Note from the editor:
This article is being republished from the GRC Professional Magazine Summer Edition 2018 because it speaks directly to the raft of incoming regulations in 2019.
Murray is a regulator contributor to the GRC Professional Magazine human behaviour and this article reads almost another chapter of how understand human behaviour businesses and compliance professionals can influence the outcomes that they want.
This article was originally published in the GRC Professional Magazine Summer Edition 2018. ( Sign into your member account on the GRC Institute website to access your edition of the magazine.)
So, what should they do?
There’s a sign by the swimming pool attached to the block of units I lived in up until a week ago that says, among other things: “No diving,” “No noise,” and “No glass bottles or glasses allowed in the pool area.” It goes on to say the penalties could amount to $500 per infraction.
Just about every summer evening during the 14.5 years I lived there, I observed people diving into the pool and drinking from glass containers and making a loud racket.
Regulators, like strata management, rarely win. The way humans are programmed to behave won’t let them. More importantly, regulations never win—and that’s an important distinction.
It’s not as if we naturally intend to go against regulations. It’s just that relying on regulations is the wrong way to motivate humans to behave in a particular way.
Regulations are about behaviour—about controlling certain types of behaviour—about classifying certain behaviours as wrong or unethical or illegal. Their efficacy relies upon two underlying principles: enforcement and reason—that is, people will do the right thing if the penalties for not doing so are sufficiently onerous, and people will abide by the regulations if they can see they’re reasonable, such as not diving head-first into a shallow pool.
So why do people dive into the pool? They do so for 7 main reasons:
They are not committed to the relationship with the person(s) who formed the no-diving regulation and therefore have no commitment to it. It doesn’t apply to them.
There is no emotional connection between the sign and the outlawed behavior. We decide on behaviours on the basis of emotions, not facts or reason.
Financial penalties rarely deter anybody from doing anything. Humans are not motivated by money to any great extent.
There is no relational reward for compliance. Humans are motivated by reward—particularly by the reward they get from forming or strengthening a supportive relationship.
Many of the divers are young men, and men below the age of 35 are genetically programmed to seek out danger.
There is dopamine—the reward neurochemical that drives behavior—to be gotten from the status gained from doing something illegal or unethical and getting away with it.
Diving or not diving into the pool is not a tribe-binding ritual and is not part of the historical culture of the residents of the block.
“No diving” is no different in kind from any other regulation or prohibition: it’s just a shorter sentence. It’s the fate of many such rules to be ignored or forgotten. Strangely enough, as many studies have shown, if you ask those who do choose to dive into the pool, even on the condition of complete anonymity, whether they did so regularly, many declare with righteous indignation that of course they don’t—or maybe they did only once or twice.
This is because we humans tend to believe we are law-abiding even when we’re not or ethical even when we blatantly do unethical things. Remember the famous quote from Enron’s Chairman, the late Kenneth Lay: “I take full responsibility for what happened at Enron. But saying that, I know in my mind that I did nothing criminal.”
Other divers will say—with complete honesty—that they never saw the sign, and still others will say that it didn’t apply to them because they were responsible, “careful” divers—they used their judgement, which, in general terms, is what most companies want their employees to do.
So, what can regulators, and those GRC professionals charged with maximizing compliance, do?
The first thing is not to think of what the regulations need to say but how they want people to behave. For example, instead of, “Save the environment; reuse your towels,” try, “I am the manager of this hotel and I am enthusiastic about saving the environment. I invite you to join me in this effort. You can help by reusing your towels, like so many of your fellow guests.” In this, you are helping others to better know you, as the author of the regulation, and to remember, and even perhaps to care. You are also offering status and inclusion—dopamine and the other powerful reward neurochemical, oxytocin. Instead of, “Smile at customers (or clients),” try, “When you smile at customers, they write nice things about you and I appreciate that.”
Both statements employ emotion over logic. Their appeal is relational, and they promise relational reward and belonging.
In other words, regulators—and GRC professionals—should humanize their messages and the way they present their regulations. In doing so, they are going with the grain of human neurogenetics, rather than against it. And, as every carpenter knows, that is a far more sensible way of working.
Speaking of rewards, regulators should concentrate on rewards (especially praise and recognition) for compliant behaviour, rather than penalties for non-compliance. Regulators—and GRC people—should be coaches rather than police. Forget the regulation; in the end, it’s the relationship that matters. A good relationship—one based on mutual support—will encourage compliance as the currency used to strengthen it.
About the Author
Bob Murray, Fortinberry Murray Principal