A “Wells Fargo” Briefing for the Audit Committee

by Michael W. Peregrine

The Board’s audit committee is well advised to receive an update on the risk and compliance lessons from the recent Wells Fargo sales practices controversy. The general counsel, teaming with the chief risk & compliance officer, would be well suited to deliver this update. As well-chronicled in the recently released special investigative report (“Report”), the “20/20” lessons from the controversy transcend the financial services industry, to offer value to corporate boards across industry sectors. These lessons demonstrate how matters of organizational structure, corporate culture, and risk identification and reporting can coalesce in undisciplined circumstances to create significant corporate exposure. In several respects, these lessons prompt comparisons to the conclusions reached by investigative counsel in the GM ignition switch controversy of 2014. This comparison may help underscore the basic risk oversight message to the audit committee; i.e., that these issues have arisen in several of the largest U.S. companies and may arise again without proper supervision.

The Background

The catalyst for the controversy was a sales-driven business model within the Community Bank division. This aggressive model applied increasingly unrealistic sales goals for consumer banking products, such as checking accounts, savings accounts and credit cards sold on an annual basis. When combined with a lack of accountability at the Division leadership level and other leadership failings, it led to improper and unethical behavior (e.g., the sales of products that consumers neither needed nor used) and reputational damage on a wide scale.

The Role of Organizational Structure

A significant lesson is the extent to which the decentralized Wells Fargo organizational structure contributed to the sales model controversy. Indeed, the Report noted that there is nothing “pernicious” about such a structure on its own. However, in the context of the distorted Wells Fargo sales model, the structure became a significant catalyst for broader harm. Wells Fargo had historically fostered an organizational culture of deference to the management of individual business lines, best demonstrated in the “run it like you own it” mantra referenced in the Report. This deference extended to matters of oversight, risk and compliance as they related to business line issues. This proved toxic in the context of the Community Bank, whose leaders were described in the Report as unwilling or unable to identify problems with the sales model as they arose, and resistant to making any changes even when requested by senior corporate management. In addition, control functions (e.g., risk, human resources) were fragmented and departmentalized. There was no coordinated effort within the Community Bank to address sales practice issues. A related problem was the “transactional” approach taken by control functions to particular concerns as they arose. This obscured the ability of executives to view sales model issues in a broader context.

A Conflict of Culture

An additional lesson relates to the very real potential within organizations for significant conflict between corporate culture, and business realities and incentive goals. Like most organizations, Wells Fargo maintained and promoted an internal code of culture and ethics, that evolved around a “Vision and Values” statement. In addition, it made substantial compliance based educational efforts, including those focused on preventing sales program abuses such as they were known to exist. However, those cultural and compliance foundations were neutered by what the Report described as “significant, and in some cases extreme, pressure on employees to meet or exceed their [sales] goals.” The perception of many employees was that their failure to meet or exceed sales goals, no matter how unrealistic were those goals, would negatively affect their career trajectory. Compensation incentives also contributed to problematic behavior by over-emphasizing achievement of sales-related goals as against goals relating to customer service, satisfaction and similar factors. In addition, Community Bank employees perceived that the most recognized (by management) employees were those that achieved the highest level of sales performance.

Risk Related Concerns

Of particular interest to most audit committees is the extent to which executives at the Community Bank (and in certain other areas of the company) failed to exercise effective risk management practices.

(a) Risk Identification

Problems associated with low quality accounts were treated as employee performance matters (and addressed by termination), rather than as material risk/compliance concerns. Yet, even as the number of terminated employees grew to significant proportions, there was a failure at the Community Bank level to view the problem as systemic. As the Report deftly noted, “[E]ffect was confused with cause; it was common to blame employees who violated organizational rules, without considering what factors may have prompted them to do so.”

(b) Risk Recognition

Another risk-related concern was the inability (or unwillingness) of Bank managers–including those with risk related responsibilities–to recognize the severity of identified risks. The general perception amongst the Wells Fargo control function was that the sales practice abuses were not only of modest scope, but also that they did not cause any customer harm (e.g., fees or penalties). This under-reaction obscured the risk to organizational reputation from the sales practices, as well as the risk of associated regulatory enforcement and litigation.

(c) Risk Reporting

Senior Community Bank officers, who were respected throughout the organization, were cited for working to impede the escalation of sales program issues outside of the Bank, to the extent of withholding from the Board information regarding the number of employees terminated for sales practice violations. This was apparently done to allow those leaders freedom to resolve the issues on their own terms, and not to encourage improper behavior—yet the Report concluded that the consequences to Wells Fargo were the same. Indeed, the Report concluded that the sales model practices were not flagged to the Board as a noteworthy risk until 2014, a number of years after warning signs began arising in the Community Bank. Even after that, until 2016, management reporting to the board failed to adequately describe the scope of the problem.

The GM Connection

There is meaningful similarity between the risk management dysfunction at the Wells Fargo Community Bank, and the management dysfunction at General Motors as identified in the 2014 independent counsel investigation of the infamous ignition switch controversy. That report cited a series of similar risk management breakdowns; e.g., a lack of managerial urgency with respect to the switch problem once it was identified; a failure to understand the consequences of the problem; an unwillingness of executives with responsibility for the matter to exercise that responsibility by demanding action; and a decentralized management structure in which no single group or committee took “ownership” of the issue.


The Wells Fargo independent directors’ investigative report offers valuable lessons to corporate boards generally, and to their audit, risk and compliance committees in particular. These lessons offer opportunities for pro-active exploration of how risk issues can be implicated by matters of organizational structure, corporate culture and risk oversight training.

Michael W. Peregrine, a partner at McDermott Will & Emery, advises corporations, officers and directors on matters relating to corporate governance, fiduciary duties and officer-director liability issues. His views do not necessarily represent the views of McDermott Will & Emery or its clients.


The views, opinions and positions expressed within all posts are those of the author alone and do not represent those of the Program on Corporate Compliance and Enforcement or of New York University School of Law.  The accuracy, completeness and validity of any statements made within this article are not guaranteed.  We accept no liability for any errors, omissions or representations. The copyright of this content belongs to the author and any liability with regards to infringement of intellectual property rights remains with them.