New Law School Fields of Study: Compliance and Risk Management

Geoffrey Miller, The Law of Governance, Risk Management, and Compliance (Wolters Kluwer Law & Business (Aspen Casebook Series) 2014).

I would not normally think of a casebook as appropriate for JOTWELL. It is the particular fit between a teacher’s ambitions and the material in the casebook that makes a teacher like the casebook, perhaps even a lot. A good casebook is a shell that the teacher and students can inhabit and learn to carry. It is not a well-formed argument of general applicability, such as would be found in the work that JOTWELL generally applauds.

Yet, in JOTWELL, I commend to your attention Geoffrey Miller’s The Law of Governance, Risk Management, and Compliance. This casebook is a convincing argument that compliance and risk management are fields of study appropriate for legal education. It expands the law school field of corporate governance from its current restricted view, discussing shareholders and boards, to one that encompasses all the actors within and without corporations who have an impact on compliance.

In corporations today, lawyers are in conflict with themselves and others about whether the management of compliance activities is a lawyerly activity. Is teaching and inspecting compliance with the law a job for lawyers? Some lawyers answer “no;” some legal departments are happy to forsake such policing functions, preferring consultative activities. Others believe that the organizational knowledge required for managing compliance goes beyond normal legal skills. And, yet others take a dim view of lawyers as organizational problem-solvers or compliance motivators.

Lawyers are even more leery of getting involved in risk management activities. Despite its increasing prominence as a regulatory device, risk management is associated with metrics and math-phobic lawyers run from it. More sophisticated lawyers worry about the residual risk of non-compliance associated with whatever risk level is chosen. And all have to compete with the accounting consultancies that have made risk management a strategic arena for their growth.

Geoffrey Miller has produced a casebook for those of us who want to prepare our students to be able to practice compliance or operate in the corporate environment of risk management. In a shrinking lawyer marketplace, that is sufficient justification for this book. There are good jobs to be had for those prepared to understand organizational behavior and sources of non-compliance risk. From a law school perspective, Miller’s casebook invents a field. From the corporate job market perspective, it grounds students who can fulfill a present need.

Courses on Business Associations teach corporate governance as an issue of shareholder and board control. Board committees and the duties of a general counsel might get brief mention. But, executives, CFO’s, internal audit, HR, compliance or even non-SEC regulators are not mentioned. Miller’s book sets out a fuller picture of how corporations are governed. And then applies this picture to a series of case studies. Cases concerning information security, regulated products, FCPA, money laundering, sexual harassment, and social responsibility are analyzed. Finally, the book turns to risk assessment, mitigation and transfer.

Miller makes the current self-understanding (ideology) of corporate behavior a subject for study in law school. This book prepares students to work for corporations, not just law firms. But it also is good preparation for those students who obtain law firm jobs, for law firms, after all, give the best service when they understand their clients’ self-understandings. I commend this casebook to you.