Tag: compliance

Categories
Compliance Tip of the Day

Compliance Tip of the Day –Investigative Challenges

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

This week we have considered issues relating to your internal investigations. Today we conclude with a review of some investigative challenges you may face.

For more on this topic, check out The Compliance Handbook, a Guide to Operationalizing your Compliance Program, 6th edition which was recently released by LexisNexis. It is available here.

Categories
AI Today in 5

AI Today in 5: December 19, 2025, The Project Vend Edition

Welcome to AI Today in 5, the newest edition to the Compliance Podcast Network. Each day, I will bring to you 5 stories about AI stories to start your day. Sit back, enjoy a cup of morning coffee and listen in to the AI Today In 5. All, from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership or general interest about AI.

  1. Does the Trump EO on AI represent a framework or simply nothing? (America’s Credit Unions)
  2. Increasing need for AI awareness of regulatory requirements. (Wane15)
  3. Compliance AI needs humans. (FinTechWeekly)
  4. Smart AI hiring. (Law.com)
  5. What happens when AI runs the vending machine? (WSJ)

For more information on the use of AI in Compliance programs, my new book, Upping Your Game. You can purchase a copy of the book on Amazon.com

Categories
Blog

A Merry (Compliance) Christmas and Tribute to Jim McGrath

Ed. Note: Jim McGrath was a great friend and a trusted colleague who passed away in 2014. As a tribute to McGrath and for Christmas this year, I submit the post below for your enjoyment, which initially appeared on McGrath’s Internal Investigations Blog on December 24, 2012.

The allegations under investigation involve gifts given by individual businessmen to the family of an Israeli government official several years ago. These businessmen, Mr. Balthasar, Mr. Gaspar, and Mr. Melchior, supposedly provided a family in the royal line of King David with significant gifts, including gold, frankincense, and myrrh, in return for favorable consideration of an as-yet undetermined project in the Middle East.

The three men are believed to be third-party intermediaries for many Christian church organizations in the United States, and, if verified, any jurisdictional nexus would appear to be based on this fact.

Whether any family member who received the gifts was or is a “government official”—as the DOJ has expansively defined that term—is unverified but likely. While Transparency International’s Corruption Perceptions Index does not list them in its annual rankings, a large body of other sources appears to establish one or more of them as linked to the ruling family in Israel.

Regardless of the strength of the government’s case in these respects, there remains the hurdle posed by the age of the alleged violations.  They are reported to have occurred approximately 2,012 years ago.  The DOJ could be expected to assert that the clock did not begin to run until the government recently became aware of Balthazar’s, Gaspar’s, and Melchior’s conduct. However, there appears to be a strong argument that voluntary self-disclosure occurred some time ago, thereby commencing the statutory period’s running and its expiration.

I hope you and your family have a wonderful Holiday Season and Merry Christmas.

Categories
Compliance Tip of the Day

Compliance Tip of the Day – Your Investigative Team

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

This week we continue our consideration of issues relating to your internal investigations. Today we consider who should be on your investigative team.

For more on this topic, check out The Compliance Handbook, a Guide to Operationalizing your Compliance Program, 6th edition which was recently released by LexisNexis. It is available here.

Categories
Blog

Michigan Man, Part 4 – Lessons Learned: What This Crisis Teaches Compliance Professionals

Every major compliance failure eventually reaches the same destination: a moment when leadership says, “How did we not see this coming? ” The answer is almost always the same. The warning signs were visible. They were rationalized, minimized, or overridden in the name of performance, continuity, or institutional pride.

The Sherrone Moore crisis at the University of Michigan is not a college football anomaly. It is a case study in how compliance programs fail when they are structurally subordinated, culturally discounted, or selectively enforced. For compliance professionals, the value of this case lies not in outrage but in extraction: extracting lessons that can be operationalized before the next crisis unfolds.

Lesson 1: Compliance Authority Must Be Structural, Not Aspirational

Michigan’s experience demonstrates that access to leadership is meaningless without authority. The compliance function may have been consulted, investigations commissioned, and policies in place. None of that mattered when the athletic department retained de facto control over outcomes. For compliance professionals, the lesson is clear. Compliance must have defined escalation rights and veto authority over high-risk decisions, including promotions, discipline, and crisis response. If a business unit can override compliance based on performance or legacy, compliance is not independent. It is decorative.

The Department of Justice has repeatedly emphasized that effective compliance programs require empowered compliance functions. That empowerment must be written into governance documents, reinforced by boards, and tested in practice.

Lesson 2: Past Dishonesty Is a Permanent Risk Factor

One of the most glaring failures in this case was the organization’s willingness to treat Moore’s prior dishonesty during the sign-stealing investigation as a closed chapter. It was not. It was predictive. Compliance professionals must internalize a hard truth: once credibility is damaged, it does not reset. Individuals who have lied to investigators, deleted records, or misrepresented facts should never again be treated as presumptively reliable. Enhanced monitoring, corroboration, and scrutiny are not punitive. They are risk management.

Organizations that ignore this lesson inevitably relearn it at a higher cost.

Lesson 3: Promotions Are Compliance Decisions

The elevation of Moore to head coach was framed as a football decision. In reality, it was one of the most consequential compliance decisions the university made.

Any promotion into a role with significant authority, visibility, and discretion is a compliance event. Risk-based due diligence should include:

  • Review of prior investigations and disciplinary history
  • Assessment of truthfulness and cooperation during past inquiries
  • Evaluation of behavioral and reputational risk, not just technical violations

In corporate terms, Michigan promoted an executive with unresolved compliance issues and a clear lack of an ethical grounding into a CEO-equivalent role. That decision alone dramatically increased institutional risk. But the consequences will reverberate for a long time to come.

Lesson 4: Investigations Involving Power Imbalances Require Heightened Standards

The initial investigation into Moore’s relationship with a staffer failed predictably. When both parties denied the relationship and the evidence was limited, the inquiry stalled. That outcome reflects a misunderstanding of power dynamics. Compliance professionals know that power imbalance distorts disclosure. Subordinates may deny relationships out of fear, loyalty, or uncertainty. Senior leaders may deny wrongdoing out of self-preservation. Effective investigations account for this reality by expanding evidence collection, conducting pattern analysis, and implementing interim safeguards.

Neutrality is not passivity. When allegations involve senior leadership, the standard of diligence must rise, not fall.

Lesson 5: Star Performers Are the Highest-Risk Population

One of the most enduring myths in organizational life is that high performers deserve flexibility. In reality, they deserve even greater scrutiny. Star performers operate with autonomy, influence culture, and often shape informal norms. Moore’s trajectory illustrates how repeated exceptions create a sense of entitlement. Each time misconduct is reframed as survivable, the individual learns that boundaries are negotiable. Compliance professionals must relentlessly resist this dynamic.

Rules applied selectively are not rules. They are invitations.

Lesson 6: Pattern Risk Demands Pattern Response

Perhaps the most damning aspect of the Michigan case is that it unfolded amid repeated scandals within the athletic department. When misconduct clusters, the correct response is not incremental fixes. It is a structural intervention. Compliance professionals must recognize pattern risk early and escalate it aggressively. That escalation should include:

  • Enterprise-wide risk assessments
  • Cultural diagnostics
  • Leadership accountability reviews
  • Board-level engagement

Waiting for the next incident is not caution. It is abdication.

Lesson 7: Culture Is Set by What Leadership Tolerates

Michigan’s long-standing deference to athletic success and legacy culture created an environment where misconduct was rationalized rather than confronted. This is not unique to sports. It appears in sales-driven organizations, founder-led companies, and high-growth environments. Culture is not what leadership says. It is what leadership allows. From the Board of Regents to the UM President on down, compliance professionals must evaluate actions, not rhetoric, when assessing culture risk.

Lesson 8: Human Impact Is the Ultimate Compliance Metric

It is easy, especially for lawyers and compliance officers, to focus on policy breaches and enforcement exposure. The Moore crisis is a reminder that compliance failures produce human harm. Families are destabilized. Employees feel unsafe. Stakeholders lose trust. Effective compliance programs exist not only to prevent fines but also to prevent damage. When that purpose is forgotten, compliance becomes performative.

Final Thought: Compliance Is Tested at the Top

The Sherrone Moore crisis did not originate with a junior employee. It originated at the top of a powerful institution. That is where compliance programs are always tested. For compliance professionals, the final lesson is this: if your program cannot stop, slow, or surface misconduct by your most powerful leaders, it will eventually fail when it matters most.

The University of Michigan now faces years of rebuilding trust, governance, and credibility. Compliance professionals elsewhere should treat this case as a warning, not a curiosity. The cost of ignoring these lessons is never hypothetical. It is only deferred. This takeaway is stark but actionable. Compliance failures are rarely a surprise. They are choices made over time. The question for every compliance professional is whether those choices will be challenged early or explained later.

As always, prevention is less visible than a crisis. It is also far less costly.

Resources:

The Terrible Mess at Michigan Football, by Jason Gay, writing in the Wall Street Journal.

Ex-Michigan coach Sherrone Moore charged with home invasion, stalking, breaking—Austin Meek and Sam Jane writing in The Athletic.

Fire Everybody—Alex Kirshner, writing in Slate.

Source: Michigan begins a review of the athletic department, by Dan Wetzel and Pete Thamel, writing for ESPN.

Categories
Compliance Tip of the Day

Compliance Tip of the Day – Selection of Investigative Counsel

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

This week are considering issues relating to your internal investigations. Today we review your decision of selection of your investigative counsel.

For more on this topic, check out The Compliance Handbook, a Guide to Operationalizing your Compliance Program, 6th edition which was recently released by LexisNexis. It is available here.

Categories
Great Women in Compliance

Great Woman in Compliance – 2025 GWIC-tacular

#GWIC wishes all the most wonderful of holidays and a very happy, ethical & compliant New Year.

@LisaFine, @HemmaLomax, @SarahHadden & @EllenHunt gathered for the #GWIC-tacular 2025 round-up roundtable.

We reflected on 2025 as a year of disruption and rapidly changing public policy and on how Ethics & Compliance leaders must now, more than ever, manage the polarities we face. We expressed our gratitude for the generous and always supportive GWIC community and shared our optimism about 2026. We also unwrapped a gift that we’ll be working on in the new year.

We would love to hear what you would like GWIC’s focus to be in 2026.

You can hear the GWIC-tacular episode on any of these platforms:

📰 Corporate Compliance Insights

🎙️ Compliance Podcast Network

🍏 Apple

🎧 Spotify

📺 YouTube

Categories
Blog

Michigan Man, Part 3 – When Compliance Is Overruled: Institutional Failure at the University of Michigan

In Part 3, I examined Sherrone Moore’s individual compliance and ethics violations. That analysis was necessary, but it is not sufficient. No serious compliance professional believes that repeated misconduct by senior leaders occurs in a vacuum. Individual failure almost always reflects institutional weakness.

The University of Michigan did not cause Sherrone Moore’s behavior. But the university, and specifically its athletic department, bears responsibility for the systems, decisions, and omissions that allowed risk to accumulate unchecked. This is where the story becomes most relevant to corporate compliance professionals, because it illustrates how even sophisticated institutions can fail when compliance is subordinated to performance, loyalty, or brand protection.

The First Failure: Allowing Athletics to Override Compliance

The most fundamental breakdown at Michigan is structural. Over multiple years, the athletic department functioned as a semi-autonomous power center, capable of managing crises internally while insulating leadership from meaningful accountability.

This dynamic is visible in how the university handled the Connor Stalions sign-stealing scandal. Despite significant NCAA exposure, the program’s response emphasized competitive harm rather than integrity. Moore’s deletion of text messages and subsequent explanations resulted in suspensions, but not in disqualification from advancement. The compliance function did not appear to have veto power over promotion decisions, even when integrity concerns were documented. For compliance professionals, this is a familiar and dangerous pattern. When business units, or in this case, athletics, are allowed to treat compliance as advisory rather than authoritative, the message is clear: results matter more than rules.

The Second Failure: Deference to Legacy and Power

Michigan Athletics operates under a powerful legacy culture. As multiple commentators have noted, the program has long wrapped itself in mythology around the “Michigan Man,” a tradition that stretches back through Bo Schembechler and is reinforced under Jim Harbaugh. That culture prizes loyalty, continuity, and internal succession.

Sherrone Moore was the embodiment of that narrative. He was Harbaugh’s lieutenant, publicly emotional, and deeply embraced by fans and players. That status created what compliance professionals recognize as halo risk. Decision-makers become reluctant to ask hard questions of leaders who symbolize institutional identity.

This deference matters. When leaders are treated as extensions of the institution itself, compliance red flags are reframed as nuisances rather than warnings. That cultural bias undermines independent oversight and discourages escalation.

The Third Failure: A Flawed Internal Investigation Process

The university did commission an outside law firm, Jenner & Block, to investigate the alleged inappropriate relationship between Moore and a staffer. On paper, that decision reflects best practice. In execution, however, significant weaknesses are evident. According to reporting, the investigation initially stalled because both Moore and the staffer denied the relationship, and investigators lacked corroborating evidence. At that point, the inquiry has paused rather than intensifying scrutiny or implementing interim risk controls.

This is a classic compliance failure. When allegations involve senior leadership and power imbalances, the absence of evidence should prompt heightened diligence, not closure. Effective investigations recognize that fear, loyalty, or dependency may suppress disclosure. Failing to account for those dynamics is not neutrality. It is naïveté.

The Fourth Failure: Continued Reliance on False Statements

Perhaps the most troubling institutional failure is the university’s repeated reliance on Moore’s representations, despite a documented history of dishonesty during investigations. Moore had already deleted records and provided questionable explanations in the NCAA matter. That history should have triggered enhanced skepticism. Instead, the institution accepted his denials at face value until external corroboration forced action. Compliance professionals know that credibility is cumulative. Once an individual has compromised their credibility, future statements must be independently verified.

By failing to apply that standard, Michigan allowed risk to persist until it exploded into a crisis involving law enforcement.

The Fifth Failure: Inadequate Background and Risk Due Diligence

Moore’s elevation to head coach in 2024 represents a textbook failure of due diligence in risk-based promotion. Promotion decisions, especially into roles of extraordinary authority, must include a holistic review of ethics, compliance history, and behavioral risk.

Moore’s record at the time of promotion included:

  • NCAA violations tied to record deletion;
  • Active involvement in a major compliance scandal; and
  • Prior suspensions that were not yet fully served.

Any one of these is enough to disqualify him from coaching at a major university. Taken together, they should have triggered a serious debate in both the UM Athletic Department and the university as a whole about tone at the top and reputational risk.

In the corporate world, promoting an executive with unresolved compliance issues into a CEO role would be viewed as reckless. Michigan did precisely that, likely prioritizing continuity and optics over risk management.

The Sixth Failure: Crisis Management Without Safeguards

One of the most alarming details reported is that Moore was terminated alone, reportedly without HR representation or security present, despite prior knowledge that he was experiencing mental health distress. From a compliance and HR standpoint, this is indefensible. Terminations involving senior leaders, allegations of misconduct, and emotional instability require structured protocols. These protocols exist to protect all parties, including the organization.

The fact that Moore was later taken into custody following an alleged incident underscores how poor crisis execution can escalate harm rather than contain it.

The Seventh Failure: A Pattern Ignored

The Moore matter does not stand alone. As ESPN and Slate documented, Michigan athletics has faced multiple scandals in recent years, including federal indictments of staff, repeated NCAA violations, and internal HR complaints across sports.

Compliance professionals recognize this as a pattern risk. When misconduct appears across functions and time, the issue is no longer individual actors. It is governance. The university’s decision to launch a broad inquiry into the athletic department acknowledges this reality. However, recognition after the fact does not mitigate prior harm.

Compliance Takeaways

For compliance professionals, the Michigan Man case offers sobering lessons about institutional vulnerability:

  • Compliance functions must have authority, not just access
  • Legacy culture can blind organizations to risk
  • Investigations involving power imbalance require heightened rigor
  • Prior dishonesty must permanently alter credibility assessments
  • Promotion decisions are compliance decisions
  • Crisis response must be governed by protocol, not expediency

Most importantly, organizations must resist the temptation to treat success as a substitute for integrity. Winning programs, like high-performing business units, often receive the least scrutiny and pose the greatest risk.

I hope you will join me for my concluding Part 4, where I will translate these posts into concrete lessons for compliance professionals across industries. These lessons are not abstract. They are operational, structural, and urgent.

Resources:

The Terrible Mess at Michigan Football, by Jason Gay, writing in the Wall Street Journal.

Ex-Michigan coach Sherrone Moore charged with home invasion, stalking, breaking—Austin Meek and Sam Jane writing in The Athletic.

Fire Everybody—Alex Kirshner, writing in Slate.

Source: Michigan begins a review of the athletic department, by Dan Wetzel and Pete Thamel, writing for ESPN.

Categories
Compliance Tip of the Day

Compliance Tip of the Day – Preparing for an Investigation

Welcome to “Compliance Tip of the Day,” the podcast that brings you daily insights and practical advice for navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, we aim to provide you with bite-sized, actionable tips to help you stay on top of your compliance game. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

We continue our consideration of issues relating to your internal investigations. Today, we will discuss how to prepare for an investigation.

For more on this topic, check out The Compliance Handbook: A Guide to Operationalizing your Compliance Program, 6th edition, which LexisNexis recently released. It is available here.

Categories
Daily Compliance News

Daily Compliance News: December 16, 2025, The Don’t Feed the Pig Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Top stories include:

  • The slogan that brought down the Bulgarian government. (NYT)
  • Compliance concerns with AI glasses. (NationalLawReview)
  • Trafigura appeals. (Bloomberg)
  • Is there a right way for a CEO to quit? (FT)

The Daily Compliance News has been honored as the No. 2 in Best Regulatory Compliance Podcasts category.