In August 2025, the NCAA released its long-awaited Report on infractions committed by and for the University of Michigan football program. For compliance professionals, this case should be viewed not merely as a college sports story but as a case study in organizational misconduct, leadership failure, and cultural breakdown. Just as an FCPA enforcement action lays bare how companies slip into non-compliance, this NCAA decision reveals how one of the country’s premier football programs allowed systemic misconduct to flourish.

In Part 1, we examined the background facts, the elaborate scouting scheme, recruiting inducements, and failures to cooperate. In Part 2, we discussed the deeper issue of culture, where the football program viewed compliance as an adversary. In Part 3, we analyzed the violations and penalties, focusing on the sanctions imposed on Michigan and its staff. Finally, in Part 4, we considered what happens when an enforcement agency is stripped of its ability to enforce by asking whether the NCAA itself has become a toothless enforcement agency after declining to vacate wins or strip Michigan of its 2023 national championship.

Together, these four posts tell a story that is both uniquely collegiate and universally corporate: a tale of rules violated, compliance sidelined, culture corrupted, penalties imposed, and a regulator under fire. For corporate compliance professionals, the lessons are clear.

The Background: What Happened at Michigan

At the heart of the Michigan case was Connor Stalions, a staffer who orchestrated an elaborate sign-stealing operation. Using a network of interns, acquaintances, and even student-athletes, Stalions purchased tickets, filmed opponents’ sidelines, and created a “Master Chart” of signals. Over the course of three seasons, there were 56 instances of impermissible in-person scouting across 52 games.

The violations went beyond scouting. Coaches and staff provided improper inducements, including meals, gear, and even attempts at social media “blue check” verification. Nearly 100 impermissible text messages were sent to a recruit before the allowable date.

Head coach Jim Harbaugh was charged with head coach responsibility violations, having failed to promote compliance or monitor his staff. To make matters worse, multiple individuals failed to cooperate once the investigation began; devices were destroyed, evidence was deleted, and investigators were misled.

This was Michigan’s second infractions case in as many years, making it a repeat violator.

The Cultural Breakdown

But the facts alone do not explain how this misconduct flourished. The real story was cultural.

Michigan football had a contentious relationship with compliance. Coaches dismissed the compliance staff as “roadblocks” and even “true scum of the earth.” The Chief Compliance Officer, a respected industry leader, testified that she was seen as “a thorn in [Harbaugh’s] side.”

This hostility created an environment of willful blindness. Staff admitted they “went out of their way not to know” what Stalions was doing, so long as results were delivered. Red flags raised by interns or opponents were ignored or brushed aside.

Compliance education was lacking, especially for interns, many of whom played key roles in the scheme but received no targeted training. The compliance office could not even get into the room unless it forced its way in.

Ultimately, the NCAA concluded that “Michigan failed to create a culture of compliance in the football program.” For compliance professionals, this is a cautionary tale: no matter how effective your compliance office is, culture will ultimately prevail if leadership undermines it.

The Penalties: What Was Possible, What Was Imposed

The violations — Level I for the most serious. They were for scouting, head coach responsibility, and failures to cooperate, and Level II for recruiting and monitoring, which carried potentially devastating penalties. As a repeat violator, Michigan could have faced multi-year postseason bans, scholarship reductions, and the vacating of wins.

Instead, the NCAA opted for a different approach:

• For Michigan: Four more years of probation, multi-million-dollar fines, loss of postseason revenue, recruiting restrictions, and public posting of the infractions’ decision.
• For Individuals: Career-altering show-cause orders and doling out 10 years for Harbaugh, 8 years for Stalions, 3 years for Robinson, and 2 years for Moore. Negotiated resolutions added show-cause penalties for Clinkscale and Minter.

But the NCAA declined to impose a postseason ban or vacate Michigan’s 2023 national championship. Instead, it substituted financial penalties, citing fairness to current athletes who were not involved in the violations.

The NCAA’s Credibility Crisis

This decision has sparked a broader debate: Is the NCAA now a toothless enforcement agency? By choosing not to vacate wins, not to impose a postseason ban, and not to strip the national championship, the NCAA sent a message: even the most serious Level I–Aggravated violations can be survived without meaningful on-field consequences.

The NCAA justified its choice by citing the need for fairness to current athletes. But the effect was to undercut deterrence. If Michigan can commit widespread violations, win a championship during the scheme, and keep both the wins and the trophy, what message does that send? For compliance professionals, this is equivalent to a regulator declining to debar a repeat corporate offender or refusing to impose a monitor after repeated bribery scandals have occurred. Enforcement without teeth creates cynicism, undermines culture, and emboldens violators.

Five Lessons for Corporate Compliance Professionals

From the four perspectives we have explored — facts, culture, penalties, and the regulator’s credibility — come five key lessons for corporate compliance officers.

1. Culture Will Always Trump Policy

Michigan had a compliance office, policies, and training. Yet the football program treated compliance as the enemy. Harbaugh’s tone at the top set a culture where results mattered more than rules. Compliance professionals must remember that culture is the real driver of behavior. Policies without culture are paper tigers.

2. Repeat Offenders Face Escalating Consequences

Michigan’s repeat violator status magnified its penalties. In the corporate world, companies with prior FCPA or sanctions violations are judged far more harshly when caught again. Building credibility requires not just resolving past cases but sustaining reform over time.

3. Individual Accountability is Here to Stay

The NCAA’s most severe sanctions fell on individuals, Harbaugh and Stalions in particular. This mirrors the DOJ’s emphasis on individual liability. Compliance officers must ensure executives understand that they will personally bear responsibility for compliance failures.

4. Cooperation is Non-Negotiable

The obstruction made this case far worse. Destroying evidence and refusing to cooperate turned a bad situation into a career-ending one for multiple individuals. In corporate enforcement, cooperation credit can significantly reduce penalties; obstruction can magnify them.

5. Regulators Must Enforce Meaningfully — or Risk Irrelevance

The most sobering lesson is about the NCAA itself. By declining to vacate wins or strip championships, the NCAA undermined its own credibility. For compliance officers, this underscores the importance of strong, consistent enforcement. If your regulator is weak, it makes your job harder because the business will treat compliance as optional.

The Broader Meaning

The Michigan case is about more than football. It is about how organizations treat compliance, how regulators enforce rules, and how culture drives outcomes. For compliance professionals, it offers a sobering parable. When leadership undermines compliance, culture tolerates misconduct, violations are repeated, and regulators fail to enforce penalties meaningfully, the result is inevitable: misconduct flourishes, penalties escalate, and credibility erodes.

The job of the compliance professional is to resist that cycle: to build cultures that embrace compliance, to insist on accountability, to promote cooperation, and to hold leadership accountable for setting the tone at the top. And when regulators fail to act, compliance officers must redouble their efforts internally because rules without enforcement may be just suggestions, but culture without compliance is a guaranteed recipe for disaster.

In August 2025, the NCAA released its long-awaited Report on infractions committed by and for the University of Michigan football program. For compliance professionals, this case should be viewed not merely as a college sports story but as a case study in organizational misconduct, leadership failure, and cultural breakdown. Just as an FCPA enforcement action lays bare how companies slip into non-compliance, this NCAA decision reveals how one of the country’s premier football programs allowed systemic misconduct to flourish.

In Part 1 of this series, we examined the factual record of the University of Michigan football infractions case, including the impermissible scouting scheme, recruiting inducements, and failures to cooperate. In Part 2, we examined the culture that enabled these violations —a football program that viewed compliance as an enemy and leadership that turned a blind eye. Today in Part 3, we turn to the enforcement phase. What violations did the NCAA find? What penalties did the rules call for? And most importantly, what lessons can compliance professionals take from the outcome?

The Violations

The NCAA catalogued a long list of violations. They fell into five main categories, each with parallels to corporate enforcement.

1. Impermissible Off-Campus Scouting (Level I)

• • Connor Stalions directed a network of interns, staff, and acquaintances to attend opponents’ games, film sidelines, and provide footage to Michigan coaches.
  • In all, there were 56 instances across 52 contests over three seasons.
  • This was deemed a Level I violation, the most serious category, as it undermined integrity and provided an unfair advantage.

2. Recruiting Inducements and Communications (Level II)

• • • Staff provided meals, gear, and even attempted to secure Instagram “blue check” verification for recruits.
    • Nearly 100 impermissible text messages were exchanged with a prospect before the allowable contact date.
    • These were classified as Level II violations, significant breaches, but less than systemic corruption.

3. Head Coach Responsibility (Level I)

• • Jim Harbaugh was charged with failure to promote an atmosphere of compliance and monitor his staff.
  • After January 2023, under new rules, head coaches are automatically responsible for staff violations.

4. Failure to Cooperate (Level I and II)

• • Stalions destroyed his phone and hard drives, instructed others to delete evidence, and misled investigators.
  • Harbaugh refused to provide records or sit for interviews after leaving the University of Michigan.
  • Denard Robinson provided false information.
  • Sherrone Moore deleted text messages but ultimately cooperated; his failure was deemed Level II.

5. Failure to Monitor (Level II)

• • Michigan, as an institution, failed to monitor its football program, was unable to educate interns, and allowed a culture hostile to compliance to persist.

Possible Penalties

NCAA bylaws, much like DOJ sentencing guidelines, provide ranges of penalties depending on the level of violation and the presence of aggravating or mitigating factors.

For Level I–Aggravated cases (the category Michigan, Harbaugh, Stalions, and Robinson were placed in), possible penalties include:

• Multi-year postseason bans.
• Scholarship reductions or equivalent financial penalties.
• Multi-year probation.
• Show-cause orders for individuals (restricting employment opportunities).
• Suspensions.
• Financial fines, including forfeiture of postseason revenue.

For Level II cases, penalties typically include:

• Probation.
• Recruiting restrictions.
• Shorter show-cause orders.
• Limited suspensions.

Given Michigan’s status as a repeat violator, from its 2024 infractions case, the panel could have imposed harsher penalties, including a multi-year postseason ban.

The Actual Penalties

The Committee on Infractions ultimately issued a wide-ranging set of penalties but also made notable adjustments.

For the Institution

• Probation: Four years, consecutive to the 2024 probation. Michigan is now under probation through 2031.
• Financial Penalties:
  • $50,000 plus 10% of the football budget.
  • Forfeiture of postseason revenue sharing for the 2025–26 and 2026–27 seasons.
  • An additional fine equal to 10% of football scholarships (converted to a financial penalty rather than scholarship reductions).
• Recruiting Restrictions:
  • 25% reduction in official visits.
  • 14 weeks of no recruiting communications during probation (three self-imposed, 11 added by the panel).
• Public Censure: Posting of infractions decision on the athletic department’s website and disclosure to all recruits.

Notably, no postseason ban and no scholarship reductions were imposed—instead, financial penalties substituted for those traditional sanctions. The panel explained that banning postseason play would unfairly punish current athletes who were not involved in the misconduct.

For Individuals

• Connor Stalions: 8-year show-cause order, 100% suspension of first season if employed.
• Jim Harbaugh: 10-year show-cause order, 100% suspension if employed. This runs consecutively to his 4-year show-cause from the 2024 case, extending sanctions through 2038.
• Denard Robinson: 3-year show-cause order, 100% suspension if employed.
• Sherrone Moore: 2-year show-cause order, additional one-game suspension on top of Michigan’s self-imposed two-game suspension.
• Jesse Minter (via negotiated resolution): One-year show-cause order.
• Steve Clinkscale (via negotiated resolution): Two-year show-cause order plus 50% suspension of first season if employed.

Analyzing the Penalties

How should compliance professionals view the gap between possible and actual penalties?

1. Postseason Ban Avoided

• • The NCAA rules require a postseason ban in Level I — Aggravated cases, absent exemplary cooperation. Michigan, as a repeat violator, did not meet that standard.
  • Yet the panel deviated, imposing financial penalties instead. The rationale: punishing current student-athletes for past staff misconduct would be inequitable.
  • In corporate terms, this is akin to regulators substituting financial penalties for draconian sanctions that would harm innocent employees or shareholders. For example, instead of barring a company from government contracting (a “corporate death penalty”), DOJ sometimes imposes fines or monitorships.

2. Scholarship Reductions Replaced with Fines

• • Traditionally, scholarship cuts penalize future competitiveness. However, with the NCAA shifting to roster limits, the panel converted this to a financial penalty equivalent to 10% of the scholarships.
  • This reflects a broader compliance trend: sanctions are evolving to fit new realities. Just as regulators now focus on clawbacks, certifications, or ESG commitments, the NCAA tailored penalties to the modern college sports landscape.

3. Severe Individual Penalties

• • The most striking sanctions were against individuals: 8 years for Stalions, 10 years for Harbaugh.
  • These are career-altering penalties. They mirror corporate enforcement where executives are increasingly held personally liable, facing debarment, fines, or even prison.
  • Regulators have made clear: individuals cannot hide behind institutions. The NCAA sent the same message here.

4. Repeat Violator Consequences

• • Michigan’s repeat violator status magnified penalties. The institution argued that violations occurred before the prior case closed. The panel rejected this, emphasizing that timing games cannot avoid repeat status.
  • Corporate regulators apply the same principle. A company that resolves one FCPA case and then stumbles again will face far harsher sanctions, regardless of technical timing arguments.

5. Failure to Cooperate as a Penalty for Drivers

• • The panel noted that Stalions’ obstruction was “one of the more significant and serious failures the COI has seen.” Harbaugh’s refusal to cooperate also elevated his penalties.
  • For corporations, this is a reminder: obstruction is worse than the underlying violation. The DOJ has repeatedly stated that cooperation credit can substantially reduce penalties. Michigan shows the reverse, that obstruction inflates them.

Compliance Lessons

What does all this mean for compliance officers outside of college athletics? Several clear lessons emerge.

1. Culture Drives Outcomes

The penalties Michigan received were not just about violations; they were about culture. The NCAA emphasized how the football program treated compliance with disdain. Regulators in the corporate world do the same; they look beyond technical violations to ask whether the company fostered a culture of compliance.

2. Repeat Offenders Lose Credibility

Michigan’s back-to-back cases destroyed any claim of mitigation. Similarly, corporations with repeat offenses face escalating sanctions. Building credibility with regulators requires not only remediating violations but sustaining reform over time.

3. Individual Accountability is Here to Stay

The lengthy show-cause orders against Harbaugh and Stalions reveal a trend of targeting individuals. In corporate enforcement, the DOJ’s Yates Memo and subsequent policies have prioritized individual accountability. Compliance officers must ensure that executives understand they are personally accountable for their actions.

4. Cooperation Matters More Than Ever

The panel’s harshest language was reserved for those who failed to cooperate. In the private business world, DOJ guidance is clear: full cooperation, timely disclosure, and preservation of evidence are prerequisites for leniency. Michigan’s case proves the inverse: obstruct, and you will pay dearly.

5. Penalties Are Evolving

Just as the NCAA substituted fines for postseason bans, regulators are adapting penalties to modern realities. Companies must be prepared not only for fines but also for innovative sanctions, such as monitorships, clawbacks, mandated compliance certifications, or public disclosure requirements.

A Cautionary Tale

The University of Michigan football case is more than a sports scandal. It is a compliance parable. A program that treated compliance as an enemy, ignored red flags, and repeatedly committed violations ultimately faced some of the harshest individual penalties ever handed down in NCAA history.

For compliance professionals, the lessons are timeless. Culture matters more than policy. Repeat violations destroy credibility. Individuals are accountable. Cooperation is non-negotiable. And penalties evolve with the times.

As the DOJ, SEC, and other regulators continue to refine enforcement expectations, companies would do well to heed Michigan’s example. When compliance is marginalized, when leadership fails to set the tone, and when violations become patterns, the penalties—financial, reputational, and personal—will follow.