You may not recognize the full name, John Warren Geils Jr., but you probably do recognize the name J. Geils, as in the J. Geils Band, who died this week. J. Geils was ubiquitous in the 70s and early 80s with, as noted by an article in Rolling Stone, “a slew of albums during the Seventies and early Eighties. With vocalist Peter Wolf at the helm, the band became best known for singles like “Centerfold,” “Love Stinks,” “Come Back” and “Freeze-Frame,” which have since become rock radio mainstays.” The article said, “Wolf shared a short message about his former bandmate, writing, “Thinking of all the times we kicked it high and rocked down the house! R.I.P. Jay Geils.””

Geils’ death ends a feel-good band from a feel-good era of music and seems and appropriate way to conclude my look at the “Independent Directors of the Board of Wells Fargo & Company Sales Practices Investigation Report” (Rep ort) which was issued earlier this week. I want to consider the role of the legal department, the Corporate Risk Department and the lessons for the compliance professional going forward. Earlier this week, I consider the structural and control failures which contributed to the fraudulent accounts opened by the bank.

The compliance function is the easiest to discuss. Do a word search in the 110-page Report and you will find the bank’s Chief Compliance Officer (CCO) mentioned once. That is probably enough alone to tell you how and why the scandal occurred. It was not that compliance did not have a seat at the table. They did not even have a corner in the house to stand in and watch the bank’s illegal conduct.

The legal department suffered from the same decentralization as the other corporate control functions. As the Report noted, the law department had three periods of involvement with the fraudulent sales issue. The first, prior to 2013, related to “the Employment Law Section of the Enterprise Services Division encountered sales integrity issues as they worked with Human Resources personnel on terminations”. The second was between the LA Times expose in 2013 and Los Angeles country’s lawsuit against the bank in May 2015. The third was post lawsuit filing, “Litigation & Workout Division of the Law Department attempted to assess and manage Well Fargo’s exposure, including by engaging PwC to quantify the scope of the issues in terms of customer harm and potential damages.”

In the period up to mid-2013, the legal department work with the Human Resources (HR) group in “an advisory capacity in investigations, decisions regarding terminations and discussions regarding the application of Wells Fargo’s fidelity bond’s proscription against “dishonest acts.”” While the law department was not brought into to every termination, the group was part of cross-functional teams “set up to address sales integrity issues, and, in that context, lawyers identified and conveyed concerns about “reputational risk” to the Section head.” Later, groups in which law department personnel participated included one around the banks’ fidelity bond, obviously impacted by the fraudulent sales issue (which was at one time called ‘gaming’). The Report noted, “task force decided to “better educate our team members about gaming … and then hold them strictly accountable.” Its work led to the roll out of a new sales integrity training program and a reaffirmed understanding that manipulation and dishonesty were inconsistent with Wells Fargo’s core values, and compromised Wells Fargo’s integrity as an institution entrusted with its customers’ assets.”


In 2011, another “recurrence of sales integrity events led employment lawyers to recognize sales pressure in the Community Bank environment as a root cause of gaming cases. Lawyers in the Employment Law Section and the Deputy General Counsel responsible for the Section also began to recognize the existence of significant reputational risk to Wells Fargo arising out of sales integrity issues, particularly mass gaming cases.” Another bank task force was convened to review the sales integrity issue. The Report stated, “Again in this context, members of the Law Department recognized reputational concerns.” Think about this sentence for a minute, even the lawyers recognized the reputational risk.

In the period between publication of the LA Times exposure on the fraudulent accounts and the City of Los Angeles lawsuit, the legal department “conveyed to the Risk Committee and the Board in 2014 as a ‘noteworthy risk’” but for some reason the legal department did not identify legal risks to the bank, including, “a cascade of civil litigation, regulatory action from a host of federal and state agencies and the resulting serious harm to Wells Fargo’s reputation.” However, the information was so damaging that the Bank’s General Counsel (GC) was briefed, together with the Bank’s Chief Risk Officer (CRO). Yet after this briefing the GC did not escalate the issue any further.

After the City of Los Angeles filed its lawsuit, the legal department did what legal departments are best at, it went into full defensive mode and circled the wagons to defend the company. The Report stated, “The Law Department’s focus was principally on quantifiable monetary costs — damages, fines, penalties, restitution.” Yet even in its tradition role, the Wells Fargo legal department dropped the ball as it was confident the litigation costs and any attendant fines and penalties “would be relatively modest”. The bottom line was “the Law Department did not appreciate that sales integrity issues reflected a systemic breakdown in Wells Fargo’s culture and values and an ongoing failure to correct the widespread breaches of trust in the misuse of customers’ personal data and financial information.”

As bad as the legal department’s failures were, it was Wells Fargo’s corporate risk function which had the greatest control failure for this group and housed the company’s compliance function. Yet up until 2007, this group “focused on AML/BSA compliance and compliance with consumer credit, home mortgage disclosure and other laws. Integrity was not within its remit. The CRO added compliance to his remit in 2010 but the report noted, “The CRO did not have any line authority or directive power to enforce changes on the lines of business. He could, and did, try to exercise his influence to encourage the businesses to address risk issues and to air them more broadly within the bank.” He could only “escalate issues.” This denuded compliance function reached down into the group role of risk at the Community Bank group who did not feel their job was to address integrity issues.

To emphasize the extent that the group compliance function was worse than toothless, the Report noted that the when the CRO was told about the “high sales pressure” that led to the sales integrity issue the CRO passed this information to the group’s compliance representative; that compliance representative was told to “toe the line” and not to speak to the CRO. Who made that demand? Community Bank head Carrie Tolstedt. After the LA Times story, Tolstedt even criticized the compliance function for attempting to get internal information on the sales practices.

Even after the LA Times story and City of Los Angeles lawsuit, the compliance function, embedded within corporate risk, was “hampered to some extent by the absence of a formal governance structure for exercising oversight.” In other words, because their charter did not allow them compliance oversight, individual business units such as Community Bank and its overseer, Tolstedt, could simply refuse to cooperate with it going forward.

Lessons Learned

There are multiple lessons for every CCO, compliance professional, Board of Directors, compliance committee, compliance department and Executive Leadership Team (ELT) from the Wells Fargo fraud and this Report. The first lesson is that everything is tied together. The Department of Justice (DOJ) Evaluation of Corporate Compliance Programs focused on the operationalization of compliance. Wells Fargo is the flip side, there was no operationalization of compliance. But more than simply not being in burned into the fabric of the organization, the structure of the company did not allow compliance to even see into the bank’s illegal practices. A decentralized corporate structure can and does work for many businesses, yet it must have control oversight, which was clearly not present at Wells Fargo. If a corporate structure is so unwieldy that compliance cannot have oversight the simple fact is the structure must be tightened up.

The Wells Fargo fiasco should end (yet again) once and for all time who a CCO should report to. They must report directly to the Board of Directors. The Wells Fargo law department and HR functions, the two corporate functions with the most knowledge of the negative impacts of the high pressure sales requirements which led to the illegal tactics, did not view it as their role to bring up integrity or even culture issues. Remember the Wells Fargo legal department identified the reputational risk to the bank from the high number of litigation, unemployment claims and ancillary legal issues. Yet the CRO did nothing about it when he was briefed on it. When the City of Los Angeles filed its lawsuit, the legal department did what legal departments do, they circled the wagons to defend the company. A legal department does not exist to prevent, detect and remediate. It exists to protect the entity from all attacks; even if those attacks are merited.

The corporate compliance function must be given a governance charter which allows it to provide oversight and the ability to prevent, detect and remediate illegal and unethical conduct. The compliance function cannot be over-ridden by a business unit head who tells the group compliance representative not to speak with the head of the compliance function.

There are many other lessons to be learned from this matter and actions Wells Fargo can take to remediate its culture, structure and values; all of which led to the illegal conduct. However, some of the issues I have explored this week should provide insight to a CCO or compliance practitioner on how to move forward to structure the compliance function and inculcate their compliance program into a company.

While you are considering these issues, fire up some J. Geils on the YouTube links below:

Centerfold, click here.

Freeze-Frame, click here.

Love Stinks, click here.

Musta Got Lost, click here.


This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at

© Thomas R. Fox, 2017