Managing Competition Law Compliance Across Complex Organizations with Ethical by Upryt

Many global companies are exposed to various competition law risks, from inadvertent information sharing with competitors to mergers and acquisitions that may raise antitrust scrutiny. For large organizations with multiple Business Units, keeping track of these risks and ensuring robust controls is a scale challenge. Ethical by Upryt is a pragmatic platform to assess, manage, and deploy competition law compliance programs at scale in your complex organisation.

If you’d like to read a refresher on competition law itself, check out Pauline Blondet’s article on How to set-up (or step-up) your competition law compliance program 🤓.

Competition law is a key area of corporate compliance, designed to protect markets, consumers, and fair competition. Across the globe, regulators increasingly expect companies, especially multinational organizations to proactively manage competition law risks through formal compliance programs.

Global Regulatory Expectations

Europe: The European Commission encourages companies to implement robust compliance programmes as a way to reduce the risk of infringement and associated costs. However, it makes clear that simply having a programme in place will not automatically result in a reduction of fines if an infringement occurs.

United Kingdom (UK): The Competition and Markets Authority (CMA) expects companies to maintain strong internal compliance frameworks, including policies, training, and monitoring, to help prevent competition law infringements. While the CMA recognises that effective compliance programs are an important element of good corporate governance, they are no longer treated as a mitigating factor when determining fines. Instead, the CMA views compliance as a baseline expectation for responsible business conduct (CMA’s guidance as to the appropriate amount of a penalty, 16 December 2021) 

United States (US): Both the Department of Justice (DOJ) and Federal Trade Commission (FTC) recognize that effective antitrust compliance programs can be a mitigating factor in cartel and collusion investigations (United States Department of Justice (DOJ) Antitrust Division’s “Evaluation of Corporate Compliance Programs in Criminal Antitrust Investigations” (July 2019, updated November 2024))

Other jurisdictions: Many countries, including India, Australia, Canada, Brazil, and Japan, increasingly view proactive compliance programs as a sign of corporate responsibility and as a factor that may influence penalties in case of violations.

Key Takeaways

• Regulators expect companies to identify, assess, and mitigate competition law risks. More and more it is expected as a baseline of proper business conduct.
• Compliance programs should include policies, training, monitoring, and reporting mechanisms, and must be adapted to the company’s size, structure, and geographic footprint.
• Multinational companies with complex Business Unit structures face unique challenges in ensuring consistent compliance across markets.
• Ethical by Upryt provides a scalable, structured solution for managing competition law risks, from risk assessment to program deployment, ensuring companies can meet regulatory expectations while reducing operational and reputational risk.

1 - Assess your Risks by Running your Competition Law Risk Assessment

The first step is understanding where your organization is exposed to competition law risks, and to which risks specifically. Global companies with multiple Business Units in many different countries often face a wide range of potential issues, from sharing of sensitive information to antitrust scrutiny around mergers or collaborations with competitors.

Using Ethical by Upryt, companies can run structured competition law risk assessments across all their Business Units, knowing where they should prioritize their action.

Top-Down & Bottom-Up Risk Identification

Head Office / Global Compliance Team: can define a list of key, company-wide competition risks, ensuring all Business Units are aware of the main areas of concern and help assess them systematically. This will provide an effective way to help prioritize the action and program for the central team.

Business Unit-Level Input: Ethical by Upryt also enables Business Units to identify additional risks locally, reflecting specific operational realities that the central team may not see. This ensures a comprehensive, ground-up view of exposure.

Typical Key Competition Law Risks

You may want to check out How to set-up (or step-up) your competition law compliance program, but some of the most common risks (both horizontal and vertical) companies assess include:

• Exchange of sensitive information between competitors (pricing, margins, strategic plans). This general risk can also include the specific Hub & Spoke set-up when your company is a supplier towards customers who are competitors.  
• Participation in industry associations or working groups that could facilitate coordination.
• Joint ventures, alliances, or collaborations with competitors that may reduce competition.
• Bidding for contracts alongside competitors, raising the risk of bid rigging.
• Mergers or acquisitions of potential competitors, triggering regulatory filings (HSR, EU merger control, local regimes).
• Deals raising concerns around data, interoperability, or platform access, particularly relevant in digital or AI services.
• Resale pricing, minimum discounts, or customer restrictions that could limit market freedom.
• Exclusivity arrangements or loyalty rebates that may foreclose competition in certain markets.

By capturing both head-office-identified risks and Business Unit-specific insights, Ethical by Upryt allows you to get a comprehensive view of potential exposures, laying the foundation for the deployment of a solid risk-based compliance program, and actions that are prioritized and informed.

Let’s take a close look at how we would assess a concrete Risk:

Example Risk: Exchange of Sensitive Information Between Competitors (Hub-and-Spoke Scenario)

A common scenario involves a company acting as a supplier, platform operator, or service provider to multiple competing clients. If employees inadvertently share commercially sensitive information, such as pricing, margins, or strategic plans,  across clients, this could constitute a hub-and-spoke collusion.

The Risk Assessment would capture the likelihood of such a risk, for example, each Business Unit answers targeted questions to gauge the likelihood of sensitive information being shared in such a hub and spoke situation:

How likely is it that our organization could unintentionally facilitate the exchange of sensitive commercial information between competing clients (e.g., through shared analytics, benchmarking, or joint service platforms)?

This would provide a Gross Likelihood score for this Risk, in every single Business Unit.

We would also assess the Impact of such a Risk:

“If sensitive information were inadvertently shared, what would be the potential financial, reputational, or regulatory consequences?”

Furthermore, questions related to which measures and controls are in place to mitigate this Risk can also be asked to automatically calculate a Net risk Score, based on pre-set reduction factors. 

We could for example ask:

“How well understood and regularly reinforced are our global antitrust policies and training across key functions (sales, procurement, M&A, partnerships)?”

“How confident are we that team communications (emails, chat, proposals) avoid language that could be misinterpreted as collusive or restrictive?” 

Example answers to that last question could include:

• 1 - Very confident: teams are trained, templates exist, regular reminders, no incidents
• 2 - Mostly confident: general awareness exists, minor gaps, occasional ambiguous phrasing
• 3 - Somewhat confident: awareness uneven, some risky communications, no structured review
• 4 - Not confident: Little guidance, high chance of risky exchanges

Once your Risk Assessment is launched, responses from Business Units are captured and visualized in Ethical: Risk Assessment, highlighting high-risk areas across the organization, Risk by Risk, but also, Business Unit by Business Unit, or generally, for the Group. 

All of it is neatly organised in configurable Risk Maps.

Each Risk can give rise to specific additional mitigation measures that can be implemented, the completion of which is closely monitored. With clear due dates, responsible, with full audit trail and accountability.

2 - Manage your Competition Law Compliance Program Through Program Management

Once risks have been assessed and mitigation measures are ongoing, Ethical by Upryt allows companies to translate the learnings from the Risk Assessment to feed into their Competition Law compliance Program, prioritizing actions effectively for the years to come. 

You will want to set up concrete measures and program initiatives, and monitor their implementation in every single Business Units over time.

See below an example of key controls that could be deployed to manage specifically the Hub & Spoke Risk:

Key Controls for Hub-and-Spoke Risks

• Governance: Pre-clearance process for projects involving competing clients (ensures Legal reviews any activity with potential indirect information exchange)
• Data Management: Firewalls and strict access rights for competitor data (prevents accidental sharing of sensitive information between BUs or teams)
• People & Training: Targeted antitrust training for employees handling multiple competitors (raises awareness and embeds safe practices in day-to-day operations)
• Communication & Reporting: Post-project reporting, central register of sensitive data handling (Monitors compliance, supports audit readiness, and creates accountability)

With Upryt’s Ethical: Program Management solution, these controls can be defined and assigned to all Business Units, in just a couple of clicks, with a clear deadline, accountability and audit trail,  tracked for completion, and monitored over time. 

Dashboards provide real-time visibility for the corporate compliance team and senior management, Business Unit by Business Unit. The central team knows at all times where they stand on the deployment of each item of their Competition Law Compliance Program, and can report on it easily, to the board or to authorities. 

By combining risk assessment and programmatic control deployment, Upryt’s customers can demonstrate proactive competition law compliance, reduce the risk of inadvertent collusion, and provide senior management with actionable insights.

In Conclusion: Benefits of Using Ethical by Upryt

Managing competition law risks in complex organizations doesn’t have to be overwhelming. With Ethical by Upryt, you will get:

• Time saving: Upryt's customers typically reduce time spent on admin and reporting by 70%
• Centralized Oversight: see all competition law risks across all Business Units in one place.
• Scalable Program Management: deploy controls consistently across complex organizations.
• Actionable Insights: clear view into high-risk areas, with clear responsibilities and due dates.
• Audit-Ready Evidence: all action items are tracked with full documentation.
• Flexibility: tailor and configure the platform to the specifics of your organisation and business needs.
• Quick Implementation: operational in days, not months.
• Easy to use and fully self service.

With Ethical by Upryt, companies can identify, assess, and mitigate risks in a structured way, while deploying robust controls across all their Business Units around the world. By taking a risk-based, programmatic approach, firms reduce regulatory exposure, strengthen compliance culture, and demonstrate accountability to regulators, auditors, and clients.

And this is only one use case, you can use Ethical by Upryt to manage risk assessments and your program deployment at scale for all your other E&C Topics: anti-corruption, human rights, data privacy, etc. Check out what we do: