Wells Fargo Failures in Risk Management Cost $1 Billion Settlement
Steven Minsky | April 23, 2018
Wells Fargo has suffered the consequences of repeat scandals since 2016. This week, the bank agreed to a $1 billion settlement with federal regulators who have cited their lack of effective risk management practices as the root cause of their woes.
This settlement with the Consumer Financial Protection Bureau and Office of the Comptroller of the Currency would be another blow to Wells Fargo in a long line of many.
Let’s look at a timeline of Wells Fargo’s risk management scandals:
- 2009-2016 – Wells Fargo perpetrates a massive cross-selling scandal in which millions of accounts were created without consumers’ consent
- September 2016 – The CFPB levies a $185 million fine, the highest in their operational history
- August 2017 – The bank accidentally leaks the PII for over 50,000 accounts
- August 2017 – Wells Fargo charges 800,000 customers for insurance they did not need
- October 2017 – The bank wrongly charges homebuyers with fees to lock in mortgage rates
- March 2017 – The Federal Reserve imposes unprecedented sanctions on Wells Fargo prohibiting them from growing beyond their holdings in 2017
- April 2018 – Wells Fargo nears $1 billion settlement with its federal regulators
This timeline makes good on a prediction I made after the bank’s original cross-selling scandal. In an interview with business journalist L.A. Winokur regarding the Wells Fargo cross-selling scandal, I predicted: “Once the dust of this scandal settles, perhaps in two or three years, Wells Fargo will remain vulnerable in other areas of its operations to risk management failures.”
I immediately recognized the cross-selling scandal as a failure in risk management back in 2016. Now, regulators and the general public are beginning to demand more of Wells Fargo, not just from their sales department, but from the enterprise as a whole.
I’ve studied scandals for about 13 years now, and no matter what industry, product, or service the company is involved in, three things tie all scandals together:
- Scandals are known by personnel, typically at the front-line supervisory level, at least 6-12 months in advance.
- Scandals are failures in risk management and are therefore 100% preventable.
- Companies who do not recognize scandals as failures in risk management tend to suffer subsequent scandals in other departments.
These three common characteristics have been seen in recent scandals like Equifax, Chipotle, Uber, and of course, Wells Fargo. Let’s take a deeper look at how the Wells Fargo scandals leading up to this settlement to see how they signaled a need for better enterprise risk management.
How Are Wells Fargo’s Risk Management Scandals Related?
When news of the Wells Fargo cross-selling scandal broke, many people cited a poor sales culture as the root cause. In the blog I wrote about this scandal, I pointed to the fact that the same employees who were tasked with reaching certain sales goals were the same employees who were issuing new accounts and cards. With proper risk assessments and oversight, management would have identified the risk of employees meeting their sales goals improperly, and they would have mitigated this risk by implementing separations of duties and access rights.
After an in-depth investigation into the scandal, the CFPB and the OCC alleged the bank “failed to establish an enterprise-wide sales practices oversight program to prevent and detect unsafe or unsound sales practices, or mitigate the risks resulting from such sales practices.”
While these regulators point to a failure in risk management in their allegations, the scope is too narrow. For organizations to truly protect themselves from the punitive damages and reputational consequences of scandals, they need to implement risk management and oversight practices across the enterprise, not just within select departments.
I predicted that Wells Fargo would fall victim to subsequent scandals because they focused too narrowly on their sales department without considering similar vulnerabilities in other areas of their business.
My prediction first came to fruition when the bank leaked the PII of 50,000 accounts, and again when Wells Fargo admitted to charging their auto-loan customers for insurance they didn’t need. Both of these scandals are tantalizingly similar to the bank’s original cross-selling scandal. To avoid the repeat scandals and headlines they’ve found themselves the center of, Wells Fargo needed to establish a robust enterprise risk management program and infrastructure, complete with risk assessments that extend across departments and levels
Under the Wells Fargo settlement, which is the largest ever imposed by the consumer bureau, Wells Fargo will reimburse harmed consumers and make improvements to its risk management and compliance programs. The string of punitive actions in addition to this latest settlement should be a warning to all risk managers, C-suite executives, and companies alike: scandals are failures in risk management, wrongdoings are preventable, and upper management will be held accountable for their failure to oversee operational activities.
This is a message I and LogicManager have expounded for many years, and now 18 months after Wells Fargo first topped news headlines, my prediction from September 20, 2016 has been accepted now by two federal regulators, and all major press will report how the Wells Fargo Scandal is now officially labeled a failure in risk management.
The Wells Fargo Risk Management Settlement Is a Result of the See-Through Economy
Why are regulators acting now and labeling Wells Fargo’s scandals failures in risk management? It comes back to my idea of the see-through economy: an age of transparency in which consumers, investors, and regulators can impact a company’s reputation. Today, new technology like social media and real-time, online news outlets leave companies with no where to hide when they fall short of expectations.
The see-through economy is accelerating the need for risk management, especially as scandals continue to wreak havoc on market valuation:
Proactive, enterprise-wide risk management programs and infrastructure is the only way companies can avoid the lessons-not-learned by these organizations and meet the rising demands and expectations of consumers, investors, and regulators.