Among the biggest risks facing companies today are investigations and violations of criminal antitrust and anti-corruption laws. Investigations by the Antitrust and Criminal Divisions of the United States Department of Justice (“DOJ”) can last years, expend enormous corporate resources, and result in considerable fines and prison terms for executives. The DOJ considers a number of factors when conducting an investigation, determining whether to bring charges, and negotiating plea or other agreements. One factor that companies often overlook, but that mostly remains within their control, is the existence and effectiveness of a compliance program and the remedial efforts to either implement an effective compliance program—or to improve an existing one—after misconduct (e.g., price fixing or bribery) has occurred or been identified.

While there are areas beyond antitrust and anti-corruption that a company should include with respect to compliance efforts, the purpose of this article is to help company counsel build and execute an effective compliance program specifically for antitrust and anti-corruption related issues using insights from veteran in-house and outside counsel based on experience and guidance provided by the DOJ. First, we describe the need for a compliance program. Next, we highlight the cornerstones of an effective program, starting with instituting a culture of compliance. Finally, we describe how to improve your program if issues arise or misconduct occurs.

Why you need a compliance program

In addition to avoiding and detecting illegal activity, the implementation of an effective compliance program is one of the DOJ Criminal Division’s requirements for a company to receive full credit for timely and appropriate remediation of misconduct for a violation of the Foreign Corrupt Practices Act (FCPA). Therefore, having an effective compliance program not only helps a company avoid and detect illegal activity, but also allows a company potentially to avoid prosecution or receive reduced punishment should a violation occur.

For antitrust violations, the benefits of a compliance program in the eyes of the DOJ Antitrust Division are less clear. The Antitrust Division has yet to reveal publicly whether a company has avoided prosecution entirely based on its compliance program and has indicated that the detection and self-reporting through the Antitrust Division’s leniency program is reward in itself for having a compliance program. In recent years, the Antitrust Division has reduced fines for cooperating companies based on implementing compliance programs after an investigation started. More recently, the Antitrust Division has left open the possibility of additional benefits for companies having effective compliance programs.

Key—A culture of compliance

United States federal antitrust and anti-corruption law enforcement officials have emphasized that effective compliance programs begin with the establishment of a culture of compliance. The DOJ and the Securities and Exchange Commission (“SEC”) have declared the creation of a “culture of compliance” to be the first “hallmark” of effective compliance programs. Indeed, one former official at the DOJ made it clear that if senior executives and the board of directors do not “actively support and cultivate a culture of compliance, a company will have a paper compliance program, not an effective one.”

Thus, an essential first step to fostering a strong culture of compliance is active engagement and commitment by corporate executives and board members and communication of that commitment to compliance throughout the company. Next, senior and middle managers and in-house counsel must reinforce its importance and help build that commitment throughout the company. Compliance literature and guidance is often silent on how senior and middle managers and in-house counsel can most successfully build a compliance-focused culture, aside from providing training on antitrust and anti-corruption issues to company personnel. Training is important, but education in a broader sense, risk assessment and formal and informal communication with personnel, is vital to developing a pervasive and lasting compliance culture. The following practical tips describe how in-house counsel can assist management in developing a culture of compliance.

Don’t hide the policies. It may seem like common sense, but in-house counsel should ensure that all relevant personnel—both within the company and outside the company (particularly agents and distributors), who need to adhere to the company’s policies—have easy access to and are provided copies of those policies and adequate training in their primary language. From a return on investment perspective, spending the relatively small sums needed to translate the necessary policies and basic training information is often the best use of funds that a compliance team can make.

Provide frequent and easily digestible guidance. In many companies, senior managers are tasked with the responsibility to ensure that the businesses, departments, and personnel they supervise adhere to corporate policies. It is important to keep in mind, however, that these managers have many pressing responsibilities and usually do not have the necessary expertise in antitrust and anti-corruption laws to speak easily and authoritatively on compliance issues. In-house counsel can greatly assist managers by meeting with them regularly to explain the laws, providing advice on how best to educate and reinforce the importance of compliance to their personnel, and helping the managers draft communications on compliance that they can deliver to their personnel.

Give special attention outside the United States. These conversations are especially helpful for managers working outside the U.S. and extremely important when such managers are located in, or responsible for, countries where corruption is common and/or antitrust laws do not exist or are rarely enforced. These managers—particularly those who are not from the U.S.—are typically unsure about U.S. laws, manage personnel who often do not understand why U.S. laws apply to their activities, and sometimes work in countries where the culture is such that U.S. laws are counterintuitive and contradict local business practices. Counsel should spend extra time with these managers to explain applicable antitrust and anti-corruption laws, emphasize the board’s and corporate officers’ commitment to compliance, provide advice on how to educate and train their teams on compliance, and help draft communications that will help them do so.

Invest in education. While a culture of compliance must come from the highest levels of the company, in-house counsel should also invest time to educate middle managers on compliance issues. Middle managers tend to have more frequent interaction with personnel in their business or department than their senior management counterparts, and thus may be in a better position to educate and build a culture of compliance. In addition, today’s middle managers are tomorrow’s senior managers, so investing time in educating middle managers will pay off in the long run. Many middle managers recognize that their advancement within the company will necessitate greater responsibility for compliance, so they are eager to learn the subject in order to demonstrate readiness for promotions.

Commit to review and improve. In-house counsel should periodically have risk assessment conversations with senior and middle managers—open conversations where both counsel and the manager offer and discuss opinions on the compliance risks in the manager’s business or department, such as troublesome countries, troublesome customers, and even specific company personnel who concern either counsel or the manager. The more open and wide-ranging these conversations are the better. Counsel and the manager should then jointly create strategies for addressing those risks.

Essentials for an effective compliance program

While establishing a culture of compliance is the necessary first step, other factors are important for establishing an effective compliance program. Fortunately, in-house counsel are not left to fend for themselves, as the DOJ has provided a helpful list of core topics that should be considered in constructing—and continuously improving—the program. Here are the top ten:

  1. The company’s compliance culture, including awareness among employees that any criminal conduct will not be tolerated
  2. The resources that have been dedicated to compliance;
  3. The quality and experience of the compliance personnel;
  4. The authority and independence of the compliance function;
  5. The availability of compliance expertise to the board;
  6. The effectiveness of the company’s risk assessment;
  7. The manner in which the program has been tailored based on that risk assessment;
  8. The compensation and promotion of the personnel involved in compliance;
  9. The auditing of the compliance program to assure its effectiveness; and
  10. The reporting structure of the company’s compliance personnel.

The DOJ has also provided a host of questions to ask when pressure-testing and improving a compliance program. Given that guidance, at the outset of the program counsel should particularly consider the following subset of those questions:

  1. What specific actions have senior leaders and other stakeholders taken to demonstrate their commitment to compliance?
  2. How does the compliance function compare with other strategic functions in the company (as far as title, rank, stature, reporting line, resources, and access), and do the compliance and control personnel have the appropriate experience and qualifications for their roles and responsibilities?
  3. What is the company’s process for designing and implementing new policies and procedures, who has been involved in the design, and have business units and divisions been consulted prior to implementation?
  4. What will the company use to identify, analyze, and address the risks it faces?
  5. What training will be provided and what resources will be available to employees to provide guidance relating to compliance policies?
  6. How will the company implement and utilize information from confidential reporting and investigations?
  7. How will the company incentivize compliance and what disciplinary actions will the company take in response to misconduct?
  8. How will the company assess whether these policies and procedures have been effectively implemented, and how will the company continuously improve, test and review its program?
  9. How will the company implement the compliance function with respect to third parties and into the merger, acquisition, and integration process?
  10. In the event of misconduct, were there prior opportunities to detect, and how have senior leaders, through their words and actions, discouraged the type of misconduct in question?

Remediation following misconduct

Occasionally, even the best plans fail. Should this occur, the company needs to have an appropriate plan for remediation. After an issue is identified, there are a number of things a company must do. These steps are essential to receive any chance of remediation credit from the DOJ, all of which should be considered at the outset and as your program is improved, including:

  1. Demonstration of thorough analysis of the causes of the misconduct and, as appropriate, remediation to address those causes;
  2. Appropriate discipline of responsible employees, including those with supervisory authority over the area in which the conduct occurred;
  3. Appropriate retention of business records, and prohibiting the improper destruction or deletion of business records; and
  4. Any additional steps that demonstrate recognition of the seriousness of the misconduct, acceptance of responsibility for that conduct, and the implementation of measures to reduce the risk of it occurring again.

Conclusion

Like with any emergency plan, the best time to implement a compliance program is yesterday. And the second best time is today. A compliance culture cannot be created through the one-time issuance of policies and periodic training. Frequent communication leads to the development of culture. Think of ways, both big and small, to keep compliance part of the conversation in your company. With the risks of antitrust and anti-corruption violations at the top of mind for every company, an effective compliance program is the best way to mitigate those risks.

Craig Lee is a Partner in Baker McKenzie’s North America Litigation & Government Enforcement Practice and leads the Firm’s global cartel task force. Creighton Macy is a Partner in Baker McKenzie’s North America Litigation & Government Enforcement Practice focusing on antitrust investigations before the DOJ and FTC. Scott Whittier is a recently retired Assistant General Counsel at W.R. Grace & Co. Lindsey Wilson is Corporate Counsel at Masco Corporation in Detroit, Michigan, where he is responsible for implementing and executing the company’s global antitrust and anti-corruption compliance programs.