DOJ Antitrust Division’s Updated Guidance on Evaluating Corporate Compliance Programs

The U.S. Department of Justice Antitrust Division recently updated its Evaluation of Corporate Compliance Programs in Criminal Antitrust Investigations (the “Guidance”). This Guidance updates the 2019 guidance to federal antitrust prosecutors on the factors to consider when evaluating a company’s antitrust compliance program when making charging decisions and sentencing recommendations.  The Division will assess the program in place at the time of the offense as well as any subsequent improvements after the offense.  The updated Guidance adds that companies seeking to mitigate the consequences of civil violations “should expect the civil team to consider many of the same factors when assessing the effectiveness of their compliance program as criminal prosecutors do.”  For these reasons, the updated Guidance provides a road map for companies when designing or updating their antitrust compliance programs.  

The updated Guidance, like the original guidance, reiterates the necessity of having a “coherent, holistic compliance program taking into account the company’s lines of business and risk profile,” which, if properly designed, should deter and detect potential misconduct under the antitrust laws.  But key additions to the Guidance include using “managers at all levels” to “set the tone from the middle” by “demonstrating to employees the importance of compliance,” involving compliance personnel in “the deployment of AI and other technologies to assess the risks they may pose,” establishing policies that account of the use of “ephemeral messaging or non-company methods of communication,” and applying “data analytics tools in . . . compliance and monitoring.”  With the release of the updated Guidance, companies should review their current compliance policies and work with counsel to make any necessary updates. 

Key Additions to the Antitrust Division’s Updated Guidance

AI and Technology

The design and breadth of compliance programs should account for new and developing technology.  As companies increasingly adopt and implement AI and other advanced technologies, the potential antitrust risks these tools could introduce should be assessed.  The updated Guidance on AI and emerging technologies includes:

• Risk assessment – a company’s risk assessment should address the company’s use of new technologies, “such as artificial intelligence (AI) and algorithmic revenue management software.” This assessment involves evaluating how these technologies are used by the company and identifying potential antitrust risks associated with their use. The Guidance also asks whether a company implemented measures to mitigate antitrust risks before new technologies are fully integrated into business processes.  This includes adopting ways to “detect and correct decisions made by AI or other new technologies that are not consistent with the company’s values.” 
• Understanding of technology – compliance personnel should be actively involved in the adoption and deployment of AI and other new technologies “to assess the risks they may pose.” To effectively do so, compliance personnel should “have an understanding of the AI and other technology tools used by the company.” 
• Keeping current with training – the Guidance also considers whether antitrust training has been updated to “reflect marketplace, legal, technological, or other developments.” This includes whether training “address[es] permissible and nonpermissible uses of new technology including AI.”  

Electronic Communication Channels

The Guidance adds questions pertaining to how companies manage electronic communication channels.

• Non-company communication channels – does a company’s compliance program identify and evaluate all electronic communication channels used by employees? This includes establishing “clear guidelines regarding the use of ephemeral messaging or non-company methods of communication.”  Ephemeral messages automatically delete after a certain time or after a message is viewed.  Apps like WhatsApp, Signal, Telegram, and Snapchat offer such features.  Companies should clarify “the extent to which those communications are permitted” and “when employees must preserve those communications.”    
• Preservation mechanisms – the updated Guidance further asks whether the compliance program defines preservation or deletion settings available for electronic records and whether it articulates “the rationale for the company’s approach to what settings are permitted.”
• Training on “hot” words – if employees are trained on “antitrust ‘hot’ words,” the training should be focused on “detecting and deterring antitrust violations, as opposed to making violations harder to detect.” Training should also be tailored to each employee’s role and industry, and address “specific antitrust violations that have occurred in those industries in the past.”

Management and Culture

The updated Guidance encourages an extension of compliance leadership beyond senior-level executives.  Companies are expected to foster a culture of compliance among “managers at all levels.” 

• Engaging mid-level managers – “managers across the organization” and “at all levels” should demonstrate “the importance of compliance.” This means that mid-level managers should discuss the importance of compliance and model ethical behavior to “set the tone from the middle.”
• Measuring corporate compliance – the updated Guidance also asks whether a company “measure[s] the effectiveness of its compliance program and its culture of compliance” and whether the company responded to its “measurement of the compliance culture.” This may also include an assessment of whether “the company evaluated the appropriate level of resources to devote to the compliance function” and how “the resources allocated to antitrust compliance compare to those devoted to other functions of the company.” 

Monitoring and Reporting

The updated Guidance provides additional considerations for effective monitoring and reporting to ensure compliance, including:

• Data access and analytics – the updated Guidance now asks whether “data analytics tools” are used in compliance and monitoring and whether compliance personnel have access to “all relevant data sources promptly.” The compliance program should monitor both employees and “decision-making by AI.”
• Encourage reporting – companies should assess whether their policies encourage reporting of antitrust violations or chill reporting. This includes assessing “whether employees are willing to report violations” and whether the use of non-disclosure agreements impacts reporting.  In particular, the Division will now ask whether “the company’s NDAs and other employee policies [are] clear that employees can report antitrust violations internally and to government authorities.”
• Standards for internal investigations – compliance policies should also address how a company determines which “complaints or red flags merit further investigation.” This should include steps to “ensure investigations are independent, objective, appropriately conducted, and properly documented.”
• Responses to monitoring – the updated Guidance emphasizes the use of monitoring and auditing to “inform changes to the compliance policy” and to make changes “to account for previous antitrust violations at the company or in the industry in which it participates.”

Application to Civil Antitrust Violations

Finally, investing in a robust antitrust compliance program is important for companies to safeguard against civil antitrust violations as well as to mitigate criminal risks.  The updated Guidance adds that companies “should expect the civil team to consider many of the same factors when assessing the effectiveness of their compliance program as criminal prosecutors do.”  Companies may be able to “avoid court-mandated further compliance and reporting requirements or retention of and supervision by external monitors” by demonstrating a strong compliance program to civil enforcers.

Conclusion

A compliance program that conforms to the Division’s expectations can foster a culture of accountability and ethical behavior, which can help prevent antitrust violations from occurring in the first instance.  If issues do arise, a strong compliance framework can greatly benefit a company by allowing for swift identification and prompt self-disclosure—ensuring the best chance of obtaining the benefits of the Antitrust Division’s Leniency Policy.  Companies should review their existing antitrust compliance policies and procedures to ensure that they address the key additions to the Division’s Guidance and consider updating their policies and procedures to align with this Guidance, where appropriate.   

For assistance reviewing your company’s antitrust compliance policy, please contact the authors of this alert or any member of Stoel Rives’ antitrust team.