The Behavioural Science of Compliance
What can branding and the functionality of the rules teach us about the real drivers of human decision making and good compliance?
The branding of the term ‘Compliance’ can tell us a lot about its functionality and many employees tend to associate it with rules and a distinct lack of fun. When it comes to effective compliance, it is important for employees to start ‘thinking compliant’ and move away from branding associated with authority. As this article explores, behavioural science can tell us a lot about compliance and the real drivers of human decision making.
Compliance: What’s in a name?
Ask the average employee what they associate with the word ‘Compliance’, and you’re very likely to hear one of two types of response. The first is words that describe the area of technical expertise in which the function specialises — things like ‘rules’ or’ regulations’. The second is descriptions of the way it operates. Best-case that’ll be words like ‘necessary evil’ and worst-case ‘bureaucrats’, ‘business prevention unit’ or ‘fun police’. Now, none of those answers sounds particularly positive. Except, perhaps ‘fun police’, which can either be read negatively as ‘the people who are there to stop the fun’ or positively as ‘the police who are fun’. The fact people are unlikely to say nice things about Compliance shouldn’t really surprise us. After all, the ‘C-word’ isn’t exactly uplifting or positive! If we were creating a brand and wanted to make it sound negative or awful, we’d pick a word like ‘Compliance’. And then we’d add the suffix ‘Officer’.
Whoever it was that first adopted the word in the context of corporate adherence to regulations — and I’ve heard lots of different suggestions for who that might have been — clearly wasn’t too concerned about what employees would think of it. On the face of it, it shouldn’t matter. After all, employers have the legal right to set rules for their employees. We all implicitly accept that in return for being paid, we will need to show up to work — either physically or virtually — and there will be some rules that are imposed on us. But if we think about what being ‘compliant’ means — in other words, the nature of the rules we need employees to follow in the 21st century — there’s a potential risk in thinking in those terms.
Not all rules are the same
That’s because not all rules operate in the same way. At one end of the spectrum, there are simple binary rules that lend themselves to being easily monitored and enforced. They’re the compliance equivalent of speed limits; they are simple to explain because the risk they mitigate is easily codifiable. Just as we either are or are not driving within the speed limit, these are rules with which an employee either is or is not compliant. For example, a worker in a restaurant kitchen either has or has not washed their hands properly before handling food. But there are other risks that are far less codifiable and where compliance with the rules has a qualitative element. In other words, where we need the individual concerned to engage with the requirement positively because ‘unthinking compliance’ won’t deliver the desired outcomes.
A good example comes from Financial Services, where, emboldened by the 2008 crisis, regulators have been increasingly focusing on something known as ‘conduct risk’. In simple terms, this means regulating not just what people within the industry are doing but also how they are doing it. It’s not the only sector where this is happening. Other regulators are now following this trend and looking through new ‘ethical lenses’ at what companies in their industry are doing. To run a sustainable business — and meet the demands of emerging areas like ESG — means it’s no longer acceptable to justify a decision because it was ‘within the rules’. Or indeed, that the rules or laws didn’t explicitly prohibit it. As the saying goes, ‘just because you can, doesn’t mean you should’.
So what?
So, what does that have to do with the branding of the Compliance function? On the one hand, absolutely nothing. But, if we want people to comply with rules that require them to engage thoughtfully, it’s worth thinking about what message we’re sending. The more we need their help in being ‘thinkingly compliant’, the less wise it arguably is to be seen to be treating them like small children.
I’m not seriously suggesting that what we call the function is, on its own, going to drive employee perceptions of the way we view the rules. But it is a reminder that when we impose compliance requirements on humans, they will have a view on it. Not just about what we’re asking them to do or not do. They’ll also be thinking about our authority in that domain — what moral right do we have to impose a particular requirement on them? And they’ll have views on whether what we’ve mandated seems reasonable, given the underlying risks. Their response won’t simply be driven by whether we’re legally allowed to tell them to do something. It’ll be based on how the employees perceive it. So, even if what we’re imposing is entirely reasonable from our perspective, they might disagree. We’ve all come across rules we think are silly, authorities that we believe have ‘overstretched’ themselves and petty bureaucrats that have made our lives unnecessarily unpleasant.
The lesson the terrible branding teaches us is relatively simple; there is a difference between situations where the risks are predictably constant and those where they are not. What might work in a nuclear power station — where health & safety is essentially a matter of respecting the laws of physics — might not work in a sales office. And vice versa. Of course, most work environments will demand compliance programs that combine ‘hard-and-fast’ rules for some risks and more flexible outcome-based principles for others. But in both cases, we’ll need to consider how employees are likely to respond. Not how we’d like them to respond, but how they are likely to respond.
Summing up
If that sounds too difficult, it needn’t be because it’s precisely what advertisers, sales executives, and retailers are already doing when interacting with their customers. Just as they need to understand their customers’ perspectives and what makes them more (or less) likely to buy a particular product, we need to know what might make people more (or less) likely to be compliant.
We can do that by deploying techniques from Behavioural Science, the understanding of the real drivers of human decision-making. How we go about that is a matter for another blog. But for now, it’s worth understanding that if we want to make our organisations compliant, we need to think about how we can best influence our employees. That will probably require us to adopt approaches that don’t align nicely with the name of our function.
Utilising an integrated compliance solution offers a fundamental advantage in obtaining in-depth insights.