News & Press: Compliance

In hearing on Wells Fargo scandal, AML-style data analytics come into play

Thursday, September 22, 2016   (0 Comments)
Posted by: Brian Monroe
Share |

  

By Brian Monroe
bmonroe@acfcs.org
September 22, 2016

In a US congressional hearing this week excoriating one of the country’s largest banks for consumer protection failures, statements revealed the institution borrowed some of the monitoring and data analytics tactics typically used by financial crime compliance teams in order to uncover employees opening unauthorized accounts to meet sales goals.

Those are just some of the key details revealed during a tense, vitriolic senate hearing before the Senate Committee on Housing, Banking and Urban Affairs, in which San Francisco-based Wells Fargo had to explain to lawmakers how it allowed thousands of employees over a five-year period to create more than two million unauthorized deposit and credit card accounts. Referred to as "widespread illegal practice[s]" by the US Consumer Financial Protection Bureau (CFPB), these actions resulted in a $185 million multi-agency penalty, including a $100 million fine by the CFPB, the largest ever imposed by that regulator.

As well, the hearing, which put federal regulators in charge of the bank on a seat nearly as hot as the bank itself, yielded a glimpse into new strategies, tactics and divisions created by regulatory bodies in recent years that will have a direct bearing on current and future bank examinations outside of consumer protection, including anti-money laundering (AML) programs.

It also spotlighted a persistent compliance challenge for many companies: how to create and oversee sales goals and incentive programs that are not working at cross purposes with the organization's own financial crime compliance requirements, whether related to anti-bribery, fraud or consumer protection.

In its statements to Congress, the U.S. Treasury’s Office of the Comptroller of the Currency (OCC), which oversees the nation’s largest and most complex banks, used similar language as it has in AML penalties, noting that the consumer protection failures were violations of the bank’s overarching “safety and soundness” duties, and revealed extensive gaps in Wells Fargo’s compliance risk management procedures.

To address those and other issues, Comptroller Thomas Curry stated the agency has created two new divisions, one a committee focusing on enforcement actions against large banks and in the last year another on compliance and consumer affairs, that “reflect the significance” of AML risks and consumer protection deficiencies and stress how the regulator is giving larger banks even more scrutiny and requiring “heightened standards” in these areas.  

Sales and incentive structures remain trouble area for compliance

In many large institution compliance structures, financial crime departments use sophisticated transaction monitoring and data analytics to focus on threats outside the bank – such as money launders, terror groups, fraudsters and hackers – but may have little insight into the unethical or illegal practices of sales operations.  

One of the ways banks can ward off troubles tied to sales strategies and products is to have an AML or other compliance officer in the room when these initiatives are being discussed, to better dissect ethical, fraudulent or criminal implications, said Mike Scher, senior editor at the FCPA blog, attorney and a former financial crime compliance officer at a major money center financial company.

The compliance officer is “an internal control,” he said, adding that a compliance professional who actively knows certain business lines very well can “listen to the formulations of these incentive cross-selling products and tick off in their mind what could go wrong here. They can discuss those issues with business managers and implement some safeguards.”

Being called before Congress is a “worst case scenario” for a bank, Scher said.

“The biggest damage for a bank is a scandal in the headlines because it really tarnishes the reputation. When you are in an industry like banking, you really need to have the public trust. And you can expect the public after a decade of bank problems saying to their elected representatives that they must be protected.”

New sales oversight, analytics to counter ‘simulated funding’

Wells Fargo Chief Executive Officer John Stumpf, in defense of the bank he has worked for 35 years, described how it tried to create new dedicated sales oversight teams, used new monitoring programs and engaged in new data analytics to better handle when the cross-selling of products to customers crosses over into the realm of “simulated funding.”

That term describes a “prohibited practice where an employee creates a customer account then funds it in order” to make it seem the customer had done it, according to his statement.

For example, in 2011, Wells Fargo created a dedicated team, now called the Sales and Service Conduct Oversight Team, to engage in “proactive monitoring of data analytics, specifically for the purpose of rooting out sales practice violations.”

In 2013, the team began its first proactive analysis of “simulated funding” across the retail banking business, reviewing employee-level data around account openings, Stumpf said.

“Based on the original proactive monitoring, our Internal Investigations team began an intensive investigation into simulated funding activity in the Los Angeles and Orange County markets. As a result of these investigations, we terminated team members for sales integrity issues,” he said, adding that the simulated funding investigation was later widened to the entire country.

Moreover, in 2013, Wells Fargo created a new “cross-functional oversight” team for retail banking sales integrity issues “comprised of representatives from our Sales and Services Conduct Oversight Team, Corporate Investigations, Human Resources, Employee Relations, and the Law Department,” attempting to take a more converged approach.  

Those moves coincided with more training and changes to incentive plans, including “substantially lowered incentive compensation goals for new team members,” according to Stumpf.

In another parallel to AML remediation work, which in many instances involves a transactional lookback to find any missed suspicious activity, the bank used an outside party to find potentially missed instances of customers being taken advantage of through forensic data analytics.

Wells Fargo in August of 2015 began working with a third-party consulting firm, PricewaterhouseCoopers (PwC), to evaluate deposit products, unsecured credit cards, and other services from 2011-2015 to determine whether “customers may have incurred financial harm …from having been provided an account or service they may not have requested.”

Since the investigation began, and as a result of the penalty and related remediation efforts, the bank has taken a bevy of steps to improve consumer compliance, including:

  • Establishing an enterprise Sales Conduct Risk Oversight Office, reporting into the Chief Risk Officer, and coordinating with the OCC on sales conduct risk.
  • Creating an enhanced branch compliance program, monitoring sales practice violations through data analytics and branch visits.
  • Notifying customers via email within one hour of account opening to confirm the account, and contacting all customers with open but inactive credit cards to confirm the credit card account was authorized.
  • Revising procedures for credit cards to require applicants to consent before a credit report is pulled.

OCC creates new operations tied to AML, consumer enforcement

In a glimpse of some of the insider baseball going on at the OCC to strengthen exams, oversight and enforcement, Curry stated in recent years he has fostered the creation of two new divisional areas, the Major Matters Supervision Review Committee and the Compliance and Community Affairs unit.

The Major Matters committee is “comprised of my most senior and expert executives to review major supervisory matters,” he stated in prepared testimony, adding that the goal of the committee is to ensure that enforcement actions are both fair and consistent.

The matters that must be brought before the committee include “all enforcement actions against large banks (informal and formal) based on safety and soundness,” including ”all large bank enforcement actions that include articles addressing the Bank Secrecy Act (BSA)" and “all enforcement actions against any bank based in whole or in part on unfair or deceptive acts."

The comptroller, earlier this year, established Compliance and Community Affairs (CCA), a new business unit within the OCC’s organizational structure.

The CCA, led by a Senior Deputy Comptroller, is “separate from the existing supervisory units and is charged with addressing all aspects of compliance and community affairs,” Curry stated in his prepared testimony.  “The assignment of these responsibilities to one unit avoids the risk of a fragmented approach to these issues and inconsistent outcomes among different OCC supervisory lines of business.”

More broadly, he stated that the establishment of the CCA unit “reflects the significance of consumer and BSA/anti-money laundering compliance issues within the OCC and the banking industry, and the extent to which compliance risk management deficiencies may pose the risk of great harm to consumers and the safety and soundness of banks.”

Further emphasizing the interconnection between compliance gaps and relation to the overall strength of oversight operations, Curry stated that “compliance and safety and soundness go hand in hand. The compliance discipline, like its safety and soundness sibling, requires dedicated staff and strong infrastructure to ensure the OCC takes timely and appropriate actions with respect to compliance and related safety and soundness issues.”

Warren calls for CEO resignation, criminal investigation

Compliance, or lack thereof, was also on mind of Congressional attendees, some who clearly wanted more concrete signs of accountability for the failures at senior management levels.

In a heated exchange with Stumpf, Senator Elizabeth Warren, a Massachusetts Democrat, stated that the vision statement for Wells Fargo says the core values are not mere phrases in a booklet, but it’s about what employees do, noting that thousands of employees breached customer trust and company policies. She also took Stumpf to task about him saying repeatedly in recent weeks that he is “accountable,” but stating he has done nothing to prove that. 

“Have you resigned as CEO and Chairman of Wells Fargo?” she asked. And when Stumpf tried to say a statement starting with the words “the board,” Warren cut him off, asking pointedly, "have you resigned.” He answered no.

“Have you returned one nickel of the millions of dollars you were paid while this scam was going on? Have you fired a single senior executive? And I don’t mean a regional manager or branch manager,” Warren said.

“I am asking about the people who led your community banking division or your compliance division, that were in charge of making sure the bank complied with the law,” she said. “The people who actually oversaw this fraud? Your definition of accountability is to push the blame on your low-level employees who don’t have a fancy PR firm to defend themselves. This is gutless leadership.”

She added that because the share rose price by $30 during the period when the fraud occurred, that Stumpf personally made more than $200 million, noting that was “thanks to those cross sell numbers you talked about on every call.”

"This is about accountability," Warren continued. "You should resign. You should give back the money you took while this scam was going on and you should be criminally investigated by both” the U.S. Department of Justice and the SEC.

“The only way Wall Street will change is if executives face jail time when they preside over massive frauds,” Warren said, adding that the country needs “tough new laws that would hold corporate executives personally accountable. Until then, it will be business as usual. At giant banks like Wells Fargo, that seems to mean cheating as many customers, investors and employees as they possibly can.”   


©2016 Association of Certified Financial Crime Specialists
All Rights Reserved