What Can We Learn from the Wells Fargo Consent Orders?
By now, most have read about the consent orders issued by the CFPB and the OCC concerning Wells Fargo. The consent orders ordered the bank to pay a total of $185 million in civil monetary penalties ($100 million to the CFPB, $50 million to the OCC, and $35 million to the City and County of Los Angeles), as well as reimbursing customers an estimated $5 million. The CFPB alleged that Wells Fargo employees, in an effort to boost sales figures and earn bonuses: (a) opened deposit and credit card accounts without customer consent; (b) moved funds from authorized accounts to the new deposit accounts without customer consent; (c) enrolled customers in online banking services they did not request; and (d) ordered and activated debit cards business customer information again, without customer consent. The consent orders shine a giant spotlight on the problems that can occur when employees are provided incentive compensation without adequate compliance management systems in place to ensure bad things don’t happen. The CFPB is quick to say they do not prohibit incentive compensation but do advise that “companies need to pay very close attention to make sure they have effective monitoring in place to ensure that consumers are protected.” Prepared Remarks of Richard Cordray (Sept. 8, 2016).
As with many of the Consent Orders issued by the CFPB and other federal regulators, the Consent Orders issued as to Wells Fargo are an excellent starting point for others in the financial industry to begin in assessing whether their own compliance management systems regarding incentive compensation are adequate.
Here are our Takeaways:
- Banks and Credit Unions should take a hard look at incentive compensation structures across all business lines to ensure they do not provide a heightened risk of unfair or abusive practices;
- Banks and Credit Unions should require ongoing training of all sales personnel reasonably designed to prevent improper sales practices (in the case of Wells Fargo, the opening of accounts without customer consent, etc.) and such training should be repeated and assessed for adequacy at recurring intervals. Training records should be maintained;
- Banks and Credit Unions should implement a system to report sales integrity issues internally and provide training to employees as to the use of the same;
- Banks and Credit Unions should proactively monitor their sales practices on a regular basis, hire adequate personnel and resources to do so, and implement policies and procedures ensuring the same;
- Banks and Credit Unions should maintain appropriate policies and procedures for:
- Receiving, retaining, and addressing customer inquiries or complaints, and escalating the same;
- Receiving, retaining, and addressing internal allegations of improper sales practices or other sales integrity violations, and escalating the same;
- Identifying, tracking, and addressing indicators of improper sales practices or other sales integrity violations;
- Addressing improper sales practices and other sales integrity violations, both internally and externally;
- Banks and Credit Unions should review their policies and procedures regarding sales of deposit accounts, credit cards, unsecured lines of credit, and related products and services (both internally and with associated vendors) to ensure they are reasonably designed to procure and document customer consent;
- Banks and Credit Unions should assess whether their performance management, sales goals, and incentive compensation are reasonably designed to prevent improper sales practices or other sales integrity violations;
- Similarly, Banks and Credit Unions should review their risk management and oversight programs to ensure they include policies and procedures for reporting and escalating sales practice information in a timely manner;
- Banks and Credit Unions should review their risk management and oversight protocols to ensure they establish key risk indicator metrics to monitor for unsafe and unsound sales practices. In the case of Wells Fargo, the OCC Order provided that, at a minimum, this information should include customer surveys, customer complaints, bank employee ethics allegations or complaints, and Corporate Investigation metrics; and
- Banks and Credit Unions should employ a comprehensive written assessment of any new or materially revised incentive structures before implementation to control risks.