The ECCP has no force of law but provides Division prosecutors with guidance on how to evaluate a company’s compliance program when making charging decisions and sentencing recommendations. In this way, the ECCP provides helpful insight to companies that seek to mitigate the risk of antitrust violations through a compliance program.
The key questions the Division asks when evaluating corporate compliance programs have changed slightly (changes are underlined):
- “Is the corporation’s compliance program well designed?”
- “Is the program being applied earnestly and in good faith? In other words, is the program adequately resourced and empowered to function effectively?”
- “Does the corporation’s compliance program work in practice?”
The notable modification to the second question highlights the need for more proactive compliance policies that are supported by the organization.
The most significant changes to the underlying policy focus on AI and technology, communication channels, management, and culture, as well as monitoring and reporting. Additionally, the updated ECCP addresses its application to civil contexts.
AI and technology
The use of data, analytics, and emerging technologies have been a focus for DOJ for some time now. Indeed, in September of this year DOJ’s Criminal Division updated its ECCP to address how companies should protect against misuse of new technologies. So, it comes as no surprise that the Antitrust Division’s updated ECCP adds similar guidance on artificial intelligence (AI). As companies increasingly adopt AI and other advanced technologies, it is crucial to proactively assess the potential antitrust risks these tools introduce. A robust compliance strategy must evolve alongside technological advancements to ensure ethical standards and regulatory adherence. Compliance should be considered as early as the design phase of new technologies. The new guidance on AI includes:
Risk assessment — Antitrust risk assessments should explicitly address the use of new technologies, including “AI and algorithmic revenue management software.” This involves evaluating how these tools impact business operations and identifying potential antitrust risks associated with their deployment, in particular, the potential for these tools to enable price-fixing and other types of collusion.
Proactive risk mitigation — As new technologies are introduced, companies must implement measures to mitigate risks before the technologies are fully integrated into business processes. For example, Companies should establish mechanisms to quickly “detect and correct decisions made by AI or other new technologies that are not consistent with the company’s values.”
Compliance personnel’s understanding of technology — Compliance personnel should be actively involved in the deployment of AI and other technologies. To effectively do this, “the compliance organization [should] have an understanding of the AI and other technology tools used by the company.” Knowledge of new technologies, including their capabilities and functions, before they are adopted by a company is essential for identifying potential compliance issues and ensuring that the tools align with the company’s values.
Communication channels
The updated ECCP adds questions about how companies manage electronic communication channels in relation to antitrust compliance. These changes include the following:
Guidelines for non-company communication channels — Compliance programs should identify and evaluate all electronic communication channels utilized by employees, including non-standard channels. Companies should establish clear guidelines regarding “the use of ephemeral messaging or non-company methods of communication.” Ephemeral messaging deletes messages after a certain time or after being viewed. Many apps, such as WhatsApp, Snapchat, and Signal, offer ephemeral messaging features. Companies need to clarify when such communications are “permitted” and when “employees must preserve those communications.”
Preservation mechanisms — A compliance program should not just define the settings that control the preservation and deletion of electronic records, but should also articulate “the rationale for the company’s approach to what settings are permitted.”
Training on “hot” words — The ECCP now notes that if employees are trained on “antitrust ‘hot’ words,” the training should be on “detecting and deterring antitrust violations, as opposed to making antitrust violations harder to detect.” In addition, companies should tailor training to each employee’s role and the industry, incorporating “specific antitrust violations that have occurred in those industries in the past.”
Management and culture
The updated ECCP encourages a shift in compliance leadership beyond senior level executives. The Division now expects companies to foster a culture of compliance that actively engages “managers at all levels.”
Engaging mid-level managers — The ECCP now asks how “managers at all levels” demonstrate a commitment to antitrust compliance. This requires mid-level managers to discuss compliance and model ethical behavior in everyday operations to “set the tone from the middle.”
Measuring compliance culture — Beyond merely fostering a culture of compliance, companies should now “measure the effectiveness of . . . [their] culture of compliance.” Hiring and incentives should “reinforce [the] commitment to [an] ethical culture.” And what is more, companies should “respon[d] to [their] measurement of the compliance culture” to improve it if necessary.
Monitoring and reporting
The updated ECCP provides additional considerations for effective monitoring and reporting to ensure compliance with antitrust regulations, including the following:
Data access & analytics — The ECCP now asks whether compliance personnel can “access all relevant data sources promptly” and if they are “using data analytics tools.” These tools should be used to monitor employees and AI decision making.
Encouraging reporting — The ECCP added new questions about reporting and treatment of whistleblowers. Companies should determine whether their policies “encourag[e] reporting antitrust violations” or “chill[] reporting.” The compliance program should assess employee “willing[ness] to report violations.” Additionally, companies should now consider how NDAs may impact reporting. The Division will ask whether “NDAs and other employee policies [are] clear that employees can report antitrust violations internally and to government authorities.”
Internal investigation standards — The updated ECCP asks whether the compliance policy includes clear standards to determine which violations “merit further investigation.” It should include steps “to ensure investigations are independent, objective, appropriately conducted, and properly documented.”
Responding to monitoring — Additions to the ECCP emphasize using monitoring and auditing to “inform changes to the compliance policy” and to make amendments to “account for previous antitrust violations at the company or in the industry.”
Application to civil antitrust violations
Investing in a robust antitrust compliance program is essential for companies not only to mitigate criminal risks, but also to safeguard against civil antitrust violations. The updated ECCP adds that companies “should expect the civil team to consider many of the same factors when assessing the effectiveness of their compliance program as criminal prosecutors do.” Demonstrating a strong compliance program to civil enforcers can “avoid court-mandated further compliance and reporting requirements or retention of and supervision by external monitors.”
Conclusion
A well-designed compliance program fosters a culture of accountability and ethical behavior, which can help prevent antitrust violations from occurring in the first place. If issues do arise, a strong compliance framework enables companies to self-disclose promptly — ensuring the best chance of obtaining the benefits of the Antitrust Division’s Leniency Policy — and cooperate with investigations, which demonstrates a commitment to rectifying any problems. The latest updates to the ECCP demonstrate the Division’s expectation that companies adopt more proactive compliance programs.