Unfair trading places
In February 2025, the UK’s Competition and Markets Authority fined four global banks a combined £104.5 million for breaching competition law. Traders had used private chatrooms to share confidential information about UK government bonds, giving each other an unfair advantage.
Here’s the kicker.
Every single one of those organisations will have required staff to complete mandatory compliance training, often annually, for years. The employees involved had almost certainly clicked through anti-trust modules, reviewed acceptable behaviour policies, and signed attestations confirming they understood the rules. And yet, it happened anyway.
The issue isn’t whether the rules were shared. It’s that in the crucial moments, the rules were not followed.
Heading for the breach
It’s not just a case of a few individuals “going rogue”. A recent survey by the Institute of Directors revealed that a large number of senior business leaders in the UK do not recognise the basics of competition law:
· Over 40% didn’t know that attending a meeting where competitors agree prices is illegal.
· Nearly 50% didn’t realise that bid-rigging is unlawful.
· More than 50% were unaware that dividing up customers with a rival breaks the law.
These aren’t minor technicalities. They’re breaches that carry major legal and reputational consequences.
And it’s not just happening at the top. For example, since 2020, employment tribunal claims involving misconduct have risen sharply. Cases citing workplace “banter” have increased significantly, and sexual harassment claims are now being described by legal experts as a “ticking time bomb” for UK employers.
So, if the training is happening, and the policies are in place, why aren't the breaches going away?
If training worked, we wouldn’t be here
The standard response to a compliance breach is familiar: roll out the information-dense e-learning. Add another slide to the policy deck. Reissue the comms. Ask for another round of attestations. Track completions and move on.
But here’s the uncomfortable truth: telling people the rules, and asking them to confirm they’ve read them, doesn’t mean they’ll follow them.
That might sound cynical.
But all the evidence shows that this uncomfortable truth is a reality of natural human behaviour.
Why do people follow rules?
Most compliance programmes still rely on simply telling people the rules and believing they will follow them. But two studies published in 2025 suggest the reality is very different.
1. This study explored the core reasons people follow rules, testing four possible motivations: fear of sanctions, desire to help others, social expectations, and intrinsic respect for rules. The most powerful drivers turned out to be a sense of duty and the belief that others are also doing the right thing.
In other words, behaviour is shaped more by internal motivation and social norms than by threat of punishment or formal instruction.
2. This study tested how different formats of policy affected rule understanding and ethical conduct, comparing long documents, short summaries, and infographics.
None of them made a meaningful difference. So what did?
People's perception of what was normal. When employees believed unethical behaviour was rare and socially unacceptable, they were more likely to understand and follow the rules - even if they hadn’t read the policy at all.
These findings tell a consistent story. What drives ethical behaviour isn’t just information.
It’s whether people believe that following the rules is expected, shared, and part of “how we do things around here.”
The culture–training disconnect
We see this disconnect all the time. Almost every RFP we receive includes a strong ambition: make compliance part of the culture. But when we look at the design brief, the objectives nearly always fall back on traditional training logic to tackle culture:
· “Raise employee awareness of policies.”
· “Increase knowledge needed to meet regulatory standards.”
These goals aren’t wrong. But they rest on an assumption that knowledge leads to action. And that assumption doesn't hold up.
If you want compliance to be part of your culture, you need to go beyond learning objectives. You need to design for the conditions that shape behaviour:
· What people see
· What other people do
· What people believe is expected.
Small boosts, big shifts
We saw this clearly in our Innovate UK–funded project with the University of Warwick and GSK.
Rather than designing another round of training on Conflict of Interest declarations, we trialled behavioural boosts - small shifts in how the behaviour was framed and prompted.
One of the most effective interventions was incredibly simple. We positioned COI reporting as something that high-performing professionals at GSK routinely do. This small reframing made it feel like a normal, expected part of being good at your job.
No new modules. No extra content. Just a change in perception. And it worked. Declaration rates rose significantly.
As Dr Elaine Gallagher, one of our team on the project, put it: “Even modest numbers in our initial trials show how impactful behavioural interventions can be in driving compliance.”
Where do we go from here?
If better outcomes depend on better behaviours, then it’s time to stop designing for how people know and start designing for how they behave.
That means making the right thing easier, clearer, and more expected.
It means reinforcing norms, not just rules.
And it means embedding behavioural insight across your compliance approach - from risk to reinforcement.
Because if behaviour is the problem, it’s also the solution. Or as we say here at BAD - If it's a business problem, that's a human problem, which is a behaviour problem - and that's a BAD problem.
If you're ready to move beyond training and into real-world behaviour change, get in touch. We’d love to help you.
