German Institute For Compliance Issues Guideline on Antitrust Compliance

The German Institute for Compliance (DICO) and the German Association for Supply Chain Management, Procurement, and Logistics (BME) have recently published an English version of the DICO Guideline “Antitrust Compliance – Cornerstones for Effective Compliance Programs” (which has been added to the ACC resource library). This article provides a brief overview of the background and the contents of the guideline.

An ounce of prevention is worth more than a pound of cure

Although this quote — attributed to Benjamin Franklin — is almost 300 years old, its message has not yet gained full traction in the field of antitrust compliance. Current studies demonstrate that many European companies have not yet implemented effective antitrust compliance programs. For example, a study commissioned by the British Competition and Markets Authority in 2014 among more than 1,000 — mostly small and mid-sized — British companies has concluded that only five percent of all participants have ever held antitrust training. And only 20 percent of all participants have ever discussed antitrust issues at board level. Of course, these results cannot be generalized. Nevertheless, the German Monopolies’ Commission (Monopolkommission) has recently — in an extensive study on the possible introduction of criminal sanctions for antitrust violations in Germany — also concluded that there are still “specific signs for an underdeveloped awareness for antitrust violations.”

Against this background, the main goal of the guideline is to provide pragmatic and effective guidance to small and mid-sized enterprises. But it intends more: As numerous competition authorities worldwide have stepped up their enforcement activities, an ever-growing number of cartels have been detected and punished. At least for larger companies, this has led to a twofold challenge: First, they must, by implementing effective antitrust compliance programs, strive to prevent violations of their own. But in addition, they often find that they repeatedly become victims of antitrust violations by their suppliers. In these scenarios, the companies must not only assess whether to bring private damage claims (which they increasingly do), but also decide under which circumstances they want to — or can — continue to do business with the relevant suppliers.

In this context, the European directive 2014/24/EU has introduced (harmonized) rules within the European Union, under which contracting authorities may exclude a company from participation in a procurement procedure if the company has — among a number of other alternative violations — entered into anticompetitive agreements. The relevant supplier may then provide evidence to the effect that it has taken sufficient measures to demonstrate its future reliability. For this purpose, it shall, among other prerequisites, prove that it has taken specific technical, organizational, and personnel measures that are appropriate to prevent further criminal offenses or misconduct (so-called “self-cleaning” measures).

The relevant rules were to be implemented by the EU member states by April 2016. Germany did so by amending its Law on Restraints of Competition, and recently also decided to set up a new federal register with its Federal Cartel Office (FCO). Starting in roughly 2020, the FCO will register a number of violations and also provide a mechanism under which “offenders” can apply to be delisted. The FCO will then assess whether the relevant companies have taken sufficient self-cleaning measures. However, the applicable criteria and mechanisms are not yet fully developed. Instead, the respective law calls upon the federal government to establish respective guidelines. It is against this background that the DICO Guideline intends to serve not only as a reference point for the upcoming political discussion, but also as a practical benchmark for potential “self-cleaning” measures.

Finally, the guideline also serves a third purpose: While the competition authorities in many jurisdictions may reward companies for the existence of effective compliance programs when setting the level of their fines, both the European Commission and the German FCO have so far — at least in principle — declined to do so. The European Commission, for example, points out that a compliance program could not have been effective if a violation occurred; and the German FCO has emphasized that in many past infringements, board members were involved so that the existence of a compliance program — even a well crafted one — could not have served as a mitigating factor. In addition, the FCO has pointed out that the assessment of the effectiveness of compliance programs would pose “difficult questions regarding the quality of a specific program.”

It is this latter concern that the DICO Guideline intends to address. By providing specific criteria, it will be a valuable reference point for the assessment of compliance programs by courts or competition authorities. Should additional competition authorities decide to reward companies for the existence of effective compliance programs, this would also send a strong signal to the business community. After all, compliance programs that prevent antitrust violations are — as the US Department of Justice (DOJ) has recently pointed out — “far more preferable” than large criminal fines for corporations and significant jail time for executives.

The overall context and the cornerstone concept of the DICO Guideline

Antitrust compliance cannot be assessed and implemented independently of other compliance areas. Consequently, an antitrust compliance program needs to reflect the overall compliance structure of any given company. As far as the design of this structure is concerned, the International Standardization Organization’s Guideline 19600 on Compliance Management Systems may serve as a reference point. According to this guideline, elements of a compliance management system include seven areas: management culture, responsibility and organization, risk analysis, a set of rules, training, monitoring, and improvement (including the handling of past violations).

In the United States, the DOJ has published compliance parameters as part of the Federal Sentencing Guidelines. Additionally, the DOJ and the US Securities and Exchange Commission have issued joint guidance regarding enforcement actions under the US Foreign Corrupt Practices Act (including the “Ten Hallmarks of an Effective Compliance Program”). Further, organizations such as the International Chamber of Commerce have also issued valuable guidance (ICC Antitrust Compliance Toolkit), a process the DOJ has generally welcomed.

ACC has also issued valuable guidance (InfoPAK: “Buidling and Developing Compliance Programs: Preparing and Protecting Your Organization”).

However, contrary to the abovementioned documents — in particular the ISO 19600 Guideline and the ICC Antitrust Compliance Toolkit — the DICO Guideline serves multiple purposes and not only intends to provide guidance regarding the structuring of a company’s own compliance program, but also highlights the assessment of third-party programs. Also, it puts a particular emphasis on small and mid-sized enterprises. Against this background, it concentrates on five cornerstones (management culture, responsibility and organization, risk analysis, a set of rules, and training) and excludes details on monitoring and improvement (cornerstone concept). By doing so, it primarily intends to enable small and mid-sized enterprises to quickly implement (rudimentary) antitrust compliance programs. However, it also tries to avoid difficult questions regarding confidentiality that may arise should a competition authority, procurement body, or company assess the efficiency of a (third) company’s compliance program. These questions may arise because the respective third company could want to avoid disclosing details regarding its internal risk monitoring and improvement process, particularly with regard to the handling of past violations.

The cornerstone concept of the DICO Guideline is thereby not intended to be exhaustive or all-encompassing. On the contrary, it will often be useful — or even necessary — not only to include additional elements (like monitoring and improvement processes), but also to expand the individual cornerstones contained in the DICO Guideline. Not all effective compliance programs can be built alike. Individual programs need to account for the nature of a company’s business and the markets in which it operates. Nevertheless, the DICO Guideline intends to provide a valuable starting point for implementing and assessing effective antitrust compliance programs. It thereby notes that it is, in principle, irrelevant whether or not the antitrust compliance program of a company forms part of that company’s overall compliance program. The crucial point is that the individual cornerstones (outlined below) exist and are put into practice.

The individual cornerstones

Management culture

The guideline emphasizes that a “management which establishes a company-wide culture embracing and voicing a clear and unrestricted commitment to compliance with relevant antitrust laws,” is a key element of an effective antitrust compliance program. It notes that ultimately “this kind of commitment shapes the character of the company‘s entire business activity.” After all, a strong management culture is “a precondition to compliant and pro-competitive alignment” of the business’s behavior. The guideline goes on to clarify that the commitment should be (1) communicated unambiguously in a text, audio, or video format, (2) announced in-house, employing appropriate means, and (3) be an integral component in practical corporate culture.

As far as the communication and announcement of the commitment is concerned, the guideline notes that the specific means were of secondary importance. The commitment could, for example, be implemented by placing a general message from the management on the corporate intranet (often called the code of conduct). In addition, the management could also add an introductory comment to the company’s more specific internal set of antitrust rules (see below on further information regarding the set of rules).

As far as the visibility of the commitment in the practical corporate culture is concerned, the guideline emphasizes that it is important that management provides the necessary personnel and material resources to the compliance department. Also, the company should be willing to discipline employees who either commit antitrust violations or fail to take the reasonable steps necessary to stop violations. In addition, the company management should participate in the antitrust training (lead by example).

Responsibility and organization

The guideline goes on to state that “the second cornerstone of an effective antitrust compliance program is the existence of clear responsibilities and an appropriate organizational and reporting structure.” While the ultimate responsibility for corporate compliance, including antitrust compliance, rests with the company board, the guideline highlights that most companies, and in particular mid-sized and large enterprises, will usually require an additional organizational structure. It states that only in very small enterprises may the board members be able to handle compliance-related responsibilities alone (i.e., without further organizational support). Nevertheless, the guideline notes that even in mid-sized and large enterprises, the compliance organization does not necessarily have to be a unit of its own. It may also be integrated into other units (e.g., the legal department). Integrating the compliance team into the legal department can be particularly useful for antitrust compliance because of the complexity of the underlying legal rules. The respective compliance unit — be it part of another unit or a unit of its own — is then responsible for the preparation and implementation of the compliance program.

Regardless of the specific structure chosen for the compliance organization, the guideline further states that it is important to appoint a qualified contact person for antitrust compliance questions. This is the only way to ensure that employees will be able to obtain guidance on complex and specific antitrust questions — for example on the legality of working groups or bidding consortia with competitors — and to avoid or resolve potential legal issues in the most efficient manner. The guideline highlights that this contact person does not necessarily have to be an employee of the enterprise. Smaller companies may choose, for example, to appoint an external lawyer as their contact person for antitrust compliance questions. In such a case, it will be particularly important to ensure that the contact person is properly identified to employees (e.g., through the intranet or nomination in the set of rules).

Finally, the guideline points out that large enterprises should set up an anonymous whistleblower system (or a comparable mechanism), which allows employees to anonymously submit information on potential infringements by telephone or in written form (e.g., a whistleblower hotline). Anonymity will significantly reduce any reluctance that employees may feel in providing information and can thus enhance the effectiveness of a compliance program. Information submitted through the whistleblower hotline should be reviewed by internal or external experts outside of the regular reporting lines for employees.

Risk analysis

The guideline continues to state that “another cornerstone of an effective compliance program is a detailed analysis of the specific risks to which the enterprise in question is exposed.” Such an analysis enables an enterprise to identify and evaluate potential compliance risks and to structure its compliance efforts accordingly. The guideline emphasizes that the analysis should be conducted group-wide and should be updated at regular intervals (e.g., annually). In the context of this analysis, enterprises should take account of the specific business activities of the group and consider the relevant regulatory and business environment. For enterprises with a wide range of different business activities or subsidiaries, it can be useful to prioritize the analysis on the basis of revenues generated by each business line or subsidiary.

The results of the risk analysis should form the basis for the specific set up of the enterprise’s compliance program — especially with a view to the rules which must be included in a company-specific set of rules (see below) and to the content of the regular compliance training (also see below). The guideline points out that, at least for smaller companies, it may be sufficient to reflect the results of the risk analysis in the text of the company-specific set of rules and the training materials for the live compliance training. Larger companies will want to carefully consider the results of the risk analysis and may want to report on the risks identified internally as appropriate.

Set of rules

The guideline emphasizes that another cornerstone “is the existence of a brief and coherent set of rules, including short and clear explanations about key antitrust provisions, such as ‘hardcore’ prohibitions.” Taking into account the results of the risk analysis, the set of rules should describe the provisions in a company-specific context and should also clearly explain the sanctions which are imposed for infringements. This may be presented, for example, in a brief and coherent “Do’s & Don’ts” document. The respective document should also identify the contact (in-house or external) for all questions and issues that may arise.

Enterprises should then ensure that employees are aware of the existence and content of this document. For example, the document could be distributed as part of the regular compliance training. Alternatively, it could be published through the company intranet or — in smaller companies — on a notice board. Foreign domiciled subsidiaries should provide a local language version (or at least an English version).

In order to support companies — in particular small and mid-sized companies — with the introduction of effective antitrust compliance programs, DICO and BME have developed and published a model set of rules (currently available in German only). Small and mid-sized companies may use this model as a reference when drafting their own set of rules. The ICC in 2015 also issued a comparable document (SME Toolkit).

Training

According to the guideline, “regular classroom antitrust training sessions” are another cornerstone of effective antitrust compliance programs. This means regularly educating all executives and managers, and most employees, especially those with sales and pricing responsibilities through live in-person workshops. In such workshops, the relevant employees not only gain an understanding of the relevant provisions, but also enjoy the opportunity to ask questions and gain more guidance for their daily work. The workshops may also be used to emphasize management’s commitment to antitrust compliance, introduce the contact persons for potential questions, and distribute the company-specific set of rules.

As far as the frequency of the training is concerned, the guideline highlights that “it will depend on the risk profile and other training offers (e.g., e-learning) of the respective company.” The guideline goes on to state that “as a rule, training should be repeated every two to three years.” It also emphasizes that “while e-learning cannot replace regular classroom training,” the existence of e-learning programs allows for greater flexibility when scheduling regular classroom training. E-learning may also be used as a method to educate new employees shortly after they commence their new role.

Conclusion

Current studies demonstrate that many European companies have not yet implemented effective antitrust compliance programs. Against this background, the main goal of the DICO Guideline “Antitrust Compliance: Cornerstones for Effective Compliance Programs” is to provide pragmatic and effective guidance to small and mid-sized enterprises for developing and implementing effective compliance programs. But the guideline intends more: It also aims to serve as a reference point for the ongoing political discussions in Europe regarding compliance programs as a mitigating factor when setting criminal or administrative fines, and the role of compliance programs in procurement processes involving past offenders. Both discussions — and the relevant developments — may significantly advance the compliance agenda in Europe (and beyond). This, in turn, could enhance the effectiveness of antitrust compliance and thereby also serve to increase overall compliance. After all, compliance programs that prevent antitrust violations are “far more preferable” than fines for corporations or jail time for executives.