Compliance and Behavioral Risk Management
🔥 Given their misbehavior over the last two decades on the one hand (cases of fraud, ethical misconduct, LIBOR fixing, selling overly complex products to clients, etc.) and their importance to our society on the other, legal limits had to be set on the way banks and the like operate. As demanded by various regulators following the 2008 financial crisis, financials firms (in particular those in the US) now typically deploy a
reactive, legal, and numbers-oriented compliance and risk management approach to avoid misconduct by employees (and by the company itself). This approach is based on
the assumption that people and firms behave rationally and that if you monitor them closely and punish them fiercely, they will obey and do the right things.
But in reality, work conduct is driven also by many
cognitive biases and professional contexts (the teams employees work in, the goals they are supposed to achieve, the
leadership, the
type of organizational culture and/or "ways we do things here"). Moreover, in a strict surveillance and punishment approach, managers and employees may feel a lack of trust and resort to things like manipulating the numbers, hiding problems and covering up bad events. Also, such culture is far from ideal to
motivate knowledge workers.
I just read an interesting article by behavioral experts Scholten, De Vries, and Besieux. They recommend to complement (not replace!) this traditional formal compliance and/or risk management system with a behavioral approach as being pioneered by several leading European institutions like NatWest, ING Group, ABN AMRO and more recently also by HSBC, Standard Chartered and Royal Bank of Canada.
What is Behavioral Risk Management? (BRM)
BRM is a
complimentary, more pro-active, preventive and psychological approach to avoid misconduct by employees (and the company they work in). It involves identifying behavioral drivers and addressing these drivers and employee behavior by making changes or using
nudges in processes or in organizational contexts. It is based on the assumption that people do not always act rationally.
Implementing BRM. Process
To implement BRM, companies typically take a 2-step approach:
1. IDENTIFY AND UNDERSTAND HOT SPOTS: Identify the A. Processes and B. Units in the organization were misconduct is likely to occur and could have severe consequences. This is done though various scans, surveys, reviews, interviews, etc.
2. FIND SOLUTIONS: Address the problems revealed though step 1 by
- Identifying specific nudges in special collaborative workshops ("Nudge Labs")
- Conducting interactive workshops for senior leaders aimed at creating a shared and full understanding of behavioral risks and managing them as well as design solutions ("System-in-the-Room Sessions").
In my opinion, behavioral risk management is a sensible and smart approach to further reduce unethical or unwanted employee behavior and organizational practices in financial institutions. What I really find good about it, is its focus on involving professionals to improve their own work. They will like working for such a company and that is important when so many companies are attempting to
make their Employee Value Proposition more human. It also fits well in how we should
manage our knowledge worker teams in the 21st century. So I recommend both regulators and corporate boards to welcome it.
⇨
What do you think about BRM? Do you consider it a useful compliment to a legal/control approach in compliance? Any experiences to share?
Source: Scholten W., De Vries F., and Besieux T., "A Better Approach to Avoiding Misconduct: Use Nudges to Complement Traditional Methods to Risk Management", HBR May-Jun 2022, pp. 104-111
Log in
Comments by date▼