Alternately, this week you may answer one of these questions:
How could this happen in the world of Sox and other regulations?
What should the CEO do now? Resign? Explain
Reader Interactions
Comments
Candace Nelsonsays
As I am Certified in fraud examination, I chose to read the accounts of the Wells Fargo sales scandal. In response to the question: How could this happen in the world of SOX and other regulations; my unfortunate response is “I don’t know.” Having been an auditor for the majority of my career, the first question I ask myself when I hear of a scandal such as this (or worse yet, the recent Equifax data breach) is “Where were the auditors” (in this case KPMG).
Public Company Accounting Oversight Board (PCAOB) Auditing Standard No. 5 – An Audit of Internal Control over Financial Reporting That is Integrated with an Audit of Financial Statements (AS No. 5) was approved by the Securities and Exchange Commission (SEC) on July 25, 2007. AS No. 5 required the following for public company audits of fiscal years beginning on or after December 15, 2014: “When planning and performing the audit of internal control over financial reporting, the auditor should take into account the results of his or her fraud risk assessment. As part of identifying and testing entity-level controls and selecting other controls to test, the auditor should evaluate whether the company’s controls sufficiently address identified risks of material misstatement due to fraud and controls intended to address the risk of management override of other controls.” Hence, it is unclear to me that the “stretch goal” fraud risk that management exploited at Wells Fargo was not thoughtfully considered by KPMG year after year after year.
I conducted additional research and learned that the Wells Fargo Board of Directors (BoD) completed an independent investigation of the Company’s retail banking sales practices and related matters and released their findings in a report dated April 12, 2017.
I have summarized the key findings below, with detailed comments associated with Internal Audit.
Key Findings from Board’s Independent Investigation/Action Plan Updates:
1. Community Bank Sales Culture
2. Community Bank Performance Management and Incentive Programs
3. Senior Management Oversight
4. Decentralized Organizational Structure
5. Control Function Oversight
Key Finding: Certain of the control functions [HR, Legal, and Internal Audit] often adopted a narrow “transactional” approach to issues as they arose. They focused on the specific employee complaint or individual lawsuit; missing opportunities to put them together in a way that might have revealed sales practice problems to be more significant and systemic than was appreciated.
Update: Board eliminated 2016 bonuses and significantly reduced the payout on the 2014 Performance Share awards that vested following 2016 for eight members of our Operating Committee (approx. $26 million), including the heads of Corporate Risk, the Law Department, Human Resources, and Audit, who were in place before the Operating Committee was reconstituted in November 2016 based on the senior leadership’s collective accountability for the overall operational and reputation risk of the Company
6. Management Reporting to the Board
Key Finding: In May 2016, the Board’s Audit and Examination Committee received a written presentation providing accurate termination figures for sales practice violations in the Community Bank for 2014 and 2015 [numbers showed decline by 30% from 2014 to 2015].
7. Board Oversight and Performance
Update: The Board enhanced committee oversight of conduct risk by expanding the Audit and Examination Committee’s oversight responsibilities for legal and regulatory compliance to include our Company’s compliance culture.
I am at a loss for the rationale behind a so called “independent” BoD investigation when they clearly lack said independence. I am also disappointed by the fact that there was so little mention of the Internal Audit function and their role in the lack of detection of an ongoing fraud of this magnitude. There was also minimal discussion about the role of the Audit Committee prior to the disclosure of the fraud, which is mind boggling…
One thing is certain – the public was also at fault for not examining their statements and questioning their fees. It is becoming clearly evident that we live in a new world where ongoing credit monitoring will become essential in order to detect the ever increasing situations such as this wherein consumers become the unknowing victims of corporate greed.
I believe CEO Tim Sloan should only resign if and when he is required to do so by the BoD or other regulatory bodies. He is responsible for failure to detect this fraud on his watch and should be held accountable.
As I am Certified in fraud examination, I chose to read the accounts of the Wells Fargo sales scandal. In response to the question: How could this happen in the world of SOX and other regulations; my unfortunate response is “I don’t know.” Having been an auditor for the majority of my career, the first question I ask myself when I hear of a scandal such as this (or worse yet, the recent Equifax data breach) is “Where were the auditors” (in this case KPMG).
Public Company Accounting Oversight Board (PCAOB) Auditing Standard No. 5 – An Audit of Internal Control over Financial Reporting That is Integrated with an Audit of Financial Statements (AS No. 5) was approved by the Securities and Exchange Commission (SEC) on July 25, 2007. AS No. 5 required the following for public company audits of fiscal years beginning on or after December 15, 2014: “When planning and performing the audit of internal control over financial reporting, the auditor should take into account the results of his or her fraud risk assessment. As part of identifying and testing entity-level controls and selecting other controls to test, the auditor should evaluate whether the company’s controls sufficiently address identified risks of material misstatement due to fraud and controls intended to address the risk of management override of other controls.” Hence, it is unclear to me that the “stretch goal” fraud risk that management exploited at Wells Fargo was not thoughtfully considered by KPMG year after year after year.
https://pcaobus.org/Standards/Auditing/Pages/Auditing_Standard_5.aspx
I conducted additional research and learned that the Wells Fargo Board of Directors (BoD) completed an independent investigation of the Company’s retail banking sales practices and related matters and released their findings in a report dated April 12, 2017.
https://www08.wellsfargomedia.com/assets/pdf/about/investor-relations/annual-reports/2017-supplemental-proxy-materials.pdf
I have summarized the key findings below, with detailed comments associated with Internal Audit.
Key Findings from Board’s Independent Investigation/Action Plan Updates:
1. Community Bank Sales Culture
2. Community Bank Performance Management and Incentive Programs
3. Senior Management Oversight
4. Decentralized Organizational Structure
5. Control Function Oversight
Key Finding: Certain of the control functions [HR, Legal, and Internal Audit] often adopted a narrow “transactional” approach to issues as they arose. They focused on the specific employee complaint or individual lawsuit; missing opportunities to put them together in a way that might have revealed sales practice problems to be more significant and systemic than was appreciated.
Update: Board eliminated 2016 bonuses and significantly reduced the payout on the 2014 Performance Share awards that vested following 2016 for eight members of our Operating Committee (approx. $26 million), including the heads of Corporate Risk, the Law Department, Human Resources, and Audit, who were in place before the Operating Committee was reconstituted in November 2016 based on the senior leadership’s collective accountability for the overall operational and reputation risk of the Company
6. Management Reporting to the Board
Key Finding: In May 2016, the Board’s Audit and Examination Committee received a written presentation providing accurate termination figures for sales practice violations in the Community Bank for 2014 and 2015 [numbers showed decline by 30% from 2014 to 2015].
7. Board Oversight and Performance
Update: The Board enhanced committee oversight of conduct risk by expanding the Audit and Examination Committee’s oversight responsibilities for legal and regulatory compliance to include our Company’s compliance culture.
I am at a loss for the rationale behind a so called “independent” BoD investigation when they clearly lack said independence. I am also disappointed by the fact that there was so little mention of the Internal Audit function and their role in the lack of detection of an ongoing fraud of this magnitude. There was also minimal discussion about the role of the Audit Committee prior to the disclosure of the fraud, which is mind boggling…
One thing is certain – the public was also at fault for not examining their statements and questioning their fees. It is becoming clearly evident that we live in a new world where ongoing credit monitoring will become essential in order to detect the ever increasing situations such as this wherein consumers become the unknowing victims of corporate greed.
I believe CEO Tim Sloan should only resign if and when he is required to do so by the BoD or other regulatory bodies. He is responsible for failure to detect this fraud on his watch and should be held accountable.