Speech given by CMA Chairman, David Currie, to the Institute of Risk Management.
Maintaining open and competitive markets – what boards need to do to keep on the right side of the law
It is a great pleasure to be here today to speak to you all on the subject of risk – a fascinating and important topic into which I hope I have some insight from my past roles, as well as my current role as Chair of the Competition and Markets Authority (CMA). I know only too well how leaders approach and strategise risk and how important you all are, as risk professionals, in identifying, raising and mitigating the business threats facing boards.
Aim of today
The risks businesses face around anti-competitive behaviour are of obvious interest to me. And one of my themes today is that compliance with competition law is not always given the full attention and serious recognition that it deserves. While bribery, fraud and health and safety typically get the attention of boards, competition law compliance is too often neglected. That is why the CMA is making advocacy around compliance a major priority.
My call today is to escalate competition law risks higher up the agenda of all boards and in this opening keynote I want to explain why it should be firmly and clearly in the spotlight for the businesses and boards you represent.
Why compliance is important
So, why is it important to comply with competition law? There are three compelling reasons.
Competition is good
Firstly, because competition is good. Competition shows companies where they need to improve. It makes firms try harder, strive for greater efficiency, become more innovative, more productive, and ultimately be better businesses. There is no room for complacency or time to ‘rest on your laurels’ when you are being truly competitive. The evidence is clear that open markets promote innovation.
The CMA’s role is to promote competition. We came into being in April 2014 when we took over a range of powers from the Office of Fair Trading and the Competition Commission and we are now absolutely committed to ensuring that the CMA is delivering on its mission to make markets work well in the interests of consumers, businesses and the economy. Open, well-functioning markets are very much in the interests of efficient, innovative and fair-dealing businesses as well as consumers. Competition is very much in the interest of business – all good businesses are competitive.
Significant risks of non-compliance
The second reason why businesses should comply with competition law is that the consequences of not complying are severe. Breaking competition law can mean:
- businesses being fined up to 10% of their annual worldwide turnover – they can also be subject to damages claims by third parties
- significant and long lasting damage to a company’s reputation – the impact and consequences of this are inestimable
- individuals being imprisoned and/or fined – if a business engages in cartel activity individuals could be investigated for committing a criminal offence, prosecuted and sentenced to up to 5 years in prison and fined
- company directors being disqualified from managing a company for up to 15 years – saying goodbye to their career and professional reputation in the process
Clearly, being on the wrong side of competition law enforcement presents serious risks to businesses and individuals of which boards, board directors and risk professionals need to be aware. Boards have a duty to promote awareness of these issues throughout the organisation – effective risk management is distributed. They also need to be aware that the legislation underpinning the CMA’s creation strengthened its ability to proactively and rigorously enforce competition law.
The CMA’s appetite and capability for enforcement
That leads me to the third reason for businesses to comply with competition law – the CMA has an increased appetite for enforcement, coupled with a stronger ability to meet that appetite. The CMA’s new enforcement powers include:
- enhanced compulsory interview powers, which may be used during dawn raids
- imposing penalties on businesses and individuals that fail to cooperate with investigations
These are supported by an increased budget and resources to enable us to undertake more investigations and to work more closely with other sector regulators to deliver them successfully. With over half of new cartel cases opened since 2010 having been intelligence-led, the CMA is acting increasingly like a mainstream criminal enforcement agency. Our most recent activity includes the ongoing prosecutions in the galvanised steel tanks cartel case and successful prosecutions for unlawful pyramid selling under consumer protection law.
So, to summarise the argument so far, businesses and their boards should comply with competition law because it makes for good, competitive businesses from which consumers benefit. The risks of not complying are significant and, importantly, the risks of being caught and successfully pursued are now greater.
Compliance: antithesis of enforcement
But if enforcement is the bitter pill of non-compliance with competition law, proactive compliance is the far sweeter preventative medicine.
We recognise that the vast majority of businesses want to comply with the law and that they know that conducting their business fairly and competitively will give them an advantage. For these businesses we want to make it easy for them to engage with competition law compliance: to understand why competition law compliance is important, to know what anti-competitive behaviours look like, when such behaviours are most likely to happen and how to report them. You, as risk professionals, are essential to this work, along with other key advisers.
The CMA’s risk-based approach to compliance
To help companies understand their responsibilities in what can be a complex area of law, we are today publishing, I am pleased to say in partnership with the Institute of Risk Management, a short risk guide. This outlines a risk-based approach to ensuring competition law compliance. Central to this is an intelligent, well considered and proactive risk management approach, tailored to your organisation, rather than a ‘tick box’ compliance exercise.
It is intended as a non-technical account of competition and consumer law, with a range of short case studies with lessons that can be learnt from businesses that have failed to be compliant. It is intended to allow ordinary business people to understand the key principles and requirements of the law, and to spot danger signs that may need more specialist advice. The Guide sets out clearly the approach.
The steps to consider include:
Step 1: Identify the risks
Consider, for example:
- Are you at risk because your employees lack awareness and knowledge about competition law, the behaviours it covers and the associated risks?
- Do your employees seem to have information about your competitors’ prices or business plans?
- Are your customers also your competitors?
- Do you ever work in partnership with your competitors?
Step 2: Analyse and evaluate the risks
Consider, for example:
- What are the reputational consequences of non-compliance?
- What would the impact be on your brand?
- Which employees operate in high-risk areas?
Step 3: Manage the risks
This step involves setting up policies, procedures and training to mitigate the risks you have identified. By way of example, some businesses have found the following measures to be helpful:
- Training employees in competition law.
- Implementing an employee code of conduct.
- Making sure employees tell you if they are joining a trade association or attending events where they might be meeting with competitors.
- Establishing a system so that employees can get advice before action (for example, legal advice on a contract).
- Establishing a system for employees to report, on a confidential basis, any competition law concerns that they might have.
- Making anti-competitive behaviour a disciplinary matter in employment contracts and ensuring that it is covered in the company’s disciplinary policy.
Step 4: Monitor and review
- To ensure that your business has an effective compliance culture, review steps 1 to 3 and your commitment to compliance regularly.
- There may be occasions when you should consider a review outside the regular cycle, such as when taking over another business or if you are subject to a competition law investigation.
Virtuous circle of compliance
I believe that compliance and enforcement are complementary. The more we can promote awareness of competition law and a culture of compliance among firms, the more we can demonstrate that those firms who do not comply merit the serious punishments that we are empowered to impose – and the more we can demonstrate that there are significant consequences to non-compliance, the more firms will ensure that they do not infringe competition law. This creates a virtuous circle in which compliance is the norm and enforcement targets those businesses that deserve the consequences of breaking the law.
Advice: develop an instinct for risk which embraces anti-competitive behaviours
Let me conclude with some reflections on risk management in the wider business context, not just competition and consumer law compliance. Clearly we need good processes to manage risk, and processes that don’t hobble the business. But the right processes won’t deliver with the wrong organisational culture. A culture of openness, to encourage confession of errors without summary execution, is essential to effective risk management – the management of risk has to be distributed throughout the organisation, not concentrated, and the right culture is essential for that.
And a key part of an effective open culture is the operation of the board. As risk professionals, you should be able to look to your board non-executives as important allies, especially if you enable them to develop the nose for risk that you have, an ability to spot the telltale signs. I remember joining the board of a complex business, and after several months when I was starting to get my arms around the business going on a 2-day strategy away day.
For me, it sent a real danger signal when in the 2 days we spent just 5 hours on strategy, and the opening presentations by the Chairman and Chief Executive had been written by external management consultants. A few months later the business was in serious trouble. In another business, I struggled to understand the business model of the internet part of the business, and really couldn’t get it despite several shots at explanation. The business was based on a mirage. Making sure that your non-executives are exposed to key parts of the business, can ask real questions and get proper answers is a key part of the risk management business.
That brings me back to the question of awareness of competition and consumer law issues around the board table. As I said earlier, my experience is that awareness of the compliance issues in this important area is not typically as high as it should be.
We at the CMA will be doing all we can to raise awareness, through a 2-blade strategy of effective enforcement and advocacy of compliance. The Institute of Risk Management is an important partner in this, as are other professional bodies, and we are delighted by the cooperation that we have established with today’s publication of the short guide.