How-to guide: How to design a competition law compliance programme (UK)

Updated as of: 04 November 2025

Introduction

This guide sets out steps for designing and adopting a competition law compliance programme to ensure compliance with the requirements of the Competition Act 1998 (CA 1998).

The guide is intended to support the systematic prevention of competition law infringements within your organisation. It incorporates practical tips, examples and guidance and discusses relevant legislation, preventative controls, due diligence procedures, data monitoring tips, remediation methods and how to identify and mitigate competition law risks specific to your organisation.

It is aimed at in-house lawyers and compliance professionals in organisations of all sizes and all sectors in the UK.

This guide includes the following sections:

  1. Overview of competition compliance programmes
  2. Scoping a risk assessment
  3. Elements of a compliance programme
  4. Monitoring and review

It can be used in conjunction with How-to guides: Understanding the Competition Act 1998 prohibitions, How to identify and prioritise competition law risk in your organisation (non-dominant and dominant organisations) and How to implement a culture of compliance with competition law in your organisation and Checklist: Competition law compliance.

Section 1 – Overview of competition compliance programmes

A competition law compliance programme (Compliance Programme) is a framework of internal systems and controls to ensure your organisation and its staff comply with legal requirements and internal policies and procedures.

A clear, established and well understood Compliance Programme that is advocated from the ‘top down’ across the entirety of your organisation may help to mitigate the very real and significant risks associated with breaking competition law and the imposition of a penalty under the CA 1998 (see the CMA’s guidance as to the appropriate amount of a penalty, 2018). See the How-to guide: How to identify and remediate competition law infringements.

Your Compliance Programme may be a standalone framework, or it may be part of a wider general compliance programme designed to address a range of legal risks (for example, bribery risks).

Your first step in drawing up your organisation’s Compliance Programme is to understand what information it should include. The programme should incorporate a risk assessment, risk management procedures, internal communications and training, a competition law policy, data monitoring and remediation methods.

1.1 Elements of an effective Compliance Programme

When designing your organisation’s Compliance Programme, bear in mind that competition authorities consider certain elements to be cornerstones of the programme’s effectiveness.

The factors that competition authorities such as the Competition and Markets Authority (CMA) take into consideration when evaluating the features of an effective Compliance Programme will generally include: 

  • its design and comprehensiveness;
  • the culture of compliance within your organisation;
  • responsibility for, and resources dedicated to the Compliance Programme;
  • competition law risk assessment;
  • competition law compliance training and communication to employees;
  • monitoring and auditing techniques, including continued review, evaluation, and revision of the Compliance Programme;
  • reporting mechanisms;
  • competition law compliance incentives and discipline; and
  • remediation methods.

1.2 Assignment of responsibilities and the importance of dedicated resources

Questions to consider about the resources your organisation dedicates to its compliance programme (dependent on the size and nature of your organisation) include the following:

  • Who is delegated day-to-day operational responsibility for the Compliance Programme?
  • Do compliance personnel responsible for the Compliance Programme have adequate experience and familiarity with competition law?
  • Has the level of experience and qualifications in these roles changed over time?
  • Does your organisation allocate sufficient compliance resources to educating employees on competition law?
  • Are such resources allocated efficiently by focusing on high competition law risk areas (for example, does the Compliance Programme identify and adequately train employees who have frequent contact with competitors)?
  • Who reviews the effectiveness of the compliance function and what is the review process?

For your Compliance Programme to be effective, those with operational responsibility for it must have sufficient autonomy, authority and seniority within your organisation’s governance structure, as well as adequate resources for training, monitoring, auditing and periodic evaluation of the compliance programme.

Section 2 – Scoping a risk assessment

The first step in designing your Compliance Programme is to identify your organisation’s competition law infringement risk. The identification of competition law infringement risk is important, not only because the CMA considers the first step in the risk management process to be the identification of risks but also because it informs the scope and extent of the compliance programme and allows for the management of those risks. For example, if your organisation operates in a sector that is characterised by bidding processes then managing risks around bid-rigging will inevitably be more important and relevant than in an organisation where this is not a feature of operations.

As a precursor to a risk assessment, you will need to clearly understand the scope of and how the CA 1998 will impact your organisation. See How-to guide: Understanding the Competition Act 1998 prohibitions. Embarking on this exercise correctly from the start will provide you with the required framework to create a tailored competition law risk assessment. As a result, your risk assessment will help your organisation to clearly scope the types of preventative controls it will need to incorporate into its Compliance Programme.

Create and then populate a competition law risk assessment with your organisation’s inherent risks of competition law infringement. See How-to guide: How to identify and prioritise competition law risk in your organisation (non-dominant and dominant organisations). Your risk assessment will identify and measure/prioritise the competition law risks within your organisation. This assessment will be key to designing and embedding proportionate preventative controls. Taking time to populate your competition law risk assessment systematically, as a practical step-by-step exercise, will in turn help you to tailor a successful Compliance Programme incorporating proportionate preventative controls for your organisation that will be:

  • clear;
  • fully integrated;
  • effectively implemented; and
  • consistently enforced.

Section 3 – Elements of a compliance programme

Once you have established your organisation’s compliance risks and taken steps to analyse and evaluate these risks, the next step is to manage and mitigate the applicable risks in line with the potential exposure through the design of your compliance programme. Your compliance programme should be proportionate to the risks that your organisation faces.

Senior management will need to participate in the implementation of your organisation’s Compliance Programme by endorsing it and any required preventative controls. For more information on senior management participation, see How-to guide: How to implement a culture of compliance with competition law in your organisation.

3.1 Policies and procedures

Policies and procedures will be a keystone of your organisation’s Compliance Programme. These will set out to employees (and potentially others), in writing, what your organisation’s expectations are around compliance, they offer employees a point of reference if they are in any doubt as to what to do and they also provide evidence of a commitment to compliance (some organisations post their competition compliance policy online as a public demonstration of their commitment to compliance).

In the UK there is no mandated approach to policies and therefore the policies that a company puts in place will depend on both risk level and how competition compliance fits into its wider compliance framework (for example, some companies may have a general compliance manual which includes competition law matters alongside other compliance matters rather than a standalone competition compliance policy).

Set out below are examples of the type of policies and procedures that could be put in place as part of a Compliance Programme and the information that might be included within them. Policies and procedures should be tailored to the activities and risks relevant to your organisation.

3.1.1 Competition compliance policy

A competition compliance policy (or section within general legal compliance policy/manual), may include the following:

  • A statement of the organisation’s commitment to compliance with competition law - this could take the form of a signed statement from the CEO which may help to evidence a culture of compliance from the top of the organisation downwards;
  • Scope of the policy – this would set out to whom the policy applies;
  • Obligations on or expectations of employees – it may be helpful to make reference to obligations on employees or expectations of them insofar as they concern compliance and behaviour. It may also be useful to refer to obligations imposed by either their employment contracts and/or other standards of conduct such as those set out in an employee Code of Conduct;
  • A summary of what competition law is and the types of behaviours that are prohibited – this summary should cover:
    • The main competition prohibitions and the types of behaviour that constitute infringements. It may be helpful to detail behaviour which would not be illegal under competition law and the types of behaviour on which advice should be sought prior to engaging on a particular course of conduct (this could be done by way of a red/amber/green categorisation or high/medium/low risk allocation). It may be helpful in particular to break down the application of competition law to the types of relationships/situations common in the organisation ie, relationships with suppliers/customers, contacts with competitors, bidding for tenders;
    • How to react in the situation where a competitor suggests not competing or discloses competitively sensitive information; and
    • The consequences of breach of competition law.
  • General dos and don’ts including around language to use or avoid in communications;
  • Who to contact to seek advice and how to try and maintain privilege over those communications;
  • The procedure for self-reporting internally and the potential benefits of doing so in terms of the organisation being able to consider how best to address infringements;
  • Links and connections to other policies/documents which should be read in conjunction with the compliance policy, such as codes of conduct, employment contracts etc.; and
  • A version control history – this should detail the version, when the policy was last reviewed, the next date for review and potentially any changes made from the previous version. Previous versions should be retained in the event they are required for the purposes of an investigation.

See further Checklist: Drafting a competition law compliance policy.

3.1.2 Other policies and procedures

Other policies/procedures which support or augment a competition compliance policy include:

  • Document retention policy/IT policy – in the event of an investigation or a need to conduct an internal investigation there may tangible benefits to the organisation in being able to locate and possibly produce correspondence and documents to the authorities. Therefore, it may be prudent (in addition to any technical measures deployed) to ensure that information is retained appropriately;
  • Procedures for meeting with competitors – it may be prudent to establish a procedure to be followed if employees are to meet with competitors. This may involve a requirement for approval to be obtained prior to the meeting, sign off on the agenda or purpose for meeting, minutes/notes to be taken and a review of notes or minutes to be undertaken for compliance following the meeting;
  • Reporting policy – this may cover:
    • The type of concerns that could be raised;
    • When concerns should be raised;
    • How to raise concerns;
    • What will happen to reports made – how they are dealt with and what further action to expect;
    • Confidentiality;
    • Any legal issues; and
    • Who is responsible for the policy.
  • Reporting procedures – this would involve setting up ways to report concerns such as an email address which is monitored, a phone line or other internal reporting mechanisms. See How-to guide: How to identify and remediate competition law infringements;
  • Gatekeeper approval mechanisms – for example, where a company is or may be deemed dominant, an approval mechanism may be put in place in connection with any new pricing practices or promotions;
  • Dawn raid procedures. See Checklist: Managing a dawn raid; and
  • Employee Code of Conduct - staff could be required to attest to such a policy on an annual basis.

Policies and procedures will need to be embedded with appropriate communications and tailored training (in respect of which, see further below). Choosing which policies and procedures fit best and how to embed them within in the operations of your organisation will be key to building an adequate competition law risk management framework. Ultimately, your organisation’s objective will be to foster a workplace with employees who can understand what behaviour infringes competition law and help to prevent infringements before they arise.

3.2 Training

Training, both general and targeted, will support the implementation of policies and procedures by ensuring that employees engage with issues of compliance and are aware of their compliance obligations.

Training should be tailored both to the risks arising from business activities and the role of employees. For example, if your organisation has been assessed as potentially being in a dominant position in respect of the activities of one of its divisions, training for staff members from that division will need to include training on behaviour which might constitute an abuse of a dominant position, whereas this would not be the case for staff from a division which operates in a market in which there are lots of competitors and it is a very small player. Similarly, in terms of cartel risk, those employees who are likely to be of highest risk may include employees who are likely to have contact with competitors and employees in sales and marketing roles, who should receive training to ensure that they know what they are, and are not, allowed to communicate to competitors.

Relevant considerations in relation to internal communications and training include:

  • offering training in a form and language appropriate for the audience (this may, for example, include case studies);
  • providing training online or in person (or both) with a process by which employees can ask questions arising out of the training;
  • addressing lessons learned from competition law compliance incidents (either at your organisation or in the same sector or industry);
  • processes for your organisation to measure the effectiveness of the training;
  • testing employees on what they have learned (with a questionnaire or a quiz). This will include information on how your organisation has addressed employees who fail all or a portion of the testing;
  • evaluating the extent to which the communications and training have impacted employee behaviour or operations;
  • the resources that have been made available to employees to provide guidance relating to competition law policies and procedures; and
  • how your organisation has assessed whether its employees know when to seek advice and whether they would be willing to do so.

See How-to guides: How to implement a culture of compliance with competition law in your organisation, How to identify and prioritise competition law risk in your organisation (non-dominant and dominant organisations) and How to identify and remediate competition law infringements.

3.3 Contractual arrangements

Contractual arrangements with third parties may give risk to competition law liability. To mitigate against the risk of restrictions in agreements being found to be in breach, organisations should have processes in place to ensure that contracts comply with competition law.

The use, as far as possible, of standard terms and conditions or template contracts that have been carefully drafted to conform with competition law are one step in helping to guard against the risk of anti-competitive restrictions. It may also be prudent to introduce or embed a process for legal sign-off on any changes to standard terms/contracts or the introduction of particular types of clauses. Employees responsible for negotiating agreements should also be educated on types of restrictions which may be problematic.

Section 4 – Monitoring and review

Your organisation will need to consider how to monitor and evaluate the effectiveness of your Compliance Programme and to adapt it where necessary.

Your organisation should review and update your Compliance Programme regularly. How often the Compliance Programme should be reviewed will vary from organisation to organisation and a number of different factors will influence this, for example, how often training is conducted may depend in part on staff turnover.

Your organisation should also consider ad hoc amendments to policies and procedures in response to other events, which may include:

  • Audits;
  • Complaints or whistleblower reports; and
  • Lessons learnt (either from your organisation’s own issues or from those of other companies operating in the same industry and/or geographical region). In practice, this implies the need for monitoring legal developments and horizon scanning. For instance, information on enforcement actions and guidance materials published by the CMA should be captured and translated into your organisation’s risk assessment.

Data monitoring and the production of management information have become expected standard corporate governance activities and there may be data relevant to competition compliance which can feed into your organisation’s Compliance Programme. Data that identifies trends and patterns of behaviour within your organisation (eg, pricing policies, sales volumes and geographic markets) may prompt further interrogation or investigation. The types of activity to highlight might, for example, include:

  • emerging themes (eg, pricing policies changing after trade association meetings); or
  • unusual conduct (eg, policy dispensation requests).

Relevant considerations around data monitoring as it relates to your Compliance Programme include:

  • Are the reporting and investigating mechanisms sufficiently funded?
  • How has your organisation collected, tracked, analysed, and used information from its reporting mechanisms?
  • Does your organisation periodically analyse the reports or investigation findings for patterns of misconduct or other red flags for compliance weaknesses?
  • Does your organisation periodically test the effectiveness of for example, a reporting hotline, by tracking a report from start to finish?

Staff surveys, questionnaires and feedback provided after training can also provide an important source of data monitoring for management information on competition law infringement prevention and its effectiveness. It is an additional tool by which staff and other associated persons can inform you on the continuing improvement of your Compliance Programme.

Additional resources:

Detailed information and guidance on the law has been issued by the UK government – Competition law and cartels, a basic guide on How to comply with competition law, Agreements and concerted practices, Understanding competition law and Competition Law Risk, A Short Guide and the updated version Competition law risk: a short guide.

Related Lexology PRO content

How-to guides:

Understanding the Competition Act 1998 prohibitions
How to identify and prioritise competition law risk in your organisation
How to implement a culture of compliance with competition law in your organisation
How to assess competition law risks in an agency agreement
How to identify and remediate competition law infringements
Understanding the National Security and Investment Act 2021

Checklists:

Competition law compliance
Meeting with a competitor
Conducting a competition compliance audit
Managing a dawn raid
Responding to an information request from the Competition and Markets Authority
Determining whether to file a National Security and Investment Act 2021 notification
Drafting a competition law compliance policy

Quick views:

Penalties for failure to comply with the CMA’s Competition Act 1998 investigatory powers
Penalties for failure to comply with the CMA’s markets investigatory powers
Penalties for failure to comply with the CMA’s mergers investigatory powers
Penalties for failure to comply with the CMA’s mergers interim measures powers
Director disqualification for breach of competition law
Competition law and land agreements
National Security and Investment Act 2021 case tracker

 

Reliance on information posted:

While we use reasonable endeavours to provide up to date and relevant materials, the materials posted on our site are not intended to amount to advice on which reliance should be placed. They may not reflect recent changes in the law and are not intended to constitute a definitive or complete statement of the law. You may use them to stay up to date with legal developments but you should not use them for transactions or legal advice and you should carry out your own research. We therefore disclaim all liability and responsibility arising from any reliance placed on such materials by any visitor to our site, or by anyone who may be informed of any of its contents.

Filed under

Topics

Laws