In this month’s Five Questions With… spotlight, we catch up with Lu Reyes, who worked in the Administration for all eight years of the Bush presidency, including senior roles at the U.S. Department of Justice and on the White House Senior Staff, where in the Office of Presidential Personnel he advised President George W. Bush on legal, national security, international affairs, and human capital policy related to presidential appointments across the Administration. Drawing on experiences that ranged from complex tobacco litigation and civil rights anti‑trafficking cases to oversight of major DOJ divisions, Lu developed a deep appreciation for how governance structures evolve and how leadership adapts in times of change. Today, as a partner at Troutman Pepper Locke in Austin, he brings those lessons to bear in advising CEOs, CLOs, and boards navigating high‑stakes organizational challenges. In our conversation, he offers advice to young people seeking careers in the law or public service, along with his take on the evolving governance of college athletics in the changing world of NIL and revenue sharing, underscoring how leadership principles apply across industries facing disruption.
Q: You’ve advised a President, an Attorney General, and CEOs. What’s the common thread in guiding leaders at the highest levels?
In my experience, leaders at the highest levels are almost always operating under tight time constraints, with incomplete information and real consequences attached to every available option. As a (hopefully) trusted legal advisor, my goal is to bring legal analysis, but also clarity and perspective. It’s often important to go beyond explaining what is legally permissible and helping the leader think through what is most strategic and what the downstream effects of a decision may be. At that level, it is crucial to establish or soon develop a foundational relationship built on mutual respect and trust. The best leaders value candid counsel, even when it is not necessarily what they want to hear.
Great leaders also understand that progress is rarely linear. Sometimes the smartest move is taking a step backward in order to move two steps forward over time. They recognize that swinging for home runs every time leads to unnecessary risk and too many strikeouts. Ultimately, whether advising a President, a CEO, or a Chief Legal Officer, I have found that leaders respect advisors who truly understand the situation and who deliver honest, grounded advice calmly when the stakes are high. That kind of counsel empowers decision‑makers to act with clarity and conviction — a quality President Bush exemplified time and again.
Q: During your time at DOJ and later as Deputy Assistant to President Bush in Presidential Personnel, what leadership lesson or favorite moment stands out most to you?
Everyone, of course, remembers President Bush’s extraordinary leadership in the aftermath of September 11. He demonstrated clarity and resolve on the night of the attacks, addressing the nation with steadiness and purpose. He rejected calls for panic and set a tone of unity and resolve, most memorably when he spoke to first responders from the rubble at Ground Zero. And of course, there was the moment when he threw out the first pitch before Game Three of the 2001 World Series at Yankee Stadium — an unforgettable symbol of national resilience.
Beyond those public moments, one of the most important lessons I took from serving on his senior staff is that leadership often looks quiet from the outside. Some of the most consequential moments were not public at all; they occurred in small rooms, during difficult conversations, without perfect answers. One of the most remarkable — and still underappreciated — examples of this was President Bush’s leadership in launching and sustaining PEPFAR, the President’s Emergency Plan for AIDS Relief. Despite skepticism at the time, he committed $15 billion to combat HIV/AIDS in Africa. Through his leadership and perseverance, the program effectively stopped mother-to-child transmission in the continent of Africa and ultimately saved more than 20 million lives. This a jaw droppingly historic achievement, accomplished with relatively little fanfare. Even today, many people are not fully aware of its impact. But for President Bush, it was never about recognition. He led with moral clarity, conviction, and a willingness to absorb political costs—hallmarks of truly great leadership. In this case, the result was perhaps the most successful humanitarian programs in all of history.
I was working at the U.S. Department of Justice on the morning of September 11, 2001. President Bush’s model of effective leadership was evident in Attorney General John Ashcroft’s response to the attacks. Within hours, Attorney General Ashcroft helped redefine the mission of the Department of Justice by placing the protection of American lives and liberties at the forefront. Internally, his leadership during those first critical weeks was marked by decisiveness and urgency. He convened senior DOJ leaders, subject-matter experts, and federal law-enforcement officials to develop legal frameworks and legislative proposals to detect, disrupt, and deter future terrorist threats. His guidance was clear: “Think outside the box, but never outside the Constitution.” In testimony before Congress just weeks after 9/11, Ashcroft personally articulated the Department’s rationale for modernizing counterterrorism authorities to meet emerging threats. His leadership — both internally and publicly — reflected a clear understanding of the gravity of the moment and an unyielding commitment to national security. His efforts reflected an acute understanding of the gravity of the moment and a willingness to work relentlessly to ensure that America was never attacked again. To me, following President Bush’s lead, Ashcroft’s leadership in the initial aftermath of 9/11— his swift coordination of DOJ expertise, his clarity of purpose, and his resolve in working with the White House and Congress — reflected exceptional stewardship during one of the most consequential crises in American history.
Q: In your current practice, you advise boards and executives facing complex regulatory challenges. What’s the biggest shift you’ve seen in corporate governance over the past decade?
Over the past 10, 15 years, corporate governance —particularly for companies operating in highly regulated or enforcement-sensitive environments — has undergone a significant shift. What was once a largely procedural approach to compliance has evolved into an evidence-based governance model that emphasizes effectiveness, accountability, and continuous risk management, as opposed to episodic. Boards today devote more attention to compliance and risk not because of abstract fiduciary concerns, but because regulatory, operational, and reputational risks now directly affect enterprise value. Compliance and risk management have become strategic governance functions. In this environment, effective governance is no longer defined by the presence of policies, but by the ability to demonstrate—clearly and credibly—that risk is understood, managed, and continuously monitored. This transition reflects not a change in philosophy, but a response to a dramatically altered risk landscape.
Historically, corporate compliance and risk oversight focused on the existence of formal programs. Boards took comfort in policies, annual training, hotline mechanisms, and periodic reporting from management. Compliance updates were often housed within audit committee agendas and framed in retrospective terms. Risk oversight concentrated primarily on financial controls and litigation exposure after issues materialized.
This model rested on several assumptions: that regulatory risk was episodic, that misconduct was typically isolated rather than systemic, and that having a compliance program was largely sufficient to demonstrate good governance. “Tone at the top” was referenced as an aspirational leadership concept but rarely evaluated through measurable outcomes.
The check-the-box approach proved inadequate as corporate risk became continuous, interconnected, and operationally embedded. Cybersecurity, data privacy, sanctions, antitrust, third-party relationships, and supply-chain dependencies introduced real-time risk that could no longer be addressed through static programs or periodic reporting. The price to pay was too high.
At the same time, regulators and enforcement authorities changed how they assess corporate governance. The central question shifted from whether a company had a compliance program to whether that program was effective in practice. Enforcement authorities increasingly evaluate how risks are identified and escalated, whether compliance functions are empowered and independent, how leadership responds to misconduct, and whether remediation is timely and verifiable.
High-profile enforcement matters further demonstrated that many failures reflected governance breakdowns rather than isolated wrongdoing. In numerous cases, boards were informed, but not meaningfully engaged, incentives rewarded risky behavior, and issues persisted without escalation. Meanwhile, the costs for non-compliance were skyrocketing. This led to the conclusion that formal programs alone did not equate to effective oversight.
Today’s governance model demands proof of performance. Boards increasingly expect data-driven insights, risk dashboards, compliance testing results, investigation and remediation metrics, and third-party risk assessments. Verbal assurances have given way to documented evidence that controls are functioning and that problems are surfaced early.
“Tone at the top” has likewise evolved into an operational standard. It is assessed through leadership behavior, consistency of discipline, responsiveness to bad news, protection against retaliation, and the authority of compliance and risk leaders. Culture is no longer measured by intent, but by outcomes.
This shift has sharpened the division of responsibility between boards and management. Boards are responsible for setting expectations, ensuring independence and resources, asking probing questions, and holding management accountable through documented oversight. Executives are responsible for operating integrated compliance and risk systems, embedding controls into business processes, escalating issues early, and providing credible, evidence-based reporting.
Q: Looking back at your career — from Texas to Washington and back to Texas and private practice in Austin — what advice would you give to young people who aspire to careers in law, public service, or leadership?
Do the work. Stay curious. Be patient. Don’t rush toward titles or shortcuts. The experiences that matter most are the ones that teach you how decisions actually get made and how people behave under pressure. Seek out those experiences! Identify great leaders and find a way to work for them. Public service, in particular, provides perspective that’s hard to replicate elsewhere. Remember that no matter where your career takes you, reputation matters — be someone people trust when things are difficult, not just when they’re going well. Most importantly I would pass on something that I learned directly from President Bush – whatever it is you do, whether it’s go to Washington or work at a company, know why you are there. It should not be for the title or for the prestige. It should be for the right reasons. As President Bush used to say, “it should be about being a part of something greater than yourself.” As you rise through the ranks, do not lose sight of that. If you can do that, you will go far, not to mention sleep well at night.
Q: In the Bush Administration, you were involved with investigations ranging from Civil Division complex tobacco litigation to civil rights, anti-human trafficking issues, to criminal international fraud. Since the Bush Administration, you have been assisting large organizations in dealing with “bet the company” situations. How did the experiences in the Bush Administration and those thereafter shape your approach to crisis management today?
First, let me preface this by saying that while at the White House, I had the invaluable experience of watching and learning from the very best at the craft of crisis management. Crisis Management is often more art than science. Crises rarely arrive neatly packaged. Facts evolve, narratives harden, and early decisions can shape outcomes for years. Based a lot on what I learned from my time at the White House and since, my approach today focuses on first getting ahead of the crisis if possible. Is there a crisis management plan? Has the company tested it recently through a tabletop exercise or other method? The last thing you want is a crisis to hit and there to be no general plan with clear responsibilities and sequencing. Next, once a crisis does occur, I focus on reviewing the situation to ensure that “the plan” is applicable and ensuring that all moves are well considered and strategic, not from the cuff. There can be a lot of read and react. Experience allows you to advise the client appropriately in real time — slowing things down when necessary, being thoughtful about documentation and tone, and preserving credibility. My time in the Bush Administration taught me that crisis management isn’t only about solving the immediate problem; it’s about making strategy decisions that limit exposure and still make sense when viewed in hindsight.
BONUS Q: What is your take on how the new landscape in college athletics —dominated by NIL and revenue sharing — should be governed?
We are watching closely. My perspective is that the NIL and revenue-sharing era has fundamentally shifted college athletics from a rules-based amateurism model to a regulated economic ecosystem. The problem is that governance in this new landscape is still in an ad hoc enforcement state. It needs to move toward a centralized, transparent, and legally durable framework that provides consistency across conferences and states. Universities need clear standards around permissible compensation, fair-market-value determinations, reporting obligations, and third-party involvement—administered by an independent body with credibility, due process protections, and real compliance expertise. Fragmented governance, driven by conflicting state laws, informal collectives, and reactive litigation, creates unacceptable legal and operational risk for institutions that are trying to do this responsibly.
At the same time, governance must recognize the reality that universities are educational institutions first, not professional sports franchises. Any sustainable model should preserve institutional autonomy over academic integrity, Title IX compliance, and long-term financial viability, while still providing athletes with fair, transparent opportunities to share in the value they help create. That means governance structures that emphasize uniformity, predictability, and risk mitigation, rather than constant rulemaking by court order. The institutions that will navigate this era successfully are those operating within a stable regulatory framework — one that aligns NIL, revenue sharing, and institutional accountability in a way that is legally defensible, operationally workable, and fair to all stakeholders.
