In 2011, Going Concern speculated about potential issues with internal controls at Wells Fargo that prompted the then CFO, Howard Atkins, to abandon ship. Just a little foreshadowing of what is happening to good ol’ Wells this month.
If you haven’t been following the news, here’s the scoop:
Over the last 5 years a handful (actually 5,300!) employees went rogue and made millions of bogus deposit and credit card accounts to meet sales targets. Most of the accounts were completely fabricated and 100% unauthorized. The kicker is that they started charging unsuspecting customers fees out of the blue. Super sketchy.
The company’s systemic problem finally hit the fan last week.The WSJ reports:
Federal prosecutors are in the early stages of an investigation into sales practices at Wells Fargo & Co. that led to the bank being hit last week with a $185 million fine.
If you do the math, the timing works out with Mr. Atkins’ departure. Again, I’m speculating but the company admits to firing dishonest employees for the past 5 years. Hey, look at that, it’s been five years since Atkins left. Don’t tell me they didn’t see this iceberg coming...
Is the bank too big to care?
But don’t worry, the current CEO John Stumpf doesn’t seem super upset. And why should he? He let go of the “bad apples” already (or so he says). And that “hefty” fine is actually more like a slap on the wrist representing “only about 3% of the bank’s second-quarter profits” according to WSJ.
But, it may be a deep rooted issue. As quoted by Compliance Week in 2015, the former CEO Richard Kovacevich (who retired in 2009) doesn’t see much value in internal control and compliance spending:
I think what’s happening today, is that they [banks in general] are getting rid of sales staff and investing in technology and so on, in order to pay for compliance. It is staggering. In our bank there are probably close to 10,000 compliance people. You have to offset those costs somewhere because revenue growth is non-existent in the banking business.
I find it very interesting that the former CEO admits that revenue growth is “non-existent” in the industry. In that case, why not force employees to meet aggressive sales targets after the worst recession in 80 years? That will go over swimmingly.
Someone has some explaining to do
All of this leads me to believe that Wells Fargo must have known it wasn’t a handful of isolated events. The sheer size of the issue had to have triggered some red flags. We are talking about roughly 1.5 million deposit accounts and a half-million credit card accounts not authorized by consumers per the Customer Financial Protection Bureau’s press release. "How does a bank that is supposed to have robust internal controls permit the creation of over a half-million dummy accounts?" asked a Georgetown Law Professor in one CNN article. You know, that’s my question too…
Lots of people had to have known and kept their mouths shut. Mortgage News Daily has an analysis of the tangled web of lies:
There is just no way that Wells wasn't getting thousands of calls from consumers who were charged fees on accounts they never opened. Customer service had to know about all the complaints. Quality control in their account opening process had to know what was going on in the documentation. HR or whoever paid the bonuses had to know there was inflated reports and the terminations because of that. Compliance had to know. Risk management had to know. Upper management had to know.
Afterall, when you think of identity theft… a bank employee is the last person I would expect to catch from a credit monitoring alert. That would warrant a nasty phone call to Wells Fargo.
What does KPMG have to say about all of this? After all, they issued at squeaky clean ICFR opinion in the Wells Fargo 2015 annual report. No comment, yet. Although, I really wouldn’t want to be part of that audit team this week. Ick. (Oh, and I’ll pass on the Wells Fargo audit intern program too.)
This is the sort of stuff that makes people question the integrity of the banking system (in case we didn’t already….cough, cough) but also compliance and internal control audits in general. It’s too soon to tell if KPMG stamped an a-ok on any relevant account controls and didn’t pick up on obvious design flaws. Either way, this is a pretty big skeleton in the closet to miss regardless of whether or not it was in scope for testing.
The good news for KPMG is that the unauthorized accounts did exist -- so it’s not like Wells made up the revenues and KPMG didn’t catch it.
Do you think there will be implications for KPMG after all is said and done? Let's talk it out.