The Wells Fargo fake-account scandal shows the harm done when companies ignore best practices under the Sarbanes-Oxley Act of 2002 (SOX). Based on media accounts, Wells Fargo violated three pillars of proper SOX compliance. Instead of listening to its whistleblowers, the bank fired them.
This expert analysis by TELG managing principal R. Scott Oswald was published by Law360 on September 30, 2016.
Wells Fargo Shows 3 Deadly Sins Of SOX
As the Wells Fargo fake-account scandal continues to unfold, CEO John Stumpf appears increasingly likely to lose his job over the bank’s high-pressure sales tactics.
If this happens, Stumpf would join about 5,300 low-level workers already fired for creating accounts without customer permission — but also many employees who were fired, unforgivably, for resisting or reporting the wrongdoing.
Along with Wells Fargo’s customers, these honorable employees are victims of a cutthroat culture built by Stumpf. Based on media accounts, Wells Fargo betrayed its most ethical workers by violating three key components of a compliance regime that is demanded by laws including the Sarbanes-Oxley Act of 2002.
Had the bank followed best practices under SOX, Stumpf could have been spared his ongoing shaming by Sen. Elizabeth Warren, D-Mass., his further grilling before the Financial Services Committee of the U.S. House of Representatives — and possibly the end of his own career.
Here are the three deadly sins of SOX, as illustrated by Stumpf and Wells Fargo.
Failure to Protect Whistleblowers
SOX and other federal laws forbid retaliation against employees who draw attention to wrongdoing. Under SOX, publicly traded companies must provide channels for such whistleblowing — and then guard zealously against the punishment of employees who use them.
Wells Fargo has an ethics hotline, as Stumpf testified recently, but media reporting has painted its use as a fast track to dismissal.
According to the New York Times, for example, one employee was fired just three days after calling the hotline, and subsequently ended up living in his truck. According to CNN Money, a single mother was fired soon after submitting a similar report — and was accused by Wells Fargo of falsifying documents, which she denies.
Such incidents show a shocking lack of internal controls at Wells Fargo: Upon receiving a whistleblower report, companies should carefully avoid any adverse action against the whistleblower — for any reason — at least until the report has been fully investigated.
CNN Money portrayed the exact opposite situation, however, with a former Wells Fargo human resources official saying that the bank had a method in place to retaliate against tipsters — monitoring their behavior to find minor pretexts for firing. If corroborated, such a method would be in clear violation of SOX and the Dodd-Frank Act.
“Tone at the Top”
To quote a commissioner of the U.S. Securities and Exchange Commission, SOX “makes clear that a company's senior officers are responsible for the culture they create.” Section 302 of the law calls for strict internal controls, while Section 404 makes top officers — and ultimately the CEO — responsible for the effectiveness of these controls.
“Tone at the top” is a key concept in SOX cases: it holds the CEO answerable not just for putting in place the right policies, but also for setting a clear moral example with regard to those policies. Based on his Senate appearance, Stumpf did the opposite.
First, as Warren made clear, Stumpf not only whipped his employees to meet unrealistic quotas for cross-selling bank products — leading directly to their fraudulent creation of accounts — but he also trumpeted their ever-increasing “success” as a key indicator of the bank’s health, despite evidence to the contrary.
And second, as cited by Sen. Bob Menendez, D-N.J., Stumpf not only failed to act on an employee’s e-mail to him about improper sales tactics — he also failed to prevent the employee’s subsequent firing.
When it is done properly, “tone at the top” can help to defend companies from liability under SOX. Here, it is likely to cut the other way.
Failure to Escalate Compliance Issues
Under SOX, public companies should ensure that credible whistleblower complaints are escalated as high as necessary to achieve resolution. Along with the CEO, a company’s audit committee — a subset of its board of directors — has particular legal duties in this regard, and can opt to hear and resolve whistleblower reports directly.
Until recently, when it stripped Stumpf of about $41 million in stock awards, the Wells Fargo board has been slow to recognize, and to act on, the bank’s dysfunctional culture. It’s unclear whether audit committee members were aware of all the reported ethics complaints — but ignorance is not an excuse under SOX anyhow.
Responsible audit committees and CEOs will put a speedy escalation procedure in place, and make their personal availability clear to whistleblowers.
In the end, SOX is all about process and accountability. By failing to develop either, Wells Fargo harmed the very employees who were trying to help it.
R. Scott Oswald is managing principal of The Employment Law Group in Washington, D.C. He represents whistleblowers under SOX and other laws.