This piece was originally published in the Detroit News, but has been updated to reflect recent developments.
The fiasco at Wells Fargo, where bankers opened thousands of fraudulent accounts leading to litigation, enforcement, fines and a stunning loss of reputation, is old news. The consequences, however, continue to play out for the company and its leaders. A new report released last week by the Wells Fargo Board’s independent directors shows that the company lacked key elements of effective compliance and ethics efforts. A review of the report offers important lessons for other companies.
The Board singled out John Stumpf, former CEO, and Carrie Tolstedt, former President of the Community Bank – the division where the fraud took place – for blame. It ordered them to forfeit over $100 million of compensation, it reduced 2016 executive bonuses for others by an aggregate $32 million, and fired for cause four other officers in the Community Bank. These dire consequences for individuals have set a new precedent for corporate boards to follow.
Key elements of the report highlight essential compliance and ethics principles that Wells Fargo missed, and that business leaders need to know. These principles come from the Department of Justice’s standards for compliance and ethics programs and from the accumulated experience of executives trying to keep their companies out of harm’s way.
First, the Community Bank had its own risk management department, which reported to the head of the division, not to a corporate officer, and did not have access to directors. Tolstedt, according to the report, adamantly and strictly limited communication between “her” team and the corporate level risk team (and the Board).
The critical lesson: Businesses need a compliance and ethics function that is independent of operating management, is empowered to participate in decision-making, and has direct access to the Board.
Second, Wells Fargo incorporated its compliance and ethics efforts into a Risk Department, which looked at ethics issues mainly through the lens of enterprise risk management (ERM). ERM usually focuses statistically on the potential impact of a risk on the financial statements. Wells Fargo’s risk team knew that hundreds of employees per year had been fired for violations of account opening rules; but it only saw a problem that affected fewer than one percent of the bank’s employees, and that the amounts involved in each case were quite small.
Seeing a problem involving (relatively) modest numbers of employees and sums of money, Wells Fargo saw a modest problem. A team with a focus on integrity would likely have seen a fundamental problem and appreciated the ways in which the problem could snowball.
The critical lesson: Compliance and Ethics is different from ERM, even though the two areas overlap.
Third, to the extent that it saw problems, Wells Fargo focused its efforts on firing employees who broke rules, not on requiring integrity. Management knew that some employees were opening accounts fraudulently, and that some supervisors were encouraging them. Some senior executives in the Community Bank recognized that its sales incentive system encouraged the bad conduct and argued for change. But the senior leaders “were concerned that tightening up too much on quality would risk lowering sales … [and] were reluctant to take steps that … might have a negative impact on … financial performance.” Senior leaders waited until unethical behavior blew up into a crisis.
The critical lessons: Every employee at every level must know that her boss requires ethical conduct and compliance.
Companies must create incentives for good conduct and avoid incentives for bad conduct.
Finally, Stumpf gave deference to Tolstedt and hesitated to dig deeply. The Community Bank was very profitable and Stumpf considered Tolstedt the “best banker in America.” As a result, she was not scrutinized carefully, was allowed to restrict communication, and was given deference in decision-making, even after account problems became known at the corporate level and Los Angeles County sued Wells Fargo over fraudulent accounts.
The report complains that management withheld information from the Board, but reveals that directors failed to push to get the whole story. Last Tuesday, the directors endured a humiliating annual meeting where many were barely re-elected. They will face tremendous pressure in the coming days and weeks.
The critical lessons: There must be one standard of conduct; important or successful people can’t be allowed to get away with bad conduct.
Directors can’t be passive about compliance and ethics.
For businesses – and their leaders – the cost of bad conduct can be astronomical. An investment in learning and applying essential principles of compliance and ethics programs will provide a great return by significantly reducing the risk of expensive and career-killing disasters.