot’ words.” Id. at 12. If such training occurs, the Division maintains that the training should “focus on detecting and deterring antitrust violations, as opposed to making violations harder to detect.” Id.

3.    Compensation structures that promote compliance: Like the Department, the Division maintained its emphasis on salary systems that reward compliant behavior and punish misconduct. Beyond prior references to claw backs and incentives that “promote performance in accordance with the compliance program,” id. at 14, the guidance now asks how “the company’s hiring and incentive structure reinforce[s] its commitment to ethical culture.” Id. at 7.

4.    AI and revenue management software: Another expected update asks whether compliance programs and materials are “updated to account for newly developed technology.” Id. at 5.

• Indeed, the guidance asks whether the company assesses, mitigates, and monitors antitrust risk posed by AI and algorithmic revenue management software. Id. at 9.
• It also adds questions about whether training includes permissible and impermissible uses of AI and other technology and how quickly companies can “detect and correct decisions made by AI” that “are not consistent with the company’s values.” Id. at 10.

5.    Tone from the top, but also the middle: Several additions emphasize the cultural and practical importance of setting a compliant “tone from the middle.” Id. at 7. 

• One change notes “[a]n effective compliance program requires leadership to implement a culture of compliance at all levels of the organization,” while another defines management as “both senior leadership and managers at all levels.” Id. at 6.

6.    Tailoring and improvement: Compliance efforts are a cycle to: (i) deter violations by assessing risks, designing compliance policies and resources tailored to those risks, implementing comprehensive and accessible training, and instilling a culture of compliance; (ii) detect problematic activity through auditing, monitoring, and reporting mechanisms; and (iii) reward compliance and punish violations. Several changes address the importance of improvement and evolution considering any prior antitrust violations by the company or within its industry:

• The revisions add questions about how the company measures the effectiveness of both compliance culture and its compliance program, testing engagement with training, and the ability to access compliance materials. Id. at 11-12.
• New questions also inquire about a “process to identify emerging risks” and “gap analysis.” Id. at 9.

7.    Compliance resources: Empowering compliance professionals has been an area highlighted by Department leadership and the Criminal Division.

• The Division echoes this view in questions about the resources devoted to the compliance function, how those resources compare to other areas within the company, and whether resource requests from the compliance function have been denied. See id. at 8.

8.    Deploying technology and data to promote compliance: The focus on resources dedicated to compliance extends to the compliance function’s access to technology and data.

• The guidance asks whether “the level of technology devoted to compliance” is “comparable to the level of technology devoted to other functions.” Id.
• Likewise, it asks how compliance personnel use data for auditing and monitoring and compliance personnel’s prompt access to “all relevant data.” Id. at 13.

9.    Whistleblowers, anti-retaliation, and NDAs: There is also further emphasis on the importance of confidential reporting mechanisms, a fair process for assessing complaints, and avoiding even the perception of chilling whistleblowers.

• In terms of confidential reporting, there are added expectations about the process by which whistleblower complaints are investigated, including by whom, and processes to ensure an independent and objective assessment. Id. at 14.
• As predicted in a previous post, updates also address anti-retaliation policies, training on those policies, and whether employees are willing to report violations. Id. In particular, the Division added expectations that employers should not use NDAs to deter whistleblowers. Indeed, the Division expects companies to have “NDAs and other employee policies [that are] clear that employees can report antitrust violations internally and to government authorities.” Id.

10.    New application to civil investigations: The guidance governs criminal antitrust investigations but adds implications for civil conduct investigations.

• Not only can a “well-designed antitrust compliance program . . . minimize risk of civil antitrust violations,” but if civil violations occur, compliance programs can allow companies to “promptly self-disclose and remedy them and cooperate with a civil antitrust investigation.” Id. at 2-3.
• Like the Division’s criminal prosecutors, civil teams will “consider many of the same factors when assessing the effectiveness of” compliance programs in the context of resolving civil conduct investigations. Id. at 3.
• According to the Division, the benefit of “existing or improved compliance efforts” may be to avoid “court-mandated further compliance and reporting requirements or retention of and supervision by external monitor.” Id.
• As has been the case in criminal investigations, companies facing civil conduct investigations should prepare to show their work on compliance improvements to avoid compliance-related provisions in consent decrees, from monitors to court-mandated compliance improvements.