Managing antitrust risk effectively and efficiently
Antitrust audits: an increasingly integral part of corporate compliance
Regulatory investigations often trigger internal forensic reviews and analyses of documentary and witness evidence to allow companies to respond to regulators’ extensive demands.
However, internal investigations are not only conducted in response to regulatory intervention. Increased antitrust risk globally is focusing corporate attention on how best to detect and stop infringing behaviour. As a result, we see more companies deciding to invest in sophisticated antitrust audits as part of effective compliance measures.
In particular, audits are increasingly being conducted:
- in response to an individual raising a concern internally;
- in advance of a deal as part of effective antitrust due diligence; or
- where a company wants to test the effectiveness of its compliance measures.
“In Germany, companies are increasingly alert to potential antitrust risk and prepared to invest in sophisticated compliance audits in order to ensure their compliance measures are fully effective.”
Uta Itzen, Partner, Düsseldorf
Companies in the regulatory spotlight are familiar with the demands of an investigation carried out in response to regulatory requirements. Antitrust audits conducted outside the heat of an investigation raise similar demands and challenges but, if conducted properly, they can be an extremely effective way of uncovering and managing antitrust risk across a business.
Audits generally have a common aim: to establish whether the company has been involved in illicit conduct, and if so, uncover facts and evidence that enable management to take well-informed and timely decisions. However, they take different forms, depending on the nature of the suspected risk and the individuals involved.
In an era of heightened regulatory scrutiny and focus on effective compliance, our experience reveals certain key themes which are critical to companies seeking to conduct an effective exercise.
Preparation is key: identify scope, team and legal risks
In order to avoid unforeseen liabilities and risks for the company, and ensure proper conduct of the audit, a number of complex issues need to be considered and decided well before an investigation starts:
- Who should be involved: an antitrust audit will potentially uncover highly sensitive information and communications that place individuals in the spotlight and force companies to take difficult decisions to mitigate liability and risk. The choice of the lead investigator is therefore crucial: they must be free of potential conflicts, capable of ensuring proper governance and decision-making throughout and be well supported by an experienced and suitably qualified team of investigators. A key decision for the lead at the outset is whether to involve external legal support to navigate the legal restrictions and risks involved in gathering and disseminating information, and/or forensic support. The team should then focus on identifying the right individuals in the relevant areas of the business who will be brought within the scope of the audit.
- Identifying and preserving evidence: antitrust audits should mirror the increasingly sophisticated investigation techniques employed by authorities - this means sources of evidence now range from hard copy documents and electronic files stored on various forms of media to interviews. The team will need to identify the likely scope of evidence and decide how that evidence will be discovered, whether through electronic or document searches or interviews.
- Local data protection, privacy or employment laws: antitrust audits need to be conducted in line with local laws on data protection, privacy and employment. The increasing ease of transferring large volumes of data across borders has made data protection and privacy a particularly challenging issue in a number of jurisdictions. Relevant laws differ widely between jurisdictions, and sanctions for breach can be severe. It is therefore important to understand all relevant restrictions and obligations and obtain all necessary consents well in advance of an audit.
- Legal privilege: privilege laws also differ markedly between jurisdictions. They must be fully understood to avoid producing unhelpful and non-privileged documents during the audit and prevent legally privileged advice becoming discoverable in subsequent regulatory proceedings.
- Effectively managing employees: as regulators increasingly focus on individual liability for wrong-doing, a company needs a well-thought-out communication strategy which enables employees to understand the reasons for the audit and the importance of compliance, while also understanding the implications of being involved in illegal conduct. It is essential for companies to secure employee cooperation, in order to root out undesirable and likely covert conduct, whilst being able to discipline employees, where appropriate, for breaches (see further Theme 4).
The audit: conducting interviews and document reviews
The mix and running order of interviews and document reviews will depend on the corporate governance structure, areas of likely risk and individuals involved. Approaches should be flexible and develop throughout the process as evidence is gathered:
- Interviews: conducting interviews of employees involves a number of inherent risks which make several early considerations key: (i) the amount of notice and information to be given in advance; (ii) the location of the interview and identity of interviewer; (iii) whether the employee has waived data protection rights or whether specific agreement is needed; (iv) whether documentary evidence is required to refresh the employee’s memory, or to confront an uncooperative employee; and (v) whether information gained during an interview could be used in subsequent disciplinary proceedings.
- Best practice to limit risk: as audits and investigations have become increasingly global, we see companies adopting certain interview formalities as standard practice. These include telling interviewees who the lawyer represents (the company, and not the interviewee individually), that legal privilege belongs to the company, and that the company may waive privilege and disclose the substance of the interview to third parties (so-called Upjohn warnings, which have become an international interview standard).
- Document reviews: document reviews are increasingly a complex team exercise, but a well-planned and executed review will be crucial to the success of an efficient audit. Once complex data protection, privacy and employment law issues have been understood and dealt with, key issues will include the breadth and depth of review. As antitrust audits generally seek to identify covert behaviour, cursory reviews of contracts and similar documents are unlikely to uncover issues.
Outcome and follow-up work
Internal audits tend to result in the preparation of a legally privileged report giving management a full picture of the audit’s set-up and results. Depending on the outcome, the companies might consider:
- applying for immunity/leniency from the relevant regulators, when time is of the essence, and taking necessary steps to immediately terminate the conduct;
- remediating compliance procedures, training and guidance; and/or
- taking disciplinary measures against persons involved in unlawful conduct, which will depend on local employment laws (and the terms of any leniency) as well as the nature of the misconduct.
In certain circumstances, there may even be an urgent need for a well-prepared communication strategy towards customers and/or business partners.
If a company is not ready to take such action quickly, it may well question the reasons for conducting an audit.
“Even if audits do not reveal any wrong-doing, they are a very powerful signal that the company will not tolerate unlawful conduct. Antitrust audits are likely to be a hot topic on corporate compliance agendas in 2016.”
Rafique Bachour, Partner, Brussels
Looking ahead to 2016:
As antitrust authorities world-wide continue to take tough enforcement action against companies and individuals involved in wrong-doing, they are using increasingly sophisticated investigation techniques, as well as pursuing types of conduct that have been ignored in the past.
In this environment, we expect to see more companies conducting antitrust audits to test their compliance culture and to uncover and address any concerns, or to obtain the necessary comfort that the company is not exposed.
Given the increasing risks, companies considering such a step in 2016 will need to assess:
- The likely scope of misconduct and potential liability within their businesses;
- The expertise required to conduct a successful audit: particularly if the wrong-doing in question is potentially significant, involves senior management or the board of directors, or is multijurisdictional, engaging external lawyers with deep experience is critical; and
- All the risk and legal implications of an audit: this is particularly true if the conduct in question has cross-border impact and must be assessed under several national legal systems.
“Antitrust audits are an effective and increasingly popular way to pre-empt costly regulatory intervention, particularly in Asian markets where new laws are coming into force and regulators are increasingly active.”
William Robinson, Partner, Hong Kong