On April 10, 2017, a committee of independent directors of Wells Fargo released a 110-page report on the results of an investigation into the root causes of improper sales practices at Wells Fargo’s Community Bank (the “Community Bank”).[i] The report will likely be studied by regulators, congressional committees, financial institutions, and other companies for insights into the causes of problematic sales practices and, more broadly, insights into how boards and senior management can improve their identification of and response to red flags. The report’s findings can be expected to inform regulators’ expanding expectations around corporate governance and compliance.

We summarize below some of the key lessons that regulators and other parties may glean from the report.

Background

The independent directors’ investigation followed regulatory settlements announced in September 2016 by the Consumer Financial Protection Bureau (“CFPB”), the Office of the Comptroller of the Currency (“OCC”), and the City and County of Los Angeles, which involved allegations that thousands of bank employees opened deposit accounts and issued credit cards without consumers’ knowledge or consent, so that employees could satisfy sales goals and earn financial rewards. These settlements provided for $185 million in penalties, plus consumer restitution. The bank has taken a number of remedial actions, including discontinuing the relevant sales goals, reforming incentives, terminating five senior executives, implementing compliance and corporate governance changes, and imposing clawbacks and other executive compensation measures that now total over $180 million.

Lessons Learned

  • The investigation report finds that the Community Bank’s sales culture and performance management system, when combined with aggressive sales management, created significant, and in some cases “extreme,” pressure on employees to engage in improper sales practices. The report identifies several root causes of how these problems occurred and were able to persist. The key lessons that regulators and other parties may take from the report include:
  • The importance of a centralized corporate structure and centralized, independent control functions: The report places significant blame on the bank’s decentralized corporate structure, which gave too much autonomy to the Community Bank’s senior leadership, which was “unwilling to change the sales model or even recognize it as the root cause of the problem.” The report paints the picture of a decentralized company in which a strong business unit could operate as a fiefdom that stifled internal dissent and kept full information from corporate-level management.
  • Relatedly, the report finds that the bank’s risk (compliance) and human resources functions were too decentralized, which “impeded corporate-level insight into and influence over the Community Bank.”[ii] While there was progress to centralize and strengthen these functions at the corporate level, that progress was too slow and the company’s Chief Risk Officer was “essentially confined to attempting to cajole and persuade” the Community Bank’s leadership to be more responsive to sales practices-related risks. With respect to the risk function that resided within the Community Bank, these risk managers were “answerable principally to the heads of their businesses and yet took the lead in assessing and addressing risk within their business units” and were ultimately ineffective.
  • Thus, the report can be seen as providing strong support for a centralized corporate structure and, in particular, centralized risk, compliance, audit, legal, and other control functions that have sufficient independence and can meaningfully support senior management and board efforts to oversee a company’s business units. Noting that the centralization of the risk function at the bank was subject to “considerable disagreement,” the report broadly concludes that “events show that a strong centralized risk function is most suited to the effective management of risk.” The implication of the report is that a more centralized structure can improve transparency and oversight, reducing the chances that problems can fester and that individual business units can strong-arm control functions.
  • Board and senior management responsibility to investigate red flags and require more detailed reports and concrete action plans: While the report focuses on the Community Bank leadership’s incomplete reporting to the Board,[iii] the report also faults the Board for not doing more to probe for further information. Specifically, in February 2014 and thereafter, the Board and Risk Committee received assurances from management that enhanced monitoring and other measures were being put in place to address improper sales practices that had come to light. Management’s reports, however, “generally lacked detail and were not accompanied by concrete action plans and metrics to track performance.” The report concludes that the Risk Committee and Board should have insisted on concrete action plans and metrics to substantiate the notion that corrective action was being taken and was effective. Similarly, the report finds that the former CEO did not act quickly enough and failed to “engage in investigation and critical analysis to fully understand the problem.”
  • Of course, management and board oversight efforts are always judged with the benefit of hindsight. The bank’s experience will likely raise the bar on senior management and board responsibility to probe and follow-up on red flags, insist on more specific and complete information, and hold management accountable for concrete plans to achieve corrective action.
  • Bolstering ethics and compliance culture: Although not an explicit theme of the report, the report highlights the need to focus on issues of “tone at the top” and a strong ethics and compliance culture that permeates the organization and allows for dissent and disagreement. For example, the report finds that even senior leaders within the Community Bank were afraid of, and discouraged from, airing contrary views to the head of the Community Bank, and there were efforts to impede the escalation of issues outside the Community Bank. The report also emphasizes the Community Bank’s strong self-identification as a sales organization, rather than as a service-oriented financial institution, which justified a “relentless focus on sales, abbreviated training and high employee turnover.”
  • Greater consideration of systemic causes: A key theme of the report is that, throughout the bank, these problems were generally seen as individual in nature, and there was insufficient consideration of deeper, systemic causes. According to the report, certain of the bank’s control functions often adopted a narrow “transactional” approach to issues as they arose: “They focused on the specific employee complaint or individual lawsuit that was before them, missing opportunities to put them together in a way that might have revealed sales practice problems to be more significant and systemic than was appreciated.” Similarly, the firings of sales personnel were viewed as isolated, employee-specific issues, rather than as potentially reflecting larger structural problems.[iv]
  • As noted, the report underlines senior management and boards’ obligations to follow up on red flags and search for systemic causes. In this vein, the report could provide a basis for more frequent calls for independent internal investigations to determine the scope and root causes of identified problems. According to the report, the reviews that were conducted by the bank earlier in time were limited in nature and not escalated to high levels in the organization.
  • Taking a broader approach to risk and consumer harm: Another theme in the report is that the bank focused excessively on consumer financial harm (or lack thereof) as the measure of consumer harm. The report will serve as a reminder that institutions should take a broader view of consumer harm, to include seemingly more abstract harms such as misuse of consumer information and abuse of trust. The report also emphasizes that senior management and others consistently overlooked the significant reputational consequences posed by the improper sales practices.

In addition to the several lessons that emerge from the report, we note that the CFPB and the New York Department of Financial Services have recently issued guidance on steps that regulated entities should take in managing sales and other compensation incentives.[v] Among other things, the CFPB’s guidance addresses board-level review of incentive compensation and strong compliance management over such incentives, as well as the need for employees to receive appropriate training and be provided an easy way to report unethical or problematic conduct. We have summarized the CFPB’s guidance in a previous client memorandum.[vi]

Associate Vikas Desai contributed to this client alert.