Patriots PictureThe history of professional football in Houston is certainly star-crossed. After winning the first two American Football League (AFL) championships in 1960 and 1961, the Oilers never made it back to the big game. After the merger of the National Football League (NFL) with the AFL, they never made it past the American Football Conference (AFC) round. Add to this 55 year streak of non-champions, the Oilers hold the inglorious record for having the largest lead ever surmounted in a playoff games, when in 1993 they gave away a 38-3 third quarter lead to the Buffalo Bills to lose with a final score of 41-38.

So choking in a big game is burned into the DNA of Houston professional football, even if the names have changed from the Oilers to the Texans. We were treated to the most recent display of Houston professional football ineptitude last Thursday when the Texans marched into Gillete Stadium and lost to a New England Patriot team led by a third-string quarterback making his first NFL start, in a 27-0 whitewash. However, the score really was not that close as the Texans could not even manage to cross midfield until the middle of the third quarter. The Texans were outplayed in every phase of the game, outcoached in game preparedness and temperament and were completely outclassed as an organization. In short, a complete, total and utter old fashioned butt-whippin’. Finally, it makes the Texans zero for the 21st century vs. the Patriots.

The Texans pitiful performance was on my mind when I read an interesting article from the University of Michigan Ross School of Business Working Paper Series by Sureyya Burcu Avci and H. Nejat Seyhun. The paper is entitled “Why Don’t General Counsels Stop Corporate Crime?” and, as stated in the abstract, the paper is designed to “analyze the potential reasons why corporate counsels keep silent in the face of potential wrongdoing in their own firms and propose policy recommendations to better protect shareholders’ interests”. What I found interesting was that the paper touched on many of the structural deficiencies raised by Donna Boehme and others in the prior model of corporate compliance which were found to be empirically demonstrated by Avci and Seyhun in their paper that General Counsels (GCs) are ill-suited to fulfill the gate-keeper role of which has now evolved to Chief Compliance Officers (CCOs).

The authors note that with the passage of Sarbanes-Oxley (SOX), corporate attorneys became designated as a “special gatekeeper” and “SOX imposed requirements on corporate attorneys to report any violation to the chief legal officer or chief executive officer and if the response from these officers is inadequate, then to the board of directors to stop any potential wrongdoing.” Yet, just as clearly with scandals as diverse as the General Motors (GM) ignition-switch scandal, to the financial industry’s LIBOR, FOREX and mortgage fraud scandals, to Volkswagen’s (VW) emissions-testing scandal to the options backdating scandals involving more than 100 companies; the authors note that what “all of these scandals have in common is the failure of the top in-house corporate attorney, or the corporate general counsel, in discovering the institutional dysfunction, fraud and cover-ups, and thus either prevent the corporation from sliding into fraud and criminal wrongdoing or simply report it before it got bigger.” I would also add to this list the recent scandal involving Wells Fargo and its fraudulent account-creating scandal.

The failures in the above scandals and others discussed in the paper make clear the different roles of a GC and legal function from the compliance function, even with the mandate from SOX that lawyers perform the gate-keeper function. The authors wrote, “Corporate attorneys perform multiple functions for their clients. The traditional role of an attorney is that of an advocate who is main duty is vigorous representation of the client. In addition to this function, corporate attorney performs as a transaction engineer, namely that of planning, designing and negotiation of particular transactions for their corporate clients.” The legal department has and always will exist to defend the company. It is asked to opine on whether a particular act is legal; in other words can we do it, not should we do it? The compliance function exists to prevent, detect and remediate, in other words fix problems.

In addition to this difference in focus of job roles within a corporation, there are other components which allow a CCO to carry out these functions, separate and apart from the role of a GC in the legal function. The first is that the CCO is empowered by charter or Board direction to carry out compliance duties. A CCO does not have to go through the GC, as the compliance function should be reporting directly to the Board or the Audit Committee of the Board. The CCO position is now a senior corporate level role, often in the C-Suite. In the corporate world titles and position matter and if your position is seen as being on the level of the corporate brass it will give you more weight to carry the day. If you are seen to be under the GC, in the corporate world you are under the GC.

This means that the compliance function is seen as collaborative with legal and not subordinate. Yet this takes work and agreement by both legal and compliance to carve out their respective roles so that toes are not stepped on or even worse in the corporate world, feelings are not bruised. It also entails both the CCO and the compliance function being involved in the company’s strategic planning meetings so that compliance can be proactive and not simply reactive. Of course this means involvement in risk management meetings, operational reviews and budget reviews, as that is where the corporation sets its priorities; yet these are precisely where compliance can bring not only its expertise to the table but also help to design the appropriate internal controls to bake compliance into the DNA and very fabric of the organization.

This is probably the biggest change in the structure of compliance. The CCO and compliance function should be able to see into the business functions directly, not through the eyes or even the lens of the legal department. Yet it also means compliance should work towards an understanding through the integration of compliance risk areas for review, with unfettered access to information. It also means the business functions need to report up to compliance through regular reporting channels. Finally, all of this, by necessity, requires the tearing down of silos so that compliance has visibility up and down the chain in this line of sight.

This is one of the key takeaways from the Avci and Seyhun paper, that the legal department simply does not have enough information or even line of sight into issues which become compliance failures. Whether those failures be a Chinese subsidiary creating fraudulent accounts to fund a pot of money to pay bribes, branch bank sales personnel opening and then immediately closing new accounts or some other type of corporate fraud; these issues rarely bubble up to a legal department and most certainly never do so until a law is broken. That is where compliance can step in to prevent, detect and remediate something before it becomes a multi million-dollar scandal.

The Oilers, er-sorry the Texans continue the fine Houston professional football tradition of still being losers. However, the compliance profession has grown and evolved. As corporate scandals continue to dominate the news cycle, companies are clearly being put on notice of the role of the CCO and compliance, not the GC and legal, as the appropriate gatekeeper in an organization.


This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at

© Thomas R. Fox, 2016



I love the picture. Some day I will treat you to me in a Texans shirt. But they need to win first. 


Tom: It was twelve years ago that Cleveland Clinic formed the Integrity Office, putting Corporate Compliance and Internal Audit under one umbrella, apart from the Law Department, and located in the c-suite. The benefits noted in your blog were achieved, and more. It sent a message to employees, patients and vendors that integrity is an important value. Don