In the United States and across Europe, both at the federal level and the state level—antitrust enforcement is on the rise. This means corporate compliance officers need to consider whether their compliance antitrust process is keeping pace with the increasing level of enforcement risk. Let’s start with what regulators have been saying. In July 2019 the Justice Department’s Antitrust Division revamped its guidelines for evaluating corporate compliance programs, and for the first time offered cooperation credit for companies under antitrust investigation that had “effective” compliance programs. That was the carrot. Four months later, the department unveiled the stick: a new “Procurement Collusion Strike Force (PCSF),” where federal prosecutors across the country would work with numerous state and federal agencies to crack down on bid-rigging and price-fixing. The new task force even has its own website, complete with forms where whistleblowers can submit allegations and tips. Bid-rigging is a pervasive antitrust concern since the U.S. federal government alone spends $550 billion annually buying goods and services. Then there are the “deeper” antitrust risks of companies amassing monopoly power, as witnessed by the state and federal antitrust probes into tech giants such as Facebook, Google, and Amazon. And we haven’t even mentioned Europe, where antitrust chief Margrethe Vestager has boldly pushed the limits of her powers to halt exclusive business arrangements while she investigates them. You get the idea: Antitrust enforcement is rising, so companies need to get better at implementing effective compliance antitrust processes.Recent Antitrust Developments
So what does that mean in a practical sense for compliance leaders? What must your program be able to do? And here in the real world of tight budgets and too many other demands, how do you get those tasks done?
Compliance 101: Antitrust Basics
Antitrust violations can come in many forms. Some of the most common are:
- Boycotts:where two or more companies agree not to buy goods or services from some other business.
- Monopolies:where one business amasses so much market strength it can dictate prices to customers or prevent new competitors from entering the field.
- Tying: where you will only sell Product 1 to a customer if he also buys Product 2.
- Bid-rigging:where competitors agree either to coordinate their bids on a transaction (say, building a bridge or buying raw materials) or to take turns bidding on multiple projects.
On the surface, those are very different types of misconduct. All of them, however, do have one common thread—the company is seeking to exercise undue influence over others. So when you perform an antitrust risk assessment, that’s the fundamental question you want to answer: How could our company exercise undue influence over customers or competitors?
For example, a company with only one product is at low risk for tying, because it has no Product 2 to sell. But that same company could be at higher risk for collusion with other businesses that do sell Product 2, where employees for both try to foist some mandatory exclusive arrangement on customers.
That example also underlines the other common thread in most antitrust behaviors. They involve employees exchanging information with others to advance those antitrust schemes. So that’s another fundamental question your antitrust risk assessment should answer: By what means could our company gain or exchange information that would trigger an antitrust violation?
One common example: trade associations. Your sales executives or dealmakers might participate in those associations, hob-nobbing with competitors over drinks at a conference. Do they hatch boycott plans there? Do they carve up potential markets? Do they swipe a competitor’s contract somebody left on the table? These are all real threats to your organization that are likely more common than you'd think.
Building a Compliance Antitrust Process
Those are the basic antitrust behaviors, and the fundamental questions you want to answer in an antitrust risk assessment. That still leaves the challenge of building an antitrust program that can answer those questions at scale, across thousands of employees and amid a complex regulatory environment.
The good news is that compliance antitrust processes are like any other. You need a strong tone at the top, effective risk assessment, clear policies and procedures, training for employees, and monitoring and auditing of the program. So important antitrust compliance program capabilities would include…
Developing clear, relevant policies
Once you perform an antitrust risk assessment, you need to adopt appropriate policies to guide employee behavior: how people interact with competitors, what they can offer to customers, how they participate in trade associations, and so forth.
Matching policies and training to employees
Much antitrust risk involves employees engaging in business practices they shouldn’t. Therefore, do you know which employees might be able to commit those infractions? When employees move into such roles, does the compliance program know about those moves, and can you quickly roll out appropriate training for them?
Integrating market information into risk analyses
For example, if your business wants to acquire a competitor or supplier, would the resulting business then have a market share large enough to trigger monopoly risks or enough products to trigger new tying risks? A compliance officer can’t answer those questions about antitrust risk unless he or she has accurate, complete data about how your company fits into its market sector overall.
This point is also important for compliance with the Hart-Scott-Rodino Act, which requires companies to submit extensive filings with the Federal Trade Commission (FTC) if they want to consummate mergers over a certain size. For 2020, that threshold is $94 million. A company needs proper disclosure controls to capture that information and assure that its FTC filing is accurate and complete.
Automating Your Antitrust Process
Throughout all of these tasks, compliance officers should strive to automate their compliance antitrust processes as much as possible. In some instances, that should be a familiar exercise. For example, connecting your training materials to employees moving into high-risk roles is something that anti-corruption programs have dealt with for years.
Likewise, for highly acquisitive companies (lookin’ at you, pharma and tech sectors), where Hart-Scott-Rodino compliance can be an issue, compliance officers should try to build workflows that automatically collect relevant data from dealmaker teams, so FTC filings are as “minimally manual” as possible.
This may all sound like a lot of work because it is a lot of work—but it’s work that compliance professionals already know how to do. Antitrust expands the range of your compliance program, rather than reinvents it. With a bit of subject-matter expertise, good technology, and a savvy understanding of how compliance programs need to work, you’ll be in good shape for the enforcement environment that now confronts us.
Matt Kelly is an independent compliance consultant and the founder of Radical Compliance, which offers consulting and commentary on corporate compliance, audit, governance, and risk management. Radical Compliance also hosts Matt’s personal blog, where he discusses compliance and governance issues, and the Compliance Jobs Report, covering industry moves and news. Kelly was formerly the editor of Compliance Week. from 2006 to 2015. He was recognized as a "Rising Star of Corporate Governance" by the Millstein Center in 2008 and was listed among Ethisphere’s "Most Influential in Business Ethics" in 2011 (no. 91) and 2013 (no. 77). He resides in Boston, Mass.