Contributions to the Supervisors on Supervision Stocktake
What does culture mean in the supervisory context?
“For regulators, ‘culture’ has often meant creativity, balance, and — critically — understanding the businesses we oversaw. The Fed, for example, has been very good at understanding firms deeply and pushing for improved behavior.
But we haven’t always framed it in terms of ‘culture’ as you now are in this report.
When we sought to explore culture at FINRA 12 years ago, we didn’t obsess over the label. You could call it culture, or you could call it strategy. What mattered was three things:
How do firms talk about new opportunities and communicate consistently?
How do they enforce accountability when people move off course?
How do they respond when things go wrong — especially with their most successful people?
Those are culture questions, even if you don’t call them that. Culture is a useful shorthand for the norms, strategies, and decision habits that distinguish firms. If you break it into buckets like I’ve just done, it becomes more measurable, less ephemeral.
Critically, the most important indicator of culture is how a firm reacts when things go wrong. And stuff will go wrong. The question is: are people held accountable? Are changes made that make recurrence less likely? That’s what supervisors should be watching.”
Should culture, and the conduct proclivities it may promote or discourage among employees, factor into supervisory engagements?
“Regulators have been saying consistently that culture shapes conduct. The protections of a strong risk and compliance culture are clearly even more important in the supervisory context today. So, it just stands to reason that, going forward, regulators will pay even more attention to these cultural issues in the current [Covid-19 Work from Home] environment.”
If culture is important to supervision, then what factors make it challenging to assess?
“An important point I want to make is that dealing with these culture questions is hard.
It’s very easy to make isolated statements and judgments based on historical firm performance. It is much more difficult to consolidate those into a thoughtful, consistent framework that results in a score distinguishing one firm from another. If it were easy, firms would have done a better job of it over the years.
It’s not about the optics. It’s about whether changes are rational and reasonably related to the underlying issues. If the firm just blames a ‘bad actor’ and adds to their compliance headcount, that’s not credible. If the firm says, ‘This isn’t how we want to operate, here’s how we’ll change our systems, our accountability, our client engagement’ — that matters.
Regulators should ask: does this response reduce the likelihood of recurrence? Has the firm learned from others’ failures too? Those are the real indicia of culture — not how much money was spent.”
How do supervisors approach culture as a factor in governance failures in the absence of clear frameworks?
“You have to start with facts. Complaints, arbitrations, disciplinary records — these are imperfect data but predictive. FINRA tried to quantify them at both the individual and firm level. It’s not about declaring someone a ‘bad person,’ but about recognizing patterns. Firms also need to be honest in hiring. Too often, they ignore warning signs. Regulators should focus on whether firms are systematically overlooking facts that suggest control problems.”
How can supervisory culture be made more proactive and effective in connection with evaluating culture-related risk matters?
“Regulators should be asking the same structured questions of themselves as we ask of firms: Are we forward-looking? Do we understand evolving risks? Do we hold firms accountable in ways that help them improve, not just punish them? That hasn’t classically been the expectation, but it should be.”
What have we learned from past approaches to culture risk governance and supervision?
“You can say things like, ‘Firms must hold people accountable.’ But the way accountability is enforced can produce dramatically different cultural outcomes in how the firm operates.”
“Tone at the top is not just a set of statements — it’s about consistency. It’s elevating responses, handling customers in a way that’s rational, transparent, and consistent. That means asking: what are the risks in this product? What conflicts exist in how we sell it or advise on it?
This was true 12 years ago when we sought to address culture at FINRA, and is true today. Whether it’s stablecoins, digital assets, or private capital, the challenge is the same: give customers access to opportunities while managing conflicts and risks.
Firms that do this well continually ask two questions: How do we provide better products and opportunities? And how do we make sure clients understand the risks they’re taking? That ongoing internal dialogue — at the top and in middle management — is the hallmark of a good firm. Regulators want to see that. Ideally, they judge it continuously, not only when something goes wrong.”
“It’s easy to talk about the importance of leadership standing up, about senior and middle management delivering the same message. I absolutely believe those are critical. But in practice, drilling down into them is hard. I’ve sat with firms and heard their various approaches, and from the standpoint of developing culture risk ratings, it’s not simple.
Don’t get me wrong: the fact that it’s hard is not a reason not to try. Improving the predictability of how culture is assessed and improving outcomes for firms is absolutely worth pursuing.
That’s why we went down this road 10-11 years ago at FINRA. We saw it as important then, just as it is today. You want to feel confident in how a firm will respond to new challenges — sales practices, transparency, consistency. Culture is crucial. It’s just hard to pin down.”
How can supervisory bodies move to embed culture risk into supervision and governance frameworks?
“[W]here there have been serious control failures, financial firms need to add the necessary resources to remediate their control weaknesses while, at the same time, maintaining their supervision and compliance capabilities across all their business activities.
Financial firms and regulators need to look towards new tools that help get it right. It is precisely because of this fact that regulators have been so focused on culture issues over the past ten years. You just can’t solve these contentious problems solely through better surveillance tools; you have to work to improve compliance and risk cultures to decrease the likelihood of bad outcomes.”
What would a global initiative to transform culture risk governance and supervision in the financial sector look like?
“Both regulators and industry wanted to avoid cycling endlessly through failures. The question is: how do we create tools to make it less likely that good firms will fall short?
Ideally, both regulators and firms would work on this together. Regulators bring rigor and contrarianism; firms bring practicality. Alone, neither side will get it right.
And this is where a trusted intermediary could play an important role — to ask the hard questions that regulators may avoid but firms won’t ask themselves.”
“In some markets we are seeing encouraging examples of cooperation — of firms working with one another and with their regulators — so as to better address significant regulatory or systemic risks. US regulators have stayed very informed about those efforts and have encouraged this sort of industry cooperation.
If a number of firms stepped forward and proposed employing one or more culture diagnostic tools to determine better how to incorporate that into control environments, I think regulators would likely view that quite positively.”