Risk Consulting and the Wells Fargo Sales Scandal

Wells Fargo recently released an 110-page report, prepared by Shearman and Sterling, outlining issues around its Community Bank business unit’s (CBBU) improper sales practices resulting in senior level terminations and clawbacks of executive compensation in excess of $180 million.

The report reveals that even though Wells Fargo was adopting some of the best practices in enterprise risk management and regulatory compliance, the organization still encountered significant issues due to a systemically poor culture of integrity in its Community Bank business unit (CBBU).  The root cause of the issues at Wells Fargo’s CBBU was an aggressive sales culture that put undue pressure on salespeople to cheat by opening unwanted, unneeded or even fake accounts to meet sales targets.

The issue highlights a shift in regulatory focus away from technical, rules-based standards toward more subjective, value-based approaches.  Value-based regulations require organizations to prove that organizations not only comply with all applicable technical rules and reporting guidelines but also must demonstrate the effectiveness of the compliance program, itself.  This may involve demonstrating the existence and proper functioning of regulatory change management programs or it may involve proving the depth and breadth of ethical leadership in sustaining an enterprise-wide culture of integrity.

The ability to prove the effectiveness of compliance programs can significantly reduce enforcement actions such as fines, penalties or even jail time against an organization and its executives, by showing any highlighted deficiencies are an isolated issue and not the result of systemic failure in organizational compliance policies, procedures, and values.

The report also highlights many areas where either the firm or its legal counsel used consultants to assist in their investigation, e.g., McKinsey & Company to evaluate their Enterprise Risk Management program, Accenture to review and reform the offending business unit’s sales practices, FTI Consulting to analyze account and employee data trends that showed the incidence of misconduct increasing as sales goals became harder to achieve, and PwC to assess and quantify harm to customers.

Below is a highlight summary of some of the events in the report:

Wells Fargo retained a decentralized compliance operating model resulting from a legacy of growth through acquisitions. Compliance was relegated to the front-line business units, under the belief and current best practice that the entity that bears the risk is the most capable of managing it.

In 2011, Well’s Fargo’s Board created a separate Enterprise Risk Management Committee (ERMC) to oversee enterprise-wide risk and in early 2012, created a corporate level Chief Risk Officer (CRO).  In February 2013, the firm engaged McKinsey & Company to help them initiate a multi-year plan to implement ERM. In October 2013, McKinsey presented a strategy and three-year plan for improvements, which was adopted by the firm in July 2014 and funded with $60 million, largely for additional staffing and more comprehensive second line oversight (i.e. a centralized Corporate Risk function) of first or front line business activities.

In 2012, the CRO had sufficient concern about excessive sales pressure in the Community Bank Business unit (CBBU) to raise it as an issue, and although the CRO had the power to escalate the issue to the ERCM, he had limited authority or directive power over business units.  Thus, the CBBU’s own risk, compliance and human resources functions — answerable to CBBU leadership, not corporate — conducted their own investigation and ultimately delivered an underwhelming presentation that did little to assuage committee member concern.  The overly decentralized organizational structure proved to be a key organizational impediment that limited Corporate from understanding and managing the extent of the problem that was soon to develop.

Corporate Risk, HR, Legal, and Audit each also recognized a problem at the CBBU through the narrow lens of their functional vantage point, yet none was able to put the pieces together — to neither see the larger picture nor frame the issue properly — until the sales practice issues became prominent due to two newspaper articles highlighting the CBBU’s improper sale practice published in the Los Angeles Times, first in October 2013, and another in December 2013.

In response to these articles, the issue was finally elevated to the Board level, however, repeated requests by the ERMC for more information by the CBBU continuously resulted in reports that minimized the issue, prevented escalation and ultimately misled the Board. CBBU leadership blamed its employees for violating rules rather than identifying the root cause that motivated the undesired behavior, which was their aggressive sales model and compensation structure.

Finally, in April 2015, Corporate Risk decided to become more actively involved.  Up to then, Corporate Risk’s effort to oversee CBBU’s sales practices were hampered by the absence of formal governance structures for exercising oversight, which was finally rectified through the creation of a Sales Practices Oversight unit within Corporate Risk function in late 2015.

On May 4, 2015, Los Angeles City attorney filed a lawsuit challenging Wells Fargo’s sales practices in Los Angeles, with the Consumer Financial Protection Bureau (CFPB) and Office of the Comptroller of the Currency (OCC) later piling on. In September 2016, after lengthy discussions, the firm reached a settlement with the Los Angeles City attorney, the CFPB, and OCC.