Today we honor folk-rocker Donovan and his signature song Sunshine Superman, which was profiled in the Wall Street Journal (WSJ) column Anatomy of a Song. The song was a love paean by the singer to “Linda Lawrence, his love interest, the song was recorded in December 1965 and released in July ’66, climbing to #1 in September.” When she first heard the song, while living in Los Angeles she “was home with my best friend Cathy when “Sunshine Superman” came on the radio. At the end, Cathy just looked at me, “Oh my God,” she said, “he still loves you.”” The fairy tale came true in 1971 when they were married.

Yet it was not the romantic angle on the song that intrigued me but the production. Donovan had written it for an acoustic guitar. His producer wanted a more mystic feel so he brought in “Tony Carr’s conga, Spike on acoustic bass and John Paul Jones on electric bass.” Even more amazingly he added a Jimmy Page electric guitar solo later so as Donovan noted, he had one-half of Led Zepplin on his song. It was this interconnectedness in the song’s production which caught my eye and introduces today’s look at the Wells Fargo Independent Directors of the Board of Wells Fargo & Company Sales Practices Investigation Report issued Monday. As I noted yesterday, there are multiple lessons to be garnered by the compliance practitioner from this matter. Today I want to turn to the corporate disciplines of Human Resources (HR), Internal Investigations and Audit as control function failures. I will save my special wrath for the law department and corporate risk management for Thursday.

Donovan’s Sunshine Superman leads as the demonstrative example of the interconnectedness of the Wells Fargo control failures. For the bank, it all started with the decentralized nature of the business units and the control functions which grew up to provide the support for them. The fraudulent conduct engaged in by Wells Fargo was euphemistically called “sales integrity” by the bank and that language was carried over into the investigative report. This decentralized nature did not allow HR to have visibility into the scope and nature of the fraud. This was despite the fact, “Almost all sales integrity cases and issues touched upon some facet of the HR function, including with respect to employee terminations, hiring, training, coaching, discipline, incentive compensation, performance management, turnover, morale, work environment, claims and litigations.” Yet, even within the HR function there was no effort to track or report on the fraud issues.

The second general issue was the deference given to the business units. Of course, the Community Bank unit was making tons of profit for the company but I am sure that had nothing to do with the fact the entire company seemed to employ an ostrich as its symbol. But it was even worse, as the Report noted, “This culture of deference was particularly powerful in this instance since Tolstedt was respected for her historical success at the Community Bank, was perceived to have strong support from the CEO and was notoriously resistant to outside intervention and oversight.”

Finally, was the ‘transactional’ approach to each issue around the fraud. Every control function managed to focus “on the specific employee complaint or individual lawsuit that was before them, missing opportunities to put them together in a way that might have revealed sales practice problems to be more significant and systemic than was appreciated.” The Report specified that HR had all the relevant information but failed to connect the dots. More pointedly, you cannot connect the dots if you are not looking to do so.

The problem at HR was two-fold. The first was that corporate HR had no oversight into problems of sales fraud because it had no oversight into the business unit. The Report stated that Community Bank “was not accustomed to involving Corporate HR in its discussions and decisions and was generally protective and defensive in keeping control of HR-related activities within the line of business.” The business unit controlled or cowed the Community Bank HR, even though the business unit HR was well aware of the sales fraud issues, from as far back as 2002 and “participated in efforts to stem the sales practices.” Yet during this entire period they never had the authority or resolve to do anything.

Internal Investigations was also aware of the sales fraud, apparently as far back as 2002. At least Internal Audit (IA) was not cowed by its reporting to the business unit. IA reported to various corporate functions including Audit, corporate HR and corporate Risk. Rather amazingly in 2004, “Internal Investigations was involved in the work of a sales integrity investigations task force, which also included representatives of Community Bank HR, Community Bank management and the Law

Department.” Internal Investigations called termed the fraudulent sales practices “gaming” and they prepared a report around their findings. The Internal Investigations report pointed to unrealistic sales goals and that employees felt they could not meet the goals without gaming the system. Presciently, the report “warned of the reputational risks for Wells Fargo, specifically, “[i]f customers believe that Wells Fargo team members are not conducting business in an appropriate and ethical manner, it will result in loss of business and can lead to diminished reputation in the community.”” Recall this Internal Investigations report was issued in 2004.

The report also specified there was an “incentive to cheat based on the fear of losing their jobs for not meeting performance expectations.” Internal Investigations also identified another data point which was disregarding. Demonstrating how the bank viewed terminated and departed employees, the company actively fought ex-employee attempts to obtain state of California employment benefits. The Internal Investigations report stated, “Wells Fargo had been losing unemployment insurance cases involving sales integrity terminations, in which judges “made disparaging comments” about the sales incentive system.” Finally, the report even benchmarked competitors which “significantly reduced their sales incentive employee terminations after revising their sales incentive programs.” The report ended by recommending “that Wells Fargo consider similarly reducing or eliminating sales goals for employees and removing the threat of employee termination if goals were not met.”

Internal Investigations did not fail as a control but when their report was forwarded to the then head of the unit, the Chief Auditor, he buried it. While he did report raw numbers to more senior management, he did not include any information on the root cause of the problem. Think about this final point in the context of the Department of Justice’s (DOJ) recently released Evaluation of Corporate Compliance Programs and its emphasis on root cause analyses.

IA comes in for discussion as this corporate function was (1) well aware of the problem, (2) did not believe it to be “an urgent problem” requiring IA to do anything, and most amazingly (3) thought the internal controls in place were working as they were turning up problems which were not the problem of IA to address. IA viewed controls as detect only, not to prevent or provide data to remediate.

The Report stated, “Audit witnesses also said that, as the third line of defense, Audit’s job was to ensure that the control environment established by the first (business) and second (Risk) lines of defense was appropriate. Audit personnel indicated that their focus was on testing the operation of specific processes and the processes’ effectiveness at managing the risks they were designed to control, but that they did not generally investigate root causes of risks; according to the witnesses, that task rests with the business, which they said has greater familiarity with the risk environment, better access to operational data and both proximity to and responsibility for its employees’ actions.”

If it seems like the inmates were running the asylum, remember those folks over in the Community Bank business unit were making money hand over fist for the bank. But the Report also demonstrates the interconnectedness of not only the sales fraud but its actual knowledge by multiple corporate functions with Wells Fargo. As none of these functions took responsibility for doing anything it appears the true culture of the bank was NMP as in Not My Problem. 

To listen to a YouTube version of Donovan signing Sunshine Superman, click here.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2017

Today, we celebrate The Eagles most famous song, Hotel California. It all started with a Don Felder cord progression and according to the Financial Times (FT) column The Life of a Song, it had a “fusion of Hispanic melody and soft reggae beat.” With Joe Walsh recently added to the group, it ended up as dueling guitar solos and double axe grinder that came in at six and one-half minutes. The song addressed “the issue of America’s slow implosion into decadence” most particularly through its “gnomic last line echoing from 40 years ago, “You can check out, but you can never leave.” That line may be more relevant today than it was in 1976.

I thought about Hotel California and that final line when I read the “Independent Directors of the Board of Wells Fargo & Company Sales Practices Investigation Report” issued on April 10, 2017. It is truly one of the most damning reports of complete corporate failures around ethics and culture that has recently been seen. The report leaves aside the company’s current policy of fighting tooth and nail whistleblower awards, so that issue aside, the report is unsparing for every group at the company. Yet buried with the 110 pages are numerous lessons for the compliance practitioner which I will be exploring over the next few days. Today, I will present the executive summary of the report and then discuss the failure in the corporate functions which caused or contributed the catastrophic failure.

The internal investigation was headed by the law firm of Shearman & Sterling LLP, who were assisted by FTI Consulting, Inc. (FTI). The principal findings were “the root cause of sales practice failures was the distortion of the Community Bank’s sales culture and performance management system, which, when combined with aggressive sales management, created pressure on employees to sell unwanted or unneeded products to customers and, in some cases, to open unauthorized accounts. Wells Fargo’s decentralized corporate structure gave too much autonomy to the Community Bank’s senior leadership, who were unwilling to change the sales model or even recognize it as the root cause of the problem. Community Bank leadership resisted and impeded outside scrutiny or oversight and, when forced to report, minimized the scale and nature of the problem.”

However, with any catastrophic failure, there were numerous other control and human failures leading to the fraud. John Stumpf, the former Chief Executive Officer (CEO), “was too slow to investigate or critically challenge sales practices in the Community Bank. He also failed to appreciate the seriousness of the problem and the substantial reputational risk to Wells Fargo.” There was also a catastrophic failure of the company’s control functions, specifically Human Resources (HR), internal audit and legal. They all apparently had one response to the knowledge something was very wrong: Not My Job!

The decentralized structure of the organization led to a silo mentality. However, it was not around data and information where this silo effect was so detrimental but the deference given the business units. The report went on to state, “a transactional approach to problem-solving obscured their view of the broader context. As a result, they missed opportunities to analyze, size and escalate sales practice issues.” Moreover, this decentralized nature led to a conflict between the business unit which engaged in fraud, Wells Fargo’s Community Bank group and the company’s self-espoused cultural values of not breaking the law.

One of the most troubling revelations from the report was that the fraud engaged by the bank did not begin in the 2009-time frame but much earlier, as far back as 2002. The culture in the Community Bank group, headed by now disgraced former bank officer Carrie Tolstedt, to tolerate not only any dissent but even anyone raising questions about the number of bank employees who were caught opening fraudulent accounts and were terminated for their troubles to meet the sales goals. The report stated, “Tolstedt and certain of her inner circle were insular and defensive and did not like to be challenged or hear negative information. Even senior leaders within the Community Bank were frequently afraid of or discouraged from airing contrary views. Tolstedt effectively challenged and resisted scrutiny both from within and outside the Community Bank.”

Worse for Wells Fargo was that Tolstedt felt empowered and invulnerable enough to outright lie to the Board of Directors as to the scope of the problem. The report stated, with considerable lawyer-speak understatement, Tolstedt’s “written and oral presentations made to the Risk Committee in May 2015 and to the full Board in October 2015 were inadequate.” She even managed to dissemble to the entire Board, as the report noted, “A subsequent report to the entire Board by Tolstedt in October 2015 was widely viewed by directors as having minimized and understated problems at the Community Bank.”

In an amazing admission, the Board was not aware that over 5,300 employees had been terminated for engaging in fraud. The Board was told as late as mid-2016, the number of Wells Fargo employees terminated was under 3,000 and it was not until September 8, 2016 “through settlements with the Consumer Financial Protection Bureau (the “CFPB”), the Office of the Comptroller of the Currency (“OCC”) and the Los Angeles City Attorney, the Board learned for the first time that approximately 5,300 Wells Fargo employees had been terminated for sales practice violations between January 1, 2011, and March 7, 2016.”

There was a corporate culture in the Community Bank group that run absolutely amok. There was no person in that business unit who could or did stand up and say something is wrong here. Indeed, it now appears the business unit was able to effectively circle the wagons and engage in a massive fraud for over 10 years with no person or group within the company investigating the issue of the creation of fraudulent accounts.

One name not mentioned was that of Wells Fargo’s Chief Compliance Officer (CCO), Yvette Hollingsworth Clark. Although perhaps not too surprising given the widespread nature of the fraud and the apparent lack of ability and will to do anything about it. I did find one fact quite telling about how Wells Fargo viewed compliance. On her LinkedIn profile, Clark says she “Direct(s) the enterprise-wide regulatory compliance framework for diversified financial services company with 42 global locations and $1.9 trillion in assets.” To accomplish such a lofty goal, Ms. Clark has a compliance department of seven direct reports. I wonder how the Department of Justice (DOJ) would view that commitment to a culture of compliance?

Remember, “You can check out, but you can never leave.”

To listen to a YouTube clip of The Eagles playing Hotel California, click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2017

Joseph Heller’s Catch-22 is one of the most famous books and movies from the second half of the 20th century. While it may  not seem apparent on first blush, it has several lessons for the Chief Compliance Officer (CCO) to learn going forward. In an article in Doc Daneeka’s Tent, entitled “Readings from Catch 22: Staff Lessons, Part One”, there were several which focused on the seeming insanity of the book.

Lesson 1: Beware the Snowball Impact of Seemingly Innocuous Statements

This lesson focused on a simple phone conversation which culminates in a circular loop of General Officer prank calls, but the primary lesson is found in a single sentence: Communications answered that T.S. Eliot was not a new code or the colors of the day.” As the author noted, “Your rank or position and the echelon at which you serve can all contribute to the impact that an offhand comment or inaccurate statement can have. In a hierarchical organization like the military the tendency is to treat information from higher as true unless proven otherwise. As a staff officer you owe the organizations and leaders below you the due diligence of verifying the information you disseminate. Incomplete truths can be as, if not more damaging than false statements. The higher in the food chain you are the smaller the statement or error needs to be for significant consequences to occur.”

Lesson 2: Find Your Subject Matter Expert        

Another early lesson for the senior staff was to find a subject matter expert (SME). In this case it was a Private, PFC Wintergreen, an expert on ice cream. The author noted, “Within your staffs there will be multiple Ex-P.F.C. Wintergreens at each echelon. Take the time early on in your assignment to develop these relationships, and you will save yourself potential hours of frustration in the future. To be clear – I am not making an argument for circumventing the chain of command or trying to start a discussion on formal vs. informal power structures. Rather, a good staff officer knows who they can rely on for accurate information when they absolutely need it and need it now. This Ex-P.F.C. Wintergreen could come in the form of a subject matter expert, or another staff officer positioned closer to the center of the information flow.”

Lesson 3: Be Professional

We have all been in situations where a more senior leader did not like us personally or did not fully appreciate our talents. However, “when you are in the situation of working on a staff directly for someone who dislikes everything about you personally. There are no quick and easy solutions. Hope is not a course of action, but hopefully that superior is able to separate the personal and the professional and you should make every effort to as well. This is a topic on which entire books can be published and I am only dedicating a paragraph. In the event they tend to discard every issue or idea you bring to them, a method for moving your ideas forward in the organization is to have a peer bring them to your boss’s attention. Of course, you will not get the credit you deserve, but if you are strongly committed to advancing something you believe in then the indirect approach via a third party may very well be the only effective option.”

Lesson 4: Keep Your Perspective

The author ended with the following, “I think an important lesson from the entirety of Catch-22 is not to lose your sense of humor and perspective. There will come a point on any staff you are a part of where you will find yourself in the middle of carrying out a task you find to be completely absurd, the people around you find absurd, and more than likely the individual who directed it finds it absurd as well. However, you will all continue to carry out the task. There is a difference between laughing at the situation and complaining about it. Complete the task, and make a note to see if there is a better alternative path to take in the future. Then go home, cross out the name of a character in Catch-22, replace it with the name of an individual in your organization who fits the profile, and take pleasure in how the story reads just as well the second me.”

Steve Wood, writing in his Steve on Leadership blog, in a post entitled “So Much Older Then, Younger Now,  took a difference focus by looking at the lessons through the lens of leadership paradoxes. There will certainly resonate with a CCO. He posed some “common paradoxes leaders face”:

  1. I want to trust what my team does and I need to verify what they do.
  2. I want to inspire my team with my charisma and be humble.
  3. I want to use consensus and be decisive so the team has confidence in me.
  4. I want to be liked as a friend by my team and keep my distance so I can provide constructive feedback.
  5. I want to effectively manage my time and be flexible to listen to the needs of my team.
  6. I want to directly communicate areas that need improvement with my team members and be diplomatic so as not to hurt their feelings.

Wood recommends you resolve such paradoxes by writing them down and then begin to work through them with your team, stating, “I suggest leaders engage appropriate team members in discussions about the paradox. The leader’s job is to think about and write questions that help teams solve the paradox. The goal is to arrive at solutions that satisfy both ends of the “and” or “but” statement. Unfortunately, leaders don’t often prepare properly for these discussions and, as a result, develop strategies that only satisfy one half of the paradox.”

Catch-22 provides some interesting, if non-obvious leadership questions and lessons. My suggestion is you watch the movie or better yet read the book and enjoy all the contradictions. You will be entertained.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2017

In this episode, Jay and I have a wide-ranging discussion on some of the week’s top FCPA and compliance related stories. We discuss:

  1. Wrap up from the SCCE European Compliance and Ethics Institute.
  2. SEC Unit Chief Kara Brockmeyer announces her retirement. Click here for Matt Kelly’s article on Radical Compliance.
  3. Wal-Mart announces its 2016 spend on its FCPA investigation and remediation of $99MM. Click here for Matt Kelly’s article on Radical Compliance.
  4. Upjohn warnings after the Yates Memo. See article the Grand Jury Target blog.
  5. Report on OECD Integrity Forum. Allison Taylor writes in the FCPA Blog.
  6. Astros, Red Sox and Dodgers all lead their divisions.
  7. Jay previews his weekend report.

In this episode Matt Kelly and I take a deep dive into the recent kerfuffle involving United Airlines and its policy which prevented to teenaged girls from boarding a flight wearing leggings. Was United within its rights to exclude the passengers for inappropriate dress? Is the policy valid? Did the gate agent receive appropriate training to make their decision? In the world of today, social media accelerates the ability to judge, without improving the ability to judge. For ethics & compliance officers, that means every compliance risk is now magnified into a reputation risk. Finally, we consider Matt’s closing sentence, “Training, values, culture, judgment. Funny how those four things keep cropping up, isn’t it?” and what it means for compliance.

For more insight, read Matt’s blog post, “United’s Policy Management Lessons