Countering Competition Risks: Towards A Culture Of Compliance - Antitrust, EU Competition

An extract from The European Antitrust Review 2012 - a Global Competition Review special report.

Introduction

The broad range of articles in this publication illustrates how pervasive antitrust issues have become. They have spread to affect companies in almost every industry, irrespective of where they do business.

Notwithstanding the variety of different ways that competition law can impact upon a firm, its management and its employees, one common concern cuts across all sectors and jurisdictions – namely, the importance of compliance. This article will consider all aspects of this issue, focusing in particular on the need to instil a culture of compliance within organisations and how this can be achieved most effectively. The article emphasises two key issues: firstly, that the creation of a pervasive 'culture' is the best possible way to limit the risks associated with non-compliance; and secondly, that a 'culture' means more than just a policy or a programme. Rather, we wish to convey the idea of a comprehensive way of thinking, led from the top of a business and permeating throughout.

We begin by considering the risks and potential consequences of non-compliance, before asking how useful a compliance culture really is in tackling those risks. We then identify five hallmarks of an effective compliance culture, and close with our suggestions for the best ways to implement a culture in practice. Consequences of non-compliance

Before looking in detail at how companies can implement and monitor their compliance with competition law, it is appropriate to briefly consider why this matters. The consequences of non-compliance can be very severe, both financially and otherwise, and can impact on not only a company but the management and employees that work for it. We have identified five main risks of non-compliance, below.

Fines

Fines remain the primary tool of public enforcement by almost all competition authorities. The level of fines and the frequency with which they are imposed continues to grow – the European Commission issued cartel fines totalling e3 billion in 2010 against a total of 40 firms, while the highest individual fine imposed to date was the e1.06 billion demanded of Intel in 2009 for abuse of a dominant position. Any firm found guilty of antitrust offences by the European Commission faces penalties of up to 10 per cent of its worldwide turnover. In addition to the Commission and the US Department of Justice, national authorities such as those in Germany, Spain and Brazil have also started to impose significant antitrust fines.

Private enforcement

Since the publication of its White Paper on antitrust damages actions in 2008, the Commission has actively encouraged private enforcement against non-compliance and expects national authorities to do the same. Parties that have suffered damage as a result of breaches of competition law can sue for damages, and increasingly do so. They can also request national courts to issue injunctions to cease anticompetitive conduct. Once the European Commission has taken a decision, a plaintiff does not need to prove an infringement. This potentially places the defendant in a very vulnerable position.

Individual liability

In several jurisdictions, including the US and the UK, individual management and employees can face trial for their personal responsibility for corporate antitrust offences. Jail terms can be imposed as well as heavy individual fines. Directors may also find themselves disqualified for lengthy periods, as in the UK.

Commercial risk

In addition to the direct penalties that both companies and their representatives can suffer, non-compliance can also trigger a wider commercial risk. Agreements, or at least parts of agreements, that breach competition law can be rendered void and unenforceable. This could cause significant disruption to business, not to mention having severe financial implications.

Collateral damage

Finally, companies should consider the serious collateral damage that can be caused by failing to comply with competition law. Responding to an investigation, once one has been triggered due to suspected anti-competitive behaviour, can be very costly and will require a major investment of management time potentially over the course of many years. Moreover, an adverse finding (or public awareness that an investigation is taking place at all) can lead to reputational damage, destroying overnight business relationships and brand value that have taken years to build.

Can a compliance culture help?

Of the five potential consequences listed above, fines typically stand out as the greatest concern to companies due to the direct impact they have on the bottom line. In this light, one often-asked question is whether there is any benefit to a company investing in a compliance programme. In other words, can it help a company mitigate its exposure to fines in the event of non-compliance, either by showing the business' good intentions to comply or by suggesting that the breach was the fault of a rogue individual acting contrary to company policy?

Unfortunately, there is no hard and fast answer. Some competition authorities categorically do not regard compliance programmes as a mitigating factor, while others may take good faith efforts into consideration when assessing the appropriate level of a fine – but only in some circumstances and by no means as a uniform approach that companies can bank on.

The latter group includes each of the major English-speaking jurisdictions of the UK, the US, Canada and Australia, as well as others such as Brazil. For example, the Office of Fair Trading (OFT) recently published guidance on competition law compliance¹ in which it states that, at its complete discretion, the OFT may reduce the level EU: Compliance 16 The European Antitrust Review 2012 of a fine by up to 10 per cent where it is satisfied that adequate steps have been taken towards ensuring competition law compliance, such that a reduction in fine is justified. This is in the context, however, of the OFT's emphasis that its 'starting point in relation to penalty setting for businesses that have undertaken compliance activities is neutral: there are no automatic discounts or increases in the level of financial penalty if the business has undertaken compliance activities.' Importantly, the OFT also makes it clear that if a discount is appropriate then this can be granted on the basis of compliance efforts undertaken either prior to the infringement or 'implemented quickly following the business first becoming aware of the potential competition infringement.'

By contrast, there has been a deliberate and explicit move away from such a policy by the European Commission over several years. During the 1980s, the European Commission did, in certain circumstances, deem it appropriate to reduce the level of a fine imposed on a company in breach of antitrust laws after recognising a compliance programme as a mitigating factor.² This was considered to be 'a positive step that contributes to an awareness at all levels of the group of the daily impact of competition policy'. However, the Commission has adopted a harder line in recent cases³ by refusing to recognise compliance programmes as mitigating factors when setting the level of fines, stating that attempts at compliance do not change the reality of the infringement. This approach has been subsequently upheld in the European courts.⁴ The Commission is not required to consider a compliance programme to be a mitigating factor, and the mere fact that it has done so in previous cases does not oblige it to decide future cases in the same way.⁵

The Commission's current stance could not be summarised better than it was by Joaquín Almunia, vice president of the European Commission responsible for competition policy, in a speech in 2010:

To those who ask us to lower our fines where companies have a compliance programme, I say this: if we are discussing a fine, then you have been involved in a cartel; why should I reward a compliance programme that has failed? The benefit of a compliance programme is that your company reduces the risk that it is involved in a cartel in the first place. That is where you earn your reward.⁶

The Commission's approach arguably overlooks the positive incentive effect of rewarding good faith attempts at compliance, as recognised by the OFT and others. Nevertheless, the old adage that 'prevention is better than cure' seems apt. Companies should be sure to promote a robust culture of compliance within their organisations that is both understood and respected in order to reduce their exposure to increasingly severe sanctions from ever-more vigilant authorities. With this in mind, we turn now to how they should go about doing so.

Hallmarks of a compliance culture

Throughout this article, we deliberately refer to a 'compliance culture' rather than a 'compliance policy'. By doing so, we wish to emphasise that the most effective way for a company to protect itself from the risks of non-compliance is to establish a mindset aware of competition law and the obligations that flow from it that permeates throughout the organisation from top to bottom. We are not alone in doing so: the OFT's recent guidance,⁷ for instance, refers repeatedly to helping businesses maintain a 'culture of compliance with competition law'.

The majority of larger firms (and many smaller ones) will be aware of competition law risks, and many will have taken some steps towards ensuring compliance. We suggest, however, that a lot of companies should re-consider whether efforts they have made in the past are sufficient. As fines for antitrust offences spiral ever higher, awareness of private enforcement grows and – perhaps most worrying of all, for individual directors – the threat of personal civil or criminal actions becomes more and more apparent, real attention must be paid to ensuring that the procedures in place are watertight. As vice president Almunia has made clear, the Commission will not reward a firm's token effort. Simply put, an occasional slideshow and a few multiple-choice questions on the basics of antitrust will no longer cut it.

To illustrate, we have identified five hallmarks of an effective compliance culture that should place a firm in the best possible position to protect itself.

Top-down leadership

The adoption of a compliance culture must be driven by a firm's most senior management. More than just management buy-in, this means management leadership of and responsibility for instilling principles of compliance in every aspect of a firm's day-to-day business. Starting from the top, the board must show what the OFT calls 'clear and unambiguous commitment' to compliance. This commitment is best expressed explicitly, for instance, through a board memo or the board's adoption of a compliance mission statement, described below.

Uniform commitment

From the firm's board and management, the importance of compliance must filter both down and across – reaching each business team, at every level, in every country where it does business. All staff must appreciate the consequences of non-compliance both for the company and for themselves. It is difficult for corporations to attribute breaches of antitrust law to a 'rogue' individual, so if competition authorities will attribute corporate responsibility to them then they must attribute individual responsibility to each employee.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Positive awareness

Perhaps the most obvious hallmark of a compliance culture is that it instils awareness of key competition issues throughout the organisation. This should include: knowing what conduct is prohibited by competition law; what requires particular care; and what is generally permitted. All of this should be placed in the practical context of the company's day-to-day business and be applied to the role of each employee.

This one aspect is the start and end of many companies' compliance efforts usually, based on training programmes – despite the fact that, as the OFT emphasises, 'Training measures by themselves are unlikely to achieve a culture of compliance for the business'.⁸ In order to be in any way effective, training must deliver the right level of awareness on the issues that really matter to the right people (considered in more detail below). Above all, that awareness must be kept up to date on a continuous basis – hence the need to build regular 'refresher' sessions into any training programme and to monitor carefully changes and developments in the law.

Fail-safe systems

Establishing a compliance culture in a firm requires putting in place systems to ensure that competition risks are identified reliably and responded to swiftly. This means creating a compliance reporting structure so that each employee has a clear line of communication to a colleague able to address compliance issues, either directly or EU: Compliance by referring them to another adviser (internally or externally). The nature of this structure will vary depending on the size and organisation of the company in question. In some cases, it may be sufficient to appoint a single compliance officer who fields all queries and has sufficient knowledge to either handle them directly or seek appropriate advice from elsewhere. In larger firms, it may be appropriate to install compliance officers in each business unit, team or office, reporting to an overall head of compliance. Many firms often find it useful to establish a compliance help desk or hotline: a central port of call for all compliance issues, either within the firm or operated by external lawyers. One final consideration is to ensure that all employees can and will use these reporting structures when necessary. It must be clear that all compliance issues should be reported and that internal whistle-blowing is not only tolerated, but expected.

Tailored to fit

Lastly, and perhaps most importantly, the compliance culture must be built around the needs of the company. The OFT describes this as taking a 'risk-based' approach: identifying the risks that a company faces, the individuals most likely to be exposed to them and to expose the company to them, and establishing a compliance culture responsive to those risks. Essentially, this involves looking at how the company does business and considering the particular competition law issues it may face. Could the firm be considered a market leader (such that it might be exposed to claims of dominance)? Does it participate in trade associations or gather and exchange market information? Is it part of a mature industry with a concentrated group of players? Does it routinely interact with wholesalers or distributors, or with suppliers? Does it cooperate with competitors (whether in formal joint ventures or informally and sporadically)? These factors and others must be taken into account to ensure that the compliance culture is tailored to fit the business. In addition, as and when the company's circumstances change, its compliance culture must change with them.

Implementing a compliance culture: practical steps

So far, we have looked at relatively high-level issues to do with the compliance culture – including the five elements that, we believe, form a fundamental framework for compliance. In this section, we will consider in more detail the practical issues of implementing a compliance culture, step-by-step.

Preparation and initial audit

The first step in implementing a compliance culture stems from the last point raised in the previous section – tailoring compliance to the business. Before any other action is taken, it is vital to carry out a full review of the company's business and the potential competition exposure it may face. This risk assessment will make it possible to target the compliance statement, guidelines, training and all other aspects of the culture specifically to the company's needs. At this preparatory stage, it is often advisable to conduct a full antitrust audit of the company. As well as identifying any particular risks faced (including liability for past conduct), the audit should also include a review of the company's standard agreements and precedents, and the existing document retention and destruction policy (if one is in place).

Compliance guidelines

Once the initial risk assessment and audit has been completed, and the company's objectives have been clearly identified, the next step is to begin work on the compliance guidelines. This is the essential tool that will be issued to all employees (typically following their training) and which will be their first point of reference for any competition or compliance-related issues. The guidelines should: provide an essential overview of competition law principles; identify the key risks the firm may face and its policy in responding to them; explain the firm's compliance reporting structure; and specify the responsibilities and duties of each employee. Like most aspects of compliance, one size will probably not fit all: it may be necessary to either include specific chapters addressing the issues that each team or business unit will face, or to prepare tailored guidelines for different teams.

Board statement

We emphasised above the importance of top-down leadership in instilling a compliance culture. As noted, to this end many companies adopt a mission statement that openly expresses the company's commitment to compliance. The statement should commit the company to complying with all applicable competition laws in any jurisdiction in which it does business and make it clear that compliance is a duty of every employee. The statement may also make clear that breaches of the company's compliance commitment will not be tolerated and any employee doing so will face disciplinary sanctions. Many companies will already have similar statements in place to express their compliance with, for example, the Foreign Corrupt Practices Act. If such a statement is to be issued, it is most effective to make doing so the first 'public' step in the compliance exercise, raising awareness of the new (or renewed) focus on compliance before starting a training programme.

Compliance training

Any company that has tried to implement a compliance programme will appreciate that simply issuing guidelines to staff will not be sufficient to communicate the firm's policy, raise awareness of key issues, and promote a sense of corporate and individual responsibility. Far more effective is to deliver direct training seminars or workshops. Doing so allows employees to interact with their instructors and raise specific issues or concerns (including, very often, those that have not been foreseen by the instructor). From the instructor's perspective, training sessions are an opportunity to see whether the key messages have been conveyed and understood. More importantly, they allow the instructor to find out whether the people that will be responsible for implementing the culture on a day-to-day basis believe that it is viable in practice.

Careful thought should be given to who will receive training. This may be a wider group than expected, including all business units from R&D to sales and marketing, those responsible for corporate strategy and financial planning, as well as some ancillary staff. For example, secretaries and receptionists should be trained in appropriate handling of competition authority on-site investigations (or 'dawn raids'), to which they will often be the first to respond. Similarly, IT staff will be integral to the implementation of a document retention and destruction policy. In this light, it is important to make training sessions as relevant as possible for each attendee. If feasible, it may be most efficient to train different teams separately, perhaps as break-out sessions from a main seminar provided to all.

Ongoing monitoring

The work of implementing a compliance culture does not end once the guidelines have been circulated and the training sessions completed – it is vital that firms actively monitor their own compliance on an ongoing basis. We explained that an antitrust audit should be carried out at the outset of this process. Subsequently, there should EU: Compliance be routine audits of agreements that the company enters into, especially if these move away from approved precedents.

At some point after employees have received their training, it may be appropriate to test them to ensure that they have absorbed and understood the key aspects of compliance. Such tests can easily be set up online, giving employees the flexibility to take them whenever is convenient – and allowing marks to be gathered to assess whether the training was successful. Dates should also be set for 'refresher' training sessions, which may be led internally by the compliance officer or officers (once in place). As well as monitoring, it might also be useful to test the systems that have been established; for example, by way of a mock dawn raid or an unannounced IT audit.

Internal reporting

The last key step, also to be carried out on an ongoing basis, is to establish regular reporting on compliance issues from the compliance officer or officers to the board. This will reflect the management's leadership of the compliance culture and can also be used to identify any weaknesses in the system, re-tailor the culture appropriately and consider new guidelines or training as appropriate. Implementing an internal reporting system should also ensure that potential threats of competition exposure are recognised at an early stage, brought to the attention of senior management and dealt with appropriately.

Conclusion

The aim of this article has not been to scaremonger or exaggerate the chances of being fined or otherwise sanctioned for breaching competition law. A culture of compliance need not become a culture of fear – indeed, it should be made explicit in all training programmes that compliance is beneficial for both companies and individuals. The most effective compliance programmes emphasise that compliance is 'the first choice', not 'the only option'. Moreover, better awareness of competition issues can not only mitigate the risks facing a business but also free that business up to compete more aggressively and confidently. It also allows the business' management and employees to be conscious that others may be breaching rules in ways that harm them, and enable them to take steps to protect their interests. We have sought to convey the importance of instilling a compliance culture as part of an overall corporate ethos, as well as considering how this can be achieved in practice. No company can escape the duties and responsibilities of competition law, but all companies can avoid unnecessary risks and undue harm to their business through effective and timely compliance.

Footnotes

^{1 O ffice of Fair Trading, 'How Your Business Can A
chieve Compliance With Competition L aw' (June 2011), O
FT1341.}

^{2 National Panasonic [1982] O J L 354/28;
Fisher-Price/Quaker Oats [1988] OJ L 49/19;
Eurofix-Bauco/Hilti [1988] O J L 65/19;
VIHO/Toshiba [1991] O J L287/39; VIHO/Parker Pen
[1992] O J L 233/27.}

^{3 Copper Plumbing Tubes C(2004) 2826; Cholin
chloride C(2004) 4717; Thread C(2005) 3765,
Rn.373-375; Rubber Chemicals C(2005) 5592; Bitumen
Nederland C(2006) 4090; Methacrylate C(2006) 2098;
Elevators and Escalators C(2007) 512.}

^{4 Degussa AG v Commission of the European
Communities (T-279/02) [2008] 5 CML R 1; Bolloré SA
v Commission of the European Communities (T-109/02) [2006] ECR
II-947; [2007] 5 CML R 2.}

^{5 Degussa AG v Commission of the European
Communities (T-279/02) [2008] 5 CML R 1,.}

^{6 SPEECH/10/586 (2010).}

^{7 O ffice of Fair Trading, 'How Your Business Can A
chieve Compliance With Competition L aw' (June 2011), O
FT1341.}

^{8 Office of Fair Trading, 'How Your Business Can A
chieve Compliance With Competition L aw' (June 2011), paragraph
5.10.}