By now, most have read about the consent orders issued last week by the CFPB and the OCC concerning Wells Fargo. The consent orders ordered Wells Fargo to pay a total of $185 million in civil monetary penalties ($100 million to the CFPB, $50 million to the OCC and $35 million to the City and County of Los Angeles), as well as reimbursing customers an estimated $5 million because Wells Fargo employees, in an effort to boost sales figures and earn bonuses: (a) opened deposit and credit card accounts without customer consent; (b) moved funds from authorized accounts to the new deposit accounts without customer consent; (c) enrolled customers in online banking services they did not request; and (d) ordered and activated debit cards business customer information again, without customer consent. The consent orders shine a large spotlight on the problems that can occur when employees are provided incentive compensation without adequate compliance management systems in place to insure bad things don’t happen. The CFPB is quick to say that they are not prohibiting incentive compensation, but “companies need to pay very close attention to make sure they have effective monitoring in place to ensure that consumers are protected.” Prepared Remarks of Richard Cordray (Sept. 8, 2016).

As with many of the Consent Orders issued by the CFPB and other federal regulators, the Consent Orders issued as to Wells Fargo are an excellent place for others in the financial industry to begin in assessing whether their compliance management systems regarding incentive compensation are adequate.

Here are Our Takeaways:

  • Banks and Credit Unions should take a hard look at incentive compensation structures across all business lines to insure they do not provide a heightened risk of unfair or abusive practices;
  • Banks and Credit Unions should require ongoing training of all sales personnel reasonably designed to prevent improper sales practices (in the case of Wells Fargo, the opening of accounts without customer consent, etc.) and such training should be repeated and assessed for adequacy at recurring intervals.Training records should be maintained.
  • Banks and Credit Unions should implement a system to report sales integrity issues internally and provide training to employees as to the use of the same;
  • Banks and Credit Unions should proactively monitor their sales practices on a regular basis, hire adequate personnel and resources to do so, and implement policies and procedures insuring the same.
  • Banks and Credit Unions should maintain adequate policies and procedures for:
    • Receiving, retaining and addressing customer inquiries or complaints and escalating the same;
    • Receiving, retaining and addressing internal allegations of improper sales practices or other sales integrity violations and escalating the same;
    • Identifying, tracking and addressing indicators of improper sales practices or other sales integrity violations;
    • Addressing improper sales practices and other sales integrity violations, both internally and externally;
  • Banks and Credit Unions should review their policies and procedures regarding sales of deposit accounts, credit cards, unsecured lines of credit, and related products and services (both internally and with associated vendors) to insure they are reasonably designed to procure and document customer consent;
  • Banks and Credit Unions should assess whether their performance-management, sales goals and incentive compensation are reasonably designed to prevent improper sales practices or other sales integrity violations;
  • Similarly, Banks and Credit Unions should review their risk management and oversight programs to insure they include policies and procedures for reporting and escalating sales practice information in a timely manner;
  • Banks and Credit Unions should review their risk management and oversight protocols to insure they establish key risk indicator metrics to monitor for unsafe and unsound sales practices.In the case of Wells Fargo, the OCC Order provided that, at a minimum, this information should include customer surveys, customer complaints, bank employee ethics allegations or complaints and Corporate Investigation metrics;
  • Banks and Credit Unions should employ a comprehensive written assessment of any new or materially revised incentive structures prior to implementation to ensure that risks are controlled.