Banking Exchange Magazine Logo

“Wells Problem”: How could you stop it in your bank?

When Audit can’t see it, spotting patterns—especially in complaints—may help

Based on a long compliance career with federal agencies, the American Bankers Association, and private consulting practice, expert Lucy Griffin assesses the latest wrinkle on consumer protection. Based on a long compliance career with federal agencies, the American Bankers Association, and private consulting practice, expert Lucy Griffin assesses the latest wrinkle on consumer protection.

We’ve asked several Banking Exchange bloggers and other contributors to examine the Wells Fargo affair from the vantage of their areas of specialty. In this installment, “Common Sense Compliance” blogger Lucy Griffin shares ideas on how you can stop a Wells-type situation in your own bank before it cascades.—Steve Cocheo, executive editor and digital content manager

Wells Fargo has just been subjected to the largest civil money penalty that Consumer Financial Protection Bureau has yet imposed. Both the Comptroller’s Office and CFPB have criticized the institution for not having adequate systems to detect the behavior of rogue employees who opened accounts and issued credit and debit cards to consumers without the consumers’ authorization.

But the bank had a strong program.

The compliance program had all the necessary pieces in place. So did the audit and monitoring programs.

Getting past the radar

But here’s the problem: The particular activity—unauthorized accounts—is almost impossible to detect through monitoring and auditing.

Perhaps the most significant and underplayed fact in this case is that Wells found the problem.

Usually, regulators encourage self-diagnosis. But this time it apparently didn’t come fast enough.

Yet it is a fairly safe bet that examiners would not have found the problem either—for the same reason that auditors would not be likely to find it.

Why? Because the documentation looks okay.

Detecting the stealthy activity

What is a likely indicator that staff may be opening unauthorized accounts?

The problem for both monitoring and audit functions is that the account goes on the books, properly documented, with nothing to indicate that it was not requested or authorized by the consumer.

There simply is no indicator on the record that the account was opened improperly.

So what is an auditor supposed to look for?

The consent orders require Wells to do a better job of auditing, without specifying how that should be done. And the bottom line is that there are very few audit techniques that would expose the problem explicitly.

Look for the patterns

One available tool is an examination of patterns, and following up on what pops out.

For example, it may be possible to identify branches or individuals that outsell and outperform others and trigger a review of their techniques.

True, this would probably result in pursuing many dead ends. Often high-selling branches simply enjoy better markets than other offices do.

Alternatively, audit could randomly select branches for closer scrutiny and contact customers to learn about their experience.

Realistically, the only way to spot what was happening at Wells would be to sit in the branch and watch—the classical branch audit.

But this is incredibly time consuming. It also dims in effectiveness when the branch staff knows Audit is onsite.

Dig into consumer complaints

This type of misbehavior is most likely to be revealed in consumer complaints.

Consumers might complain about the card they did not request, or question a statement of an account they didn’t open.

At Wells, when the unauthorized account activity resulted in overdrafts—because the consumer didn’t know that funds had been moved out of their account to “establish” the unauthorized account—consumers did complain.

Unfortunately, consumers complain not just to the bank, but also to the regulators. And when the regulators get into the act, the bank loses control of the solution.

The goal, then, should be to find problems as early as possible. And the only reliable way to do this is to keep a close watch on customer complaints.

Analysis must go beyond obvious patterns

I have a “P.S.” for you, though. What I’ve outlined regarding analyzing complaints isn’t enough.

Most complaint programs require an initial analysis; assignment of the complaint for investigation and resolution; and—hopefully—follow-up on the adequacy of the resolution. However, with this procedure firmly in place, it can be easy to ignore the underpinnings of service-related or customer dissatisfaction complaints until the bank’s regular analysis of complaint patterns. This might be done on a monthly basis, for example.

But that may be too late. The analysis of complaints over time reveals patterns where problems may exist that should be addressed at a policy level.

The Wells case brings up a critical question: Can you afford to wait until a pattern emerges?

Look to the banker

Complaint analysis should look not only for violations of regulations but for indications that an employee did not follow policy or procedures.

While some of the complaints about the problem at Wells did address regulatory concerns—such as issuance of a credit card that was not requested—others merely would have indicated a deviation from policy or general customer dissatisfaction.

The transfer of funds from an existing account into a new account may look clean on the books. But when a customer complains that they did not open that account, the complaint should be vetted at a policy level as well as resolving the particular consumer’s problem.

Customer dissatisfaction may actually be an early indicator for a UDAAP problem. When customers don’t like a new product or procedure, the bank should pay close attention.

Complaints are your early warning system. Use them!

Lucy Griffin

"Lucy and Nancy's Common Sense Compliance" is blogged by both Lucy Griffin and Nancy Derr-Castiglione. Both are Banking Exchange contributing editors.
    Lucy, a Certified Regulatory Compliance Manager, has over 30 years experience in compliance. She began as a regulator, including stints with the Federal Reserve Board, the Federal Trade Commission, and the Federal Home Loan Bank Board. For many years she managed the ABA Compliance Division. Since 1993 she has served as a compliance consultant as president of Compliance Resources, Inc., Reston, Va. She is also editor of Compliance Action newsletter and senior advisor with Paragon Compliance Group, a compliance training firm.     
    In addition to serving as a Contributing Editor of Banking Exchange, Lucy serves on the faculty of ABA's National Compliance Schools board. For more than a decade she developed and administered the case study at ABA's National Graduate School of Compliance Management. She can be reached at [email protected]

back to top


About Us

Connect With Us



How to get the most out of Data and AI
with Ravi Loganathan from Sardine
and President of Sonar

Wednesday, July 24, 2024 at 11 AM ET / 8 AM PT

In this webinar we will cover:


This webinar is brought to you by:

SardineBanking Exchange