Almost every inquiry into financial institutions, no matter the country, finds evidence of systemic misconduct. Customers overcharged, deceived and defrauded. At the root of the problem is organisational culture.

It’s a safe bet Australia’s Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry will find the same. So what to do about it?

Banks say good culture cannot be regulated into existence. As the G30 Banking Conduct and Culture Report states boldly: “Culture cannot be regulated.” Governments tend to agree. Regulators insist they won’t “prescribe risk culture”.

But this is a furphy. We can and should regulate for good corporate culture.

De Nederlandsche Bank (DNB), the Netherlands’ central bank which also acts as prudential regulator of financial services, has for seven years explicitly regulated the internal cultures of Dutch financial institutions.

Identifying high-risk behaviour

DNB has a specialist unit of trained organisational psychologists who work within institutions to identify patterns of individual and group behaviour that increase the risk of misbehaviour.

The unit operates independently of the DNB’s ordinary supervisory functions such as checking financial performance and compliance. It is especially interested in observing how those in leadership roles behave. Rules and policies might look good on paper but when bosses tolerate misconduct or reward excessive risk-taking there is a greater chance rules will be broken.

Read more: Five steps business can take to ensure aggressive performance targets don't drive bad behaviour

Rather than just checking a bank’s board is expert (compliance checking), the DNB psychologists will observe the group dynamics of a board meeting. They assess things like its “communication climate”. Do the financial experts on the board get annoyed when non-experts ask fundamental but important questions? Can board members challenge the leader or the opinion of others?

The psychologists scrutinise body language such as facial expressions, posture and listening behaviour. This enables them to “zoom in” on underlying behavioural patterns that pose risks. For example, investigators might find one or two people dominate meetings, or that there is a culture of blaming, withholding information or competition between coalitions within organisational groups.

Having identified problems in an organisational culture, DNB investigators propose actions to reduce the risk of misconduct. They recommend changes to the financial institution’s supervisory board. If the culture is deemed high risk, the DNB will intervene directly.

Actions speak volumes

Paradoxically while the prevailing view in Australia is that corporate culture cannot be regulated, the corporate and prudential regulators are following the Dutch example.

The Australian Securities and Investment Commission is embedding agents in the five biggest financial institutions. The commission’s new head, James Shipton, has cited what the Dutch central bank does to support the idea of these agents sitting in on board meetings.

Read more: Embedding regulators in banks can help change cultures of wrongdoing, despite the risks

The Australian Prudential Regulation Authority has copied the DNB process even more explicitly. In 2017 it began a pilot program to assess risk culture. The assessment included interviewing staff and observing board interactions. Behavioural psychologists were employed to assist in these “cultural reviews”.

The program was openly based on the DNB model, though with important differences. There was no separate review unit, for example.

APRA has also ventured into cultural regulation through its inquiry into bad behaviour at the Commonwealth Bank of Australia. The inquiry’s final report excoriated the bank’s culture. In an enforceable undertaking the bank agreed to develop a remedial plan, approved and monitored by APRA, to fix its culture.

Given this, it might be considered odd APRA’s report still denies culture can be regulated. “The onus falls squarely on CBA itself,” it states, before approvingly quoting the G30 report: “Supervisors and regulators cannot determine culture.”

But in our view, no matter what ASIC and APRA say, these processes are clearly exercises in regulating for good corporate culture.

The core feature is that outside agents have the authority to assess behaviour within an organisation, and the power to make that organisation change the way it does things.

Resistance is ideological

The reluctance to admit this can and is being done, we think, is because it impinges on a “sacrosanct” idea about the sovereignty of how corporations run their internal affairs. We have argued this claim is more about ideology than logic.

APRA is now “re-scoping” its cultural-review program because it thinks it too costly. Meanwhile the royal commission continues to show the high cost of not intervening in corporate culture.

The evidence from the royal commission shows regulators must do more. Without doing something to regulate the cultures that lead to corporations behaving badly, any other new regulation will achieve little.

A step away from full DNB-style cultural reviews would be a step in the wrong direction. APRA needs the resources to follow the Dutch lead. An autonomous supervisory unit, separate from APRA’s other supervisory teams, working a similar way to the DNB specialist unit, is the way forward.