Last updated on 5 December 2017
It is the express policy of the PCI Security Standards Council (“PCI SSC”) to require that all of its meetings, activities, and other forms of participation (“PCI SSC Activities”) be conducted strictly in accordance with U.S. federal and state antitrust laws, and with all foreign antitrust and anticompetition laws (collectively, “Antitrust Laws”). Because Antitrust Laws are complex and differ across jurisdictions, it is not possible to summarize them in this policy, and it is important to consult appropriate legal advisors at your own company for detailed guidance.
The following rules shall apply in connection with all PCI SSC Activities:
1. Agendas must be created, and minutes must be taken, for all PCI SSC meetings. These agendas and minutes must then be submitted to PCI SSC, along with any meeting materials, for archiving to document the topics discussed and any agreements reached.
2. Certain topics should never be discussed at, or in connection with, any PCI SSC Activity, nor should any participant in PCI SSC Activities (each a “Participant”) ever form an agreement with any other Participant in connection with these topics under similar circumstances. In particular, DO NOT, at any time, discuss or agree upon:
If you become aware of any activity that may be in violation of any of the above rules, please bring them promptly to the attention of a PCI SSC representative.
For more information regarding Antitrust Laws, please see the PCI SSC Antitrust Compliance Guidelines.
These guidelines are provided by the PCI Security Standards Council, LLC (“PCI SSC”) and are intended for annual distribution to all brand, Strategic, Affiliate, Strategic Regional, Board of Advisors, and Participating Organization members and any other participants in PCI SSC meetings, activities and other forms of participation (“Participants”), including without limitation, participants in PCI SSC’s Executive Committee, other Committees, Board of Advisors, Working Groups, Special Interest Groups and Task Forces.
It is the policy of PCI SSC to require that all PCI meetings, activities and other forms of participation (“PCI SSC Activities”) be conducted in accordance with U.S. federal and state antitrust laws, and with applicable foreign antitrust and competition laws. While the existence of organizations such as PCI SSC is recognized by antitrust regulators as being beneficial to industry and consumers alike, there are activities which are not permissible for Participants to engage in, and which are not endorsed or authorized by PCI SSC. The objective of these guidelines is to enhance Participant awareness of inappropriate conduct and to lessen the likelihood of activities prohibited by laws relating to antitrust.
These Antitrust Compliance Guidelines (the “Guidelines”) are intended to help familiarize you with areas of U.S. law that you should know about in order to maintain compliance with U.S. antitrust laws. However, these Guidelines provide a general guide only; they are not intended to be a complete or definitive statement of all aspects of U.S. antitrust law, nor does it advise you with respect to the antitrust laws of other countries, which on a country by country basis can vary significantly. Although PCI SSC’s Activities are subject to the antitrust laws of all countries where PCI SSC may be active, a worldwide review of international antitrust laws is beyond the scope of these Guidelines. For this reason, these Guidelines should be viewed as being not only selective with respect to U.S. law, but also as an unreliable and inadequate guide to antitrust issues in any other country. In addition, each Participant must make its own decisions how and where it adopts and supports PCI SSC standards around the world. These decisions may lead to different risks, and therefore to different precautions and practices being appropriate to consider from Participant to Participant.
For these reasons, each Participant should seek advice from its own antitrust counsel and consult with that counsel as necessary or appropriate in connection with participation in PCI SSC Activities. Any specific question relating to antitrust compliance not addressed in these Guidelines should be referred to legal counsel for PCI SSC or to the Participant’s antitrust counsel. A Participant’s failure to consult with antitrust counsel may be injurious to the Participant and/or to PCI SSC. For additional information on the applicability of antitrust laws to consortium activities, please see the Laws, Cases and Regulations section of ConsortiumInfo.org, a consortium information website created by our legal counsel, Gesmer Updegrove LLP, which prepared these Guidelines.
I. The Antitrust Laws
Broadly stated, the basic objective of the U.S. antitrust laws is to preserve and promote competition and the free enterprise system. These U.S. laws are premised on the assumption that private enterprise and free competition are the most efficient ways to allocate resources, to produce goods at the lowest possible price and to assure the production of high quality products. These U.S. laws generally require that business people make independent business decisions without consultation or agreement with competitors. The success of PCI SSC requires that free and open competition be adhered to as the policy of PCI SSC and that this policy be followed by all Participants.
PCI SSC’s insistence upon full compliance with the antitrust laws is based not solely on the desire to stay within the bounds of the law, but also on PCI SSC’s conviction that the preservation of a free, competitive marketplace is essential to the welfare of the industry and PCI SSC.
(a) Antitrust Laws Applicable to Activities of Associations
The U.S. antitrust statutes of principal concern to companies and individuals that take part in trade association activities are Section 1 of the Sherman Act and Section 5 of the Federal Trade Commission (“FTC”) Act. These laws make illegal all contracts, combinations, and conspiracies which are deemed to be in restraint of trade.
Broadly speaking, the courts have interpreted these laws as prohibiting those agreements, contracts and combinations that have the effect of unreasonably restraining trade. With some exceptions, a court considering an antitrust claim will examine all the facts and circumstances surrounding the conduct in question in order to ascertain whether the contract or combination is in violation of the law by restraining trade unreasonably.
Some activities are, however, regarded as unreasonable by their very nature and are, therefore, considered illegal “per se,” meaning that they are illegal regardless of any rationale or mitigating factors asserted by the actors. Companies and individuals are conclusively presumed to engage in these activities for no other purpose than to restrain trade. Practices within the per se category include agreements among competitors to fix prices, agreements to boycott competitors, suppliers or customers, agreements among competitors to allocate markets or limit production, and certain tie-in sales. A tie-in sale is one in which the customer is required to purchase an additional item in order to purchase the product or service desired.
The legality of activities of PCI SSC and its Participants under the antitrust laws will be determined by the application of standards no different from those used to determine the legality of the activities of other groups of persons or firms. The fact that an association such as PCI SSC is, almost by definition, a combination of competitors, raises the risk that some Participants could engage in prohibited conduct, despite the numerous pro-competitive benefits of this organization. By implementing and complying with these Antitrust Guidelines and the PCI Antitrust policy, PCI SSC seeks to eliminate or reduce that risk for all Participants and Participant activities.
(b) Penalties for Violations
The U.S. antitrust laws are enforced at the Federal level by the Antitrust Division of the Department of Justice and the Bureau of Competition of the Federal Trade Commission.
A criminal conviction for an antitrust law violation may result in stiff fines for PCI SSC and its Participants, jail sentences for individuals (including an individual acting in his or her capacity as a corporate employee or officer) who participated in the violation, and a court order disbanding PCI SSC or severely limiting its activities. In the past, several foreign nationals have been sentenced to serve jail time in the U.S., and corporations convicted of such a criminal offense have been fined hundreds of millions of dollars.
In addition, private persons or firms may sue for damages under the Federal laws and a company found liable may be required to pay up to three times the actual damages suffered by the plaintiff, as well as all of the plaintiff’s costs of litigation and attorneys’ fees.
Finally, State court actions may be brought by U.S. State attorneys-general or injured parties.
II. Detailed Discussion
From a practical standpoint, Participants should take care to avoid the following principal antitrust problem areas:
(a) Standard Setting Generally
While standard setting is recognized as being potentially “pro-competitive” in the U.S., great care must nevertheless be taken in the setting of standards. When participants of a standards setting body submit or vote on technology or specifications, there is the potential for one company, or a group of companies, to act in ways deemed to be unfair to other companies. Similar considerations arise with respect to the establishment of implementation guidelines.
By way of example, the Federal Trade Commission sanctioned Dell Computer Company in 1996 because, after repeatedly certifying (as required by the rules of the standard setting body) that it owned no intellectual property rights that would be infringed by an implementation of a specification being considered for adoption and then voting in favor of adoption of that specification by the standard setting body, Dell announced that products built to the adopted specification would necessarily infringe upon a Dell patent, and attempted to extract license fees.
More recently, the U.S. District Court for the Eastern District of Virginia found that Rambus, Inc. had committed fraud while it was a participant of the Joint Electron Devices Engineering Council (“JEDEC”). Rambus had been accused of failing to disclose certain patent applications regarding SDRAM, in contravention of JEDEC policy. Subsequently, Rambus attempted (and succeeded in some cases) to extract license fees from manufacturers who had implemented the SDRAM standard, based on the undisclosed patents.
The FTC also brought an enforcement action against Rambus, and at one point entered an order sanctioning Rambus and limiting the royalties that it could charge on patent claims in question. Both of these decisions were ultimately overruled, but only after years of lengthy and expensive litigation. Meanwhile, the European Commission also brought an action against Rambus based upon the same course of conduct. Rambus settled that action, agreeing to limit the royalties it could charge on the patent claims at issue, but without admitting guilt.
In the last several years, additional law suits have been brought by private parties, and enforcement actions and investigations have been brought by regulators in the United States and in Europe, that have been based upon standards-development behavior. Several of these cases, actions and investigations have focused on the behavior of individual companies, and on whether standards development participants have honored the licensing obligations that they, or prior owners of patents, have made to standards development organizations.
In light of the foregoing, it is important that standard setting, publication of implementation guidelines, and other collaborative activities be conducted under close legal supervision, and that policies and procedures created to administer such processes be scrutinized to ensure that they do not lend themselves to situations which could result in antitrust exposure. This is the policy of PCI SSC.
(b) Specific Standard Setting Activities
There are a variety of activities that are commonly conducted within standards development organizations that have acknowledged pro-competitive benefits, but which must be conducted in an appropriate fashion to avoid inadvertent violations of law. They include:
The Executive Committee will consult with legal counsel to ensure that the proper guidelines are followed with respect to each of these areas.
(c) Price-Fixing
Experience shows that trade association participants may be susceptible to violations of price-fixing prohibitions of the Sherman Act, and for this reason, the government is focused on the activities of these types of entities. Price fixing, as noted above, is illegal per se.
Trade association meetings (including committee meetings) may be considered by enforcement agencies as convenient places for price-fixing discussions. Whenever competitors get together, it is natural for them to discuss common problems, and, unless care is taken, the discussion could turn to price. This is even truer at informal meetings before or after a trade association meeting, when participants get together socially.
To avoid the risk of liability, Participants should never discuss prices, pricing systems, discounts, commission rates, employee salary information, or the like, nor should PCI SSC ever be involved in Participants’ pricing practices.
Although a prohibition on even the discussion of pricing may appear severe (the antitrust laws prohibit only agreements on prices, not merely the discussion of them), a strict approach is a prudent policy, since it is in the best interest of the Participants to avoid even the appearance of impropriety. A formal agreement is not necessary for a finding of antitrust liability. Antitrust cases often are proven by circumstantial rather than direct evidence. Although there may be perfectly innocent explanations for business conduct, antitrust enforcement agencies, judges or juries may interpret contacts with competitors followed by similarity in conduct as circumstantial evidence of an “agreement.” It is, therefore, of the utmost importance to avoid any discussions or other conduct with competitors that might support an inference of illegal agreement. That means a Participant’s relations with competitors should always be conducted as if the parties are at all times in the public view.
Participants should also be aware that the antitrust prohibition on price-fixing is extremely broad. The Sherman Act itself defines price-fixing as any “combination” formed for the purpose and with the effect of raising, depressing, fixing, pegging or stabilizing “prices.”
Competitors violate this law if, for example, they:
Because price-fixing is illegal per se, it is not a defense that the prices set are reasonable. Nor is it necessarily a defense that competitors fixed maximum prices, rather than minimum prices.
Although the discussion thus far has focused on so-called “horizontal” price fixing -- that is, agreements among competitors selling the same or similar products -- it also may be illegal to engage in “vertical” price fixing: an agreement to fix the price at which a purchaser will resell a product. Where a product is sold for resale, the seller is permitted to suggest resale prices to customers, but any agreement, whether formal or informal, express or implied, should always be reviewed in advance by legal counsel.
For all of the reasons above, Participants should assume that no mentions of prices, or price related business terms, should occur in the course of PCI SSC Activities unless the topic, scope and purpose of the discussion has been cleared in advance with PCI SSC legal counsel, and appropriate controls have been put in place if the discussion is permitted to occur at all.
(d) Agreements To Allocate Markets
An agreement among participants of a trade association to allocate markets or customers may be, in and of itself, an antitrust violation. The antitrust laws expressly prohibit any understanding or agreement between competitors or participants of an association involving division or allocation of geographic markets or customers, or an agreement to divide sales by product type. Even an informal agreement whereby one participant agrees to stay out of another’s territory could constitute a violation of the antitrust laws.
(e) Exclusive Selling and Dealing
An exclusive selling agreement involves the appointment of a sole distributor for the supplier’s product for a defined territory over a defined period of time, usually with the understanding that the supplier will not make separate deliveries or sales of his own into the distributor’s territory. The appointment of an exclusive distributor is generally considered to be legal, but counsel should be consulted if considering such an approach.
Exclusive dealing is an agreement where the purchaser agrees to buy exclusively from one supplier for a certain period of time.
A seller’s exclusive dealing contract may be unlawful where it covers a substantial dollar volume or forecloses a substantial market share to competitors. However, where there is a significant amount of competition from other companies that is not impacted by the exclusivity, it is less likely that an exclusive dealing agreement will be deemed illegal. Again, prior legal review of such arrangements is required.
(f) Tying Arrangements
Tying is the practice whereby a seller refuses to sell the desired product or service (the tying item) to a customer unless the customer also agrees to buy a second product or service from the seller.
Tying arrangements may be illegal if the supplier occupies a dominant position in the market for the tying item or if the uniqueness of the tying item bars other sellers from producing an equivalent product.
(g) Concerted Refusals to Deal
Participants should avoid participating in “concerted” refusals to “deal,” more commonly known as boycotts. Participants should be careful not to make agreements that in effect result in the exclusion of a competitor from a market or a competitive activity. For example, an agreement among two or more Participants of PCI SSC to no longer buy from (or sell to) a particular supplier or distributor, or to work with a particular third party service provider, might constitute such a boycott. To avoid this risk, Participants should avoid any discussion of or joint conduct that involves the refusal to deal with a particular supplier or customer.
PCI SSC itself, as a group of competitors and by virtue of the nature of its work, is at risk of falling into activities that might be challenged as a boycott. For this reason, counsel must have the opportunity to review any proposed changes to participation rules and any proposed rules that might disadvantage those who are not PCI SSC Participants.
(h) Price Discrimination
Price discrimination occurs when identical products are sold at different prices to different purchasers. It may be unlawful to discriminate in price between different purchasers of goods of like grade and quality where such goods are sold for use, consumption or resale within the U.S. if the discrimination substantially lessens competition. However, price differences based on certain factors, such as a variance in costs, quantity discounts, prompt payment, or shipment fees generally are acceptable and do not violate the antitrust laws.
If you have questions regarding any of these matters, contact your company antitrust counsel, or if you are a PCI SSC member, please contact Andrew Updegrove, of the firm of Gesmer Updegrove LLP, which provides legal counsel to PCI SSC, at andrew.updegrove@gesmer.com.
Our website uses both essential and non-essential cookies (further described in our Privacy Policy) to analyze use of our products and services. By clicking “ACCEPT” below, you are agreeing to our use of non-essential cookies to provide third parties with information about your usage and activities. If you click “DECLINE” below, we will continue to use essential cookies for the operation of the website.