Last week, the Consumer Financial Protection Bureau (CFPB) announced a settlement agreement where Wells Fargo will pay $185 million in fines for alleged unlawful sales practices during the past five years. While many news outlets have reported about the fines and fired employees, many unanswered questions remain.
The CFPB announcement described how the fraud worked:
"Spurred by sales targets and compensation incentives, employees boosted sales figures by covertly opening accounts and funding them by transferring funds from consumers’ authorized accounts without their knowledge or consent, often racking up fees or other charges... thousands of Wells Fargo employees illegally enrolled consumers in these products and services without their knowledge or consent in order to obtain financial compensation for meeting sales targets..."
To perpetuate the unlawful activities, employees allegedly created bogus email accounts, and both issued and activated debit cards associated with the secret accounts. Then, employees also created PIN numbers without customers' knowledge nor consent:
"... employees opened roughly 1.5 million deposit accounts that may not have been authorized by consumers. Employees then transferred funds from consumers’ authorized accounts to temporarily fund the new, unauthorized accounts. This widespread practice gave the employees credit for opening the new accounts, allowing them to earn additional compensation and to meet the bank’s sales goals... employees applied for roughly 565,000 credit card accounts that may not have been authorized by consumers. On those unauthorized credit cards, many consumers incurred annual fees, as well as associated finance or interest charges and other fees..."
The Consent Order (Adobe PDF) described the unlawful sales activities in greater detail:
"[Wells fargo's] analysis concluded that its employees opened 1,534,280 deposit accounts that may not have been authorized and that may have been funded through simulated funding, or transferring funds from consumers’ existing accounts without their knowledge or consent. That analysis determined that roughly 85,000 of those accounts incurred about $2 million in fees, which [Wells Fargo] is in the process of refunding... [Wells Fargo's] analysis concluded that its employees submitted applications for 565,443 credit-card accounts that may not have been authorized by using consumers’ information without their knowledge or consent. That analysis determined that roughly 14,000 of those accounts incurred $403,145 in fees, which Respondent is in the process of refunding. Fees incurred by consumers on such accounts included annual fees and overdraft-protection fees, as well as associated finance or interest charges and other late fees..."
The numbers are shocking: 1.5 million secret checking accounts created; $2 million in fees generated by 85,000 secret checking accounts generated; 565 thousand secret credit-card accounts; $403 thousand in fees generated by 14,000 secret credit-card accounts; and 5,300 employees fired due to the unlawful sales activities.
The Consent Order also stated:
"... (3) enrolled consumers in online banking services that they did not request... 12. Respondent’s employees used email addresses not belonging to consumers to enroll consumers in online-banking services without their knowledge or consent..."
This suggests that the employees knowingly attempted to circumvent the bank's internal systems designed to provide alerts and confirmation messages to customers about new accounts, and perhaps, targeted customers who weren't Internet-savvy or were perceived to be less likely to notice changes. That raises ethical issues. Also, 12 percent of consumers are "under-banked," the industry term for people with a bank account, but don't have both savings and checking accounts (and use some other payment method outside the banking system). If that ratio applies to the bank's customers, then this group was targeted, too. About 43 percent of consumers with both smartphones and bank accounts use online banking services. So, the 57-percent group of non-users were targeted, too.
Terms of the settlement agreements require the bank to pay full restitution to all victims, pay a $100 million fine to the CFPB’s Civil Penalty Fund, hire an independent consultant to review its procedures to prevent improper sales practices, pay a $35 million penalty to the Office of the Comptroller of the Currency (OCC), and pay $50 million to the City and County of Los Angeles. Additional terms require the bank to hire within 45 days of the Consent Order a consultant to independently audit the bank's processes.
Within 180 days after hiring a consultant, a written report reviewing of the bank's processes must be submitted to the bank's board of directors. Within 90 days after that, the Board and consultant must develop a compliance plan to correct problems and explain why each action is the plan is accepted or rejected. The compliance plan must be submitted to the CFPB for review.
The settlement terms suggest that the banks internal controls may be unreliable, employees and management were unreliable, or both. Context matters.
During the past five years while the unlawful sales activities occurred, Wells Fargo paid in 2011 an $85 million civil penalty to settle allegations that its employees steered potential prime borrowers into more costly subprime loans and separately falsified income information in mortgage applications. In 2015, Wells Fargo was one of four banks that paid $2.7 million to settle allegations of violations of Massachusetts foreclosure law and the Massachusetts Consumer Protection Act by illegally foreclosing upon Massachusetts residents’ homes when the banks lacked the legal authority to do so. Last month, the bank was fined $3.6 million for illegal practices while servicing private student loans.
Some customers noticed the unauthorized accounts, complained, and have moved their money to other banks or to credit unions. Wells Fargo issued a statement which said it had already prepared $5 million to refund to customers:
"The amount of the settlements, which Wells Fargo had fully accrued for at June 30, 2016, totaled $185 million, plus $5 million in customer remediation... Wells Fargo is committed to putting our customers’ interests first 100 percent of the time, and we regret and take responsibility for any instances where customers may have received a product that they did not request. Our commitment to addressing the concerns covered by these agreements has included:
- An extensive review by a third party consulting firm going back into 2011, which we completed prior to these settlements. The review included consumer and small business retail banking deposit accounts and unsecured credit cards opened during the period reviewed;
- As a result of this review, $2.6 million has been refunded to customers for any fees associated with products customers received that they may not have requested. Accounts refunded represented a fraction of one percent of the accounts reviewed, and refunds averaged $25;
- Disciplinary actions, including terminations of managers and team members who acted counter to our values;
- Investments in enhanced team-member training and monitoring and controls;
- Strengthened performance measures that are tied to customer satisfaction, loyalty and ethics; and
- Sending customers a confirming email within one hour of opening any deposit account, and sending an application acknowledgement and decision status letter after submitting an application for a credit card.”
That last item is troubling. It suggests that the bank's existing processes didn't provide confirmation emails within one hour, or did so inconsistently, or failed to do so entirely. Both traditional and online banking customers deserve prompt, consistent confirmation notices. This suggests that the bank's system may not be state-of-the-art.
During my career, I built websites in a variety of industries, including financial services, with usability best practices. Well built sites (and apps): a) provide immediate, consistent confirmation email and messages, b) provide postal confirmations for customers without email or online banking services, c) send confirmation emails to both new and old email addresses when there are changes, d) display confirmation messages (about any profile changes) to online customers after sign-on, and e) provide online customers with the option to consolidate multiple accounts (e.g., mortgage, educational loan, checking, savings, money market, credit line, credit card, etc.) under a single sign-on.
If the bank's online site and systems contained these tasks and features but were deactivated, then it suggests broader problems beyond the sales department. If the tasks weren't built or were partially built, then hopefully the compliance report and/or the CFPB review will address them.
Kudos to the CFPB, the OCC, and local Los Angeles government for holding Wells Fargo accountable; and for a correction plan with a detailed schedule and deadlines. It seems unwise to trust the bank to correct things on its own. Yet, many questions remain unanswered:
- What other tasks in the user experience (e.g., new account, new/edited/additional email address, new/edited account profile elements, etc.) did the bank's systems fail to provide prompt, consistent confirmation messaging to customers (e.g., traditional offline, online banking)?
- How exactly did these illegal sales activities and secret accounts go undetected for so long?
- What was the average lifespan of a secret account? Were they permanent? Or were they temporary -- open long enough for employees to collect the compensation, and then closed? If the latter, it is disturbing how internal systems failed to notice the account churn.
- What percentage of the fired employees were managers? And, will more employees be fired?
- Will the bank "claw-back" bonuses from employees (e.g., fired, still employed) who benefited from the unlawfully sales activities? And why or why not?
- Were any fired employees prosecuted? And why or why not?
- The restitution amounts seem to focus upon only fees. If the bank's employees transferred their money from interest-bearing accounts to set up the secret credit card and checking accounts, then some customers lost interest. This seems likely since we know that 12 percent of consumers are under-banked (e.g., have a checking or savings account, but not both). Did the bank conduct a forensic audit to determine the customers and lost interest amounts? That could be substantial over five years with compounding. Then, the $5 million restitution amount set aside would be insufficient.
- Are any of the fines tax deductible? Prior wrongdoing by banks often resulted in fines that were tax deductible. This meant the banks wrote off the fines to decrease their taxes, and taxpayers took it on the chin to make up any tax revenue shortfalls. That's not right, since taxpayers didn't commit any unlawful acts.
What are your opinions? If you are a Wells Fargo customer, what was your experience? What questions do you have?