How will the CMA identify businesses in breach of the law regarding reviews?

The Competition and Markets Authority (CMA) has begun action, initially against five businesses (including the review site Feefo) for alleged breaches of its regulations relating to reviews. A question that crops up not infrequently is 'How would a business be caught?' or words to that effect.

Here is the answer.

First, let's look at the CMA. Here are the relevant staffing levels (out of a total of just over 1,000):

Key Departments: The staff are distributed across units such as Competition Enforcement (131), Consumer Protection and Markets (118), and the Digital Markets Unit (70).

Specialists: The CMA employs about 120 economists, econometricians, and statisticians, alongside a 40-person data and technology team

These staff are all concerned, to one extent or another, in ensuring that businesses do not manipulate online reviews to the detriment of consumers.

What tools did they have at their disposal before 2024? They mainly relied on in-house manual investigations, sometimes, but by no means always, prompted by whistleblowers.

Who were those whistleblowers? The answer will surprise no one: they primarily consisted of ex-members of staff from non-compliant businesses or competitors of the same.

After 2024? There has been a seismic shift, driven by two factors:

• The introduction of the Digital Markets, Competition and Consumers Act 2024, which has given the CMA greatly increased powers to investigate and sanction businesses guilty of misusing online reviews

• The development of sophisticated specialist AI tools, designed specifically to identify those businesses in breach of CMA regulations

The above include:

• The power to enter a business or domestic premises with or without a warrant (section 75 (2)). This includes the power to access computer equipment, including passwords, and to interview staff.
• The power to impose fines of up to 10% of the business's global turnover where breaches are proven

Here is a uselful Gemini AI summary:

You can see and follow the links by conducting the same search: 'Digital Markets, Competition and Consumers Act 2024 powers to fine businesses'

In this context, it is significant to note that the UK CMA is not the only regulatory body interested in sanctioning businesses or review sites that it considers are not acting wholly or primarily in the interests of consumers. The Italian government, in the person of their version of the CMA, the AGCM, recently fined the review site Trustpilot EUR 4 million for breaches of its similar code.

So let us put this plainly: if the CMA identifies prima facie breaches of its regulations relating to reviews, it will visit business or residential premises without prior announcement and require access to all means of communication and data storage, including emails, texts/SMS and computer hard drives, as well as any keys or passwords. 

This will include:

• Seeking evidence that customers were selectively invited to write reviews, to whatever destination

• Seeking evidence that customers were pre-qualified - using an email or a questionnaire, for instance - before being invited to write a review

• Seeking evidence that members of staff or their friends/and or relations were invited to write a review

Secondary indicators will be:

• Unusual review patterns, such as many reviews one month and none the next
• Similar wording in multiple reviews
• Unusual geographical spread (Google show the home location of the reviewer, so a review of a dentist on a different continent might ring alarm bells)
• Repeated use of employee names in reviews
• Repeated reviews of incidental contacts (phone calls not relating to the core product or service, for instance); not of itself a breach, but indicative of a non-compliant management mindset

Upon finding evidence of breaches (cherry-picking and/or gating in the main - both of which leave a very visible and obvious paper trail) the CMA now has statutory powers to directly levy significant fines and director censure, now, unlike up until 2025, without recourse to the courts. 

Action any business currently in breach must take

Cease any illegal activity immediately. Put in place a strategy for 'cleaning house'. This will involve:

1. Having a CMA complaint mechanism that allows all of your customers to write a review at a time of their own choosing. This is best incorporated into your website
2. Ensuring that whatever mechanism you choose incorporates effective moderation, to ensure that as few inaccurate or misleading reviews as possible are published, anywhere, on your website, on a review site or on Google
3. Then, and only then, begin to invite customers to write reviews

That mechanism? May we humbly suggest one that has been tried and tested for over a decade now? Welcome to HelpHound.

And finally...

We cannot, for obvious reasons, make any promises on behalf of the CMA, but common sense dictates that it is far more likely to pursue 'current' rather than historic breaches. Businesses that take action to comply now are, in our opinion, far less likely to find themselves subject to regulatory action.