Culture Is a Compliance Control. Is Yours Working?
Every major compliance failure of the last decade exposes the same blind spot: culture and people risk. Firms wrote the policies, built the frameworks, ran the training. Yet between the rule and the moment someone had to act on it, something still broke down.
That is a people problem. And it is the most underestimated risk in your compliance environment.
$17.25bn
413 operational and non-financial risk loss events totalling US$17.25bn in 2024. In 2025, conduct remained both the most frequent and the most severe risk type.
$4.3bn
Criminal penalty paid by Binance after regulators concluded it had prioritised growth over compliance.
US DoJ
The question is not whether your organisation can afford to invest in culture. It is whether it can afford not to.
Culture and People Risk: When Controls Fail
Across financial crime, cybersecurity, operational resilience and ESG, the enforcement record tells one story. Internal controls existed. Concerns were raised. The culture did not allow those concerns to land. By the time the regulator arrived, the cost had already been paid.
Here is the pattern at a glance.
Wells Fargo
$3bn+ in penalties
Performance at all costs. Thousands who raised concerns were dismissed. Internal reports flagged the pressure to cheat as early as 2004.
Binance
$4.3bn criminal penalty
Growth prioritised over compliance. More than 100,000 suspicious transactions went unreported, including links to ransomware and sanctions breaches.
CrowdStrike
$5.4bn estimated impact
Engineers flagged rushed releases for more than a year. A single faulty update took down 8.5 million devices in July 2024.
DWS
$19mn + €25mn in fines
The chief sustainability officer raised concerns internally. She was dismissed. Regulators eventually listened.
In each of these cases, the written framework was not the problem. The culture around it was. Controls do not fail in isolation. They fail when the people responsible for running them cannot, or will not, act on what they see.
The Human Factor in Every Compliance Failure
Culture and people risk shows up first as a question of psychological safety. In other words, people will raise concerns only if they feel safe doing so. This is not a soft issue. It is the setting in which every compliance control either works or fails.
Think about what culture really decides in your organisation:
- Whether an AML analyst flags a transaction that their manager seems comfortable with;
- How quickly a compliance officer escalates findings that embarrass a profitable business line;
- The engineer who pushes back on a release that is not ready.
- An ESG lead challenging a commitment that the data cannot support.
In each case, the decision is shaped not by policy, but by culture.
Meanwhile, inclusion sits alongside psychological safety. One is about whether people feel safe to speak. The other is about whether colleagues listen when they do.
As a result, diverse teams spot anomalies, challenge accepted narratives and catch patterns that homogeneous teams miss. However, where leaders routinely dismiss their concerns, organisations quietly weaken their own early warning systems.
The Data Behind the Silence
- 43% of frauds were detected by tips.
- More than half of all tips come from employees. (ACFE, 2024)
- The FCA received 1,131 new whistleblowing reports in 2024/25.
- Culture ranked as the fourth most common issue.
- Over half of completed reviews led to direct regulatory action. (FCA Prescribed Persons Annual Report 2024/25)
High reporting volumes, in a culture where people feel safe, are not a sign of dysfunction.
They are a sign of organisational health.
Regulators Are Watching Culture
UK financial services firms should be in no doubt. Culture and people risk now sits inside the regulatory perimeter, and the perimeter is widening.
First, SM&CR created personal accountability for senior leaders. Then, Consumer Duty elevated culture as a supervisory lens. Most recently, the FCA has begun treating non-financial misconduct, including bullying, harassment and inaction on concerns, as a red flag for deeper cultural failure. As a result, supervisory cases tagged to non-financial misconduct have risen every year: 123 in 2022, 168 in 2023, 229 in 2024.
FCA Consumer Duty (2023)
Firms must deliver good outcomes, not just document processes. Culture is a supervisory lens.
SM&CR
Personal accountability for senior leaders for the cultures they create and the conduct they enable.
FCA Non-Financial Misconduct
Bullying and harassment treated as red flags for broader cultural failure. NFM rules extend to non-banks from September 2026.
EU AI Act
Human oversight, bias controls and accountable AI governance now regulated. Penalties up to €35m or 7% of global turnover.
From the Content Library
The articles and white paper below develop this narrative in depth. Each examines a different dimension of culture as a compliance control.
How Argus Pro Manages Culture and People Risk
Thought Leadership
Rigorous, practitioner-led analysis of culture as a compliance control across anti-financial crime, cybersecurity, operational resilience and ESG. Content that connects enforcement history to practical action.
Read our Insights
Workshops
Seven specialist one-day workshops for regulated financial services firms. From foundational culture awareness to board-level governance. Open cohort and in-house formats.
Explore the Workshop Suite
Regulatory Intelligence
Our compliance frameworks cover Anti-Financial Crime (AFC), Cybersecurity & Digital Operational Resilience (CDOR), and AI Governance. Culture sits at the intersection of all of them, and assessment findings can directly inform your workshop priorities.
Meet the Experts
Jen Davidson | Culture and Inclusion Expert
Jen Davidson is a specialist in organisational culture, inclusion, and psychological safety, with a particular focus on how these disciplines intersect with compliance, risk, and financial crime prevention. Jen works with leadership teams, boards, and compliance functions to help organisations move beyond policy and build the cultural conditions in which people genuinely feel safe to speak, challenge, and act with integrity. Her work bridges the often-siloed worlds of DEI and financial crime, making the case that the two are not separate agendas, but deeply and consequentially connected.
Mike Falvey | Partner, Argus Pro LLP
Mike brings more than 25 years of senior leadership across financial services, government and regulated industries. He is the former Chief People Officer and Director General at HMRC, and was formerly a KPMG Partner with a client portfolio spanning FTSE 100 and public-sector organisations. He has advised UK and overseas Ministers on compliance culture and the behaviours that protect organisations from regulatory failure. Mike is the strategic and board-level voice behind Argus Pro’s Culture & People Risk capability.
Start the Conversation
Whether you are building a speak-up culture from the ground up, addressing a gap identified in a regulatory review, or preparing your board to take culture and people risk seriously, we can help.