Compliance programmes

Commitment to competition compliance

How does a company demonstrate its commitment to competition compliance?

The Superintendence of Industry and Commerce (SIC) has not issued clear guidelines on how a company should demonstrate compliance, therefore, there is no particular way to demonstrate compliance besides providing a company’s internal policies.

However, the SIC has stated that a good compliance programme should take into account the following:

  • identification: identify the risks the company could face;
  • prevention: design and implement controls to protect organisations from those risks;
  • surveillance and detection: monitor and report on the effectiveness of controls in managing a company’s exposure to risks;
  • resolution: resolve difficulties concerning non-compliance; and
  • advisory: advise the company on standards and controls.


The SIC has also stated that a compliance programme should allow companies to detect and manage risks, promote a culture of compliance, and mitigate risks and sanctions.

Risk identification

What are the key features of a compliance programme regarding risk identification?

Compliance programmes should consider a risk-based approach and be subject to the commitment of senior management, reflected throughout the organisation (top-down commitment). As part of the International Competition Network, the SIC adopted key features in relation to risk identification, as follows:

  • identify the key competition law compliance risks faced by the business, which will depend upon the nature and size of the business;
  • take into account the characteristics of the market structure as some structures can make cartelisation more likely; and
  • be conscious of risks related to exchange of information, especially with competitors within trade associations or even day-to-day meetings.
Risk assessment

What are the key features of a compliance programme regarding risk assessment?

Regarding risk-assessment, the International Competition Network states, first, that businesses should assess how serious the identified risks are, rating them as low, medium or high. In addition, they should consider assessing which employees are in high-risk areas, such as those who have contact with competitors and those in sales or marketing roles.

In addition, compliance guidance may contain information on the law and the importance of compliance (the costs of non-compliance and the benefits of compliance), and compliance programmes should consider a risk-based approach.

Risk mitigation

What are the key features of a compliance programme regarding risk mitigation?

In relation to risk mitigation, it is important to set up controls to protect businesses and resolve difficulties of non-compliance. This includes establishing policies, procedures and training for employees and other actors involved to ensure that the identified risk does not occur.

Generating awareness among employees that suppliers or competitors are violating the law and may be causing damage to the business is important.

Although achieving an effective compliance culture may require an investment by the company, the overall benefits of this investment can far exceed the cost.

Compliance programme review

What are the key features of a compliance programme regarding monitoring and review of business practices?

A review involves regularly evaluating risk identification, assessment and mitigation policies and processes to update and comply with new regulations or market conditions. It is important to review controls within the company and evaluate compliance from the different actors.

Finally, it is important to review the programme and the risks from two points of view:

  • external: compliance with external standards imposed on the organisation, for example, laws (eg, free competition, regulations, criminal liability, etc); and
  • internal: a review of the internal codes of conduct that allow compliance with the rules imposed within the organisation.