On November 12, 2024, the U.S. Department of Justice, Antitrust Division (“DOJ”), released an update to its guidance document for evaluating the effectiveness of corporate antitrust compliance programs that was last issued in 2019. The document is intended to be used by prosecutors in evaluating whether a corporation’s compliance program is effective at preventing and detecting antitrust violations, which is an important consideration for prosecutors in deciding whether to bring charges, the terms and form of resolution, and sentencing recommendations. While a corporation can have an effective compliance program without satisfying each and every guideline set out by the DOJ, the DOJ’s guidance document is a helpful tool for companies considering investments in their corporate compliance programs.
Revised DOJ Antitrust Compliance Guidance Provide a Tool for Evaluating Corporate Compliance Programs
I. Key Revisions to the Antitrust Compliance Guidance
The revised guidance document largely kept intact the 2019 framework promulgated during President Donald Trump’s first administration. However, several revisions reflect material changes and emphasis on new topics, most of which have been priorities for the Biden administration in recent years.
- Compliance and oversight over new technology, including AI and revenue management software. The DOJ guidance discusses the importance of ensuring compliance oversight over new and emerging technologies such as Artificial Intelligence and revenue management software. The DOJ’s guidance emphasizes the importance of including properly trained compliance professionals in deployment of these technologies in order to ensure that risk posed by the technology is promptly identified and mitigated.
- Establishing guidelines for the use of ephemeral messaging. The DOJ suggests that companies should issue guidance on whether and how to use ephemeral messaging and when ephemeral messages must be preserved. The DOJ has taken aggressive views on ephemeral messaging in the past, threatening companies (and their counsel) that do not maintain copies of ephemeral messages with criminal prosecution in certain circumstances.
- The importance of commitment to compliance programs at all levels of management. The new guidance emphasizes that management at all levels must be trained and demonstrate a commitment to antitrust compliance. The guidance also expressly considers whether a company’s Board of Directors has appropriate compliance expertise.
- Dedicating sufficient resources to the compliance function. The guidance says that DOJ will consider whether compliance resources were ever requested and denied, as well as the rationale for any denial. The guidance also emphasizes that compliance personnel should have prompt access to all relevant data sources and considers whether compliance uses data analytics tools for monitoring.
- Confidential reporting channels and retaliation protections. The guidance considers the process that companies have in place for investigating and addressing reports, including the steps taken to ensure any investigations are independent, objective, appropriately conducted and well-documented. There is also an added focus on ensuring that reports can be made free from retaliation, that employees are trained on anti-retaliation protections, and that the company assesses whether employees actually feel that they can safely report misconduct. There is a new portion of the guidance that analyzes whether non-disclosure agreements have ever been used to stifle whistleblowing or self-reporting to the government.
- Wage-fixing agreements. The guidance states that compliance programs should address agreements to restrict competition for wages. This is a new addition from 2019, although consistent with DOJ prioritization of criminal prosecution and investigation of wage fixing and no-poach agreements in recent years.
- Civil antitrust compliance. While the focus of the guidance is on criminal antitrust compliance, the new guidance says that civil antitrust compliance should be an important part of any antitrust compliance program. Under Biden, the DOJ has focused on investigating and, in some cases, bringing civil enforcement actions challenging alleged information exchange agreements among competitors. Companies should consider whether their antitrust compliance policies adequately address these issues.
II. Practical Guidance on Effective Compliance Programs
From the perspective of designing an effective program, the guidance shows that the DOJ is interested in evaluating whether a company has an effective and appropriately resourced compliance function with control over antitrust policies and the practical ability to audit for compliance, whether the company trains all employees and has a compliance program that encourages reporting and detects violations, whether the company regularly updates its training materials for recent developments and new technology, whether any violations that occurred were detected by the compliance system and if not whether the programs were updated to address the reason for that failure, whether senior and mid-level management are committed to antitrust compliance and receive discipline for compliance failures, and the company’s policies on litigation holds, document retention, and ephemeral messaging.
The DOJ’s guidance addresses these considerations across nine factors that are elaborated on in detail in the guidance document: (1) the design and comprehensiveness of the program; (2) the culture of compliance within the company; (3) responsibility for, and resources dedicated to, antitrust compliance; (4) antitrust risk assessment techniques; (5) compliance training and communication to employees; (6) monitoring and auditing techniques, including continued review, evaluation, and revision of the antitrust compliance program; (7) reporting mechanisms; (8) compliance incentives and discipline; and (9) remediation methods. The following is a summary of the key takeaways for each of the factors.
- Design & Comprehensiveness of the Program – Whether the compliance program (a) is updated for developments, to avoid staleness and for employee feedback, (b) is in writing and sufficiently emphasized, (c) is integrated into the company’s business practices, including whether trade association and other competitor meetings are tracked, (d) provides guidance on appropriate electronic communication channels, ephemeral messaging, litigation hold obligations, and document retention.
- Culture of Compliance – The DOJ says it will look at (a) what leadership is doing to reinforce compliance culture, (b) whether leadership has tolerated antitrust violations, (c) how mid-level management demonstrates the importance of compliance including an anti-retaliation policy encouraging employees to report issues without fear, (d) whether the company measures compliance, rewards compliant behavior, and punish management for non-compliant behavior and (e) does the Board of Directors have appropriate compliance expertise.
- Responsibility for, and resources dedicated to, antitrust compliance – The DOJ says it will look at (a) whether there is a Chief Compliance Officer, (b) how often the CCO meets with the Board and other executives, (c) how the company ensures the compliance team’s independence, (d) how the compliance team compares to other functions in terms of stature, experience, rank/title, compensation levels, reporting line, resources to ensure adequate compliance, ongoing training and familiarity with antitrust, access to decision makers, (e) compliance personnel turnover, (f) whether compliance is a dedicated function or one that employees split with other responsibilities, (g) whether compliance dedicates sufficient resources to antitrust and whether others have ever denied the compliance function resources it determined that it needed, and (h) whether the effectiveness of the compliance function is ever reviewed and by whom.
- Risk Assessment – Whether the company (a) has tailored its program for the particular industry, the risks that it faces, and is consistent with industry best practices, (b) collects metrics or other information in evaluating antitrust risk and whether that information has been incorporated into the antitrust compliance program, (c) reviews risks and revises its programs, and (d) evaluates risk from its use of new and emerging technology such as AI and revenue management technology.
- Training & Communication – Whether the company (a) has communicated antitrust policies to all employees, including senior leadership, in a way that promotes understanding, (b) has a Code of Conduct that prohibits antitrust violations, (c) has a certification process confirming that employees have read the compliance policy, (d) provides ready access to training and compliance materials, (e) regularly trains employees and requires training before work begins and tailors training to address industry specific risks and issues (f) effectively tests understanding policies during trainings, (g) tracks attendance at training programs, requires certification of completion of training programs, and (h) regularly updates training identifying emerging risks as the business environment changes.
- Periodic Review, Monitoring & Auditing – The DOJ says it will evaluate (a) whether the company meets to evaluate the effectiveness of compliance programs and who attends those meetings, (b) whether the company has auditing and monitoring programs in place, including whether communications are audited or monitored using tools or statistical testing, (c) whether compliance personnel have ready and prompt access to all relevant data sources, (d) the process for revising compliance policies and whether auditing results are considered in that process, and (e) whether companies with prior antitrust violations conducted a comprehensive review of its compliance training programs and policies in place, or established a robust program where one did not exist prior to the charge.
- Confidential Reporting Structure – The DOJ says it will evaluate (a) whether there is a publicized system for reporting and seeking guidance about potentially illegal conduct, (b) whether supervisors must report violations to employees with compliance responsibilities, (c) the process for evaluating whether a report requires further follow-up, (d) whether investigations are independent, objective, appropriately conducted, and properly documented, (e) whether the company has an antiretaliation policy and trains its management/supervisors on the policy, (f) whether employees can report anonymously and confidentially, (g) whether employees feel they can report without fear of retaliation and whether the company assesses whether employees are willing to report violations, and (h) whether NDA or other restrictions are utilized or enforced to prevent to deter whistleblowing or reporting to government authorities.
- Incentives & Discipline – The DOJ says it will evaluate (a) incentives to promote performance in accordance with compliance policy, (b) whether the company has considered the implications of its incentives/rewards for compliance, (c) disciplinary measures available for employees that engage in antitrust violations or supervisors who fail to report them, (d) whether any employees have been disciplined for antitrust violations and whether bonuses/promotions have been denied because of compliance considerations, and (e) whether data is available showing that antitrust violations are treated similarly to other violations in terms of discipline.
- Remediation & Discovery – The DOJ says it will evaluate the company’s response to detected violations, including (a) whether the company conducted a root cause analysis and its results, (b) whether the compliance program detected the violation and if it failed to detect it understanding what controls failed, (c) whether anyone who had an obligation to report a violation failed to do so, (d) whether the company made any revisions to its antitrust policy as a result of a violation, how those changes were conveyed to employees, and the role of senior employees in making those changes and disciplining employees as appropriate and (e) whether the company reported the conduct to the government and how long after the detection that report occurred.
III. Conclusion
The recent guidance provides important information to corporations on how to improve their own compliance programs to prevent and mitigate potential antitrust violations, as well as on how DOJ will view their programs if a violation were to occur. The DOJ’s guidance emphasizes that the process is iterative. Companies should continuously improve their programs to address their own experiences, the experiences of others in the industry, and new and emerging technology. It is important that companies work with experienced antitrust counsel to evaluate and develop effective compliance programs.