Google Promises Compliance Overhaul

By Matt Kelly | June 3, 2025

Google has agreed to spend $500 million over the next decade to overhaul its compliance operations, including a new board-level committee dedicated to regulatory compliance and multiple new compliance teams embedded across the 184,000-person enterprise.

Google made that sweeping promise to settle a lawsuit from unhappy shareholders, who had sued the company for its numerous alleged antitrust violations over the years. The two sides reached a proposed settlement on Friday, although the federal district court judge presiding over the case still needs to give the deal her final blessing. 

The lawsuit was filed by a Michigan pension fund in 2021, which basically said that because Google and its board had exercised poor oversight of antitrust issues, the company lurched into widespread anti-competitive behaviors and ensuing regulatory probes, which have ended up costing Google a fortune. 

Those investors have a point; Google has endured one migraine after another on the antitrust front. In 2023, a federal jury found that Google had abused its control over the Android app store to charge excessive fees in its Android app store. In 2024, the Justice Department won a case against Google over monopolizing search results. Just this April, the department won another case over Google monopolizing the digital advertising market. You get the picture. 

Now we have this settlement to placate the unhappy investors, where Google will spend oodles of money and overhaul its internal compliance operations for years to come. 

“Over the years, we have devoted substantial resources to building robust compliance processes,” a Google spokesperson said, in one of those bland statements that companies always issue to preserve whatever dignity they have left in the face of defeat. “To avoid protracted litigation we’re happy to make these commitments.”

Whatever you need to tell yourself, Google. Anyway, let’s look at the details discussed in the proposed settlement.

A Board Compliance Committee

Most notably, Google’s board will establish a dedicated risk and compliance committee to oversee all regulatory issues. Previously Google’s audit and compliance committee handled those issues plus all the usual audit and financial matters — which, for a company of Google’s size and complexity, is simply too much.

We don’t yet know how this committee will be constituted. Google has a board of 10 directors, seven of them outsiders; and those 10 directors serve on a total of four committees. But really, the seven outsiders belong to the three standard board committees (audit, compensation, and nominating and governance), while the three insiders (co-founders Larry Page and Sergey Brin, plus CEO Sundar Pichai) serve on an “executive committee.” See Figure 1, below.

 

Source: Google proxy statement. Click to enlarge.

 

I’m not sure how that current group of seven outsiders could also be assigned to a new compliance committee without the overlap being so extensive as to make the committee’s independence meaningless; and we should note that two of the seven have been on Google’s board for 25 years. So one immediate question is whether Google will expand its board with new directors.

And — let’s dream big here, people — might Google recruit a chief compliance officer to fill a new board seat? 

I mean, why not? The oversight issues here were all about regulatory compliance. Somebody like Scott Schools, OpenAI’s chief compliance officer and a former big wig at the Justice Department in the 2010s, could do it. 

New Compliance Teams

The settlement also says Google will establish new risk and compliance management teams throughout the business. 

First is a new in-house committee to be known as the Trust and Compliance Council, consisting of assorted senior vice presidents who report directly to the CEO. The “TCC” will meet at least quarterly, and its purpose is to assist the board compliance committee by “providing a forum to discuss specific high-impact trust and compliance initiatives, to provide recommendations as needed related to prioritization risks and associated resource allocations, and to discuss areas of risk identified as high or critical.”

To support that senior VP-level compliance committee, Google will also establish a second in-house compliance committee of lower-level executives, who will meet more often to monitor compliance program efforts more closely. 

This second committee will be called the “Trust & Compliance Steering Committee.” The settlement says the steering committee will support the senior VP committee by “providing a forum for cross-functional alignment on significant compliance initiatives and by providing direction on recommendations and escalations” to the senior VP committee. 

We don’t know exactly how large either committee will be, but the settlement says the second, lower-level committee will consist of managers from each of Google’s many product teams as well as internal compliance experts. The committee is supposed to meet at least six times a year. (The senior VP committee must meet at least quarterly.)

Aside from committees, the settlement promises “a complete overhaul” of Google’s policies and processes for risk assessments, compliance program management, third-party oversight, and all the other usual headaches compliance officers know and love. That overhaul includes… 

  • Placing compliance specialists across business units and relevant product areas;
  • Integrating compliance with product and business teams, “including in the form of support by engineers, product managers, and other staff in the [product areas for relevant compliance enhancement projects.”
  • Maintaining an enterprise risk framework and key risk indicators, and establishing and maintaining relevant controls, monitoring, and training.
  • Maintaining charters and managing meetings for compliance governance forums, including the two in-house committees mentioned above; and maintaining top-level performance metrics for the Compliance Function.

The compliance program reforms also promise that Google will improve its records-retention efforts, since “each court that has tried antitrust actions against Google criticized Google for its poor document retention practice,” as the settlement notes. That includes Google executives using ephemeral messaging apps over the years so that important communications quietly disappeared, a practice that led the court to sanction Google in the 2023 lawsuit over fees charged in the Android app store.

Don’t Forget the Money

To implement all these reforms, Google has promised to spend $500 million over the next 10 years. That’s an impressive sum in absolute dollar terms, although we should keep in mind that Google earned $350 billion in revenue in 2024 and has had a compound annual growth rate of 13.9 percent over the last five years. In that context, spending an average of $50 million per year for the next decade isn’t a huge sum in relative amounts. 

I’m also not clear on how companies arrive at specific dollar amounts for long-term compliance commitments like this. For example, if Google had promised only $250 million instead of $500 million, would its antitrust risks therefore remain twice as large as they will be under this plan? (Boeing is another one, promising $455 million in compliance program improvements over the next three years in exchange for avoiding criminal charges for its Max 737 plane crashes.) 

If any readers have insights on how these calculations work, I’d love to hear your thoughts; email me at [email protected]

And to make sure all these reforms stick, the settlement says they are to remain in force for at least four years. What happens after that isn’t clear, but Google isn’t wrong to insist on flexibility for its compliance program over the long term since its business and compliance risks will keep evolving. Here’s hoping a strong compliance program evolves along with them. 

Posted in News and tagged ,