Traditional compliance messaging often assumes that more rules and stronger penalties lead to better outcomes. From a behavioural science perspective, what are the most common reasons such messages fail, and how should compliance teams fundamentally redesign messaging to drive attention and action?
Traditional compliance messaging is often built on a simple assumption: if people know the rules and understand the consequences, they’ll comply. Behavioural science shows us that this isn’t how real decisions are made.
In practice, compliance messages fail because they’re easy to ignore, hard to process, and disconnected from everyday work. They arrive in busy moments, use abstract language, and focus on distant risks rather than immediate decisions. In some cases, they even trigger resistance – people feel lectured or policed, rather than supported.
A behavioural redesign starts by meeting people where they actually are. That means making messages salient and concrete, so it is obvious what action is required and when; reducing cognitive load through plain language and clear structure; and linking compliance to outcomes people care about now – not just hypothetical penalties later.
In our consulting work, we focus on designing messages for real human attention, not idealised rational actors. We find that when compliance feels relevant, clear and useful, people are far more likely to act.
Reducing friction is central to behaviour change. In practical terms, where do compliance processes most often introduce unnecessary friction, and how can behavioural insights be applied so that compliant behaviour becomes the easiest option?
Unnecessary friction often creeps into compliance through good intentions: extra checks, additional forms, and multiple approvals. Over time, this creates processes that are complex, slow, and out of sync with how people actually work.
From a behavioural perspective, every extra step is a point where compliance can break down. When processes are unclear or interrupt core tasks, people delay, make errors, or look for workarounds.
Behavioural insights help by flipping the question from “How do we enforce this?” to “How do we make the right behaviour as easy as possible?” For example, practical approaches could include:
- building compliance steps into existing workflows rather than creating a separate task
- clearly signposting and simplifying choices, as well as removing any low-value steps
- and using well-designed defaults, so the compliant option is also the easiest one.
The truth is that behaviour follows the path of least resistance; if compliance sits on that path, adherence will naturally rise.
Behavioural science shows that people are strongly influenced by what they perceive others are doing. How can compliance functions responsibly use social norms and peer signals in their messaging to improve adherence without creating pressure or unintended consequences?
It is absolutely true that people take cues from others, especially in uncertain situations. Used carefully, social norms can reduce ambiguity and make good behaviour feel culturally ‘normal’ rather than exceptional.
We believe it is best to start with accuracy and restraint. Highlighting true, positive norms, such as ‘most teams complete this correctly on first submission’, reassures people without applying pressure.
To avoid unintended effects:
- norms should always be fact-based, not inflated – do not lie to your audience
- messaging should emphasise shared standards rather than just competition
- and comparisons should encourage learning, not shame.
When done well, social norms don’t coerce – they quietly signal “this is how we do things here,” which is often all people need to comply confidently. It is also how to build the kind of compliance culture you want, as social norms and culture go hand in hand.
Many compliance messages are delivered too early, too late, or in the wrong context. How can behavioural science help compliance teams identify the right moments to intervene – and what does effective ‘just-in-time’ compliance messaging look like in practice?
One of the most common compliance mistakes is communicating at the wrong moment. Policies are read months before a decision is made, for example, or reminders arrive after the action has already happened.
Behavioural science shifts the focus to decision points – the exact moments when someone is choosing, submitting, approving or escalating. These are the moments that matter. In our work, we sometimes help clients start with a behavioural audit to identify what these actual behaviours are, rather than relying on guesswork. It’s best to start with a clear picture of what is actually happening.
Effective just-in-time compliance messaging:
- appears at the point of action
- is short and specific, not vague or policy-heavy
- and helps people make the right choice without pulling them out of their workflow.
The aim isn’t more communication – it’s better timing and more specificity. When guidance shows up exactly when it’s needed, and it is clear what the ask is, compliance feels supportive rather than intrusive.
Punitive compliance approaches can lead to disengagement or workarounds. What behavioural alternatives – such as positive reinforcement, incentives or feedback loops – have you seen work most effectively in compliance messaging, and why do they outperform fear-based tactics?
Fear-based approaches may deliver short-term compliance, but they rarely build sustainable behaviour or the right type of compliance culture. Over time, they tend to encourage avoidance, disengagement, minimal effort, or creative workarounds.
In practice, there are some effective alternatives such as:
- recognising and reinforcing good compliance behaviours
- giving timely feedback that shows people the impact of their actions
- and linking compliance to professional standards, team success or pride in good work.
These approaches work because they tap into intrinsic motivation. People are more likely to comply when they feel trusted, capable, and valued, not just monitored and policed.
Completion rates and policy acknowledgements say little about real behaviour. What behavioural metrics or indicators should GRC leaders focus on to assess whether compliance messaging is genuinely changing decisions and actions on the ground?
Yes indeed, traditional metrics tell you whether a message was delivered, not whether it changed anything. A behavioural approach would be to measure what people actually do. Useful indicators could include things like the following:
- response rates to compliance requests
- error rates, rework and near misses
- the quality and speed of decisions at risk points
- patterns in escalations or exception requests
- and whether behaviour changes persist over time.
In our BEHAVES Academy workshops, we encourage leaders to identify a short list of very specific, measurable behaviours and then focus on implementing interventions aimed at changing those measurements towards a defined goal – for example, increased active response rates to compliance request emails.
After we have rolled out our suggested behavioural interventions, if the measurements change in the right direction, then the messaging is working. It’s as simple as that.
Behavioural science is powerful, but it also raises ethical questions. How should compliance leaders ensure behavioural interventions remain transparent, ethical and trust building – rather than manipulative – while still delivering measurable improvements in compliance outcomes?
This is something we feel very strongly about – we actively promote the FORGOOD frame work in both our consulting work and our training (which you can find out more about here). Behavioural science should help people succeed, not trick them into compliance. Ethical practice starts with intent.
Good behavioural compliance interventions are transparent about what they’re trying to achieve, designed to support choice, not remove it, and aligned with organisational values and fairness.
A useful test is to ask:
- Would we explain this intervention openly?
- Does it make people’s jobs easier or harder?
- Does it build trust, or quietly erode it?
When behavioural approaches are used responsibly, they don’t just improve compliance – they help build a positive compliance culture, strengthen credibility, engagement, and long-term outcomes.
Take Part in Our Global GRC Research
AGRC is partnering with Risky Women and BEHAVES Academy on a new global research study exploring how behavioural science is understood, valued, and applied across Governance, Risk and Compliance (GRC).
While behavioural science is increasingly shaping compliance and risk practices, there is still limited evidence of how it is used in day-to-day GRC roles. This research aims to close that gap.
We invite GRC professionals to contribute to a short, anonymous 5-minute survey. Your insight will help shape credible, practical learning pathways for the future of GRC. Participants can opt in to receive a benchmarking report, enabling you to compare your responses with peers by role, geography, and seniority.
Take the Survey (Closes: 21 February 2026)
Shelley Hoppe is a behavioural scientist and the founder of both SBC, a behavioural communications consultancy, and the BEHAVES Academy, which teaches pragmatic applied behavioural science to organisations at scale. With the support of her team, she helps organisations apply behavioural science to real-world challenges in leadership and change as well as governance, risk and compliance. With a background spanning communications, leadership and change, Shelley completed an MSc in Behavioural Science at the London School of Economics and specialises in making behavioural insights practical and usable in complex organisational settings. She has worked with corporate clients across a range of industries and the public sector. Shelley is currently partnering with the Association of Governance, Risk & Compliance (AGRC) on research into how GRC professionals understand and use behavioural science, as well as on the design of bespoke learning pathways for the AGRC community.
