In addition to having to replace four of its board directors, the sanctions are constraining Wells Fargo’s growth. The Fed is prohibiting Wells Fargo from growing its balance sheet beyond the $1.95 trillion it held at the end of 2017. The bank expects to lose as much as $400 million in profit this year.
While Wells Fargo was the target of this “shock-and-awe” enforcement action, the Fed also sent a clear message to banks across the United States: They will hold board members responsible for failures in risk management.
The actions were announced in a press release published on the Federal Reserve’s website on Janet Yellen’s final day as Chairwoman. This is another message to banks: Former investment banker Jerome Powell may be taking the reins as Chair, but banks should nevertheless expect continued demands for improved board oversight and risk management.
As Powell stated in August 2017, “Across a range of responsibilities, we simply expect much more of boards of directors than ever before. There is no reason to expect that to change.”
Between 2009 and 2016, thousands of Wells Fargo employees signed up more than 3.5 million customers for checking and credit card accounts without their knowledge. In 2017, the bank announced that it had improperly charged about 800,000 auto loan borrowers for auto insurance.
Some believe this was due to the pressure associated with the sales process for goal achievement. However, as I’ve outlined in a series of blog posts on Wells Fargo, the employees involved in these failures cannot be seen as bad people doing bad things. They are good people in a bad process with weak controls. The proof of this being a systemic failure in risk management rather than simply an isolated sales problem as Wells Fargo tried to explain it, exists in the multiple recurrences of scandals across so many unrelated business areas. Until Wells Fargo’s board implements mature and effective risk oversight activities and mitigation processes across their organization, they will leave themselves open to more scandals in other departments.
Boards of directors must, through their risk oversight role, ensure the risk management policies and procedures designed and implemented by the company’s senior executives and risk managers are effective at identifying all risks and demonstrating assurance over the most material ones. Board members have a fiduciary responsibility to shareholders, and a moral responsibility to their customers, to do so.
As I exposed in my blog series and interviews in Financial Times Agenda and other publications, failures in risk management indicate negligence in the board’s duties to provide risk management oversight, and a breakdown in the audit risk management assurance process has deservedly resulted in the removal of board members. It is the Board’s fiduciary duty to ensure an effective systematic process supported by infrastructure, such as designated ERM software, in place that organizes, prioritizes and “connects the dots” between risk management activities that reach out to the front lines, across all silos.
Organizations must engage all areas of the business to receive the full benefits of enterprise risk management. This cannot be accomplished without support from the board of directors and the engagement of senior leadership.
This blog was originally published on LogicManager.com.