Responding to recent and widespread consumer abuses and other compliance breakdowns by Wells Fargo, the Board of Governors of the Federal Reserve on Feb. 2, 2018 announced it would restrict the growth of the firm until it sufficiently improves its governance and controls. Concurrently with the Fed Board’s action, Wells Fargo will replace three current board members by April and a fourth board member by the end of the year.
In addition to the growth restriction, the Fed Board’s consent cease and desist order with Wells Fargo requires the firm to improve its governance and risk management processes, including strengthening the effectiveness of oversight by its board of directors. Until the firm makes sufficient improvements, it will be restricted from growing any larger than its total asset size as of the end of 2017.
“We cannot tolerate pervasive and persistent misconduct at any bank and the consumers harmed by Wells Fargo expect that robust and comprehensive reforms will be put in place to make certain that the abuses do not occur again,” said Janet L. Yellen upon issuance of the order which took place on Yellen’s last business day of service as Fed Chair. “The enforcement action we are taking today will ensure that Wells Fargo will not expand until it is able to do so safely and with the protections needed to manage all of its risks and protect its customers.”
“We take this order seriously and are focused on addressing all of the Federal Reserve’s concerns,” said Timothy J. Sloan, Wells Fargo’s president and chief executive officer. “It is important to note that the consent order is not related to any new matters, but to prior issues where we have already made significant progress. We appreciate the Federal Reserve’s acknowledgment of our actions to date. In addition, the order is not related to Wells Fargo’s financial condition — we remain in a strong financial position and stand ready to serve the varied financial needs of our customers.”
“Our board is committed to meeting the expectations of our regulators and protecting and serving the interests of our shareholders, customers, team members and the community,” said Betsy Duke, independent chair of Wells Fargo’s Board of Directors and a former member of the Board of Governors of the Federal Reserve.
“Every change we’ve made over the past year reflects this and the valuable feedback of investors and stakeholders. Moving forward, we’ll continue to be focused on maintaining an appropriate mix of professional experiences and diverse perspectives necessary to govern a franchise as important as Wells Fargo.”
In recent years, Wells Fargo pursued a business strategy that prioritized its overall growth without ensuring appropriate management of all key risks, the Fed said. The firm did not have an effective firm-wide risk management framework in place that covered all key risks. This prevented the proper escalation of serious compliance breakdowns to the board of directors.
The Fed Board’s action will restrict Wells Fargo’s growth until its governance and risk management sufficiently improves but will not require the firm to cease current activities, including accepting customer deposits or making consumer loans.
Emphasizing the need for improved director oversight of the firm, the Fed Board has sent letters to each current Wells Fargo board member confirming that the firm’s board of directors, during the period of compliance breakdowns, did not meet supervisory expectations. Letters were also sent to former Chairman and Chief Executive Officer John Stumpf and past lead independent director Stephen Sanger stating that their performance in those roles, in particular, did not meet the Federal Reserve’s expectations.
The Federal Reserve’s consent order includes the following requirements:
Within 60 days:
- The company’s board will submit a plan to further enhance the board’s effectiveness in carrying out its oversight and governance of the company.
- The company will submit a plan to further improve the company’s firm-wide compliance and operational risk management program.
- After Federal Reserve approval, the company will engage independent third parties to conduct a review to be completed no later than September 30, 2018 to confirm adoption and implementation of the plans.
- The asset limitation will remain in effect until third-party reviews have been completed to the satisfaction of the Federal Reserve.
- After removal of the limits on asset growth, a second third-party review will be conducted to assess the efficacy and sustainability of the risk management improvements.
“While there is still more work to do, we have made significant improvements over the past year to our governance and risk management that address concerns highlighted in this consent order,” Sloan said.
These actions have included:
Board governance:
- Separating the roles of chairman and CEO and amending the company’s by-laws to require an independent chair.
- Electing six new independent directors in 2017 as five directors retired, bringing to eight the total number of directors elected since 2015, and planned refreshment of an additional four directors in 2018, with the retirement of three of those directors occurring by the time of its 2018 annual shareholder meeting.
- Enhancing the overall capabilities and experience represented on the board, including financial services, risk management, cyber, technology, regulatory, human capital management, finance, accounting, and consumer and social responsibility.
- Reviewing the board’s committee structure and leadership, amending committee charters to enhance risk oversight, and refreshing the chairs of certain key committees, including the Risk Committee and Governance and Nominating Committee.
- Conducting a board self-evaluation in 2017 facilitated by Mary Jo White, a senior partner at Debevoise & Plimpton LLP and former chair of the Securities and Exchange Commission. The self-evaluation informed the board’s changes in its structure, composition and governance practices.
Risk management:
- Centralizing critical control functions (including Human Resources, Finance, and Technology) to improve enterprise visibility, consistency and control.
- Centralizing all risk management functions to accelerate the design and implementation of a fully integrated operating model for risk management.
- Developing and executing comprehensive plans that addressed compliance and operational risk management programs, organizations, processes, technology and controls.
- Hiring external talent for critical risk management leadership roles – chief operational risk officer, chief compliance officer and head of regulatory relations (newly created).
- Forming new centralized enterprise functions dedicated to key risk control areas, including the Conduct Management Office (Jan. 2017), Enterprise Data Management function (Sept. 2017) and Comprehensive Customer Remediation Group (Nov. 2017).