Question

WASHINGTON, D.C. — Today the Consumer Financial Protection Bureau (CFPB) fined Wells Fargo Bank, N.A. $100 million for the widespread illegal practice of secretly opening unauthorized deposit and credit card accounts. Spurred by sales targets and compensation incentives, employees boosted sales figures by covertly opening accounts and funding them by transferring funds from consumers’ authorized accounts without their knowledge or consent, often racking up fees or other charges. According to the bank’s own analysis, employees opened more than two million deposit and credit card accounts that may not have been authorized by consumers. Wells Fargo will pay full restitution to all victims and a $100 million fine to the CFPB’s Civil Penalty Fund. The bank will also pay an additional $35 million penalty to the Office of the Comptroller of the Currency, and another $50 million to the City and County of Los Angeles.
“Wells Fargo employees secretly opened unauthorized accounts to hit sales targets and receive bonuses,” said CFPB Director Richard Cordray. “Because of the severity of these violations, Wells Fargo is paying the largest penalty the CFPB has ever imposed. Today’s action should serve notice to the entire industry that financial incentive programs, if not monitored carefully, carry serious risks that can have serious legal consequences.”
The full text of the CFPB’s Consent Order can be found at: http://files.consumerfinance.gov/f/documents/092016_cfpb_WFBconsentorder.pdf
Wells Fargo, headquartered in Sioux Falls, S.D., is one of the biggest banks in the country and offers many consumer financial products and services, including savings and checking accounts, credit cards, debit and ATM cards, and online-banking services. In recent years, the bank has sought to distinguish itself in the marketplace as a leader in “cross selling” these products and services to existing customers who did not already have them. When cross selling is based on efforts to generate more business from existing customers based on strong customer satisfaction and excellent customer service, it is a common and accepted business practice. But here the bank had compensation incentive programs for its employees that encouraged them to sign up existing clients for deposit accounts, credit cards, debit cards, and online banking, and the bank failed to monitor the implementation of these programs with adequate care.
According to today’s enforcement action, thousands of Wells Fargo employees illegally enrolled consumers in these products and services without their knowledge or consent in order to obtain financial compensation for meeting sales targets. The Dodd-Frank Wall Street Reform and
1
Consumer Protection Act prohibits unfair, deceptive, and abusive acts and practices. Wells Fargo’s violations include:
Opening deposit accounts and transferring funds without authorization: According to the bank’s own analysis, employees opened roughly 1.5 million deposit accounts that may not have been authorized by consumers. Employees then transferred funds from consumers’ authorized accounts to temporarily fund the new, unauthorized accounts. This widespread practice gave the employees credit for opening the new accounts, allowing them to earn additional compensation and to meet the bank’s sales goals. Consumers, in turn, were sometimes harmed because the bank charged them for insufficient funds or overdraft fees because the money was not in their original accounts.
Applying for credit card accounts without authorization: According to the bank’s own analysis, Wells Fargo employees applied for roughly 565,000 credit card accounts that may not have been authorized by consumers. On those unauthorized credit cards, many consumers incurred annual fees, as well as associated finance or interest charges and other fees.
Issuing and activating debit cards without authorization: Wells Fargo employees requested and issued debit cards without consumers’ knowledge or consent, going so far as to create PINs without telling consumers.
Creating phony email addresses to enroll consumers in online-banking services: Wells Fargo employees created phony email addresses not belonging to consumers to enroll them in online-banking services without their knowledge or consent.
Enforcement Action
Under the Dodd-Frank Wall Street Reform and Consumer Protection Act, the CFPB has the authority to take action against institutions violating consumer financial laws, including engaging in unfair, deceptive, or abusive acts or practices. Today’s order goes back to Jan. 1, 2011. Among the things the CFPB’s order requires of Wells Fargo:
 Pay full refunds to consumers: Wells Fargo must refund all affected consumers the sum of all monthly maintenance fees, nonsufficient fund fees, overdraft charges, and other fees they paid because of the creation of the unauthorized accounts. These refunds are expected to total at least $2.5 million. Consumers are not required to take any action to get refunds to which they are entitled.
 Ensure proper sales practices: Wells Fargo must hire an independent consultant to conduct a thorough review of its procedures. Recommendations may include requiring employees to undergo ethical-sales training and reviewing the bank’s performance measurements and sales goals to make sure they are consistent with preventing improper sales practices.
 Pay a $100 million fine: Wells Fargo will pay a $100 million penalty to the CFPB’s Civil Penalty Fund. Today’s penalty is the largest the CFPB has imposed to date.

Read the above enforcement notification dated September 08, 2016, by CFPB of the action it has taken and answer the following questions:
1. Explain in your own words, the details of alleged illegal practice of opening credit card accounts on behalf of consumers without authorization
2. What would you consider to be a well-designed internal control that would have prevented such unauthorized openings by the employees of the bank? Discuss in detail. You should identify a specific internal control.
3. Discuss a detective control that could detect such unauthorized openings and alert senior management. You should identify a specific internal control.

Answer 1

Explain in your own words, the details of alleged illegal practice of opening credit card accounts on behalf of consumers without authorization:

Wells Fargo’s involvement with unauthorized and secret creation of ghost bank accounts in order to earn an additional income culminated into a fine owing to the watchful eye of a Consumer Financial Protection Bureau (CFPB). The conducted extensive opening of the these deposit and credit accounts motivated by the desire to have an increase in the sales revenue which first of all had to guarantee meeting its sales targets. More so, it also sought to increase its compensation incentives with a further boost in sales. Specifically, it involved employees opening accounts and transferring the funds in them which essentially meant that customers could not be able to access the funds in their accounts. As a result, they ended up charging them on unavailable funds in the accounts, bank overdraft charges and other fees chargeable by the bank. Unfortunately, all these was conducted without the knowledge of the customers who were enraged by this revelation. Based on the information from the employees working there as well as its own analysts, Wells Fargo opened up more than 2 million deposit and credit accounts that may have not been authorized by the customers. Consequently, the bank will have to pay a full restitution to all its victims amounting to $100 million penalty, $35 million for the Comptroller of currency and $50 million to the Loss Angeles city Council (Duggan, 2016).

What would you consider to be a well-designed internal control that would have prevented such unauthorized openings by the employees of the bank? Discuss in detail.

A well designed program should one that has a consistent communication between management with employees whereby they review their goals from time to time. In other words, companies should be using data surrounding employee’s goals which includes social recognition, goal achievement and the knowledge about who they are working for. Inputs for performance should focus on reviewing as well as providing real time feedback on the employee goals that have been set (Brodwin, 2016). Should frequent conversations have existed within Wells Fargo, then managers would have found enough time to provide feedback to their employees with regard to adjusting their expectations as they see it fit. Essentially, Wells Fargo would actually have seen it vital to review its own goals to ensure that they kept up with the mission of the company. Employees would review their goals after every month in bid to detect any anomalies. When the company’s goals are unrealistic, then its business strategy becomes vulnerable to corrupt practices and fraud. An internal system that is able to keep all these in check must address the aforementioned issues.

Discuss a detective control that could detect such unauthorized openings and alert senior management

Fraud analytics system should have been vital in detecting any acts of fraud and notify the management. For instance, since the fraud included opening of new accounts, the email detection should have been in place whereby fake emails should have been used to flag accounts that had long periods of inactivity. This should have pointed to the interaction between the customer and their account. Furthermore, data monitoring should have been fused with the fraud detection software in place (Brodwin, 2016). All information that would likely result into a suspicious activity would be analyzed and an immediate feedback relayed to the top management.