This piece was originally published in the Detroit News, but has been updated to reflect recent developments.
The fiasco at Wells Fargo, where bankers opened thousands of fraudulent accounts leading to litigation, enforcement, fines and a stunning loss of reputation, is old news. The consequences, however, continue to play out for the company and its leaders. A new report released last week by the Wells Fargo Board’s independent directors shows that the company lacked key elements of effective compliance and ethics efforts. A review of the report offers important lessons for other companies.
The Board singled out John Stumpf, former CEO, and Carrie Tolstedt, former President of the Community Bank – the division where the fraud took place – for blame. It ordered them to forfeit over $100 million of compensation, it reduced 2016 executive bonuses for others by an aggregate $32 million, and fired for cause four other officers in the Community Bank. These dire consequences for individuals have set a new precedent for corporate boards to follow.
Key elements of the report highlight essential compliance and ethics principles that Wells Fargo missed, and that business leaders need to know. These principles come from the Department of Justice’s standards for compliance and ethics programs and from the accumulated experience of executives trying to keep their companies out of harm’s way.
First, the Community Bank had its own risk management department, which reported to the head of the division, not to a corporate officer, and did not have access to directors. Tolstedt, according to the report, adamantly and strictly limited communication between “her” team and the corporate level risk team (and the Board).
The critical lesson: Businesses need a compliance and ethics function that is independent of operating management, is empowered to participate in decision-making, and has direct access to the Board.
Second, Wells Fargo incorporated its compliance and ethics efforts into a Risk Department, which looked at ethics issues mainly through the lens of enterprise risk management (ERM). ERM usually focuses statistically on the potential impact of a risk on the financial statements. Wells Fargo’s risk team knew that hundreds of employees per year had been fired for violations of account opening rules; but it only saw a problem that affected fewer than one percent of the bank’s employees, and that the amounts involved in each case were quite small.
Seeing a problem involving (relatively) modest numbers of employees and sums of money, Wells Fargo saw a modest problem. A team with a focus on integrity would likely have seen a fundamental problem and appreciated the ways in which the problem could snowball.
The critical lesson: Compliance and Ethics is different from ERM, even though the two areas overlap.
Third, to the extent that it saw problems, Wells Fargo focused its efforts on firing employees who broke rules, not on requiring integrity. Management knew that some employees were opening accounts fraudulently, and that some supervisors were encouraging them. Some senior executives in the Community Bank recognized that its sales incentive system encouraged the bad conduct and argued for change. But the senior leaders “were concerned that tightening up too much on quality would risk lowering sales … [and] were reluctant to take steps that … might have a negative impact on … financial performance.” Senior leaders waited until unethical behavior blew up into a crisis.
The critical lessons: Every employee at every level must know that her boss requires ethical conduct and compliance.
Companies must create incentives for good conduct and avoid incentives for bad conduct.
Finally, Stumpf gave deference to Tolstedt and hesitated to dig deeply. The Community Bank was very profitable and Stumpf considered Tolstedt the “best banker in America.” As a result, she was not scrutinized carefully, was allowed to restrict communication, and was given deference in decision-making, even after account problems became known at the corporate level and Los Angeles County sued Wells Fargo over fraudulent accounts.
The report complains that management withheld information from the Board, but reveals that directors failed to push to get the whole story. Last Tuesday, the directors endured a humiliating annual meeting where many were barely re-elected. They will face tremendous pressure in the coming days and weeks.
The critical lessons: There must be one standard of conduct; important or successful people can’t be allowed to get away with bad conduct.
Directors can’t be passive about compliance and ethics.
For businesses – and their leaders – the cost of bad conduct can be astronomical. An investment in learning and applying essential principles of compliance and ethics programs will provide a great return by significantly reducing the risk of expensive and career-killing disasters.
On November 3, 2016, David Jaffe of Jaffe Counsel will be a panelist, along with senior French lawyers and an anticorruption official at the OECD, at a seminar on compliance sponsored by the Paris law firm CMS Bureau Francis Lefebvre. The details are below. To see the original invitation, click here.
|Anti-corruption et loi Sapin II : la nouvelle donne internationale de la compliance||Anticorruption and the Sapin II Law: The New International Situation in Compliance|
|Pour répondre aux critiques internationales, la France a décidé de se doter d’une nouvelle loi anti-corruption, la loi Sapin II. Quel est l’apport réel de cette loi ? Quels seront le rôle et les moyens de l’Agence française anticorruption ?
La France, à l’image des Etats-Unis, va-t-elle modifier sa politique de répression et mettre en œuvre des sanctions plus dissuasives ? Les nouvelles politiques de compliance sont-elles un simple outil à mettre en place ou doivent-elles faire partie de l’ADN de l’entreprise du 21e siècle ?
Nos différents intervenants, experts des relations commerciales internationales, tenteront de répondre à ces questions cruciales pour les dirigeants d’entreprise, directeurs juridiques, compliance officers et gestionnaires des risques.Dans un contexte où la France fait régulièrement l’objet de vives critiques de la part de l’OCDE, le législateur français affiche son ambition de se rapprocher des modèles anglo-saxons de lutte contre la corruption. Il s’agit notamment d’adopter une réglementation instaurant une cartographie des risques et une évaluation des intermédiaires de commerce.
En pratique, il existe des « best practices » efficaces, élaborées notamment par l’OCDE ou le Department of Justice américain, pour limiter les sanctions.
Plus de 1600 entreprises et groupes français vont devoir intégrer rapidement ces bonnes pratiques dans un cadre législatif français et international en évolution. Seront ainsi concernées : les groupes ou les entreprises françaises de 500 salariés ou plus qui réalisent un chiffre d’affaires consolidé d’au moins 100 millions d’euros. Il nous a donc paru opportun de s’interroger sur cette évolution marquée des politiques anti-corruption et de compliance.Merci de bien vouloir confirmer votre présence avant le jeudi 27 octobre 2016.
|To respond to its international critics, France has decided to develop its own new anti-corruption law, called Sapin II. What is the real significance of this law? What will be the role and methods of operation of the French anticorruption agency? Will France imitate the United States by changing its enforcement policy and putting in place stronger penalties? Are the new compliance systems a simple tool to put in place, or must they become a part of the DNA of the 21st century company?
Our speakers, each of whom has expertise in international business, will attempt to answer these questions, which are crucial for executives, legal directors, compliance officers and risk managers.
In a context in which France is regularly the object of sharp criticism from the OECD, the French legislature has attempted to reconcile itself with Anglo-Saxon models of the fight against corruption. Most notably, it has adopted a system of regulation that requires a risk assessment and evaluation of business intermediaries. In practice, there exist “best practices,” developed notably by the OECD or the American Department of Justice, as a method of reducing sanctions. More than 1,600 French companies and groups will have to integrate these best practices in a framework that is both French and international, and that is still evolving. Those who will be affected are: Groups or French companies with 500 employees or more, realizing consolidated revenues of at least €100 million. It has therefore seemed to us opportune to inquire into these significant developments in anti-corruption and compliance policy.
Please register by Thursday, October 27, 2016
► Le rôle croissant de la compliance dans les process de fusion-acquisition : Alexandra Rohmert, CMS BFL
► La mission de l’OCDE en matière d’anti-corruption et l’évolution récente de la lutte contre la corruption : France Chain, OECD
► Les mesures anti-corruption de la loi Sapin II, perspectives françaises et internationales : Stéphanie de Giovanni, CMS BFL
– élargissement du champ d’application de la loi ;
– de nouvelles entreprises concernées ;
– instauration d’un devoir de mise en conformité ;
– les sanctions et la répression.
► La place du lanceur d’alerte et l’impact social de la loi Sapin II : Alain Herrmann, CMS BFL
– lanceur d’alerte salarié et procédure à suivre ;
– distinction alerte valable et délation punissable ;
– intégration du code de bonne conduite dans le règlement
intérieur de l’entreprise et formation des salariés à ces risques.
► Les programmes de compliance : ce que les sociétés françaises peuvent apprendre de l’expérience américaine : David Jaffe, Jaffe Counsel
– similarité de la loi Sapin II avec les mesures américaines ;
– les programmes de compliance des multinationales ;
– focus sur les « best practices » ;
– comment limiter les sanctions ?
Questions / réponses
– Introduction: The expanding role of compliance in due diligence : Alexandra Rohmert, CMS BFL
– The mission of the OECD in the realm of anti-corruption. Recent developments in the fight against corruption : France Chain, OECD
– The anti-corruption measures of the Sapin II Law, French and international perspectives : Stéphanie de Giovanni, CMS BFL
Explanation of the scope of the law / New companies affected / Establishing a project of coming into compliance / Penalties and suppression
– Whistleblowers and the social impact of the Sapin II Law : Alain Herrmann, CMS BFL
Employee whistleblowers and the procedure to follow / Distinguishing between a legitimate warning and a punishable denunciation / Integrating a code of conduct in the internal rules of a company and training employees on these risks
– Compliance Programs: What French companies can learn from the American experience : David Jaffe, Jaffe Counsel
Similarities between the Sapin II law and American laws / compliance programs of multinationals / Focus on best practices / How to avoid penalties.
– Questions and AnswersThe panelists are France Chain, Senior Legal Analyst, OECD Anticorruption Department, David Jaffe, of the American law firm Jaffe Counsel plc, as well as lawyers from CMS Bureau Francis Lefebvre
Wells Fargo CEO John Stumpf will tell you his company had tone at the top. As its problems with “phantom” accounts persisted for years, it promoted its values and repeatedly urged employees to do the right thing. But the Wells Fargo board just revoked $41 million of Mr. Stumpf’s equity awards. The board set up a new independent investigation, which will further distract management, and which is so independent that Mr. Stumpf will receive no salary while it continues.
Tone is nice. Incentives aligned with ethical – and profitable – conduct could have been better. What can your business learn from Wells Fargo’s experience?
Aggressive cross-selling was an imperative from the top. Front line employees had to open accounts to meet their – and their bosses’ – sales targets and to earn their – and their bosses’ – incentive compensation.
Wells Fargo employees opened 2 million or so fake accounts. Customers lost money, endured hassle and possibly had credit scores cut. As Holman Jenkins points out in The Wall Street Journal, Wells Fargo itself lost money. It incurred the expense of opening and closing millions of accounts on which it made no profit. Like much illegal activity by employees, these “bad acts” were a dead weight loss for the bank.
Yet, when the government announced $185 million in fines, Wells Fargo initially insisted that its sales incentives had nothing to do with the bad behavior. Its manuals and memos required that accounts be opened properly. Then came press reports on sales meetings in which executives told employees not to cheat customers, immediately followed by instructions from supervisors to ignore what was said in the meeting and to do “whatever it takes” to get accounts open.
After fines, bipartisan outrage from Senators, and the opening of multiple criminal investigations, Wells Fargo is now cutting incentives and suspending much of its famous cross selling.
Is that the right response? Is it possible to align incentives with business results?
People respond to incentives. If you incentivize accounts, you get accounts. Wells Fargo evidently failed to incentivize compliance and profitable accounts, and didn’t have negative incentives, especially for executives. So manuals, memos, and visits from Corporate were its only tools to convince employees to open legitimate (and potentially profitable) accounts.
Employees don’t care what “suits” from Corporate say – they care what their bosses want. What were the bosses’ incentives? Was there a reward for managers whose teams had few unauthorized accounts? Did executives whose teams opened “bad” accounts lose compensation? In principle, the sanction for bad behavior was termination, but people were also fired for failing to meet their sales goals.
Making matters worse, employees who tried to point out the perverse incentives were branded as negative or not team players. There was evidently no channel through which Mr. Stumpf or the board could learn that the imperative of cross-selling more accounts was leading to trouble. Many new lawsuits are claiming retaliation.
To manage your company’s risks effectively, calibrate incentives for both the ends and the means. Include negative incentives. Involve and empower someone who understands compliance risks to be influential at the most senior levels. Then apply incentives consistently to compliance and other business risks — and make sure they stick all the way up the chain of command.
Finally, build a culture that welcomes and pays attention to challenges. As I’ve written elsewhere, it’s easy to deride anyone who questions imperatives from the top, thus missing chances to correct mistakes before they become disasters.
If you can do these things, you can enhance profitability and dramatically reduce your risk of quality time with regulators, prosecutors and Senators.
© 2016 David B. Jaffe
All rights reserved
Photo Credit: iStock.com/klibbor.