The Federal Reserve Bank this month assessed a penalty against Wells Fargo for the bank’s widespread customer abuse from its fraudulent accounts scandal, other regulatory violations, and lack of response by the bank’s doard of directors to these problems and other risk management issues.
Additionally, Wells Fargo must elect new board members. Estimates of this financial penalty could range between $300-$400 million in lost revenue, far above the $185 million fine levied against the bank in 2016.
This fine is something every chief compliance officer should bring to the attention of their board of directors. While there are obvious distinctions for publicly and privately listed companies, the precedent of a regulator sanctioning an entity for the failures of its board is now set. Once a precedent is set, it can be more easily used a second time.
Over the past year, the Department of Justice has continually talked about companies operationalizing their compliance programs. Having a board member with specific compliance expertise, heading a board-level compliance committee can provide a level of oversight and commitment to achieving this goal.
Moreover, the Justice Department specifically required compliance expertise on a board of directors in the recently released FCPA Corporate Enforcement Policy. This means that when your company is evaluated by the Department of Justice under the new FCPA Corporate Enforcement Policy, to retrospectively determine if your company had a best practices compliance program in place at the time of any violation, you need to have not only the structure of the board-level compliance committee, but also the specific subject -matter expertise on the board and on that committee.
The penalty is the first time regulators have sanctioned an entity for the board’s failures around risk management, but it will not be the last time.