March 2019

Culture & Conduct Risk in the Banking Sector

Why it matters and what regulators are doing to address it


  • PREAMBLE - Greg Medcraft, OECD Director for Financial & Enterprise Affairs
  • OUR VIEW: CULTURE AS CONTAGION - Nicholas Christakis, Yale
  • OUR VIEW: TRUST MATTERS - Karen Cook, Stanford


To better assure that we captured the most important regulatory priorities and initiatives that were in evidence around the world in the last year, we forwarded the questionnaire at left to regulators in all of the major global financial market centers.

We were delighted to receive comprehensive responses from the UK Financial Conduct Authority, the Monetary Authority of Singapore, the Hong Kong Monetary Authority, the Australian Securities and Investment Commission, and the Dutch Authority for Financial Markets. Their contributions are captured throughout this report, significantly enriching it.

We are grateful to them for taking the time to share their thoughts and perspectives, which benefit their peers and all those who care about these issues. And special thanks to those who took the added time to provide us with additional specific input for inclusion in this year’s report, including:

  • Greg Medcraft, Director of the Directorate for Financial and Enterprise Affairs of the OECD and former Chairman of the Australian Securities & Investment Commission
  • James Shipton, Chairman, Australian Securities & Investments Commission
  • Ravi Menon, Managing Director of the Monetary Authority of Singapore
  • Jonathan Davidson, a Director of Supervision and Executive Committee Member of the UK Financial Conduct Authority
  • Gail Kelly, Vice-Chair of the G30 Steering Committee on Banking Conduct and Culture, Senior Global Advisor to UBS AG, and former CEO of Westpac Banking Corporation

We hope that this 2019 update to our annual Compendium will help to prompt further informed discussion among banking industry executives and their regulators regarding the role that culture plays in driving misconduct risk, about how such risks are to be better managed, supervised, and mitigated, and how employee conduct may be shaped to drive desired performance outcomes.

As always, we welcome any questions, comments, or criticisms, along with suggestions as to how we may improve next year’s report. Please reach us at

Key Takeaways

  1. The culture/conduct-risk supervisory agenda persisted throughout 2018 and will expand in 2019. If anything, persistent bank conduct scandals in the news headlines have resulted in an increased energy around this topic among bank regulators in most major markets.
  2. The dialogue regarding culture and conduct risk has shifted away markedly from past years’ focus on whether culture was a relevant supervisory matter to a clear consensus view that it is. Focus now is on how supervisory attention to this matter is best operationalized, and what firms are expected to do to better measure and manage culture and conduct risk.
  3. 2018 witnessed increasing adoption of individual accountability regimes in many major markets, modeled on the UK’s Senior Managers & Certification Regime (SM&CR). We expect to see this trend become further entrenched in the year ahead.
  4. It is increasingly clear that regulators, among others, are emphasizing the value contributed by behavioral science in the supervisory context. We now see several regulators adopting the pioneering approach of the Dutch De Nederlandsche Bank in this regard, and banks are following suit, employing teams of behavioral and organizational psychologists.
  5. Over the last year, the culture/conduct dialogue has begun to merge with existing discourse concerning environmental, social and governance (ESG) priorities. Culture is posited, in this context, as a key contributor to good governance, with substantial academic findings giving support to that view. We expect this trend to broaden in the year ahead.
  6. As with the ESG trend, we’ve seen a marriage in the last year between the culture/conduct dialogue and heightened public concern for issues of diversity and inclusion, gender parity, and sexual harassment. A number of regulators now argue that such issues at firms may be taken as a proxy indicator of broader culture and conduct concerns.
  7. Regulators are not alone in marking these shifting priorities. Over the last year, we’ve seen the emergence of an “ecosystem approach” to the challenge of improving governance and supervision of culture and conduct risk, and an associated global dialogue that also includes global standard setting bodies, institutional investors, industry associations, and firms.
  8. Reflective of this trend, the past year has seen a marked increase in cross-border regulatory collaboration and knowledge-sharing around these issues, and we fully expect to see that trend build momentum over the course of the next year, as regulators and their supervised entities work towards establishing a new set of best practices.
  9. In keeping with the foregoing, there is a clear frustration regarding a lack of established, industry-standard metrics by which to gauge culture and conduct risk, both for internal governance purposes and so as to report up to regulators and interested stakeholders. Firms are also seeking to determine how they may best evidence success in this regard.
  10. In this latter connection, newly developed RegTech solutions have captured the imagination and, over the course of the last year, we have seen an increased readiness on the part of firms and regulators to trial these tools. Though still in its infancy, some analysts expect RegTech to account for a third of all regulatory related expenditures in the next few years.

With the Hayne Royal Commission having issued its final report, executives across the Australian financial sector are asking how to correct circumstances that led to past misconduct. Budgets for governance, risk and compliance measures will swell, but those added resources are not likely to produce the desired result without a reappraisal of what drives human behavior within firms.

Management theory, as it is applied among firms worldwide, persistently elevates the importance of incentives in driving employee behavior. These incentives are seen as primarily financial. Moreover, they also presume the well-known “rational actor” model of human behavior. This results in the belief that, if incentives are properly “aligned,” all will be well and that the optimal way to motivate behavior is oneemployee-at-a-time.

But people are not just motivated by money, nor are they always rational, nor do they act in isolation, and nor do they necessarily realize the factors that shape their own behaviors.

As social critic Eric Hoffer once opined, “When people are free to do as they please, they usually imitate each other.” The social circumstances in which people find themselves, their social networks, and the norms within those networks, are extremely powerful forces motivating behavior, often much more powerful than monetary incentives or individual desires.

Peer pressure is powerful in all domains of human behavior — from eating to smoking to voting to violence. In the past few years, my lab has done many experiments in online and offline settings exploring diverse interventions to change collective behavior and documenting the impact of social contagion. We have shown that public health interventions ranging from vaccination to vitamin supplementation can spread between people; that we can strategically seed rural villages with information about well-baby care and create artificial tipping points in cultural norms for such care; and that we can foster the ability of online groups to cooperate and coordinate on shared goals.

We have also shown that the behaviors of professionals within their own networks can also be linked, as in the case of the diffusion of innovations among networks of doctors. And in large-scale studies involving millions of people, we have documented the spread of emotional states, spreading from person to person to person. Behavior, in short, is contagious.

These findings hold lessons for the financial industry.

Researchers have demonstrated, using inventive experiments1, that people who work in banks, when primed to think of themselves in the context of their workplace, are more likely to behave dishonestly. This was not the case for subjects in such experiments who worked in other industry sectors. These results suggest that the prevailing business culture in the banking industry may undermine a commitment to honesty. “What is common is moral.”2

Dishonesty, proscribed behaviors, and fraud likely spread via processes of social contagion like all other observed human behaviors. It is not about bad apples; it is about bad barrels. People will behave in a risky manner when they perceive that their peers are doing similarly.3

There is growing acceptance among regulators and risk managers that culture shapes conduct in banking. However, it is often argued that culture is “soft stuff” that cannot be measured, and that, consequently, it cannot be managed. It is also often presumed that, since “culture” is not restricted to specific individuals, it cannot be changed.

But our work using network methods in settings around the world suggests quite the opposite.

Network science offers a number of models for diagnostic techniques and behavior-change interventions for the financial industry.

With adequate information about both the structure of employee interactions (e.g., by studying email communication patterns in a manner that we have validated) and information about any known cases of bad behavior, it is possible to ascertain whether there are outbreaks of such behaviors and whether there is evidence of social contagion. More generally, network methods can help identify clusters of employees at greater risk of succumbing to such contagion.

Perhaps more important, it is possible to use network methods to implement interventions that will drive change in the culture within banks, even absent any known bad behavior, and to affirmatively manage conduct risk. This can be done in two ways.

First, by understanding the structure of employee interactions, it is possible to target “inoculations” (in the form of trainings, enforcement actions, or other management interventions) on individuals or groups who, by virtue of their network location, have an outsized impact on the culture within the firm. Such individuals are not necessarily ones identified by a formal org-chart.

Second, and distinctly, the structure of the network itself might matter. An analogy is helpful. If one takes a group of carbon atoms and connects them one way, one gets graphite, which is soft and dark. But if one takes the same carbon atoms and connects them another way, one gets diamond, which is hard and clear.

There are two key ideas here. First, these properties of softness and darkness and hardness and clearness are not properties of the carbon atoms: they are properties of the collection of carbon atoms. Second, the properties one gets depends on how we connect the carbon atoms together

It’s the same with social groups. This phenomenon, of wholes having properties not present in the parts, is known as “emergence,” and the properties are known as “emergent properties.” Culture within firms operates similarly, and is itself an emergent property with implications for employee behavior: connect employees in one way, and they do not engage in risky conduct. Connect them another way, and they do.

Those hoping to drive improved conduct in the Australian banking sector would do well to keep these learnings from the behavioral sciences in mind as they begin their reform efforts


Nicholas A. Christakis, MD, PhD, MPH, directs the Human Nature Lab at Yale University and is co-director of the Yale Institute for Network Science. With James H. Fowler he authored, “Connected: The Surprising Power of Our Social Networks and How They Shape Our Lives.” His latest book, “Blueprint: the Evolutionary Origins of a Good Society,” was released this month.

First published on Thomson Reuters Regulatory Intelligence (TRRI) on 2.13.19

  1. Alain Cohn, Ernest Fehr, and Michael Andre Maréchal, “Business culture and dishonesty in the banking industry” Nature, 2014.
  2. B. Lindstrom, S. Jangard, I. Selbing, and A. Olsson, “The role of a ‘common is moral” heuristic in the stability and change of moral norms,” Journal of Experimental Psychology: General, February 2018.
  3. Thomas Lauer and Anna Untertrifalle. “Conditional dishonesty,” 2019.

As Bank of England Chief Economist Andy Haldane1 observes, “Finance is built on trust. It is based on promises about tomorrow, often paper promises backed by nothing other than words on a page. When trust in those promises breaks down, so too does the financial system.

Kenneth Arrow, the Nobel Prize-winning economist, was among the first to acknowledge the significance of trust in our day-to-day transactions. In 1972 he argued that “…virtually every commercial transaction has within itself an element of trust, certainly any transaction conducted over a period of time.” Some twenty-years later, in his widely-read 1995 book, Trust: The Social Virtues and the Creation of Prosperity, Francis Fukuyama argued for the significance of social trust in the realm of economic development.

Today — perhaps thanks to a marked decline2 in general social trust — it is even more clear that trust matters to the full functioning of our institutions, in the realm of economic transactions, and in everyday life.

Trust serves as a sort of informal ‘currency’ that facilitates social exchange. It reduces the ‘transaction costs’ in exchange relationships with strangers and supports the cooperation that is central to creating and maintaining social order. While it cannot bear the full weight of making society work, trust provides a key element — a kind of ‘social glue’3 — that allows for the smooth functioning of groups, firms, organizations and institutions, public or private. In short, trust allows for activities that would not occur without it and allows us to benefit by the interconnectedness of our interactions with one another across national boundaries and online.

Trust in the economy, and the institutions that support it, is important to perceptions of economic wellbeing in a society. When trust in these institutions breaks down, and when trust in government as an instrument of regulation and oversight is low, the economy stalls as financing breaks down and investments by ordinary people decline. It is therefore imperative that regulators give thought not only to the trustworthiness of the firms they oversee, but to the public’s faith in those regulatory agencies themselves.

And trust helps to lower the need for regulation: where we can rely on trust and trustworthiness, we may reduce investment in costly controls, intrusive forms of surveillance and monitoring, overly prescriptive regulations, and punitive sanctions for breaches. As such, management attention to promoting a high-trust culture may pay sustained dividends in the form of reduced governance, risk and compliance costs.

Consumer reaction to the failure of companies to act in a trustworthy manner is often swift and sure. It is hard for companies to recover from the loss of consumer confidence — some never do. In the current climate of low general trust in societal institutions across the globe, it could not be more important for those in banking and financial services to tend to the task of building a culture of trust within their organizations, with their customers, and with stakeholders more broadly.

Indicators are that banks have a way to go in this regard. More pointedly, bankers4 have a long way to go, as the public’s confidence in firms themselves appears to be somewhat higher than its faith in those who staff them. This has real dollar implications.

A recent study5 from Accenture ties a loss of trust among a firm’s key stakeholders — customers, employees, investors, suppliers, analysts, and the media — to a financial loss that is “conservatively” estimated at $180 billion.

The trick, then, is to create and maintain a culture of conduct that requires trustworthiness and reduces violations of trust. As Baroness Onora O’Neill has argued, “We need to focus first on trustworthiness and secondly on the intelligible communication of evidence of trustworthiness to others, without which they cannot place or refuse trust intelligently.”

That is, trust must become a management priority within firms, and clearly evidenced in demonstrable cultural norms among employees. The challenge, of course, lies in operationalizing this mandate.

Firms rely largely upon staff surveys, ethics training, and ‘town-hall meetings’ to address such matters. And although significant amounts are invested in such tools each year, it is an indication of managements’ lack of confidence in them that a multiple of that spend is typically invested in surveillance and monitoring systems aimed at catching bad actors.

While such tools may be somewhat useful and may, at a minimum, represent what might be considered ‘good hygiene,’ they leave management reliant upon fairly blunt instruments when compared to what is today made possible by Computational Social Science.

In a recent speech6 , Kevin Stiroh, the head of Supervision for the New York Federal Reserve Bank, observed, “As we continue to see the impact of technology and big data in other parts of financial services, one interesting question is how innovation and enhanced technology will support the measurement and management of culture... For example, we might see firms routinely leverage broader data to make stronger predictions about potential misconduct risk, which could be useful to help focus scarce compliance resources.”

Computational Social Science offers much here. It is well established that interpersonal trust and perceived ‘psychological safety’ among employees and managers is key to creating high-performance teams within the workplace.7 Computational Social Science techniques allow us to measure and map these interpersonal trust dynamics, sifting signal from company data sets to produce heretofore unavailable insights into the drivers of employee conduct.

Such insights permit proactive management of culture, conduct risk, and company performance more broadly. It is encouraging, therefore, that firms, and regulators, have begun to explore the application of Computational Social Science to regulatory and risk management challenges.


Karen S. Cook is Professor of Sociology and Director of the Institute for Research in the Social Sciences at Stanford. She conducts research on social networks, social exchange, and trust and has edited several books on these topics, including Trust in Society (2001), Trust and Distrust in Organizations: Emerging Perspectives (2004), and Whom Can You Trust? (2009). Professor Cook serves on the academic advisory board at Starling.

First published on Thomson Reuters Regulatory Intelligence (TRRI) on 3.5.19

  1. Andy Haldane, “Trust and Finance,” Institute for New Economic Thinking, October 24, 2013.
  2. Ibid.
  3. Karen Cook and Bogdan State, Trust and Economic Organization, May 2015.
  4. Victoria Finkle, “Banks are running out of time to regain public trust, “ America Banker, September 4, 2018.
  5. Greg Sterling, “Study finds decline in trust cost corporations billions in profits,” Marketing Land, November 5, 2018.
  6. Stiroh, February 26, 2019.
  7. Marc Keuschnigg, Niclas Lovsjo, and Peter Hedstrom, “Analytical sociology and computational social science,” Journal of Computational Social Science, November 2017.