DOJ Antitrust Division’s Latest Compliance Guidance: Now Covering Civil Implications, Whistleblowing, Ephemeral Messaging, and AI

The US Department of Justice’s (DOJ) Antitrust Division recently updated its guidance explaining how it currently evaluates, and will evaluate going forward, companies’ antitrust compliance programs when making criminal charging decisions and sentencing recommendations. The November 2024 version of the document, “Evaluation of Corporate Compliance Programs in Criminal Antitrust Investigations” (“Guidance”), updates the 2019 document of the same name to discuss potential implications for civil antitrust matters and recent areas of focus, including whistleblowing programs, ephemeral messaging use and preservation, and artificial intelligence (AI) and other new technologies.

Fundamental Questions for Evaluating Compliance Programs

Antitrust compliance programs, when properly designed and applied, serve an important role in reducing a company’s antitrust risk. The Antitrust Division uses the parameters set out in the Guidance to evaluate corporate antitrust compliance programs at two stages: when considering whether and what type of criminal charges to bring against a corporation and when making sentencing recommendations. In both the original and updated versions of the Guidance, the Antitrust Division’s “fundamental” questions for evaluating corporate compliance programs have remained the same:

• “Is the corporation’s compliance program well-designed?”
• “Is the program being applied earnestly and in good faith? In other words, is the program adequately resourced and empowered to function effectively?”
• “Does the corporation’s compliance program work in practice?”

With this Guidance, the Antitrust Division is sending the message that an hour of antitrust compliance training, once a year, may not be sufficient and that companies should instead thoughtfully design their antirust compliance plans to be both effective and appropriately tailored to their lines of business. Although the Guidance recognizes that antitrust violations may occur even if a company has a well-designed antitrust compliance program, companies subject to a DOJ antitrust investigation will derive material benefits if their antitrust compliance programs reflect the Guidance.

Antitrust Compliance Checklist

The Guidance provides a checklist of key factors for an effective antitrust compliance program—one that prevents, detects, and addresses antitrust violations.

• Design and Comprehensiveness. The compliance program should be embedded in the company’s business. It should be clearly written and updated regularly to reflect legal developments and emerging risks. Particularized antitrust guidance should be provided to employees whose decision-making roles or external contact with competitors create a heightened risk.
• Preparation for Investigations. The company should prepare an evidence preservation plan covering ephemeral messaging and business information on employee devices. A company involved in a criminal investigation should be prepared to explain its preservation plan and use case for ephemeral messaging and other technologies that may deny the DOJ access to evidence.
• Culture of Compliance and Ethics. Executives and managers—including mid-level managers—should visibly support and promote a culture of compliance. Compliance programs that focus on the ethical rationale for antitrust compliance are more effective. Leadership should make clear that the company does not tolerate antitrust violations and should be ready to take accountability in the event of compliance shortcomings.
• Responsibility and Resources. The Chief Compliance Officer and others responsible for antitrust compliance should have qualifications, training, autonomy, and authority to oversee the program effectively. Compliance reporting structures should enjoy independence from management with authority to report directly to the board, if needed.
• Risk Assessment. The compliance program should be tailored to the company’s business and the antitrust risks it presents. The company should update its antitrust compliance policies continually to reflect changes to its business, including the use of artificial intelligence and algorithmic pricing.
• Training and Communication. The company should provide employees antitrust compliance training tailored to their roles, including both online and in-person training. Antitrust concerns often surface during live antitrust training.
• Monitoring and Auditing. The company should review and revise its compliance program periodically, informed by lessons from prior violations or compliance incidents. Successful antitrust compliance programs may also use monitoring, data analytics, and auditing to detect irregularities that may signal antitrust violations.
• Reporting and Investigation. The company should provide its employees clear, well-established mechanisms to report antitrust concerns without fear of retaliation. Investigations into antitrust concerns should be conducted promptly and the findings documented fully.
• Incentives and Discipline. The company should integrate compliance into its employee rewards programs, including compensation. The company should reward its employees for compliance. Similarly, the consequences for failure to adhere to the antitrust laws should be communicated clearly and followed consistently.

Key Updates to the Guidance

The November 2024 updates to the Guidance are notable in that they bring to the forefront topics on which the Antitrust Division appears to be laser-focused. Below are the key 2024 updates to the Guidance, which businesses—and their counsel and compliance teams—should keep top of mind as they evaluate the sufficiency of their antitrust compliance programs.

Civil Antitrust Implications

Though the Guidance focuses on criminal liability, the Antitrust Division notes in the 2024 version that “a well-designed antitrust compliance program should also minimize risk of civil antitrust violations” and the enforcement actions that can follow. The Guidance states that “[a] strong culture of compliance can allow a company to steer clear of civil antitrust violations.”

Notably, the Guidance goes further, suggesting that “if [civil antitrust] violations do occur,” companies should “promptly self-disclose” to the Antitrust Division. Companies should understand, however, that the protections of the Antitrust Criminal Penalty Enhancement and Reform Act (ACPERA)—which makes available certain limitations on a company’s damages liability in an action brought by civil plaintiffs—are limited to the self-reporting of criminal, not civil, violations.

Still, the Guidance makes clear that civil DOJ enforcement agents will be using a similar rubric as the Antitrust Division’s criminal prosecutors for evaluating a company’s compliance program: “In seeking to resolve investigations into civil antitrust violations, companies asking the Antitrust Division to take notice of existing or improved compliance efforts, including to avoid court-mandated further compliance and reporting requirements or retention of and supervision by external monitors, should expect the civil team to consider many of the same factors when assessing the effectiveness of their compliance program as criminal prosecutors do.”

Ephemeral Messaging Use and Preservation

The Guidance also includes new content to address the use and preservation of ephemeral messaging platforms. When evaluating the design and comprehensiveness of an antitrust compliance program, the Antitrust Division will now consider what “electronic communication channels” the company and its employees use or allow to be used for business purposes, what mechanisms the company has installed to manage and preserve information within those channels, whether the company has clear guidelines regarding the use and preservation of ephemeral messaging communications, and what preservation or deletion settings are available and the company’s rationale for its approach to those settings.

This new focus in the Guidance is consistent with enforcement agencies’ growing interest in ephemeral messaging. For example, in March 2023, the DOJ announced updates to its Evaluation of Corporate Compliance Programs (ECCP) document that added provisions regarding the use of ephemeral messaging. The DOJ recently updated the ECCP again in September 2024, maintaining those ephemeral messaging provisions. And in early 2024, the Federal Trade Commission and the Antitrust Division announced that they were updating the language in their standard preservation letters, grand jury subpoenas, and certain other correspondence to reflect new guidance on the proper preservation of this material.

AI, Algorithmic Software, and Other Technologies

The Antitrust Division will also now consider a company’s approach to AI and other evolving technologies when evaluating whether a compliance program has been “appropriately tailored” to account for antitrust risk. In particular, the Antitrust Division will now ask questions such as whether the company’s risk assessment addresses its use of AI, algorithmic revenue management software, and other technologies; what steps the company is taking to mitigate risks related to that technology; whether the compliance organization understands the AI and other tools used by the company; and how quickly the company can “detect and correct decisions” made by AI and similar tools that are “not consistent with the company’s values.”

The Guidance now accounts for AI in the Antitrust Division’s evaluation of antitrust training and communication as well. The Antitrust Division will now consider how a company’s training addresses “permissible and nonpermissible uses” of AI and other new technologies and whether the training addresses “lessons learned” from other antitrust violations or compliance incidents at that company and others in the same industry.

Whistleblowing Process and Protections

The updated Guidance includes new language related to a company’s confidential reporting structure and investigation process, including a focus on protections for whistleblowers. The Antitrust Division will now ask how a company determines which antitrust complaints should be further investigated and its process for doing so; whether the company’s policies are, “in practice,” encouraging or chilling the reporting of antitrust violations; whether the company has an anti-retaliation policy and related training for employees; and whether the company’s use of non-disclosure agreements is consistent with an effective and non-retaliatory whistleblower program.

The Guidance’s new language on whistleblowing comes after the DOJ’s August 2024 launch of a new corporate whistleblower awards pilot program. Both developments signal an increase in the DOJ’s interest in corporate whistleblower protections.

Key Takeaway

With these updates to the corporate compliance Guidance, the Antitrust Division and the broader DOJ are continuing to message their key areas of focus. These include issues surrounding ephemeral messaging, AI and other emerging technologies, and whistleblower protections. Businesses, their counsel, and their compliance teams should be attuned to these updates when evaluating and developing their antitrust compliance programs.