Last July, the National Commission of Market and Competition (hereinafter, CNMC) published the "Guide to compliance programs in relation to the defense of competition". This document establishes the requirements that a Compliance program must meet in order to be considered effective and, consequently, be positively assessed by the CNMC in an eventual reduction or mitigation of a competition-related penalty, which may even lead to an exoneration from the payment thereof.
The CNMC had pronounced on several occasions about the effectiveness of the Compliance programs implemented prior to the detection of the infraction (ex ante) as well as those implemented or modified once the company has been investigated (ex post).
In relation to ex ante Compliance programs, they are considered effective when they articulate and apply internal controls that internally detect antitrust behaviors.
Regarding ex post Compliance programs, the CNMC has maintained a positive assessment in various sanctioning resolutions (e.g., CNMC Resolution of October 1, 2019, expt. S/DC/0612/17, Industrial Assembly and Maintenance).
For a Compliance program to be effective and therefore positively assessed, the CNMC establishes the following requirements:
- Involvement of the Board of Directors and/or the main directors of the company: they must promote and encourage a culture of regulatory Compliance throughout the organization, as they reflect the policies of the company and its working culture.
- Training: training sessions must be given to company employees, adapted in each case to their field of activity and functions. Without adequate training, it is unlikely that the other elements of the Compliance program will be effective.
- Existence of a Whistleblowing Channel: having a Whistleblowing Channel allows for the rapid detection of illicit behavior, to the extent that anyone can detect an infraction and bring it to the attention of the person responsible for said channel.
- Independence and autonomy of the person or committee responsible for the design and control of Compliance policies: any Compliance program must have a person or a committee responsible for the Compliance, who has autonomy and independence for the development of its functions. This person or committee will report directly to the Board of Directors the most relevant issues regarding Compliance (e.g. detection of violations).
- Identification of risks and design of protocols or control mechanisms: any Compliance program must identify, analyze and assess the risks to which an organization is subject. Once the risks have been detected, and for the Compliance program to be effective, it will be necessary to design a control matrix (or risk matrix) in which the protocols and mechanisms designed for the prevention, detection and reaction to any illicit activity are identified.
Designing the internal procedure for handling complaints and managing the detection of violations: an effective Compliance program must have internal mechanisms for seeking advice regarding a practice that may be illegal and for warning of the existence of suspicions or the confirmation of a violation. In addition, the Compliance program should include a specific, pre-established and known procedure for the management of infringements or suspected infringements that have been detected. - Designing a transparent and effective disciplinary system: sanctions could involve anything from a reduction in salary to a dismissal.
The following link leads to the entire guide issued by the CNMC: https://www.cnmc.es/sites/default/files/editor_contenidos/Competencia/Normativas_guias/202006_Guia_Compliance_FINAL.pdf