Sherman & Sterling, engaged by Wells Fargo’s board to investigate its “fake accounts” scandal, issued a 113 page report which includes more ugly details about the California bank’s abusive sales practices. In connection with the release of this document, Wells announced that it was clawing back $28 million more from former CEO John Stumpf, who had already voluntarily given up $41 million, and $47 million from the former head of the community bank, Carrie Tolstedt.
The chairman of the board was also making the media rounds trying to persuade skeptical newscasters that having Stumpf retain 3/4 of the pay he’d earned when the abuses were underway (they now are acknowledged to have been visible as early as 2002) was adequate.
The New York Times depicted the report as “scathing”. In fact, it is a carefully crafted document to dump all responsibility on Stumpf and Toldstedt, both of whom clearly are culpable, and shield the board and the new CEO. Anyone who knows much about banking will see clear footprints that the board ignored basic risk management failures and poor governance structures. Ironically, the only part of the cover-up that might be plausible is that the new CEO, Tim Sloan, as having been head of a completely unrelated business until he was elevated to Chief Operating Office in 2015, does appear to have been organizationally removed enough to be blameless. He also appears to have tried taking action against Tolstedt fairly quickly given how loyal Stumpf was to her (as in Sloan would have been forced to proceed carefully).
First, we’ll go through how Sherman & Sterling covered up for the board. Then we’ll discuss other issues, such as what the new developments say regarding legal liability and the possibility of prosecution.
Effort to hide fundamental risk management failure in plain sight. The report describes the glaring risk management failures we had mentioned before, ones that were obvious, and others our retail banking/IT expert Clive had correctly identified were in play. But the report tries to normalize them as being unfortunate features of how Wells did business that worked out badly rather than glaringly obvious control failures where not only top executives but ultimately the Board is responsible.
Even worse, the report proves the board’s negligence by indicating it had noticed a major deficiency, that control functions were reporting to unit/profit center managers like Tolstedt, in 2013, yet was leisurely about addressing it. Keep in mind that is exactly the same kind of deficient structure that led to the JP Morgan London Whale scandal. It is a basic risk management failure to have control staff report to profit center managers. In fact, they are designed to be for show only. Does anyone with an operating brain cell think someone would make their boss look bad?
Even though there were corporate level control staff too, the report makes clear that corporate control functions were “culture of substantial deference” to the business line managers like Tolstedt. Translation: they were toothless. Get a load of this:
As events were unfolding, his [the Chief Risk Officer’s] visibility into risk issues at the Community Bank was hampered by his dependence on its group risk officer and he was essentially confined to attempting to cajole and persuade Tolstedt and the Community Bank to be more responsive to sales practice-related risks.
Yet a plan to fix it was still incomplete as of 2016…worse, even after the Los Angeles Times first reported on the fake account abuses in 2013. From the report:
The Risk Committee of the Board, consisting of the chairs of all the Board’s
standing committees, was created in 2011 to oversee risk across the enterprise. This involved a multi-year plan starting in 2013 to substantially grow Corporate Risk, to move toward centralization of more risk functions and to enhance Corporate Risk’s ability to oversee the management of risk in the lines of business. Consistent with this plan, the Board supported major funding increases for Corporate Risk for 2014-2016. But, as problems with sales practices in the Community Bank became more apparent in 2013-2015, Corporate Risk was still a work in progress and the Chief Risk Officer had limited authority with respect to the Community Bank.
Note that the report points to something even worse than simply limited scope of the Chief Risk Officer (as well, as the report points out, of the legal department and human resources). Despite being corporate level functions, as in theoretically senior to business units, they were also de facto subordinate. This is not uncommon in unregulated business, but even so, the norm there should be that the control function, particularly the legal department, can escalate matters to the CEO and board. Here, it doesn’t simply appear that that was not a viable option due to Tolstedt’s tight personal relationship with Stupf. It appears that this could never have happened with any business unit. That means supervision across the bank was fundamentally defective. Deficiencies of that magnitude mean not only was the CEO asleep at the wheel or an active enabler. The board was culpable too.
No mention of clearly deficient financial controls. Regular readers will remember how FTI Consulting helped CalPERS perpetrate a sham investigation of private equity compliance because the questions FTI was asked to investigate could not be answered with the methodology they employed. Even with private equity being fabulously secretive, we were still able to find significant errors in FTI’s report.
Here, we have FTI apparently not digging deep enough, again by design, as well as the report failing to mention that a big chunk of the work was to compensate for the absence of basic financial controls. From the report:
The firm analyzed various metrics to assist in determining the impact of the Community Bank’s sales culture. First, it examined Wells Fargo’s investigations data for allegations of sales integrity violations and associated terminations and resignations. And second, it analyzed information relating to the rate at which the Community Bank’s customers were funding — that is, making initial deposits into — new checking and savings accounts. While there can be many reasons a customer might not fund an account, lower funding rates (the proportion of new accounts with more than de minimis deposits) suggest that some customers were sold accounts that they may not have wanted or needed. …
The pressure associated with the campaign manifested itself in higher rates of low quality accounts, as confirmed by the “Rolling Funding Rate,” a quality metric used by the Community Bank to track the rate at which its customers “fund” (place more than a de minimis amount into) new checking or savings accounts.
And this was in a footnote:
To determine whether these trends in Los Angeles were affected by simulated funding — the phenomenon in which bankers used customer funds from one account to surreptitiously fund another account, identified in Wells Fargo’s settlement with the CFPB on September 8, 2016 — FTI Consulting conducted an analysis backing out all potentially simulated funding accounts identified by Wells Fargo’s consultant, PricewaterhouseCoopers.
What were the corporate risk officers doing? This section makes clear that metrics that should have been reviewed on a corporate wide basis were instead not merely prepared by Tolstedt’s unit but not shared with anyone at the corporate level. This is utterly inexcusable.
Opening up fake products to claim a sale is a trick which goes back to when a TBTF tried to sell Noah Ark insurance. When I started in retail at a TBTF nearly 30 years ago, senior management (as a minimum the VP or equivalent in charge of a geographical area) would get reporting from the internal compliance or risk function about the number of accounts opened which had low turnover. A low turnover account is a serious red flag for either mis-selling or even (as was the case that has been exposed at Wells’) the salesforce boosting their figures by robo-applications….
Of course, it all comes out in the wash eventually — the customer didn’t want the product in the first place and if they didn’t want it, they almost certainly won’t use it. This will result in a low (or no) activity account.
Simplistic attempts are generally made in the bank’s operations to prevent this kind of sales practice. The most common is that if within in a certain timeframe (a month or 6 weeks is usual) there hasn’t been a transaction on the account or the card hasn’t been activated, the account will be closed and this low activity account sale will be clawed back from the salesforce. But of course, this is widely known in the bank employees, so the standard ruse is to diarise a follow-up customer service call, tell the customer some cock-and-bull story about how the bank employee has noticed a potential security issue with one of their cards and could they phone the security team just to confirm the card is still in their possession. Or another variation is to tell the customer If they want to call into the branch, they can sort the “problem” out, while in the branch they get the customer to phone the activation line, then “check” everything is okay by doing a cash advance at the counter on the card (they’ll even refund the fee, how kind!).
These are just some tricks, readers can get the gist of how it works and probably even think of their own alternatives.
But there’s still a trail of evidence which the bank should be following — accounts which are very light in transactions after 6 months or dormant in a year. These are always investigated, not for the customer’s benefit but because it costs the bank money to maintain the account. They are invariably force-closed due to low activity (this will be in the product’s standard Terms and Conditions, to give the bank the ability to do this). This management information is collated and picked over endlessly by the P&L accountants. Too many customers attracted to the brand, sold product to, but who then walk away are value-destructive. Senior management (one part of the senior management team, anyway) are all over this metric like a rash.
Not at Wells, needless to say.
We skipped over FTI’s overly cursory personnel review. FTI was tasked to look into “Wells Fargo’s investigations data for allegations of sales integrity violations and associated terminations and resignations.” In other words, all FTI did was review Wells’ data. Notice this also:
Shearman & Sterling has conducted 100 interviews of current and former employees, members of Wells Fargo’s Board of Directors and other relevant parties. Shearman & Sterling’s interviews focused primarily on senior members of management across all of the areas that had significant contact with sales practice issues. In addition, Shearman & Sterling reviewed the product of hundreds of interviews of more junior employees conducted by or on behalf of Wells Fargo. Shearman & Sterling also reviewed information concerning more than 1,000 investigations of lower level employees terminated for sales integrity violations, which Wells Fargo’s Internal Investigations group conducted.
This is inadequate to get at the question of to what degree these “sales integrity violations” were actually trumped up to punish employees who refused to engage in aggressive sales practices, or as others allege, they were terminated on thin and unrelated grounds when they started complaining. Interviews by Wells Fargo are worthless for lack of confidentiality; even ones conducted by third parties are suspect by virtue of how keen Stumpf was to blame the fake accounts scandal on low-level workers.
And other experts were not impressed either. From the Financial Times:
Dennis Kelleher, chief executive of the advocacy group Better Markets, said that Wells directors had failed to take responsibility. He called on shareholders to vote against all of them at the bank’s annual meeting this month.
“Consistent with their past too-little, too-late cosmetic actions, blaming and punishing two previously fired executives are little more than standard moves in a PR playbook,” Mr Kelleher said.
Can We Hope for Criminal Prosecutions and Other Issues
The Wells board and Stumpf thought penny-ante stealing was not stealing. The fact that the total hard dollar customer losses were small despite the brazenness and scale of the fraud was the big reason the former CEO thought he could brazen this out. And given that sanctimonious Wells had taken vastly more from customers via foreclosure abuses, this lackadasical might have otherwise seem reasonable. After all, the traditional check on this kind of nickel and dime grifting, class action lawsuits, have become almost as rare as the dodo bird thanks to the successful efforts of Corporate America to cut them back.
Several prosecutors are supposedly still looking into further action. The most promising legal theory would appear to be Sarbanes Oxley. False certifications of the integrity of controls, which are made by at a minimum the CEO and CFO, which would include the adequacy of risk management, are Sarbox violations. And Sarbanes Oxley is designed to allow prosecutors to readily turn civil charges into criminal ones if discovery turns up solid evidence of severe misconduct. But no one has every use Sarbox, so this idea seems remote.
Another wee problem is that the Department of Justice under Jeff Sessions is likely to sit this one out. But the Los Angeles City prosecutor was the one that developed this case and got $35 million of the original $180 million settlement, so they seem the most likely to try to take this sordid matter further.
Another source of more legal shoes dropping is whistleblower retaliation claims and other types of wrongful termination suits. Enough employees could be affected to add up to more serious payouts, and even more important, continued media focus on Wells’ bad conduct.
Wells is not out of the woods, but sadly it is more likely to suffer the drip drip drip of individual cases than a prosecution or even a nice juicy civil suit against Stumpf or board members derelict in their duties. And I would be delighted to be proven wrong.