Will I Come Home From School Alive? A Compliance Response to Uvalde

When it comes to suffering, one cannot help but think of Holocaust survivor Elie Wiesel who intoned, “Action is the only remedy to indifference: the most insidious danger of all.”

Last week saw one of the worst massacres ever of a schoolhouse. Twenty-one dead, including 19 children under the age of 10, killed at Robb Elementary School in Uvalde. Now every schoolchild in Texas will have to ask, “Mom, will I come home from school alive today?” Every child whose parent is a schoolteacher will have to ask, “Mom, will you come home alive today?”

In all my years of primary and secondary school I never had to say these things, let alone even think them. Uvalde is 60 miles from my hometown of Kerrville. It is the county seat of the next county over from Kerr County. My parents were educators; my mother taught elementary school for 30 years, and my father was a professor for 25 years. So, this one hit very, very close to home.

What can I do as a compliance professional? What can we do as a profession? We can take a stand. Golden State Warriors head coach Steve Kerr took a stand at the beginning of a press conference the day of the shooting when he said, “In the last 10 days, we’ve had elderly Black people killed in a supermarket in Buffalo, we’ve had Asian churchgoers killed in Southern California, now we have children murdered at school. When are we going to do something? I’m tired. I’m so tired of getting up here and offering condolences to the devastated families that are out there … I’m tired of the moments of silence. Enough.”

As compliance professionals, we can stand up and say what our profession and our companies stand for. Whether you call it corporate social responsibility, ESG or just plain decency, you and your company can say and do something. Tim Erblich, writing on LinkedIn, said “embody the values of your organization.” He suggested you can be visible, focus on employees’ mental health, review your political spending, match your employees’ charitable donations to help those suffering in Uvalde and support your community. 

Matt Kelly, writing in Radical Compliance, went in a different direction by identifying the well-documented compliance failures of information and communication. Reports indicate that armed police officers were inside the school building but rather than storm the classroom and kill the assailant, they waited in the hallways for more than an hour. 

Why? At this point we do not know, but the police have said (amid shifting statements, timelines and facts) that they believed the shooter had barricaded himself in a classroom and the students were dead. Of course, we know that students were very much alive inside the classroom because they were “calling 911 and begging for police to storm the room,” when officers were outside in the hallway. In other words, the information was present, but we do not know why the police did not act upon it. There, of course, is another possibility and that is that the information made it to 911 but for some reason was not relayed to a police commander at the school. If this is correct there was, as Kelly wrote, “a horrific failure of information and communication.”

Kelly went on to say that the “COSO internal control framework even has a principle dedicated to this exact issue: Principle 14: The organization internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of internal control. This “Principle 14 drives at a critical point: organizations need to relay information to the appropriate decision-makers as quickly as possible. For high risks (and for police, there is no higher risk than an active shooter) that information needs to be relayed immediately,” Kelly wrote.

The final area for compliance professionals to consider is lines of authority and leadership in a crisis. According to the Houston Chronicle, “Uvalde police officers, Texas state troopers and members of the U.S. Border Patrol’s elite BORTAC squad all responded to the massacre at Robb Elementary a week ago. All were apparently brought to a standstill under the command of Uvalde CISD Police Chief Pete Arredondo, who officials say believed the shooter was no longer a risk to people in the school.”

Why was the person with the smallest force, least experience and least training for such situations in charge of a massacre site where 21 people were gunned down? Because in Texas, the highest-ranking officer who has jurisdiction over the site gets command. Since the shooting occurred on Uvalde School District property, “Arredondo — the top officer at the school’s small police department — would have been in charge of coordinating the response, handling communications and making decisions about how to stop the shooter,” the Chronicle reported. Obviously the lack of preparedness of Arredondo contributed to the tragedy. 

The bottom line is that people in charge need to be prepared for true emergencies. Frankly, there cannot be more of an emergency than a mass shooting. Leaders have to be prepared to put themselves and their personnel on the line to protect children and (hopefully) save lives. Sadly, that did not happen in Uvalde. I cannot imagine a compliance professional would ever be put in a such a life-or-death situation, but the lessons from Uvalde can serve as an important reminder for all compliance professionals that very bad things can happen in the corporate world. Be prepared.