Compliance is not a piece of paper. It is a behaviour. Behaviour of people, business and technology.
What happens to a competition practitioner entering the (actual) compliance world? The feeling of living on another planet, while a fascinating compliance revolution was on its way. Arguably, compliance was born in competition – many practitioners remember writing antitrust do’s & don’ts early in their career. But today, compliance with competition laws (“competition compliance”) is lagging behind in the face of competition in and for compliance (“compliance competition”). Compliance & Ethics programs typically feature 10+ areas to care about. Competition is one among them, or sometimes it is not even featured at all. Regular compliance program winners are anti-corruption, data protection, anti-fraud, and increasingly human rights.
Real-life examples are telling and countless. A multinational retail company enjoys a dominant position in several markets, besides developing an e-commerce platform with competitors. The compliance team decided to spend all its budget on deploying a thorough anti-bribery and human rights program – from risk mapping to KPIs, governance changes, red flag exits, internal alert channels. Antitrust awareness, however, is nowhere to be found.
Elsewhere, data-sharing ecosystems are gaining momentum, bringing together start-up companies, local governments, investment funds, to pursue appealing goals: real-time mobility, smart cities, large events. The ecosystem leaders thought about and embedded GDPR compliance. The issue is: there were in fact very few personal data and far more trade secrets and competitors’ information in this “open” and “sharing” ecosystem. Data prompts data protection reflexes, not antitrust ones.
What business life suggests: 99% of the antitrust reality will never be seen by competition authorities. Occasional cartel enforcement, leniency applications, interim measures, large abuse fines, are the 1% tip of the iceberg. Compliance is not nice to have. It is a must-have if one cares about the 99%.
Put simply, compliance is not the cherry on the cake. It is the cake.
Why isn’t competition policy more compliance-effective? Why is competition behind or forgotten in numerous companies’ and ecosystems’ compliance programmes, if any?
One blatant reason is: antitrust policy remains essentially grounded in liability. But effective compliance efforts have proven to work on a new paradigm: accountability.
Under the liability paradigm, competition policy thinks about compliance as “ex ante” (e.g. training) and “ex post” (e.g. the impact of a compliance program on the fine level). That is the narrow essence of competition compliance policy, with some nuances around the globe (OECD 2021, Competition Compliance Programmes).
What compliance requires is an “ex nunc” approach. Compliance is not just about before/after the infringement. It shall be a constant at all times: how people, companies, technology and ecosystems behave. Especially where these players are growingly digital, complex and collaborative.
How can competition compliance be factored in decisions and behaviours? How could it (better) percolate into the R&D lab, the C-suite, the marketing team, the procurement strategy? What role may competition authorities want to play? What makes undertakings care by design?
Here is food for thought and action, based on experiences with both competition and compliance:
First, to create “compliance enforcement” (i) by mandating by law the actioning of antitrust compliance diligence and habits in business life and (ii) by empowering competition authorities to control and sanction those efforts, irrespective of any substantive infringement. That is exactly what e.g. French anti-corruption law (Sapin II Act, art. 17) and the GDPR do. They force to walk the talk, hence anti-corruption and data protection ranking high on corporate compliance programs. By contrast, antitrust compliance guidance mostly consists in soft law; and actual antitrust risk mapping in companies remains a rarity.
Second, no one is perfect, but one may aim well. Businesses, i.e. humans, make choices and take risks on a daily basis, especially in innovative and competitive markets. Society and competition authorities may want to play a role here by not leaving the antitrust risk-taking freedom or burden entirely to companies. Two accountability mechanisms are worth exploring to see companies coming forward: (a) an antitrust risk notification mechanism, similar to merger control or to GDPR risk notifications; and (b) public-private sandboxing of business projects’ positive and anti-competitive effects, with the authorisation or support from the authority or an appointed third party (Chammas, Compliance by Design, 2020 Lexis International Review).
Third, to “democratize” competition policy, by making it more attractive, accessible and UX. Competition sounds like distant news for big players, to many companies feeling “too small to care”. Competition is also not very popular, collaboration is. To catch business attention, it helps to link more clearly competition benefits to companies’ own purposes and interest: innovation, entry in new markets, fairness, responsible capital, customer care. Ideally in a few bullet points, not in 30 pages. A CEO recently asked: “Why would I stop defining my price strategy with my competitors?” The enforcement stick did not worry him; but the carrots caught his attention, particularly because his company was entering extra-financial and ESG reporting to attract new investments.
Last, to adopt a competition compliance policy that fits in and can adapt to the ever-evolving grander scheme of compliance. Every other compliance field may give rise to competition challenges and opportunities. Breaking silos is paramount to identify synergies and discontents. Do antitrust, anti-bribery, privacy, non-discrimination, anti-fraud, climate… compliance requirements stifle or foster one another? Competitors decide collectively to boycott bribery-seeking markets and governments. Competitors also share information about their supply chains to detect human right abuses. They pool datasets to help detect terrorism threats. The grander scheme is further evolving fast, notably thanks to the EU’s hyperactivity: the EU Whistleblowing Directive, the Corporate Human Rights Due Diligence Directive, the AI Regulation, the Digital Markets Act, the Data Governance Act. What are the implications of these new compliance requirements for competition compliance policy? If all those goals are on equal footing, how to maximise total compliance and make the best of all worlds?
At institutional level, not all goals have the luxury of an independent authority caring for them. What role could competition authorities play, together to enhance antitrust accountability and compliance enforcement systems, and with authorities in other fields to maximise value… with values.
Editorial published in the Oxford Journal of European Competition Law (JECLAP).
The original publication is available on JECLAP’s website.
Ref.: Mona Caroline Chammas, “Competition Compliance Therapy”, Journal of European Competition Law & Practice, Vol. 12, Issue No. 9, p. 667.