Today we honor folk-rocker Donovan and his signature song Sunshine Superman, which was profiled in the Wall Street Journal (WSJ) column Anatomy of a Song. The song was a love paean by the singer to “Linda Lawrence, his love interest, the song was recorded in December 1965 and released in July ’66, climbing to #1 in September.” When she first heard the song, while living in Los Angeles she “was home with my best friend Cathy when “Sunshine Superman” came on the radio. At the end, Cathy just looked at me, “Oh my God,” she said, “he still loves you.”” The fairy tale came true in 1971 when they were married.

Yet it was not the romantic angle on the song that intrigued me but the production. Donovan had written it for an acoustic guitar. His producer wanted a more mystic feel so he brought in “Tony Carr’s conga, Spike on acoustic bass and John Paul Jones on electric bass.” Even more amazingly he added a Jimmy Page electric guitar solo later so as Donovan noted, he had one-half of Led Zepplin on his song. It was this interconnectedness in the song’s production which caught my eye and introduces today’s look at the Wells Fargo Independent Directors of the Board of Wells Fargo & Company Sales Practices Investigation Report issued Monday. As I noted yesterday, there are multiple lessons to be garnered by the compliance practitioner from this matter. Today I want to turn to the corporate disciplines of Human Resources (HR), Internal Investigations and Audit as control function failures. I will save my special wrath for the law department and corporate risk management for Thursday.

Donovan’s Sunshine Superman leads as the demonstrative example of the interconnectedness of the Wells Fargo control failures. For the bank, it all started with the decentralized nature of the business units and the control functions which grew up to provide the support for them. The fraudulent conduct engaged in by Wells Fargo was euphemistically called “sales integrity” by the bank and that language was carried over into the investigative report. This decentralized nature did not allow HR to have visibility into the scope and nature of the fraud. This was despite the fact, “Almost all sales integrity cases and issues touched upon some facet of the HR function, including with respect to employee terminations, hiring, training, coaching, discipline, incentive compensation, performance management, turnover, morale, work environment, claims and litigations.” Yet, even within the HR function there was no effort to track or report on the fraud issues.

The second general issue was the deference given to the business units. Of course, the Community Bank unit was making tons of profit for the company but I am sure that had nothing to do with the fact the entire company seemed to employ an ostrich as its symbol. But it was even worse, as the Report noted, “This culture of deference was particularly powerful in this instance since Tolstedt was respected for her historical success at the Community Bank, was perceived to have strong support from the CEO and was notoriously resistant to outside intervention and oversight.”

Finally, was the ‘transactional’ approach to each issue around the fraud. Every control function managed to focus “on the specific employee complaint or individual lawsuit that was before them, missing opportunities to put them together in a way that might have revealed sales practice problems to be more significant and systemic than was appreciated.” The Report specified that HR had all the relevant information but failed to connect the dots. More pointedly, you cannot connect the dots if you are not looking to do so.

The problem at HR was two-fold. The first was that corporate HR had no oversight into problems of sales fraud because it had no oversight into the business unit. The Report stated that Community Bank “was not accustomed to involving Corporate HR in its discussions and decisions and was generally protective and defensive in keeping control of HR-related activities within the line of business.” The business unit controlled or cowed the Community Bank HR, even though the business unit HR was well aware of the sales fraud issues, from as far back as 2002 and “participated in efforts to stem the sales practices.” Yet during this entire period they never had the authority or resolve to do anything.

Internal Investigations was also aware of the sales fraud, apparently as far back as 2002. At least Internal Audit (IA) was not cowed by its reporting to the business unit. IA reported to various corporate functions including Audit, corporate HR and corporate Risk. Rather amazingly in 2004, “Internal Investigations was involved in the work of a sales integrity investigations task force, which also included representatives of Community Bank HR, Community Bank management and the Law

Department.” Internal Investigations called termed the fraudulent sales practices “gaming” and they prepared a report around their findings. The Internal Investigations report pointed to unrealistic sales goals and that employees felt they could not meet the goals without gaming the system. Presciently, the report “warned of the reputational risks for Wells Fargo, specifically, “[i]f customers believe that Wells Fargo team members are not conducting business in an appropriate and ethical manner, it will result in loss of business and can lead to diminished reputation in the community.”” Recall this Internal Investigations report was issued in 2004.

The report also specified there was an “incentive to cheat based on the fear of losing their jobs for not meeting performance expectations.” Internal Investigations also identified another data point which was disregarding. Demonstrating how the bank viewed terminated and departed employees, the company actively fought ex-employee attempts to obtain state of California employment benefits. The Internal Investigations report stated, “Wells Fargo had been losing unemployment insurance cases involving sales integrity terminations, in which judges “made disparaging comments” about the sales incentive system.” Finally, the report even benchmarked competitors which “significantly reduced their sales incentive employee terminations after revising their sales incentive programs.” The report ended by recommending “that Wells Fargo consider similarly reducing or eliminating sales goals for employees and removing the threat of employee termination if goals were not met.”

Internal Investigations did not fail as a control but when their report was forwarded to the then head of the unit, the Chief Auditor, he buried it. While he did report raw numbers to more senior management, he did not include any information on the root cause of the problem. Think about this final point in the context of the Department of Justice’s (DOJ) recently released Evaluation of Corporate Compliance Programs and its emphasis on root cause analyses.

IA comes in for discussion as this corporate function was (1) well aware of the problem, (2) did not believe it to be “an urgent problem” requiring IA to do anything, and most amazingly (3) thought the internal controls in place were working as they were turning up problems which were not the problem of IA to address. IA viewed controls as detect only, not to prevent or provide data to remediate.

The Report stated, “Audit witnesses also said that, as the third line of defense, Audit’s job was to ensure that the control environment established by the first (business) and second (Risk) lines of defense was appropriate. Audit personnel indicated that their focus was on testing the operation of specific processes and the processes’ effectiveness at managing the risks they were designed to control, but that they did not generally investigate root causes of risks; according to the witnesses, that task rests with the business, which they said has greater familiarity with the risk environment, better access to operational data and both proximity to and responsibility for its employees’ actions.”

If it seems like the inmates were running the asylum, remember those folks over in the Community Bank business unit were making money hand over fist for the bank. But the Report also demonstrates the interconnectedness of not only the sales fraud but its actual knowledge by multiple corporate functions with Wells Fargo. As none of these functions took responsibility for doing anything it appears the true culture of the bank was NMP as in Not My Problem. 

To listen to a YouTube version of Donovan signing Sunshine Superman, click here.


This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at

© Thomas R. Fox, 2017