by Joe Murphy
How good is your antitrust compliance program – would it be considered effective in addressing criminal antitrust risk, or what is also referred to as cartel conduct? Perhaps you have an antitrust manual and a lawyer who gives presentations about the law. Maybe this is also covered in your code of conduct.
But does this meet the most widely used standard for compliance programs, the US Sentencing Guidelines’ seven elements? Let’s consider just one element of those standards, item 5. And in that item, let’s consider one requirement:
“(5) The organization shall take reasonable steps—
(A) to ensure that the organization’s compliance and ethics program is followed, including monitoring and auditing to detect criminal conduct;”
So at a minimum, a program needs to include auditing aimed at ferreting out crime. This language deserves some considerable focus. If a program includes audits to check if employees have been trained, have signed the code of conduct, or have signed compliance certificates, is there even an argument that such steps would meet this standard?
While checking processes has its place in ensuring that a program is in fact being implemented, the stark truth is that process audits should not be confused with substantive audits. Checking compliance program steps simply does not meet this standard.
Nor are the Sentencing Guidelines alone in this message. In Canada, for example, the Canadian Competition Bureau issued guidance on compliance programs, including this recommendation to companies:
“[C]onduct audits to confirm whether a business is fully complying with the Acts; an audit may include a review of paper and computer files (especially emails) of staff who are in a position to engage in, or be exposed to, conduct in potential breach of the Acts;”
-Competition Bureau Canada, Corporate Compliance Programs 12 (2010)
Note again, like the Sentencing Guidelines, the call is for audits to look for crimes, not checks on process.
What has the US Antitrust Division said on this point? Here are the words of Bill Kolasky, then a Deputy Assistant Attorney General in the Division, addressing audits:
“Finally, a company should conduct regular antirust audits, preferably unannounced, to monitor compliance. These audits can be kept informal, but should include a review of both the paper and computer files (especially emails) of employees with competitive decision-making authority or sales and marketing responsibilities. It is important also to interview employees about their business and their contacts with competitors.” William J. Kolasky, “Antitrust Compliance: The Government’s Perspective,” 16 ethikos 6, 8 (Sept/Oct 2002).
This is a consistent theme – do not just check how many boxes have been ticked; go out on the road and look for actual violations.
Given the clarity of this message, what is actually happening in the field? The indications are not good. The Society of Corporate Compliance and Ethics recently released the results of an important survey of company antitrust compliance practices. Called “Antitrust: A Dangerous but Underappreciated Compliance Issue,” the survey reported on some of the compliance steps used by companies, and the impact of governmental approaches to compliance programs.
The finding on audits is particularly striking:
“An astounding 64% do not report performing the types of antitrust compliance audits that would meet the minimum standards under the Sentencing Guidelines.”
Now anyone familiar with the record of the Antitrust Division in the US and DG Comp in the EU might readily conclude that this result is not so surprising, given that both authorities refuse to give any credit to compliance programs, no matter how robust. If enforcers do not think programs are important, then why should companies? It is a terrible mistake for enforcement agencies to take this position, but it is also a mistake for companies to ignore the value of preventive steps.
First, there are some more enlightened competition law enforcement agencies that do consider programs, such as those in the UK, Singapore, and Chile. But beyond this, companies should be diligent in taking steps to prevent violations as a matter of corporate responsibility. In the future it can also be hoped that management in the EU and the Antitrust Division with a broader perspective will also step up to this important mission.
For now, how can companies get started? Mr. Kolasky’s words and the suggestions of the Canadian Competition Bureau point in the right direction. Companies should be both talking to employees and reviewing documentation. But this can be a daunting, resource intensive task. Where would a company look first? Here it is worth considering the advantages of modern technology.
Today it is possible to review company data to detect important red flags that can indicate an enhanced risk of cartel activity. This is spelled out in greater detail in Abrantes-Metz, Bajari & Murphy, “Antitrust Screening: Making Compliance Programs Robust.”
The technique, called screening, uses statistical tests drawing from available data such as prices, costs, market shares or bids, and applies statistical tools to identify highly improbable or anomalous patterns in those data. Screening can help target audit resources where they are most needed, in the areas of highest risk.
As the Canadians wisely indicate, the review should include “staff who are in a position to engage in, or be exposed to, conduct in potential breach of the Acts.” That is, those interviewed should include both those who might have committed violations, and those around them who may have witnessed suspicious conduct. Experienced investigators can tell you how conduct that one would expect to be well hidden will often leave obvious clues for those who know where and how to look.
Can all violations be easily detected? Of course not. But if one does not look at all, there is much less chance of detecting misconduct. While no compliance step is certain of success, we do need to take seriously the message of actively seeking out violations. The tools are there, if we just chose to use them.
This article was written by Joe Murphy and originally published on corporatecomplianceinsights