top of page

Why “it’s a regulatory requirement” might not be the best explanation…

Telling people to do something because it is a “Regulatory Requirement”

is a widely used technique to drive compliance within organisations. In this article, I explore why that might not be such a good idea.


Framing

One of the fascinating aspects of Behavioural Science is that small changes to an environment can have a massive impact on our decision-making. A good example is Framing; the idea that the way in which things are presented to us will impact how we perceive them.



By understanding how things are “framed” and what impact that has on the target audience, we can look to “re-frame” when the behavioural outcome we’re looking to achieve, isn’t what we expected.


This needn’t be complex. Presenting a medical procedure as having a 90% success rate, feels different from one that has a 10% failure rate, even though they’re the same thing. Offering a discount of 25p discount on cups of coffee when people bring their own cup, elicits a different response from us than when we are charged a 25p tax for not doing so.


By re-framing the nature of the role, they’re looking to attract people who have the aptitude but wouldn’t naturally consider applying.


As I look to bring Science to Compliance, I’m finding lots of examples where re-framing can offer us significant advantages. The language we use matters more than we might think.


Regulatory Requirements

Take the phrase “Regulatory Requirement” (RR). In Financial Services, and in other heavily regulated industries, it is used incredibly frequently as an explanation for why people need to do certain things or not do certain others. By RR, I don’t just literally mean those words. What I mean is the concept of citing regulation as the main justification for something.

You don’t have to look too far down people’s email inboxes to find requests or tasks which either implicitly or explicitly cite it as a justification. This ranges from specific wording like:


“In order to comply with Regulation X, you are required to do the following:”


to the more subtle:


“By doing this you will be helping us to meet our regulatory obligations”


or even:


“The results of this will be shared with our regulators”


This technique is so frequently deployed, that it is often hard to tell whether the issue is genuinely a regulatory requirement or if it is just being used as a tool to make people focus in a way that the “taskmaster” thinks they wouldn’t otherwise. Sometimes it genuinely is one. Sometimes it has a basis in what a regulator said but is down to the interpretation of an individual who has been tasked with implementing it. These interpretations can be spot on, or they can be as far from the original intent of the regulator as some soft drinks are from the fruit that is plastered on their packaging.


RR has, therefore, become a catch-all concept that contains elements of “you have to do this” and “don’t question what I’m asking”. I think that’s really dangerous.


That’s not because I think every regulatory requirement is challengeable or pointless. Far from it. The industry I work in has demonstrated on numerous occasions that leaving Firms to their own devices risks producing outcomes that are not in the best interests of society. Equally, as a former regulator, I know that regulators don’t always get it right. What they try to achieve can misfire, and there are regulations that deliver unintended consequences or which miss their target.


My objection to the concept of using RR as a justification for doing something is because it frames the activity as extrinsically motivated. What do I mean by that? Let’s take a brief detour into the topic of motivation so that I can explain.


Extrinsic vs Intrinsic

Our behaviours can be motivated extrinsically (the “ex” meaning from outside) or intrinsically (from within). Telling someone to do something is using an extrinsic motivator. Making something feel like it is a decision the person has taken themselves is deploying an intrinsic motivator. We all know intuitively that the latter is much more potent than the former.

I’ve previously cited the example of how telling a small child to wear a coat (extrinsic) can make them not want to do it; even if they intended to do so. However, telling them they’ll need to wear a coat and asking them which one they want to wear, it is much more likely to succeed. It works because the act of allowing them to choose, makes it feel like an intrinsic motivator (“I know I need to wear a coat and I’m choosing the one I want to wear”). That is more likely to spark this kind of reaction:


All too often, Compliance requirements are framed extrinsically. As a result, we shouldn’t be surprised when the small child inside our target audience occasionally rebels against what they’re being told to do. With that said, let’s get back to RR.


The danger I see in using it as the primary rationale for things we need people to do is that we send a message that the only reason we’re asking for them to be done is that the regulator said we had to. The implicit message is that, in the absence of that requirement, we wouldn’t be doing whatever it is, we’re being asked to.


This creates an “us” and “them”, with the regulator seen as the “bad guy” forcing us to do things against our will; meddling in our world. I’m reminded of the way “evil” characters are used in children’s stories and the classic line from Scooby-Doo:


“I would have gotten away with it too if it hadn’t been for you meddling kids”


(c) Warner Brothers


Only this time it’s the regulators that are seen as the meddlers. Without their nefarious influence, this school of thinking suggests, we’d be able to do far more. I exaggerate to make a point, but we should consider the fact that the extrinsic motivator is a double-edged sword. On the one hand, the rationale for deploying it so often is that it can be incredibly powerful; it explains why parents often resort to “because I told you to” when they want their kids to do something. But, on the other hand, it destroys the positive forces that come from intrinsic motivators and it often feels like a justification of last resort.


You might legitimately ask why this matters? After all, if it gets people doing what we need them to do, then doesn’t the end justify the means? Yes and no. I accept that there are certain things that regulators require of Firms and individuals which wouldn’t happen without their interference. I mean that in the literal, rather than the pejorative sense of the word. Leave market forces to their own devices and you risk monopolies that can become exploitative. We’ve seen the dangers of Information Asymmetry, where one party to a transaction has greater information about a situation or product than the other party, in my industry. Consumers don’t buy mortgages that often, so it’s not surprising that they know far less about the market than the people selling them. Without regulatory intervention, it is easy to see how consumers might be exploited.


However, there are also large swathes of regulation that force Firms to do things which they should arguably want to do of their own accord. For example, rules that require Banks to understand and manage their risk profile appropriately or hold sufficient capital to ensure they can withstand market shocks. These kinds of rules don’t just act in the interests of society; they also serve to protect shareholders and employees by ensuring that the organisation is properly run on a sustainable basis.


I can, therefore, see that the argument for using extrinsic motivators like RR to encourage compliance with regulations that wouldn’t come naturally to Firms if left to their own devices, potentially has some merit. Though arguably, a business that wants to be sustainable in the 21st century, probably ought to have a business model that factors these into its thinking.

But there’s an even more important reason why we should avoid intrinsic motivators if we can. That is in situations when Compliance has a qualitative aspect to it.


Quality of Compliance

In his book The Law of Good People, Professor Yuval Feldman highlights the importance of considering the concept of “quality” of compliance. We tend to think of it in binary terms; like a speed limit where you either are or are not driving within it. However, in many cases, particularly in fields like conduct, it is much harder to codify exactly what we want people to do.


By way of example, he cites whistleblowing as an activity where we implicitly require a level of engagement from the participant. You don’t want to incentivize everyone to whistleblow, because they’ll do so for the wrong reasons. Instead, you want to incentivize people who find themselves in situations where it is appropriate, to do so for the right reasons. Getting people appropriately motivated to deliver this outcome, is less likely to be achieved through the use of extrinsic motivation. For a whistleblowing programme to be effective, it needs the target audience to be intrinsically motivated.


At least with whistleblowing, you have the opportunity to review the quality of what people have reported. Admittedly, you won’t know what hasn’t been reported, but at least you can see whether what has been reported is appropriate. There are lots of other activities where there is no easy way to assess the quality of Compliance.


Attestations, Surveys and Activity Tracking

A commonly used tool for ensuring compliance with a particular regulation is to ask people to attest that they have complied with it. Whilst this technique does try to make use of the intrinsic motivator of focussing people’s minds on their personal responsibility, it also requires a degree of engagement on the part of the person being asked.


Implicitly, I know that if I’m asked to attest to something, that the main reason the attestation is likely to exist, is that there isn’t an easy way for the person asking for it, to check whether I’ve done what I’m being asked. Because if there was, then they’d use that instead. In many cases, compliance can be verified through spot checks, so there is a form of deterrent. But for the regime to be truly effective, it needs people to feel motivated by more than the risk of being caught by a review.


Surveys are another example where intrinsic motivation is needed. Force me to fill in a survey against my will and the quality of the data I’m likely to give you will be very low. It never ceases to amaze me how organizations obsess over getting as high a response rate as possible. I would argue that if 30% of your organization don’t want to fill in a survey, then that is high-quality data, that tells you something. You might have to find out why, but the message is clear. By pursuing that 30% and making them fill in the survey, what you’re effectively doing is taking high quality data (“I don’t want to fill this survey in”) and converting it into potentially low-quality data (“I’m filling this in under duress”) and then co-mingling that low-quality data with the high-quality data that comes from willing survey participants. Where else would we strive to do that?



The problem here is that you have no way of knowing whether people diligently filled in your survey if they reacted badly to being forced to do it, or whether they did the bare minimum to get it done and just ticked the default options. When it comes to surveys, quality of Compliance really matters.


Replace the term survey with “timesheet” or “activity tracker” and you can see a similar problem. Particularly in jurisdictions where employers are not legally able to look at data on any one individual. Feldman makes the good point that we often seek 100% Compliance for activities where it isn’t really necessary. Or indeed desirable. I might need it for an attestation, but you could argue that having 70% of a population do a survey might be more than enough to allow me to extrapolate some meaningful conclusions from the data.


Ownership

For these reasons, I think we need to give careful thought to the times when we deploy RR. It is all too easy to make it the very first thing we reference in requests, instructions and when explaining the rationale for internal rules. What I’m suggesting is that we try, whenever possible, not to default to making that the headline rationale for requiring people to do something. It may be highly appropriate to use RR in situations when intrinsic motivation won’t work; for those times when genuinely the only reason we’re doing something is because a regulator wants us to. I’m therefore not suggesting we don’t use it; especially as it is sometimes the regulators themselves that require us to do precisely that. Perhaps something for them to also think about…


But using RR often comes at a price that I suspect we don’t always fully contemplate. That price is that we transmit that we’re only doing it because we have to and that we wouldn’t if we didn’t have to.


That matters, because we all know that the effort we put into things we’re forced into doing, is much less than the effort that we put into things we want to do. By normalising its use, we blunt its effectiveness and potentially detrimentally impact the quality of compliance.

Overuse of RR can also give the impression of laziness; it is far easier to cite a regulation than to try to find intrinsic reasons why people might be motivated to do something. This fact won’t be lost on the target audience. Put the effort in to motivate them and they’re more likely to respond positively.


I began by highlighting that small changes can make a huge difference. So when I suggest that we should think about our deployment of RR, what I have in mind isn’t the entire removal of all discretionary references to regulators or regulations. Rather that we think about when we reference it and that we look to change the tone of how we communicate requirements. For example, if the intrinsic motivators inherent in a requirement are sufficient on their own, perhaps we can relegate the reference to the underlying regulation to a footnote rather than make it the headline?


We all know that good line managers need to own messages, even when they might disagree with or have had no influence in determining what they’re being required to say. The same thing could arguably be said to apply to regulation. If we implicitly “blame” the regulator and don’t “own” the requirement, then perhaps we shouldn’t be surprised if our people react accordingly.

Comments


bottom of page