Ethical lapses by financial services companies have caused ripples that will affect banks for years. Increasingly, this has become a risk management concern as each outbreak registers on multiple fronts.
In the wake of the Wells Fargo sales scandal, other large banks conducted their own reviews of sales practices or otherwise attempted to make clear publicly that their programs didn’t have the exposure that Wells experienced.
JPMorgan Chase’s Marianne Lake, CFO, told a third-quarter earnings call audience that the company had found a few examples of problems with employees’ cross-selling practices, but that they weren’t “systemic.”
Meanwhile, U.S. Bancorp Chairman and CEO Richard Davis said in his company’s third-quarter call that he didn’t look at cross-sell numbers: “We don’t set quotas.”
Exams and self-exams
As the industry has paid more attention to these issues, there’s been a trend to look at bank philosophy, and the pragmatic need to make a profit.
Last October, William Dudley, president and CEO at the New York Federal Reserve Bank, addressed another in a series of the bank’s conferences on banking culture with a speech balancing realism and idealism:
“The industry’s shared norms—its culture—will not change by mere exhortation to the good, whether from me or from the industry’s CEOs. In my experience, people respond far more to incentives and clear accountability than to statements of virtues or values. The latter are worthy and necessary, but remain aspirational or even illusory unless they are tied to real consequences. What does it mean for a firm to profess to putting the customer first, if employees are compensated and promoted regardless of what’s good for customers? Or, worse, if they are not held to account for activities that can harm customers?”
Later in his speech, Dudley asked a question pointing right at risk management: “Do risk managers have the appropriate authority [in their banks] to challenge frontline revenue producers and prevent activity that is questionable?”
Ultimately, no business can survive without sales, and for compliance expert Rich Riese of SMAART.COnsulting, a former senior federal regulator and ABA compliance official, banking sales hinges on a fundamental premise.
“I still see it very much as part of the trust relationship that banks have traditionally leveraged,” he says. “Bankers have always tried to be their customers’ trusted financial partner. The hope is that the sales process produces the proverbial win-win. The customer gains a valuable service. Banks are not in the business of giving things away—and they shouldn’t be.”
Earlier this year, Wells Fargo, working to distance itself from the troubles and find a new sales path, unveiled a new approach to retail banking compensation. The emphasis is on teamwork at the branch level, and the 2017 Wells employee handbook states that “teamwork is essential to cross sell”—a departure from Wells’ old culture.
While banks may be holding mirrors up to themselves to see how well they oversee sales practices, they aren’t the only ones looking. Larger and mid-sized banks have had their sales practices subject to “horizontal reviews”—focused regulatory scrutiny in a single area—by both the Comptroller’s Office and the Consumer Financial Protection Bureau, plus similar attention from the Federal Reserve. In late November, CFPB published guidance to institutions on detecting and preventing consumer harm from sales incentives.
In early January, Comptroller Tom Curry said during a press briefing on industry risks that his agency’s review—“to assess whether similar practices and weaknesses are occurring”—continues. An industry observer says the effort began with data gathering, but that the next round may involve targeted examiner visits. No specifics have been released thus far.
(Results of horizontal reviews have sometimes been published, but sometimes not. Participants generally receive redacted findings, reflecting that data based on interaction with multiple banks is involved.)
In the meantime, even as these exams continue, it’s taken as a given that more attention will be paid in all examinations to sales and incentive practices. Regulators have a proposal outstanding on incentive pay that has been hanging for over six months, and that could be hastened toward final form or become the basis of a wider rule. Institutions as small as $1 billion would be covered under its present form.
Attention to cross-selling practices has already moved beyond banking proper. In October 2016, the Financial Industry Regulatory Authority began its review of incentives paid to broker-dealer firms’ employees to promote bank products of their parent organizations to brokerage customers, among other purposes.
Tone at the top and beyond
As with many banking elements, experts say the board is where things begin—the classic “tone at the top” argument.
“The regulators will hold the board of directors accountable given its responsibilities for overseeing that the bank’s revenue-generating strategies (e.g. sales targets) are in line with the bank’s risk appetite,” states a fall article in A Closer Look, a banking newsletter from PwC’s Financial Services Regulatory Practice. “The chief risk officer should have ultimate responsibility over the enterprise-wide sales practices risk management program and should report to the board’s risk committee regarding the program.”
PwC’s article advises that “tone in the middle” should be in line with that from the top. The board may send a message, but others carry out the intent—or fail to: “At a minimum, middle managers should avoid undermining corporate values statements by overemphasizing sales generation or setting unreasonable sales targets. Going further, managers should punish bad actors for rule violations, and serve as a role model to other employees by speaking out against conduct that could lead to customer mistreatment (and reward employees who similarly speak out).”
Oversight starts on front line
In testimony about Wells last year, CFPB Director Richard Cordray concluded by speaking more generally: “As we have seen here . . . unchecked incentives and an unrealistic and uncaring culture of high-pressure sales targets can lead to serious consumer harm. Incentive compensation structures are common in businesses, and they can motivate positive behavior. Yet companies need to pay close attention to their compliance monitoring systems in order to prevent violations of the law and abusive practices.”
Cordray also said: “If sales targets and incentive compensation schemes are implemented in ways that threaten harm to consumers and lead to violations of law, then banks and other financial companies will be held accountable.”
Looking at this from the perspective of a “three lines of defense” approach to compliance and risk management, accountability begins at home. The three lines of defense are in the business unit itself (“the front line”); functions such as compliance and risk management; and, finally, internal audit.
It’s essential that consumers’ needs be the centerpiece of the selling process. If anything that isn’t a good fit is sold to them “in today’s UDAAP environment, that gets viewed as deceptive,” says Riese.
The key line of defense is the one closest to customers, the front line, which should track adherence of employee performance to high expectations—after appropriately preparing them for the role. “Customer service is the front line of defense, with the second and third lines providing monitoring of complaints and control testing oversight,” says Riese. “But fundamentally, both sales success and compliance success begin with having good systems and good training in place.”
PwC’s article says that the “key concern for the first line of defense will be making sure that its sales targets and incentives do not encourage harmful behavior.”
Inappropriate behavior and judgment errors can still occur, and that is where other lines of defense as well as specialized programs can help. Lyn Farrell, senior advisory board member at Treliant Risk Advisors, says two areas to watch closely are complaints from the public and whistle-blower filings.
Specific types of complaints to watch for are those arising under the Fair Credit Reporting Act. These concerns are usually routed from the credit reporting firms to banks when consumers spot unfamiliar accounts on their credit records. Farrell points out that this may be a red flag that a fraudulent account has been unknowingly opened by an employee attempting to game the bank’s sales system. Someone in the bank receives those queries, and risk management should be in the loop.
Farrell says that some banks deploy a best practice of “welcome calls” to new customers. These calls are made by another employee, typically in a call center, which gives them an opportunity to detect fraudulent new account activity.
PwC, in its article, recommends a heavy stress on data gathering in the monitoring process. For example, one trip wire to set is the opening of multiple products, such as a second or even a third checking product opened within ten days of the first. Legitimate reasons could apply, but the repetition bears review.
The bureau, in its guidance, stressed the importance of compliance management systems overall and in regard to sales incentive pay:
“An entity’s CMS should reflect the risk, nature, and significance of the incentive programs to which they apply. Accordingly, the strictest controls will be necessary where incentives concern products and services less likely to benefit consumers or that have a higher potential to lead to consumer harm, reward outcomes that do not necessarily align with consumer interests, or implicate a significant proportion of employee compensation.”