A Starling Insights Deeper Dive Report

Supervisors on Supervision

Public Exposure Draft

Ben Gully

Co-Chair of the Supervisory Cooperation Group

Basel Committee on Banking Supervision

Picture of Ben Gully
View Full Report

Contributions to the Supervisors on Supervision Stocktake

How do inconsistent definitions and the lack of a common framework by which to discuss culture impact the practice of supervision, particularly as regards material but qualitative risks?

1.1.2a Many participants note a relationship between culture and governance, but that a lack of shared grammar, frameworks, tools, and training contributes to inconsistent expectations.

“I’m curious but skeptical about how far supervisors can lean into this field. 

For me, it’s less ‘culture’ and more about judgment and subjectivity in the supervisory risk assessment process — how decisions are made, the tools and methods supervisors use, how quality control is formalized, how leadership supports or undermines work at the operational level, and how institutions are involved in finalizing courses of action. 

That’s all fair game; there’s greenfield there. But going directly at culture? I’m not sure.

Maybe machines can help — digitizing behavioral performance at scale. Supervisors don’t suffer from lack of data; we have a bandwidth problem. Perhaps machines observing machines will help. In short: culture risk supervision remains a bit of a mystery.”

What is the relationship between culture and governance and how does ambiguity about that relationship contribute to uncertainty?

1.1.3a Participants shared differing perspectives on which comes first, culture or governance.

“Organizations don’t materialize out of thin air; they’re constituted for a purpose. Governance serves to affect the stewardship of an organization. 

It’s not a passive ‘people will be people’ shrug. Governance is an opportunity to signal, check, align, and pursue a path. 

Behaviors are in scope for governance; they’re a consequence of choices and incentives aligned to the strategy. So, yes, culture is a governance matter to the extent that culture drives performance, which I believe it does. 

Culture risks are a board responsibility to understand and mitigate where they impair strategy or risk control.”

How does a lack of effective tools and frameworks for culture risk supervision impact perceptions of supervisory legitimacy?

1.4.3b Participants also point out that such tools would be helpful in supporting effective governance around supervision itself.

“The core challenge in supervision — like many roles — is too little time and too many things to chase. That tends to push us toward what’s actionable and tractable. Everyone agrees cultural elements drive problems but turning that into a proactive supervisory yardstick has proven difficult — we’re not always sure what we’re targeting.”

3.2.1a Participants discussed the promise and the challenges that new technologies offer in culture risk supervision.

“Practically, we could create culture-analytics red flags for supervisors — an analogue that sits alongside risk governance expectations: you have a risk committee, policies, procedures, etc. Now add culture analytics. That could be a real lift — extending prior governance work with new analytical insights. 

Privacy and information-sharing hurdles will quickly emerge. However, we may already have answers, but these obstacles are preventing us from implementing them. In that case, the conversation becomes about how best to address these obstacles. That would be useful.”

What have we learned from past approaches to culture risk governance and supervision?

3.3.2a Participants noted both opportunities and challenges in connection with individual accountability regimes.

“Senior manager accountability regimes add value beyond the ’08-’09 remuneration principles. If you can’t work in the sector again, you’ve been excluded from the financial ecosystem — that’s reputation, ego, brand, and real career harm. In our experience, discussing removing an officer or director focuses minds immediately. Understanding your personal liability matters.

Here's a thought experiment: How would behavior change for certain decisions if limited liability didn’t exist? Time horizons are too short. While some individuals think in terms of long term stewardship, many don’t. Do you truly bear the weight of your decisions throughout your lifetime? How can you simulate that to encourage long-term incentives? That’s the tricky part.

There are two issues here: (1) the difficulty of assigning accountability for culture specifically; and (2) what you can do to mitigate culture risks that lead to bad outcomes. 

I still believe that establishing more personal liability, rather than implementing purely financial measures, can mitigate some of the more egregious cultural risks. However, culture is a shared responsibility, which, by definition, diffuses accountability. If something goes wrong, one could argue that the entire board is responsible. 

This doesn't negate the merit of individual accountability regimes but does complicate matters. By embedding sharper individual incentives, you can collectively improve culture risk management. While it doesn't solve cultural accountability directly, it can influence overall outcomes for risk control.”

How can supervisory bodies move to embed culture risk into supervision and governance frameworks?

3.4.1a Participants describe current efforts to incorporate culture risk into supervision and highlight the questions that such efforts raise.

“[Post GFC], the FSB’s work moved from risk governance to risk appetite and then on to risk culture, getting at the link between incentives and risk-taking: inadequate controls, inadequate capital, and so on. ‘Culture’ became a convenient wrapper for describing that ecosystem of risk control. 

But walking into an institution and saying — even with common terminology — ‘we think there are problems with your culture’ is tough. It’s even tougher to explain what effective remediation looks like for situations that are highly subjective. 

It’s case- and situation-dependent; it’s about how behaviors shape decisions and the circumstances under which these are affected. Sometimes command-and-control behaviors might be necessary given the operating environment, even if they create other risks. 

So, this isn’t work for the inexperienced supervisor or the ill-informed — and even for the experienced and informed, it’s a minefield of difficult decisions that are hard to make practical and [ultimately] enforceable.

I’m not sure what effective culture supervision really looks like. Incentive work matters. Remuneration reforms started and then stalled. Clawbacks and deferrals attracted workarounds — maybe they weren’t as meaningful as intended in ’08-’09. Accountability regimes get closer to the nub of the issue — ensuring people own and understand the consequences of risks they take — but that still leaves supervisors opining on individual performance and accountability. How objective can that be, and do we even want the moral hazard of stepping into those decisions?”

What steps should supervisory bodies consider to help drive their own culture change?

4.2.1b Other participants noted that training and upskilling is required to incorporate behavioral science and culture assessments into supervision.

“Back in 2012-2013 we engaged with De Nederlandsche Bank (DNB) on their culture work. They brought in the specialized skill sets in behavioral science. We even had one of their people do a two-month pilot on an institution — it was a phenomenal exercise and generated new insights into risk management effectiveness. 

We [subsequently] set up a conduct group and brought in outside expertise from anthropology and psychology. And we did get a more structured way of thinking — culture risks rather than risk culture: organizational behaviors that can lead to bad outcomes for risk control. But it was still judgment — just a psychologist’s judgment this time. ‘This behavior could lead to these incentives and (therefore) that form of risk-taking.’”

What systems and structures are needed to help supervisors and firms alike to find, evaluate, and easily adopt new technologies and methods as they come available?

4.3.1a Participants discuss the need to establish a common evidentiary basis for culture assessment, among firms and within their own agencies alike.

“This links to a broader ‘holy grail’ in supervision: How do we know we’re effective? We lack a universally accepted set of KPIs for supervision effectiveness because there is (thankfully) a dearth of default data. We can count operational measures, such as actions and enforcements, but can we show we materially moved PDs [probability of default] on our banks? We believe so, but we’re hard-pressed to always prove it empirically. Asking supervisors to opine on culture magnifies this problem.”

4.3.1a Participants discuss the need to establish a common evidentiary basis for culture assessment, among firms and within their own agencies alike.

“I always ask the same question when we receive research: What do we do with it? Institutions are busy. We’re criticized for not focusing on the most important things. When a psychologist or anthropologist offers high-level observations, a board will ask, ‘Great — but what do you want me to do?’ 

The gating issue for much of this type of discussion is materiality. What makes this a top-three board priority this year? We don’t have a denominator that lets us weigh non-financial risks alongside financial ones — no analogue to RWA that travels across risk types. We stalled there. 

Maybe we were asking economists to apply their paradigm to a framework they’re not best equipped to judge — that’s a fair challenge. And that’s why I haven’t given up on the culture experiment; we just need another serious run at it. 

However, we must also be able to translate any cultural observations made by supervisors into a language that the financial industry can understand and accept. After the fact, you can point to a bank failure or another case and say, ‘See? That mattered.’ Ex ante analysis remains difficult. 

Prompt and corrective action matters. But we need evidence to act early. That’s the Holy Grail: can we get objective evidence out of something that still feels subjective? 

We’re getting closer with culture risk. But it’s hard to draw deterministic lines. Not like a capital number. So yes, this remains our challenge — and anything we can do to narrow the scope of curiosity and research will help.”

What would a global initiative to transform culture risk governance and supervision in the financial sector look like?

4.4.1d Participants argued that supervisors can draw on third-party experts to help establish a common framework for culture risk governance and supervision.

“I still think we need to refresh governance expectations first and situate culture within risk governance. Much of that work hasn’t been updated in a decade. 

Ultimately, I don't think this is for the FSB to solve. Additionally, I believe that a different subject matter expert is needed beyond those who specialize in capital and liquidity. Therefore, I’m not sure if standard setters alone are the answer either. 

The TCFD climate work is instructive as an analogy: new groups of SMEs formed, moved the dial, and then it circled back to standard setters for consideration and, where applicable, integration. 

I’d do something similar here: don’t punt it directly to standard setters. They’re already figuring out their role in a changed world. If we want traction, we should create a focused initiative — not a research project, but a purpose-built venture that can deliver, then hand off to whoever’s best positioned to operationalize. In short: an incubator, not a standard setter.”