Read the case study below on Wells Fargo and answer questions that follow

THE CASE STUDY

Wells Fargo recently paid $185 million in penalties the highest fine levied by the Consumer Financial Protection Bureau (CFPB) since it began operations in 2011 for inappropriate sales practices. Millions of accounts were set up without customer consent, in many instances generating overdraft charges and other fees. The CFPB referred to the Wells Fargo activities as widespread, and 5,300 employees have been fired.

The Wells Fargo scandal is on the level of those at Volkswagen, Wendys, Chipotle, and Plains All American Pipeline. Wells Fargo CEO John Stumpf has been asked to testify in Washington to account for his companys practices, this after he defended the firm and the efforts it had taken to stop the behaviour and claimed he had no knowledge of employee activities.

Stumpfs comments indicate a failure in risk management for a few reasons:

As the CEO of Wells Fargo, he is responsible for the risk management processes in place. How could activities on this scale go unnoticed to management for 5 years? Not knowing isnt a valid excuse. Its negligence.

Employees were incentivized by unrealistic sales quotas. Why was there no compensation oversight for these practices?

Where were the risk assessments on these processes? What about internal audits of both the risk management process and governance oversight?

News broke yesterday that the chief risk officer, Claudia Russ Anderson, has been replaced. It is a warning to all risk executives: they will also be held accountable for risk management negligence, as it is their fiduciary duty to get the board the information it needs through adequate risk management systems and processes. Even though Claudia Russ Anderson did not directly propagate the activities, she is being held accountable because they occurred on her watch.

Wells Fargo Scandal: A Direct Result of Risk Management Negligence

Starting in 2010, the SECs Proxy Disclosure Enhancements (rule 33-9089), by establishing an ERM mandate for corporations, made boards responsible for disclosing various risk management requirements. Notable obligations include:

The disclosure of risk management effectiveness and systems used to manage risk

The boards role in risk oversight and knowledge of the companys material risks down to the front line

Analysis of its compensation policies for all employees. Simply put, corporations cannot put employees in the risk/reward trade-off position, which forces them to choose between customer wellbeing and their own careers.

When Wells Fargo designed its sales incentive program, why didnt risk assessments reveal how unrealistic those sales goals were? Were there mitigation activities to protect against customer account manipulation? If so, where were the risk monitoring activities that would have picked up on the appearance of two million accounts over a five-year period?

ERM Enforcement: The Wells Fargo Scandal Will Follow the Same Trajectory as Risk Management Failures Since 2010 We have all seen ERM enforcements before, whether we realize it or not. Wells Fargo is but the most recent iteration of the same trend: risk management failures lead to a crisis event, which leads to penalties, which lead to class-action lawsuits, which recently resulted in criminal charges and jail time.

The Yates Memo (2015) by the Department of Justice (DOJ) clearly spells out consequences for failed risk management: Americans should never assume that negligence or fraud will go unpunished simply because they were committed on behalf of a corporation rather than an individual.

Consider the parallel of the risk management failures at Volkswagen:

1. Regulatory penalties

2. Punitive damages

3. Class action lawsuits (risk management negligence management and the board)

4. Criminal charges and individual liability

In both cases, the CEOs (and other executives) made similar claims: Im not responsible for this incident because I didnt have direct oversight; its not my fault. This is the basis for negligence; they are directly accountable for their risk management processes and systems. Both Wells Fargo and Volkswagen (not to mention Wendys, Plains All American, and Dwolla) were found negligent in risk management and are suffering the consequences accordingly.

Were currently witnessing Wells Fargo in the beginning stages of this process; its already been slapped with penalties, and the I didnt know excuse this time in the form of its the employees fault, not managements will provide no shelter against coming accusations.

The lesson: boards and senior management are absolutely responsible for the risk management effectiveness of their companies. It is their obligation, as outlined in SEC rule 33-9089, to ensure that robust risk management programs and software systems are in place so that scandals like these are avoided.

The good news is that it doesnt have to be this way. Corporations that can provide evidence of an effective risk management program are largely exempt from punitive damages, class-action lawsuits, and DOJ jail time for management. Many organizations have been successful in similar situations; ERM systems prevent scandals and associated costs, litigation, and jail time.

Q.6.2 Analyse the Wells Fargo case study above using King I guidelines. (10)