Wells Fargo Report Offers Insight Into Evolving Board Risk Management Expectations
Even if you are not a Wells Fargo customer, it's easy to empathize with them and see how the corporate ship veered off course. But the lesson is not new or novel. History is replete with examples of misguided corporate incentives undermining culture—from the Dutch East India Co. to Enron—second verse, same as the first.
February 12, 2019 at 12:15 PM
7 minute read
The Wells Fargo scandal stands as a poignant example of what can happen when company leadership sets the wrong kinds of incentives for employees. It's such a great example of mis-alignment because, at some level, we all understand and have significant exposure to the retail banking system. Even if you are not a Wells Fargo customer, it's easy to empathize with them and see how the corporate ship veered off course. But the lesson is not new or novel. History is replete with examples of misguided corporate incentives undermining culture—from the Dutch East India Co. to Enron—second verse, same as the first. Board oversight is a familiar theme. Like Enron, we have a special report issued in 2017 to figure out why it all went wrong for Wells Fargo. Last week, the company added a Business Standards Report to the narrative styled, “Learning from the past, transforming for the future.”
The report echoes some of the rebranding the company has focused on in digital and television advertising to regain customer trust. The bank's wrongheaded incentive and decentralization story has been widely circulated (who can forget the images of Sen. Elizabeth Warren searing CEO Tim Sloan and suggesting he be fired). The report provides at least some answers to the questions posed by Warren and Wells Fargo customers. The report contains a lot to digest (honestly, it could have been a bit more concise and simpler). It begins by reminding readers that Wells Fargo is a storied institution (picture stagecoaches protecting gold) that customers have trusted since 1853. The introduction follows with statistics showing the bank has an equally impressive footprint today, including employing approximately one in 600 working Americans, providing significant benefits to U.S. communities, and serving one in three U.S. consumer households. The most interesting part of the report, however, deals with risk management and board oversight.
In 2017, following the company's annual meeting, the board took a look in the mirror, meeting with investors, other stakeholders and retaining third parties to provide guidance on what they could do better. From a design perspective, the report notes that the board made significant changes to the board's structure and composition, reconstituted several board committees, and amended committee charters to sharpen the focus and reduce duplication of risk oversight. The Risk Committee now includes members with experience identifying, assessing and managing risk exposure of large financial companies, with risk management experience in financial reporting and technology/cybersecurity. Six new directors have joined the board since 2017. The company also separated the roles of the CEO and board chair (now required to independent under the bylaws).
Wells Fargo also created a Risk Committee, which oversees compliance, operational and information security risk, as well as complaint management. Historically, the Board's Audit and Examination Committee oversaw these areas. Wells Fargo said that the board recognized the need for more focused oversight of compliance and technology risk and formed two subcommittees, the Compliance Subcommittee and the Technology Subcommittee. In the report, Wells Fargo recognizes that while it may be a financial company, it's also a people business, and it needed a separate Human Resources Committee tasked with enhanced oversight responsibilities, including human capital management, culture and ethics.
The report also notes that Wells Fargo enhanced the board materials and information flow between company leadership and the board (as well as exposing board members to meetings with customers to receive direct feedback). The Wells Fargo board now conducts a rigorous self-evaluation process to assess its own effectiveness, review governance practices and identify areas for enhancement. This process is a key part of the director nominating process and succession planning. The report also contains great takeaways from a company and culture perspective, traps of working in silos and lack of accountability, and vision for the company's future as part of the “transformation.”
Audit and risk have been hot topics in recent years for boards. Less than an hour away from Wells Fargo's headquarters, each summer, Stanford Law School and the Rock Center for Corporate Governance put on the best education program in the world for board members that routinely discusses these and other critical board agenda items. A look at this year's agenda, put together by corporate governance gurus Mike Callahan, Amanda Packel and Kristen Savelle (as well as Joseph Grundfest and other luminaries), appears right on point. In November, the Silicon Valley Directors' Exchange and the Rock Center put on an event at Stanford focusing on similar risk and culture issues.
Clearly these topics are on the minds of corporate boards. But it will be interesting to see how other boards more formally incorporate risk management into board design in the future. Risk assessment and management are a key part of a corporate compliance program. Analysis of risk and legal requirements drive policies and procedures, training and monitoring of a compliance program. Regulators have provided specific guidance on the components of a risk assessment. For instance, the DOJ's guidance, Evaluation of Corporate Compliance Programs, specifically references the OECD risk assessment approach: establish the process; identify the risks; rate the inherent risk; identify and rate mitigating controls; calculate the residual risk; and develop an action plan. But the process only works if the board and leadership understand the results.
Effective design includes board reporting and helping board members sort compliance and enterprise risk. If a compliance risk such as privacy shows up as a significant risk on your enterprise risk assessment, you have a serious problem. The Wells Fargo report reminds us that as we think about how we monitor enterprise and compliance risk, we have to understand how those outputs enable the board and company leadership to make key decisions on risk and mitigation.
Whether Wells Fargo can sell its story to its customers remains to be seen. On Feb. 7, some of the bank's customers complained on social media about the bank's service outage, which prevented customers from using their debit cards or accessing their online accounts. Wells Fargo tweeted, “We apologize to our customers who may be experiencing an issue with our online banking and mobile app. Thanks for your patience while we research this issue. If you are impacted, please check back here for updates.” One customer responded that he/she was stuck out of state and couldn't use their debit card to purchase fuel. They probably have not seen the report. But it seems like the company may still have some work to do on the second part of that tagline.
Ryan McConnell and Meagan Baker are lawyers at R. McConnell Group—a compliance and internal investigations boutique law firm in Houston, Texas. McConnell is a former assistant U.S. Attorney in Houston who has taught criminal procedure and corporate compliance at the University of Houston Law Center. Baker's work at the firm focuses on risk and compliance issues in addition to assisting clients with responding to compliance failures. Send column ideas to [email protected]. Follow the firm on Twitter at @rmcconnellgroup.
|This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllA Blueprint for Targeted Enhancements to Corporate Compliance Programs
7 minute readThree Legal Technology Trends That Can Maximize Legal Team Efficiency and Productivity
Corporate Confidentiality Unlocked: Leveraging Common Interest Privilege for Effective Collaboration
11 minute readTrending Stories
- 1'Largest Retail Data Breach in History'? Hot Topic and Affiliated Brands Sued for Alleged Failure to Prevent Data Breach Linked to Snowflake Software
- 2Former President of New York State Bar, and the New York Bar Foundation, Dies As He Entered 70th Year as Attorney
- 3Legal Advocates in Uproar Upon Release of Footage Showing CO's Beat Black Inmate Before His Death
- 4Longtime Baker & Hostetler Partner, Former White House Counsel David Rivkin Dies at 68
- 5Court System Seeks Public Comment on E-Filing for Annual Report
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250