Legal development

DMCC Act: Updated guidance on administrative penalties

By Christopher Eberhardt and Fiona Garside

14 January 2025

Share Share
Print
DMCC Act: CMA consults on revised guidance on administrative penalties
Share
Print

    Following a consultation on its proposed approach to administrative penalties, the CMA published its statement of policy (CMA4) on 19 December 2024. CMA4 sets out that the CMA will apply an "in the round" approach to the assessment of the appropriate administrative penalty, including pursuant to new powers to fine companies for breaches of undertakings and orders in mergers and markets cases.

    The statement does not cover penalties imposed for substantive infringements under the Competition Act 1998 (CA98), or for most breaches of digital markets competition requirements, or under the new consumer protection law direct enforcement regime, all of which are subject to separate guidance.

    What you need to know

    • The updated guidance applies to penalties imposed in relation to breaches of investigatory requirements and breaches of commitments, undertakings or orders agreed with or imposed by the CMA.
    • The statement sets out that the CMA assesses the appropriate amount of any administrative penalty (including in respect of breaches of undertakings and orders) "in the round".

    The CMA's new investigatory powers

    As set out in our January 2025 update, the DMCC Act has amended the CMA's investigatory powers under the CA98 (Chapters 1 and 2) and the CMA's process and investigatory powers when conducting market studies and investigations. The changes were designed in particular to offer the CMA greater flexibility when conducting investigations. The DMCC Act has also given the CMA enhanced powers to fine companies which fail to comply with CMA investigations. There are two categories of requirements set out in the draft CMA4: investigative requirements and remedies requirements. 

    Investigative requirements: the DMCC Act gives the CMA enhanced powers to issue civil penalties for a failure to comply with investigative steps taken by the CMA, with maximum penalties of: 1% of the undertaking's turnover for fixed penalties; and/or 5% of the undertaking's daily turnover for daily amounts.

    Remedies requirements: the DMCC Act gives the CMA additional powers to:

    • fine companies for breaching commitments made following an investigation, interim measures orders or directions made by the CMA to bring an infringement to an end. Under the Act, the CMA will be able to impose a fixed penalty of up to 5% of global turnover and/or a daily amount up to 5% of global daily turnover; and
    • impose penalties for breaches of orders and undertakings in markets or mergers cases. This means that if a company fails to comply with CMA orders or undertakings, the CMA can impose fixed penalties of up to 1% of the business’s annual worldwide turnover and/or daily penalties of up to 5% of daily worldwide turnover.

    The CMA's statement of policy

    The DMCC Act required the CMA to publish a statement of policy on its approach to applying such penalties. On 11 July 2024, it published a consultation on an updated version of its statement of policy on the CMA's approach to administrative penalties and the final statement was published on 19 December 2024.

    Under the previous version of CMA4, the CMA had the power to impose fines for (i) breaches of investigatory requirements under CA98 and the Enterprise Act 2002 (with fixed penalties of up to £30,000 and daily penalties of up to £15,000); and (ii) breaches of interim measures in merger cases (a fixed penalty of up to 5% of global turnover).  

    The revised CMA4 applies more widely, covering the broader enforcement powers introduced by the DMCC Act.

    CMA4 does not apply to:

    • the CMA's approach to the appropriate amount of a penalty for substantive infringements of the CA98 (which is set out in separate guidance);
    • penalties for breaches of digital markets competition requirements (save for breaches of IEOs and the merger-reporting requirements), which are covered by the separate Digital Markets Guidance; and
    • penalties (including administrative penalties) under the new consumer protection law direct enforcement regime, which will be covered by separate guidance.

    The CMA's approach to "administrative penalties"

    The CMA applies an "in the round" approach when determining the appropriate amount of administrative penalties (as set out in CMA4). By contrast, for substantive CA98 infringements, the CMA adopts a "stepped approach" which requires the CMA to consider a series of discrete steps in order to calculate the appropriate amount of the penalty. Similarly, under the Digital Markets Guidance, the CMA will use a stepped approach for substantive digital markets infringements. 

    Unlike the stepped approach, an in the round approach enables the CMA to assess "all the relevant circumstances" of the case, by determining the factors that it considers appropriate to the assessment and assessing those factors in the round (para 2.15 of CMA4). This in the round approach applies to all administrative penalties, including both investigative requirements and regulatory requirements.

    Relevant factors in the assessment

    CMA4 explains the types of factors that the CMA will consider in its assessment, including:

    • the seriousness of the breach: "the CMA is likely to set very large penalties for the most serious failures to comply" (paras 2.16 and 2.17 of CMA4);
    • the need for deterrence, taking into account the company's size, the administrative and financial resources available to it, and the need to ensure that a company does not profit from a breach.
    • any aggravating factors that increase the seriousness of the breach, including (i) the risk of the breach having a significant adverse impact on the CMA's investigation or its ability to carry out its functions; (ii) whether the breach had a significant, actual or potential, impact on competition, customers, consumers and/or the public interest; (iii) the duration of the breach; (iv) advantages derived from the breach; and (v) the company's actions, including whether the breach was committed intentionally, whether it was brought to the CMA's attention or concealed, whether the breach continued after being identified, whether the company had appropriate systems, control and processes in place; and
    • any mitigating factors that may reduce the seriousness of the breach, such as whether the company (i) promptly reported the breach and took appropriate and prompt action to end the breach; (ii) voluntarily provided appropriate compensation to those affected; and (iii) took appropriate steps to improve its systems and processes.

    Consistent with an in the round assessment, the guidance emphasises that the factors described are non-exhaustive and that not all factors will apply in all cases. In particular, it notes that factors such as the assessment of the impact on consumers are more likely to be relevant in the context of remedy requirements than for breaches of investigatory requirements. 

    Other authors: Isabella Hunt.

    The information provided is not intended to be a comprehensive review of all developments in the law and practice, or to cover all aspects of those referred to.
    Readers should take legal advice before applying it to specific issues or transactions.

    Key Contacts