After the news broke, New York City Comptroller Scott Stringer said, “This is a full-blown scandal—again. It’s unbelievable, outrageous, sad, and yet quintessential Wells Fargo.”
Such a statement assuredly resonates with millions of people whose eyes so much as glanced this latest headline. Scandals are always met with a feeling of outrage because they are preventable. What makes this particular scandal so outrageous is that it is tantalizingly similar to the risk management failure in their cross-selling scandal.
Wells Fargo is an innovative bank. Most banks dream of having a cross-selling program or offering products like Guaranteed Asset Protection products. But as I’ve said before in regard to big name companies like Chipotle, BP, and Volkswagen, with innovation comes risk.
As I explained in part one, with the innovation of cross-selling came the risk of access rights and separation of duties. Without a proper governance structure in place to identify and control the risks inherent to these new process, scandal was bound to materialize.
Of course, as I’ve mentioned, Wells Fargo and many others incorrectly saw the root cause of this scandal as an overzealous sales program. The OCC and myself came out and said that it wasn’t a sales culture problem, but a risk governance problem, and mandated that the bank implement an effective enterprise risk management program.
However, the bank seems to have interpreted the OCC too narrowly. Instead of understanding the root cause as a failure in enterprise risk management, they identified the root cause as a failure in risk management in the one department where the scandal occurred, i.e. sales.
Clearly, this was the wrong interpretation, as the newest auto loans scandal shares the same root cause: a failure to see the side effects of innovation and govern their processes effectively. Same root cause, different department.
In a statement, Wells Fargo spokeswoman Jennifer Temple said that the bank took steps to improve the administration of their Guaranteed Asset Protection products back in 2014. While it is unclear what these steps were, it is evident that the risks associated with this “improvement” were not identified or properly controlled.
Let’s take an excerpt from my first Wells Fargo blog regarding their cross-selling practices: “Where were the risk assessments on these sales and booking processes? What about internal audits of both the risk management process and governance oversight on these areas?”
These questions are directly applicable to the current situation. Before you implement a policy, it’s imperative to perform objective risk assessments on the processes involved to uncover any potential risks before they materialize.
Having done so, the auto loans department would have seen that there was an inherent risk in their collateral protection insurance policy, that is, a risk of charging a customer for insurance they didn’t need. From there, controls would have been implemented to ensure that employees were conducting proper due diligence and ensuring that customers did in fact lack auto insurance before purchasing it for them. From there, the scandal would have never occurred.