This article draws the business community’s and competition agencies’ attention to selected topics that would benefit from more attention when considering effective competition law compliance programmes. It draws on recent discussions in the OECD Competition Committee and the related background paper on Competition Compliance Programmes, however, the views expressed reflect solely the opinion of the authors. We identify five major compliance topics – detection and prompt reporting, senior management involvement, monitoring and auditing, compliance incentives, and third-party compliance – and suggest possible courses of action to enhance compliance programmes’ effectiveness.
By Sabine Zigelski & Lynn Robertson[1]
I. INTRODUCTION
There is widespread unanimity about what should constitute the main elements of a competition compliance programme. The criteria established by recent United States DOJ guidance[2] can serve as a good starting point since many other agency guidelines use similar criteria. Rather than focussing on those widely known and accepted elements, we will focus on a select few that we believe are particularly relevant for the effectiveness of compliance policies: detection and prompt reporting; senior management involvement; monitoring and auditing; compliance incentives; and third-party compliance. We assert that these elements, in particular, could merit more attention by competition agencies wanting to promote compliance more effectively and by the business community aiming to implement more effective programmes. Jurisdictions take different approaches on them, or they are not routinely included in agency guidance documents. However, these elements could make the difference between an effective and a pro-forma programme. Our decision to focus on these five does not imply that other elements are less relevant or important
II. DETECTION AND REPORTING
There seems to be a widespread consensus that an effective compliance programme should, next to prevention, lead to the early detection of competition law violations within a company. Views diverge when it comes to the reporting of such violations to the competition authorities. For the time being, only Germany and Peru seem to require reporting as a prerequisite for accepting a compliance programme as a mitigating factor.[3] The European Commission considers leniency and immunity as the ultimate reward for an effective compliance programme, both of which can only be obtained through reporting to and co-operation with the agency. Other jurisdictions, such as the Australia, Canada, Italy, Romania, Spain, or United States also consider reporting to the competition agency as an important element of an effective programme, albeit not an essential pre-condition.[4] Further support for a reporting requirement can be found in the EU procurement directive,[5] which makes damage mitigation and collaboration with the investigating authorities pre-conditions for an early release from debarment through self-cleaning.
These agency perspectives stand in stark contrast to the views expressed by businesses. Their message seems far from simple. Businesses will weigh costs and benefits before applying for leniency when a violation is detected internally. The increased risks posed by private damages actions and of managers being held personally liable have a strong and dissuasive impact on the decision to report.[6] However, absent from these cost/benefit calculations are the repercussions on the internal and external credibility of a company’s compliance message and policy of such a seemingly rational balancing strategy.
There is no legal obligation to report a competition law violation to a competition agency. However, we argue that from the compliance perspective, reporting is the real test case for the credibility of corporate ethics claims and leadership’s commitment to these ethics. How can the compliance message be given life within a company when internal detection does not lead to meaningful consequences? These consequences should be twofold: clearly visible internal sanctions on the staff involved in and responsible for the violations; and putting an end to the competition law violation, including through the compensation of the victims. In cartel cases, none of these is, in the last consequence, possible without external reporting. Without reporting, internal sanctions will most likely be neither meaningful nor widely communicated to warn other employees, as this would entail the risk that an employee would blow the whistle – contrary to the intention of the company. In the case of collusive practices, the infringement will also not necessarily end with the withdrawal of one company from the cartel. The harm to markets and consumers may well continue. Even if a cartel was ended for good, the absence of reporting would imply that the parties to the cartel pocket the illicit gains with no intention of compensating the harmed customers. It is hard to see how such a message to staff can demonstrate a credible commitment to competition law compliance and will help to prevent future wrongdoing.
For competition authorities for whom leniency is one of the most important detection tools, conditioning the effectiveness of compliance programmes on a pro-active decision of the company to self-report a detected (cartel) infringement could contribute to curtailing the decline in applications and reverse the current trend.[7] Such an approach can also be incorporated in agency policies that grant credit for prospective or improved existing programmes. A commitment to report could become an express requirement of future compliance obligations. For businesses, a self-imposed obligation to report would underline a no tolerance policy and would certainly serve to garner the necessary attention of all staff and companies’ top management.
III. MANAGEMENT INVOLVEMENT
One of the most frequently cited mantras in compliance literature is the famous “tone from the top”: the quintessential requirement for an effective compliance culture. Consequently, senior management involvement in the competition law violation, promotion of, or alternately, ignoring anti-competitive conduct are considered as very strong indicators of an ineffective compliance programme and culture.[8] At the same time, jurisdictions willing to accept an effective, pre-existing compliance programme as a mitigating factor acknowledge that even the best compliance programme cannot completely prevent anti-competitive action by an employee set to engage in it, the famous “rogue employee.”
However, senior management involvement in cartel conduct seems to be more the rule than the exception,[9] and this is also supported by OECD foreign bribery data. Senior management is most frequently involved in bribery committed by a company, namely in 75% of the cases being subject of a recent study.[10] Such findings signal obvious shortcomings in corporate compliance programmes, and in competition agencies’ compliance advocacy efforts as well.
There are a number of measures that businesses and competition agencies could implement and that agencies could require when reviewing the effectiveness of compliance programmes, to ensure that senior management pays sufficient attention to competition rules:
- The commitment to report any competition law violation and to bear the consequences of past wrongdoing as mentioned above;
- Targeted compliance training for senior management;
- Third party monitoring and internal audit must include top level management files and communication;
- Peer learning through promotion of third-party compliance measures (see below) and/or public events where convicted offenders report their experience to other executives;
- Internal and external reporting and whistle-blowing channels that allow the implication of senior management and reporting to authorities without getting the senior management involved and alerted, and preventing retaliation risks;
- Public naming and shaming of responsible managers to increase the reputational risk of competition law violations;
- Basic competition law training in business schools; and
- Improving the gender balance in companies’ senior management.[11]
IV. COMPLIANCE INCENTIVES
Agency compliance guidance often includes references to and requirements for adequate compliance incentives and discipline. These are are mostly directly related to rewarding and incentivising compliant or punishing deviant behaviour. Rarely considered are the indirect (dis)incentives to comply, created by ambitious performance goals and performance-based salary schemes.[12] In other words: even the best corporate compliance programme will not be worth the paper it is written on, when employees cannot reach their performance targets without being at least seriously tempted to resorting to illegal, including anti-competitive, means.
Performance based salaries and incentive schemes should not be discouraged as they can greatly increase staff and company performance. However, such schemes, at the same time, should not encourage nor create a need or strong temptation for anti-competitive conduct to make them attainable. The G20/OECD Principles of Corporate Governance foresee that key executive and board remuneration should be aligned with the longer-term interests of the company and its shareholders, including sanction and clawback provisions for cases of serious misconduct.[13] This emphasis on longer term interest can inform competition compliance considerations. There are various ways in which salaries can reflect shorter- or longer-term performance indicators, which are more or less prone to anti-competitive conduct.[14]
The creation of compliance compatible remuneration schemes is certainly best placed in the hands of the businesses themselves. It is outside of the remit of competition agencies to create operational criteria for firms that manage to balance the performance enhancing benefits of incentive-based salaries and their compliance risks. It is, however, conceivable for competition agencies to identify blatantly inappropriate schemes when examining pre-existing compliance programmes in ongoing or previous collusion cases and to oblige companies to consider such remuneration schemes as part of their compliance policies. The failure to do so could again signal a lack of management engagement and support for the corporate compliance policy. In any case, it would seem that competition agencies could put more of an emphasis on businesses’ salary schemes when assessing or advising on compliance programmes to ensure that the incentives of all relevant employees are aligned with proclaimed compliance policies.
V. AUDITING AND MONITORING OF BUSINESS PROCESSES
When auditing and monitoring requirements are included in competition agency compliance guidelines, they mostly relate to the implementation of the compliance programme as such, its review and the confirmation that adequate processes are in place or trainings are conducted. However, monitoring and auditing requirements can go further. They can be applied directly and proactively to business transactions and processes that are identified as a competition compliance risk, or to communications monitoring. The European Commission asks for auditing and monitoring as prevention and detection tools, in particular when a firm is active in tendering markets,[15] similarly to the US, which asks for the use of screens and communication monitoring tools.[16] Chile and Peru also refer to screening and use of software to, for example, monitor conversations with competitors.[17]
In this regard, compliance guidance by agencies and compliance efforts by businesses could consider making active use of software tools and algorithms as a tool for more effective compliance. Algorithms can support businesses in their monitoring, prevention and detection efforts, which can benefit from widely available know-how on screening for anti-competitive behaviours. Particularly for cartels, there is rich literature and agency experience on screening for markets susceptible to collusion as well as for behaviours and market outcomes that could indicate collusive market behaviour.[18] Provided sufficient data is available, such screens can be applied by businesses internally. In addition to structural screens, price or performance-based screens, companies can use Artificial Intelligence (AI) to monitor company communication for suspicious signs. When risks for algorithmic collusion exist, the detection methods within a company must address such specific compliance risks as well.[19] As expressed by US Department of Justice Deputy Assistant Attorney General Matthew S. Miner in relation to fraud investigations, “… companies have better and more immediate access to their own data. For that reason, if misconduct does occur, our prosecutors are going to inquire about what the company has done to analyze or track its own data resources – both at the time of the misconduct, as well as at the time we are considering a potential resolution.”[20]
There is room for competition agencies to take a more pro-active approach to corporate screening and monitoring efforts: to encourage or require them in their compliance related enforcement and other activities. Businesses should embrace such approaches. The benefits of an active, company-internal search for suspicious signs for compliance breaches are twofold: it enables early detection and reporting of harmful practices to competition authorities; and it has a deterrent effect on employees who know that it will be more difficult to hide illegal behaviour. For these reasons, the absence of the implementation of such tools, in particular in high-risk activities such as tendering, could imply insufficient effectiveness of a compliance programme. This component will increase in relevance with ongoing digitalisation of businesses processes and markets.
VI. THIRD-PARTY COMPLIANCE
A yet underdeveloped field of competition agencies’ compliance guidance are provisions on third-party compliance. Third-party compliance relates to any efforts of a company to promote compliant behaviour in its business partners, for example sub-contractors, suppliers, joint venture partners, or consultants. It is a well-established principle in the anti-corruption sphere, in particular due to liability risks for corruption acts committed by business partners.[21] The US DoJ criminal division’s guidance on the evaluation of corporate compliance programmes addresses this point.[22] While designed primarily to address corruption concerns, the suggested steps and measures, such as risk assessments, trainings, audits and red flags for third-party compliance risks can be useful in the competition context as well.
The World Bank’s Integrity Compliance Guidelines,[23] which provide practical guidance to entities debarred through the World Bank’s sanctions system, dedicate a full section to business partner due diligence. The text covers misconduct of all types, including collusive practices. Companies aiming to implement a compliance system are asked to encourage their business partners to prevent, detect, investigate and remediate misconduct. The Siemens Collective Action initiative is a prominent example of a very far-reaching compliance initiative imposed on an undertaking for corruption offences.[24] Many companies already practice voluntarily such third-party competition compliance measures. They differ in scope and range from information or trainings to contractual obligations and auditing rights.[25]
Agencies, when imposing compliance policy obligations on companies, could consider including obligations to promote business partner competition compliance. Depending on the size of the company, the requirements can vary from simple information to in-depth training or auditing. This could help disseminate the knowledge of antitrust requirements since businesses may have better and more credible ways of communicating antitrust requirements to other businesses compared to competition agencies. Peer learning and pressure can have high impact. For businesses, implementing such third-party compliance measures can well pay off, as they can lead to the disclosure of yet hidden cartels in the supply chain for example.
In addition, agencies and businesses could consider merger due diligence when assessing the effectiveness of existing programmes as well as in the design of compliance programmes.[26] Mergers pose a special challenge to any existing corporate compliance regime and culture. Another company’s compliance culture, or the lack thereof, need to be assessed and aligned. Existing compliance risks and ongoing or past violations of the laws need to be identified and addressed. Such assessments present a unique chance to systematically review business processes and documents with fresh, outside eyes, and to apply appropriate antitrust screens. Cartels have been discovered and reported to competition agencies through merger due diligence processes.
When competition agencies request businesses to include merger due diligence provisions targeting antitrust violations as part of their competition compliance policies, such requirements could include a commitment to report any suspicions to the relevant competition agencies. Inaction would indicate that a compliance policy was not effective.
VII. CONCLUSIONS AND OUTLOOK
The main elements of an accepted competition compliance programme are well established. However, it is worthwhile for businesses and competition agencies to consider additional elements that could reinforce compliance efforts. Ongoing cartel activity, a steady decline in leniency applications in most mature jurisdictions across the world,[27] and the persistent involvement of top management in uncovered collusion schemes, are all indicative of the need to work harder to make competition compliance part of business DNA. Using approaches that are already taken by some competition agencies, and adopting practices used in other areas of compliance, we have tried to show that there is potential for improvement. Businesses and their management can enhance their internal ethics and incentive systems by committing to preventive detection and monitoring, targeted training including top management levels, reporting, incentive aligned salary systems, and transferring their knowledge and ethics to their business partners. Competition agencies could include these more rigorous requirements when considering business compliance programmes in their prevention or enforcement work. In the end, functioning competition compliance is a win-win-situation for all involved. Being more ambitious will pay off.
1 Respectively, Senior Competition Expert, Competition Expert, both OECD Competition Division, Paris. This contribution builds on the publication OECD (2021), Competition Compliance Programmes, OECD Publishing, Paris, http://oe.cd/ccp. The additional opinions expressed, and arguments employed herein are those of the authors and do not necessarily reflect the official views of the OECD or of its member countries.
2 US Department of Justice 2019, Evaluation of Corporate Compliance Programs in Criminal Antitrust Investigations.
3 Indecopi 2020, Guidelines on Competition Compliance Programs, p 38; Recommendation and report of the economics and energy committee of the German parliament, Doc 19/25868, January 13, 2021, p 122.
4 U.S. DoJ asks whether the program detected the violation and facilitated prompt reporting as one of the basic, preliminary questions when assessing the effectiveness of a program, although a failure to do so is not dispositive. Canada will consider reporting as a factor when considering consent agreements. In Italy, the maximum fine reduction of 15% in cases that are eligible for leniency is only available to companies, which reported and applied for leniency upon the internal detection of an infringement. Spain considers reporting and applying for leniency as evidence for a commitment to compliance, though it is not a mandatory or exclusive requirement for considering fine mitigation. The ACCC foresees reporting of material failures to comply as an important element for an effective compliance program. Romania will take into account active reporting when assessing the effectiveness of a compliance program.
5 Art. 57 VI Directive 2014/24/EU on public procurement.
6 See for example PARR, 24 March 2021, Increasing damages, compliance programmes slow EC cartel enforcement – Analytics, https://app.parr-global.com/intelligence/view/intelcms-qbwbrb; Ysewyn and Kahmann, 2018, p. 44, 58; Stephan and Nikpay, 2014.
7 OECD 2021, Competition Compliance Programmes, p 26.
8 For example, US Sentencing Guidelines, U.S.S.G. § 8C2.5(f)(3)(A)–(C) and 2019 US guidance, p 14; 2020 guidance by the Spanish CNMC, p 8; 2015 guidance by Canada, p 8.
9 For background and references, see OECD 2021, Competition Compliance Programmes, pp 34-36.
10 Based on 115 foreign bribery resolutions against companies concluded between January 2014 and June 2018, OECD 2020, Foreign Bribery and the Role of Intermediaries, Managers and Gender.
11 Recent studies suggest that gender balance could contribute to compliance, see https://www.oecd.org/competition/gender-inclusive-competition-policy.htm, papers 3 and 5.
12 Examples are the 2019 US guidance, p 11; 2012 guidance by Chile, Fiscalia Nacional Economica, Competition Compliance Programs, p 11.
13 2015 OECD, G20/OECD Principles of Corporate Governance, p 50.
14 For background and references, see OECD 2021, Competition Compliance Programmes, p 38.
15 European Commission 2013, Compliance Matters, p 18.
16 2019 US guidance, p 10.
17 See Fiscalia Nacional Economica, Competition Compliance Programs, p 17; Indecopi 2020, Guidelines on Competition Compliance Programs, p 28.
18 See for example, 2013 OECD Roundtable on Ex-officio cartel investigations and the use of screens to detect cartels; 2018 OECD workshop on cartel screening in the digital era; and more background and sources in OECD 2021, Competition Compliance Programmes, pp 39 – 41.
19 See also Ai Deng 2019, From the Dark Side to the Bright Side: Exploring Algorithmic Antitrust Compliance, p 4; Johnson and Sokol 2020, Understanding AI Collusion and Compliance.
20 Deputy Assistant Attorney General Matthew S. Miner, Remarks at the 6th Annual Government Enforcement Institute, 12 September 2019, https://www.justice.gov/opa/speech/deputy-assistant-attorney-general-matthew-s-miner-delivers-remarks-6th-annual-government.
21 See 2010 OECD Good Practice Guidance on Internal Controls, Ethics, and Compliance; and OECD 2020 Corporate Anti-Corruption Compliance Drivers, Mechanisms, and Ideas for Change, p 42.
22 See US Department of Justice, 2020, Evaluation of Corporate Compliance Programmes, p 7; this is a different guidance than the one on antitrust compliance, for DoJ prosecutors to assess the effectiveness of firms’ compliance programs in a wider criminal prosecution context.
23 World Bank Group, Integrity Compliance Guidelines.
24 See https://new.siemens.com/global/en/company/sustainability/compliance/collective-action.html.
25 Examples: Deutsche Bahn, requiring contractors to implement anti-trust compliance programs, including monitoring by Deutsche Bahn; Valeo, with code of conduct which include a business partner code of conduct and anti-trust training resources; Roche; Siemens; Oracle; or LafargeHolcim.
26 This is also included in the DoJ criminal division’s guidance, p 9.
27 See OECD 2021, Competition Compliance Programmes, pp 25-27.