Behavioural Risk: the new regulatory challenge

Governments and regulators around the world have recently been paying close attention to a fast-developing branch of social science research: behavioural economics. This Nobel Prize-winning research field studies patterns of human behaviour, and how these create costs, or other harm, or benefits to others. Whether or not you’d noticed it yet, this new(ish) branch of science has been steadily gaining influence and can now affect how everyone conducts their business: not just in the design of risk controls and regulations but also how organisations set about their marketing, fraud control, and human resource management. There are serious and expensive implications for many aspects of life in organisations; here, we’ll just highlight one aspect.

Behavioural economics in practice includes government programmes to ‘nudge’ better behaviour, fixing a range of social problems which had proved tricky in the past – from preventing obesity to catching up with naughty bankers. Here’s an example of a public policy ‘nudge’ that the US and UK governments have both used successfully:

Governments always found it hard to get citizens to save for retirement; with an ageing population, national treasuries seemed to be facing an unstoppable rise in the cost of public pensions. Behavioural research noted that people often ‘live in the present moment’, and don’t make long-term plans. Applying a behavioural ‘nudge’ to this problem, governments changed the approach to pension scheme enrolment, from opt-in to opt-out; thus you now have to choose consciously not to pay into a workplace pension, otherwise your payments are taken automatically.

That sort of initiative sounds good for your future, as well as good for government finances. So everyone’s a winner, right?

Not necessarily; read on.

Behavioural economics has grabbed politicians’ attention because the alchemy of ‘nudging’ promises to fix all kinds of social problems at almost no cost to public finances. From Ministers’ point of view, that’s a big win – a rare patch of sunny upland amid a policy landscape of austerity gloom, zero interest rates, currency collapses, and widespread voter anger. To be able to change benignly (in theory) how the voting public behaves, without taxing them while you do so, is thus something of a politicians’ dream.

In case you hadn’t already noticed, one of the first targets for this new regime of ‘behavioural regulatory intervention’ was the financial services sector, with the launch of a new type of ‘conduct regulator’, the FCA, in 2013. After all, noted the politicians, those bankers had rather offered themselves up for a public kicking by demanding taxpayer bail-outs back in 2008. A decade on, we face a steady increase in regulation-led ‘behavioural risk management’, and a widening range of organisations caught in the new regulatory regime.

It’s not just financial firms. If you are an advisor to a financial firm, or indeed any brand with a financial subsidiary business – perhaps you’re a high street brand that happens to provide an own-label credit card – think carefully about this: You are now regulated by an alliance of ‘conduct control’ bodies, including the UK’s financial (FCA), credit (PRA) and fair trading (CMA) regulators, all of whom now design their rules using behavioural economic principles. Conduct regulators are also looking increasingly to form international alliances, with new treaties (‘memoranda of understanding’), staff exchange programmes, and co-ordinated prosecutions against misbehaving big name individuals and brands. If you haven’t yet read up about what all this means for your cashflow, now would be a good time to start.

And my goodness, behaviour-based risk control is expensive. By the simplest measure, all of the new capital that UK banks recently raised for themselves (2013-16) – that’s over £30billion – they’ve had to expend on conduct regulatory costs: fines, redress, reorganisation, and so on. So, all the money that banks might otherwise have lent to businesses, they’ve had to spend on dealing with the new wave of behaviour-based regulation. By the way, they’ll also be needing £40bn more for this, 2017-20, said the Bank of England recently.

Whilst some might say banks brought these costs upon themselves, bear in mind that other branches of UK government, and indeed many other regulators around the world, are also starting to adopt behavioural regulation principles; the UK’s competition regulator (CMA) already affects potentially every business in the land. Elsewhere, behavioural regulators as far afield as Australia, Hong Kong, Singapore, South Africa and the USA are busy sharpening their own instruments of conduct enforcement. In the past year, Australia’s regulator (ASIC) has imprisoned more than twenty times as many company directors (per head of population) as the UK, for misconduct offences; other jurisdictions aspire to emulate this startling rate of ‘outcome’. Remember, in a political landscape where institutions are widely mistrusted, this new policy direction is a popular vote-winner.

There’s more. Conduct enforcers will now intervene to prosecute the non-event of a corporate control system, not just misconduct within an existing set of risk controls. Straight after an organisation suffers the reputational damage of a failed operational control, the prosecutor may now step with an enforcement notice and even a criminal case. One British bank that recently suffered a hacker-induced systems failure then found itself prosecuted for the misconduct offence of having caused ‘customer detriment’ when the network failed. Ouch!

Regulated and other impacts of behavioural risk – such as ‘socially engineered’ hack attacks – will only rise, unless we take realistic steps to anticipate and head them off. By recognising that these are new forms of threat, we can adopt new approaches to managing risk. At a detailed level, many staff still feel that they don’t yet know enough about what constitutes misbehaviour under the new rules. At the higher level of risk governance, senior managers need urgently to revive staff’s awareness that they can and should use their own intuition for more reliable early warnings of misbehaviour.

Expect this form of disruption to continue, as conduct prosecution is far too profitable for governments not to want to expand it. For sectors facing this – not just in finance, but increasingly for public-facing organisations of all kinds – everyone involved needs to build a new layer of situational awareness. We will all soon have to know how to “work risk-aware” in daily practice. The basic skills needed can be learned through a simple one-day workshop that transforms staffs’ responsiveness to behavioural risks, provides earlier warnings of trouble, and will over time save a stack of fines for misconduct, not to mention wastage of a misdirected compliance budget.

There is plenty else you can do, of course. Whatever preventive steps you do take, it’s no longer an option to do nothing – unless of course you want to star in tomorrow’s bad news headlines.