The Wells Fargo two million fake accounts scandal of September 2016 was one of the immediate former Federal Reserve Bank Chair Janet Yellen’s final thoughts as she retired early last month.
In the last week of January 2018, the Federal Reserve Bank (the Fed) undertook enforcement actions against Wells Fargo to curb any business expansion until the bank was able to demonstrate it had put in place appropriate risk management and customer protection measures.
According to a February 2018 article authored by John Heltman in the American Banker online magazine, Yellen is quoted as saying, “We cannot tolerate pervasive and persistent misconduct at any bank and the consumers harmed by Wells Fargo expect that robust and comprehensive reforms will be put in place to make certain that the abuses do not occur again.”
The Fed barred Wells Fargo from growing beyond its asset size as at the December 31, 2017 which was $1.95 trillion. It also required that the bank replace three board members by April 2018 and a fourth one by the end of the year.
This is a fairly sticky debate I’ve had with many directors during the course of many years of undertaking corporate governance training. How much can a director be expected to know when they only come for board meetings four times a year and likely attend committee meetings the same number of times?
Should a board member be held responsible for the commissions and omissions of management? The answer is yes, absolutely, and this is now expressly provided for by Kenyan Companies Act, 2015 which has codified a lot of corporate governance practice that has evolved over the years.
The Fed expressed the same sentiments in its letter to Stephen Sanger, the former lead independent director of the Wells board who was elected as board chair once the scandal broke. According to the American Banker article, the letter to Sanger said that there were “many pervasive and serious compliance and conduct failures” during Sanger’s tenure and that he failed to elevate abuses to the rest of the board of directors when he was made aware of them.
“This lack of inquiry and lack of demand for additional information are not consistent with the duties and responsibilities of the Lead Director as described in the firm’s Corporate Governance Guidelines between 2013 and 2016. Your performance in that role is an example of ineffective oversight that is not consistent with the Federal Reserve’s expectations for a firm of WFC’s size and scope of operations.”
Hold on! Did Sanger just get schooled by the regulator on Wells Fargo corporate governance rules that he should have read during his induction and subsequent tenure as the lead independent director?
Furthermore, the Fed put the governance monkey squarely on the back of all the directors by describing their oversight as “ineffective”. With a minimum of four board meetings, and various committee meetings during the year, directors are supposed to provide “effective” oversight over professionals who know the business far better than the directors.
But again, I ask, how were the non-executive board members to know what was going on, especially when their lead director kept them in the dark after learning about the abuses?
The burden to have board directors who can ask the right questions and ensure that an appropriate control environment exists has never been higher than in the 21st century following the massive corporate scandals in both the United States and here in Kenya as well. It is not enough to know that management are “on top of it” like sufuria lids covering the boiling cauldron of business activity.
There must be directors who have proven skills in overseeing multi-faceted businesses that have the constantly moving parts of customers, employees, operations, suppliers and other business appendages particularly for publicly listed companies who partly grow their capital off the backs of minority shareholders and banks who take wananchi deposits.
These directors then have the duty to ensure that the right reporting standards are applied in the board report, which would include querying compliance and, where necessary, establishing a risk management framework to test exactly what controls management have put in place.
Directors also need to know they are not there “to take one for the team”. Information parity is key, and once a director learns about corporate malfeasance, it is imperative that he alert colleagues to the same.