Compliance and Risk Management: Area for Legal Teaching and Scholarship?

The following post comes to us from Geoffrey P. Miller, Stuyvesant P. Comfort Professor of Law at New York University School of Law.

Compliance is hot.

Pick up the New York Times or the Wall Street Journal and you are likely to find a story about yet another huge fine for regulatory infractions.

In early May, to take a recent example, BNB Paribas, the big French bank, admitted that the $1.1 billion it had set aside for infractions involving sanctions regimes would not be nearly enough to cover its expected liability.

A billion dollars is a big number, but it is hardly the largest penalty we have seen in recent years. It is dwarfed, for example, by the more than $13 billion JPMorgan Chase agreed to pay to various regulatory agencies for mortgage infractions.

Numbers like these command attention.

They command attention from news organizations which attract readers when nine figures are splashed across the front page.

They command attention from CEO’s who recognize that regulatory penalties can be a drag on earnings, a blow to reputation, and a threat to their personal compensation and job security.

They command attention from other regulators who see potential for capturing resources for their own agencies and their own countries.

They command attention from law firms, accounting firms, and other service providers, who see lucrative new practice areas developing and who have been on a hiring binge in the compliance space.

Until recently, however, law schools and legal educators have been behind the curve on compliance. Even though compliance jobs for attorneys have been exploding at a time of near-depression in legal hiring in other fields, law schools have been slow to enter the field.

Given the practical importance of the field and the significant theoretical issues involved, it is past time for law schools and legal scholars to focus on compliance and its cognate fields of governance and risk management.

Fortunately, this situation is changing. Several law schools have recently initiated courses or programs in the compliance area, mine among them. At NYU, Professor Jennifer Arlen founded and I signed on as co-director of a program in corporate compliance and enforcement which supports conferences, scholarship, and other activities in the compliance/enforcement space.

Until recently, teaching and research in the compliance area has been limited by the lack of suitable materials. This also is changing. My book, “The Law of Governance, Risk Management and Compliance,” published in March by Wolters Kluwer Law & Business, offers an up-to-date, exciting, and analytically sophisticated introduction to the topic. This book is intended as a teaching material for a regular JD class and also as a resource for practicing lawyers who did not receive instruction in the topic in law school.

Among other innovations, this book defines a field of legal study and analysis which, while familiar in business circles, is not well-known in law. The book argues that compliance cannot be adequately understood without an inquiry into the cognate fields of governance and risk management: governance, because compliance programs are implemented through governance structures in complex organizations; and risk management because both compliance itself and many of the myriad regulations that are enforced through compliance operations are explicitly grounded in risk assessment and risk management procedures.

As to governance, the book, unlike most corporate or business law texts, looks under the hood of complex organizations and examines sub-structures within the board of directors (chairman, lead director, and the audit, governance and nominating, risk, compliance, and compensation committees), as well as important executive offices (chief executive officer, general counsel, chief risk officer, head of internal audit, chief compliance officer, chief financial officer, and director of human resources). Law students and new attorneys need to understand these institutions if they are to represent clients effectively in today’s business environment.

As to risk-management, the book argues that attorneys are, in fact, professional risk managers even if they do not conceive themselves as such. But most law students and new attorneys know little about contemporary techniques of risk management in the business setting: enterprise risk management; the analysis of inherent risk, controls and mitigation measures, and residual risk; and the use of quantitative tools such as value at risk. The book provides a basic introduction into these and other topics.

As for compliance, the book provides an introduction to the rise of the administrative state and to key events in the history of compliance (e.g., the financial crisis of 2007-2009); examines compliance mechanisms (internal enforcement, regulators, prosecutors, whistleblowers, gatekeepers, and plaintiffs’ attorneys); and discusses several of the more important substantive areas where compliance concerns are most salient (information security, off label drugs, foreign corrupt practices, money laundering and sanctions, and sexual harassment).

Also of interest are chapters on ethics, social responsibility and culture; on cases where compliance failed (e.g., Enron and WorldCom); and on cases where risk management failed (e.g., UBS and JPMorgan Chase’s “London Whale.”).

Anyone who is interested in the book, in the NYU program in corporate compliance and enforcement, or in the general topic is invited to contact me or my colleague Jennifer Arlen. We would be delighted to hear from you.

Both comments and trackbacks are currently closed.