Blog

It’s been a rough two years for Wells Fargo.

Ever since the existence of the bank’s massive cross-selling scandal came to light in 2016, Wells Fargo seemed to be trapped in a downward spiral of failure after failure in risk management. In 2016, we were the first to identify the root-cause of the cross-selling scandal as being a failed risk management program, and correctly predicted there would be more Wells Fargo risk management mishaps in the future.

In 2018, regulator investigations finally concluded that the Wells Fargo failures were, in fact, risk management negligence and Wells Fargo settled the case for an unprecedented $1 billion dollars. Sadly, risk management failures are systemic in nature, typically result in highly visible scandals, and are entirely preventable.

Since news of the initial scandal appeared in 2016, Wells Fargo was responsible for failures in risk management scandal after scandal. Let’s look at a timeline of the last two years:

• 2009-2016 – Wells Fargo perpetrates a massive cross-selling scandal in which millions of accounts were created without consumers’ consent
• September 2016 – The CFPB levies a $185 million fine, the highest in their operational history
• August 2017 – The bank accidentally leaks the PII for over 50,000 accounts
• August 2017 – Wells Fargo charges 800,000 customers for insurance they did not need
• October 2017 – The bank wrongly charges homebuyers with fees to lock in mortgage rates
• March 2017 – The Federal Reserve imposes unprecedented sanctions on Wells Fargo prohibiting them from growing beyond their holdings in 2017.
• April 2018 – Wells Fargo nears $1 billion settlement with its federal regulators
• May 2018 – Wells Fargo launches a new ad campaign called “Re-Established,” with the goal of regaining customer trust after their repeated failures in risk management. The public disagreed, with social media users saying the campaign seemed “insincere and inauthentic.”
• September 2018 – News breaks that the Justice Department is probing whether Wells Fargo employees in the bank’s wholesale banking unit committed fraud in the aftermath of revelations that employees inappropriately altered customer information.

For two years, Wells Fargo tried to explain away these events as isolated, one-off incidents.
However, after billions of dollars in fines and financial losses, and penalizing regulatory actions, it seems the bank is finally joining LogicManager in calling these mishaps what they are: risk management failures.

Is Wells Fargo Getting the Message?

The bank has begun reorganizing its risk management functions. The corporate risk group will be more empowered to modify business activities as it deems necessary.

Seemingly part of the reorganization, Wells Fargo announced in March 2018 the retirement of four senior risk management executives. In May, the bank named a new Chief Risk Officer, who joined from J.P. Morgan Chase.

Then, in August it was reported that Wells Fargo’s Chief Operational Risk Officer would be leaving the company as the “bank works through [the] Fed enforcement action.” The bank’s new Chief Operational Risk Officer will report to the Chief Risk Officer named in May.  These changes should result in a stronger risk culture at Wells Fargo, the question now, however, is what steps will the bank take to ensure this happens?

Steps for Wells Fargo’s New Risk Team to Take

Effective risk management is critical for any financial services organization. Newly-hired risk management executives need to start somewhere, but where?

For one, proper bank risk management software is a good starting place. If implemented and utilized properly, such a platform facilitates:

1. The engagement of front-line supervisors and subject matter experts

Frontline supervisors and experts serve as the first lines of defense to risk. They are the most familiar with incidents and engaging them in regular incident reporting and risk assessments is crucial to the success of any risk management program.

2. Connections across business silos.

Connecting the dots between risks occurring across silos enables risk managers to identify upstream and downstream dependencies. This brings common root causes to the surface, and ties together existing mitigation and monitoring activities from across the business. Risk teams can then understand the effectiveness of their existing controls, and prevent cascading collateral damage.

3. The escalation of top risks to the right person.

When risks are tied to common root causes and existing controls, organizations can objectively prioritize the risks that would have the greatest impact on their operations, financial performance, and reputation.

An effective risk management program has workflows that enable risks to be assigned to individuals who can allocate the right resources to mitigate the risk. This would have allowed Wells Fargo risk managers to prevent one-hundred-percent of the scandals that occurred in the last two years and the financial consequences of these failures.

Video training programs for managers and executives are helpful for awareness in a good security culture but are proven to be lacking the mechanism to identify, assess, mitigate and monitor risks. Organizations with ERM programs that utilize ERM software have a 25% market value premium versus their peers without. With the right risk culture, software, infrastructure, and good governance, Wells Fargo could have identified the root causes of its problems and mitigated those risks before they inflicted significant damage.

While Wells Fargo can’t go back in time to fix its mistakes, it can take steps to make sure this never happens again. The first of these steps are outlined in a free on-demand video webinar, How to Operationalize Risk Management, which provides a step-by-step guide to setting up an effective ERM program.

The final topic in our series is presenting enterprise risk management to the board of directors. We cover everything you need to know in our free on-demand video webinar: “Present ERM to the Board.” This approach would make risk management activities relevant to all employees, ensuring the company’s risks are managed effectively.

Wells Fargo appears to be getting the message. Time will tell if the changes being made will allow the bank to successfully rebuild its reputation and regain the trust of its customers, investors, and regulators.

This blog was originally published on logicmanager.com.