• The Antitrust Division at the U.S. Department of Justice recently released guidance on what an acceptable antitrust compliance program should look like.
• Companies should take this opportunity to examine their compliance programs and make adjustments as necessary.

On November 12, 2024, the Antitrust Division at the U.S. Department of Justice published updated guidance on how the agency will evaluate corporate antitrust compliance programs. The updates reflect the Antitrust Division’s rising expectations for antitrust compliance programs and introduce several areas of focus that may not be sufficiently addressed in companies’ current compliance programs.

In particular, the new guidance details what the agency will consider as an acceptable compliance program when evaluating whether to charge a company criminally with violating the antitrust laws and when making criminal sentencing recommendations. Of course, a strong antitrust compliance program can also prevent or mitigate civil antitrust exposure (i.e., injunctive relief, fines, reputational damage, business disruption and loss, etc.). Simply delivering an annual training presentation discussing the antitrust laws is not likely to meet the updated bar set by the Antitrust Division, and companies should consider whether the robustness of their antitrust compliance program comports with the new guidance.

The Antitrust Division acknowledges that antitrust compliance is not one-size-fits-all. Rather, companies should craft a “coherent, holistic compliance program taking into account the company’s lines of business and risk profile.” Generally, smaller companies with a limited risk profile are not expected to administer a program similar in scale and scope to that of larger companies with higher risk profiles.

The Antitrust Division assesses a company’s antitrust compliance program by looking at the following factors:

• the design and comprehensiveness of the program;

• the culture of compliance within the company;

• responsibility for, and resources dedicated to, antitrust compliance;

• antitrust risk assessment techniques;

• compliance training and communication to employees;

• monitoring and auditing techniques, including continued review, evaluation and revision of the antitrust compliance program;

• reporting mechanisms;

• compliance incentives and discipline; and

• remediation methods.

These factors align with and expand upon DOJ’s department-wide guidance relating to the Evaluation of Corporate Compliance Programs (“ECCP”). The ECCP guidance, which was first issued in 2017, centers on three fundamental questions: (1) is a company’s compliance program well designed; (2) is the program applied earnestly and in good faith, with adequate resourcing and empowerment; and (3) is the program working in practice. Notably, the most recent update to the ECCP, in September 2024, places increased emphasis on post-acquisition integration of acquired companies. It requires prosecutors to assess an acquiring company’s process for implementing compliance policies and procedures at the acquired entity and to conduct post-acquisition audits. DOJ also asks what role the compliance and risk management functions have in planning and executing the integration process, how the company oversees compliance at the acquired business and how the new business is integrated into the company’s risk assessment procedures. Accordingly, companies must take care to ensure that a robust antitrust compliance program is deployed across the enterprise and that newly acquired entities are integrated into the program expeditiously.

We do not address each factor in the detail set forth in the Antitrust Division’s guidance but do highlight below some of the important tenets as well as industry best practices. The points below apply equally to U.S. companies and non-U.S. companies doing business in or into the United States.

Well Designed and Comprehensive. A strong antitrust compliance program is integrated into a company’s larger compliance program. The materials are updated frequently. The program should include the means to track engagement where antitrust risk is greatest (e.g., attendance at trade association meetings or contacts/dealings with competitors). Employee training should not only address the scope of the antitrust laws but also reporting of potential antitrust violations and document preservation.

Culture of Compliance. Senior leadership, including the board of directors and senior executives, should be involved in fostering a positive and robust compliance culture and be held accountable for compliance failures. Those leaders should be integral to employee messaging around compliance conformity and enforce a zero-tolerance policy toward antitrust violations. The board, executives and board committees should address compliance at their meetings and be apprised of the company’s compliance efforts.

Program Leadership. Individuals with compliance experience and sufficient resources should administer the company’s antitrust compliance program. The individual with overall responsibility for the compliance program should be senior and have access to the board or board committees and brief those persons on the administration of the program. Depending on the size of the company, dedicated compliance functions may be necessary. A review of the efficacy of the antitrust program should be periodically undertaken and documented.

Risk Assessment. The company should assess where in its business antitrust violations are likely to occur and tailor its compliance program accordingly. The assessment should address, among other topics: (a) interactions with competitors; (b) human resources and hiring practices; (c) the types of communication media employed by the company’s employees; (d) the use of algorithms, benchmarking and artificial intelligence; (e) the information available to the company to detect antitrust violations; and (f) risk-mitigation measures available and employed.

Communication with Employees. Training should be interactive and address not only antitrust violations but also the means of reporting such violations and how to use company tools for antitrust compliance (e.g., applications for reporting meetings with trade associations or on-demand training courses). Employees should certify attendance at trainings as well as conformity with compliance policies and codes of conduct. For many companies (e.g., those with diverse lines of business or multijurisdictional businesses), antitrust training should be tailored and adjusted to meet the varied risks and employee responsibilities. Industry lessons-learned should be incorporated in periodic revisions to the training. Documentation of trainings should be kept.

Monitoring and Auditing. The purpose of an antitrust compliance program should be to both detect and prevent antitrust violations. Companies should periodically engage in antitrust compliance evaluation, including monitoring and auditing. For many companies, conformity with the guidelines requires periodic antitrust audits and using software to screen communications for potential violations. Compliance personnel should produce a report on the effectiveness of the company’s antitrust compliance program that includes the results of any audit, detection of any potential violations and how the company compliance program is being adjusted to address these points.

Confidential Reporting. The company should employ a system for confidentially reporting potential antitrust violations, and company leadership should endorse its use. Reports of potential violations should be investigated, with the results of the investigation (including any remedial actions) documented. Failure by an employee to report a violation should have consequences. Affirmative measures should be taken to ensure that employees neither fear nor face retaliation for reporting potential violations.

Incentivized Compliance. The company should employ incentives that encourage compliance program participation, including negative compensation consequences and disciplinary measures for compliance shortcomings and/or antitrust violations. These incentives should apply across all levels of the company and should be publicized.

Remediation. The company should have a plan to address antitrust violations that includes examination of where controls failed, revisions to internal controls, publication of any changes implemented, escalation and reporting to authorities when appropriate and senior leadership involvement.

At Debevoise, we can help you by:

• advising on the appropriate scale and scope of your company’s antitrust compliance program;

• assisting in crafting an antitrust compliance program using industry best practices and meeting the Antitrust Division’s latest guidance;

• diligencing the antitrust compliance programs of transaction targets and identifying shorftalls and risks; and

• delivering antitrust compliance training.

This publication is for general information purposes only. It is not intended to provide, nor is it to be used as, a substitute for legal advice. In some jurisdictions it may be considered attorney advertising.