ERM and Risk Events at Wells Fargo

1
ERM and Wells Fargo
Enterprise Risk Management, National Commercial Banks and Wells Fargo
Jeremy Bambace
Syracuse University

2
ERM and Wells Fargo
Executive Summary
The purpose of this report is to explore the field of enterprise risk management, related
applicability to the national commercial bank industry, and more specifically the intersection of
risk management and risk events experienced by a particular organization within this industry –
Wells Fargo. The intent is to establish a contextual frame of reference for Wells Fargo via a
brief overview of the commercial bank industry and corresponding examples of risks applicable
in this industry, followed by a deeper dive into two specific risk events experienced by Wells
Fargo. Subsequently, an assessment of Wells Fargo’s management of these risks and
contingency/disaster recovery responses is presented, concluding with several insights drawn
from the results of their actions.
Investigative methods used for this paper consisted primarily of electronic medium,
which encompassed reviews of the selected organization’s annual reports and other published
material (available via the ‘Investor Relations’ and ‘Leadership and Governance’ sections of
their website), referencing of the LexisNexis database, online editions of professional and higher
education periodicals, newspapers, and general search engine searches. Additionally, the
Chapman as well as the Barton, Shenkir and Walker textbooks used throughout the IST 625
course were also referenced.
Several insights and key findings were identified, including the realization that one of the
business practices which contributed to mitigation of the first risk event explored, evidently
appears to have been one of the catalysts leading to the manifestation of the second risk event.
Other key findings include an underscoring of the importance of establishing a culture which
values open communication of identified risk exposure across all levels of the organizational

3
ERM and Wells Fargo
hierarchy; the importance of establishing, clearly communicating, and aligning business units to
an organizational risk appetite; the benefits of instituting reliable risk indicators; and the
mitigating effects of leadership transparency and willingness to take accountability for risk
management failures.
Background and Industry Context
The industry researched for this paper was National Commercial Banks (SIC 6021),
described as: “Commercial banks and trust companies (accepting deposits) chartered under the
National Bank Act” (United States Department of Labor, 2017). This industry is comprised of
1,799 large commercial banks, with the five largest consisting of JPMorgan Chase, Wells Fargo,
Bank of America, Citibank, and US Bank (Federal Reserve Statistical Release, 2017). The
Reference for Business website provides the following overview of the structure of this industry
(SIC Code 6021 National Commercial Banks, 2017):
The National Bank Act of 1863 created the basis for the first national U.S. banking system
and continues to serve as the basic banking law for American national banks… The original
plan for the national banking system was outlined by Salmon Chase, the secretary of the
treasury, in 1861. National banks are chartered and supervised by the Comptroller of the
Currency of the United States. The charters issued by the comptroller are of indefinite
duration. All national banks are required to be members of the Federal Reserve bank of their
district and to invest in the capital stock of the bank as required by the Federal Reserve Act
of 1913, which requires that 6 percent of the national bank's capital and surplus must be
pledged and 3 percent deposited as payment. National banks are further required to be
insured by the Federal Deposit Insurance Corporation (FDIC). National banks have 20

4
ERM and Wells Fargo
enumerated, general powers, which are effective upon the execution and filing of the articles
of association and the organization certificate. Such powers include the obvious—receiving
and loaning money—as well as the obscure—providing travel services for customers.
National banks are granted general corporate powers, which include making contracts, suing
and being sued, electing and appointing directors, and prescribing bylaws. They are also
allowed to establish branch offices in the United States and abroad, under specified
conditions. They conduct a range of activities involving real estate, U.S. government
securities, the establishment of trusts, and other financial activities. Such broadly construed
powers enable national banks to engage in far more than strictly commercial banking.
(Organization and Structure Heading section, para. 1)
The primary risk factors for this industry include systemic risks related to interconnectedness of
individual financial institutions, traditional financial risks (including liquidity, credit, borrowing,
currency, funding, foreign investment, and derivatives risk) as well as operational, technological,
legal, and reputational risks (Chapman, 2011). Risk management is a relatively mature process
across financial institutions as it pertains specifically to managing traditional financial risks, due
to the simplicity of quantifying and measuring financial risk relative to other types of risk (e.g.,
operational or reputational, for instance). Although comprehensive and integrated enterprise risk
management is still a relatively immature process across the financial industry, there are
examples of national commercial banks taking initiative to incorporate a broader enterprise
approach to risk management as exemplified by Chase Manhattan’s implementation of the SVA
(Shareholder Value Added) structure in 1998 (Barton, Shenkir, and Walker, 2002).
Despite the shift toward enterprise risk management by some banks, the impacts
associated with the 2007-2009 financial crisis have made it clear there are also market-wide

5
ERM and Wells Fargo
systemic risks which must be understood and managed at the macro-level (Chapman, 2011). The
impacts of the 2007-2009 financial crisis resulted not only in greater focus on comprehensive
ERM practices within individual banks, but also significant political reform across the financial
services industry through measures such as the Dodd-Frank Wall Street Reform and Consumer
Protection Act signed into law in 2010, which “focuses on risk management, systemic risk,
capital and liquidity adequacy, and interconnectedness of banks” (Chapman). Additionally,
following the financial crisis, there were calls to re-establish the Glass-Steagall act to separate
commercial and investment banking activities (Chapman).
One of the largest competitors in this industry is Wells Fargo & Company, a financial
services firm headquartered in San Francisco with offices in 42 countries and territories, $1.9
trillion in assets (3rd largest in the United States) and approximately 269,000 employees.
Founded in 1852, Wells Fargo provides banking, insurance, investments, mortgage, and
consumer and commercial financial services (Wells Fargo, 2016d). Wells Fargo’s business
model consists of “lending for small businesses, cars, energy and agriculture; insurance
operations; a network of stockbrokers; and a significant mortgage operation, gathering 25% of
the American mortgage market and originating approx. 30% of the country’s home loans in
2012” (Riding High, 2013).
ERM at Wells Fargo
Wells Fargo risk governance structure is premised on the notion that each line of business
owns primary accountability for risk, while the corporate risk functions provide oversight, an
enterprise view, and appropriate “challenge” on strategy and performance of risk-taking
activities (Loughlin, 2014). The corporate risk function reports directly into the Board of

6
ERM and Wells Fargo
Directors, and is comprised of Corporate Credit & Market Risk, Corporate Enterprise Risk
Group, Corporate Risk Program Office, and Operational Risk & Compliance (Wells Fargo,
2017d). Additionally, there is a corporate ‘Audit Services’ group, which assesses whether the
company’s risk management, systems of control, and governance processes are adequate and
functioning as intended.
From an organizational reporting structure, the Risk function is led by Michael Loughlin
(SVP and Chief Risk Officer), who oversees all risk-taking activities at Wells Fargo, including
credit, market, operational, compliance, information security (including cyber risk), and financial
crimes risk management (Wells Fargo, 2017e). Loughlin has direct reports who each focus on
separate risk areas, such as Operational Risk, Credit Risk, Market & Institutional Risk, Financial
Crimes Risk, etc. (Loughlin, 2014). Additionally, the Board of Directors maintains a distinct and
separate Risk Committee, who is chartered to “provide oversight of the Company’s enterprise-
wide risk management framework and Corporate Risk function, including the strategies, policies,
procedures, processes, and systems, established by management to identify, assess, measure,
monitor, and manage the major risks facing the Company” (Wells Fargo, 2017b).
Key Risks
Two key risks which are important for Wells Fargo as well as the National Commercial
Banking industry as a whole include Financial Risk and Reputational Risk. Financial risk is
important to all businesses, and especially firms competing in the financial services industry,
because sources of this type of risk “have the potential to be ‘fatal’ in that they can bring about
the demise of a business” (Chapman, 2011). Financial risks will influence a bank’s business
plan in direct relation to the bank’s specified level of risk appetite. In the case of Wells Fargo,

7
ERM and Wells Fargo
this influence was evident through their explicit specification of a lower appetite for credit risk
(relative to other National Commercial Banking competitors), which influenced their business
plan by targeting lower credit default returns/volatility in lieu of more stable rate of returns
through cross-selling of products. This business strategy acknowledged the fact that performance
may be comparatively lower than competition during healthy or exuberant economic cycles, but
also reasoned that losses would be more contained during slower or more volatile periods of
economic activity. As an example, the number of loans underwritten by Wells Fargo during the
financial crisis was 11.8% of all loans approved since 1999, which reflects a relatively low risk
appetite and conservative business model when compared to Bank of America or Countrywide
ratio of loan approvals during this same timeframe (30.2% and 38.7%, respectively) (Yang,
2015). Clearly, Wells Fargo did not increase their rate of loan underwritings to the same extent
which competitors did during this exuberant economic cycle, illustrating the influence which
financial risk and risk appetite exerted on their business plan.
A second key risk which is important to the financial industry is reputational risk. Given
the history and longevity of most of the national commercial banks in the U.S., reputation
represents both a critical asset (developed over many years) as well as a critical risk to be
managed. According to Chapman (2011), “reputation is critical to business survival. Reputation
erosion... can present a serious risk to a business… (it can) impede the sale of goods or services,
harm recruitment of high-caliber staff, deter desirable business partners, and/or make debt more
expensive” (Chapman, 2011). Risk to reputation should not influence a firm’s business plan so
much as it should influence its vision, values, ethics, and culture. Reputation is something that is
built up over a long period of time, and is typically not something that can easily be bought or

8
ERM and Wells Fargo
influenced via any short-term tactics. According to Wells Fargo vision and values (Wells Fargo,
2016c), they
want to be known as one of the world’s great companies, but we know that an
outstanding reputation cannot be bought or manipulated. It has to be earned over decades
by ethical, customer-centered behavior and team members who care. Our vision and our
values must come first. Our reputation extends from our character, not the other way
around. We should want to do something — or not do something — based first on
whether it’s right for our customers, team members, communities, and shareholders, not
for how it will affect our reputation. If it’s the right thing to do, it will be good for our
reputation. (p. 31)
This intent to integrate an ethical foundation into the overall cultural fabric of the organization
does influence Wells Fargo’s approach to business, which is also reflected in their vision and
values statement. Specifically, they note the importance of exceling in credit and risk
management, and refer to this expertise as providing a “foundation for our reputation and
industry leadership” (Wells Fargo, 2016c).
Wells Fargo defines credit risk as the “risk of loss associated with a borrower or counterparty
default (failure to meet obligations in accordance with agreed upon terms). Credit risk exists with
many of our assets and exposures such as debt security holdings, certain derivatives, and loans”
(Wells Fargo, 2016a). Credit risk is managed through underwriting policies, as well as
monitoring and reviewing performance of existing loan portfolios. Credit risk management and
monitoring activities include:
• Loan concentrations and related credit quality (Wells Fargo, 2016a);
• Counterparty credit risk (Wells Fargo, 2016a);

10
ERM and Wells Fargo
• “Monitor the Company’s reputation generally, including with customers” (Wells Fargo,
2017c).
Holistically, Wells Fargo manages risk through the process of articulating a ‘statement of risk
appetite’, which “defines the nature and level of risk… willing to take while operating in a safe
and sound manner. This statement provides the philosophical underpinnings that guide
businesses and risk professionals as they manage risk on a day-to-day basis” (Wells Fargo,
2016c). Further, Wells Fargo also espouses an organizational expectation that all employees are
responsible for identifying and communicating risk exposures (Wells Fargo, 2016c):
While we rely on risk professionals to take primary responsibility for managing and
escalating risks, we firmly believe that managing risk is everyone’s business. We expect
team members to identify and escalate potential risks, and we must give them a safe
haven to report their concerns without fear of retaliation. (p. 17)
Although this expectation is espoused publicly and perhaps also internally at various
organizational levels, recent reputational risk incidents suggest a pervasive divergence from this
value, at least across the Retail Sales organization.
History of Incidents
Recent incidents where the above mentioned two risks manifested into actual impacts to
Wells Fargo include the 2007-2009 financial crisis and a 2016 charge of mass fraudulent account
openings. The first incident, related to the 2007-2009 financial crisis, resulted in impacts to
credit defaults and other losses directly related to financial risks the firm had chosen to acquire.
More specifically, as a result of the subprime mortgage crisis and related events, Wells Fargo (as
well as myriad other financial institutions) experienced elevated rates of credit defaults and

11
ERM and Wells Fargo
declines in real estate backed assets which were previously rated as very low risk by credit rating
agencies. The underlying root causes of this incident were pervasive throughout the financial
industry, and consequently the impacts were not isolated to Wells Fargo but rather affected the
financial services industry in aggregate as well as the entire global economy.
Overall, Wells Fargo’s risk management framework enabled it to avoid significant
impacts from this risk event (relative to competitors), however there were still material impacts
resulting from the systemic failures permeating the global financial industry. To address these
impacts, a variety of recovery responses were executed, including proactively contacting at-risk
borrowers, establishment of various educational and counseling support programs, and
partnership with U.S. Treasury to manage subprime mortgage risk in an effort to prevent
foreclosures (Wells Fargo, 2008). The following excerpt from the Wells Fargo 2007 Annual
Report illustrates their approach to this risk:
In 2007 across the mortgage industry, almost one of every two foreclosures involving a
customer with an ARM occurred before the loan was reset at a higher rate, mostly due to
too much debt, lower income or a decline in the home’s market value. For those
borrowers in financial trouble, about half never contacted their servicer. So, our message
to any of our customers struggling to make payments is loud and clear: Call us! If they
do, we can work with them to try to find options to help them stay in their home or find
other alternatives to avoid foreclosure. (p. 6)
Several of the more salient emergency responses and contingency plans utilized to manage their
risk exposure and mitigate impacts included the following:
• Ceased purchasing home equity loans from third-party correspondents (Wells Fargo,
2007);

12
ERM and Wells Fargo
• Stopped purchasing loans through wholesalers when the borrowers were not Wells Fargo
mortgage customers (Wells Fargo, 2007);
• Exited the nonprime wholesale and correspondent channels for first mortgages (Wells
Fargo, 2007);
• Placed about 3% of total loans outstanding ($11.9 billion) into a liquidating portfolio, and
added $1.4 billion to credit loss reserves (Wells Fargo, 2007);
• Increased allowance for credit losses by $8.1 billion, ending the year with $21.7 billion
(Wells Fargo, 2008);
• Strengthened balance sheet by taking $37.2 billion write-down on $93.9 billion of higher-
risk loans from Wachovia (acquired in 2008) (Wells Fargo, 2008);
• Took proactive steps to contact customers with impending ARM resets or delinquent on
mortgage payments to find options to avoid foreclosures (Wells Fargo, 2008).
Considering the material impacts and contingency costs/reserves noted above, in a relative sense
Wells Fargo still navigated the aforementioned risk events well. Key points which highlight their
effective risk management include:
• Did not make Adjustable Rate Mortgages (Wells Fargo, 2007);
• Did not make negative amortization ARMs (Wells Fargo, 2007);
• “Only ‘very few instances’ of below certain credit scores, stated-income mortgages and
low- and no-documentation mortgages” (Wells Fargo, 2007);
• “Because of our prudent lending to customers with less than prime credit and our
decision not to make negative amortization loans, we estimate we lost between two and
four percent in mortgage origination market share from 2004 to 2006. That translates into
losing between $60 billion and $120 billion in mortgage originations in 2006 alone.

13
ERM and Wells Fargo
We’re glad we did. Such lending would have been economically unsound and not right
for many borrowers” (Wells Fargo, 2007);
• “Did not participate to any significant degree in collateralized debt obligations (CDOs),
structured investment vehicles (SIVs) to hold assets off our balance sheet, hedge fund
financing, off-balance sheet conduits, the underwriting of low-covenant or no-covenant,
large, highly leveraged loans and commitments to companies acquired by private equity
firms through leveraged buyouts” (Wells Fargo, 2007);
• “We sell the vast majority of our mortgage loans to capital market investors. We believe
our commercial lending portfolio is among the highest quality of any large bank in the
nation” (Wells Fargo, 2007);
• “Because of our Responsible Mortgage Lending Principles and our Responsible
Mortgage Servicing Principles, our foreclosure rate in our home mortgage servicing
portfolio in 2007 was more than 20 percent better than the industry average. Less than
one in every 100 loans in our servicing portfolio was in foreclosure” (Wells Fargo, 2007).
These points serve to illustrate how Wells Fargo “maintained its credit risk discipline reasonably
well during the years of excessive risk taking in the industry” (Wells Fargo, 2007).
Areas where risk management could have been improved include:
• “Taking on too much risk and not adequately pricing for it in relation to home equity
loans purchased through indirect channels” (Wells Fargo, 2007);
• “Too many home equity loans had “loan-to-value” ratios that were too high” (Wells
Fargo, 2007);
• “Full documentation for home equity loans was not always required” (Wells Fargo,
2007).

14
ERM and Wells Fargo
Despite these opportunities for improvement, Wells Fargo’s lower risk appetite (relative to
similarly sized competitors), and alignment of LOB risk taking behavior to this stated appetite,
resulted in lower losses (again relative to competitors) which in turn enabled Wells to act from a
relative position of strength and pursue new risks (strategic opportunities) during this tumultuous
timeframe. Specifically, Wells Fargo strategically leveraged the broader industry risks and
impacts of the Great Recession to acquire Wachovia (Riding High, 2013). This strategic
acquisition enabled Wells to expand its branch presence beyond the Western half of the U.S.,
ultimately resulting in a strong presence across the eastern half of the country as well (Riding
High). According to the Wells Fargo 2008 annual report:
Because of our financial performance, capital strength, liquidity, credit discipline and
earnings, we were able to seize an unprecedented opportunity to satisfy all the financial
needs of at least 30 million more customers. We’ve had a significant retail mortgage
presence in the Eastern U.S. for a long time; we now have a significant Community Banking
presence there as well. This is one of the biggest cross-sell opportunities of the Wachovia
merger — the opportunity in 15 more states to earn all the banking business of our mortgage
customers and all the mortgage business of Wachovia’s banking households. This
opportunity alone could generate millions of dollars of added revenue because we have about
three million Wells Fargo Home Mortgage customers in the 15 states we enter with
Community Banking through the Wachovia merger. (p. 3)
Indeed, Wells’ prudent risk management (premised on a foundation of conservative risk appetite
and philosophy) uniquely positioned it to avoid substantial impact (relative to competitors) from
the 2007-2009 financial crisis, and in turn create new strategic revenue opportunities. However,
one interesting observation which should be noted in Wells’ above characterization of this

15
ERM and Wells Fargo
opportunity is the focus on cross-selling prospects. Interestingly, this emphasis on cross-selling
(in conjunction with apparent incentivization, cultural and control deficiencies) appears to be one
of the primary catalysts which sparked the second risk incident this report will focus on -
reputational risk.
The second risk event referenced, related to a 2016 charge that Wells Fargo fraudulently
opened approximately 2 million accounts without customers’ authorization (McCoy, 2017),
clearly resulted in reputational impacts to the Wells brand. The charges allege that Wells’
employees “illegally opened millions of unauthorized accounts for their customers in order to
meet aggressive sales goals” (Sweet, 2016). This includes “more than 2 million accounts that
may have not been authorized. Money in customers' accounts were transferred to these new
accounts without authorization. In some cases, employees even created fake email addresses to
sign up customers for banking services” (Sweet). Awareness of these fraudulent account
openings apparently dates as far back as 2011 (Zoltners, Sinha, and Lorimer, 2016). The
underlying factors which appear to have instigated this event are aggressive sales goals (for
employees) combined with ethical and cultural deficiencies and a lack of sufficient internal
controls to detect fraudulent employee behavior.
It is unclear whether Wells Fargo possessed any pre-existing contingency plans prepared
for this type of risk event, possibly the result of an “it won’t happen to me” mentality pervasive
all the way up to the Board level. Up until this incident occurred, Wells Fargo had branded itself
as a trust-worthy institution and attempted to cultivate a culture aligned with this image. Since
there had not been significant prior incidents related to unethical behavior or cultural
deficiencies, over time leadership may have adopted a presumption that they were not
susceptible to this type of risk. According to Bosman (2011),

17
ERM and Wells Fargo
CEO John Stumpf and then-retail-bank head Carrie Tolstedt” (Glazer and Hufford,
2017);
• “Retention of PwC to conduct large-scale data analysis of more than 94 million accounts
opened from May 2011 to mid-2015 to evaluate whether customers may have incurred
financial harm from potentially unauthorized accounts” (board-and-company-actions.pdf)
as well as other “external consultants to review sales practices (Wells Fargo, 2016b);
• “Refunded over $3.2 million on approximately 130,000 potentially unauthorized
accounts” (Wells Fargo, 2016b);
• “Wells Fargo’s Independent Directors Launched a Comprehensive Investigation into
Retail Banking Sales Practices… retained the law firm, Shearman & Sterling LLP, to
assist in the investigation” (Wells Fargo, 2016b);
• “Expanding scope of incentive compensation risk management program to take into
account reputational risk issues, including conduct risk and sales practices risk, in
addition to financial risk” (Wells Fargo, 2016b);
• “Changed Board Leadership structure” (Wells Fargo, 2016b);
• “Board has enhanced oversight of conduct risk, including sales practices risk, through
reporting to the Board on alignment of team member conduct with (1) our Company’s
risk appetite and (2) our Company’s culture as reflected in our Vision and Values and our
Code of Ethics and Business Conduct” (Wells Fargo, 2016b).
Drawing on the evidence, it appears Wells Fargo exhibited a significant gap in their risk and
controls framework which existed as a vulnerability for a prolonged duration of time, and for
which senior management neglected to initiate swift and decisive action after initially becoming
aware of this exposure. The fact that the Board became aware of the fraudulent activity in 2011

18
ERM and Wells Fargo
(Zoltners, Sinha and Lorimer, 2016), yet the behavior continued until 2016, signifies a
significant gap in controls and Board of Director responsibilities, and clearly illustrates where the
company went awry on this risk event.
Reflection and Lessons Learned
Reflection on these two risk types, factors which contributed to the specific risk events
outlined in this paper, and perceived lessons learned encompass several points. One lesson,
applicable to the first risk event noted (i.e., financial risk and impacts of 2007-2009 financial
crisis), is the importance of defining and communicating a specific risk appetite, and consistently
aligning line of business plans/risk exposure to the specified risk appetite across the entire
organization. The importance of this insight is evidenced by Wells Fargo’s ability to weather the
2007-2009 financial crisis, and indeed leverage the macro economic conditions to pursue new
strategic opportunities. The lesson in this instance is that a well-defined and managed enterprise
risk structure premised on a sound, well-communicated risk appetite, not only helps to avoid or
mitigate downside risk, but also facilitates realization of upside risk (opportunity) as well. This
approach enables organizations to establish an overarching risk management strategy and
framework, used to consistently guide business plans and decision making across the firm,
without necessarily mandating the development of elaborate plans for every type of conceivable
risk. As noted by Taleb, Goldstein and Spitznagel (2009),
Instead of trying to anticipate low-probability, high-impact events, we should reduce our
vulnerability to them. Risk management… should be about lessening the impact of what
we don’t understand—not a futile attempt to develop sophisticated techniques and stories

19
ERM and Wells Fargo
that perpetuate our illusions of being able to understand and predict the social and
economic environment.
A second reflection, applicable to the reputational risk and associated events outlined in this
paper, is the importance of establishing accurate and reliable risk indicators, which can be used
to monitor the environment for manifestation of risk events which would then trigger mitigation
responses. The importance of this lesson is evident based on the fact that Wells Fargo took
action to fire employees as far back as 2011 for fraudulent account openings, yet the control
deficiencies enabling these breaches to occur continued until as recently as 2016 (Zoltners, Sinha
and Lorimer, 2016).
Even if formalized risk indicators were not established prior to the initial infractions back
in 2011, there were clearly control deficiencies and corresponding risk exposure which should
have been addressed subsequent to the 2011 incidents, yet were apparently ignored or perceived
as inconsequential. As Ochs (2016) writes,
According to Stumpf’s testimony, a board committee became aware of the fraud ‘at a
high level’ back in 2011. They had a fuller discussion in 2013–2014 — around the time
when media reports of the illicit behavior first surfaced. Although roughly 1,000
employees had been fired each year since 2011 for these practices, the board only became
‘very active’ on the issue in 2015.
These details are in fact astonishing! The notion that ~ 1,000 terminations related to this issue
occurred per year since the 2011 timeframe, yet it took the spotlight of the media and
congressional intervention for Wells Fargo leadership to own up to this issue, leave little doubt in
my opinion that virtually the entire Board and senior leadership team should be replaced. This
clear lack of action to mitigate obvious control gaps and associated risks underscores the

20
ERM and Wells Fargo
importance of a third lesson; namely the importance of cultivating a culture that shields against
groupthink, values transparency and encourages employees to be vocal and communicate
potential risk exposures to management, risk, or compliance teams. “Employees should feel not
only comfortable but also accountable for speaking up. Wells Fargo is creating the opposite
environment — where employees are discouraged from caring or challenging anything” (Ochs,
2016).
A final lesson which should be noted pertains to risk response relative to incidents which
have resulted in reputational impacts. In these situations, management should consider full
transparency of the organizational deficiencies which contributed to the manifestation of the risk,
as well as a willingness to personally accept accountability for these deficiencies. Insincere or
evasive responses could be perceived negatively by the general public, and further exacerbate
reputational damage. According to Minsky (2016), John Stumpf, the CEO of Wells Fargo
during the timeframe when the fraudulent account activity was occurring, should have
started with an admission of Wells Fargo’s failure in risk management processes across
the enterprise, followed by evidence that a more effective, formal enterprise risk
management process is being implemented. Instead of simply apologizing and attempting
to provide restitution, Stumpf should have demonstrated that Wells Fargo is taking
proactive risk management measures to protect its many stakeholders. It is the company’s
duty to ensure that something like this never happens again.
Instead of adopting this candid and transparent approach, Stumpf instead “denied any knowledge
of the illegitimate accounts” (p. 1).
Collectively, all of these lessons serve to underscore the importance of adopting an
integrated, enterprise approach to risk management, and establishing appropriate monitoring and

22
ERM and Wells Fargo
Additionally, there are many tools and techniques which can be incorporated to further enhance
the risk management process; and structuring of the risk personnel can be tailored to unique
organizational needs (e.g., centralized, decentralized, or a hybrid approach). Ultimately, there
will never be a “one size fits all” best practice for risk management; however, through the
establishment of a well-defined framework a solid foundation can be laid from which subsequent
improvements can be iterated based on unique attributes of the organization and characteristics
of the external competitive environment.

23
ERM and Wells Fargo
References:
Barton, T., Shenkir, W., and Walker, P. (2002). Making Enterprise Risk Management Pay Off.
Upper Saddle River, NJ: Financial Times/Prentice Hall.
Bosman, R. (2011). The Natural Disaster Assumption: It Won't Happen to Me. Risk Management
Magazine.
Chapman, R. (2011). Simple tools and techniques for enterprise risk management (2nd
ed.). West
Sussex, United Kingdom: John Wiley & Sons Ltd.
Federal Reserve Statistical Release (2017). Large Commercial Banks. Retrieved from
https://www.federalreserve.gov/releases/lbr/current/
Glazer, E. and Hufford, A. (2017). Wells Fargo: Top Executives Won’t Get Cash Bonus for
2016. The Wall Street Journal. Retrieved April 16th
, 2017 from
https://www.wsj.com/articles/wells-fargo-top-executives-wont-get-cash-bonus-for-2016-
1488381031
Glazer, E. (2017). Wells Fargo to Roll Out New Compensation Plan to Replace Sales Goals. The
Wall Street Journal. Retrieved April 16th
, 2017 from https://www.wsj.com/articles/wells-
fargo-to-roll-out-new-compensation-plan-to-replace-sales-goals-1483719468
Loughlin, M. (2014). Managing Risk at Wells Fargo [PowerPoint slides]. Retrieved April 16th
,
2017 from https://www08.wellsfargomedia.com/assets/pdf/about/investor-
relations/presentations/2014/loughlin-presentation.pdf
McCoy, K. (2017). Wells Fargo revamps pay plan after fake-accounts scandal. USA Today.
Retrieved April 16th
, 2017 from
https://www.usatoday.com/story/money/2017/01/11/wells-fargo-revamps-pay-plan-after-
fake-accounts-scandal/96441730/

24
ERM and Wells Fargo
Minsky, S. (2016). Wells Fargo: What Should Have Happened. Risk Management Monitor.
, 2017 from http://www.riskmanagementmonitor.com/wells-fargo-
what-should-have-happened/
Ochs, S. (2016). The Leadership Blind Spots at Wells Fargo. Harvard Business Review.
, 2017 from https://hbr.org/2016/10/the-leadership-blind-spots-at-
wells-fargo
Riding High. (2013, September). The Economist. Retrieved April 16th
, 2017 from
http://www.economist.com/news/finance-and-economics/21586295-big-winner-financial-
crisis-riding-high
Rossi, C. (2016). Wells' Risk Management Tools Should Have Caught This Sooner. American
Banker. Retrieved April 16th
, 2017 from https://www.americanbanker.com/opinion/wells-
risk-management-tools-should-have-caught-this-sooner
SIC Code 6021 National Commercial Banks. (2017). In Reference for Business. Retrieved April
16th
, 2017 from http://www.referenceforbusiness.com/industries/Finance-Insurance-Real-
Estate/National-Commercial-Banks.html
Sweet, K. (2016). Wells Fargo fined $185M for improper account openings. Chicago Daily
Herald. Retrieved April 16th
, 2017 from www.lexisnexis.com/hottopics/lnacademic
Taleb, N., Goldstein, D., and Spitznagel, M. (2009). The Six Mistakes Executives Make in Risk
Management. Harvard Business Review. Retrieved April 16th
, 2017 from
https://hbr.org/2009/10/the-six-mistakes-executives-make-in-risk-management
United States Department of Labor (2017). Description for 6021: National Commercial Banks.
Retrieved from
https://www.osha.gov/pls/imis/sic_manual.display?id=66&tab=description

25
ERM and Wells Fargo
Wells Fargo. (2007). Annual Report 2007. Retrieved April 16th
, 2017 from
https://www.wellsfargohistory.com/archives/annual-reports/wells-fargo-three/
Wells Fargo. (2008). Annual Report 2008. Retrieved April 16th
, 2017 from
https://www.wellsfargohistory.com/archives/annual-reports/wells-fargo-three/
Wells Fargo. (2016a). Annual Report 2016. Retrieved April 16th
, 2017 from
https://www.wellsfargo.com/about/investor-relations/annual-reports/
Wells Fargo. (2016b). Highlights of Board and Company Actions in Response to Sales Practices.
, 2017 from
https://www08.wellsfargomedia.com/assets/pdf/about/investor-
relations/presentations/2017/board-and-company-actions.pdf
Wells Fargo. (2016c). The Vision and Values of Wells Fargo. Retrieved April 16th
, 2017 from
https://www08.wellsfargomedia.com/assets/pdf/about/corporate/vision-and-values.pdf
Wells Fargo (2016d). Wells Fargo Today. Retrieved April 16th
, 2017 from
https://www08.wellsfargomedia.com/assets/pdf/about/corporate/wells-fargo-today.pdf
Wells Fargo. (2017a). Annual Report 2017. Retrieved April 16th
, 2017 from
https://www.wellsfargo.com/about/investor-relations/annual-reports/
Wells Fargo. (2017b). Board of Directors Risk Committee Charter. Retrieved April 16th
, 2017
from: https://www08.wellsfargomedia.com/assets/pdf/about/corporate/risk-committee-
charter.pdf
Wells Fargo. (2017c). Corporate Responsibility Committee Charter. Retrieved April 16th
, 2017
from https://www08.wellsfargomedia.com/assets/pdf/about/corporate/corporate-
responsibility-committee-charter.pdf

ERM and Risk Events at Wells Fargo

Recommended

Recommended

More Related Content

What's hot

What's hot (17)

Similar to ERM and Risk Events at Wells Fargo

Similar to ERM and Risk Events at Wells Fargo (20)

Recently uploaded

Recently uploaded (20)

ERM and Risk Events at Wells Fargo