If you participate in standards development organizations, open source foundations, trade associations, or the like (Organizations), you already know that you’re required to comply with antitrust laws. The risks of noncompliance are not theoretical – violations can result in severe criminal and civil penalties, both for your organization and the individuals involved. The U.S. Department of Justice (DOJ) has in fact opened investigations into several standards organizations in recent years.
Maybe you’ve had a training session at your company, or at least are aware that there’s an antitrust policy you’re supposed to read and comply with. But what if you’re a working group chair, or even an executive director, and therefore responsible for actually making sure nothing happens that’s not supposed to? Beyond paying attention, posting or reviewing an antitrust statement at meetings, and perhaps calling your attorney when member discussions drift into grey zones, what do you actually do to keep antitrust risk in check?
Well, the good news is that regulators recognize that standards and other collaboration deliverables are good for consumers. The challenge is knowing where the boundaries of appropriate conduct can be found, whether you’re hosting, leading or just participating in activity involving competitors. Once you know the rules, you can forge ahead, expecting to navigate those risks, and knowing the benefits of collaboration can be powerful and procompetitive.
We don’t often get glimpses into the specific criteria regulators use to evaluate potential antitrust violations, particularly as applicable to collaborative organizations. But when we do, it can help consortia and other collaborative foundations focus their efforts and take concrete steps to ensure compliance.
In July 2019, the DOJ Antitrust Division (Division) provided a new glimpse, in its Evaluation of Corporate Compliance Programs in Criminal Antitrust Investigations (Guidance). Although the Guidance is specifically intended to assist Division prosecutors evaluating corporate compliance programs when charging and sentencing, it provides valuable insights for building or improving an Organization’s antitrust compliance program (Program).
At a high level, the Guidance suggests that an effective Program will be one that is well designed, is applied earnestly and in good faith by management, and includes adequate procedures to maximize effectiveness through efficiency, leadership, training, education, information and due diligence. This is important because organizations that detect violations and self-report to the Division’s Corporate Leniency program may receive credit (e.g. lower charges or penalties) for having an effective antitrust compliance program in place.
The Guidance describes various factors (each with a series of corresponding detailed questions) that Division prosecutors should consider when evaluating Program effectiveness, acknowledging that not all of them may be relevant and that effective Programs may differ depending on the circumstances.
For consortia, open source foundations and other Organizations, key takeaways from the Guidance focus on the comprehensiveness of program documentation, establishing a culture of compliance, implementing clear responsibility and reporting requirements, and compliance training.
Comprehensive Program Documentation. The Guidance suggests that it is critical to have a comprehensive, documented antitrust compliance program, that is appropriately integrated into the organization’s activities. It should be active, dynamic and implemented, and not just a “paper” policy.
Among other things, a Program should clearly require antitrust compliance, and prohibit participants (including staff, members and directors) from engaging in, condoning, or being willfully ignorant of antitrust violations in connection with the Organization’s activities. It should establish clear standards and procedures to help prevent and detect violations through training, monitoring, auditing, and risk control, and ensure that all involved have appropriate resources to support compliance.
The Program (and its effectiveness) should be comprehensively reviewed and refreshed, periodically and after reported and actual violations, to (a) address lessons learned, changes in law, and other developments, (b) promote early detection and reporting of potential violations, and (c) promote continued compliance and commitment.
It should also establish clear responsibility for reviews, require documentation and explanation of updates, provide personnel with opportunities to provide related feedback, and be readily available to all members, leadership, and personnel.
Culture of Compliance. The Guidance also focuses on the benefits of establishing a culture of compliance, beginning at the top, flowing through the Organization, and reinforced where appropriate. For example, the Program should require the Organization’s leaders – e.g. directors, officers, the executive team, and meeting/working group chairs (Leaders) – to be knowledgeable about and oversee the Program, actively (and overtly) encourage and support compliance, and not take actions that could undermine the Program or its importance, or condone potential violations.
Leaders should promptly comply with Program requirements and participate in resolving issues that arise. To help ensure staff, working group participants, and other participants recognize the importance of compliance, Leaders (rather than rank and file personnel) could be required to read (aloud) antitrust statements and reminders at meetings, and to spearhead communications and requests for feedback from participants regarding periodic Program reviews and updates.
Additionally, Organizations should consider requiring all participants – Leaders and others – to periodically reaffirm their Program commitments (in writing).
Responsibility and Reporting. From a DOJ perspective, another key is active management and operation of the Program. Ideally, the Organization would designate one of its Leaders with clear overall responsibility for the Program and its integration with operations. Which Leader should assume this role may depend on the Organization’s structure.
For example, larger Organizations might consider designating their chief compliance officer or another member of senior management; virtual or smaller Organizations might consider their executive director or another corporate officer. In any event, the designee should have sufficient autonomy, authority, seniority, resources, time, and access to the governing body of the Organization to ensure implementation of the Program and appropriate training, monitoring, auditing and review. Those charged with day-to-day responsibility for the Program should have appropriate training and experience.
Additionally, the Program should establish clear, easily accessible channels for seeking Program guidance and reporting potential violations, and implement appropriate incentives for reporting and disciplinary mechanisms for non-compliance.
In order to help promote reporting, Organizations should consider providing anonymous, confidential reporting mechanisms, where feasible. It is also important to establish appropriate procedures for escalating reports to the Organization’s governing body, addressing situations where Leaders are involved in the reported activity, seeking legal guidance, and promptly reporting to relevant authorities when required. All such reports and corresponding follow up and/or remedial actions should be documented.
Training. Finally, the Guidance emphasizes the importance of appropriate initial and periodic training for all personnel, including Leaders. Although training can be tailored based on the trainee’s roles and responsibilities within the Organization, focus areas should include the Program, antitrust requirements and potential violations, reporting procedures, and related issues such as document retention/destruction, and obstruction of justice.
In particular, management and staff in a position to identify potential antitrust violations should be familiar with risks associated with competitor communications and exchanging competitively sensitive information, and what to do if they believe an antitrust violation may have occurred. The consortium should keep accurate training attendance records, and periodically review and update Program training to ensure it evolves with Program requirements and changes in the law and the organization’s risk profile.
In summary. Of course, a standards consortium or open source foundation is almost always going to be a far smaller and simpler organization than the type of large, commercially significant company to which the Guidance is particularly addressed. Crafting a Program for such an organization will therefore likely look rather different than one appropriate for a corporation with thousands of employees.
But at the same time, it’s important to remember that bringing scores, if not hundreds, of competitors together to agree to do things the same way is a practice that requires real care in order to ensure that nothing inappropriate occurs. Putting a robust Program in place is a great way to help avoid that happening in the first instance, and to reduce risk if something unfortunate happens anyway and the regulators come calling.