DOJ Revises Guidance for Evaluation of Corporate Compliance Programs in Criminal Antitrust Investigations
December 9, 2024
On November 12, 2024, the Department of Justice Antitrust Division (the “Division”) revised its guidance on the Evaluation of Corporate Compliance Programs in Criminal Antitrust Investigations (the “Revised ECCP”).1 The ECCP was first published in July 2019 and is intended to aid prosecutors in evaluating the strength of a company’s antitrust compliance program at two points in time: when making charging decisions and sentencing recommendations. Through the Revised ECCP, the Division retains the core principles of its original guidance, but also:
- emphasizes that all employees have roles in antitrust compliance and provides guidance on the role each category of employees plays in an effective antitrust compliance program;
- addresses the use of technology—including Artificial Intelligence (“AI”) and ephemeral messaging systems—in an effective antitrust compliance program;
- focuses on the importance of confidential and thorough reporting structures; and
- tweaks the guidelines for remediation.2
I. Employees at All Levels Are Responsible for Creating a Culture of Compliance
The Revised ECCP emphasizes the importance of a “culture of compliance.” It states that all employees, from compliance personnel to managers to senior leadership, have roles in antitrust compliance and provides guidance on the role each category of employees plays in an effective antitrust compliance program.3
Starting at the top of the leadership structure, the Division reaffirms its position that “[s]upport from . . . the board of directors and executives . . . is critical to the success of an antitrust compliance program.”4 The Revised ECCP expands on the previous guidance by directing prosecutors to investigate whether the Board of Directors has compliance expertise, whether it held private sessions with compliance and control functions, and what types of information it reviewed when misconduct occurred.5
In addition to the “tone from the top,” the Revised ECCP also includes a new emphasis on the “tone from the middle.” Prosecutors are instructed to examine the extent to which both senior leadership and mid-level managers have “articulated” and “conducted themselves in accordance with” the company’s policies and the “concrete actions they have taken to demonstrate a commitment to” antitrust compliance.6
Finally, the Revised ECCP emphasizes that compliance personnel and other employees should understand the company’s antitrust compliance program and be empowered to address any antitrust issues that may arise. For example, the Revised ECCP directs prosecutors to ask whether “the company’s hiring and incentive structure reinforce its commitment to ethical culture,” “compliance personnel [are] in place long enough to be effective without excessive turnover,” the company has appropriately funded compliance functions, and employees at all levels of the company receive adequate training and access to compliance materials.7
These updates suggest that the Division will examine how antitrust compliance programs are implemented and executed on a day-to-day basis, not just whether adequate policies are in place on paper.
II. Antitrust Compliance Includes Understanding and Leveraging Technology
The Revised ECCP includes a new focus on the relationship between technology, including AI and electronic messaging systems, and antitrust compliance. This new focus includes both preventing technology from being used to evade compliance programs and leveraging technology to strengthen compliance programs.
With respect to AI, Division prosecutors will focus on whether a company’s compliance personnel (i) have “an understanding of the AI and other technology tools used by the company,” (ii) are “involved in the deployment of AI and other technologies,” and (iii) “monitor and detect decision-making by AI or other technology tools to ensure they are not violating antitrust laws.”8 The Revised ECCP specifically cites algorithmic revenue management as a technology that companies should evaluate as part of their antitrust compliance programs and risk assessments.9
The Revised ECCP also addresses electronic and ephemeral messaging systems. New sections of the ECCP instruct prosecutors to consider guidelines that a company has provided to employees for using (or not using) ephemeral messaging, mechanisms for preserving messages, and a company’s rationale for its preservation and deletion settings.10 In addition, the Division will consider whether the company’s compliance program leverages electronic data to strengthen oversight, asking “[h]ow do compliance personnel utilize company data to audit and monitor employees,”11 and “[i]s the compliance program using data analytics tools in its compliance and monitoring.”12
III. Employees Must Have Access to Confidential Reporting Structures
The Revised ECCP now reflects an emphasis on confidential internal reporting structures.13 The Division views reporting mechanisms that employees can use to raise concerns about antitrust violations “anonymously or confidentially and without fear of retaliation” as integral to maintaining an effective compliance program.14 Further, the Revised ECCP steers prosecutors to review whether the company’s policies are “encouraging . . . or chilling reporting” of antitrust violations, as well as whether employees and managers are trained on anti-retaliation policies and the protections provided under the Criminal Antitrust Anti-Retaliation Act (“CAARA”).15 A company will also likely be evaluated on its use of non-disclosure agreements (“NDAs”) for their positive or negative effect on the reporting of potential antitrust violations and if language and other policies make it clear that employees have the freedom to report antitrust violations internally and to government authorities.16 This focus on NDAs and ensuring no barriers exist to report potential violations internally or externally is consistent with recent Securities and Exchange Commission enforcement actions and other DOJ guidance.17
IV. ECCP Requires Both Prevention and Remediation
The Division expects that company compliance programs will “prevent” antitrust violations rather than merely detect them.18 And, when prevention fails, prosecutors are guided to take into account the “thoroughness of the company’s remedial efforts” to determine whether the compliance program was effective when the antitrust violation occurred.19 The Revised ECCP directs prosecutors to look for a “root cause analysis” of antitrust misconduct that was discovered and ask who is in charge of producing any root cause analysis and whether the issues are systemic.20 Additionally, the Revised ECCP expands the scope of questions regarding senior leadership’s role in addressing an antitrust violation to include their role in “identifying and internally disciplining employees and supervisors” following the discovery of an antitrust violation.21
V. Key Takeaways
The Division’s updates to the ECCP for Criminal Antitrust Investigations follow similar updates to the Criminal Division’s ECCP that were released on September 23, 2024,22 which focused on “ensuring companies are implementing robust corporate compliance programs and are not discouraging whistleblowers.”23 The Division’s newest updates are best understood as closing gaps that existed in the previous compliance guidelines—with a focus on ensuring that compliance programs are effective in practice as well as on paper—and expanding on the role of technology in corporate antitrust compliance. There is also greater attention to ensuring that compliance programs are more proactive, with accountability attributed to senior leadership and middle management for a program’s success or failure.
These updates to the ECCP present a good opportunity for companies to review their antitrust compliance programs to ensure that they are sufficiently robust, clearly explain the antitrust compliance roles of employees up and down the management structure, include a confidential reporting mechanism, and consider technologies like AI and ephemeral messaging. If you have any questions regarding the Revised ECCP or the standards that companies should consider when designing an effective compliance program, please contact the individuals listed in this alert.
1 Evaluation of Corporate Compliance Programs (ECCP) in Criminal Antitrust Investigations, U.S. Dep’t Justice, Antitrust Div. (Nov. 12, 2024) (“Revised ECCP”) Although the ECCP is intended to provide guidance in criminal antitrust matters, it may be instructive in civil matters as well. In the context of civil resolutions, the Division’s civil teams evaluate the effectiveness of corporate compliance programs using many of the same factors the criminal prosecutors use. Id at 3.
2 Id.
3 Id. at 6.
5 Id. at 7.
6 Id. at 6.
7 Id. at 7-8.
[8] Id. at 10, 13. Consistent with White House guidance issued to federal agencies under both the Biden and Trump administrations, the Revised ECCP adopts the same definition of AI as provided in Section 238(g) of the John S. McCain National Defense Authorization Act for Fiscal Year 2019, which includes “[a]ny artificial system that performs tasks under varying and unpredictable circumstances without significant human oversight, or that can learn from experience and improve performance when exposed to data sets,” among other technologies. See e.g., Guidance for Regulation of Artificial Intelligence Applications, White House Office of Management and Budget (January 7, 2019); Advancing Governance, Innovation, and Risk Management for Agency Use of Artificial Intelligence, White House Office of Management and Budget (Mar. 28, 2024); Revised ECCP at 10.
[9] Id. at 9.
[10] Id. at 6.
[11] Id. at 13.
[12] Id.
[13] Id.
[14] Id.
[15] Id.
[16] Id.
[17] See Annual Report to Congress for FY 2024, SEC Office of the Whistleblower 9-11 (Nov. 15, 2024).
[18] Revised ECCP at 15.
[19] Id.
[20] Id. at 16.
[21] Id.
[22] Evaluation of Corporate Compliance Programs (ECCP), U.S. Dep’t of Justice, Criminal Div. (Sept. 23, 2024).
[23] See DOJ Issues Status Report on Pilot Programs for Corporate Whistleblowers and Compensation Clawbacks and Supplements its Guidance for Evaluating Corporate Compliance Programs, O’Melveny (Sept. 27, 2024).
This memorandum is a summary for general information and discussion only and may be considered an advertisement for certain purposes. It is not a full analysis of the matters presented, may not be relied upon as legal advice, and does not purport to represent the views of our clients or the Firm. Anna T. Pletcher, an O’Melveny partner licensed to practice law in California; Mia N. Gonzalez, an O’Melveny partner licensed to practice law in New York; Mark A. Racanelli, an O’Melveny partner licensed to practice law in New York and Maryland; Michael Tubach, an O’Melveny partner licensed to practice law in California and the District of Columbia; Jason Yan, an O’Melveny counsel licensed to practice law in the District of Columbia and Virginia; Adam Walker, an O’Melveny counsel licensed to practice law in the District of Columbia; and Shallum Atkinson, an O’Melveny law clerk, contributed to the content of this newsletter. The views expressed in this newsletter are the views of the authors except as otherwise noted.
© 2024 O’Melveny & Myers LLP. All Rights Reserved. Portions of this communication may contain attorney advertising. Prior results do not guarantee a similar outcome. Please direct all inquiries regarding New York’s Rules of Professional Conduct to O’Melveny & Myers LLP, 1301 Avenue of the Americas, Suite 1700, New York, NY, 10019, T: +1 212 326 2000.