Back in January, Wells Fargo issued a comprehensive Business Standards Report, “Learning from the past, transforming the future.”

The document details the many changes the banking giant has made to address causes of past issues and provides updates on the company’s businesses, practices, and progress.

Join the Compliance Week community

Receive the latest in corporate governance, risk, and compliance news from Compliance Week. Become a new member and get a one-year print & digital subscription for just $8/week.

Learn more

“Following Wells Fargo’s September 2016 regulatory settlements related to retail banking sales practices, we made our top priority the restoration of the trust we lost,” the report says. “We began with self-reflection—reviewing what happened so we could fully understand where things broke down, learn from our mistakes, make things right for customers who were harmed, and begin to rebuild trust. The report addresses actions Wells Fargo has taken—and continues to take—to improve its culture, revamp its organizational structure, and strengthen risk management and controls.”

The firm agreed to develop the Business Standards Report following a shareholder proposal led by the Interfaith Center on Corporate Responsibility. To create the report, Wells Fargo worked with more than 175 leaders and team members under the guidance of the board of directors and the company’s top-level operating committee.

“As a result of our decentralization and lack of sufficient corporate oversight, we took too long to understand the seriousness and scope of the problems—so actions taken over the years to address the problems proved inadequate,” the report says.

The 103-page report is divided into chapters representing key focus areas for the company, including culture, company goals, leadership and corporate governance, risk management, and stakeholder relationships. Case studies throughout the report provide specific examples of business practices, including many that were informed by lessons learned from Wells Fargo’s recent past.

Highlights of the report

The document details internal forces that likely contributed to the banking giant’s numerous failings and compliance challenges in recent years.

Root causes that contributed to retail banking sales practices issues and other matters included performance management, incentive programs, and a high-pressure sales culture that drove behaviors that were inappropriate.

Also blamed was a decentralized business model that granted too much authority and autonomy to the Community Bank’s senior management, de-emphasized corporate oversight, and certain control functions that often adopted a narrow “transactional” approach to issues as they arose.

In response to the scandal, the board of directors took “significant steps” to strengthen and enhance its governance oversight and practices. These include adding new members with additional experience in areas such as financial services, risk management, and human capital management; reconstituting several board committees; amending committee charters to enhance risk oversight and practices; and improving reporting and analysis provided to directors. The company also separated the roles of board chair and CEO and elected an independent board chair.

The company’s bylaws were modified to require that the board chair be an independent director with experience in specific risk areas, and they enhanced the financial services compliance, operational, cyber-security, and technology experience on the committee.

Company actions

The following are internal steps Wells Fargo has made to salvage its reputation and get back into the regulatory world’s good graces.

  • It eliminated product sales goals for retail bankers in bank branches and call centers, and changed their incentive, performance management, and recognition programs to focus on the customer experience and team (rather than individual) incentives. Compensation and incentive programs are now governed by stronger oversight and controls.
  • Wells Fargo enhanced its risk management organizational structure and framework around its three lines of defense, heightened focus on compliance and operational risk, and invested in automation and technological tools to strengthen risk controls that improve the ability to identify emerging trends and risks. For example, customers now receive an automatic notification when they open a new personal or small business checking account, savings account, or credit card.
  • The bank Implemented a robust “mystery shopper” program involving 15,000-18,000 bank branch visits per year. The internal community banking risk management team completes hundreds of unannounced conduct risk reviews annually to ensure that customers only receive the products and services they requested.
  • The bank enhanced its EthicsLine intake process to ensure that team members have a trusted and confidential way to report ethics concerns without fear of retaliation. It also developed speak-up and non-retaliation policies and launched a program to encourage team members to raise their hands when they see something that concerns them.
  • The company is reviewing practices related to certain consumer “add-on” products, including identity theft and debt protection products that were subject to an OCC consent order entered into in June 2015, as well as home and automobile warranty products and memberships in discount programs.
  • Senior executives identified actions to foster a single companywide culture. The goals are meant to outline clear expectations for leaders, managers, and team members.
  • As Wells Fargo strengthened its risk management function, it identified specific talent needs and hired more than 3,200 team members from outside the company between 2016-2018, including a chief risk officer, chief compliance officer, and head of regulatory relations (a new position).
  • In September 2018, the company introduced an updated and expanded risk management framework, a foundational document detailing the company’s revised approach to achieving a global standard in risk management. It defines how the company manages risk in a comprehensive, interconnected, and consistent manner.
  • The board also has strengthened its oversight of risk management, including making the following changes to its risk committee: reconstituting the committee to include additional members with experience identifying assessing and managing risk exposure of large financial companies, consolidating oversight of corporate risk and companywide risk management activities under the committee, and forming two subcommittees to focus on compliance and technology risks.

Wells Fargo also enhanced reporting to the operating committee and the board. For example, members of the operating committee receive weekly reporting on concerns team members bring to the attention of executives and board members, as well as a monthly dashboard that includes analysis and commentary related to customer complaints. The company created a Conduct Scorecard that drives regular discussions with executives around conduct-related activity within their business and across the company. It also provides regular reporting to the board on conduct, team member allegations, and customer complaint activity and trends.