When Competition Can't Kill: Building And Maintaining An Effective Antitrust Compliance Program

Monday, February 1, 2010 - 01:00

Seth M. Cohen

Zurich Financial Services

As the news of wide-ranging investigations, record fines and industry-changing settlements continues to break at an unprecedented pace, it is little surprise that the word "antitrust" strikes fear in the hearts of those in the corporate world, both here and abroad. For management, fear could involve a massive fine, levied by the United States Department of Justice (DOJ), eating away the bottom line and damaging the company's reputation. For counsel, fear could be the prospect of a long European Union (EU) Competition Commission investigation, tying up inside counsel while resulting in millions in external counsel fees. For employees, the word could engender a different kind of fear- the fear of not knowing what antitrust means to them personally and to their job.

Many corporations are therefore contemplating their own response, perhaps in the form of an antitrust compliance program that could mitigate legal or regulatory antitrust risk. In emerging markets, regulatory frameworks and the culture of enforcement are nascent. In more established jurisdictions, standards are more sophisticated, and the presence of a robust compliance program designed to prevent and detect compliance violations offers the prospect of leniency. In the United States, the Sentencing Guidelines for Organizations, originally adopted in 1991 and revised in 2004, explicitly call for consideration of a reduction of fines if a corporation has an effective compliance program, including as it pertains to key risk areas such as antitrust. The Sentencing Guidelines also highlight key aspects of such a program, including elements such as risk assessments, policies and procedures, and training and communication.

Where To Begin? Assess Your Risks

The concept of a compliance-specific risk assessment is well established in many corporations as a vehicle for evaluating the potential financial impact of a specific occurrence versus the probability that an incident might occur. This evaluation serves to identify the gross or unmitigated risk versus the net risk, which is the risk that remains when internal processes and controls are taken into account. The risk assessment can take many forms, but generally includes a workshop-type session with representatives of key business areas and support functions. A properly facilitated compliance risk assessment (led by a knowledgeable representative of Compliance, Legal and/or Risk) can shed light on key legal and regulatory issues.

Antitrust risks typically fall within three main domains: agreements that restrict competition, abuse of a dominant position, and merger control. While the purpose of competition or antitrust laws is generally to protect and foster free and fair competition, most antitrust considerations are commonly viewed from two widely different perspectives - that of the customer or consumer, and that of a competitor. A third, more complicated view is derived from the relationship of the company with its intermediaries, such as agents, brokers or other middlemen.

One practical way to focus such an assessment is to provide concrete examples of behavior or business practices that might raise red flags. For example, competitors might arrange to share certain confidential or proprietary information that could be viewed as collusive or a horizontal arrangement. Factors to consider include: whether proprietary information has been shared with any party; industry practices for sharing such information; regulatory or legal precedent; and whether the company or its competitors recently faced fines or penalties for such behavior. (One caveat: companies should have mechanisms in place for escalating potential compliance violations surfaced during these assessments to Compliance or Legal personnel, so that a separate inquiry or investigation, possibly under the auspices of attorney-client privilege, is undertaken to properly determine whether a violation did in fact occur.)

If a company's compliance risk assessment does not consider antitrust risks with sufficient granularity, another approach is to execute an antitrust-specific risk assessment. Typically, this type of approach takes a more comprehensive look at the competitive landscape; for example, the assessment might evaluate each activity within the frame of a company's business relationships, such as focusing on arrangements with competitors, agreements with third parties or intermediaries, and customer-focused relationships. Further, other topics of interest, such as market share, mergers and acquisitions, and pricing decisions could receive additional attention. Such an assessment could be a standalone process, involving a separate workshop, or an added piece of a compliance risk assessment or other operational assessment.

Making Your Plan

Once the risk assessment is complete and the results are confirmed by the business, the net risks are prioritized and mitigation activities are identified to address them. This forms the foundation for a compliance plan.The development of this plan follows the same chronology as operational or functional plans, such as those created by business units, typically aligning with fiscal or calendar years. A compliance plan will address areas such as resources, policies and guidance, and training and communication programs. The sub-activities for each of these areas should have achievable start and end dates, with other measurement criteria identified to determine the success of each endeavor.

Resources

Most companies do not have a dedicated internal antitrust subject-matter expert (or experts); rather, they rely on external counsel and/or individuals in the Legal or Compliance functions that handle matters that intersect with antitrust issues. These areas include consumer protection, mergers and acquisitions, new product development, confidential and/or proprietary information, and other transactional matters. Moreover, in a multinational setting, antitrust resources may only be knowledgeable about laws and regulatory matters in specific jurisdictions, or they might have more regional or global expertise.

Some companies create pools, centers of excellence, or practice groups focused on particular subject matter areas. Such groups may take on a number of roles, including addressing questions or inquiries originating from the business, conducting risk assessments, developing or reviewing policies or guidance, or conducting training. Whether a company has one or many antitrust resources, it is important that their presence is well advertised within the corporate universe.

Policies And Guidance

Multinational companies often issue centralized, group-wide policies, with local supplements or addenda that reflect specific variations in laws or regulations within their jurisdiction. Group-wide antitrust policies typically focus on common principles of free and fair competition. Prohibited behaviors that fit into this category include price or supply fixing, or market allocation. Beyond these areas, a group-wide policy may identify areas of concern that require consultation with local Legal or Compliance personnel.

Domestic companies or multinational companies with a presence in the United States focus their policies or supplements on Sherman and Clayton Act concerns and, where applicable, state laws and regulations. State consumer protection and unfair trade practice frameworks, while not technically antitrust matters, are generally included in antitrust policies. For example, insurance companies may be prohibited from tying or bundling products by state insurance and consumer protection laws.

Given the complexity of antitrust laws and regulations, corporate antitrust policies are generally accompanied by guidance that assists employees in the identification of potentially problematic situations. A common tool is a Frequently Asked Questions (FAQs) document that presents "real world" questions posed to Legal or Compliance personnel by front-line business personnel or even management. FAQs are often employees' first stop in their quest for answers; to mitigate the risk of bypassing the corporate policy, the FAQs should cross-reference statements of policy and available resources. The FAQs should also be updated on a regular basis, incorporating recent developments, scenarios or questions addressed by Legal and Compliance personnel.

Issuing more targeted guidance depends on a company's risk profile, which may include external considerations. For example, if a company frequently sends a large number of employees to trade or industry associations, a separate reference document may be appropriate to guide employees as to what conversations may be problematic or "out of bounds" at such meetings or during dinners and side sessions. Many companies also have a page of "red flags" or key antitrust concerns or considerations.

Training And Communication

Few argue that the most effective form of training is face-to-face training, occurring in a "classroom." This might consist of a scheduled course offering or as a component of a meeting or business unit conference. However, in the world of expense reduction, e-conferences and virtual meetings have replaced many of these opportunities, and Legal and Compliance professionals who are responsible for training programs have had to adjust their training plans.

Given these considerations, computer-based training has become the format of choice for many companies to provide general overviews or awareness. However, others may require face-to-face training due to their risk profile, which might include a history of consent orders, deferred prosecution agreements or other enforcement activity. Whether training is delivered in person or through a computer, the presentation of real business examples or scenarios engages employees. For example, an antitrust hypothetical may present a dialogue between two salespeople at competing companies. The discussion may involve current pricing of a particular product, individual or other sales targets, and long-term strategies. Each of these elements may pose particular antitrust questions. In a classroom setting, smaller groups might work through a particular element of this hypothetical and ultimately debrief with the larger training group. A computer-based training course may capture this dialogue through actors in an audio or video vignette, with interactive questions posed to the trainee.

Another virtual option is a web conference, offered live and recorded for later viewing. One option for such a webcast is utilizing subject matter experts to present pre-submitted audience questions and answers. Many online conference tools provide a means to ask questions during the session. As a result, some time should be set aside to take questions live - and either provide answers at that time, or, if necessary, respond directly to the employee at a later time, while adding the query to the company's antitrust FAQs.

Training events provide good opportunities to raise antitrust awareness with an article posted to the company Intranet providing a recap of the session. Other articles may announce changes to policies and guidance, address recent legal or regulatory developments, or highlight questions or scenarios of interest across the enterprise. Another, more comprehensive option is an antitrust-focused edition of a quarterly Compliance newsletter, posted on the general and Compliance areas of the company Intranet and sent via e-mail to selected groups. Each article, and any training session, should be sure to emphasize available resources, including subject matter experts, the company hotline and other contacts. Some companies have even established a dedicated antitrust e-mail address (antitrust@companyname.com), to which employees can send questions or other inquiries.

Keeping It Real: Evaluate, Refresh And Renew

With these components of an antitrust compliance program in place, a company may feel confident that it is proactively addressing its antitrust risks. However, like any compliance program, continuous evaluation and improvement are critical features. This may include individual surveys, reviews by Compliance, i.e., through a Compliance monitoring or auditing team, if one is in place, or a formal internal audit. While findings or recommendations from such a review should be addressed, the annual risk assessment process described also serves to identify gaps or other areas of concern. Once that process concludes, the planning process for next year's antitrust program begins anew.

Seth M. Cohen is Head of Policy and Processes, Office of Compliance North America, Zurich Financial Services. Zurich neither endorses nor rejects the recommendations of the discussion presented.Further, the comments contained in this article are for general distribution and cannot apply to any single set of specific circumstances. If you have a legal issue to which you believe this article relates, we urge you to consult your own legal counsel.

Please email the author at seth.cohen@zurichna.com with questions about this article.