I recently read a decision by the UK’s Office of Fair Trading (now CMA) dealing with a competition law case. In the Lloyds Pharmacy/Tomms case the OFT put into action its policy on giving companies credit for having compliance programs.
This in itself is interesting, because by contrast, the EU’s DG Comp and the U.S. Antitrust Division have rigidly applied a one-size-fits-all policy to compliance programs; no matter what the facts of the case, who was involved, or how diligent the compliance program, no program is ever worth any consideration or recognition, for any purpose. (This has been a terrible policy that has hurt the development of antitrust compliance programs.)
But if you read the facts of the Lloyds Pharmacy/Tomms case (the decision is here in pdf), there were two things that are particularly interesting:
1. The facts of the case are a good illustration of how difficult it can be for conspirators to implement a “secret” collusive arrangement. Yes, two executives can have an initially secret deal to divide up markets, but the implementation is an entirely different matter.
You can read in the case how many emails and discussions it took to implement this and how many people had to be involved. You can see the internal friction and the mistrust between the conspiring parties. Those who think this type of conduct is somehow completely secret and impossible to discover need to understand how much work a cartel arrangement involves. Certainly they can’t be discovered if you don’t look, but if you have at least some diligence in your compliance program these things can be discovered.
2. Credit for the compliance program? What compliance program? Read all the detailed facts of the opinion and see where the compliance program was? Not one word that I saw. How could the OFT have assessed the compliance program if it did not look at it during the investigation? Where is the recitation of facts about the program?
This is the kind of mistake I believe you are likely to see, at least initially, in this type of case. Agencies should not be waiting for the company’s dog and pony show. They should be asking about the program right from the beginning, and the facts of the program should be among the case facts set out in the agency’s findings.
What are the lessons of this case?
First, if you look for misconduct in your own company you have a good chance of finding it. Even “secret” conspiracies leave trails and can be difficult to keep operating. Often, when someone says they will keep something secret, all they mean is that they will only tell one other person (at a time!). So it is tough to keep anything, including crimes like bribery, a secret. Of course, if your program is nothing more than giving lectures and issuing guides, then you probably will not find anything no matter how blatant it may be.
Second, governments need to learn how to assess compliance programs. This is not something they should leave to the last minute; it should be part of the investigation process. It serves neither government nor industry to have governments be easily deceived by smoke and mirrors. When they issue decisions like this they should also discuss what they found about the compliance program, and why the program was or was not given credit. This will help inform the regulated community and help raise the level of programs.
For companies, by all means they should be prepared to make a convincing presentation about their programs. But much more important is to have a program that is real. Make sure you are reaching all your people, and test your program regularly. If you go out into your foreign operations, talk with three local managers, and they have never heard of your program, your program isn’t working and won’t impress enforcement officials.
Whether you’re concerned about the FCPA or the UK Bribery Act, the real test is whether you are reaching (and teaching) your people in a meaningful way.
Joe Murphy is a Certified Compliance and Ethics Professional and author of 501 Ideas for Your Compliance and Ethics Program: Lessons from 30 Years of Practice (SCCE; 2008). He was co-founder and vice-chairman of the board of Integrity Interactive Corporation (now part of SAI Global). He serves on the board of the Society of Corporate Compliance and Ethics (SCCE). He can be contacted here.