Two Million Fake Accounts: Sales Misconduct at Wells Fargo

Coming out of the financial crisis, Wells Fargo was one of the world’s largest and most successful banks, viewed as a role model in how to manage in times of crisis. The news of its sales misconduct—opening more than 2 million fake accounts—in 2016 rocked consumer confidence and inundated the news. Professor Suraj Srinivasan discusses how sales culture, leadership, board oversight, and risk management all played a role.

Subscribe on iTunes  Follow on Libsyn

Subscribe on iTunes  Follow on Libsyn

Brian Kenny: In July 2010, at the peak of the global financial crisis, Congress passed the Dodd-Frank Wall Street Reform and Consumer Protection Act. A year later, Dodd-Frank would pave the way for the Consumer Financial Protection Bureau, an agency that's supposed to make sure that banks, lenders, and other financial companies treat you fairly. Their website keeps a running tally of how many complaints they've fielded since opening the doors in 2011. As of March 28, 2018, the number was 996,214. The searchable database, where they post all the complaints as well as the responses from financial institutions, reveals that 61,372 of those complaints are about Wells Fargo and Company. JPMorgan, the largest bank in the US, had 11,000 fewer complaints than Wells Fargo.

Today we'll hear from Professor Suraj Srinivasan, the Philip J. Stomberg Professor of Business Administration, about his case study, Sales Misconduct at Wells Fargo Community Bank. I'm your host Brian Kenny, and you're listening to Cold Call.

Kenny: Suraj Srinivasan teaches in the MBA and Executive Education programs at Harvard Business School. His research examines the institutions of corporate governance in the US and internationally, and he doesn't shy away from writing controversial cases, which is why we love to have you on the program, Suraj. Thanks for joining me.

Srinivasan: Thank you Brian. By the way, those statistics are fascinating and tell you the scope of the problem.

Kenny: This case continues to pop up in the headlines since it first surfaced a couple of years ago, so I think people will really be interested to hear your take on it and what you discovered. Maybe you could start by telling us what's the context? How does the case begin and who are the central characters in the case?

Srinivasan: Absolutely. By the way, from a case writer's perspective it's the gift that keeps giving. You have a case B and a C and D keep happening every few months. But stepping back, the case is set at around the time that consumer regulators, several of them, started levying huge fines and holding the board and the company accountable for the scandal.

The case is written with my co-authors, Dennis Campbell and Susanna Gallani. We wrote the case because it actually serves a very, very useful pedagogical purpose. The central characters in the case are the CEO, John Stumpf, and the head of the Community Bank, Carrie Tolstedt. But also looming large in the background is the board of directors of the company.

As those numbers from CPFB indicated, this was a huge problem. This was a problem not of a few bad apples—this was a systematic problem. The bank itself fired over 5,000 employees. It's a large bank no doubt, there are more than 200,000 employees, but not all of them are in the sales department, and 5,000 people were let go in the sales department. Two million customers at that point, and that number has increased over time and it has crossed the Community Bank into other parts of the business, the insurance business, in the lending part of the business subsequently.

But it was a systematic problem and it was fascinating and a puzzle frankly, because Wells Fargo was the most successful bank coming out of the financial crisis. They were held up as a role model for how a bank should have behaved during the crisis. It was the second largest bank in the US. At the time this all broke, they were one of the most profitable banks ... They were the fifth largest in the world.

So it was a surprise and a puzzle that a bank that actually not just survived, but thrived through the crisis and subsequently after, ended up in this kind of a problem.

Kenny: You mentioned they were one of the largest banks in the country... I think they come in third right now in the US.

Srinivasan: Absolutely. At that point a $1.8 trillion balance sheet. This was the total size of the assets that they had, which now the Federal Reserve has capped at $2 trillion until they show effective risk management. So there's actually a cap on the size of what they can do and grow; they are right now feeling the heat from that.

Kenny: Can you talk a little bit about the retail banking industry and the competitive pressures in that segment of the financial services space?

Srinivasan: As you can well imagine, it's a highly commoditized industry. You can open a savings account, a checking account, get a credit card, get a car loan, get a new mortgage. Most of these financial products have become commodities, the rates are fairly similar. You can shop around very easily. It's a business where technology has played a huge role in improving efficiencies. Branch banking has fallen ... I know for example Citibank pulled out of Massachusetts and doesn't have any branches in the state, and that's been going on for a long time.

The other big idea in this is that the cross-selling which got Wells Fargo into trouble is actually a well-established phenomenon that several banks pursue. I have received offers where to open an account you get $500 to open an account in a local bank, because the lifetime value of getting a customer is high.

So you combine the commodity nature of the business with the cross-selling part of it and that creates a competitive dynamic, which Wells Fargo is facing.

Kenny: People do all of this by phone or they do it digitally, so you're distanced ... You don't have the relationship necessarily that you might have had 20, 30 years ago with your local bank.

Srinivasan: That's absolutely true, though for some kinds of transactions, for a loan, you might still try to go in. But you're right. A lot of these things are done online, over the phone, and so on.

Kenny: Maybe you can describe some of the things that were happening and that began to surface at Wells Fargo?

Srinivasan: It's very much a retail bank, and the largest retail bank therefore, so lots of branches, lots of front-end people, tellers and customer service folks who are helping customers and trying to open accounts. Any sales organization thrives on a certain sales culture, which includes targets and sales pressure. That's not just banking, that's any industry. What comes along with that of course is the need to have tight boundaries around what are allowable and not allowable practices. How much can you push? That's where Wells Fargo seems to have had a slightly harder time.

What we learned, exposed now from the inquiries, is that the pressure was high. It was higher than what you might have expected in a relationship bank. The employee turnover, for instance, was over 30 percent. They would benchmark that with other sales organizations such as department stores, and retail is seen as a high turnover industry. However, a relationship bank is not exactly comparable to selling clothes, but that seemed to have been the idea behind the sales culture at Wells Fargo.

Kenny: They weren't making a lot of money either? One of the things the case talks about is the average salary for a retail sales person was about $30,000.

Srinivasan: Right. So this is a typical front-end sales force. You could imagine the alternative approach, where you have a much more empowered sales force, higher paid employees that are trained, therefore if you have 30 percent or more turnover, you can imagine that the investment in training is not going to be very high because so many people are leaving every year.

It appears that along with more than usual sales pressure and sales incentive was combined with weaker boundaries of what was possible. The people who were held up as effective salespeople weren't the ones who were really pulling the tight and narrow as you say. For example, there was a practice of running the gauntlet. Every week in the morning meeting people would run up to the front and write on a whiteboard ... Write the number of sales prospects they had converted, and you can imagine the ones that were not were feeling the pressure in a very public way.

Kenny: Shaming...

Srinivasan: Shaming exercise. Exactly. The ones that were doing well, even though it wasn't the best of practices, would be sent around as role models to other branches to quote-unquote teach others how to do this. It created a very high pressure front-end sales force, which one can say is useful in a sales-driven environment subject to having the right checks and balances.

One of the things that Wells Fargo initiated afterwards was a customer notification every time an account was opened. That's just Risk Control 101, if a customer had been notified if there was some activity on the account which would have automatically prevented an employee from opening a fake account. [Which was] essentially what happened…

The big problem was ... And subsequently we've learned of so many other things, but the big problem was that they opened over two million fake accounts. So if you had a savings account at the bank you would get a credit card, even though you would not have opened that. You would have gotten something else, even though you had not opened that particular account.

The pressure on the employees to do this ... So the company had this “Eight is Great.” Said rightly, it rhymes, “Eight is Great.” It rhymes when you say it... The CEO would go on conference calls and investor presentations and say that was their target. When asked why, he would literally say it rhymes well. So there wasn't a theory behind it, you know, eight is the optimal number of accounts that a customer should have, but it was just a nice sounding target. Something like that adds enormous pressure to the front end, and absent boundaries, that can lead to trains going off the rails.

Kenny: So these sales folks were just opening up accounts to try and get as close to that number for each customer they represented as possible?

Srinivasan: Absolutely, and they had targets for how much they could cross-sell. This is not in our case, but subsequently we found out several other places, several insurance products that were being sold fraudulently. We found out recently from a whistleblower that complained that there were mortgages that people are being asked to repay them when they've actually not taken them out. So this practice seems like it was quite prevalent.

But the big issue that they got fined on was these false accounts. You asked when did this all start surfacing. The key trigger was the Los Angeles Times expose in 2012. Following that, the District Attorney from Los Angeles started investigating and finding lots of things against the company, so this was not new when it actually broke in 2016. It had been around for three or four years.

But several of those practices actually kept continuing until much later, several years later, which raises several other questions that I know you'll get into about the board and the risk management of the company and so on.

Kenny: Why don't we actually transition to that now. Let's talk a little bit about Carrie Tolstedt and John Stumpf. John's name came up in a podcast that we did before with you around the data breach at Target, so John's had kind of a checkered past here as it comes to some of these things where he's been on the watch. Tell us a little bit about Carrie and what her role was.

Srinivasan: Carrie Tolstedt was the head of the Community Bank. Like I said, this was a very, very successful community bank, one of the best performing retail banks in the country. In fact, their cross-selling was held up as a role model for other banks. Carrie Tolstedt was a very well-respected banker within the bank. She had spent the last part of her career at Wells Fargo. You learn from the board reports subsequently that the bank held her in high esteem, John Stumpf held her in high esteem, which turns out perhaps was part of the problem, that she was so well-respected for her past successes that there was a certain reluctance to question her... protected her from certain kinds of questioning and also protected her from the otherwise useful risk controls and other governance that was prevalent at the bank.

A related issue was that the bank was highly decentralized. The structure of the bank was that while there was a central risk management, you had the Community Bank and other parts of the bank having their own risk controls, which they should have. But it turned out that the force of Carrie's personality was strong enough that the communication outside of the Community Bank to other parts of the organization were not just weak, they were expressly discouraged and frowned upon by her.

There are instances that have subsequently come to light on the central part of the bank asking questions and Carrie would reprimand people who would answer those questions or not keep her in the loop when questions such as those were being asked. The board subsequently has said that they were misinformed by Carrie Tolstedt about the number of people that were being let go of in the bank, that the number had been low-balled. After the LA Times article came out there were a few bad apples and they were letting 100 people go, when it was in fact 600 or 700 per quarter, and the board used that as a defense; you know, we can only ask. We have no means of verifying, especially coming from a person as well respected as Carrie.

So there was this kind of dual thing going on with respect to her role, a very highly performing manager, on the other hand trying to keep a tight control over what was going on and not liking when questions were asked.

Kenny: So isn't it John's job to look a little bit more closely at this and...

Srinivasan: As the CEO, the buck stops there. Absolutely. It's interesting you refer to the Target cyber breach. John's role there was of course secondary in the sense that he was on the board. He was not the CEO of the company, but one can imagine certain parallels between those two situations.

Yes, that should have been the CEO's job and now he paid for it with his job and all the reputational harm that's come his way because of this. It appears that he relied a lot on Carrie and the relationship was one of mutual trust, or at least trust one way, and did not push very much.

Kenny: In your research with other companies, I would suspect this is not unusual. That if you've got somebody who's really performing well, by appearances at least, and revenue is coming in, you don't really want to mess with that, right?

Srinivasan: That's true at every level. Investors don't question companies when they're doing very well, and subsequently they crash. Boards don't question CEOs when things are going very well. It's hard to start looking under rocks when things are going very well, and it's true at every level beyond that, which is why you have risk management. Risk management is the flip side of strategy. These are risks that companies voluntarily take on, because that's how you make money. But then you have to make sure that the risk doesn't go out of control.

Structurally there was a problem, and that was John Stumpf's job I would think, to try to understand where was the risk coming in the bank and how would ... Think about it. This is a bank. This is one of the largest banks in the world. Risk management is a core competence of banks, otherwise you don't run banks.

Somehow they discounted that just the front-end sales force can create risk. You think about all kinds of risk. You think about lending risk. You think about foreign currency risk. You think about money laundering risk. You think about high level risk. But this kind of ... Should not have, at least in hindsight, been blindsided there.

Kenny: So blindsided is one way to look at it, but the case also talks about the fact that there were some red flags that were popping up here and there. Let's go to the board now, because the board ... this wasn't the first time that they had heard about it.

Srinivasan: There's a doctrine developing in Delaware, it's called the Red Flag Doctrine, you normally depend on the company and managers, the board I mean, for information because you're launching your own investigations and calling four levels down the line, asking for ... You know, you trust the CEO, you trust the next level for information when they give you information, but if there are red flags, like you said, then you have to be on alert on what was happening, and it seems like there were more than enough red flags. To be fair though, there were some processes being put by the risk part of the board, but probably not enough, and they still relied on management a little too much.

If you think about it, at the bank there were actually terms that the employees were using such as “bundling.” The front-end employees would falsely tell a customer for instance if you open a checking account that you have to open a savings account along with that, that these are bundled products, when actually in reality there were no bundled products. That you have to take a credit card, when in reality you didn't have to do that.

There was another thing called “sandbagging.” These were informal terms that the sales force was using. They would try to manage targets in particular ways, and of course the easiest grade was floating around there. Even way back in 2004 there was a gaming report, a gaming quote-unquote, that the bank was at risk because the employees were game targets. So this was not new for the bank, and this was certainly not new for sales driven companies.

Kenny: Do you think that in the wake of something like what happened at Wells Fargo that board directors should really be thinking hard about their role and the commitment they're making when they step onto a board?

Srinivasan: Board roles are hard for the following reasons. Like you said, you don't want to be getting on a board always with the attitude that I'm going to be second-guessing everything that management is telling me. I don't want to be probing under rocks for risk and bad news that doesn't exist, because you are entering into a trusting relationship. The board monitors the company. The management runs the business. It's a fine line to try to figure out where to draw that line.

The norm, especially in the US, is for the boards to defer much more to the management unless there's a reason to believe otherwise. Now when do you decide there's reason to believe otherwise? Were these red flags enough? My personal feeling is the boardroom is too safe a place for management. But again, how do you draw that line? When do you decide it's too safe and when do you want to make it a little unsafe in terms of the kinds of questions that you want to ask?

Like I said, it's a $2 trillion organization, a $2 trillion asset organization, hundreds of thousands of employees, so it has to be almost a fulltime job for some of the people who are doing this. On the other hand, the management does run the business. So yes, I think incidents like Wells Fargo raise very important questions for management, too, that you should involve the board more, that you have to be much more willing to be transparent and expose the board to what's happening inside the organization. You should, in fact, have somebody on the board who asks the tough questions.

But there should be some process by which we are not indulging in group think, and that's not the first time that anybody has mentioned about group think in the context of a board or just, you know, it's a group of 10 or 12 people, and who bells the cat? The best boards do have that. They do have somebody or a group of people that in different circumstances are charged with asking the tough questions so that things don't go unasked because nobody knows whether it's their job to ask them.

Kenny: Do you think there's a role here for activist investors, too? We're hearing a lot about activist investors. Sometimes they come off looking really bad, but I'm wondering if there's an important role that an activist investor plays in holding the board and the leadership of an organization accountable?

Srinivasan: Yes and no. The no part of that [is that] the problems of Wells Fargo are not the typical issues that an activist investor would have surfaced, because it's more of a risk management issue. This is more of an issue where things are happening in the front end. This is certainly an issue for compliance and the role of the whistleblowers. Are the whistleblower complaints getting through to the board? What is the process for understanding them? Are there enough of a certain kind of issue?

I bet in a bank like this they would have had some processes. It's unimaginable that they would not have had, but it's probably worked well for every board to go back and try and understand yes, we think we have a process. Have we reviewed it recently? Are there blind spots that we're facing in this?

Kenny: You've discussed this case in class, have you?

Srinivasan: Several times. We've done it in our MBA program. We've done it and we have used it in both programs. We've used it in programs for risk managers. We've used it in senior executive programs. We use it for two big purposes. One is to understand risk management. One of the very common risk management motives is what we call the fraud triangle, and how the fraud triangle plays out. The three legs of the triangle are opportunity, rationalization, and pressure. The idea is that all these three have to come together at the same time for risk controls to fail.

I think this case really illustrates very well that there was opportunity because the risk controls weren't working. There was pressure because of the sales force, and there was rationalization in a way because the senior management was supporting it and everybody was saying yes, we're doing it for the benefit of the bank and in a way they were rationalizing their own behavior. So when the trifecta comes together, then you have a blow up. We use it to try to understand how that happens and what can you do to prevent that and certainly the higher level issues with respect to the board that you've been talking about.

Kenny: Suraj, thanks so much for joining us today.

Srinivasan: Thank you. It's really a pleasure to be here.

Kenny: If you enjoyed listening to the Wells Fargo case, you can find Cold Call wherever you listen and subscribe to podcasts. Every episode features a business case taught to MBA students right here at Harvard Business School. We'd love to hear your thoughts, so take a few moments to write a review. I'm Brian Kenny, your host, and thank you for listening to Cold Call, an official podcast of Harvard Business School.

Recorded March 28, 2018. Edited for length and clarity.

 Read more

Brian Kenny: In July 2010, at the peak of the global financial crisis, Congress passed the Dodd-Frank Wall Street Reform and Consumer Protection Act. A year later, Dodd-Frank would pave the way for the Consumer Financial Protection Bureau, an agency that's supposed to make sure that banks, lenders, and other financial companies treat you fairly. Their website keeps a running tally of how many complaints they've fielded since opening the doors in 2011. As of March 28, 2018, the number was 996,214. The searchable database, where they post all the complaints as well as the responses from financial institutions, reveals that 61,372 of those complaints are about Wells Fargo and Company. JPMorgan, the largest bank in the US, had 11,000 fewer complaints than Wells Fargo.

Today we'll hear from Professor Suraj Srinivasan, the Philip J. Stomberg Professor of Business Administration, about his case study, Sales Misconduct at Wells Fargo Community Bank. I'm your host Brian Kenny, and you're listening to Cold Call.

Kenny: Suraj Srinivasan teaches in the MBA and Executive Education programs at Harvard Business School. His research examines the institutions of corporate governance in the US and internationally, and he doesn't shy away from writing controversial cases, which is why we love to have you on the program, Suraj. Thanks for joining me.

Srinivasan: Thank you Brian. By the way, those statistics are fascinating and tell you the scope of the problem.

Kenny: This case continues to pop up in the headlines since it first surfaced a couple of years ago, so I think people will really be interested to hear your take on it and what you discovered. Maybe you could start by telling us what's the context? How does the case begin and who are the central characters in the case?

Srinivasan: Absolutely. By the way, from a case writer's perspective it's the gift that keeps giving. You have a case B and a C and D keep happening every few months. But stepping back, the case is set at around the time that consumer regulators, several of them, started levying huge fines and holding the board and the company accountable for the scandal.

The case is written with my co-authors, Dennis Campbell and Susanna Gallani. We wrote the case because it actually serves a very, very useful pedagogical purpose. The central characters in the case are the CEO, John Stumpf, and the head of the Community Bank, Carrie Tolstedt. But also looming large in the background is the board of directors of the company.

As those numbers from CPFB indicated, this was a huge problem. This was a problem not of a few bad apples—this was a systematic problem. The bank itself fired over 5,000 employees. It's a large bank no doubt, there are more than 200,000 employees, but not all of them are in the sales department, and 5,000 people were let go in the sales department. Two million customers at that point, and that number has increased over time and it has crossed the Community Bank into other parts of the business, the insurance business, in the lending part of the business subsequently.

But it was a systematic problem and it was fascinating and a puzzle frankly, because Wells Fargo was the most successful bank coming out of the financial crisis. They were held up as a role model for how a bank should have behaved during the crisis. It was the second largest bank in the US. At the time this all broke, they were one of the most profitable banks ... They were the fifth largest in the world.

So it was a surprise and a puzzle that a bank that actually not just survived, but thrived through the crisis and subsequently after, ended up in this kind of a problem.

Kenny: You mentioned they were one of the largest banks in the country... I think they come in third right now in the US.

Srinivasan: Absolutely. At that point a $1.8 trillion balance sheet. This was the total size of the assets that they had, which now the Federal Reserve has capped at $2 trillion until they show effective risk management. So there's actually a cap on the size of what they can do and grow; they are right now feeling the heat from that.

Kenny: Can you talk a little bit about the retail banking industry and the competitive pressures in that segment of the financial services space?

Srinivasan: As you can well imagine, it's a highly commoditized industry. You can open a savings account, a checking account, get a credit card, get a car loan, get a new mortgage. Most of these financial products have become commodities, the rates are fairly similar. You can shop around very easily. It's a business where technology has played a huge role in improving efficiencies. Branch banking has fallen ... I know for example Citibank pulled out of Massachusetts and doesn't have any branches in the state, and that's been going on for a long time.

The other big idea in this is that the cross-selling which got Wells Fargo into trouble is actually a well-established phenomenon that several banks pursue. I have received offers where to open an account you get $500 to open an account in a local bank, because the lifetime value of getting a customer is high.

So you combine the commodity nature of the business with the cross-selling part of it and that creates a competitive dynamic, which Wells Fargo is facing.

Kenny: People do all of this by phone or they do it digitally, so you're distanced ... You don't have the relationship necessarily that you might have had 20, 30 years ago with your local bank.

Srinivasan: That's absolutely true, though for some kinds of transactions, for a loan, you might still try to go in. But you're right. A lot of these things are done online, over the phone, and so on.

Kenny: Maybe you can describe some of the things that were happening and that began to surface at Wells Fargo?

Srinivasan: It's very much a retail bank, and the largest retail bank therefore, so lots of branches, lots of front-end people, tellers and customer service folks who are helping customers and trying to open accounts. Any sales organization thrives on a certain sales culture, which includes targets and sales pressure. That's not just banking, that's any industry. What comes along with that of course is the need to have tight boundaries around what are allowable and not allowable practices. How much can you push? That's where Wells Fargo seems to have had a slightly harder time.

What we learned, exposed now from the inquiries, is that the pressure was high. It was higher than what you might have expected in a relationship bank. The employee turnover, for instance, was over 30 percent. They would benchmark that with other sales organizations such as department stores, and retail is seen as a high turnover industry. However, a relationship bank is not exactly comparable to selling clothes, but that seemed to have been the idea behind the sales culture at Wells Fargo.

Kenny: They weren't making a lot of money either? One of the things the case talks about is the average salary for a retail sales person was about $30,000.

Srinivasan: Right. So this is a typical front-end sales force. You could imagine the alternative approach, where you have a much more empowered sales force, higher paid employees that are trained, therefore if you have 30 percent or more turnover, you can imagine that the investment in training is not going to be very high because so many people are leaving every year.

It appears that along with more than usual sales pressure and sales incentive was combined with weaker boundaries of what was possible. The people who were held up as effective salespeople weren't the ones who were really pulling the tight and narrow as you say. For example, there was a practice of running the gauntlet. Every week in the morning meeting people would run up to the front and write on a whiteboard ... Write the number of sales prospects they had converted, and you can imagine the ones that were not were feeling the pressure in a very public way.

Kenny: Shaming...

Srinivasan: Shaming exercise. Exactly. The ones that were doing well, even though it wasn't the best of practices, would be sent around as role models to other branches to quote-unquote teach others how to do this. It created a very high pressure front-end sales force, which one can say is useful in a sales-driven environment subject to having the right checks and balances.

One of the things that Wells Fargo initiated afterwards was a customer notification every time an account was opened. That's just Risk Control 101, if a customer had been notified if there was some activity on the account which would have automatically prevented an employee from opening a fake account. [Which was] essentially what happened…

The big problem was ... And subsequently we've learned of so many other things, but the big problem was that they opened over two million fake accounts. So if you had a savings account at the bank you would get a credit card, even though you would not have opened that. You would have gotten something else, even though you had not opened that particular account.

The pressure on the employees to do this ... So the company had this “Eight is Great.” Said rightly, it rhymes, “Eight is Great.” It rhymes when you say it... The CEO would go on conference calls and investor presentations and say that was their target. When asked why, he would literally say it rhymes well. So there wasn't a theory behind it, you know, eight is the optimal number of accounts that a customer should have, but it was just a nice sounding target. Something like that adds enormous pressure to the front end, and absent boundaries, that can lead to trains going off the rails.

Kenny: So these sales folks were just opening up accounts to try and get as close to that number for each customer they represented as possible?

Srinivasan: Absolutely, and they had targets for how much they could cross-sell. This is not in our case, but subsequently we found out several other places, several insurance products that were being sold fraudulently. We found out recently from a whistleblower that complained that there were mortgages that people are being asked to repay them when they've actually not taken them out. So this practice seems like it was quite prevalent.

But the big issue that they got fined on was these false accounts. You asked when did this all start surfacing. The key trigger was the Los Angeles Times expose in 2012. Following that, the District Attorney from Los Angeles started investigating and finding lots of things against the company, so this was not new when it actually broke in 2016. It had been around for three or four years.

But several of those practices actually kept continuing until much later, several years later, which raises several other questions that I know you'll get into about the board and the risk management of the company and so on.

Kenny: Why don't we actually transition to that now. Let's talk a little bit about Carrie Tolstedt and John Stumpf. John's name came up in a podcast that we did before with you around the data breach at Target, so John's had kind of a checkered past here as it comes to some of these things where he's been on the watch. Tell us a little bit about Carrie and what her role was.

Srinivasan: Carrie Tolstedt was the head of the Community Bank. Like I said, this was a very, very successful community bank, one of the best performing retail banks in the country. In fact, their cross-selling was held up as a role model for other banks. Carrie Tolstedt was a very well-respected banker within the bank. She had spent the last part of her career at Wells Fargo. You learn from the board reports subsequently that the bank held her in high esteem, John Stumpf held her in high esteem, which turns out perhaps was part of the problem, that she was so well-respected for her past successes that there was a certain reluctance to question her... protected her from certain kinds of questioning and also protected her from the otherwise useful risk controls and other governance that was prevalent at the bank.

A related issue was that the bank was highly decentralized. The structure of the bank was that while there was a central risk management, you had the Community Bank and other parts of the bank having their own risk controls, which they should have. But it turned out that the force of Carrie's personality was strong enough that the communication outside of the Community Bank to other parts of the organization were not just weak, they were expressly discouraged and frowned upon by her.

There are instances that have subsequently come to light on the central part of the bank asking questions and Carrie would reprimand people who would answer those questions or not keep her in the loop when questions such as those were being asked. The board subsequently has said that they were misinformed by Carrie Tolstedt about the number of people that were being let go of in the bank, that the number had been low-balled. After the LA Times article came out there were a few bad apples and they were letting 100 people go, when it was in fact 600 or 700 per quarter, and the board used that as a defense; you know, we can only ask. We have no means of verifying, especially coming from a person as well respected as Carrie.

So there was this kind of dual thing going on with respect to her role, a very highly performing manager, on the other hand trying to keep a tight control over what was going on and not liking when questions were asked.

Kenny: So isn't it John's job to look a little bit more closely at this and...

Srinivasan: As the CEO, the buck stops there. Absolutely. It's interesting you refer to the Target cyber breach. John's role there was of course secondary in the sense that he was on the board. He was not the CEO of the company, but one can imagine certain parallels between those two situations.

Yes, that should have been the CEO's job and now he paid for it with his job and all the reputational harm that's come his way because of this. It appears that he relied a lot on Carrie and the relationship was one of mutual trust, or at least trust one way, and did not push very much.

Kenny: In your research with other companies, I would suspect this is not unusual. That if you've got somebody who's really performing well, by appearances at least, and revenue is coming in, you don't really want to mess with that, right?

Srinivasan: That's true at every level. Investors don't question companies when they're doing very well, and subsequently they crash. Boards don't question CEOs when things are going very well. It's hard to start looking under rocks when things are going very well, and it's true at every level beyond that, which is why you have risk management. Risk management is the flip side of strategy. These are risks that companies voluntarily take on, because that's how you make money. But then you have to make sure that the risk doesn't go out of control.

Structurally there was a problem, and that was John Stumpf's job I would think, to try to understand where was the risk coming in the bank and how would ... Think about it. This is a bank. This is one of the largest banks in the world. Risk management is a core competence of banks, otherwise you don't run banks.

Somehow they discounted that just the front-end sales force can create risk. You think about all kinds of risk. You think about lending risk. You think about foreign currency risk. You think about money laundering risk. You think about high level risk. But this kind of ... Should not have, at least in hindsight, been blindsided there.

Kenny: So blindsided is one way to look at it, but the case also talks about the fact that there were some red flags that were popping up here and there. Let's go to the board now, because the board ... this wasn't the first time that they had heard about it.

Srinivasan: There's a doctrine developing in Delaware, it's called the Red Flag Doctrine, you normally depend on the company and managers, the board I mean, for information because you're launching your own investigations and calling four levels down the line, asking for ... You know, you trust the CEO, you trust the next level for information when they give you information, but if there are red flags, like you said, then you have to be on alert on what was happening, and it seems like there were more than enough red flags. To be fair though, there were some processes being put by the risk part of the board, but probably not enough, and they still relied on management a little too much.

If you think about it, at the bank there were actually terms that the employees were using such as “bundling.” The front-end employees would falsely tell a customer for instance if you open a checking account that you have to open a savings account along with that, that these are bundled products, when actually in reality there were no bundled products. That you have to take a credit card, when in reality you didn't have to do that.

There was another thing called “sandbagging.” These were informal terms that the sales force was using. They would try to manage targets in particular ways, and of course the easiest grade was floating around there. Even way back in 2004 there was a gaming report, a gaming quote-unquote, that the bank was at risk because the employees were game targets. So this was not new for the bank, and this was certainly not new for sales driven companies.

Kenny: Do you think that in the wake of something like what happened at Wells Fargo that board directors should really be thinking hard about their role and the commitment they're making when they step onto a board?

Srinivasan: Board roles are hard for the following reasons. Like you said, you don't want to be getting on a board always with the attitude that I'm going to be second-guessing everything that management is telling me. I don't want to be probing under rocks for risk and bad news that doesn't exist, because you are entering into a trusting relationship. The board monitors the company. The management runs the business. It's a fine line to try to figure out where to draw that line.

The norm, especially in the US, is for the boards to defer much more to the management unless there's a reason to believe otherwise. Now when do you decide there's reason to believe otherwise? Were these red flags enough? My personal feeling is the boardroom is too safe a place for management. But again, how do you draw that line? When do you decide it's too safe and when do you want to make it a little unsafe in terms of the kinds of questions that you want to ask?

Like I said, it's a $2 trillion organization, a $2 trillion asset organization, hundreds of thousands of employees, so it has to be almost a fulltime job for some of the people who are doing this. On the other hand, the management does run the business. So yes, I think incidents like Wells Fargo raise very important questions for management, too, that you should involve the board more, that you have to be much more willing to be transparent and expose the board to what's happening inside the organization. You should, in fact, have somebody on the board who asks the tough questions.

But there should be some process by which we are not indulging in group think, and that's not the first time that anybody has mentioned about group think in the context of a board or just, you know, it's a group of 10 or 12 people, and who bells the cat? The best boards do have that. They do have somebody or a group of people that in different circumstances are charged with asking the tough questions so that things don't go unasked because nobody knows whether it's their job to ask them.

Kenny: Do you think there's a role here for activist investors, too? We're hearing a lot about activist investors. Sometimes they come off looking really bad, but I'm wondering if there's an important role that an activist investor plays in holding the board and the leadership of an organization accountable?

Srinivasan: Yes and no. The no part of that [is that] the problems of Wells Fargo are not the typical issues that an activist investor would have surfaced, because it's more of a risk management issue. This is more of an issue where things are happening in the front end. This is certainly an issue for compliance and the role of the whistleblowers. Are the whistleblower complaints getting through to the board? What is the process for understanding them? Are there enough of a certain kind of issue?

I bet in a bank like this they would have had some processes. It's unimaginable that they would not have had, but it's probably worked well for every board to go back and try and understand yes, we think we have a process. Have we reviewed it recently? Are there blind spots that we're facing in this?

Kenny: You've discussed this case in class, have you?

Srinivasan: Several times. We've done it in our MBA program. We've done it and we have used it in both programs. We've used it in programs for risk managers. We've used it in senior executive programs. We use it for two big purposes. One is to understand risk management. One of the very common risk management motives is what we call the fraud triangle, and how the fraud triangle plays out. The three legs of the triangle are opportunity, rationalization, and pressure. The idea is that all these three have to come together at the same time for risk controls to fail.

I think this case really illustrates very well that there was opportunity because the risk controls weren't working. There was pressure because of the sales force, and there was rationalization in a way because the senior management was supporting it and everybody was saying yes, we're doing it for the benefit of the bank and in a way they were rationalizing their own behavior. So when the trifecta comes together, then you have a blow up. We use it to try to understand how that happens and what can you do to prevent that and certainly the higher level issues with respect to the board that you've been talking about.

Kenny: Suraj, thanks so much for joining us today.

Srinivasan: Thank you. It's really a pleasure to be here.

Kenny: If you enjoyed listening to the Wells Fargo case, you can find Cold Call wherever you listen and subscribe to podcasts. Every episode features a business case taught to MBA students right here at Harvard Business School. We'd love to hear your thoughts, so take a few moments to write a review. I'm Brian Kenny, your host, and thank you for listening to Cold Call, an official podcast of Harvard Business School.

Recorded March 28, 2018. Edited for length and clarity.

Post A Comment

In order to be published, comments must be on-topic and civil in tone, with no name calling or personal attacks. Your comment may be edited for clarity and length.