In part one of this series, I set out to make good on a prediction I presented to business journalist L.A. Winokur. I predicted that after the dust settled for the original cross-selling scandal, Wells Fargo would remain vulnerable in other areas of its operations, lest they address the gaps in their risk management program.
In the time it took me to examine and expose the similarities between the sales incident and their latest data leak, news broke of yet another Wells Fargo scandal, proving once again that the bank has not taken sufficient measures to improve the governance of their risk management program, and that they are still just as vulnerable to risk management failures and negligence law suits in different areas of their business.
In my blog post, “What is Good Governance, and Why Do We Care?” I walked through why business scandals are 100% preventable with effective enterprise risk management. Since systemic negligence in effective risk management is the cause of these scandals, organizations are highly likely to have multiple scandals over time until effective enterprise risk management is put into place.
Let’s take a look at the bank’s auto loans scandal with an eye towards how their failure to mitigate the root cause of their first two failures set them up for another appearance in the news, and more record breaking penalties and law suits.
The Wells Fargo Auto Loan Scandal: What Happened?
Many standard auto loan contracts require customers to have comprehensive insurance for potential damage to their vehicle. These contracts also stipulate that if the purchaser of the vehicle cannot prove they have this coverage, the bank who grants them the loan may purchase the insurance for them and add the cost of coverage to the cost of the loan.
Last week, Wells Fargo admitted that they had charged 800,000 customers for insurance they did not need. The added cost to their premiums caused 274,000 customers to defect on their loan payments and resulted in the wrongful repossession of 25,000 vehicles.
In a statement, head of Consumer Lending Franklin Codel said, “We take full responsibility for our failure to appropriately manage the collateral protection insurance program and are extremely sorry for any harm this caused our customers, who expect and deserve better from us. Upon our discovery, we acted swiftly to discontinue the program and immediately develop a plan to make impacted customers whole.”
To this end, Wells Fargo named a new head of the auto business, and centralized collections operations to improve the customer experience, boost consistency and minimize risk to the business, according to an internal memo. The bank is also in the process of refunding customers the $80 million they were wrongfully charged, and alerting credit bureaus on customers’ behalf.
The Wells Fargo Auto Loan Scandal is Another Failure in Risk Management
After the news broke, New York City Comptroller Scott Stringer said, “This is a full-blown scandal—again. It’s unbelievable, outrageous, sad, and yet quintessential Wells Fargo.”
Such a statement assuredly resonates with millions of people whose eyes so much as glanced this latest headline. Scandals are always met with a feeling of outrage because they are preventable. What makes this particular scandal so outrageous is that it is tantalizingly similar to the risk management failure in their cross-selling scandal.
Wells Fargo is an innovative bank. Most banks dream of having a cross-selling program or offer products like Guaranteed Asset Protection products. But as I’ve said before in regard to big name companies like Chipotle, BP, and Volkswagen, with innovation comes risk.
As I explained in part one, with the innovation of cross-selling came the risk of access rights and separation of duties. Without a proper governance structure in place to identify and control the risks inherent to these new process, scandal was bound to materialize.
Of course, as I’ve mentioned, Wells Fargo and many others incorrectly saw the root cause of this scandal as an overzealous sales program. The OCC and myself came out and said that it wasn’t a sales culture problem, but a risk governance problem, and mandated that the bank implement an effective enterprise risk management program.
However, the bank seems to have interpreted the OCC too narrowly. Instead of understanding the root cause as a failure in enterprise risk management, they identified the root cause as a failure in risk management in the one department where the scandal occurred, i.e. sales.
Clearly, this was the wrong interpretation, as the newest auto loans scandal shares the same root cause: a failure to see the side effects of innovation and govern their processes effectively. Same root cause, different department.
In a statement, Wells Fargo spokeswoman Jennifer Temple said that the bank took steps to improve the administration of their Guaranteed Asset Protection products back in 2014. While it is unclear what these steps were, it is evident that the risks associated with this “improvement” were not identified or properly controlled.
Let’s take an excerpt from my first Wells Fargo blog regarding their cross-selling practices: “Where were the risk assessments on these sales and booking processes? What about internal audits of both the risk management process and governance oversight on these areas?”
These questions are directly applicable to the current situation. Before you implement a policy, it’s imperative to perform objective risk assessments on the processes involved to uncover any potential risks before they materialize.
Having done so, the auto loans department would have seen that there was an inherent risk in their collateral protection insurance policy, that is, a risk of charging a customer for insurance they didn’t need. From there, controls would have been implemented to ensure that employees were conducting proper due diligence and ensuring that customers did in fact lack auto insurance before purchasing it for them. From there, the scandal would have never occurred.
The Reputational Damage of the Wells Fargo Scandals
Admittedly, Wells Fargo has blamed the problem on “inadequate checks and balances” and “inadequate internal controls.” To correct these inadequacies, they’ve taken actions involving changes in front-line employees, after-the-fact refunds, and the centralization of collections. The intentions of these actions are all well and good, but we’ve seen good intentions with little result before.
After the cross-selling scandal, which I’ve said was also a result of inadequate checks and balances, 5,300 sales employees were fired, the retail banking head retired, and the board committed to strengthening its risk management program.
What good did this do if the auto loans scandal manifested from the same root cause? How much can we trust Wells Fargo when they say they are working towards improving their programs and processes?
Herein lies the truly devastating side effect of poor risk management: reputational damage. Stringer’s comment hardly stands out in a crowd of voices exclaiming their frustrations with Wells Fargo. The fact is, $80 million in refunds is a drop in the bucket for a bank this size. The decline in market value and customer loyalty are the major consequences Wells Fargo will struggle to amend for years to come.
How to Avoid Future Scandals
Wells Fargo isn’t the only corporation facing multiple lawsuits related to failures in risk management. It seems that big name corporations such as Target and Chipotle, to name a couple, are in desperate need of some risk management rehab if they want to successfully avoid financial and reputational damage.
Ultimately, the method of prevention is to ensure a policy is followed in operations. Studies show that only 20% of employees operating under a policy are actually following that policy in their daily routine, even after training.
Here are the steps to operationalize a policy:
- Identify the stakeholders of the policy
- With their help, identify the root-cause risks that threaten adherence to that policy across the organization
- Address those risks with appropriate controls
- Monitor the effectiveness of these controls
Since this method is proven to work 100% of the time, failure to do so is considered by regulators, shareholders and the courts to be negligence and is at the core of every law suit. Implementing this policy gives every organization the means to avoid litigation and the resultant reputational damage.
Download this complimentary eBook to learn how your organization can fill the gaps of your risk management program and prevent your future scandals.