Why bankers so often fail to comply with policies and regulations

Allegations that the Commonwealth Bank of Australia has been complicit in money laundering is just the latest example of issues with regulatory compliance and risk management in the financial sector.

Our research shows that some of the problem is due to the incentives paid to financial professionals to boost profits. But the personal attitudes of individual staff members also matter, as does tenure (how long individuals have been in the industry).

Even though risk management has become a priority in the financial industry since the global financial crisis, compliance is hard to monitor and so staff are tempted to disobey policies.

Risk management

Recent years have seen regular scandals in the financial industry, notably the Libor interest rate rigging, CommInsure and the more than a million fraudulent accounts created by 5,000 Wells Fargo employees.

Good risk management is designed to ensure risks are within the organisation’s appetite, which should reduce scandals. Senior leaders set the risk appetite and the policy framework - they design the rules that staff should follow.

Finance professionals are expected to comply with all kinds of policies, from limits on the amount/kinds of loans they can make, to policies to reduce the risk of cyber-attack, not to mention reporting of suspicious transactions.

But these policies can mean that potentially profitable deals aren’t pursued, or that time is “wasted” that could be devoted to generating profits.

Our experiment

Our experiment sought to find out more about how incentive schemes and culture affect compliance with risk management policies. With help from industry body FINSIA, we invited 306 financial professionals into a lab and put them through a simulation that mimics investment decisions - buying securities, granting loans, underwriting insurance etc.

The participants had to do some simple analysis (with a calculator) and then decide whether to invest. Over an hour they could complete up to 60 transactions and were given a risk policy/limit to follow. We observed how often participants violated the rules during the session, focusing on those transactions that were outside of policy.

Participants were randomly assigned to one of five “treatments” representing a range of workplace environments that varied how the employees were paid and the behaviour of managers/peers: variable payment and profit-focused, variable payment and no-focus, variable payment and risk-focused, fixed payment and profit-focused, fixed payment and no-focus.

In the risk-focused treatments, participants were told that managers and co-workers prioritise risk management. Participants with variable payments received cash based on the amount of profits they could generate during the session (less penalties for non-compliance). The rest received a fixed payment.

In the profit-focused treatments, we gave participants information showing that managers and co-workers prioritise profits:

“Your manager rarely mentions the risk policy but talks often about the need to meet budget. He is always giving you motivational messages to encourage you to boost profits. You notice that colleagues who breach policy are excused if they are top performers. The risk policies are often criticised by staff because they can interfere with meeting profit targets; risk managers have low status compared with people who have great profit figures.”

The following chart shows the compliance rates in each treatment - the proportion of “bad” transactions where the rules were followed.

We found that when people had variable payments that are linked to profits, their compliance with risk management was significantly reduced. When managers and co-workers were also profit-focused, compliance reduced even further. Interestingly, the variable payments did not produce significant increases in productivity in our experiment. Participants worked about the same amount as those on fixed payments.

On the other hand, when participants were paid a fixed amount regardless of profit, compliance with risk management policies was higher. Although still not perfect. Surprisingly, some people broke the rules even when there was no financial benefit for them to do so. This could be human error or just for the enjoyment of rule-breaking.

But compliance with risk management depends not only on incentives, but also on individual factors. For example, we observed different compliance behaviour across individuals depending on their personal attitudes towards risk management and compliance.

We also found that those with longer tenure in the financial industry were more likely to act in compliance with risk policy. Perhaps such people understand why good risk management matters having lived through a few scandals.

What to do about it?

These findings can be used to guide human resource policies. For example, financial institutions could screen potential employees for their attitudes to risk management. And they could choose to promote or reward staff with favourable attitudes.

But there are other important implications for the industry. Since incentive structures that are profit-based have an adverse impact on risk compliance and do little for productivity, such remuneration programs should be reconsidered. Perhaps it’s time to switch to fixed payments across the industry.

Our research shows that it is difficult to have high rates of risk compliance in the presence of profit-based payments. Staff are likely to believe that profit-based payments signal the true priorities of the organisation and they modify their behaviour accordingly.

But in the end, non-compliance with regulation and policies occurs even in the best environments. Scandals caused by non-compliance are inevitable, although financial institutions can reduce the rate of non-compliance through improved practices.