Assessing Why Compliance Programs Fail

Compliance programs are ubiquitous and necessary in today’s institutions, yet these programs often fail to prevent misconduct. When investigating Michigan State University in the wake of the Larry Nassar scandal, for instance, the NCAA found no flaw with the university’s compliance program, which failed to detect and respond to Nassar’s misconduct despite multiple reported allegations over several decades.[1]

In analyzing compliance failures at Michigan State, Wells Fargo, Fox News, and countless other companies and institutions, the tendency is to focus on the immediate wrongdoing related to the compliance failure.  The question is, “Why did the compliance failure occur?”  This question, however, lacks precision and robustness, which may lead to incomplete or inaccurate conclusions for those charged with addressing compliance failures.

In an article recently published in the Indiana Law Journal, I argue that institutions can improve their assessments of compliance failures—and thereby their future compliance efforts—by changing the way they think about such programs in the first place. I explain that the compliance process consists of four, distinct stages: prevention, detection, investigation, and remediation.  I argue that more root-cause analyses will occur if firms ask at what stage or stages within the compliance program a failure or failures occurred. By conducting this sort of analysis when compliance failures occur, firms may be better equipped to address and prevent similar, future misconduct.

One of the principal benefits of assessing compliance programs through the framework I present is clarity. Clarity allows institutions and their regulators to determine at which stage a compliance failure occurred and thus design deliberate responses to prevent a similar failure in the future. Using case studies from Apple, Promontory Group LLC, the Office of Comptroller of the Currency (“OCC”), and Baylor University, my article demonstrates how conclusions about why wrongdoing within a firm occurred often look quite different when one asks, “At what stage in the compliance process did the failure occur?”  This more precise question allows the root cause or causes of the failure to come to light. Moreover, the framework helps to focus regulators and practitioners on the various interrelated yet distinct aspects of the compliance process, which should ultimately lead to a more integrated and thoughtful remediation effort.


[1] Will Hobson, NCAA Clears Michigan State of Rules Violations in Larry Nassar Case, Wash. Post (Aug. 30, 2018),

This post comes to us from Professor Veronica Root Martinez at the University of Notre Dame Law School. It is based on her recent article, “The Compliance Process,” available here.