Recently the CFPB announced an enforcement action against a large U.S. Bank alleging that a number of their employees improperly opened consumer accounts without them having been applied for, or authorized by, the customers. A number of accounts were purportedly opened and then closed within a brief period of time. In other cases, the [unauthorized] accounts remained opened.  The stated motivations behind this activity were aggressive sales goals on the part of the bank and resultant pressure to meet those goals.

To date, the bank has been ordered to pay fines approximating $185 million, a portion of which will be used to compensate impacted customers.  Media reports also indicate that approximately 5,300 employees have been let go.

Moreover, the case has sparked a large number of related actions including:

  1. Congressional hearings where the CEO of the company has been compelled to testify;
  2. The announcement that various federal and state prosecutors are “looking into” the matter;
  3. Calls for the Department of Labor to look into possible wage and hour violations;
  4. A recent announcement that “claw back” provisions will be invoked for executives that had oversight for the bank’s sales practices, including the CEO;

Significant regulatory, congressional, and public responses to this matter demonstrate that bank compensation practices can potentially expose the company to significant compliance, reputational, and financial risks.

As in all enforcement cases, not all of the facts are made public and it appears evident that management has taken significant action on its own to address this matter.  This writing is not meant to opine on the facts at hand, the bank, or any other matter pertaining to this case.

However, as in all public enforcement actions, there are important “lessons learned” to be had and actions other banks should consider in response.

The Guidance on Sound Incentive Compensation Policies:

The federal banking agencies issued the “Guidance on Sound Incentive Compensation Policies” (the “guidance”) in June of 2010. [1].  The guidance was applicable to all banks, however, initial supervisory efforts were directed towards the large banks where their activities posed greater systemic risk.  Smaller banks were deemed to be less risky and the general view was that their incentive compensation practices would be less complex and easier to manage.

There are several key elements of the Guidance:

  1. As noted above, they apply to all regulated financial institutions;
  2. By design, the Guidance does not mandate any specific types of plans or practices and is designed to provide a framework in which financial institutions should operate; it does not limit compensation nor define acceptable forms of incentive compensation;
  3. The Guidance applies to employees who individually or as part of a group that have the ability to expose the bank to material amounts of risk;
  4. There are certain exemptions such as 401K programs;

The Guidance has three key principles:

  1. Incentive compensation arrangements should balance risks and rewards and not expose the bank to undue or imprudent risks;
  2. Incentive compensation arrangements should be compatible with effective controls, risk management, and oversight;
  3. Incentive compensation arrangements must be supported by strong corporate governance and with effective oversight by boards of directors;

Red Flags:

Boards should be aware of certain “red flags” with respect to incentive compensation plans and direct management to take corrective action as needed:

  1. Poorly written or vaguely worded plans;
  2. Failure to incorporate clear risk guidelines and metrics;
  3. Volume based incentive programs without corresponding quality or compliance requirements;
  4. Lack of central oversight, administration and approval;
  5. Lack of Board oversight or committee review;
  6. Inadequate second and third line of defense engagement and oversight;
  7. Failure to react to red flags such as customer complaints or litigation;

Recommended Actions:

Boards should consider taking a holistic look at both the specific incentive compensation practices as well as the corresponding risk management controls at their respective banks:

  1. Ensure the incentive compensation guidance is incorporated into your compliance management program, regardless of bank size;
  2. Centralize administration of incentive compensation plans in one area (such as Human Resources) to ensure consistency and sound administration;
  3. Take steps to ensure that risk, compliance and quality metrics are incorporated into the plans to ensure risk and rewards are properly balanced. Sufficient data should be available to help ensure these criteria can be met;
  4. Add board oversight of incentive compensation practices. Perform an annual review of all the plans with periodic updates on performance, compliance, and audits;
  5. Conduct periodic testing and review by the second and third lines of defense;
  6. Conduct macro level statistical testing to identify possible anomalies and signs of people “gaming the system” (for example, if the average payout is $1,000 take a hard look at the person earning $3,000);
  7. Monitor for signs of program failures via complaints, litigation, etc.
  8. Take note of employee comments or concerns that may identify possible exposures;
  9. Move quickly to remediate identified problems.
  1. Exercise claw-back provisions for any instance of material non-compliance and ensure risk provisions in the plans are enforced;

Matthew Neels is the Senior Managing Director of Compliance for Strategic Risk Associates.  He has a 30-year career in banking, having served as Chief Compliance Officer for two large banking institutions and is a former OCC National Bank Examiner. He holds certifications in compliance, anti-money laundering, and privacy.  He may be reached at [email protected], 302-540-1441.

[1] Guidance on Sound Incentive Compensation Programs, 75 FR 36395, June 25, 2010