by Edward D. Herlihy, Richard K. Kim, and Sabastian V. Niles
In a stinging rebuke, the Federal Reserve on February 2nd issued an enforcement action barring Wells Fargo from increasing its total assets and mandating substantial corporate governance and risk management actions. The Federal Reserve noted in its press release that Wells will replace three current board members by April and a fourth board member by the end of the year. In addition, the Federal Reserve released three supervisory letters publicly censuring Wells’ board of directors, former Chairman and CEO John Stumpf and a past lead independent director. These actions are a sharp departure from precedent, both in their severity and their public nature. They come on the heels of significant actions already taken by Wells, including appointing a former Federal Reserve governor as independent Chair and replacing a number of independent directors as well as its General Counsel.
As a matter of regulatory policy, we believe that these actions are more piercing political statement than a change in direction from the deregulatory posture of the Trump Administration or the recent Federal Reserve pronouncements about reducing the regulatory demands on bank boards of directors. It is telling that the Federal Reserve took action on Chair Janet Yellen’s last day in office and that its press release features a quote from her – she rarely commented on enforcement actions during her tenure. That being said, there are important aspects of these actions that will reverberate within and beyond the financial sector, underscoring the ever-evolving challenges facing corporate boards:
- the characterization of compliance breakdowns as failures of governance and board oversight;
- the required replacement of board members;
- the censuring of directors after they had left the board for “lack of inquiry and lack of demand for additional information”;
- the expressed view that a board’s composition, governance structure and practices should support the company’s business strategy and be aligned with risk tolerances;
- the expectation that business growth strategies be supported by a system for managing all key risks, including those arising from performance pressure and compensation incentive systems and the potential that business goals could motivate compliance violations and improper practices;
- the view that “management assurances” of enhanced monitoring and handling of known misconduct be backed up by “detailed and concrete plans” reported to the board; and
- the citation to the company’s published corporate governance guidelines detailing duties and responsibilities that were not fulfilled.
In its enforcement action, the Federal Reserve required that Wells submit written plans to enhance its board’s effectiveness in carrying out its oversight and governance functions and to improve its firm-wide compliance and risk management program. Once the Federal Reserve has approved these plans and Wells has implemented them, Wells must arrange for an independent review of the improvements that have been made, which must be completed by September 30th. Wells must then arrange for a second independent review to assess the efficacy and sustainability of the improvements. Until the initial independent review is completed to the Federal Reserve’s satisfaction, Wells is barred from increasing its total consolidated assets from the level reported to the Federal Reserve as of December 31, 2017.
While the bank regulators have in the past issued enforcement actions limiting banks from increasing their total assets, these actions have been reserved for deeply troubled institutions with severe capital and credit issues and not for financially strong institutions such as Wells. The Federal Reserve likely took this unusual step because Wells was already barred from making acquisitions as a result of other legal and regulatory restrictions. Nevertheless, Wells Fargo acquired a large portion of the assets of GE Capital in 2016 structured in a manner to avoid its regulatory bar on acquisitions, and this may have been a further impetus for the Federal Reserve’s action.
Perhaps more surprising was the Federal Reserve’s public release of supervisory letters to each of Wells Fargo’s board members, former Chairman and CEO and past lead independent director criticizing their performance. Normally, supervisory letters are kept confidential by the regulators. In the letters, the Federal Reserve pointed to an overall lack of effective oversight and control of compliance and operational risks. These letters express the view that directors need “to have sufficient information from firm management to understand and assess problems at the firm” and that this requires “robust inquiry and demand for further information.” Especially with respect to board leaders, once problems become known, failure to “initiate any serious investigation or inquiry” or to “lead the independent directors in pressing firm management for more information and action” will expose directors to criticism and potential reputational damage.
Last August, the Federal Reserve issued a proposed corporate governance proposal narrowing its focus on supervisory expectations for bank boards of directors, noting in its release that “boards often devote a significant amount of time satisfying supervisory expectations that do not directly relate to the board’s core responsibilities.” Proposed Guidance on Supervisory Expectations for Board of Directors, 82 Federal Register, 37219 (August 9, 2017). In our view, these letters do not contradict that guidance – rather they lay out more specific supervisory expectations for boards when they become aware of specific instances of misconduct. The public release of these letters to Wells Fargo’s current and former board members should be viewed as putting other companies on notice regarding the expectations laid out within them.
We note that there remains the possibility of further enforcement actions by the Federal Reserve involving Wells. In the current enforcement action, Wells agreed to fully cooperate and “to use its best efforts, as determined by the Board of Governors,” to facilitate investigations by the Federal Reserve “of whether separate enforcement actions should be taken against individuals” who are or were affiliated with Wells. Given the highly public nature of the Federal Reserve’s actions, the Congressional hearings that will likely follow, and the continuing outcries for holding individuals accountable in cases of corporate misconduct, it may be politically difficult for the Federal Reserve to refrain from taking further action against individuals previously or currently associated with Wells.
While financial institutions operate within their own unique regulatory framework, all companies should reflect on the increased expectations on board leaders and the board as a whole with respect to assuring that appropriate risk management and escalation systems are in place. This includes setting high expectations for General Counsels and compliance departments and following up assertively with robust and prompt inquiry and tracking when evidence emerges of serious compliance breakdowns. Because high-quality, timely and credible information provides the foundation for effective responses and decision-making by the board, the ability of a board and board committees to perform their oversight roles is dependent upon the relationship and flow of information among the directors, senior management, legal and compliance departments and the risk managers in the company. If directors do not believe they are receiving sufficient information, they should be proactive in asking for more, and directors should work with senior management to ensure that their information needs are being met, including agreeing on the type, format and frequency of risk, business and other information required by the board.
Edward D. Herlihy is co-chairman of the Executive Committee and a partner at Wachtell, Lipton, Rosen & Katz. Richard K. Kim and Sabastian V. Niles are partners at Wachtell, Lipton, Rosen & Katz.
Disclaimer
The views, opinions and positions expressed within all posts are those of the author alone and do not represent those of the Program on Corporate Compliance and Enforcement (PCCE) or of New York University School of Law. PCCE makes no representations as to the accuracy, completeness and validity of any statements made on this site and will not be liable for any errors, omissions or representations. The copyright of this content belongs to the author and any liability with regards to infringement of intellectual property rights remains with the author.