Compliance and Behavioral Risk Management
Given their misbehavior over the last two decades on the one hand (cases of fraud, ethical misconduct, LIBOR fixing, selling overly complex products to clients, etc.) and their importance to our society on the other, legal limits had to be set on the way banks and the like operate. As demanded by various regulators following the 2008 financial crisis, financials firms (in particular those in the US) now typically deploy a reactive, legal, and numbers-oriented compliance and risk management approach to avoid misconduct
by employees (and by the company itself). This approach is based on the assumption that people and firms behave rationally
and that if you monitor them closely and punish them fiercely, they will obey and do the right things.
But in reality, work conduct is driven also by many cognitive biases
and professional contexts (the teams employees work in, the goals they are supposed to achieve, the leadership
, the type of organizational culture
and/or "ways we do things here"). Moreover, in a strict surveillance and punishment approach, managers and employees may feel a lack of trust and resort to things like manipulating the numbers, hiding problems and covering up bad events. Also, such culture is far from ideal to motivate knowledge workers
I just read an interesting article by behavioral experts Scholten, De Vries, and Besieux. They recommend to complement (not replace!) this traditional formal compliance and/or risk management system with a behavioral approach as being pioneered by several leading European institutions like NatWest, ING Group, ABN AMRO and more recently also by HSBC, Standard Chartered and Royal Bank of Canada.
What is Behavioral Risk Management? (BRM)
BRM is a complimentary, more pro-active, preventive and psychological approach to avoid misconduct
by employees (and the company they work in). It involves identifying behavioral drivers and addressing these drivers and employee behavior by making changes or using nudges
in processes or in organizational contexts. It is based on the assumption that people do not always act rationally.
Implementing BRM. Process
To implement BRM, companies typically take a 2-step approach:
1. IDENTIFY AND UNDERSTAND HOT SPOTS: Identify the A. Processes and B. Units in the organization were misconduct is likely to occur and could have severe consequences. This is done though various scans, surveys, reviews, interviews, etc.
2. FIND SOLUTIONS: Address the problems revealed though step 1 by
- Identifying specific nudges in special collaborative workshops ("Nudge Labs")
- Conducting interactive workshops for senior leaders aimed at creating a shared and full understanding of behavioral risks and managing them as well as design solutions ("System-in-the-Room Sessions").
In my opinion, behavioral risk management is a sensible and smart approach to further reduce unethical or unwanted employee behavior and organizational practices in financial institutions. What I really find good about it, is its focus on involving professionals to improve their own work. They will like working for such a company and that is important when so many companies are attempting to make their Employee Value Proposition more human
. It also fits well in how we should manage our knowledge worker teams
in the 21st century. So I recommend both regulators and corporate boards to welcome it.
⇨ What do you think about BRM?
Do you consider it a useful compliment to a legal/control approach in compliance? Any experiences to share?
Source: Scholten W., De Vries F., and Besieux T., "A Better Approach to Avoiding Misconduct: Use Nudges to Complement Traditional Methods to Risk Management", HBR May-Jun 2022, pp. 104-111