On November 12, the Department of Justice Antitrust Division (“the Division”) released an update to its July 2019 guidance on corporate compliance programs. The updated guidance reflects the Division’s approach to the evaluation of compliance programs, with a particular emphasis on the antitrust risks posed by rapidly evolving technologies, such as artificial intelligence (“AI”). Companies should take note of the Division’s updated guidance and use it as a roadmap in developing and maintaining an effective corporate compliance program.
In order to conform to the compliance guidance provided by the Division, a corporate compliance program must:
Account for emerging compliance risks and fast-developing technology.
- Companies must reevaluate the effectiveness of their compliance training program to ensure it addresses evolving risks, including those posed by emerging technologies and changing business environments.
- Companies must evaluate the ways their employees communicate and implement policies that ensure all business communications – across all devices, programs, platforms, tools, and applications – can be audited and preserved regardless of the communication channel used. Company policies must address employee use of text messaging, ephemeral messaging, and other instant messaging platforms.
- Companies must ensure their compliance program and audit processes can properly monitor and detect the risks posed by the business’s use of AI, including decision-making AI, algorithmic and revenue management software, and other emerging technologies.
- Companies should deploy the latest technologies, such as data analytics tools and AI, in the implementation of their compliance and audit processes.
Be adequately supported at all levels of the organization.
- The compliance function must have adequate resources, and compliance function resource requests should be evaluated appropriately relative to risk and other business functions.
- Companies must provide mechanisms for the confidential reporting of potential antitrust violations, have adequate anti-retaliation policies, and ensure the independence of any internal investigations
- Companies should avoid NDAs and other restrictions that may have a chilling effect on the reporting of antitrust violations.
- Companies should adopt compensation structures that incentivize compliant behavior and penalize misconduct.
- A culture of compliance must come from all managers, at all levels, including middle-management.
- Senior leadership, including the board of directors and senior executives, must be involved in the implementation and supervision of compliance programs and present model behaviors.
Address both civil and criminal antitrust risks.
- Companies should implement compliance programs and auditing processes that account for civil antitrust risk.
- Companies should expect civil antitrust enforcers to consider many of the same factors when assessing the effectiveness of a compliance program when resolving a civil conduct investigation. Effective compliance programs may help companies avoid onerous reporting requirements and/or court-appointed supervision.
Effective compliance is critical to the prevention and detection of antitrust violations. Companies must regularly reevaluate and update their compliance policies and training programs to account for rapidly evolving technology and business practices. The implementation of a corporate compliance program that meets or exceeds the Division’s guidance can significantly strengthen a company’s position should it ever find itself the subject of a criminal or civil antitrust investigation.