This year I began teaching a corporate compliance class to law students at the University of Houston Law Center (UHLC). For four years, I have taught Criminal Procedure at UHLC, guiding students through criminal cases from the investigation process to adjudication, but this new compliance class was different. It focused not on preparing students for a subject on the bar exam, but instead on providing them with skills necessary to get a job.
It’s no secret that the current job market is tough for law students (see recent articles in The National Law Journal here and here). In March 2013, Adam Cohen penned a piece for Time entitled, “Just How Bad Off Are Law Graduates?” that noted the job market for U.S. law graduates may either improve as the economy picks up or may never return, because globalization and technology have lowered barriers to entry for foreign lawyers and created software to perform tasks previously preformed by young lawyers.
One bright spot in the legal job market has been compliance. Post-Dodd-Frank, companies in industries ranging from financial services to technology are hiring lawyers and compliance professionals to address emerging compliance risks and install programs that are defensible to regulators in the event of a compliance failure. Corporate compliance has become big business for law, accounting, and consulting firms as these outside advisors scramble to help in-house counsel build compliance programs for their companies.
Most U.S. law schools have been slow to respond in adding courses to meet this demand. Jay Martin (chief compliance officer at Baker Hughes) and I came up with the compliance class after we held a successful symposium on the topic at UHLC in 2012. Our goal was to organize a course that focused on systems and processes over a particular subject matter. We organized the class around basic building blocks for a compliance program:
- Leadership
- Standards and controls
- Risk assessment (and forecasting)
- Communication
- Training
- Monitoring and response
We drew these from the U.S. Sentencing Guidelines, settlement agreements between companies and the U.S. Justice Department (so called deferred and non-prosecution agreements), guidance from the OECD, the recent DOJ/SEC FCPA Guidance, and the U.K. Ministry of Justice’s Adequate Procedures Guidance. We also drew on material risk-based programs (what we called the Moneyball approach to compliance) that I put together with Daniel Trujillo (an innovative chief compliance officer who now works at Walmart).
The first thing we did was agree that the course would not emphasize any particular compliance subject matter. It could not be a Foreign Corrupt Practices Act class or a class focused on trade controls. It had to focus on processes that were applicable to any compliance risk and use subject matter (such as the FCPA) to apply the processes. The course focused on teaching students how to design a program by mapping the risk areas to these key elements. For some companies the risk areas may be international, for others they may be purely domestic. The approach to assessing and mitigating compliance risk (or the risk-based approach) was designed to Bayesian—examining probabilities for different types compliance events based on known historical data and the potential for compliance failures, and the risk of a specific compliance failure for a particular compliance risk. The main course book was Nate Silver’s The Signal and The Noise. Students were able to hear from different in-house lawyers who came in as guest speakers to discuss their compliance program and challenges.
Class discussion included not only the subject matters that are most often associated with compliance, such as the FCPA and internal investigations, but such topics as whether compliance officers should be lawyers, whether compliance advice was privileged (and when), how to build a compliance program into a business, and how to make online training effective. The students tested our views on how to make a compliance program effective and the best internal communication methods. Although the course was only offered as a test class by the law school, next year it will be a full semester, three-hour course, with a number of class sessions devoted to making predictions about future compliance failures. If not for the forward thinking of Richard Alderman (current interim dean of the UHLC, who agreed to try out the course ) and now Lonny Hoffman (the associate dean who agreed to make it a three-hour course), the class would not have worked.
The approximately 70 students who took the course were a mixture of practicing lawyers and law students who were interested in compliance. These students learned that being a compliance lawyer means more than recycling policies and conducting audits—it involves understanding systems and processes to address compliance risk, and designing a program to forecast whether to allocate resources based on potential future failures.
Criminal procedure will always be my first love. But preparing law students for the job market is the duty of every U.S. law school. By training future lawyers to understand and address compliance, UHLC is leading the way.
Ryan McConnell is a partner at Morgan Lewis in Houston and former federal prosecutor. He teaches criminal procedure and corporate compliance at the University of Houston Law Center and is preparing a book on corporate compliance. If you have ideas about material for their compliance book (or would like to appear as a guest speaker in class), email him at [email protected].