A Starling Insights Deeper Dive Report
Supervisors on Supervision
— Chapter Four Preamble —
by Colin Mayer
Emeritus Professor of Management Studies, Saïd Business School, Oxford University
Dec 15, 2025
Deeper Dive
Supervisors on Supervision
— Chapter Four Preamble —
by Colin Mayer
Emeritus Professor of Management Studies, Saïd Business School, Oxford University
Dec 15, 2025
Deeper Dive
At the heart of this report are the supervisory bodies — and the supervisors — charged with overseeing financial institutions and entrusted with safeguarding the stability of the financial system that they inhabit. Three conclusions emerge with stark clarity:
First, that effective supervision is an essential public good;
Second, that supervisors not only apply traditional metrics to assess whether institutions hold adequate levels of capital and liquidity to withstand the types of shocks that can cause failure, but they also emphasize assessing the management of material operational risk events which can severely undermine or even threaten the existence of a banking franchise; and
Third, that supervisors admit to struggling in a variety of ways with adopting adequate supervisory methods and practices that would allow them to gauge how institutions assess and manage such material operational risks, and most particularly those that may be traced to underlying questions of culture.
Re-examining the purpose and practice of supervision is therefore timely. Throughout the stocktake detailed here, participants report that, in assessing an institution’s capacity to manage operational risks, supervisors tend to focus on reviewing the tangible evidence that can be readily assessed: codified governance policies, processes, systems, and related formal controls. Past examinations of supervisory practices in this connection have thus been characterized by a focus on how well supervisors have performed in their efforts to assess these tangible risk governance ‘inputs.’
Attention to such tangible evidence is both understandable and in keeping with the statutory objectives of prudential supervision. So, too, is attention to readily quantifiable capital and liquidity provisions and other financial metrics. However, during the banking sector turmoil of spring 2023, it became clear that, while necessary, attention solely to such tangible evidence was insufficient if supervisors are to satisfy fully their prudential mandate.
The definition of material operational risk has broadened over time beyond well-known concern for, e.g., IT resiliency, natural disasters, black-outs, cyberattacks, and third-party reliance. Following the Financial Crisis, underlying root cause analyses concluded that the failure to appreciate and manage the contours of a firm’s risk culture was also to blame. A management process that fosters a well-tended risk culture, protecting business model sustainability, is therefore now also a focus of supervisory efforts. Understanding market sentiment regarding faith in the strength of an institution has also become a supervisory focus.
The evolution of such concerns has thus rightly led supervisors to design frameworks enabling them to examine less tangible criteria in their governance reviews, including questions of culture. This is critical ongoing work because, as Financial Stability Institute Chairman Fernando Restoy reminds us here, “No feasible amount of capital or liquidity can compensate for governance failures, incentive distortions, or internal communication breakdowns.” And as the turmoil of 2023 showed, “culture — when misaligned — can render even the most robust balance sheets irrelevant in the face of eroding trust.”
The cultural foundations of trust in firms and the financial system are thus integral to achieving a supervisory mandate, as the contributors to this report argue with near unison. Testing for the foundations of such trust contributes to positive outcomes. By contrast, when supervision is viewed primarily as a means by which to mitigate risk through constraint and deterrence, it narrows the purpose of oversight to the avoidance of failure. Participants in the stocktake reported upon here argue that this approach is untenable, for at least two reasons.
The first is that responsible risk-taking is critical to the successful functioning of corporations and economies. Tension in this connection leads to repeated cycles of intensified regulation in response to governance and oversight failures that are then gradually relaxed as concerns about growth and competitiveness retake political priority. Today, the dialogue in many jurisdictions is trending towards the latter.
And second, a narrow risk-focused lens often leads to a procedural perspective that runs counter to the intrinsic interests of those being regulated — namely, in making money. Like other businesses, the duties of those running financial institutions are to generate just returns for their investors and themselves, and they often have fiduciary duties to do just that. The consequence is that they lobby against “undue regulatory burdens” that drive procedural box-ticking, thus intensifying and accelerating the regulatory-deregulatory cycle, and they do what they can to circumvent regulation where able or, even better, seek to turn it into a source of competitive advantage that works to keep prospective competitors out.
If we wish to move beyond such gamesmanship, we need to begin from an understanding that financial sector oversight is not only about mitigating risk. Rather, it is also about something much more fundamental — contributing to the conditions under which trust in a financial system is sustained. And while trust in the financial system is obviously critically important, so too is trust in individual institutions. We must have a basis for faith in their ability to manage sustainable business models and practices. This, in turn, demands that we have reason to believe in the ability of their supervisors to sustain effective supervision.
Loss of trust in firms and executives in the wake of the Financial Crisis led to a public demand for bankers to be held to account by regulators and supervisors. But the pendulum has swung and, today, private firms appear to enjoy greater public confidence and political support. Throughout this stocktake report, repeated concerns are expressed about re-establishing public trust in supervisory agencies and those who run them.
Trust in supervisory agencies is an essential public good, both for the protection of the financial system as a whole and of the individual institutions within it. While loss of trust in individual financial institutions may be value destroying for some, the loss of public trust in supervisors is for all. There are two notions of trust that are particularly relevant in this context:
The first addresses the question, “are you acting in my interest when I am not watching?” This relates to the integrity, honesty and motives of those whom we have entrusted with looking after our financial investments and transactions. The second addresses the question, “do you watch after my interests when you are acting?” This reflects the delegated responsibilities of agents to prioritize the interests of others ahead of their own — a fiduciary duty of loyalty.
Trust in supervisory agencies is an essential public good.
We rely on a mixture of disclosure, transparency, compensation, and capital structure mechanisms to address both of these notions of trust. We use these tools because they are, at present, the best we have available. But we do so in the full knowledge that they are insufficient, because such measures are not, in and of themselves, a sound basis on which to ensure adherence to either of the above conditions of trust. These measures do not therefore suffice to demonstrate the “trustworthiness” of a regulated institution or its leadership, nor do they aim to. And it is here that culture enters.
In this context, culture is the set of norms that prevail in the organization and align the individual interests of employees with those of the organization and those the organization seeks to serve.
Culture can do one of two things — it can intensify the at times lazy, selfish, and greedy self-interests of individuals — which I have termed “sintegrity” — as was observed among financial institutions during the Financial Crisis and subsequent misconduct scandals; or culture can promote outward looking interest in the wellbeing of others — “saintegrity,” as I’ve termed it.1 “Saintegrity” justifies trustworthiness; “sintegrity” undermines it.
Once the attainment and maintenance of trust in financial institutions and the financial system is recognized as being the central purpose of financial supervision, it immediately follows that the promotion of cultures conducive to “saintegrity” must be a primary regulatory and supervisory objective. Such cultures demonstrably support prudential soundness and effective governance. In other words, we are not simply concerned with debate regarding a principles-based versus a rules-based approach to regulation, as conventionally understood, but rather we wish to promote principled cultures as against those which aim for mere compliance with rules.
How should supervisors seek to promote principled cultures?
First, they need to practice what they preach. They should begin by defining their own purposes in terms of upholding trust in financial institutions and the financial system. Second, they should then ensure that the cultures of their own organizations are demonstrably conducive to promoting this.
This implies that they should set out the principles that define what is expected of their own employees, in terms of developing productive and effective relationships with their regulated institutions. They should strive for relationships with industry marked less by mutual suspicion and more by constructive tension: skeptical and probing, yes, but oriented towards engagement rather than confrontation. This recognizes regulation and supervision as mechanisms that support the development of conducive cultures, rather than merely looking to enforce compliance.
Attending to culture implies some necessary evolution in the supervisory mindset.
Traditional supervisory tools are often rooted in evidence-based assessments, structured around facts, documentation, and observed outcomes. Cultural proclivities that drive organizational performance outcomes are expressed through behaviors, relationships, and patterns of decision-making that may not be immediately visible in such evidence. Attending to culture, therefore, implies some necessary evolution in the supervisory mindset that ensures deterrence is matched by engagement with industry participants, and accountability with relevant constructive dialogue.
In sum, we must devise mechanisms to strengthen the genuine trustworthiness of institutions and identify weaknesses that erode this. In the current climate of mutual antagonism, firms and their supervisors would both be well served by a common evidentiary base on which reliable conclusions about culture risk governance could be drawn.
Artificial intelligence offers opportunities for providing not only quantitative measures of prevailing institutional culture, but also advanced indicators of where within organizations critical performance failures, including risk governance, are most likely to occur. Regulators will have to engage in major exercises to develop supportive analytic tools if they are to deliver necessary changes in culture both within their own agencies as well as amongst those they oversee. Such tools will help supervisors to strike an appropriate balance between consultation and enforcement in the advancement of good governance practices, as legal mandates allow.
But it is in the regulated institutions themselves that the most significant changes are needed. First, there is a requirement to ensure that the purposes of financial institutions are clearly defined in terms of profiting from solving the problems and promoting the interests of their beneficiaries — clients and customers. Second, there is a need to embed cultures that assure business is conducted in a trustworthy manner that supports these objectives.
Critical to this is the governance of the institution. There should be a universal understanding and acceptance of the purpose and culture within the organization that extends from the board down to the branch floor. Performance should be measured by, and compensation tied to, delivery against the institution’s purpose and in service of its sustained trustworthiness.
Metrics should be developed that establish the degree to which institutions are realizing their objectives in relation to their shareholders, clients, customers, and communities and profiting from creating benefits for them, not from detriments suffered by them or other stakeholders. Incentives of personnel regarding their promotion, recognition, and rewards within organizations should be aligned with these measures of institutional purpose and trustworthiness.
And we should evaluate the performance of regulatory bodies in relation to the extent to which they succeed in promoting conducive cultures within the institutions they oversee. They should be assessed in keeping with the trustworthiness and confidence that their own culture and conduct inspire. Strengthening the evidence base on supervisory performance and bringing greater clarity and transparency to processes will assist with this. Strong internal cultures promote external trustworthiness.
With the adoption of strong cultures, greater delegated authority can be placed in those lower down in the organization. This, in turn, allows employees in client and customer-facing roles to build close relations of trust with those outside as well as within their organizations. Staff should be entrusted with the conscientious cultivation of such trust, externally and internally alike.
The implications of this will be profound, not just for the performance, social value, and stability of individual institutions, but also for the functioning of the entire financial system. Supervision will serve to support the delivery of benefits to customers, communities, and the economy, and systemic stability will be enhanced by institutions recognizing their broader, system-wide, and societal roles and responsibilities.
Coherence can only be achieved through close consultation with firms, regulators, and other industry stakeholders.
This does not, of course, in any way diminish the significance of traditional prudential tools in relation to capital, liquidity, and solvency requirements. Instead, it ensures that the internal functioning of institutions is consistent with their adherence to these rules. It therefore places less reliance on regulatory rules alone to protect financial systems and recognizes the importance of appropriate cultures that support them.
It promotes a coherent and consistent global view of organizational culture and its relevance to international financial stability without seeking to impose uniformity of social norms across firms or jurisdictions. Such coherence can only be achieved through close consultation with firms, regulators, and other industry stakeholders.
We should look forward to how culture can create more resilient organizations and forewarn when deficiencies are emerging, enabling us to engage proactively to preserve trustworthiness. By building more trustworthy institutions through conducive cultures, we will not only create greater value for customers, employees and investors alike, but we will establish financial systems we can trust to uphold our collective and individual interests.
Colin Mayer is an Emeritus Professor of Management Studies at Saïd Business School and the Blavatnik School of Government at the University of Oxford. Colin was the first professor at Saïd Business School in 1994, the Peter Moores Dean of the Business School between 2006 and 2011, and the first Director of the Oxford Financial Research Centre between 1998 and 2005. He has authored several books, most recently Capitalism and Crises: How to Fix Them.
Join The Discussion
Sign in and be the first to comment.