In the wake of the Wells Fargo cross-sale scandal, the Office of the Comptroller of the Currency has requested that large and regional banks disclose their sales and incentive compensation practices. It's likely the OCC's so-called horizontal sweep will identify other banks with similar violations. In fact, the regulator may already have a pipeline of firms it is investigating for similar violations.
The episode has sparked public outrage toward Wells that may seep into the industry at large, and the OCC's scrutiny may unveil additional banks engaged in potentially fraudulent activity. But in addition to all that, the scandal reflects increased accountability of individuals who violate regulations, particularly compliance officers who are responsible for a bank's adherence to consumer regulations.
Already, we've seen the chief executive of Wells Fargo resign. We may see more naming of names as regulators around the world are zeroing in on individual accountability.
Banks don't break laws – it's the people who work for them who violate the rules. A prime example of this shift toward individual accountability is Deputy Attorney General Sally Yates' 2015 memo. The so-called Yates memo states that corporations must identify all individuals involved in or responsible for the misconduct at issue – regardless of their position, status or seniority to receive credit for cooperating in an investigation. While the memo was not written specifically about banking institutions, it certainly applies to fraud investigations like the Wells Fargo case.
In the end, scandals like the Wells Fargo one raise questions about the role of bank risk and compliance officers. With sales incentives having driven five years of phony accounts, and the bank having quietly fired 5,300 employees, observers have inevitably asked, "Why didn't the risk and compliance officers stop this?"
In an environment of heightened risk from individual accountability, risk and compliance officers should follow these three principles to prevent and detect similar occurrences within their own firm:
- Take inventory. Gain a clear, companywide understanding of which business units have sales performance incentive plans. Perform a review of your sales incentive compensation programs, taking note of cross-sale goals and objectives. Review related policies, procedures and training materials to ensure they provide controls and guidance to prevent individuals from engaging in criminal violations. Review any prior audit reports, exam results, and risk and control assessments for these units. Identify and follow up with any matters requiring attention or management responses. Review whistleblower hotline calls and employee records for staff terminated for cause. Finally, consider sending letters to new account owners to confirm validity.
- Respond to red flags. A compliance officer should constantly look for red flags that indicate something unsavory is happening within their organization. A good way to start is by checking customer complaints for any evidence of accounts being opened without customer consent. Compliance officers should also review business units with employee sales incentive plans for cross-selling and check actual results of cross selling against program goals for anomalies. Finally, identify business units where financial results appear to conflict with the unit's risk rating. For example, a low-risk unit inexplicably generating 30% profits should raise alarms.
- Protect yourself by documenting everything. Risk and compliance officers must keep accurate and verifiable records. Often, keeping evidence of the decision-making process can be challenging. If you've ever performed incident management or root cause analysis, you know determining individual accountability can be daunting. All too often, roles, responsibilities and procedures are not clearly documented or acknowledged. Accurate records of "who did what and when" are often left to memory, which tends to fade fast.
Individual accountability means that no bank employees are free from scrutiny, especially risk and compliance professionals. Based on the Yates memo, there will likely be additional fallout – not just for Wells Fargo, but also for other banks.
Mark Kalen is worldwide director of product strategy and marketing for financial services at Intralinks.