A Starling Insights Deeper Dive Report
Supervisors on Supervision
— Executive Summary —
Supervisors on Supervision
— Executive Summary —
“The March 2023 banking turmoil has again shown the world that when supervision fails, poor risk management practices will fester, and problems will eventually ensue.”
Several post-mortem studies followed in the wake of the blandly-termed ‘turmoil’ of March 2023. While different reports emphasize somewhat different causal analyses, it is notable that the various studies reflect a broad consensus that the events revealed: (1) failures in risk governance on the part of the firms involved; and (2) ineffective supervisory oversight of these firms.
Among those studies, I am persistently struck by language appearing in the IMF’s September 2023 paper, Good Supervision: Lessons from the Field. But it is not the language above, from the opening of that report, that stokes my ire. It is the later observation that “supervisory judgement depends upon a holistic understanding of the financial institution, including non-quantifiable elements such as risk management culture and corporate governance.” (emphasis added)
If we accept the old adage, “that which cannot be measured cannot be managed,” then the IMF’s posture, by implication, is one of fatalistic resignation. And this is simply unacceptable; if questions of culture and governance sit among the root causes of the system instability experienced in 2023 — as a majority of the participants in the global stocktake exercise reported upon here argue — then we must devise structured and data-driven quantitative indicators by which to assess qualitative challenges of governance and supervision — proactively, preemptively, and productively.
This is the call to action that is sounded by the global supervisory community here.
Two Oxford scholars bookend the report. “Culture is not a peripheral concern,” Sir John Kay offers in his Preamble to the opening chapter. “It is central to both institutional trustworthiness and to supervisory effectiveness,” and the success of any regulatory model, he insists, “depends on the culture which emerges — both in regulated firms and in regulatory agencies.”
“Effective supervision is an essential public good,” Colin Mayer argues in the Preamble he offers at the report’s closing chapter. Financial sector oversight is about more than mitigating risk. It is about “contributing to the conditions under which trust in a financial system is sustained.” And that trust is itself a public good. “By building more trustworthy institutions through conducive cultures, we will not only create greater value for customers, employees and investors alike,” Mayer contends, “we will establish financial systems we can trust to uphold our collective and individual interests.”
These opening and closing messages come through clearly and repeatedly throughout this report. Written in the spirit of public service, it gathers the experienced views that supervisors worldwide have shared with us, in an effort to make their collective wisdom broadly available to others who would seek to advance the cause of improved culture risk governance and supervision. The report offers a sober account of the evidence to date, a statement of practice for the work ahead, and a credible invitation to act — together, through a necessarily public-private effort, as yet to emerge.
Since the Financial Crisis, conduct authorities have treated culture as a root cause of misconduct, and most early efforts to address culture in the banking sector have taken avoidance of consumer harm as their starting point. But as Carolyn Rogers observes in this report’s opening chapter, “culture is a prudential concern because confidence is a prudential asset.” Prudential authorities are thus concerned with culture as a driver of risk-control failures that erode such confidence.
In this connection, the events of 2023 highlight the overdue nature of the work that is called for here. Capital strength did not suffice to offset cultural weaknesses, and supervisory credibility suffered when warning signs were seen but not acted upon. “The risk governance failures at Credit Suisse — like those of Wells Fargo, SVB, and others — were not about liquidity alone or even principally,” John Kay argues here. “They were failures of narrative coherence, of reflexive challenge, of situational awareness. In short, they were failures of institutional culture.”
“And that these risk governance failures among firms were missed — until deposit flight was unmissable — should in turn be seen as a supervisory failure,” Kay adds. “Just as cultural fragility within firms precipitated these failures, so too did cultural inertia within supervisory bodies.” Given that, “Supervisors must therefore examine their own routines, norms, and memory structures with the same scrutiny they apply to firms.”
Culture simply must be made tractable.
At the time of failure, for instance, Silicon Valley Bank had thirty-one open supervisory issues, the majority in governance and controls. Within the firm, short-term earnings appear to have been prioritized over effective risk management; supervisory findings were met with compliance box-ticking; and long-standing governance weaknesses were allowed to persist. At the same time, within the relevant supervisory agencies, tendencies were found to have leaned towards deliberation over decision, consensus without cause, and delayed downgrades despite accumulating anxieties.
Fernando Restoy summarizes the lessons that follow. “No feasible amount of capital or liquidity can compensate for governance failures, incentive distortions, or internal communication breakdowns,” he argues here. “Culture — when misaligned — can render even the most robust balance sheets irrelevant in the face of eroding trust.” And so culture, whether viewed as a conduct or a prudential concern, simply must be made tractable. But recognizing this is not the same as rendering it such.
The stocktake reported upon here speaks to patchy progress in this direction. “Unfortunately, culture-related initiatives too often sit at the margins of the supervisory playbook,” Wayne Byres argues. And with real consequence: “Time and time again, we have seen episodes — in the financial sector and elsewhere — in which cultural factors were a critical driver of disastrous outcomes.” It would therefore be negligent, he insists, were supervisors to leave culture “to languish in the ‘too hard’ basket.” Moreover, a reflexive doubling down on past approaches to culture challenges “will not only be ineffective, but will erode confidence while adding cost without solving root causes.”
In sum, innovation in culture risk governance and supervision is no longer optional.
Supported by the findings curated through our stocktake effort, this Deeper Dive report is organized into four nested chapters. An executive summary is provided at the outset for each. We then offer views from renowned scholars who frame the relevant stocktake report-out that follows, and we provide a one-page ‘chapter-at-a-glance’ quick reference guide before diving into the relevant stocktake details. Chapter Chairs, with deep relevant experience, offer concluding perspectives.
Chapter 1: Culture as a Supervisory Concern
The report’s first chapter asks whether culture is legitimate supervisory terrain. With a Preamble by Oxford economist Sir John Kay, it answers that question in the unequivocal affirmative. Stocktake participants uniformly agree, but they highlight that acting on such conviction with the necessary coherence and global coordination remains a challenge. Key findings from the chapter include:
Culture is accepted as supervisory terrain…
Chapter Chair Carolyn Rogers — Senior Deputy Governor of the Bank of Canada and past-Secretary General of the Basel Committee on Banking Supervision — summarizes the chapter’s central thrust, insisting that culture is legitimate supervisory terrain. “When supervisors talk about culture, we are not reaching for soft concepts to round out a technical brief,” she writes. “We are addressing a set of behaviours and decision habits that can and do become manifest in financial risk.”
Culture is the lived infrastructure through which good policies become good practice.
Effective governance and supervision are not secured by rules on paper alone. Rather, it is found in the operational reflexes of people making decisions under uncertainty — within firms and supervisory authorities alike. Culture is the lived infrastructure through which good policies become good practice (or do not). It determines what gets seen, challenged, escalated, and acted upon.
As such, “The debate is no longer whether culture matters to safety and soundness, it is how to bring it into supervisory view in a way that is fair, consistent, and useful,” Rogers argues. “The last decade taught us that stronger capital and liquidity are essential preconditions for resilience. The next decade will test whether we can be equally disciplined about culture,” she concludes.
But we suffer from definitional drift …
It will be difficult to achieve such discipline, however, without first defining the terms of reference. “Supervisors use the term ‘culture’ to mean different things, often in the same discussion,” Rogers notes. This challenges our ability to approach culture risk governance and supervision with any coherence, and continued incoherence, in turn, imperils supervisory credibility and legitimacy. “If we cannot explain what we looked at, what we found, and why it matters — in language boards can act on and courts can test — confidence in supervisory judgment will erode,” Rogers warns.
Part of the challenge in defining culture ties to prevailing notions of the firm itself, John Kay points out. In his 1937 paper, The Nature of the Firm, British economist Ronald Coase described the firm as a nesting of contractual obligations that work to reduce “transaction costs.” This legalistic view of the firm has held sway since, and standard precepts of corporate governance today reflect this.
But this transactional view of the firm as a mere nexus of transactions, governed by incentives and compliance with law, “is not just inadequate, but actively misleading,” John Kay argues here.
“The modern firm is a community — of people, capabilities, habits, and beliefs — structured by history and animated by shared understandings.” Private and public organizations alike, Kay insists, are animated by “organizational routines,” which he describes as “the patterned ways in which groups behave,” and also by “organizational knowledge,” which he describes as the ways in which skilled individuals interact in the workplace, “informally but reliably.”
Critical to both concepts is their social nature. “The understandings captured in organisational routines and organisational knowledge is tacit,” Kay writes. “It is relational, not individual.” In sum, it is cultural. But past supervisory engagement with culture, Kay argues, seems to have missed this essential truth, and to have fallen instead into one of two ill-informed framesets.
Risk Culture: Those who espouse this view approach culture in terms of “rules, systems, and internal controls,” as Kay describes it. Legible and process-bound, this perspective regularly “devolves into a box-ticking exercise masquerading as governance.”
Culture Risk: This alternative perspective, Kay contends, treats culture as “a kind of non-financial residue, attributed to tone, morale, or employee engagement.” If the former is the domain of compliance, the latter is “the province of HR departments, ethics trainers, or public relations teams.” Important, but “peripheral to operations and the performance outcomes they produce.”
Culture serves as a leading indicator of both conduct and prudential outcomes.
— Carolyn Rogers
A related definitional challenge arises from use of the term “non-financial risk” — a catch-all phrase that seeks to encompass essentially any risk that can’t be modeled to the third decimal-place in an Excel spreadsheet — and efforts to plop culture-related governance risks into that leaky bucket. The term is essentially meaningless, many here argue; non-financial risks ultimately manifest in balance sheet impairments, and are thus clearly financial risks, at the end of the day.
“Some frame culture as ‘non-financial’ — which can imply it sits outside a prudential remit,” Carolyn Rogers writes, “though experience shows culture serves as a leading indicator of both conduct and prudential outcomes. This lack of clarity does not just frustrate taxonomies,” Rogers warns, “it affects what gets examined, escalated, and acted upon.”
Language shapes mindsets, that is, and mindsets shape action and inaction. Definitional drift regarding culture is thus rightly viewed as a culture problem in its own right.
And poor standards for success
These poor definitional standards are compounded by poor standards for ‘success’ in culture risk governance and supervision. “We have grown used to post-mortem analyses,” Kay writes. “But we cannot navigate the future by appeal to the rear-view mirror.” What’s needed, he argues, are “supervisory methods that are anticipatory — capable of assessing institutional coherence and behavioural reliability upstream, before the damage is done.”
Such methods need not be uniform across all jurisdictions and their respective legal traditions, but they must at least be broadly coherent, complementary, and clear. Chapter 1 sets the bar for the degree of coherence needed: a common language, framework, and data-driven metrics to permit for horizontal peer comparisons on an apples-to-apples basis, making discretion explainable and permitting for comparable judgments across borders, without prescribing any single ‘right’ culture.
And anything that resembles mere box-ticking is to be avoided. Success is not found in a checklist, but through demonstrable ability to identify converging signals of risk early, to engage proactively, to act proportionately, and with subsequent appeal to an auditable record. That means working from a shared evidentiary core and comparable analytical frameworks that make judgment legible, with due-process guardrails that permit for dissent.
In sum, success means that we can ‘show our work’ — documenting the basis of judgment (including minority views) and assuring that like-cases are treated alike, through the exercise of structured discretion, so that culture risk is governed and supervised by method rather than meme.
Chapter 2: Consequences & Challenges
If the opening chapter of the report establishes culture as legitimate supervisory terrain and notes that effective culture risk governance and supervision is stymied by definitional drift and unclear standards for success, the second chapter details the consequences of the status quo.
The chapter describes an erosion of trust in the supervisory function, as ‘invisible’ culture-driven risks are permitted to evolve into irreversibly poor risk management outcomes. As supervisory efforts to address culture vacillate between perceptions of reticence, on the one hand, and over-zealousness, on the other, critics argue that the supervisory function lacks adequate discipline. And absent some common evidentiary basis by which to establish sound views regarding culture risk governance and supervision, supervisory legitimacy itself suffers, exacerbating a vicious cycle.
An erosion of trust
“The public image of finance and financiers, on both sides of the Atlantic, is poor,” Sir Paul Tucker observes in the opening Preamble to Chapter 2. “Bailed out by taxpayers in 2008, again in 2023, and countless times in the past, this supposed embodiment of the free-market spirit turns out to be semi-socialised when things go wrong,” he argues.
The taxpayers have taken note and, while they are not pleased, the official sector appears incapable of doing much to remedy circumstances. “Legislators and regulators are supposed to do something about all this but find an accommodating climate only when memories of a crash are both fresh and publicly salient — conditions met after 2008 but, sadly, not after the 2023 debacles.”
As a consequence, faith in the supervisory function is eviscerated by what Tucker refers to as “the problem of making credible commitments.” Because they are perceived to have failed in their duty to keep the system safe (along with depositors and taxpayers), supervisors find themselves under public and political assault. This must not be shrugged off as a politics-as-usual phenomenon, Tucker insists. “In today’s geopolitics, financial system stability is vital,” he argues. And that system stability hinges on public faith in a supervisory function that delivers on its mandate, reliably.
This implies contending effectively with culture as a driver of material operational risk, within firms and supervisory agencies both, and as a driver of our ability to contend with such risks successfully.
“What matters here is not the surface texture of commercial life,” Tucker writes. “We are interested, rather, in those social and institutional norms that claim normative force because they help hold things together. Norms of complying with laws and regulations. Social norms concerning what is unacceptable even if within the letter of the law. Norms around sticking to formal promises and, in the official sector, to formal policy commitments.”
How invisible risk becomes irreversible risk
But supervisors will remain insufficiently capable of keeping to their policy commitments regarding system safety and soundness until they devise a reliable means of addressing culture challenges.
“Failures of risk governance in the industry, and of supervisory judgment in the official sector, both reflect the same reality,” writes Chapter Chair Fernando Restoy, head of the Financial Stability Institute, in closing remarks he offers in chapter two. “When culture is misaligned, risk becomes invisible until it is irreversible.”
“Too often, there is an assumption — implicit if not explicit — that qualitative supervisory actions are somehow less rigorous, or less effective, than quantitative requirements,” Restoy observes. “This view is not only misguided; it is dangerous.”
He too points to the events of 2023 to illustrate his concerns. “Credit Suisse, Silicon Valley Bank, and other institutions that appeared solvent by prevailing metrics were imperiled nonetheless due to collapsing confidence,” Restoy notes. “That collapse was not caused by insufficient capital, but by the absence of trust in internal governance, risk controls, and institutional leadership. These were failures of judgment, of incentive alignment, and — most importantly — of cultural coherence.”
Restoy insists that we cannot and should not seek to achieve coherence through new rule-making. “Rules may help to constrain activity, but they do not ensure prudence,” he writes. “They can define limits, but they cannot replace the need for adaptive and anticipatory supervision.” As such, supervisors need “more effective frameworks for identifying, assessing, and responding to risks that emerge not from capital shortfalls, but from behavioral and organizational pathologies.”
“If culture shapes behavior, and behavior shapes risk, then culture must be a first-order concern of supervision. Not examined episodically, but systematically. Not symbolically, but operationally,” Restoy insists. This necessarily moves supervisors onto ‘softer’ terrain than that to which they are accustomed, and steering into this qualitative direction leaves many feeling unsure of themselves.
Culture must be a first-order concern of supervision.
— Fernando Restoy
The lesson of this chapter, then, is that while supervisors have grasped the significance of culture, they nevertheless lack the means to execute proactive interventions with sufficient analytical rigor. And where a supervisory posture of ‘predict and prevent’ is viewed as out of reach, ‘detect and correct’ becomes the default modus operandi. Supervisors are thus left to steer on the basis of the perspective afforded through the rear-view mirror, and 2023 showed us where that leads.
Insistence that discretion be disciplined
Perceived supervisory weakness in the run up to the turmoil of 2023, Restoy argues, reflects “a mismatch between supervisory ambition and supervisory infrastructure — between what is expected of supervisors, what supervisory frameworks allow them to do, and what their own cultural proclivities prompt them to do in practice.”
Too often, many here contend, the culture within oversight agencies themselves leaves supervisors hamstrung when confronting culture-driven challenges among firms. And this is often witnessed in the form of opposing trends: either towards rule-bound proceduralism and box-ticking, or towards an over-reliance upon inscrutable supervisory judgement amidst accusations of over-reach.
“Supervisory culture — like that of any institution — can drift into performativity, avoidance, and self-congratulation,” John Kay argues. “It can prioritise the visible over the important, the formal over the real.” Fernando Restoy echoes this concern. In the run-up to the bank failures of 2023, he argues, “The internal cultures of supervisory bodies themselves were not consistently conducive to early intervention, often defaulting to procedural defensiveness over-proactive engagement.”
And yet this is not to argue that supervisors do not often seek to engage proactively to stave off trouble that may have culture at root. Many here emphasize that supervisors do regularly seek to engage proactively, on the basis of their experienced judgement, and that they show a readiness to act with forward-aiming supervisory discretion. This, however, opens a new set of challenges.
“Because finance is a shape-shifter,” Paul Tucker observes, “there is inevitably a discretionary element in any effective system of prudential oversight.” But reasonable and well-intentioned people will disagree in the exercise of discretion, and without an agreed, common evidentiary basis by which to render judgement regarding questions of culture, supervisors are left exposed to the criticism that they are exceeding their legislated mandate as made clear in black-letter law.
Jonathan Gould, US Comptroller of the Currency, pointed to this very tension in a recent speech. “There’s no substitute for examiner judgement,” Gould said. “We still need examiners to exercise their judgement. That is what supervision is — you take a generally applicable regulatory principle and you apply it to an individual bank through an exercise in examiner judgement.” But, he added, “What I’m attempting to do is to constrain the parameters of how they exercise that judgement in the scope of the examination itself.” Supervisory discretion, that is, must be disciplined.
“We must ensure that ‘discretion’ does not become a synonym for ‘arbitrariness’ — or worse, for inaction,” Restoy argues here. “If it is to remain legitimate,” supervisory discretion “must be disciplined by process and informed by frameworks.” Alas, at present, we lack precisely such agreed frameworks by which to arrive at defensible judgements on questions of culture, and processes by which to exercise the necessary supervisory discretion with the support of transparent measures.
And concern that legitimacy is being lost
“The real test of a supervisory regime is not whether it identifies risks after the fact, but whether it prevents foreseeable failures from materializing,” Restoy writes. “In this respect, the supervisory community has work to do.”
Supervisors rate firms on the perceived quality of their management capabilities. Persistent culture risk governance failures at a firm suggest that such management quality is poor. But so, too, do the lapses that follow when supervisors operate from the back-foot. Supervisors “must recognize that culture is not incidental to safety and soundness, but constitutive of it,” Restoy urges. And they must recognize that the legitimacy of the supervisory function “is earned through consistency, transparency, and a demonstrated willingness to act before harm is allowed to unfold.”
“Whatever the merits of the particular ideas aired here,” Paul Tucker argues, “the importance of aligning norms and incentives in the private sector and the official sector is not going away.” The chapter thus concludes by arguing that effective culture risk supervision requires routinized practices and discretion that is exercised on the basis of established triggers, structured reasoning, and proportionate pathways, allowing supervisors to move earlier and with legitimacy intact.
Chapter 3: Past Efforts & Outcomes
Chapter 1 says culture is legitimate supervisory terrain and sets the bar for coherence. Chapter 2 tells us why delay in developing a common evidentiary basis by which to assess culture risk governance and supervision is costly and explains why supervisory discretion must be disciplined by such absent common frameworks. Chapter 3 picks up from there, taking stock of past efforts of relevance, distilling learnings, and arguing for efforts to carry that work forward.
“The legitimacy of supervisory decisions depends not on being ‘right’ in all things,” Chapter Chair Wayne Byres argues, “but on being able to demonstrate that decisions were consistent, proportionate, and explainable. If supervisory assessments cannot meet those benchmarks,” the former Chair of the Australian Prudential Regulation Authority and past-Secretary General of the Basel Committee on Banking Supervision argues, “they will inevitably be deemed unfit for purpose.”
With that warning sounded, Chapter 3 argues that effective culture risk governance and supervision demands that we create conditions for candor, that we render judgement reviewable, and that we move on from past pilot projects towards institutionalized trial and adoption of new methodologies.
Creating conditions for candor
“Problematic cultures are most often announced not through overt misconduct or performance rupture, but through silence,” Harvard Business School Professor Amy Edmondson observes at the Preamble to Chapter 3. Culture determines that which feels “speakable,” she writes. “It therefore shapes what gets surfaced early and what metastasizes quietly, only to surface when it’s too late to course correct.”
Problematic cultures are most often announced not through overt misconduct or performance rupture, but through silence.
— Amy Edmondson
Edmondson is renowned for her defining work on “psychological safety” — conditions of obligatory candor that mark out effective learning organizations. “Psychological safety,” she writes here, “must be understood as a structural precondition for surfacing dissent, diagnosing early warning signs, and enabling the kind of rigorous, candid dialogue that complex systems require if they are to avoid unnecessary failure and adapt to risk in real time.”
In recent years, financial sector supervisors worldwide have embraced the notion of psychological safety, testing for its existence and calling out its absence.
“The ECB expects that banks facilitate a culture of effective communication and challenge at all levels,” insists its 2024 Draft guide on governance and risk culture, “from the management body and senior management to the staff, to strengthen the ability to openly and constructively challenge decisions.” With this in view, it tests for evidence of this through means such as “Dedicated training on risk culture-related topics, such as psychological safety and the bank’s speak-up policy.”
When it investigates conduct risk management failures, the UK’s Financial Conduct Authority routinely finds culture at root cause. This not only threatens to permit for further misconduct, but it undermines the cause of growth and competitiveness. Because “what is absolutely clear,” Chief Operating Officer Emily Shepperd insisted in an April 2025 speech, “is that the risk-taking required for long-term growth will be reliant on a foundation of healthy firm cultures.”
And healthy cultures are those which promote psychological safety, because “environments where people don’t feel psychologically safe to speak up can become breeding grounds for even bigger problems — hidden mistakes, ignored risks, and ultimately, harm to consumers and our markets,” Sheppard argued. “And that is why healthy firm cultures are, and will continue to be, not just a moral issue, but a regulatory concern too.”
And what’s good for firms is good for their overseers. “If supervisors want to demand candor from the firms they oversee, they must first cultivate it within their own ranks,” Edmondson insists here.
“Culture is the infrastructure of organizational behavior, the scaffolding that supports perception, decision, and action,” Edmondson writes. “And what decades of research across sectors has shown — whether in aviation, healthcare, or financial services — is that ‘invisible’ cultural failures nearly always precede visible institutional failures.” This is as true for supervisors as it is for firms.
Rendering judgement reviewable
“When you supervise people in complex institutions,” Edmondson cautions, “your effectiveness is defined not just by what you enforce, but by what you make it possible to know. And that requires seeing culture not as an outcome to be audited but as a system condition to be examined in vivo — and one that is understood to be a precursor of performance.”
As such, we must render culture, as a driver of performance outcomes, operationally visible. Without this, effective culture risk governance is hampered, as is effective supervision thereof. And not only because supervisors will struggle to apprehend culture-driven risk concerns among the firms they oversee, but also because they will struggle with their own cultural encumbrances.
We must render culture operationally visible.
“For supervisors to be effective,” Chapter Chair Wayne Byres notes, “they must not just be able to comprehensively assess the risk profile of the firms they supervise, but they must also demonstrate the right supervisory culture themselves.” There is thus a business need, as well as a supervisory need, to better manage these issues, opening opportunity for supervisors and firms to collaborate.
“A consistent and robust framework for assessing culture — a common lingua franca, if you will — would be an extremely valuable addition to the supervisory toolkit, of benefit to both supervisors and those they supervise,” Byres urges.
Rendering judgement reviewable means designing both firm and supervisory practice so that the path from signal to decision can be traced, tested, and, where necessary, contested. Psychological safety and candor generate the raw material — the disclosures and dissent that complex systems need in order to see themselves clearly.
Moving on from pilots to practice
Chapter 3 therefore argues that the next phase of work must move us beyond ad hoc diagnostics and towards common frameworks that discipline judgement. That means agreed indicators linking cultural conditions to prudential and conduct outcomes, ex ante, as well as supervisory processes that require decision-makers to show how those indicators shaped their views and actions.
Efforts in this direction, the chapter reports, have been made in the years since the Financial Crisis. Unfortunately, however, “culture-related initiatives too often sit at the margins of the supervisory playbook — interesting, but not trusted; informative, but not decisive; visible, but not integral,” Byres writes here. “They remain, by and large, in the experimental phase.”
The task ahead, he argues, is to shift from past experimentation towards broad institutionalization. “That requires structure, discipline, cooperation and above all, it requires a continuing commitment to act,” Byres insists. In particular, he urges, the international standard setting bodies “must begin to focus more directly on supporting and encouraging the cultural attributes that in turn support good supervision.”
Culture-related initiatives too often sit at the margins.
Regrettably, cultural inertia impedes precisely such needed effort. “Most supervisory bodies are designed for clarity, consistency, and control, leaving little room for ambiguity or experimentation,” Amy Edmondson observes here. “Yet managing culture-related risks (and opportunities!) demands learning before there is consensus.” If we want supervisory regimes that “effectively identify and address behavioral conditions inside institutions before harm is done,” she insists, “then we must be willing to experiment — and sometimes to fail.”
Regulatory and supervisory agencies, however, are risk averse by nature, and slow to embrace the risk inherent in innovation. “Their hesitation to admit uncertainty or pilot unproven approaches may be presented as prudence and may even genuinely feel like such,” Edmondson writes. “But it is often simply paralysis disguised as professionalism. The deeper risk lies not in trying and failing, but in failing to try,” she argues, “And in a system where so much rides on acting with foresight, the refusal to experiment is itself a kind of recklessness.”
Chapter 4: Future Directions & Obstacles
“What makes a supervisor effective is rarely written down,” John Kay argues here. “It lies in the interpretive reflexes of experienced examiners, the judgment shared between colleagues who have seen a failure unfold before, the memory of lessons learned that subtly shapes how new risks are viewed. These things cannot be manufactured on demand.” They derive from enculturation.
So if we are to improve the supervision of culture risk governance, then we must attend to the cultural predilections of the supervisory community itself in the first instance. That conclusion is heard often and loudly throughout this report and is emphasized in its closing chapter. With that goal in view, the chapter puts forward three means by which this is to be achieved.
First, supervisors must work to devise a surer method by which culture risk governance and supervision is to be conducted, and we must hold the supervisory community accountable in this connection. This is work the supervisory community must pursue, not merely encourage.
Second, whatever methods and measures are adopted, this should take place in a coherent and complementary manner across jurisdictions. That being argued, it is not to insist upon uniformity; differing priorities and legal traditions must be respected even as best practices are identified.
And third, success in this direction is central to improving the perceived trustworthiness of financial sector institutions and those who oversee them. Achieving that success will require new collaborative engagement, public and private in nature, to promote collective action.
As Carolyn Rogers observes here, “Supervisors do not have a monopoly on insight into culture and norms of behavior.” If the supervisory community is to take the lead in promoting advances in its own capability set, Rogers insists, then it will need support from “firms that are willing to open the black box of decision-making, investors who can articulate how culture affects their risk assessment and valuation, technologists who can build tools we can explain, and academics who will test what we believe we see. We also need the convening power of standard setters and international bodies, because the firms we supervise are international, and so are the risks.”
Apparatus and accountability
“If we aim to sustain the mandate for delivering effective supervision, we must practice good governance ourselves, demonstrate our work, and welcome scrutiny of our own supervisory cultures,” Chapter Chair Elizabeth McCaul, a past-Member of the Supervisory Board of the European Central Bank, argues here. “That is how supervisory legitimacy is earned. That is how it is kept.”
This perspective is echoed by a majority of those who share views throughout this report. Colin Mayer, Emeritus Professor of Management Studies at Saïd Business School and the Blavatnik School of Government at the University of Oxford, provides supporting commentary in his Preamble to Chapter 4. “In assessing an institution’s capacity to manage operational risks, supervisors tend to focus on reviewing the tangible evidence that can be readily assessed: codified governance policies, processes, systems, and related formal controls,” he writes. “During the banking sector turmoil of spring 2023, it became clear that, while necessary, attention solely to such tangible evidence was insufficient if supervisors are to satisfy fully their prudential mandate.”
Mayer defines culture as “the set of norms that prevail in the organization and align the individual interests of employees with those of the organization and those the organization seeks to serve.” He calls for promotion of “principled cultures as against those which aim for mere compliance with rules.” And he argues that, “firms and their supervisors would both be well served by a common evidentiary base on which reliable conclusions about culture risk governance could be drawn.”
“Regulators will have to engage in major exercises to develop supportive analytic tools if they are to deliver necessary changes in culture both within their own agencies as well as amongst those they oversee,” Mayer insists. And McCaul spells out the stakes plainly: “Culture is where the governance aspect of the financial system is apparent, and where the supervisory regime earns sustained legitimacy — or falls short.” It is for the supervisory community itself to preserve its legitimacy.
Coherence without conformity
“When high-quality regulations and supervision are applied around the world, the benefits are shared by all,” Ryozo Himino, Deputy Governor of the Bank of Japan, argued in a recent speech. “Yet common interests do not automatically yield common rules,” he notes, and rule-making is at times inferior to standard-setting.
Standards, Himino argues, embody “the collective wisdom of global regulators” and reflect “lessons from mistakes made around the world.” With this in view, he asks, “how can we effectively mobilize knowledge and power in the changing global landscape to continue to innovate international prudential standards?” Himino does not pose a crisp answer to his own question, but he does argue that “the quality of consensus matters as much as the quality of standards.” And so what must be prioritized is effecting a means by which high quality consensus can be reached and broadcast.
Consensus aims at coherence rather than conformity, and contributors to this report emphasize that it also requires convening power. International standard-setters are thus called upon to convene a collaborative effort to establish shared platforms for gathering evidence and sharing lessons, so officials across jurisdictions can transpose practice without seeking to impose values.
“Since the global financial crisis, the focus of supervisors has shifted to governance and risk management,” observes Claudia Buch, Chair of the Supervisory Board of the European Central Bank, in a speech delivered last month. “Supervision and regulation needed to pay greater attention to what happens within banks,” Buch argues “how decisions are taken, how the incentives of those taking decisions can increase the costs to others.”
Defining what we mean by “good governance and risk management” remains a challenge, however. “While recognising this,” Buch insists, “it is still possible to define good practices.” Buch points to the flurry of effective standard setting work done by the global supervisory community in the wake of the Financial Crisis as an illustration of what can be achieved when political will is present.
“Despite the progress that has been made, key questions remain,” Buch concludes.
“Have reforms effectively changed behaviour?” she asks. “How does risk culture shape daily decision-making inside institutions? These are questions banks need to ask internally, supervisors need to focus on — and we also need more research to get answers.”
Without such research, conducted in a joined-up manner across the global supervisory community, coherence on culture risk governance and supervision will remain aspirational.
Trust by design
Like many who trained in economics, Buch places emphasis on the role of incentives in driving behavior and, in the speech referenced here, she ties this directly to the means by which trust in the financial sector is best advanced. “Having the right incentives in place is important for trust in banks,” she argues. “Yet, it is difficult to measure progress under the post-crisis reform agenda. Changes in incentives and behaviour cannot be quantified,” Buch concludes, echoing the IMF assertion with which this Executive Summary opens.
For supervisors, trust is not bestowed; it is built on excellent design.
— Elizabeth McCaul
And here again I’ll reiterate my earlier indignation: this posture of implied futility cannot stand if trust in the financial sector and the supervision thereof is to be assured and furthered.
“For supervisors, trust is not bestowed; it is built on excellent design,” Elizabeth McCaul emphasizes here. It is earned when we can see clearly, explain clearly, and act clearly — early enough that our decisions prevent avoidable harm rather than remedy its aftermath, she explains.
Colin Mayer suggests that success in this direction is the litmus test for supervisory legitimacy: “we should evaluate the performance of regulatory bodies in relation to the extent to which they succeed in promoting conducive cultures within the institutions they oversee,” he writes. “They should be assessed in keeping with the trustworthiness and confidence that their own culture and conduct inspire.”
The inaugural publication of the Starling Compendium — our flagship annual report — appeared in 2018. Its production was prompted by a discussion at a conference on culture and conduct reform in the banking sector, convened by the NY Fed. Nowhere, we complained then, had the collective views of the global supervisory community regarding culture as a matter of supervisory concern been aggerated into one convenient desk-reference.
The Compendium was our effort to redress that, and our Deeper Dive series of reports was conceived as a means of probing more meaningfully some of the core questions that we could address only more superficially in the Compendium.
Over the eight editions of the Compendium that have since appeared, we have collected the views of over 200 contributors. They are joined by dozens more who have offered remarks for inclusion in our Deeper Dive studies, and now the added dozens who join the conversation we capture in this report, “Supervisors on Supervision.” In the course of producing these volumes, our own role has evolved: where we began by summarizing a conversation that had caught our notice (2018-2019), we soon found ourselves curating an ongoing conversation (2020-2021), informing it as it continued with an expanded scope (2022-2023), and on to convening the continuing dialogue (2024-2025).
With the production of this current study, we find ourselves directing a necessary global discourse and shaping how the policy community considers acting upon it. We are privileged to have been entrusted with this, and deeply grateful to all those who have helped to make this work possible.
For, as this report makes clear, that work is necessary and must continue.
The story we have chronicled over the past eight years has moved from aggregation to architecture. Going forward, success will be measured in consistency and collaboration, marked by investigation and implementation, and it must be demonstrated through a program of supervisory modernization that disciplines discretion, preserves legitimacy, and assures continued trust in the financial system and its supervisors.
Stephen Scott
Executive Editor, Starling Insights
Stephen Scott is the Founder & CEO of Starling and the Executive Editor of Starling Insights. A risk management expert, he has led successful investigative intelligence engagements in over 50 countries and has worked with: corporate boards and officers; governance risk & compliance professionals; internal and external legal counsel; PE firms, hedge funds and other investors; and with government officials worldwide. Stephen has lived and worked in New York, Washington, Chicago, London, Frankfurt, Madrid, and Shanghai. He holds degrees from Cornell University, the London School of Economics, and dual-MBA degrees from Columbia and the London Business School.
Join The Discussion
Sign in and be the first to comment.