“Only when the tide goes out do you discover who’s been swimming naked” – Warren Buffett

In 2008, whilst analysing patterns of ‘bad behaviour’ among bankers caught up in an epic financial crisis, I suggested that financial markets might benefit from a more behaviour-based approach to regulation: More focus on real Human interactions, less on those imaginary Econs. My research subjects, many of them paid-up Econs, huffed that the markets would be just fine again if only we could all work a bit harder at getting our quant models right.

Less than five years later, in 2013, Her Majesty’s Government gave birth to the Financial Conduct Authority (FCA), the world’s first self-styled behavioural financial regulator.

Come 2015, that regulator is now a voluble two-year-old, talking up its own behavioural research1 and setting a course that other regulators increasingly follow. What happened, and what’s happening?

It’s all going a bit mainstream

If you’re at all involved in the financial sector, behavioural economics is more than just a fashionable theory: suddenly, behavioural regulation has become real, and compliance with its mandate is becoming very expensive2. Provider firms are being fined huge sums, not just for the bad behaviour they have inflicted on customers, but also for actions that they have not taken that have negatively impacted their customers3. When it comes to behaviour, regulators are prepared to punish sins of omission as well as commission.

From the outset, the UK’s FCA set an assertive agenda invoking behavioural analysis to “place consumer interests at the heart of [regulated] business” (FCA: 2013), and it is willing to both define its own role broadly and work with other watchdogs to get results4. Its behavioural weapons of choice include compelling businesses to design out asymmetric incentives, such as quick-cash commissions and systemic conflicts of interest; promoting  “more functional market structures”; and banning sales practices that “take advantage of consumer bias” (FCA: 2014).

…and global

Other financial regulators and supervisors around the world are now expanding their remit, in both jurisdictional reach and the scope of defined offences. Conduct risk – now defined as a subset of behavioural risk – is appearing more and more often as a specific focus of attention5. Regulatory agencies are collaborating across boundaries to explore the theme: such as the FCA with the local competition regulator (CMA); and the Central Bank of Ireland’s consumer protection review through the Netherlands’ regulator (AFM: 2015).

Individually, regulators also continue to extend their reach. The FCA has recently taken on the payday lender subsector (HCSTCs6). Together with its regulatory sibling (prudential regulator, the PRA), it is also now empowered to intervene in person against any non-executive director (FCA: 2015b).

It’s the behavioural risks that continue to excite the regulator’s greatest interest. Information asymmetries are seen as a natural start point for enforcement actions against “abusive strategies” (FCA: 2015a)—a clear reference to recent scandals involving manipulation of forex market prices and interest-rate benchmarks.

At ground level, the UK regulator has also started to use behavioural studies of customers to call attention to common forms of bias, reminding providers that these affect not just retail consumers but also the bigger beasts on the buy-side: eligible counterparties and professional clients. All customers, large or small, novice or veteran, are to be warned about “unrealistically high expectations” (FCA: 2015a) resulting both from sell-side and buy-side biases. The onus is now on providers, who will be expected to account for how a range of real or perceived biases affects each buyer and to neutralise any inherent biases on both buyer and seller sides—although how this will be achieved is not yet clear.

Back to school

The new regulator’s first shortlist of targeted “potential areas of bias” (FCA: 2014) read like a BE-101 tutorial, including as it did present-bias, overconfidence, framing and herding. All of this presents a triple challenge for practitioners, who are now required to solve these slippery cognitive problems;

  1. to explain to the regulator how they have achieved their solution; and
  2. to prove how their approach works, by
  3. showing the relative merits of their chosen methods of behavioural risk control.

If that all sounds a bit like some kind of new exam for financiers—it is, in effect. But far more than exam grades are at stake. This is about licences to trade, about the livelihoods of financial firm principals and all their staff, and ultimately about the survival of entire markets. Financial regulators in other jurisdictions are not far behind, with proposed extensions of powers into behaviour control after findings of conduct “black holes” among providers in numerous other markets. As other jurisdictions phase in local behavioural agendas, it’s worth noting that the UK regulator has helpfully highlighted one important global distinction, between two discrete elements of behaviour: innate bias (the cognitive blind spots we’re all born with) and socially validated “bad behaviour” (notably, the tendency of pumped-up sales teams to gang up to over-sell stuff to naïve buyers).

New predictors of bad behaviour

We would all like to think that our offices are full of positively motivated people, yet the reality is that some of our staffs behave in a variety of ways that do not conform to expected good behaviour. Moreover, each individual’s behaviour is being constantly adjusted in reaction to both positive and negative reinforcement.

Behavioural science offers a welcome deeper insight here. For example, and as we might expect, a typical employee likes to do more of the things that get a good response from his or her colleagues and less of the things that make him or her feel uncomfortable. However, each of us may also be unconsciously connecting our possible actions to a highly personal mental picture (reification) of the probable pleasure or pain that will result, and accordingly do more or less of the action.

A manipulative employer who knows about this may use this effect to adjust employee behaviour profitably away from acceptable norms. Some may replace simple reward for effort with a potentially dangerous alternative – instrumental conditioning – that offers greater rewards for doing ethically flexible local versions of working practices (“the way we do things around here”)(Miles, 2012).

Naïve optimists?

In the Boardroom, and suddenly facing the very personal-seeming7 threat of possible time in prison, each Director is having to learn to be more vigilant. Nobody can now afford to assume that a positive risk culture is their organisation’s default value setting. Directors are learning to be more wary of, for example, their popular line manager who eases staff into unethical practices by “normalising” any non-compliant behaviour from the outset.

In days gone by, an employer who wanted to bend the rules might create work routines that made bad behaviour feel familiar and acceptable, knowing that employees’ latent discomfort about performing a doubtful task would lessen the more often they repeated the task. Over time, staff could accept and even learn to enjoy regular activities that they knew intuitively to be problematic. Add in human tendencies to want to believe whatever senior people tell us, and to blend in by copying others in a group, and it’s easy to see that staff behaviour—and the firm-wide risk culture that followed from it—could be open to material manipulation. No longer. From now on, regulators stand ready to call this out.

Saying what we mean

Although the British regulator hasn’t yet put it as bluntly as this, the task for businesses is to fix their own behavioural lapses in four ways:

  1. to address identified biases;
  2. compensate for these;
  3. challenge identified patterns of bad behaviour; then
  4. eliminate them.

This is the regulator’s recipe for an ethical conduct environment.

The behavioural toolkit available to us all includes new diagnostics that reveal unwelcome patterns in unexpected places. One of these tools is linguistic analysis: In the past, industry jargon signified a careless mode of customer engagement that the punters (and reforming governments) found by turns quaint and somewhat insulting. For example, it may be technically correct for an internal auditor to classify and register good behaviour as a “risk”, but the label8 seems contrary and puzzling to most outsiders.

That’s only one instance of how financial markets’ engagement with human factors of risk has evolved in a parallel universe, with its own language and often oddly disjointed components. Another example: in one silo, anti-money laundering staff study the criminal charges associated with “knowing your customer”; meanwhile, just down the hallway, the marketing team work up a new “customer-centric” offering. Now that they are compelled to demonstrate truly customer-facing behaviour, providers have started to notice how damaging their contrary use of language could be to their brand value – and are taking steps to fix it.

So if “acceptable” conduct isn’t just words… what else is it?

Language is only one (if often ignored) sign of the possible onset of bad behaviour towards customers. A less subtle example, sadly familiar to consumer activists, is when a junior counter clerk shakes down a loyal elderly customer for failing to produce a passport to prove identity. From the customer’s point of view, that’s a crazy, common sense-free event.

This type of consequence-blindness may not only break through to disrupt the retail branch, but may also lurk within the Risk Committee and fester among back office and compliance staff who do not routinely face customers. Lawmakers and consumer watchdogs will increasingly call out inept behaviour as unacceptable, creating new areas of reputational, as well as compliance, risk.

Not so very long ago, a leading British regulator publicly questioned the societal value of investment banking9. Since then, other regulators have felt intensely relaxed about extending the scope of the control debate into BE-related policy territory. They foray into the broader debate on social economics, not only questioning the benefits of banking, but also dropping into public speeches some distinctly BE-sounding10 rhetorical questions such as: Why do consumers reward poor products?, and: Why aren’t purchase decisions rational?

Where in earlier times the finance industry may have been tempted to respond with the frank, non-defence that it’s just the way we do things (“that’s business”)(Miles, 2012), the new challenge for providers is to move on, to be more affirmative in explaining the value of their offerings. Behavioural regulation demands that everyone demonstrate new customer-centric credentials based on how they’re seen to act in day-to-day consumer encounters—and often literally how they act, in the angry glare of customers’ social media critiques.

Acceptable Behaviour 101: Financial Firms Change Their Thinking

The starting point for each provider has been to ask, “Do we conduct our business the way we do because it’s the best practice in our industry, or is it just that nobody has recently thought (or dared) to question why we act as we do?” There’s then a tougher question to be asked and answered: “Is what we’ve designated ‘normal’ conduct actually good behaviour or just our local way of protecting questionable practices (whether or not we consciously intend to)?”

One of the regulator’s core purposes with the new-style regulation is to give customers at all levels (consumer, professional, counterparty) a fair deal, to “understand… which combinations of product features and behavioural biases drive investors’ misperceptions

(FCA: 2015a). The regulator—and providers, too—want more research into this.

Meanwhile, what hard-pressed compliance and risk managers now want is a practical work plan to overcome their legacy stack of risk-cultural baggage. Most of all, they would really like to see a list of specific offences, to help them to “heat-map” noncompliant conduct; but the regulator demurs.

Alternative approaches, then?

As BE-ists know, though, there are other ways to skin this cat. Last year, in regular conversations with the Boards of various financial providers, one would hear a familiar set of opening questions (“Roger, this behavioural regulation thing, where’s it all going? Why’s it suddenly so big? And so eye-wateringly expensive? Can you make it go away, please?”).

This year, Boards’ line of questioning is more reflective: How is our firm supposed to assure the regulator that we have best practice in managing behavioural risk, if there’s not yet a defined standard for reporting it? What will good behavioural risk controls look like?

To which one answers:

If it seems that there’s a lot of new behavioural stuff for financial managers to learn, the premise of the new regulation is simple enough: Past methods of calibrating risk, mainly with reference to movements of money, ignored many indicators of how people actually behave. Money-based, quant risk models had created an illusion of certainty11.

By contrast, our new behavioural methods offer greater power to predict how real life will play out—what will happen when real people interact, rather than just a series of abstractions moving through a virtual risk model. Human factors analysis explodes many of the comforting old ‘Econ’ assumptions, newly grounding our understanding of risk-taking. As enjoined by our thought-leaders, we should be relentlessly empirical12 in pursuit of this.

There’s a hard edge of urgency to this, too. Where before the days of behavioural regulation one might have harmless fun identifying how sales staff exploited consumer ignorance or bias to close a sale, after 2015 any failure to detect bias-based selling may attract an unwelcome enforcement visit from the regulator. (Investors, meanwhile, may be reassured that good behaviour appears to correlate positively with share price.)

All of which suggests that financial firms would do well to join us in taking a pragmatic view of the new regulators’ agenda. The sector is being challenged – this year in the UK, next year everywhere – to install behavioural risk controls. As currently defined, this means risk managers placing customers’ interests at the core; binding risk into strategic planning; and getting all staff into risk-aware ways of working.


Behavioural science, and regulators who use it, are helping to refocus corporate Boards on a simple human truth: We make sounder decisions when we stop fixating on charts and look directly and critically at how people interact with other people. If BE-ists have to frame the point a little more analytically, to ward off the lingering Econs, could we agree to do it something like this: We can reduce over-dependence on proxy indicators that are derived and financial, by starting to give greater weight to directly observed human factors.

Or, again, more simply like this: The behavioural view explains why people do as they do, in reality; how real people will really respond to real events and propositions. Rather than shy away from it as “soft” science, any effective leader might want to embrace BE for its greater power to predict What Actually Happens. What leader (worth the name) wouldn’t want to be able to make more robust decisions? To transform uncertainties into manageable risks? With or without a regulator watching, BE will be shaping the future of good governance.


Financial Conduct Authority (2013). A response to Journey to the FCA: Your questions answered. Retrieved from http://www.fca.org.uk/static/documents/a-response-to-journey-to-the-fca.pdf.

Financial Conduct Authority (2014). FCA risk outlook 2014 (Part A: Drivers of risk). Retrieved from http://www.fca.org.uk/static/documents/corporate/risk-outlook-2014.pdf.

Financial Conduct Authority (2015a). Occasional Paper No. 9: Two plus two makes five? Survey evidence that investors overvalue structured deposits. Retrieved from http://www.fca.org.uk/static/documents/occasional-papers/occasional-paper-9.pdf.

Financial Conduct Authority (2015b). Consultation CP15/9: Strengthening accountability in banking: A new regulatory framework for individuals. Retrieved from http://www.fca.org.uk/static/documents/consultation-papers/cp15-09.pdf.

Miles, R. T. (2012). Banks, regulation and rule-bending. In E. Davis (Ed.), Operational risk: New frontiers explored. London, UK: Risk Books.

Netherlands Authority for the Financial Markets (2015). A review of the consumer protection function of the Central Bank of Ireland. Retrieved from https://www.afm.nl/~/media/files/rapport/engels/mutual-learning-programme.ashx.

The author

Roger Miles at Berkeley Research Group researches and counsels on behavioural risk, engaging with leaders in public sector, commerce and professional groups. He also teaches and examines postgraduates studying risk perception and related behavioural effects. He has advised on value protection and other issues management for major financial and professional firms and the EU’s largest financial provider advocacy group.

His clear explanations of risk, bias and behaviour in financial markets, and conduct risk commentaries (for Reuters) have a worldwide readership that includes the regulators. He contributes both to expert practice texts (FT, IOR, GARP, OCEG) and as a plain speaking ‘risk explainer’ in crowd-pleasers (such as Watching the English and Trial and Retribution).

Dr Miles’s live behavioural field study of bank Board members gaming their own risk controls during the 2008 crash, published in Operational Risk: New Frontiers, predicted a new conduct regulator two years before the FCA was created.