August 2, 2018 / 4:55 PM / a year ago

A Copernican Revolution in culture and conduct risk management

LONDON/NEWYORK (Thomson Reuters Regulatory Intelligence) - Despite punitive regulatory fines levied against banks over the last decade, which are estimated to exceed $320bn, conduct-driven scandals continue to plague the industry. Regulators are under pressure to address persistent and seemingly systemic failures of conduct risk management even as banks struggle to contend with increased regulatory burdens, reporting requirements, capital charges to underwrite operational risk, and mushrooming governance, risk and compliance (GRC) costs. These overheads are now said to make up some 20 percent{here} of day-to-day operational cost base at most financial services firms.

A worker arrives at his office in the Canary Wharf business district in London February 26, 2014.

Businesses and regulators alike are eager to identify more cost-efficient and effective means by which to manage — and supervise — conduct risk. Organisational culture is at the centre of their current focus.


Firm culture is defined{here} by the UK Financial Conduct Authority (FCA) as the "habitual behaviours and mindsets that characterise a particular organisation." When not aligned with firm values, these behavioural norms and mindsets are seen to constitute invisible and systemic risks to the organisation.

The Dutch National Bank (DNB) is very influential among regulators globally in its approach to assessing culture. The DNB uses an iceberg metaphor to describe three levels at which culture operates: first, above the waterline is observable behaviour; second, just below the surface, are group relational dynamics and behavioural patterns, which can be directly assessed; and lastly, in the murkier depths is firm “mindset”, which is assessable only indirectly.

Culture must be made visible if it is to be made manageable. Too often, that happens only in the wake of some conduct-related scandal. What is needed is proactive management.

To date, responsibility for achieving such has been left to HR and addressed through surveys and ethics training initiatives that seek to identify employee beliefs concerning how they are likely to act in artificially construed scenarios, with results discussed at employee “town-hall meetings.” While perhaps helpful, such efforts have proven woefully insufficient.


Successfully addressing culture and conduct risk will require a “Copernican Revolution” in thinking, overturning three biases that mark the current (failed) approaches:

1) Management science remains hidebound to the tradition of classical economics, viewing people as “rational actors.” We see this bias in an emphasis on formal incentive schemes and punitive systems. As rational actors, it is expected that employees will seek to “maximise utility,” as the economist phrases it: to solve for more carrots and fewer sticks.

2) Management science is atomistic, with individual psychology as the basic unit of analysis. We see this in psychological and personality assessment tests, de rigueur in pre-employment screening, in individual performance reviews, and in “360-degree” surveys that ask, “what do you think of me” rather than “what do I or we think of us or them.”

3) Since Frederick Winslow Taylor, management science has been enthralled by a metaphor that views the organisation as a clock-works, and employees as cogs in the machine. We hear this “mechanistic” bias in risk governance where emphasis is placed on systems, processes, and external factors that stress organisational apparatus.

These approaches rely on rational actors, behaving independently, and managed mechanistically.

Such a management theory may have been sufficient in the industrial era, but it is inadequate where knowledge workers strive for “agile” operations in matrixed organisations at global scale. As Max Planck famously quipped, “when you change the way you look at things, the things you look at change.” In today’s economy, management science must work from new bedrock assumptions.

1) First, the rational actor model must yield to the behavioural scientists. Countless studies{here} show that we are not rational, or at least not consistently so. Rather, we are "predictably irrational". We act on the basis of a host of unconscious influences.

Believing ourselves to act through deliberation, our brains instead run on a dual-speed system that has us "thinking fast" more often than "thinking slow." Our choices and actions reflect habitual underlying heuristics — or contextually bound decision-making short-cuts{here}.

2) Next, Sigmund Freud must make way for Kevin Bacon. The infamous game shows that no actor in Hollywood is more than "six degrees of separation" from Kevin Bacon. The game derives from numerous studies{here} into the "small worlds" of social networks — worlds wherein local rules yield global outcomes. In the language of network theory{here}, the "topology of the graph" determines many properties of the group.

Consider the metaphor of carbon atoms. Each is identical to the next but, grouped together, different groupings have different properties. Assembled one way, the atoms form graphite — dark and soft. Assembled differently, those very same atoms form diamond, clear and hard. Group structure is deterministic. In a similar sense, the standard “psychological” approach to studying employee conduct tendencies should be complemented, if not supplanted, by a more “sociological approach” that starts with the group as the basic unit of analysis.

3) Lastly, Taylor’s mechanistic world view must make way for complexity theory. It’s not just the structure of the group that matters, but also the complex dynamics such structures promote.

Like schools of fish, ant colonies, and flocks of birds, all human organisations are complex adaptive systems with "emergent" properties not to be found in individual group members. You won't find the avalanche in a single snowflake, or consciousness in a single neuron for instance. But when enough of them interact, systemic changes occur: both avalanche and consciousness alike are emergent outcomes{here} of underlying system dynamics.

Viewed in light of the foregoing, culture should be considered as an emergent property of group dynamics, occurring within social network structures, in ways that presumptions of rationality fail to contemplate. Behavioural norms and mindsets shape individual choice and action in an endless feedback loop: group norms dictate acceptable behaviour and witnessed behaviour dictates norms of group acceptance. Employees will do what they witness routinely{here}: "what is common is moral."


A scalable and automated means by which to draw upon behavioural science, network analysis and complexity theory is needed for improved culture and conduct risk governance. In recent years, a vibrant entrepreneurial ecosystem has emerged that takes aim at precisely this demand for new regulatory technologies, or “RegTech.”

Capitalising on machine learning algorithms that distill patterns from data, these firms produce actionable insights by sifting through massive data sets: some gathered by company systems used for audit, accounting, internal policy and external regulatory compliance purposes; and also the multitude of “digital artifacts” produced by employees in the course of their daily routines.

At Starling, for instance, we are able to discern signal within electronic communications metadata — that is, the non-textual elements of email, texts, calendar invites, etc — and to identify “digital fingerprints” that correlate, with predictive reliability, to specific behaviours of management focus. This allows us to spot and to forecast such behaviour.

Moreover, we are able to project how specific behaviours are likely to spread through a firm. Research demonstrates that behaviour is contagious{here}. People take their behavioural cues from their peers — and particularly, from those most deeply trusted. By mapping and tapping organisational "trust networks," Starling can track and forecast the spread of a behaviour among employees, much like the way that epidemiological models track and project the spread of a pathogen through a population.

This early warning system positions leaders to intervene, proactively, both to encourage desirable cultural and behavioural norms and to anticipate and curb the spread of those inconsistent with a firm’s mission or values. By bringing quantitative metrics to the qualitative challenge of human behaviour, RegTech firms are helping banks – and their supervisors – to assess culture and conduct risk meaningfully, and to avoid unnecessary costs to shareholders, customers, and employees.

(Stephen Scott is the founder and CEO of Starling, an applied behavioral science technology company. Martin Wheatley was the inaugural CEO of the U.K. Financial Conduct Authority. Previously, he served as CEO of the Hong Kong Securities and Futures Commission and spent 18 years with the London Stock Exchange, six serving on its Board. He serves on the Regulatory Advisory Board of Starling. Mirea Raaijmakers, PhD, is responsible for culture and conduct risk assessment for ING. Prior to this, she led efforts to bring behavioral science to the supervision of culture and conduct at financial institutions at the Dutch National Bank. She serves on Starling’s Regulatory Advisory Board. Nicholas A. Christakis, MD, PhD, MPH, directs the Human Nature Lab at Yale University co-directs the Yale Institute for Network Science. With James H. Fowler he authored, “Connected: The Surprising Power of Our Social Networks and How They Shape Our Lives.” He serves on the Academic Advisory Board of Starling. Scott, Wheatley and Raaijmakers were speakers at an April 9 Thomson Reuters forum in New York, co-hosted by Starling, on culture and behavioral science in the banking industry. The views expressed are their own.)

This article was produced by Thomson Reuters Regulatory Intelligence and initially posted on July 31. Regulatory Intelligence provides a single source for regulatory news, analysis, rules and developments, with global coverage of more than 400 regulators and exchanges. Follow Regulatory Intelligence compliance news on Twitter: @thomsonreuters

0 : 0
  • narrow-browser-and-phone
  • medium-browser-and-portrait-tablet
  • landscape-tablet
  • medium-wide-browser
  • wide-browser-and-larger
  • medium-browser-and-landscape-tablet
  • medium-wide-browser-and-larger
  • above-phone
  • portrait-tablet-and-above
  • above-portrait-tablet
  • landscape-tablet-and-above
  • landscape-tablet-and-medium-wide-browser
  • portrait-tablet-and-below
  • landscape-tablet-and-below