Home > Risk > The Wells Fargo “Staff Scam”: More questions and fewer answers

The Wells Fargo “Staff Scam”: More questions and fewer answers

September 16, 2016 Leave a comment Go to comments

Since I wrote about the astonishing Wells Fargo fraud, I have been waiting for additional news to shed some light on what happened – and didn’t happen.

By ‘didn’t happen’, I am referring to the actions that should have taken place to detect the frauds, identify their causes, stop further fraud, and report all of this to the board.

I am not talking about 2016, I am talking about 2011, 2012, 2013, 2014, and 2015.

But, the news has been scarce and little has been revealed.

….Except for interviews with Wells Fargo’s CEO John Stumpf, discussed in a Huffington Post article entitled Wells Fargo CEO Blames Multimillion-Dollar Fraud On The Lowest-Level Employees.

Let’s examine the few facts we know:

  • He does blame some number of rogue employees.
  • He does say that the 5,300 employees that were fired included “some” branch managers and a number of “managers of managers”.
  • He says that neither his nor any other “named person’s” compensation (as I understand it that would include the CEO, CFO, and other highly-compensated individuals) was based on the number of accounts opened.
  • As far as we know, no senior executive has been disciplined.
  • He has not acknowledged any wrongdoing, even blindness, on his part or by any other senior executive. In fact, he presents an optimistic figure that should be retained to lead the company forward.
  • Under gentle pressure from his friend Cramer in the Mad Money interview, Stumpf acknowledged that he was accountable – but showed no remorse to my eyes. He apologized but was clearly coached – as were many of his answers to Cramer’s questions about holding senior managers to account.

On balance, maybe it is a fair headline. You will decide for yourself.

The Mad Money interview revealed one disturbing ‘fact’.

Stumpf said that the 5,300 employees were fired over a period of 5 years – a rate of about 1,000 each year.

He is not saying that the 1,000 per year was an average with 100 in the first year and thousands towards the end of the five year period. (Apparently, the fraudulent activity was first discovered in 2011.) He implies that the number was about the same each year for 5 years.

He told Cramer that the branch system has about 100,000 employees, so only 1% were involved – as if that was acceptable and even predictable.

So we have to understand that for five years there was a steady stream of 1,000 being fired each year.

We know nothing about those who were subject to less stringent discipline – and of course nothing about anybody who was not found out or where the manager looked the other way.

Given this new information, I have more questions:

  • If about 1,000 people were fired in 2011 for their fraudulent activities, opening accounts for customers that they had not authorized, why wasn’t action taken in 2011 to prevent this fraudulent activity continuing?
  • If another 1,000 were discovered in 2012 and then in 2013, who did nothing? What about 2014 and 2015?
  • Who discovered the frauds, when, and what did they do? Neither Wells Fargo nor the regulators (in the Consent Decree) have identified a whistleblower, internal audit action, or other source.
  • When was this reported to the Compliance Officer, senior and executive management, the board, and internal audit? Were the risk officers ever informed?
  • Was there a concentration of these frauds in a particular region or was it widespread?
  • Who should have known? Are they being held to account?
  • Who should have been watching? Are they being held to account?
  • What happened when a customer complained?
  • Did anybody check customer signatures?
  • Is there a culture of not coming forward?
  • Who set these targets, knowing that many if not most new accounts did not involve ‘new money’, but were funded by transfers from existing accounts? Since they did not influence income, they seem to be silly targets. Wells is refunding just $2.6 million in fees – which is probably less than all the bonuses awarded for opening the 2 million unauthorized accounts.

Internal audit is referenced in the CFPB Consent Decree, but only in a requirement to perform an audit to confirm agreed-upon actions have been taken.

There is no indication that internal audit did in the past or would in the future look at:

  • The setting of compensation targets (for example to confirm they will drive desired behavior and are consistent with the achievement of corporate goals, not just that they deter undesirable behavior as referenced by the regulator)
  • The culture of the organization, how whistleblowers are treated and whether employees are willing to come forward
  • The design and operation of controls over the opening of customer accounts
  • The design and operation of controls around customer complaints, for example to identify trends

We still know very little.

All we can do is hope the board is asking these and other questions – and being more skeptical than Cramer in his interview!!!

 

 

  1. Steve
    September 16, 2016 at 11:21 AM

    I think everything has been taken care of, no need to look further or rock the boat,. We have it all fixed and taken care of (wink, wink, nod, nod, back to business guys).

  2. September 16, 2016 at 11:43 AM

    A critical responsibility of the board is overseeing the CEO’s performance. Where was the board? Were they informed that 1,000 people per year were being discharged for the same types of fraudulent actions? If they were not informed, then where was the Chief Compliance Officer or Chief of Security during audit or compliance committee meetings? You are right, Norman. Still too many open questions here…

    • Richard Archer
      September 17, 2016 at 1:18 AM

      1,000 employees out of 100,000 (1% rate as stated by Norman) doesn’t seem to be very high. That is hardly at the level of normal turnover in the banking industry. Several HR management consulting firms have reported normal turnover in the banking industry being in the range of 16%-17% on average, with much higher turnover rates in lower level positions (teller, customer service officer, branch staff) where supposedly the bulk of the terminations occurred. Nowhere in any of the Wells Fargo statements does it directly state that the employees were fired for fraudulent activity. The Wells Fargo statement appears to be very carefully crafted so that readers will infer that the people were fired for participating in the fraud. Considering that employees that are involuntarily terminated are fired in large part for non-performance, it is equally likely that people who worked in the locations engaged in the fraud were fired for under-performance because they were not able to generate the level of new business that was being done by their peers/co-workers who did participate in the fraud. As Norman and auditdir point out, there are still too many open questions.

      Additionally, the CEO’s statement that “…neither his nor any other “named person’s” compensation (as I understand it that would include the CEO, CFO, and other highly-compensated individuals) was based on the number of accounts opened.” it totally disingenuous. Of course their compensation was based on the number of accounts opened, because the fees, charges, interests, and penalties resulting from the fraudulent new accounts contributed to the profitability of the business units and the bank as a whole. Their compensation may not have been calculated using direct reference to new accounts being opened, but it was certainly “tied” to the fraudulent activity. That tie is very likely the reason that managers, managers of managers, and executives may have looked the other way, failed to disclose the extent of the frauds, and by failing to act, enabled an environment that tolerated (or perhaps encouraged) fraudulent behaviors. As Norman pointed out, what is clear is that no one in the executive group of the bank is interested in taking responsibility.

  3. Michael Corcoran
    September 16, 2016 at 12:41 PM

    Just received 2 replacement Wells Fargo cards that were expiring. However, I had only activated one in 2013. Knew nothing about the secons, so the other won was a surprise. Thus far, no one can explain why 2 were issued in 2013, and while I only activated one that I used the past 3 years they sent out 2 news cards.

    Wells Fargo has set a separate number( #1 when prompted) for these inquiries.

    Reputation is now down a notch in my mine and the CEO response is not adequate. What other values are the colleagues rationalizing as bad actors.

    • v2rotate
      September 20, 2016 at 7:51 AM

      This just happened to us – except by Chase. They even gave us the same response.

      • JJ
        October 4, 2016 at 4:34 PM

        me2 but 6 yrs ago by chase

  4. kay rahardjo
    September 16, 2016 at 5:30 PM

    The board of directors is required to oversee risk. Where was the board when these accounts were being falsified? The Senate Banking Committee should start wiht the board and review the last five years of board meeting minutes to discern the board’s understanding (or lack of) of these actions. It would be an egregious failure of the board’s responsibilities if they were aware of these transgressions in 2011 (or 2012 or 2013. . .) and did little to repair this until now.

  5. Sidney Gale
    September 16, 2016 at 6:20 PM

    I sense a bigger issue here than board and CEO responsibility.

    Eric Holder, the former AG at Justice, was recently quoted as justifying the lack of prosecution of executives at the heart of the 2008 financial crisis due to the complexity of the transactions and organizations and processes and the inability of prosecutors to definitively assess responsibility.

    Now we have a case of major collusive fraud on a scale that dwarfs the Equity Funding scandal of the 70s, which shook the foundation of the auditing assumption of basic honesty of most people and the limited probability of broad systemic collusion.

    But in 2016, we might reasonably ask: What does Mr. Holder’s statement and the Wells Fargo case say about the state of Sarbanes Oxley, and the role of the external auditors? If we can’t flush irresponsible managements on a solid fraud case, can we also not flush them on a violation of Sarbanes Oxley?

    And if not, what is SOx good for?

    And if not SOx, what?

    • RP
      September 16, 2016 at 9:45 PM

      @Sidney Gale: This is a very insightful comment, thanks. To piggyback, this scandal comes on the heels of the “Commonsense Corporate Governance Principles” that were released to much fanfare earlier in the summer. Warren Buffett is a prominent member of the group that drafted it. I bring this up because Berkshire Hathaway owns ~10% of Wells, and Buffett’s silence is so far deafening, though we obviously don’t know what’s happening behind closed doors.

      Taken together, what is this stuff — SOX, corporate governance proclamations, etc. — good for if accountability is utterly lacking at the top?

      And if I can take another step back, this lack of accountability from senior leaders is fueling a lot of public anger with both the government and private sectors. (See also: lack of accountability around the massive and far-reaching OPM data breach.) The “Commonsense Corporate Governance Principles” were intended, in part, to proactively address these concerns (“look guys, Corp America is trying!”), but massive and very public frauds like this start to quickly undermine them.

  6. Marshall Kern
    September 17, 2016 at 6:29 AM

    First we need to know that Wells Fargo has fixed the fraud. Then we need to know that it won’t happen again at Well Fargo or any other company. After that I expect there will be some B-school case studies prepared to spread what is learnt. But right now there doesn’t appear to be a timeline for any of this.

  7. Bhalchandra
    September 18, 2016 at 11:58 PM

    It would be a very good case study for the Internal Auditors to learn from and the lesson for “C” level management to understand the importance of IA doing the complete job instead of delivering only “Agreed-upon” things.

  8. Sidney Gale
    September 21, 2016 at 3:03 PM

    Kudos to Senator Elizabeth Warren, who, according to a Business Insider report today called for the CEO of Wells Fargo to be prosecuted under the Sarbanes Oxley Act.

    You go, girlfriend!

    As always, in our reactive, ADD, “ask for foregiveness, not permission” management culture, it takes a body count to get attention.

  9. RP
    September 29, 2016 at 2:13 PM

    …And why is KPMG not mentioned anywhere? Here page 131 of the 2015 10K Financial Controls supplement:
    https://www08.wellsfargomedia.com/assets/pdf/about/investor-relations/sec-filings/2015/exhibit-13.pdf

    ——————-
    “In our opinion, the Company maintained, in all material respects, effective internal control over financial reporting as of December 31, 2015, based on criteria established in Internal Control – Integrated Framework (2013) issued by COSO.

    We also have audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States), the consolidated balance sheet of the Company as of December 31, 2015 and 2014, and the related consolidated statements of income, comprehensive income, changes in equity, and cash flows for each of the years in the three-year period ended December 31, 2015, and our report dated February 24, 2016, expressed an unqualified opinion on those consolidated financial statements.

    /s/ KPMG LLP 
    San Francisco, California
    February 24, 2016

  10. Norman Marks
    September 29, 2016 at 2:40 PM

    KPMG is not and need not be mentioned as none of this was remotely material to the financials

  11. Norman Marks
    September 29, 2016 at 2:41 PM

    For the same reasons, this is not a violation of Sarbanes – any section I can think of

  12. Richard Archer
    September 29, 2016 at 11:59 PM

    Norman – Based on everything I’ve read, seen, or been involved with related to Sarbanes-Oxley compliance, your comments regarding KPMG and management violations of Sarbanes-Oxley in reply to RP’s comment are technically correct. The application of the materiality concept, as described in the SOx standards, SEC guidelines, IIA issued guidelines on SOx, and other materials, very likely enables the Wells Fargo retail unit frauds to be treated as “immaterial” for regulatory purposes, so that neither the external audit firm nor management can be held legally accountable for violation of any section of Sarbanes-Oxley.

    However, technical application of the materiality exception conveniently ignores a bigger issue that in my observations is common to almost all, if not all, significant corporate frauds and governance failures. That issue is that technical, legalistic application of the materiality concept by corporate lawyers, government regulators, corporate management and major external audit firms enables materiality to in effect become a “get out of jail free” card. The typical result is little to no accountability for those who created the environment that enabled and drove the fraud or for the lawyers and audit firms advising management on ways to avoid the costs of compliance and compliance disclosures associated with regulations.

    In the guidance for determination of materiality for Section 404 provided in Section F(3) of the Summary for the CEO and CFO in the IIA publication “SARBANES-OXLEY SECTION 404: A Guide for Management by Internal Controls Practitioners”, there is the statement on page 28 that “…a bright-line [quantitative] definition [of materiality] must be tempered with an assessment of what a reasonable investor might conclude. It is easy to rush to judgment and label an error material that would have no effect on any investor’s assessment of the company.” This guidance appears to be intended to caution auditors in labelling an issue as “material” simply because it meets the quantitative definition of materiality, when the issue actually would have little to no impact on an investor’s assessment of the company, thus being qualitatively immaterial. This approach to materiality increases audit efficiency, lowers audit cost, increases the likelihood that issues will be addressed at the lowest level possible, and reduces the potential for internal or external audit to become a management nuisance by elevating issues that don’t warrant senior management attention.

    However, the reverse situation also exists and in my experience is commonly ignored in corporate environments where the emphasis is to keep compliance and audit costs down. That is, the tendency to label issues as “immaterial”, simply because they don’t meet the quantitative definition of material. That occurs even though the individual issues, especially repeating occurrences of the same issue, are in the aggregate likely to be qualitatively material to an investor for assessing the quality of management and the governance environment of the company. A warning that I learned early in my career is that repetitive occurrences of seemingly minor control failures, improper management behavior, and thefts/frauds are significant indicators of an ineffective management control and governance environment. Where the financial impact is significant, but not technically material on a quantitative basis, repetitive occurrences are an even bigger red flag indicator of a failed control and governance environment.

    The external auditors and Wells Fargo’s executive management and Board may have met the quantitative materiality standard to be able to claim compliance with both financial reporting and internal control regulations, and thus can claim “no accountability” on a technical rules basis. However, based on the information that has come to light so far, it seems they failed significantly in living up to the principles of ethics and effective governance. Based on actions in the last few days by the independent directors of the Board, it appears they have come to that conclusion and have decided to exert their authority in trying to reduce the damage to Wells Fargo’s reputation based on widespread perception that management failed in living up to those principles.

    Perhaps my view of management and auditor responsibility is too idealistic and simplistic. Too much a matter of “black and white” for people who prefer exploiting the dark gray zone as much as they can for as much benefit as they can get.

    • Norman Marks
      September 30, 2016 at 6:32 AM

      Richard, thank you for quoting my book.

      The issue when it comes to SOX is whether there is at least a reasonable possibility of an error or omission in the filed financial statements that would be material to the prudent investor.

      The excessive fees amounted, we are told, to about $29 million, which is clearly not material.

      What is “material” is the conduct of the staff and, we both believe, management. Would this be considered material in terms of SOX and the financial statements? I think not.

      However, once there is reason (following required accounting practices) o anticipate fines and penalties, these must be disclosed and provided for. Failure to do so would be a SOX violation.

      Hope this helps
      Norman

  13. Lyndon Coggin
    September 30, 2016 at 8:46 AM

    The Wall Street Journal had an article discussing “quantitative” vs. “qualitative” risks. This is an important issue because. even adding up the fraud and fine amounts, the loss of business from this scandal will be significantly higher and over a much longer time frame. It really should be a subject that will need to be addressed given how our society in general has changed to be much more suspicious of all business activity.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: