Companies Waking up to Value of Behavioral Science in Helping Manage Risk

In The News
October 25, 2018

New approach uses data to analyze why people act in a certain way to more effectively inform compliance programs, compared to traditional policy-led methods

Companies in Europe and America much more aware of the new approach than those in Asia and Latin America

An increasing number of companies, particularly in the UK and across Europe, are recognizing the value of adopting a data-driven approach to compliance, supported by behavioral sciences strategies, to go beyond the traditional model of relying on policies and procedures according to new research from global law firm Ropes & Gray. 

The research – based on a global survey of 300 senior-level executives working for multi-national businesses in North America, EMEA, Asia Pacific and Latin America, in the asset management, private equity, banking, life sciences, healthcare and technology sectors – reveals that although only a handful of companies have actually implemented a behavioral sciences approach to their compliance programs, over half (55%) have heard about the approach and a significant majority (84%) believe it would helpful or very helpful in helping them identify and manage their risks going forward. 

These figures, however, mask a stark contrast in levels of awareness between companies in Europe and North America, with those in Asia and Latin America.  Most companies in Europe (81%) and North America (77%) are aware of the new approach, with even more seeing value in using it to inform their compliance programs (93% in Europe and 94% in North America).  This contrasts with the levels of awareness in Asia and Latin America, where just 20% of companies in Asia and 7% of companies in Latin America have heard of the approach and, correspondingly, there is less recognition of its value (48% in Asia and 57% in Latin America). 

The research also found differences in awareness by sector.  Most technology (64%) and life sciences (60%) companies, alongside banks (56%) have heard of the approach and see value it in.  In contrast, fewer asset managers (48%) and private equity firms (42%) are up to speed on the development. 

Commenting on the survey findings, Amanda Raad, co-head of Ropes & Gray’s risk management practice, said: “One of things we’ve heard from clients time and again is that despite investing heavily in developing robust compliance programs, bad conduct still happens.  With regulatory enforcement on the rise around the world and the penalties for non-compliance severe, it is time to consider taking different approaches and a number of businesses – particularly those in Europe and North America - have begun to do just that.  Instead of relying on legal and compliance professionals developing and implementing a policy, companies are beginning to focus on the root cause of behavior to understand what motivates people to engage in bad conduct.” 

Ryan Rohlfsen, co-head of Ropes & Gray’s risk management practice, added: “The traditional policy-led approach to compliance is looking increasingly dated and may ultimately be bad for business. Companies failing to innovate in this area run the risk of falling behind their competitors.” 

Other key findings from the research reveal that:

  • Nurturing compliance:  61% of the executives surveyed said clear guidance regarding applicable laws and regulations is one of their top two considerations when helping employees understand compliance, and more than 34% said that clear guidance on identifying risk areas is the most important element. 
  • Cultural challenges: The culture of the country or region where a company operates was cited by 57% of respondents as one of the biggest obstacles to the implementation of an effective compliance framework. Company culture and the role of top executives was also cited. 
  • Differences by sector: Requests from government officials are the biggest challenge facing compliance executives in asset management (66%) and banks (58%). For those in life sciences and health care, however, compliance requirements that get in the way of business operations is the biggest challenge. 
  • Managing third-party risk: Companies have struggled to determine which of their executives should own this responsibility, as well as the right size and scope for third-party diligence. Informal background checks executed internally are the most common (83%). More than two-thirds of respondents in EMEA and North America said they periodically implement risk-based assessments of their third-party providers. That falls to half in Asia Pacific, and just 30% in Latin America. 

A copy the report is available here.  

A video featuring Amanda Raad discussing the findings of the report is available here

Learn more about Ropes & Gray’s Risk Management practice here.