In November 2024, the U.S. Department of Justice (DOJ) issued updated guidance on the Antitrust Division’s Evaluation of Corporate Compliance Programs (ECCP) in Criminal Antitrust Investigations, with an enduring emphasis on the importance of strong monitoring, oversight, and prompt reporting for companies. The Division has periodically updated this guidance since the inception of the ECCP in 2017 during the first Trump administration, and this latest update emphasizes the need for effective antitrust compliance programs as we enter a second Trump administration. Businesses should re-evaluate their corporate compliance programs to ensure they address mitigating risk in information-sharing, electronic communications, artificial intelligence, and third-party algorithmic revenue management software.
Early Evolution of the DOJ’s Evaluation of Corporate Compliance Programs under the Trump Administration
Launched in February 2017, the DOJ’s Fraud Section published the ECCP to provide prosecutors with guidance on what to consider when evaluating the compliance program of a company that is facing a criminal enforcement action. This guidance aids companies in determining whether their compliance programs are effective.
In April 2019, the DOJ’s Criminal Division released further guidance on the ECCP, updating the prior version issued by the Fraud Section. It identifies the following questions to guide assessment of a compliance program:
- “Is the corporation’s compliance program well designed?”
- “Is the program being applied earnestly and in good faith? In other words, is the program being adequately resourced and empowered to function effectively?”
- “Does the corporation’s compliance program work in practice?”
“Is the corporation’s compliance program well designed?” In this respect, DOJ will assess the “critical factors” that determine whether a program is appropriately designed to prevent and detect wrongdoing. These factors include whether:
- the program addresses antitrust risks specific to the company;
- the company has a code of conduct and other policies that show a commitment to compliance and effectively communicates these policies and procedures;
- the compliance program is being appropriately disseminated to, and understood by, the company’s employees;
- the company has a reporting mechanism that is confidential to assure that whistleblowers would be confident that they would be free from retaliation; and
- the company assesses the risk of dealing with third parties by conducting appropriate due diligence of business partners or acquisition targets.
“Is the program being applied earnestly and in good faith?” DOJ seeks to assess whether the compliance program is merely a “paper program” or if it is a program that is deliberately implemented, reviewed, and revised in an effective manner by assessing whether senior and middle management encourage a compliance culture through their words and actions. Additionally, DOJ asks whether the company’s compliance function has sufficient autonomy from management and adequate resources to undertake an investigation or audit. Lastly, DOJ evaluates whether the company provides incentives for ethical conduct, disciplines unethical conduct, and enforces the program consistently.
“Does the corporation’s compliance program work in practice?” DOJ assesses how the program works in practice by evaluating whether the company engages in meaningful efforts to continuously improve the program, periodically tests the program, and reviews the program using internal audits. DOJ also considers whether the company has a well-functioning, appropriately funded, and independent mechanism for internal investigations into potential misconduct. Lastly, DOJ reviews the company’s remediation measures for any prior misconduct by individuals, agents, or third parties.
Nine Factors to Evaluate Corporate Compliance Programs. DOJ issued a statement in July 2019 noting it would now evaluate compliance programs when considering whether to charge companies with antitrust violations, which it had not done in the past. The statement outlined nine factors the agency will consider at the charging stage when evaluating the efficacy of antitrust compliance programs: (1) Design and Comprehensiveness; (2) Culture of Compliance; (3) Responsibility for the Compliance Program; (4) Risk Assessment; (5) Training and Communication; (6) Periodic Review, Monitoring, and Auditing; (7) Reporting Mechanisms; (8) Incentives and Discipline; and (9) Remediation and Role of the Compliance Program in the Discovery of the Violation.
Mitigating Liability Risk. Sentencing reductions are granted for effective programs, although each program is evaluated on a case-by-case basis, and there is no reduction if there is unreasonable delay in reporting illegal conduct to the government. Therefore, companies are advised to be proactive in reporting misconduct in order to benefit from these potential sentencing reductions and to take deliberate measures to make sure their compliance measures meet the nine factors laid out above. Anticompetitive conduct by high-level personnel will lead to a presumption that the program is ineffective. Ensuring the independence of the compliance function within the program is important to its integrity. Furthermore, companies can also benefit from statutory fine reductions for extraordinary post-violation compliance efforts, such as a culture change at the senior management level, implementing disciplinary procedures, creating a compliance program if none existed before, and developing a comprehensive review of an existing compliance program.
What’s New for Corporate Compliance Under the Biden Administration’s Newly Released Guidance on ECCP
The Biden Administration has consistently expressed its commitment to stronger criminal antitrust enforcement. The updated ECCP confirms that robust antitrust compliance programs are a key aspect of criminal antitrust enforcement and will be evaluated by how effectively they prevent or detect violations. Another important consideration is the role of senior management in any violation. The guidance reaffirms the nine factors mentioned above that prosecutors should consider in evaluating the effectiveness of corporate compliance programs. However, the most recent update adds several considerations for prosecutors that reflect key priorities of the Biden Administration, including detecting misconduct and potential collusion in information-sharing practices, data collection, electronic messaging, and communications at trade associations or industry meetings, and AI tools.
Regarding DOJ’s Design and Comprehensiveness factor, the newly released guidance highlights whether the compliance program considers the advent of newly developed technology and emerging risks in the design of the program. Furthermore, DOJ will consider how the company tracks business contacts with competitors and keeps records of its attendance at trade association meetings, and whether these are regularly monitored. Following another policy priority of the Biden administration, the newly released guidance asks whether companies have mechanisms in place to manage and preserve information contained in electronic communication channels; whether the corporation provides clear guidance on permitting and preserving ephemeral messages; and what document preservation and deletion settings are available for employees. In this regard, DOJ also advises prosecutors to consider how much guidance is provided to employees on document destruction and document retention and how this relates to potential obstruction of justice.
The updated ECCP advises prosecutors to consider the company’s risk assessment in its use of new technologies, including AI and algorithmic revenue management software. Prosecutors should also consider how a corporation’s compliance measures address the evolving antitrust risk associated with these new technologies and tools. DOJ indicates prosecutors should consider how a company’s compliance function utilizes personnel data and how the compliance program monitors data collected by and decisions made by AI and other technology tools in order to ensure antitrust laws are not violated.
Conclusion
As the Biden administration concludes and a new administration begins, the effectiveness of antitrust compliance programs remains in the spotlight. The 2024 guidance carries on certain Trump-era principles, emphasizing robust compliance programs, timely reporting, and the use of the leniency program. Implementing a rigorous antitrust compliance program is critical to both preventing and mitigating potential civil and criminal antitrust exposure. Companies should consider updating their antitrust compliance measures, especially regarding AI, information-sharing, algorithmic tools, and data collection.
