Tag: compliance

Categories
Blog

Michigan Man, Part 3 – When Compliance Is Overruled: Institutional Failure at the University of Michigan

In Part 3, I examined Sherrone Moore’s individual compliance and ethics violations. That analysis was necessary, but it is not sufficient. No serious compliance professional believes that repeated misconduct by senior leaders occurs in a vacuum. Individual failure almost always reflects institutional weakness.

The University of Michigan did not cause Sherrone Moore’s behavior. But the university, and specifically its athletic department, bears responsibility for the systems, decisions, and omissions that allowed risk to accumulate unchecked. This is where the story becomes most relevant to corporate compliance professionals, because it illustrates how even sophisticated institutions can fail when compliance is subordinated to performance, loyalty, or brand protection.

The First Failure: Allowing Athletics to Override Compliance

The most fundamental breakdown at Michigan is structural. Over multiple years, the athletic department functioned as a semi-autonomous power center, capable of managing crises internally while insulating leadership from meaningful accountability.

This dynamic is visible in how the university handled the Connor Stalions sign-stealing scandal. Despite significant NCAA exposure, the program’s response emphasized competitive harm rather than integrity. Moore’s deletion of text messages and subsequent explanations resulted in suspensions, but not in disqualification from advancement. The compliance function did not appear to have veto power over promotion decisions, even when integrity concerns were documented. For compliance professionals, this is a familiar and dangerous pattern. When business units, or in this case, athletics, are allowed to treat compliance as advisory rather than authoritative, the message is clear: results matter more than rules.

The Second Failure: Deference to Legacy and Power

Michigan Athletics operates under a powerful legacy culture. As multiple commentators have noted, the program has long wrapped itself in mythology around the “Michigan Man,” a tradition that stretches back through Bo Schembechler and is reinforced under Jim Harbaugh. That culture prizes loyalty, continuity, and internal succession.

Sherrone Moore was the embodiment of that narrative. He was Harbaugh’s lieutenant, publicly emotional, and deeply embraced by fans and players. That status created what compliance professionals recognize as halo risk. Decision-makers become reluctant to ask hard questions of leaders who symbolize institutional identity.

This deference matters. When leaders are treated as extensions of the institution itself, compliance red flags are reframed as nuisances rather than warnings. That cultural bias undermines independent oversight and discourages escalation.

The Third Failure: A Flawed Internal Investigation Process

The university did commission an outside law firm, Jenner & Block, to investigate the alleged inappropriate relationship between Moore and a staffer. On paper, that decision reflects best practice. In execution, however, significant weaknesses are evident. According to reporting, the investigation initially stalled because both Moore and the staffer denied the relationship, and investigators lacked corroborating evidence. At that point, the inquiry has paused rather than intensifying scrutiny or implementing interim risk controls.

This is a classic compliance failure. When allegations involve senior leadership and power imbalances, the absence of evidence should prompt heightened diligence, not closure. Effective investigations recognize that fear, loyalty, or dependency may suppress disclosure. Failing to account for those dynamics is not neutrality. It is naïveté.

The Fourth Failure: Continued Reliance on False Statements

Perhaps the most troubling institutional failure is the university’s repeated reliance on Moore’s representations, despite a documented history of dishonesty during investigations. Moore had already deleted records and provided questionable explanations in the NCAA matter. That history should have triggered enhanced skepticism. Instead, the institution accepted his denials at face value until external corroboration forced action. Compliance professionals know that credibility is cumulative. Once an individual has compromised their credibility, future statements must be independently verified.

By failing to apply that standard, Michigan allowed risk to persist until it exploded into a crisis involving law enforcement.

The Fifth Failure: Inadequate Background and Risk Due Diligence

Moore’s elevation to head coach in 2024 represents a textbook failure of due diligence in risk-based promotion. Promotion decisions, especially into roles of extraordinary authority, must include a holistic review of ethics, compliance history, and behavioral risk.

Moore’s record at the time of promotion included:

  • NCAA violations tied to record deletion;
  • Active involvement in a major compliance scandal; and
  • Prior suspensions that were not yet fully served.

Any one of these is enough to disqualify him from coaching at a major university. Taken together, they should have triggered a serious debate in both the UM Athletic Department and the university as a whole about tone at the top and reputational risk.

In the corporate world, promoting an executive with unresolved compliance issues into a CEO role would be viewed as reckless. Michigan did precisely that, likely prioritizing continuity and optics over risk management.

The Sixth Failure: Crisis Management Without Safeguards

One of the most alarming details reported is that Moore was terminated alone, reportedly without HR representation or security present, despite prior knowledge that he was experiencing mental health distress. From a compliance and HR standpoint, this is indefensible. Terminations involving senior leaders, allegations of misconduct, and emotional instability require structured protocols. These protocols exist to protect all parties, including the organization.

The fact that Moore was later taken into custody following an alleged incident underscores how poor crisis execution can escalate harm rather than contain it.

The Seventh Failure: A Pattern Ignored

The Moore matter does not stand alone. As ESPN and Slate documented, Michigan athletics has faced multiple scandals in recent years, including federal indictments of staff, repeated NCAA violations, and internal HR complaints across sports.

Compliance professionals recognize this as a pattern risk. When misconduct appears across functions and time, the issue is no longer individual actors. It is governance. The university’s decision to launch a broad inquiry into the athletic department acknowledges this reality. However, recognition after the fact does not mitigate prior harm.

Compliance Takeaways

For compliance professionals, the Michigan Man case offers sobering lessons about institutional vulnerability:

  • Compliance functions must have authority, not just access
  • Legacy culture can blind organizations to risk
  • Investigations involving power imbalance require heightened rigor
  • Prior dishonesty must permanently alter credibility assessments
  • Promotion decisions are compliance decisions
  • Crisis response must be governed by protocol, not expediency

Most importantly, organizations must resist the temptation to treat success as a substitute for integrity. Winning programs, like high-performing business units, often receive the least scrutiny and pose the greatest risk.

I hope you will join me for my concluding Part 4, where I will translate these posts into concrete lessons for compliance professionals across industries. These lessons are not abstract. They are operational, structural, and urgent.

Resources:

The Terrible Mess at Michigan Football, by Jason Gay, writing in the Wall Street Journal.

Ex-Michigan coach Sherrone Moore charged with home invasion, stalking, breaking—Austin Meek and Sam Jane writing in The Athletic.

Fire Everybody—Alex Kirshner, writing in Slate.

Source: Michigan begins a review of the athletic department, by Dan Wetzel and Pete Thamel, writing for ESPN.

Categories
Compliance Tip of the Day

Compliance Tip of the Day – Preparing for an Investigation

Welcome to “Compliance Tip of the Day,” the podcast that brings you daily insights and practical advice for navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, we aim to provide you with bite-sized, actionable tips to help you stay on top of your compliance game. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

We continue our consideration of issues relating to your internal investigations. Today, we will discuss how to prepare for an investigation.

For more on this topic, check out The Compliance Handbook: A Guide to Operationalizing your Compliance Program, 6th edition, which LexisNexis recently released. It is available here.

Categories
Daily Compliance News

Daily Compliance News: December 16, 2025, The Don’t Feed the Pig Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Top stories include:

  • The slogan that brought down the Bulgarian government. (NYT)
  • Compliance concerns with AI glasses. (NationalLawReview)
  • Trafigura appeals. (Bloomberg)
  • Is there a right way for a CEO to quit? (FT)

The Daily Compliance News has been honored as the No. 2 in Best Regulatory Compliance Podcasts category.

Categories
Innovation in Compliance

Innovation in Compliance – Exploring Fractional and Adjunct Risk Professionals with Gerry Zack

Innovation occurs across many areas, and compliance professionals need not only to be ready for it but also to embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. In this episode, host Tom Fox welcomes back Gerry Zack to discuss a novel service offering in the compliance and risk management community: fractional and adjunct risk professionals.

Zack explains how these roles can supplement companies that lack certain expertise or can’t afford full-time positions, particularly highlighting the benefits of long-term relationships. The discussion also covers the distinctions between compliance and broader risk management, the flexibility of fractional contracts, and the importance of alignment in risk management practices across different organizational departments.

Key highlights:

  • Exploring the Concept of Fractional CCO
  • Long-term Benefits of Fractional Roles
  • Risk Professional Services vs. Compliance
  • Applications and Benefits of Fractional Roles
  • Challenges and Considerations

Resources:

Gerry Zack on LinkedIn

RiskTrek website

Innovation in Compliance was recently ranked 4th among Risk Management podcasts by 1,000,000 Podcasts.

Categories
Blog

Michigan Man, Part 2 – Individual Accountability: Compliance and Ethics Violations at the Center of the Crisis

Part 1 of this series established that the Sherrone Moore story is both a human tragedy and an institutional crisis. In Part 2, we turn to a more difficult but necessary task. Compliance professionals must ask a direct question: What did Moore do that violated compliance and ethics expectations, and why do those actions matter beyond college football?

The answer is uncomfortable because it involves more than a single lapse in judgment. The facts as currently known describe a pattern of conduct that strikes at the heart of any credible compliance program: dishonesty during investigations, misuse of power, disregard for institutional policy, and an apparent belief that personal status insulated him from consequences.

Compliance Is About Truth-Telling

At the core of every compliance program is a simple, non-negotiable principle: tell the truth when the organization asks questions. That principle applies whether the inquiry involves financial controls, harassment allegations, or NCAA violations. Once an individual lies during an investigation, the issue ceases to be a narrow policy breach and becomes an integrity failure. As a friend of mine told me once, “As one of my partners said when a managing partner was having an affair, ‘if he’ll do that to his wife, imagine what he’ll do to his partners.’” Sherrone Moore crossed this line well before his dismissal as head coach.

During the Connor Stalions sign-stealing investigation, Moore deleted text messages exchanged with Stalions and later provided what the NCAA described as an implausible explanation for doing so. That conduct resulted in NCAA suspensions and remains part of the formal record of compliance violations tied to Moore personally. ESPN

From a compliance perspective, this matters far more than sign stealing itself. Deleting records during an investigation undermines document retention obligations, impedes fact-finding, and signals a willingness to prioritize personal or programmatic interests over institutional integrity. In the corporate world, the parallel would be deleting emails during a regulatory inquiry. No compliance officer would treat that as a minor infraction.

Repeated Dishonesty During Investigations

The more recent investigation into Moore’s relationship with a female staffer raises even more serious concerns. According to reporting, the University of Michigan launched an inquiry after receiving an anonymous tip alleging an inappropriate relationship. Both Moore and the staffer denied any ties, and the investigation initially stalled for lack of corroborating evidence. ESPN

That denial later proved false when the staffer disclosed corroborating evidence confirming a multi-year intimate relationship. At that moment, the issue shifted decisively from a policy violation to an ethics failure.

From a compliance standpoint, the problem is not merely the relationship itself. It is the active misrepresentation to investigators, i.e., intent. Lying to internal or external investigators destroys trust in the investigative process and forces organizations to rely on incomplete or inaccurate information when making risk decisions. It also exposes the institution to claims that it ignored or mishandled misconduct, even when the real issue was a senior leader’s deception.

Abuse of Power and Conflicts of Interest

Most university and corporate codes of conduct prohibit intimate relationships between supervisors and subordinates or require disclosure and mitigation when they do. These rules are not moral judgments. They are risk controls designed to prevent coercion, favoritism, retaliation, and exploitation.

Moore’s alleged multi-year relationship with a staffer squarely implicates these risks. As head coach and, previously, as an assistant coach, Moore held a position of significant authority within the athletic department. Even if the relationship was initially consensual, the power imbalance is unavoidable. Compliance professionals recognize that consent in such circumstances is inherently complicated and that organizations bear responsibility for preventing these situations from arising.

Failure to disclose the relationship deprived the university of the opportunity to implement safeguards, reassign reporting lines, or otherwise manage the conflict. That omission constitutes a clear ethics violation independent of any later criminal allegations.

Escalation Beyond Policy Violations

The most disturbing allegations arise from events following Moore’s termination. Prosecutors allege that after the relationship ended and Moore was fired, he went to the staffer’s residence without permission, engaged in repeated unwanted communications, and threatened self-harm while inside her home. NYT

While the criminal justice system will determine legal responsibility, compliance professionals must recognize how quickly misconduct can escalate when earlier controls fail. What began as an undisclosed relationship allegedly progressed into stalking behavior and an incident that law enforcement deemed serious enough to warrant felony charges.

This escalation underscores a core compliance truth: that early intervention matters. When organizations fail to address misconduct promptly and transparently, risks compound. Personal crises become workplace crises. Workplace crises become institutional crises.

Retaliation and Intimidation Risks

Another compliance dimension cannot be ignored. Prosecutors allege that Moore made statements to the staffer suggesting that she had “ruined his life” and that his blood would be “on her hands. From a compliance lens, such statements raise red flags around intimidation and retaliation. NYT

Whistleblower and reporting systems depend on employees feeling safe to come forward. Any conduct that could reasonably be perceived as threatening or coercive undermines that system. Whether intentional or not, such behavior chills reporting and exposes organizations to significant liability.

The Myth of the Star Performer Exception

One of the most consistent themes in compliance failures across industries is the star performer exception. High performers convince themselves, and sometimes their organizations, that rules are flexible when success is at stake. Moore’s trajectory fits this pattern uncomfortably well.

Despite prior compliance issues, including NCAA suspensions, Moore was elevated to head coach of one of college football’s most prominent programs. Each unresolved issue reinforced the perception that consequences were manageable and survivable. That perception is toxic to any ethical culture. Compliance professionals know that prior misconduct is one of the strongest predictors of future misconduct. Moore’s history should have triggered heightened scrutiny, not diminished concern.

Why Individual Accountability Matters

It is tempting to view Moore as a tragic figure overtaken by personal failure. That view is human and compassionate, but it cannot obscure the reality of compliance. Moore made choices. He chose to delete records. He decided to misrepresent facts to investigators. He chose not to disclose a prohibited relationship. He allegedly took actions that led to criminal charges.

Individual accountability is essential because without it, compliance programs lose credibility. Employees notice when leaders are treated differently. Regulators notice when organizations minimize misconduct by senior figures. Over time, the erosion of accountability becomes cultural.

Compliance Takeaways

For compliance professionals, the Moore case reinforces several hard truths:

  • Dishonesty during investigations is a red-line violation.
  • Conflicts of interest must be disclosed and managed, not hidden.
  • Power imbalances amplify ethical risk.
  • Past misconduct predicts future risk.
  • Star performers do not deserve special rules.

In Part 3 of this series, I will turn from individual accountability to institutional failure. The University of Michigan did not create Moore’s choices, but it did create the environment in which those choices were insufficiently challenged. Understanding that failure is essential for any organization that believes its compliance program is robust.

Resources:

The Terrible Mess at Michigan Football, by Jason Gay, writing in the Wall Street Journal.

Ex-Michigan coach Sherrone Moore charged with home invasion, stalking, breaking—Austin Meek and Sam Jane writing in The Athletic.

Fire Everybody—Alex Kirshner, writing in Slate.

Source: Michigan begins a review of the athletic department, by Dan Wetzel and Pete Thamel, writing for ESPN.

Categories
Compliance Tip of the Day

Compliance Tip of the Day – Your Investigative Protocol

Welcome to “Compliance Tip of the Day,” the podcast that brings you daily insights and practical advice for navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, we aim to provide you with bite-sized, actionable tips to help you stay on top of your compliance game. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

This week, we will consider issues relating to your internal investigations. Today, we begin by considering your investigative protocol.

For more on this topic, check out The Compliance Handbook: A Guide to Operationalizing your Compliance Program, 6th edition, which LexisNexis recently released. It is available here.

Categories
AI Today in 5

AI Today in 5: December 15, 2025, The Good, Bad & Ugly Edition

Welcome to AI Today in 5, the newest edition of the Compliance Podcast Network. Each day, Tom Fox will bring you 5 stories about AI to start your day. Sit back, enjoy a cup of morning coffee, and listen in to AI Today In 5. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest about AI.

Top AI stories include:

  1. Data Sovereignty and AI compliance. (DataCentre)
  2. Trump’s EO cuts down on AI compliance. (Bitget)
  3. The Good, Bad & Ugly of AI. (WSJ)
  4. AI leaders eye breakthroughs. (Bloomberg)
  5. Swiss Re signs MoU to develop AI capabilities. (FinTechGlobal)

For more information on the use of AI in Compliance programs, my new book, Upping Your Game, is available. You can purchase a copy of the book on Amazon.com.

Categories
FCPA Compliance Report

FCPA Compliance Report – Kristy Grant-Hart on the Evolution of Compliance in 2026: Navigating New Risks and Regulations

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode, Tom welcomes Kristy Grant-Hart, Head of Advisory Services at Diligent’s Spark Compliance Group, to discuss where compliance has been in 2025 and where it is going into 2026.

Tom Fox and Kristy Grant-Hart explore the future of corporate compliance in 2026 and beyond. Key discussion areas include the Trump administration’s changing focus on the Foreign Corrupt Practices Act (FCPA), the designation of cartels as foreign terrorist organizations, and the implications for third-party due diligence. They also delve into modern slavery laws, the impacts of AI on compliance, and the necessity of a unified approach to compliance strategy.

Additionally, Kristy introduces the Compliance and Ethics Innovation Collective, a new program from Spark and Diligent that integrates services and software to deliver a more robust compliance solution. The session concludes with strategic advice for compliance officers on staying ahead of dynamic regulatory changes and maintaining effective risk management.

 

Resources:

Kristy Grant-Hart on LinkedIn

Diligent Website

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

The Michigan Man, Part 1 – From Winning Program to Institutional Crisis

There are moments when an organization confronts a crisis so severe that it overwhelms every narrative it once controlled. The University of Michigan now finds itself in precisely that moment. What began as a continuation of compliance issues stemming from the sign-stealing scandal has rapidly escalated into something far more serious, far more painful, and far more destabilizing. This is no longer a story about NCAA rules or institutional embarrassment. It is a story about human failure, organizational breakdown, and the real-world consequences of ignoring warning signs.

As compliance professionals, our instinct is to move quickly to frameworks, root causes, and lessons learned. That work will come later in this series. But first, it is essential to set out the facts as they are currently known and to acknowledge the human cost embedded in every paragraph of this story. This story is far beyond compliance and ethics, but it is a true human tragedy. But it will also show how such a human tragedy could have been prevented if the basic tenets of organizational compliance and ethics had been followed.

All resources cited in this four-part series are listed at the end of this blog post. Finally, this writing is personal, as I am a UM graduate.

The Rise of Sherrone Moore

Sherrone Moore’s ascent within the University of Michigan football program appeared, at least on the surface, to be a model of internal succession. Moore joined Jim Harbaugh’s staff in 2018 and rose steadily through the ranks, ultimately serving as offensive coordinator during Michigan’s 2023 national championship season. When Harbaugh departed for the NFL, Moore was promoted to head coach, a decision widely praised as ensuring continuity and stability.

Moore was not simply a coach. He was a symbol. His emotional post-game interview after a victory over Penn State, while Harbaugh was suspended, became an iconic moment for Michigan fans. He embodied loyalty, perseverance, and what many referred to as the “Michigan Man” ethos. ESPN

Yet even at the time of his promotion, Moore’s record was not unblemished. He had already been implicated in the Connor Stalions sign-stealing investigation and had received NCAA suspensions for deleting text messages during that inquiry. Those issues were treated by the university and much of the fan base as technical compliance matters rather than as indicators of deeper governance or integrity risks. Slate

That framing now appears deeply flawed.

The Inappropriate Relationship Investigation

According to reporting by The AthleticESPNSlate, and The Wall Street Journal, the University of Michigan received an anonymous tip earlier in 2025 alleging an inappropriate relationship between Moore and a female football staffer. The university retained Jenner & Block, an outside counsel, to conduct an investigation. Initially, both Moore and the staffer denied any relationship, and investigators reported that insufficient evidence existed to substantiate the claim.

That changed dramatically in December 2025. Prosecutors allege that the staffer disclosed corroborating evidence confirming a multi-year intimate relationship after she ended it earlier that week. At that point, the university determined that Moore had violated institutional policy and terminated him for cause, avoiding a reported $14 million buyout. The Athletic

This was not merely an employment decision. It was the spark that ignited a cascading crisis.

The Criminal Charges

Within hours of his dismissal, Moore’s personal situation escalated into a criminal matter. Prosecutors allege that Moore went to the staffer’s residence without permission, entered through an unlocked door, and engaged in a confrontation during which he picked up scissors and butter knives and threatened to harm himself. According to court statements, Moore allegedly made repeated statements such as “I am going to kill myself” and “My blood is on your hands. The Athletic

Moore was subsequently charged with felony third-degree home invasion and misdemeanor charges of stalking and breaking. He was taken into custody, evaluated at a hospital, and later released on bond with GPS monitoring and a requirement that he continue mental health treatment. A probable cause hearing is scheduled for January 2026.

At this point, it bears stating plainly: these are allegations, and Moore has pleaded not guilty. The legal process will determine criminal responsibility. However, from an organizational perspective, the damage has already been done.

The Expanding Institutional Investigation

What began as an inquiry into Moore’s conduct has now broadened into a comprehensive review of the University of Michigan athletic department. University leadership has confirmed that Jenner & Block’s mandate has expanded to examine how the athletic department handled the Moore matter and other recent scandals, including the sign-stealing investigation and prior misconduct by football staffers. ESPN

Interim President Domenico Grasso has publicly called for anyone with relevant information to come forward, emphasizing that “all of the facts here must be known.” Athletic Director Warde Manuel remains in his position for now, but multiple reports note that his leadership and oversight are under intense scrutiny.

This expansion matters. It signals that the university itself recognizes that Moore’s actions cannot be isolated from the environment in which they occurred.

Beyond Compliance: The Human Tragedy

It would be a profound mistake to reduce this story to a checklist of policy violations.

At the center of this crisis are people whose lives have been irreversibly altered. Moore is a married father of three whose career has collapsed in public view. His family faces humiliation, uncertainty, and emotional trauma that will not disappear with headlines. Prosecutors describe the staffer at the center of the allegations as someone who felt terrorized and unsafe, a position no employee should ever occupy. University of Michigan players have lost their head coach midseason, forcing them to process personal loyalty, public scandal, and institutional chaos simultaneously. There is also the culture of an entire university athletic department, which not only allowed such behavior but also tolerated and even celebrated it by promoting Moore to Head Coach.

The broader Michigan community, alumni, students, and fans are also stakeholders in this tragedy. For an institution that has long traded on its image of integrity and moral leadership, the reputational damage cuts deeply. Being a ‘Michigan Man’ was meant to stand for something—something positive, that you did things in the right way, and you personally held yourself to a higher standard. As The Wall Street Journal observed, this is no longer a college football story. It is “agony in Ann Arbor. I certainly echo that feeling personally.

A Pattern, Not an Anomaly

The most troubling aspect of the facts as currently known is how familiar they feel. The Moore scandal follows a series of incidents involving Michigan athletics over recent years, including the Stalions’ sign-stealing operation, multiple staff arrests, internal HR complaints, and even a federal indictment of a former assistant coach for accessing student-athletes’ private data. WSJ

The issue may not be any single actor but rather an entrenched culture that has historically insulated powerful figures from accountability. Slate: When organizations repeatedly frame misconduct as isolated events, they fail to confront systemic risk.

Why This Matters for Compliance Professionals

For compliance professionals, this case is already instructive even before we reach lessons learned. It demonstrates how compliance failures often emerge not as sudden collapses but as accumulations of ignored signals. It shows how reputational capital built over decades can evaporate in a matter of days. Most importantly, it reminds us that behind every policy failure are human beings who bear the consequences.

While there will be others who say ‘I told you so’ or want to bring the vaunted Michigan Man down a peg or two, the lessons from this scandal and human tragedy are no less important for your team, your school, and your university.

In the next installment of this series, I will turn directly to Sherrone Moore’s individual compliance and ethics violations, including his conduct during the sign-stealing investigation and his alleged misrepresentations to investigators. That analysis is necessary. But it should never obscure the reality that this story is about far more than rules. Compliance exists to protect people, institutions, and trust. When it fails, the cost is measured not only in fines or sanctions but also in lives disrupted and communities shaken.

Resources:

The Terrible Mess at Michigan Football, by Jason Gay, writing in the Wall Street Journal.

Ex-Michigan coach Sherrone Moore charged with home invasion, stalking, breaking—Austin Meek and Sam Jane writing in The Athletic.

Fire Everybody—Alex Kirshner, writing in Slate.

Source: Michigan begins a review of the athletic department, by Dan Wetzel and Pete Thamel, writing for ESPN.

Categories
Blog

Netflix Acquisition of Warner Brothers: Part 5 – Post-Merger Integration – Where Compliance Either Succeeds or Fails

When Netflix announced its acquisition of Warner Bros., attention quickly turned to strategic synergies, content pipelines, and market influence. These are important, but they are not where the transaction’s success or failure will ultimately be determined. Deals succeed or fail in post-merger integration. For compliance professionals, this is the crucible. It is the period where two companies attempt to unify processes, cultures, systems, and risk management frameworks while moving at operational speed. When integration falters, compliance failures follow. When integration excels, compliance becomes a stabilizing force that supports the organization during a period of high-velocity change.

Compliance sits at the center of integration because compliance touches everything: governance, culture, systems, third-party relationships, data, reporting lines, training, investigations, and internal controls. It is one of the few functions that spans the entire enterprise. That makes compliance uniquely positioned to guide integration successfully. It also makes compliance uniquely exposed when integration fails.

Today, in our concluding Part 5, we explore why integration is the moment where compliance either rises or falters and what compliance leaders must do to ensure that the post-merger period strengthens rather than destabilizes the combined enterprise.

Day One Through Day Three Hundred: The Critical Window

The first year after closing defines the trajectory of a merger. This window is where employees decide whether leadership is credible, processes are coherent, and the combined organization knows where it is going. It is also the period when the greatest number of decisions must be made quickly and often without perfect information. That is where risk seeps into the cracks.

Compliance must treat integration as an enterprise-wide transformation project. That means establishing a structured roadmap for the first 30, 60, 180, and 300 days. Without this structure, integration becomes reactive rather than strategic. Reactive integration is where compliance failures escalate.

In this period, compliance must monitor employee sentiment, decision-making patterns, escalation pathways, and early deviation from established controls. Whether an organization grows stronger or weaker during integration depends on how quickly compliance identifies deviations and reinforces accountability.

Building a Unified Compliance Architecture

One of the first imperatives of integration is building a unified compliance architecture. Netflix and Warner Bros. bring different compliance footprints. Netflix has a culture that emphasizes transparency, individual accountability, and rapid feedback cycles. Warner Bros. brings decades of risk controls shaped by studio operations, talent relationships, union agreements, and global production infrastructure.

A unified architecture requires more than merging documents or standardizing policies. It requires understanding where each legacy system is strong, where it is vulnerable, and where alignment creates new risk.

Compliance leaders must establish:

  • A consolidated Code of Conduct.
  • A harmonized policy library.
  • Unified reporting channels.
  • Shared investigative procedures.
  • Enterprise-wide risk assessment methodologies.
  • Coherent training programs.

These components cannot be written. They must be communicated, taught, operationalized, and reinforced. Employees must understand not only what the policies say but also why they matter in the new organization.

Rationalizing Reporting Lines and Escalation Pathways

Mergers create confusion. Employees do not always know whom to contact, how to escalate concerns, or whether the people they previously relied on still have authority. That ambiguity is an enormous compliance risk.

Compliance leaders must create clarity early:

  • Who receives concerns?
  • How are investigations assigned?
  • What are the escalation criteria?
  • What timelines apply to decision-making?
  • How will employees receive feedback on issues they raise?

This clarity is not a luxury. It is a control. Without defined reporting pathways, concerns go unreported or unresolved. Both outcomes expose the business to avoidable harm.

Technology Integration: Where Risk Hides in Plain Sight

Technology integration is one of the most underestimated compliance risks. During a merger, companies aim to integrate systems spanning HR and payroll, content management, production workflows, distribution platforms, data governance, and internal controls.

Compliance must ensure that:

  • Data mapping is accurate.
  • Privacy rules are harmonized.
  • Access rights reflect new reporting structures.
  • Legacy systems are retired responsibly.
  • Audit trails are preserved, and
  • System changes do not inadvertently lower control effectiveness

Technology teams often focus on functionality and speed. Compliance must focus on integrity and accountability. Without disciplined oversight, integrations can create gaps or duplications that allow misconduct, data loss, or process failures to occur undetected.

Third-Party Integration: The Often Forgotten Battlefield

Netflix and Warner Bros. maintain extensive third-party ecosystems: production companies, talent agencies, global distributors, technology vendors, marketing partners, and international subsidiaries. Each third-party relationship carries risk. During a merger, that risk is magnified because:

  • Contract ownership may be ambiguous.
  • Oversight structures may change.
  • Legacy due diligence may be incomplete.
  • Vendor performance may deteriorate, and
  • New conflicts of interest may emerge.

Compliance must therefore implement a unified third-party risk management framework that includes:

  • Centralized onboarding and risk ranking;
  • Revised due diligence standards.
  • Contract alignment with the new Code of Conduct;
  • Clear monitoring obligations; and
  • Documented remediation protocols

An ungoverned third-party ecosystem is one of the most common sources of post-merger compliance failures.

The Cultural Dimension: The Invisible Integrator or Divider

Culture is the single greatest determinant of whether integration strengthens or weakens the enterprise. Netflix’s culture of candor and Warner Bros’ culture of tradition do not naturally conflict, but they do require careful alignment. Compliance must monitor cultural friction closely:

  • Decreased willingness to speak up
  • Divergent interpretations of policies
  • Informal workarounds
  • Turnover spikes in key departments
  • Erosion of decision transparency

Culture determines whether employees trust the compliance function, adhere to policies, and promptly escalate concerns. If cultural alignment is not prioritized, controls weaken regardless of the sophistication of the compliance architecture.

Documentation: The Foundation of Regulatory Credibility

Regulators expect visibility during integration. They expect companies to demonstrate that decisions were documented, risks were assessed, concerns were escalated, and oversight was effective.

Compliance must preserve:

  • Integration plans
  • Meeting notes
  • Risk assessments
  • Policy revisions
  • Training materials
  • Incident logs
  • Decision memos

Documentation is not bureaucratic. It is evidence. It demonstrates that the company fulfilled its obligations and that compliance was central to the integration process.

The Compliance Lesson

Integration is not an administrative exercise. It is a risk multiplier. It is also the moment when compliance can demonstrate its value most clearly. The Netflix acquisition of Warner Bros. offers an unmistakable reminder: strategic ambition means nothing if integration is weak. Compliance must lead with clarity, discipline, and foresight.

Where integration is intentional, guided, and well governed, compliance becomes a competitive asset. It stabilizes the organization, protects employees, and supports leadership during a period of profound change. Where integration is fragmented, rushed, or ignored, compliance fails. It fails not because of a lack of knowledge but because of a lack of structure.

For compliance professionals, this final lesson is the most important: the acquisition may create opportunity, but integration determines destiny.