The Federal Reserve’s unprecedented sanctions against Wells Fargo announced on February 2, 2018, is a warning to bank boards: Directors, not just management, will be held accountable for failures in risk management that result from a lack of proper oversight.

In addition to having to replace four of its board directors, the sanctions are constraining Wells Fargo’s growth. The Fed is prohibiting Wells Fargo from growing its balance sheet beyond the $1.95 trillion it held at the end of 2017. The bank expects to lose as much as $400 million in profit this year.

While Wells Fargo was the target of this “shock-and-awe” enforcement action, the Fed also sent a clear message to banks across the United States: They will hold board members responsible for failures in risk management.

The Fed is signaling it will hold boards accountable.

The actions were announced in a press release published on the Federal Reserve’s website on Janet Yellen’s final day as Chairwoman. This is another message to banks: Former investment banker Jerome Powell may be taking the reins as Chair, but banks should nevertheless expect continued demands for improved board oversight and risk management.

As Powell stated in August 2017, “Across a range of responsibilities, we simply expect much more of boards of directors than ever before. There is no reason to expect that to change.”

Between 2009 and 2016, thousands of Wells Fargo employees signed up more than 3.5 million customers for checking and credit card accounts without their knowledge. In 2017, the bank announced that it had improperly charged about 800,000 auto loan borrowers for auto insurance.

Some believe this was due to the pressure associated with the sales process for goal achievement. However, as I’ve outlined in a series of blog posts on Wells Fargo, the employees involved in these failures cannot be seen as bad people doing bad things. They are good people in a bad process with weak controls. The proof of this being a systemic failure in risk management rather than simply an isolated sales problem as Wells Fargo tried to explain it, exists in the multiple recurrences of scandals across so many unrelated business areas. Until Wells Fargo’s board implements mature and effective risk oversight activities and mitigation processes across their organization, they will leave themselves open to more scandals in other departments.

Board accountability is a fundamental requirement of good governance.

Boards of directors must, through their risk oversight role, ensure the risk management policies and procedures designed and implemented by the company’s senior executives and risk managers are effective at identifying all risks and demonstrating assurance over the most material ones. Board members have a fiduciary responsibility to shareholders, and a moral responsibility to their customers, to do so.

As I exposed in my blog series and interviews in Financial Times Agenda and other publications, failures in risk management indicate negligence in the board’s duties to provide risk management oversight, and a breakdown in the audit risk management assurance process has deservedly resulted in the removal of board members. It is the Board’s fiduciary duty to ensure an effective systematic process supported by infrastructure, such as designated ERM software, in place that organizes, prioritizes and “connects the dots” between risk management activities that reach out to the front lines, across all silos.

Organizations must engage all areas of the business to receive the full benefits of enterprise risk management. This cannot be accomplished without support from the board of directors and the engagement of senior leadership.

This blog was originally published on

Votes: 0
E-mail me when people leave their comments –

Steven Minsky, CEO and Founder of LogicManager, is a recognized thought leader in risk management. Steven is well known for his precinct abilities to guide organizations through future risk events. Steven is a frequent speaker in the Energy, Financial Services and Cyber industries. While the first wave of COVID-19 caught many organizations by surprise, Steven predicted the pandemic impacts in January of 2020 and swiftly published action plans to help organizations prepare.

You need to be a member of Global Risk Community to add comments!

Join Global Risk Community

    About Us

    The GlobalRisk Community is a thriving community of risk managers and associated service providers. Our purpose is to foster business, networking and educational explorations among members. Our goal is to be the worlds premier Risk forum and contribute to better understanding of the complex world of risk.

    Business Partners

    For companies wanting to create a greater visibility for their products and services among their prospects in the Risk market: Send your business partnership request by filling in the form here!