In our fifth episode of the podcast, Majid Charania, Director of Compliance with the Competition Bureau of Canada, drops in to discuss the Bureau's revamped compliance program guidance with Counterfactual host, Julia Potter. Majid shares useful insights on the impetus for the updated guidance, the key changes from the 2015 edition, the value of compliance programs for companies of all sizes, and the essential elements of a credible and effective program.
In our fifth episode of the podcast, Majid Charania, Director of Compliance with the Competition Bureau of Canada, drops in to discuss the Bureau's revamped compliance program guidance with Counterfactual host, Julia Potter. Majid shares useful insights on the impetus for the updated guidance, the key changes from the 2015 edition, the value of compliance programs for companies of all sizes, and the essential elements of a credible and effective program. The revamped guidance is available online through the Bureau’s new Compliance Portal. The feedback link is open until June 9, 2023, and the Bureau encourages you to participate!
00:00
Welcome to Counterfactual, the podcast brought to you by the Competition Law and Foreign Investment Review section of the Canadian Bar Association. Counterfactual takes a fresh look at issues relevant to business competition and related areas of regulation, and explores the real and hypothetical worlds to gain practical insights and debate policy. Hope you enjoy the show.
00:29
Hello, and welcome to Counterfactual, the official podcast of the Canadian Bar Association's Competition Law and Foreign Investment Review section. My name is Julia Potter, and in this episode I'll be speaking with the Director of Compliance with the Competition Bureau of Canada, Majid Charania, to learn about the Bureau's revamped compliance program guidance. The episode will focus on what is driving the changes to the guidance, the importance of compliance programs, some of the essential elements of a credible and effective program and next steps for the consultation process. Before we begin, I will just say a few words of introduction about our guest. As Director of Compliance, Majid is responsible for promoting compliance by businesses of all sizes with the Competition Act and other labeling statutes that fall under the Bureau's responsibility. Prior to assuming this role, Majid was special advisor to the Commissioner of Competition, who is the head of the Bureau. He has significant enforcement experience leading or participating in complex merger reviews and abuse of dominance cases, both at the Bureau and the European Commission as a visiting case handler. He also has experience litigating on behalf of the Commissioner and providing legal advice to the Bureau as counsel with the Competition Bureau Legal Services, a unit within the Canadian Department of Justice. Prior to joining the Bureau, he worked for a national law firm and in sales and marketing for a major integrated oil and gas company.
1:58
Majid, hello, and welcome to Counterfactual. We're so glad you could join us.
2:03
Hi Julia, it's great to be here.
02:04
So I thought we would start by getting a sense of why the Bureau decided to develop the new compliance program. It seems from reading the draft that the Bureau has taken the opportunity to change the program to what might be described as a more user-friendly online format. But is the change to the guidelines being driven by feedback on the previous 2015 program? Or is the new program also being driven by recent changes to the Competition Act, especially in respect of the increased consequences? Or is it really just something else entirely?
02:33
So thank you very much for the question. I think there are a number of different reasons why we've decided to revise our guidance to businesses on compliance programs. Back in 2020, the Bureau published the Commissioner’s Strategic Vision for 2020 to 2024. And one of the items in there was to publish updated guidance. Our current bulletin was last updated in 2015. And before that, in 2010, so we made a decision to make changes to the bulletin. We were looking at the markets, you know, for example, the digital economy giving rise to new or evolving compliance considerations. We'd also paid attention to some of the developments in the international competition law enforcement realm. There's been an increased attention on compliance around the world. We've seen new or revised guidance from the US DOJ, from the French and Italian authorities, and a few others. So, you know, we were tracking that, and we decided that the time was right for us to take a look at our own materials. We also participated in discussions at the OECD around competition law compliance programs in June 2021. And we also took note of research that the OECD did on gender inclusion and competition. And that research started to yield results over the past few years. And some of those findings had opportunities in the compliance areas. So we looked at a lot of different things, and that's what drove us to do this revision process. I should say the 2022 amendments to the Competition Act; they definitely informed our revisions. So for example, they led to us adding a section on wage fixing and no poaching. And that's meant to complement our core guidance on the topic, which is out for consultation.
04:40
That's really helpful background and as you noted, it has been a few years since the last program was issued. So what are the key changes that have been made from the last program since 2015.
04:50
So there have been a few changes that are more visual and designed to improve the user experience around this guidance. We recognize that this guidance was really there to help businesses, their counsel and their compliance professionals to understand the law and how to mitigate the risks. And in a lot of cases, those audiences are not experts in competition law. And so we wanted to make sure that our resources were as impactful as possible. So we did a few things to help move the needle on that. For example, we've added some overviews of conduct that's covered by the laws we enforce, which we didn't have before. That's designed to make our compliance guidance easier to link to competition law concepts and marketing issues. We tried to use accessible in plain language where possible. And part of the benefit there is to be able to speak more easily to SMEs that don't necessarily have sophisticated competition law counsel on retainer, but still need to understand the laws that they need to follow. We've also updated the examples and hypotheticals in the guidance and in updating them, we've applied a few different lenses. They include, you know, looking at digital economy issues and trying to weave those in. Also looking at gender and inclusivity issues, you know, how are we writing our examples? How do we speak to a broader audience and a more diverse audience. We've also changed the format. In the past, our guidance was structured in one document called an Information Bulletin. We've moved now to something that is more akin to a web portal. It's meant to be more of a one stop shop with a better experience for the user. On the substantive side, I should say that there are no major fundamental shifts on the Bureau's positions; for example, the credit for compliance programs for leniency applicants, or you know, the core of the principles that underpin a credible and effective program. Those are largely the same conceptually. But as I mentioned, you know, it may look different now, in terms of the way that we've laid it out.
07:21
Got it, yes, and those changes certainly do come through in the draft. Has anyone been helping the Bureau to develop the new guidance, or did you engage a consultant of any kind?
07:30
Yeah, so we tried to get as much of the best advice and information we could as we were building out this new content. You know, as we do in many areas of our work, we engage with our international counterparts. So some agency that had been looking at compliance issues recently, those with experience in compliance promotion. So we certainly had conversations with our counterparts. We also worked with two internationally recognized independent compliance experts to get some tailored advice on the principles to make sure that we were up to date and also to make sure that we were speaking the right language in our content. So we worked with Anne Riley, who was with Shell for many decades, and also has worked with the ICC on antitrust compliance. We also worked with Joe Murphy, who has 40 plus years of experience in compliance work generally, and also has a particular interest in competition law. So we ensured that we had, you know, some of the best advice we could get in building out the content that we have, that we put out there for consultation. On the plain language front, I should mention we also got some external advice on how to communicate, you know, technical compliance and competition law and marketing concepts in a more accessible way. So we've definitely tried to get input from the right sources to get us to where we've gotten to now.
09:02
It's very interesting. And also very, super helpful background on what's driving the new program and sort of how it was created. So if we turn to the program itself, from your perspective, what are the main reasons a business should think about creating a compliance program, or reviewing an existing program to make sure that it has all of the elements that the guidelines set out? And, you know, what assurances if any, will companies have that their efforts to do that will be recognized or accounted for by the Bureau?
09:30
So I think there's a few, you know, main reasons or benefits why a business should create or maintain a compliance program, and do so in in the context of the principles we set out in our guidance. You know, I think one bucket of reasons is around risk mitigation. So, you know, there's a benefit in having a well-structured program because, you know, businesses can identify misconduct early, if it happens, but really they can do their best to mitigate the risk of it happening in the first place. That's kind of a general benefit. But there's a number of attendant benefits there. You know, if you end up in a situation where you're dealing with an investigation that comes with costs and distractions for management If your compliance program is credible and effective, you can minimize the risk of getting to that place in the first instance. You know, financial penalties that come with enforcement action, whether directly through the courts pursuant to Bureau litigation, or indirectly through exposure to class actions. Those are real risks that come with, you know, a lack of compliance programs or culture within a business. There's also reputational damage. And, you know, frankly, I think the importance of that is increasing with the internet, social media, you know, information is more accessible to people. And it's, it's more widely and more quickly widely available. And then outside of sort of the corporate liability side, there's personal liability issues where a program can help mitigate risks. You know, liability for people in criminal and deceptive marketing cases is real. There are a number of cases recently where both have been engaged corporate and individual liability. And then maybe one other element under sort of risks and consequences that I want to highlight is losing the ability to bid on federal contracts. If you end up embroiled in a criminal case, you could lose that ability, and those contracts could be valuable for a lot of businesses. So definitely a lot of reasons and benefits to have a program. And I should say that's true for businesses of all sizes, not just big businesses. I think, you know, using a different lens, a compliance program can actually strengthen a business. Having a better understanding of the law can help a business detect if it's the victim of anti-competitive conduct. And I think that's especially the case for SMEs. So, yes, there's a risk mitigation element. But there's also, you know, an element of being able to spot issues, and where the business finds that that's the right course of action to share information with the Bureau so that we can look into it and maybe take action. They can also help strengthen a business's ESG measures. And that's an important and increasingly important area for businesses these days. And I think competition law compliance maybe most directly relates to the G in the ESG, the governance side of it. It's a powerful tool in the toolbox of achieving governance goals for a business. And then I think, overall, you can, if you have a strong program, you can demonstrate that you're walking the talk of your corporate values. If you say you're going to be a good corporate citizen, having a credible and effective compliance program demonstrates that to everyone – your people internally, to the folks in your supply chain, to businesses that you want to do business with or partner with. So there's value to it there. You know, anti-trust and deceptive marketing might not be top of mind issues for a lot of companies with compliance programs, especially if they see direct risks, like environmental or health and safety, but programs they have set up to deal with those risks can also be used, adapted to cover anti-trust and marketing risks. So there’s a bit of an economies of scale benefit there, if they've already got, if businesses already have programs. They can use many of the same tools and systems to deal with competition law risks. When it comes to assurances, you know, about their efforts being recognized and accounted for, I think at a at a high level I can say that, you know, the Bureau will always listen to what a company has to say about their compliance measures. But I should also say there are legal frameworks at play here. So outside of us always listening in criminal matters, you know, the Criminal Code has sentencing guidelines or provisions in the Criminal Code that explicitly require the trier of fact to take into account mitigation measures that are designed to prevent future breaches. So that's baked into the law. On the deceptive marketing side, you know, as a similar concept, you know, having to take into account compliance measures is baked into part 7.1 of the Act, arguably, and the due diligence defense. So you know, there's some elements of the law that help a company understand the benefits of putting a program in place and give them an assurance that that program will be recognized if it's credible and effective. So, you know, if in a marketing case, if all the appropriate policies and procedures were in place to avoid a breach, but there was a breach nonetheless, and you know, there's a Bureau investigation, it's something we would take into account, certainly, in deciding how to proceed with the matter. And it's something that the court, you know, would look at if you get to litigation. So really, if you demonstrate efforts in good faith, then you're in a good position, you know, when you're dealing with a Bureau investigation. And you know, good faith is obviously more than just having a paper program. There needs to be some evidence of effective implementation of a strong culture of compliance and then of some regard to the principles set out in our guidance.
15:48
That's very helpful, and you’ve laid out lots of good reasons why someone might want to put in place a program. And so in your experience, what aspects of compliance most typically fall short for businesses?
15:59
That's a tough question, because I think you'll hear me say a lot of times, there's no one size fits all, or one particular aspect of a program, you know, that's determinative. And I think the same goes for what typically falls short. But there are situations where, you know, we've seen a weak culture of compliance, or, you know, very little or no effort demonstrating an implementation of a program, you know, so like I said, a paper program, but nothing more than that. We've seen that from time to time. For example, you know, we've seen situations when we're interviewing people from a company under investigation, that there's a disconnect between the messaging, you know, we get from more senior people like board members, and the working level, that suggests that a strong culture of compliance is not actually there. You know, we've seen box checking exercises where there's a vague awareness of compliance obligations, but nothing more. So those are the types of things that suggest to us that a compliance program, if it exists, is falling short. So, you know, effective implementation that includes longer term attention, not just putting a paper program in place at a point in time and calling it a day. You know, we should see evidence, if a program was put in place, long enough ago, that there have been revisions, there's been an effort to update it and to train on those updates. Just as an example, all of that, you know, demonstrates to us that compliance is being taken seriously. Maybe one example, on the deceptive marketing side, you know, there are situations in ordinary selling price cases we've seen in the past, where all the mechanisms for compliance are there to gather data to look at the time and volume test contained in the law, but then that data is not actually acted on. So there are situations where what's put in place is not actually implemented well, and it really takes evidence of implementation, effective implementation, to get to credible and effective for us.
18:17
That’s great. I'd be interested to hear whether there are certain elements of a compliance program that are given more weight than others. So for example, what happens if a compliance program has some or even most, but not all of the elements laid out in the guidelines.
18:32
So I think maybe to start off, you know, if a company comes to us and wants to show us what they've done on the compliance front, the onus is on them to prove that, that their program is credible and effective. So they have to show us what they've done, you know, to meet each of the eight principles we've laid out in in the guidance. And those principles are intertwined. It's very hard to say that there's a definitive weight given to each element. Those elements really have to be applied and interpreted in the context of the business and we look at the facts of the case and of the business that's, you know, that's in front of us. You know, as an example, if you've got a risk assessment built into your program, but we don't see the results of that risk assessment really effectively implemented through policies and procedures that match that could be a red flag; or you know, if you've created the right controls, but there's no evidence that you're communicating with employees, so that they know what they have to do or not do. That's another red flag. And these are extreme, you know, black and white type of cases, but they're illustrative. If a business only shows that they've applied some of the principles, but not all of them, it's going to be harder for them to convince us that they actually and genuinely, you know, went through the process of building a proper program and in the spirit of the guidance. And I should say, you know, the principles, they're not a checklist. They should be, like I said, applied in the context of the business. And so some of them to actually act on them may take more or less time and effort, depending on the business. And for example, you know, I mentioned earlier, businesses that have compliance programs that are well put together, but to deal with, let's say, another area of risk, they may not have to invest the same time and effort that a business with no program has to invest in putting together policies and procedures or systems. Those may be there, but they may have to spend more time on the risk assessment if they've never thought of competition or marketing risks. Maybe in terms of the weight of the elements, you know, we would look at all of the parts of a program that's presented to us holistically, when it comes to our recommendation around whether a program is credible or effective. So certainly no bright line. And we have to look at that interaction between all of the different elements. As you know, on the criminal side, it's ultimately up to the Public Prosecution Service of Canada to determine what if anything they're going to do in terms of credit for compliance programs, what they're going to recommend to the courts, if they get to that point, on sentencing. They take our recommendation seriously, but a decision on how to weigh what's been presented in terms of a compliance program is up to them, and it's case by case.
21:47
So let's switch gears a little bit to outside counsel’s role in all of this. Will a compliance program be given additional credibility if it is set up by outside counsel? Or have you seen any examples of when a compliance officer or department’s failure to seek timely legal advice has resulted in illegal activity?
22:07
I think there's a short answer to the first part of that question and it's simply no. You know, in terms of outside versus inside counsel, how it's set up and supported, we're indifferent as to whether it's external counsel, or folks within a company. Really, the important issue is always whether or not a program is credible and effective having regard to the principles we've outlined in our guidance, and the circumstances of the business in question. That's really what it boils down to. In terms of, you know, examples where we've seen, failures: Compliance failures that we've seen are typically less about a compliance function not seeking legal advice in a timely way. They tend to more be around the mere fact of not having a program, or having a paper program that's not implemented effectively. And there's a lot of cases where we see these types of fundamental failures. And it's just that the fundamental issues are really what get, or what could get, companies into trouble.
23:16
So in terms of ongoing support for a program, how important is auditing and monitoring, and just general regular maintenance of the program in terms of its credibility and effectiveness? So, for example, is there a certain frequency of training that a business would want to do, so once a year training for employees, would that be sufficient?
23:37
So like I said before, you know, all of the principles are intertwined to a certain degree. So auditing and monitoring are certainly important. And they're key to regular maintenance or evaluation, you know, as we call it. Monitoring is, you know, as a proactive process, is a good way to judge whether your program is working in practice. So, you know, for example, a manager could ride along with a sales rep to see what they actually do in the field. That could shed light on how well training programs, for example, are working in practice. And then that, in turn, can help a business make improvements to its compliance efforts. On the flip side auditing, we see that as more reactive, it can help to uncover past issues. And so perhaps it's a bit less related to training. You know, for example, an auditing measure could be something like looking at expense reports or other documentation for folks in at risk rolls like salespeople again, to see if during their work they've engaged with competitors, who was involved in meetings, and picking out risk areas to do a deeper dive. So I think those are, they're certainly important. I think they're more or less linked to training. When it comes to training frequency you know, like I said before, there's no one size fits all, it really depends on the risk profile and the circumstances of a business. So, you know, if you've got a business that's grown quickly, that's hired a lot of new staff over the course of a year, especially into at-risk roles, like sales or marketing, you know, it's entirely likely that once a year training might not be good enough. And then I think, based on that, it's probably good advice to assess what a business has done, what the evolution has been within a business, to determine how often you're training your people.
25:40
And we've touched on this a little bit already. But a lot of times when we think of compliance, we sort of initially think about large companies, but of course compliance programs are just as important for small businesses to think about, and that is certainly referenced in the guidelines. So the question for you really is, at what point in a small business's growth should it be adding, let's say, a dedicated compliance officer, or implementing more formal systems or specific responsibilities dedicated to compliance? And I mean, it sounds like there's no one size fits all approach, but is there some kind of a threshold either financially or based on number of employees that businesses could use as a guideline? And sort of as a follow up to that, do you typically see compliance issues arising with these sort of fast and growing small to medium sized businesses?
26:29
So I think the answer to the first question is certainly, yes, you know, compliance programs are very important for small businesses to think about; the risk is real. I think, as a general concept, the way that the principles in our guidance are applied, may and should probably look different for a small business versus a large business. And that can take many different forms. We don't need to see the exact same systems put in place by a big bank, in a business with 50 to 100 employees; it may just not make sense. And it may not be necessary for them to demonstrate to us that their program is nevertheless credible and effective. But it's important for them to have thought about compliance measures and put in place measures to mitigate their risks. So I think, and that's borne out by some recent cases that we've had, that have involved small and medium sized businesses, in addition to big businesses, you know, we've had a string of bid rigging cases in Quebec, for example, that dealt with municipal and provincial infrastructure contracts. There were small, medium and big businesses involved. And there were financial penalties, there are criminal records. And, you know, those risks are all real, no matter how big or small the businesses were. Same goes for some other bid rigging cases. We've had condo renovation in Toronto, social housing projects in Manitoba. These are all cases where small and medium sized businesses were involved, and they ended up with penalties that have serious consequences, criminal records, etc. So that demonstrates that the risk is certainly real. When it comes to, you know, when a company should have a dedicated compliance officer or more formalized systems. I'm going to go back to the line I've used before which is there's no one size fits all solution or answer to that question. There's no magic formula or bright line, but you know, as a general proposition and this is in our guidance, the resources that a business dedicates to compliance, they should be aligned with the risks faced by the business. So, you know, if risks are high, if they've done a good risk assessment, and they see that there are issues that they may face because of the nature of their business, they might want to dedicate more resources to mitigating those risks. You know, the cases I mentioned, they all happen to be bid rigging cases, it's certainly not the only area in which small businesses can get involved. But those are some good examples because the consequences are not, they're not minor, you know, having a criminal record is a serious thing. And people who own small businesses ended up with them. And it's entirely possible that strong compliance measures would have helped them avoid that. When it comes to fast growing SMEs, I think the key there is that they should be aware that their risk profile could change very quickly, you know, if they're entering new markets, or they, especially in digital markets, end up winning a market or in a market that tips in their favor, their risk profile could change. They could go from being the small or medium sized company that could be the target of anti-competitive conduct, to one that has a degree of market power. And they should, you know, think about what their business practices, what their contracts, look like, so they can assess risk from being potentially in a position of having committed an abuse of dominant position, as an example. So in that particular case, it's even more of a benefit, I think, for those companies because to go back to something I said earlier, you know, the compliance program can help them understand the law from a traditional compliance perspective, but it can also help them understand when they might be victims. And you know, going from one side to the other, could be a very quick transition, especially in digital markets.
30:50
So looking at the next steps for compliance guidance, what is the timeframe for the consultation period? And are there any specific areas of feedback that the Bureau is looking for?
31:00
Yeah, so we're open for a three month consultation period. The consultation will end on June 9 of 2023. And we're looking for feedback, not just on the substance, which we certainly welcome, but also on the form, so on things as simple as graphics, you know, effectiveness of tables and charts that we've used to convey the concepts, things like that, because so much of this revision has been aimed at making the concepts more accessible, easily understandable, and more targeted at an audience that isn't necessarily expert in competition law. So across substance and format, we welcome feedback. We also would love to hear about what type of material the Bureau could produce, again, for that same audience, you know, non-competition law experts that could complement this guidance. So, you know, one pagers, shorter pieces, different media, anything really, what can we do to round out our stable of resources on compliance?
32:15
And it would be kind of helpful if you could give us a bit of background about how the consultation process works on the Bureau's end. So you know, is a change more likely to be implemented between the draft and the final version if you're hearing similar comments from multiple different sources?
32:30
Yeah. So I think on the first part of that question, we're in, we're trying to be as accessible and inclusive as possible. So in addition to being open to, you know, a traditional written submission in the form of a letter, we will have a questionnaire that's available, there is an option to upload written submissions, you can send us an email, and you can also request a meeting. We're more than happy to sit down with folks who want to give us feedback, and talk that through. So you know, really, we welcome any opportunity to improve our new compliance portal. The idea is to make it as practical and useful as possible. In terms of the feedback, you know, we will look at all of the feedback we get, that's for sure. And we will determine what if any changes we need to make to what we've put out there in draft form. And I think, based on what we see, commonalities that we see, across different sources of feedback, that will certainly help us prioritize what it is that we edit in the final version of the material. I think we're doing some new things in this consultation process like making more channels of feedback available. So we're hoping that that helps us get to what you were talking about, you know, various sources of feedback, possibly seeing trends in the feedback and enriching our consultation process as much as possible.
34:05
And so looking even further ahead, how will the Bureau assess if this new update has been, you know, quote unquote, successful? Or what metrics will you be looking at to measure its success?
34:16
So we’ve, by changing the form of this guidance, by making it into more of a web portal, we've opened up the opportunity to look at web statistics, so to look at click throughs, chains of navigation amongst the pages within the portal. So that's going to help us determine which parts of the guidance are most used, most read. We're going to be promoting this guidance and the consultation through social media. We will be able to then track what engagement we get through social media, that’s an option. And then in the longer term, we intend to follow up on the public opinion research that we did back in 2019, 2020. And we can use that opportunity to see if we've been able to move the needle on things like awareness with compliance obligations under the Competition Act. So these are steps that, you know, we might consider. They're not set in stone, but certainly we have more options now than we might have in the past. And we'll consider how best to evaluate the material as the consultation continues and when we finalized the material. And I should say that we're always happy, whether or not there's a formal consultation on, to receive constructive feedback on our content so that we can improve it. And in this particular case, because one of our key audiences is non-experts in competition law, the business community, we certainly want to hear feedback, you know, over the longer term, because we're trying a lot of new things in this guidance and in this format. So we're really all ears all the time.
36:01
Well, thank you very much, Majid, that was all of our questions for you today. And you've given us a lot to think about and a lot of really helpful background on the guidance and sort of where the Bureau is going with it. And, you know, we encourage any of our listeners who do have feedback to take the time to use the consultation process and then get that information over to the Bureau. So thank you again.
36:21
Thanks, Julia.
36:22
Thank you for listening. Counterfactual is produced and distributed by the Competition Law and Foreign Investment Review section of the Canadian Bar Association. The opinions expressed by the participants in this podcast are their own and do not necessarily represent those of their employer or other organizations. If you enjoyed this podcast or would like to join the Canadian Bar Association, please visit www.cba.org/sections/competition-law.