What is risk? That is a question that is often asked at board level and in the C-suite. Is it risky and, if so, can we manage it effectively? To manage it effectively, one must identify the risk, then measure it, and then manage it if so required. All of these three components were sadly lacking at Wells Fargo and this led directly to the scandal in which the company now finds itself embroiled.
Wells Fargo has to date been hit with approximately US$185 million in fines from United States national, state and local regulators. The banking and financial services company had paid out millions in pre-settlement investigation and related costs, and has since announced that it will spend some US$50 million annually in post-settlement remediation costs. Wells Fargo has lost over US$6 billion in market share, and its home state of California has announced that it is suspending many of its ties to the institution.
An article in The New York Times reported that State of California Treasurer John Chiang was suspending ‘Wells Fargo’s most highly profitable business relations with the state for a year due to the bank’s venal abuse of its customers’. The article noted that ‘the move could cost Wells millions of dollars in banking fees because California is the largest issuer of municipal debt in the country’.
All of this points to the need for an adequate risk assessment, risk measurement and then risk management. In the case of Wells Fargo, this was sorely missed by senior management, particularly CEO John Stumpf and the company’s board of directors. One of the key points from the case is that the risk was generated by the selling of non-controversial products and services, such as bank cards and banking services. However, when all of these products were coupled with unrealistic sales mandates – which were not goals because you were terminated if you did not meet them – the marketing scheme moved into a much higher risk quadrant.
Risk is typically viewed as something that could move into illegal conduct, such a bribery and corruption under the Foreign Corrupt Practices Act (FCPA) or the United Kingdom Bribery Act. However, risk must be considered in a wide range of other areas in any organisation. To not do so puts the entire business ‘at risk’.