by Daniel Alter
The Enforcement Action:
On September 8, 2016, the U.S. Consumer Financial Protection Bureau (“CFPB”), the U.S. Comptroller of the Currency (“OCC”), and the Los Angeles City Attorney (“LACA”) announced that they had settled regulatory enforcement and consumer protection actions against Wells Fargo Bank, NA (“Wells Fargo” or “Bank”), the nation’s second largest bank. As disclosed by the CFPB’s investigation, the nature and scope of the Bank’s misconduct was truly astounding.
The CFBP found that, over the course of more than five years, thousands of Wells Fargo employees had: (1) opened more than 1.5 million deposit accounts without client consent; (2) transferred funds between client accounts without client consent; (3) applied for almost 600,000 client credit cards without client consent; (4) issued client debit cards without client consent; and (5) enrolled clients in on-line banking services without client consent. As a result of these unauthorized and abusive transactions, the Bank charged customers approximately $2 million in fraudulent deposit-account fees and more than $400,000 in fraudulent credit-card related fees.
This widespread client deception was not driven, however, by the relatively de minimis revenue that it generated for Wells Fargo. Rather, the CFPB concluded that the Bank’s “employees engaged in [the misconduct] to satisfy sales goals and earn financial rewards under [the Bank’s] incentive compensation program.” In all, Wells Fargo “terminated roughly 5300 employees” over five years “for engaging” in these schemes – which is an astonishing number of dishonest personnel and nothing less than an internal compliance disaster.
Under the settlements, Wells Fargo will pay $100 million in fines to the CFPB, $35 million to the OCC, and $50 million to the LACA. In addition, the Bank has agreed to pay full restitution to injured clients, and has set aside a $5 million fund to cover those costs. Each settlement also requires that Wells Fargo implement substantial management reviews and governance reforms. But remarkably, none of the federal or state authorities demanded that Wells Fargo admit to its own pervasive wrongdoing. They simply permitted the Bank – “without admitting or denying” the charges – to accept the punishment.
The authorities blinked. This was a case of serious, systemic misconduct towards consumers by a major financial institution, and it warranted a public confession. By failing to exact any such acknowledgment of culpability, the regulators missed an important opportunity. This case presented a chance to foster an ethos of ethical responsibility, both within the banking industry at large and within a single institution in dire need of cultural reform. And that ethos is the bedrock foundation of every effective compliance regime.
Repairing Broken Windows:
In 1982, George L. Kelling and James Q. Wilson wrote a seminal article in The Atlantic that first set forth the “broken windows” theory of criminality. Kelling and Wilson metaphorically argued that “[s]ocial psychologists and police officers tend to agree that if a window in a building is broken and left unrepaired, all the rest of the windows will soon be broken.” They maintained that, “at a community level, disorder and crime are usually inextricably linked, in a kind of developmental sequence.” Accordingly, one window left broken begets others because it “is a signal that no one cares, and so breaking more windows costs nothing.” It is this evident attitude that “no one cares,” said Kelling and Wilson, which makes an area “vulnerable to criminal invasion.” Shedding the metaphor, they concluded that toleration of minor crimes, such as vagrancy and public drunkenness, corrodes community standards of conduct and thereby invites more serious criminal activity.
Over time, the “broken windows” theory has been challenged, both as to its empirical foundations and for the adverse effects it has had on policing strategies for poor and minority communities. But following the 2008 financial crisis, some have applied the theory to the cascading series of Wall Street scandals and observed that Wall Street is “an environment filled with broken windows, and conducive to abuse.” The theory’s application seems to explain recent experience well. As Wall Street became “steeped in a culture with a diminished sense of fiduciary responsibility to the firm, the customer, or really anyone,” the pervasive sense that “no one cares” made the industry “vulnerable to criminal invasion.”
Professor William Black has described Wall Street’s “broken windows” as “wrongdoings [that] degrade ethics and erode peer restraints on misconduct.” They are the types of regulatory violations, writes Black, that have a “tendency to produce a ‘Gresham’s’ dynamic in which businesses or CEOs that cheat gain a competitive advantage and bad ethics drives good ethics out of the markets.” And instead of taking “a series of prophylactic measures to restore integrity and strengthen peer pressures against misconduct,” Black contends that “we have been following the opposite strategy of that recommended under ‘broken windows’ theory.” He points to the adoption of “executive and professional compensation systems that are exceptionally criminogenic,” and to the weakening of corporate fiduciary duties, which he argues are a “critical means of preventing broken windows from occurring.” According to Black, by “systematically reduc[ing] effective peer restraints in our most important controls against financial fraud,” we have actually “been breaking windows.”
The phrase ‘neither admit nor deny’ is hardly a rallying cry “to forge a renewed fiduciary responsibility of bankers to customers, clients, and their own firms.” When used to settle serious regulatory violations, it suggests that the authorities either lack the power or commitment to hold violators legally and publicly accountable, i.e., to shame them. In the parlance of traditional ‘broken windows’ theory, it does nothing “to elevate . . . the level of public order,” but rather suggests to everyone that the banking industry “is uncontrolled and uncontrollable.” Facilitated by this perception, the big fines that corporations pay without concessions of wrongdoing can be rationalized within an organization as merely the price of doing business. But money alone cannot repair or reverse the ethical dilapidation that invites misconduct in the first place.
Surely, there are circumstances where, on balance, it is in the public interest for regulators to settle charges without requiring an alleged violator to admit liability. The infraction may not be serious enough to warrant the expenditure of prosecutorial resources, or the available resources are needed elsewhere. As the U.S. Court of Appeals for the Second Circuit recently underscored: “Trials are primarily about truth. Consent decrees are primarily about pragmatism.” But, as this case makes evident, sometimes it is pragmatic for regulators to insist upon the truth.
The chief argument against requiring corporate violators to admit guilt in all settlements posits that such concessions “could open the floodgates to shareholder lawsuits,” and thereby regularly deter corporate violators from settling. Some predict that, as a result, the “federal regulatory enforcement regime would screech to a grinding halt.” But that conclusion should be a case-specific assessment and not a rule of thumb. After all, the threat of such litigation makes it even more “likely that any broken windows in corporate governance will soon be remedied.”
Here, the regulatory settlements with Wells Fargo already provided for consumer restitution, which, at $5 million, was relatively limited. That fact ousts the specter of debilitating consumer class actions. As for shareholder derivative claims, the prevailing liability rules for officers and directors go far to insulate the Bank’s fiduciaries against plaintiffs. The Delaware Supreme Court has warned that “a claim that directors are subject to personal liability for employee failures is possibly the most difficult theory in corporation law upon which a plaintiff might hope to win a judgment.”
Had they been admitted by Wells Fargo, none of the investigative findings set forth in the CFPB, OCC, or LACA agreements would have conceded such liability. Doubtless, shareholder suits would have followed anyway, and resolving them would have been both expensive and disruptive for the Bank. Given the gravity of the Bank’s misconduct and the potentially draconian leverage that regulators hold over its business operations, however, it is equally doubtless that Wells Fargo ultimately would have admitted responsibility in order to move on.
Professor Black is correct. Stopping bad actors on Wall Street who are “breaking windows on an epic scale” requires “a regulatory force committed to serving as the essential ‘cops on the beat.’” As with all cops, regulators must use their discretion wisely in maintaining an orderly neighborhood. And in doing so, they must be sure to send clear signals to the financial industry that breaking more windows will cost something, because everyone cares.
 Press Release, Consumer Financial Protection Bureau Fines Wells Fargo $100 Million for Widespread Illegal Practice of Secretly Opening Unauthorized Accounts (September 8, 2016) (“CFPB Press Release); Press Release, OCC Assesses Penalty Against Wells Fargo, Orders Restitution For Unsafe or Unsound Business Practices (September 8, 2016) (“OCC Press Release”); Press Release, Los Angeles City Attorney Mike Feur Achieves Historic Result in Consumer Action Against Wells Fargo (September 8, 2016) (“LACA Press Release”).
 See CFPB Press Release; OCC Press Release; LACA Press Release.
 See CFPB Consent Order.
 See id.; see also Consent Order, In the matter of Wells Fargo Bank, N.A., No. AA-EC-2016-66, U.S. Department of Treasury, Comptroller of the Currency, September 8, 2016 (“OCC Consent Order”) (PDF: 113 KB); Stipulated Consent Judgment, California v. Wells Fargo Company, Case No. BC580778, Los Angeles Superior Court, September 8, 2016 (LACA Consent Judgment”) (PDF: 532 KB).
See CFPB Consent Order at 2; OCC Consent Order at 1; LACA Consent Judgment at 3.
 Kelling & Wilson.
 Kelling & Wilson
 SEC v. Citigroup Global Markets, Inc., 752 F.3d 285, 295 (2d Cir. 2014) (rejecting district court’s requirement that SEC “establish the ‘truth’ of the allegations against a settling party as a condition for approving the consent decree”).
 Id. (internal quotation marks omitted).
 Stone v. Ritter, 911 A.2d 362, 370 (Del. 2006) (establishing challenging standard for director oversight liability); Black at 2 (“Court decisions have increasingly weakened fiduciary duties of loyalty and care.”).
 Stone, 911 A.2d at 372 (internal quotation marks omitted).
Daniel Alter is a Senior Fellow in residence with the Program on Corporate Compliance and Enforcement. Alter recently served as the General Counsel and Chief Compliance Officer of itBit, a financial services company leveraging traditional capital markets infrastructure and blockchain technology. Previously he was the served as the General Counsel of the New York State Department of Financial Services.
The views, opinions and positions expressed within all posts are those of the author alone and do not represent those of the Program on Corporate Compliance and Enforcement or of New York University School of Law. The accuracy, completeness and validity of any statements made within this article are not guaranteed. We accept no liability for any errors, omissions or representations. The copyright of this content belongs to the author and any liability with regards to infringement of intellectual property rights remains with them.