![[CEU] Beyond systems: How a behavioral lens helps leaders act before rules fail by Roger Miles and Teri Quimby](https://stage.corporatecompliance.org/sites/corporatecompliance.org/files/inline-images/Compliance%20Today%20Magazine%20-%20February%202026%20%2826%29.png)
History is littered with shocking moments when well-meaning controls failed disastrously. It’s striking how, with hindsight, many of these failures look avoidable. Yet, despite centuries of evidence, organizations continue to overlook a vital resource that can warn of imminent failure. They risk paying a heavy price for leaning too hard on technocratic risk frameworks while suppressing human risk-sentience.
As organizations rush to adopt AI-based decision-making, it’s instructive to recall how well the human brain has evolved its own advanced, intuitive mechanisms for sensing risk. This begs the question: why, when we could be so much better at sensing risk, do we humans persist in allowing history to keep repeating itself?
New insights into the working of these risk-sensing mechanisms promise better tools for averting system failures. After applying a new behavioral approach to reanalyze more than 100 past catastrophes, we identified one such useful tool. Using the behavioral lens approach reveals how failing organizations exhibit consistent patterns of activity. These patterns can be identified and used to predictively give better early warnings of unmanaged risk.
A key finding is that organizational failure is less the result of poor control design than of a governance mindset that assumes rules will fix problems. Too often, leaders were dangerously unaware of the behavioral drivers of failure, notably the many (often contrary) ways that stakeholders actually respond when rules are imposed on them.
In this article, we share a summary view through the behavioral lens, showing how, when one sees beyond mechanistic systems of governance, new layers of risk insight can be found. As a governance leader, it’s worth pausing to consider how highly your organization might value being able to predict how people will actually respond to your latest control initiative. Will they support it or sabotage it? Problems that formerly hid in plain sight become manageable once you can identify and address them.
Good governance and compliance are not achieved by adding more policies but by making authentic values visible in everyday human actions. When leaders put people, performance, and purpose at the center, ethical culture becomes a true strategic advantage, with conduct risk managed by using the behavioral lens.
The behavioral lens: Risk-sensing as uniquely human
Seeing each organization through a behavioral lens, it’s clear how people act on bias, emotion, and instinct. While these impulses are often criticized as “irrational,” we now know that they are irrational in consistent and therefore predictable ways. Real people are not the rational actors that economic theorists and system designers want them to be. Especially when trying to make decisions under stress or high uncertainty, real people behave suboptimally.
Behavioral research therefore concerns itself with what actually happens, asking: How do real people behave, especially when things are going less than perfectly? It notes that policies are pointless unless they affect practices—what people actually do, not what we’d like them to do.
We identified five points where classic command-and-control frameworks deform after human pushback. These points include when stakeholders reach a critical level of feeling overloaded, confused by abrupt change, or silenced by fear.
If that all sounds abstract, it becomes clearer when the lens is applied to past events. Viewing familiar failures through this lens allows us to see them in a new way. After identifying many events that warrant more detailed behavioral study, we touch on some examples below (see “The costs of warnings ignored” section).
Compliance professionals increasingly recognize that effective governance is not about box-ticking or accumulating policies. Instead, it is about fostering a culture where values are embedded in daily decisions and behaviors. Boards and compliance professionals should leverage behavioral insights to align risk management with company values and long-term strategy. This means encouraging meaningful discussions, understanding what drives people, and creating environments where ethical choices are the default, not the exception.
Conduct risk management: A values-based approach
In his book Conduct Risk Management, Roger Miles argues that conduct risk is fundamentally about intent: to behave well, not just to comply with the rules. He advocates a behavioral approach that empowers frontline staff and managers to trust their intuition and discuss problems in human terms.
This method does not rely on more risk registers or compliance reports but on simple interventions that raise situational awareness and foster early warnings of misbehavior. Miles’ extensive research finds that the best way to manage conduct risk is to create a culture where people feel confident to act ethically and are supported by leadership that models those values.
To make values visible, organizations need to:
-
Encourage open dialogue about ethical dilemmas.
-
Give employees license to speak up and act on their values.
-
Recognize and reward behaviors that reflect the organization’s core values.
-
Provide regular training and workshops that focus on real-world scenarios, not just theoretical compliance.
This approach is both effective and resilient. When leaders put people, performance, and purpose at the center, ethical behavior is not just expected but celebrated.
The costs of warnings ignored
Catastrophic failures of systems rarely result from a single mistake. Instead, they are rooted in a remarkably consistent pattern of behavior within the host organization. Two recurring features are:
-
Failure of framing (being unable to perceive a risk because it is novel, such as when leaders can’t make sense of what they are seeing).
-
A culture of discounting dissent (muting low-level or informal warnings, underweighting frontline risk reports, or dismissing views that don’t fit rigid definitions of “expertise”).
Applying the behavioral lens allows us to discern patterns of behavior that sit below systems-based controls and often subvert rational system designs. These patterns recur throughout human history, transcending time, location, industries, and technologies.
To illustrate how these behavior patterns repeatedly surface, we examine three examples drawn from more than 100 analyzed catastrophes, spanning three different centuries. In each case, the pattern could have signaled to governance leaders that a control framework was about to collapse.
Despite vastly different contexts, these tragedies share a common thread: headstrong governance led decision-makers to ignore inconvenient truths and suppress constructive criticism in favor of launch schedules, investor value, and institutional reputation.
The Tay Bridge (1879)
Flashpoint: During a violent storm on December 28, 1879, Scotland’s newest and longest rail bridge collapsed beneath a passing train, killing all on board.
Context: Contractors, engineers, and rail users had raised serious concerns during and after construction. The bridge relied on copied engineering assumptions, cut-price materials, and shook excessively under load. Yet managers dismissed concerns to protect reputation, schedules, and budgets. Constructive criticism was treated as disloyalty.
Vajont Dam (1963)
Flashpoint: A massive landslide triggered a devastating flood, killing nearly 2,000 people.
Context: Warnings from engineers, journalists, and local residents were ignored as government leaders rushed to complete the dam. Critics were silenced, and concerns were dismissed using desk-based calculations. In hindsight, the disaster was not natural but systemic.
Boeing 737 MAX (2018–2019)
Flashpoint: Two crashes resulted in total loss of life.
Context: Initially blamed on pilot error, investigations revealed failures in system design, training, and organizational culture. Engineers reported that safety concerns were overridden by cost pressures and development timelines, while internal reporting muted dissent.
From rules to relationships: The human factor in governance
From Victorian steel to modern software, the materials changed but the behavior patterns did not. What is different now is our ability to spot dangerous patterns earlier and intervene before collapse occurs.
Modern risk and compliance models still prioritize rules, statistics, and metrics, often marginalizing human factors such as perception, cognitive bandwidth, beliefs, and biases. Our analysis identified five recurring behavioral pressure points that signal elevated risk.
Organizations enter a jeopardy zone when stakeholders feel that compliance programs are:
-
Overloading them with paperwork or cognitive burden.
-
Forcing behavior change in ways that feel mistrustful or manipulative.
-
Undermining personal safety, dignity, or life choices.
-
Technically lawful but perceived as unfair.
-
Taking stakeholder support for granted.
The last pressure point is often the most powerful and explains why boards lose shareholder support, brands lose customers, and governments lose elections.
Beyond command-and-control
Governance fails without trust—among colleagues, between boards and stakeholders, and between organizations and society. Loss of trust following misconduct or catastrophic failure casts doubt on leadership’s ability to govern effectively.
Trustworthiness is the most valuable intangible asset of any organization. Governance leaders must actively manage it by valuing fast, clear reporting of frontline risk and paying close attention to qualified dissent.
Governance is therefore a relational system, not a mechanical one. Informal norms and social networks shape behavior more powerfully than formal codes. Compliance culture change will fail unless leaders engage directly with these realities.
Regulators such as the UK Financial Conduct Authority and the Dutch Central Bank now assess conduct, culture, and trust as predictors of downstream risk. Organizations will increasingly need to demonstrate how they detect and respond to early warning signals.
From vision to action
With the right guidance, leaders can develop habits that shift governance from hindsight to foresight, including:
-
Walking the floor to listen for emerging concerns.
-
Rewarding transparency and corrective action.
-
Mapping informal trust networks.
-
Integrating behavioral insights into risk assessments.
Conclusion: The value of a behavioral lens
Threats to good governance are rarely invisible; they are simply overlooked. Masked by routine compliance and optimistic assumptions, they remain in plain sight.
The solution is not more rules or metrics, but better questions. By cultivating behavioral awareness, organizations can detect early warning signals sooner, gaining time to adapt, rebuild trust, and maintain legitimacy.
Over time, the behavioral approach strengthens resilience, reputation, and reflexivity, bridging the gap between theoretical compliance frameworks and everyday practice. It moves organizations beyond surface compliance into a more durable model of governance aligned with long-term strategy.
View all articles Read the next article