Regulators are adopting behavioural science tools pioneered by the Dutch central bank in their supervisory efforts, and firms are taking notice, says Stephen Scott at Starling.
On 30 March, Starling released its annual Compendium, a report on global regulatory activities aimed at promoting improved culture and conduct in the banking sector. In a series of articles written in collaboration with Regulation Asia, Starling has outlined some of its principal findings.
In the first four articles, we discussed (1) the UK’s leadership role in driving the global supervisory agenda around conduct and culture, (2) developments in Australia that have shaped the global dialogue around governance and supervision in this area, (3) Hong Kong’s ecosystem approach to addressing culture and conduct issues, and (4) Singapore’s efforts to advance the culture agenda with a view to improved consumer outcomes.
A key takeaway from Starling’s Compendium is that regulators increasingly see behavioural science as offering an essential perspective in the supervisory context. Following the early example of the Dutch central bank, many regulators have now created internal behavioural science units, made up of organisational psychologists and others with similar training. Some banks are now following suit, employing behavioural and organisational scientists to assist with non-financial risk management.
The behavioural science approach pioneered by the De Nederlandsche Bank (DNB) makes use of “psychological methodologies and techniques” that support its supervisory efforts. In its influential book, Supervision of Behaviour and Culture: Foundations, Practice & Future Developments, principal author (and Starling advisor) Dr Mirea Raaijmakers argues that, to identify and mitigate culture and conduct risks effectively and consistently:
... it is crucial to develop a common conceptual model and a common supervisory language on behaviour and culture. By defining culture
— both its visible and invisible aspects — in a concrete manner, we can apply this concept to supervision.
Behavioural scientists from the DNB have been invited to share their experience conducting “deep dive” culture and conduct risk audits with their counterparts in many jurisdictions, and to provide training in their methodologies for regulators in Singapore, Hong Kong and Australia, among many others.
We see the DNB’s influence, for instance, in the creation of a behavioural sciences unit at the Monetary Authority of Singapore (MAS). Through the application of behavioural science techniques, this unit aims to run “culture research and empirical studies,” with a view to enhancing policy design work and the efficacy of the regulator’s supervisory interventions.
In a related move, with the Association of Banks in Singapore (ABS), MAS has formed an industry- led Culture & Conduct Steering Group (CCSG). Behavioural science features directly in this context, as the CCSG aims to serve as a platform for participants to:
The rationale for the Singaporean regulator’s focus on what is often considered to be ‘soft stuff’ was expressed cogently in a recent speech by MAS Executive Director Ms Merlyn Ee:
For the financial advisory industry to thrive, it must be seen as trustworthy. Trust takes years to build and can be eroded quickly when large scale misconduct or scandals occur. Poor culture and conduct is widely accepted as one of the key root causes of major conduct failings in the financial services industry.
There is growing international consensus that culture and conduct risk management is central to preserving system-wide interests. “Globally, there has been increasing attention on culture and conduct. Like many other regulators, MAS is intensifying our supervisory focus in this area,” Ms Ee noted, pointing to the recent example of the Australian market, which MAS has studied closely.
Following a prudential inquiry into CBA (Commonwealth Bank of Australia), the Australian Prudential Regulatory Authority (APRA) required firms to conduct self-assessments with regard to their culture and the related governance of conduct and other non-financial risks. Upon review of those self- assessments, APRA warned that firms found wanting might well face additional capital charges.
Making good on that warning, last month, APRA ordered National Australia Bank, Westpac and ANZ Bank each to hold an extra AUD 500 million in capital until they can evidence that they’ve successfully cleaned up governance and cultural problems. CBA faced a USD 1 billion capital charge last year amidst similar concerns about its own ability to address
“The major banks play a vital role in the stability of the entire financial system, and APRA expects them to hold themselves to the highest standards of risk governance,” APRA Chair Wayne Byres commented when the charges were announced. “Their self- assessments reveal that they have fallen short in a number of areas, and APRA is therefore raising their regulatory capital requirements until weaknesses have been fully remediated.”
These so-called ‘culture costs’ will now weigh on the banks’ profitability and likely form a permanent part of their fixed cost base for some time.
In a related effort to better address what Australian Securities & Investments Commission (ASIC) now broadly refers to as ‘GCA’ matters (Governance, Culture & Accountability), the corporate regulator announced in March that it would install an organisational psychologist in the board rooms of the country’s largest firms – including the major banks and asset management companies.
Commenting on her appointment to that role, behavioural science expert Elizabeth Arzadon pointed to the DNB’s Supervision of Behaviour and Culture, saying “our approach isn’t exactly the same but very similar”. While APRA’s view on the value of applied behavioural science is somewhat less clear than ASIC’s, it is notable that Arzadon previously worked with APRA’s behavioural sciences unit.
The APRA unit started as a Governance, Culture & Remuneration team, its former team lead Fahmi Hosain tells Starling. With regulators worldwide dedicating resources to better understand how cultural dynamics contributed directly to the GFC, “the ambition at APRA was to create a centre of excellence on these topics and to integrate this expertise into business-as-usual supervision, which would ultimately deliver a strengthened approach to supervising financial institutions,” he says.
Hosain points out that most people with APRA’s inaugural behavioural science unit came from a background in traditional disciplines of supervision, such as governance, capital adequacy and risk management. A key lesson from that formative period, he notes, is that regulators must invest a fair amount of time and effort in the study of behavioural science in order to develop a full appreciation of its nuance and to understand its potential implications for the risk profile of financial institutions.
APRA, too, looked to the Dutch example in making such study. “We spent a significant amount of time with them [the DNB’s Behaviour and Culture team] over the years, which provided us first-hand exposure to how social and organisational psychologist skillsets can be incorporated into a supervisory approach,” Hosain tells Starling. Going forward, he expects that institutions will continue to face a requirement for independent culture assessments, the outcomes of which will inform subsequent supervisory efforts.
The Operational Risk Exchange (ORX), an association made up of the heads of ‘OpRisk’ among the world’s largest banks and other financial firms, reported last November that, in the last ten years, global fines and settlements related to misconduct have totalled over USD 607 billion.
While total OpRisk losses at financial firms fell during the first half of 2019, on a year-on-year basis, ORX recently reported that misconduct-related losses accounted for most of the USD 8.5 billion total. Indeed, in the first half of 2019, nearly three-quarters (74%) of total OpRisk losses were attributable to conduct-related events, including the single largest loss event during the period.
Consider a recent example: CBA. The Australian bank has just reported that, in the wake of the Royal Commission’s findings, and subsequent customer compensation and refunds totalling nearly AUD 1 billion this year through June, its cash profits dropped by about 5%.
Moreover, its operating expenses rose 2.5% as a consequence of adding some 600 new risk and compliance professionals and a related increase in spending on regulatory compliance systems. Back of the envelope math puts that at some AUD 280 million in new – and likely fixed – running costs. Also notable is that CBA’s risk and compliance-related spending now makes up 64% of total investment spend, up from about half in 2018.
The persistent costs of punitive fines for misconduct, reputational damage and brand impairment, the ever-expanding budgetary impact of governance, risk and compliance requirements, and now individual accountability regimes and the threat of prosecution, have worked collectively to move culture and conduct concerns to the top of the C-suite and boardroom agenda at most firms.
But leaders seeking to mitigate these costs and liability exposures express a persistent frustration with a lack of credible, quantitative, data-driven and industry-standard metrics by which to gauge the ‘soft stuff.’ Without such, it is difficult to frame an informed view on where non-financial risks may lurk, assess the efficacy of risk mitigation efforts, and evidence success in ‘embedding’ adequate risk governance schemes when queried by regulators, boards, and other stakeholders.
Thus, while firms now understand that culture is important, and that behavioural science may offer useful insights into the governance of cultural drivers of behaviour, there remains a broad lack of coherence as to how these ideas are meant to be best operationalised.
An industry-wide over-reliance on surveillance and monitoring tools that aim to catch “bad actors” in the act implies a tacit expectation that these bad acts will continue unabated, though perhaps more perpetrators will be found and penalised. But it would be far better if risk leaders could successfully anticipate misconduct so that it might be headed off proactively, before harm is done.
Various trials in that direction are underway. Some firms, for instance, have begun experimenting with behavioural science units stood up within the 3rd line, and conducting random behavioural audits that seek to spot where conduct may become problematic. Notably, some of the experts firms are employing in-house hail from the DNB’s behavioural science team itself.
Other firms have begun to trial new RegTech tools among 1st and 2nd line risk managers, where the core value proposition is that these AI (artificial intelligence) powered tools may identify patterns in company data that tie – with predictive reliability – to various performance outcomes. Such tools thus position risk managers to intervene proactively and to make real-time “course corrections.”
Where these tools are informed by behavioural science, they promise to make at least some of the ‘soft-stuff’ measurable, provide new and operationally impactful insights into culture and conduct risks, and gauge the success of various risk management interventions, thereby helping firms to evidence improved non-financial risk management capabilities. If shown to be successful, such tools might allow for the development of industry-standard metrics, to the benefit of firms and supervisors alike.
It is important to note here that neither regulators, nor firms, are seeking to ‘codify culture,’ which is by nature intangible – “everywhere and nowhere,” as the UK FCA’s Andrew Bailey once remarked. But if we accept that cultural norms within organisations create conditions that either promote or discourage the emergence of certain behaviours – desirable or otherwise – then perhaps by inquiring into these conditions, we may effectively anticipate outcomes.
This again is a central theme behind the Dutch approach. The DNB uses an iceberg metaphor to depict how culture operates, with observable behaviour shaped by underlying “group dynamics” – defined as “patterns of interaction” within or between groups – that affect overall group effectiveness. Still deeper below the surface the DNB looks to the “mindset” inculcated among employees – “mental models” and “assumptions about reality” that inform individual and group decision-making and behaviour, whether consciously or not.
Referencing the work of organisational psychologist, Edgar Schein, the DNB contends that conduct is but a “visible artefact” of these invisible group dynamics and mindsets which, together, form “a pattern of shared basic assumptions” about what behavior is expected in a given context. For the DNB, it is the task of risk managers and supervisors to surface these underlying drivers of behaviour – that is, to assess the conditions under which specific behaviours may be expected to manifest.
Behavioural science teaches us that such behavioural conditions flow from human relationships. As social critic Eric Hoffer once opined, “When people are
free to do as they please, they usually imitate each other.” The social circumstances in which people find themselves, their social networks and the norms within those networks, are extremely powerful forces motivating behaviour – often far more powerful than monetary incentives or even individual desires. Conduct may thus be seen as being ‘contagious’ – helpfully providing us with a medical metaphor that is useful for illustrative purposes.
The understanding that conduct is shaped by underlying conditions – such as group dynamics and employee mindset – necessary leads to the next question: how does one go about identifying the specific conditions present at individual firms that could be helpful from a risk management and mitigation perspective?
Consider kidney failure. One of the most common causes of death in hospital patients is the sudden loss of kidney function. According to the Centre for Disease Control, acute kidney failure struck over four million Americans in 2014, leading directly to the deaths of hundreds of thousands. Survivors were often left dependent upon expensive dialysis for months or even years. Frighteningly, kidney failure often occurs swiftly, with little warning, and is triggered by multiple causes that are hard to detect in advance. By the time clear warning signs do emerge, it is usually too late.
But a study appearing in the journal Nature reports that researchers at Google’s DeepMind Health have developed algorithms that can identify various factors – conditions – that point to risk of renal failure. With data from the US Department of Veteran Affairs, Google trained its models on 600,000 different ‘health indicators’ and identified some 4,000 that proved to be of high predictive value.
The subsequently trained AI models were seen to be 90% accurate in cases that were severe enough to later require dialysis, successfully predicting renal failure 48 hours before it actually occurred, and thus promising to give doctors ample time to take corrective steps that may save lives, avoid injury, and reduce all the attendant suffering – and costs.
Could something similar work in the context of organisational behaviour? Borrowing techniques originally developed by genetic engineers working in the field of Computational Biology, research in the emerging field of Computational Social Science demonstrates that this is indeed possible.
The power of such Computational Social Science techniques is illustrated by recent research conducted at Stanford and Berkeley, where researchers sought to determine whether firm culture could be shown to be tied to specific performance outcomes and, if so, whether cultural drivers of such outcomes might leave discernible artefacts in communications data.
“Organizational scholars have long recognized the importance of culture in shaping individual, group, and organizational success,” the researchers had observed, but “compelling theoretical accounts of the dynamics of cultural fit and its consequences remain largely absent from the literature.”
In a novel approach, they looked at how new employees in an organisation demonstrate “normative compliance” by adopting the norms for language use in email communications that prevail among their new peers. The researchers identified and traced three distinct ‘encultration trajectories’ that correlated, with high predictive reliability, to specific individual and organisational outcomes.
Equipped with some 10 million emails exchanged among 600 employees over a five-year period, and human resource records that included things like employee age, gender, tenure and, for employees who had left the company, whether their departure was voluntary or involuntary, the researchers found that email language use among all new employees was out of step with organisational norms.
However, once those norms were learned, the study discerned three common ‘signatures’ within the data, which I’ll term (1) ‘accept and adopt’, (2) ‘reject and eject’, and (3) ‘reject and defect’.
Employees showing the first ‘signature’ in their electronic communication patterns – that is, those who were ‘normatively compliant’ – were found
to evince higher job satisfaction, motivation and discretionary effort, greater attachment to the company and longer tenure, as well as higher levels of both individual and firm performance outcomes. Whereas for the other two signatures:
Newcomers who do not rapidly conform to cultural norms are rejected by their colleagues and ultimately forced to exit, whereas those who had successfully enculturated earlier in their careers but subsequently exhibited a decline in cultural fit appeared to be detaching from the organization and subsequently exited voluntarily.
Studies of this sort demonstrate the potential for Computational Social Science to transform how firms might investigate the cultural dynamics and behavioural predispositions among their staff by making use of commonly retained data sets. When informed by learnings from behavioural science, these tools may produce powerful and deeply penetrative insights.
As awareness and understanding of such technological capabilities grows, and risk managers and supervisors find themselves able to move away from costly and often ineffectual human-driven processes towards more scalable and sustainable solutions, we expect to see wider adoption of culture and conduct risk management tools that specifically draw from the field of behavioural science.
This piece first appeared in Regulation Asia on August 15, 2019.
STEPHEN SCOTT is a risk management expert and CEO of Starling, a globally recognized leader in the RegTech space. Operating at the nexus of data science, network science, and behavioral science, Starling's Predictive Behavioral Analytics tools are used by leading financial services firms to assess and mitigate culture and conduct related risks.