In August 2025, the NCAA released its long-awaited Report on infractions committed by and for the University of Michigan football program. For compliance professionals, this case should be viewed not merely as a college sports story but as a case study in organizational misconduct, leadership failure, and cultural breakdown. Just as an FCPA enforcement action lays bare how companies slip into non-compliance, this NCAA decision reveals how one of the country’s premier football programs allowed systemic misconduct to flourish.
In Part 1 of this series, we examined the factual record of the University of Michigan football infractions case, including the impermissible scouting scheme, recruiting inducements, and failures to cooperate. In Part 2, we examined the culture that enabled these violations —a football program that viewed compliance as an enemy and leadership that turned a blind eye. In Part 3, we examined enforcement, or the lack thereof.
Today, when considering the penalties and the enforcement agency, the NCAA. When the dust settled, Michigan walked away without the kind of penalties most observers expected. No games were vacated. No national championship trophies were stripped. No postseason ban was imposed. Instead, Michigan received financial penalties, recruiting restrictions, and an additional four years of probation, in addition to its existing sanctions.
For many, the outcome raises an uncomfortable question: has the NCAA become a toothless enforcement agency? For compliance professionals in the corporate world, this is more than a sports story. It presents an opportunity to reflect on the broader role of enforcement bodies. What happens when regulators fail to enforce meaningfully? How does weak enforcement shape culture? And what can companies learn about their own compliance posture from the NCAA’s example?
The NCAA’s Enforcement Challenge
The NCAA has long touted its role as the guardian of fair play in college sports. Yet over the last decade, its enforcement credibility has eroded. From the Penn State scandal, where authority was challenged in court, to the University of North Carolina’s academic fraud case, where the NCAA claimed it lacked jurisdiction, the association has repeatedly faced criticism that its sanctions are inconsistent, politically influenced, or ineffective.
The Michigan case is the latest data point. Despite describing the scouting scheme as “one of one” in scope and seriousness, the Committee on Infractions declined to impose the stiffest penalties available:
- No vacating of wins from the 2021–2023 seasons.
- No forfeiture of the 2023 National Championship, which Michigan won while the scheme was ongoing.
- No postseason ban, even though the guidelines make such bans mandatory in Level I–Aggravated cases without exemplary cooperation.
Instead, the NCAA substituted financial penalties, citing fairness to current student-athletes who were not involved in the allegations. While this rationale has merit, it leaves the impression that Michigan “got away with it” and that the NCAA is unwilling to enforce its own rules when high-profile programs are involved.
What Weak Enforcement Signals
For compliance officers, this is familiar territory. Regulators who talk tough but avoid meaningful enforcement send a dangerous signal. They tell organizations:
• The risk of being caught is survivable. If the worst that can happen is a fine or probation, misconduct can be rationalized as a business risk.
• The rules are negotiable. If guidelines call for certain penalties but regulators bend them for expedience, the rules lose their deterrent effect.
• Culture follows enforcement. If leaders see that regulators will not impose significant penalties, they are less likely to instill a culture of compliance.
The DOJ has been explicit on this point in its 2023 and 2024 guidance updates: enforcement must be consistent, transparent, and meaningful. Otherwise, companies see compliance as optional.
Parallels to Corporate Enforcement
Consider the parallels between the NCAA’s enforcement dilemma and corporate regulation:
- Financial Institutions and Money Laundering: If a bank is repeatedly fined for AML violations but never loses its charter or key licenses, the cost of compliance failure becomes just another line item on the balance sheet.
- FCPA Cases Without Monitors: When companies resolve foreign bribery matters with fines but no independent monitor, questions arise about whether compliance programs will really change.
- Tech Sector Antitrust: When major technology firms pay record fines but retain their market dominance, critics argue that regulators are unwilling to disrupt the status quo.
The NCAA’s approach in the Michigan case echoes these patterns: big headlines, some financial pain, but no penalties that fundamentally change behavior.
Why the NCAA Chose This Path
The NCAA faced a difficult choice. Punishing current athletes for past staff misconduct raises questions of fairness. Vacating championships is largely symbolic; fans remember who won on the field. And the legal and political environment has shifted: with NIL, the transfer portal, and litigation like House v. NCAA, the NCAA’s authority is weaker than ever.
However, from an enforcement perspective, these explanations do not eliminate the central issue. When rules are broken at the highest level and the sanctions do not match the severity of the violations, the credibility of the regulator erodes.
Lessons for Compliance Professionals
What should compliance officers take away from the NCAA’s Michigan decision?
1. Enforcement Must Be Meaningful
If sanctions do not create real pain, misconduct will be rationalized as a cost of doing business. Compliance programs must be backed by meaningful consequences, whether in sports, banking, or healthcare.
2. Consistency Matters
Regulators that treat marquee institutions differently from smaller ones risk undermining the integrity of the system. In the corporate world, DOJ has emphasized consistency across industries. Selective enforcement creates cynicism.
3. Symbolic Sanctions Still Matter
Yes, vacating wins may be symbolic, but symbols shape culture. Stripping a national championship would have sent a message: no program is above the rules. In the corporate world, this is akin to requiring public admissions of wrongdoing, symbols that reinforce accountability.
4. Enforcement Without Teeth Undermines Compliance Officers
Michigan’s Chief Compliance Officer fought to enforce the rules but was rebuffed by the football staff. The NCAA’s weak enforcement now validates that resistance. Similarly, in corporations, when regulators fail to take action, compliance officers lose internal leverage.
5. The Importance of Independent Oversight
The NCAA is fundamentally a membership organization, as the member schools police themselves. This structural conflict mirrors corporate boards that allow management too much sway over investigations. Independence matters. Without it, enforcement credibility is always in doubt. Even worse is the clear implication that the NCAA is now entirely irrelevant for enforcement.
The Broader Question: Can the NCAA Still Govern
The Michigan case may be remembered less for the violations than for what it revealed about the NCAA’s limits. With the rise of NIL collectives, super conferences, and legal challenges, the NCAA’s role as enforcer is shrinking.
Some argue that conferences, such as the SEC and Big Ten, or even external regulators, such as Congress or state legislatures, may need to step into the breach. Others believe that the market itself, including fans, media, and sponsors, will impose reputational sanctions when the NCAA fails to do so.
For compliance officers, this debate is instructive. When a regulator loses credibility, industry participants look elsewhere for governance. The same could happen in corporate sectors if regulators falter: private monitors, investor activism, or even international bodies may step in to enforce standards.
The Cost of Toothless Enforcement
The NCAA’s decision in the Michigan case underscores a hard truth: rules without meaningful enforcement are not rules at all but merely suggestions.
For compliance professionals, this case should prompt reflection. What happens when your regulator is unwilling to enforce? What happens when penalties are softened to avoid controversy? And how do you, as a compliance officer, maintain credibility in a culture that sees enforcement as toothless?
The answers are sobering. Regulators must be consistent, meaningful, and unafraid to impose real consequences. Otherwise, they risk becoming like the NCAA: long on rules, short on enforcement, and increasingly irrelevant.
