Financial Law Blog

Updates on Banking Law, Investment Management Law, Securities Law, Commodities/Derivatives Law

Tag: Risk Governance Framework

Wells Fargo to pay $185 million in penalties to CFPB, OCC and Los Angeles for sales practices and risk management failures

Yesterday the OCC assessed a $35 million civil money penalty against Wells Fargo Bank, N.A. for risk management failures and retail sales practices. The CFPB assessed a $100 million penalty. The City Attorney of Los Angeles, Mike Feuer, whose 2015 lawsuit appears to have triggered the federal investigations, assessed a $50 million penalty in settlement in state court. The OCC found that Wells Fargo’s employee “incentive compensation program and plans … fostered … unsafe or unsound sales practices.” Specifically, thousands of Wells Fargo employees opened roughly 1.5 million deposit accounts and applied for roughly 565,000 credit card accounts for consumers, all of which may not have been authorized by the consumers. While the CFPB’s action focused on the underlying sales practices, the OCC’s action, as would be expected, focused on Wells Fargo’s risk management system.

What went wrong at Wells Fargo through the lens of the OCC’s Risk Management System (3 Lines of Defense) requirements

Frontline Units
  • “The Bank’s Community Bank Group failed to adequately oversee sales practices and failed to adequately test and monitor branch employee sales practices.”
Independent Risk Management
  • “The Bank lacked an Enterprise-Wide Sales Practices Oversight Program and thus failed to provide sufficient oversight to prevent and detect the unsafe or unsound sales practices”
  • “The Bank lacked a comprehensive customer complaint monitoring process that impeded the Bank’s ability to … assess customer complaint activity across the Bank … [and] analyze and understand the potential sales practices risk.”
Internal Audit
  • “audit coverage was inadequate because it failed to include in its scope an enterprise-wide view of the Bank’s sales practices.”

OCC releases guidance on corporate governance and the risk governance framework for supervised banks

The OCC released guidance today on corporate governance and enterprise risk management for OCC-supervised financial institutions. The document is a booklet which will be incorporated into the OCC’s Comptroller’s Handbook.

The guidance contains a discussion of expectations regarding board structure, committees, and the risk governance framework, integrating guidance which practitioners had been cobbling together from a variety of sources in the past.

The guidance also contains the OCC’s views on risk management systems (which are part of the “risk governance framework”) including the “three lines of defense” — front line units, independent risk management, and internal audit.

Powered by WordPress & Theme by Anders Norén