The Consumer Financial Protection Bureau left very little unsaid when it announced, a few days before Christmas, $3.7 billion in assessments against Wells Fargo Bank for more than a decade of legal violations harming its millions of customers.
The total included a $1.7-billion civil penalty, the largest imposed by the CFPB in its 11-year history, and an additional $2 billion in redress and restitution for cheated customers.
"Put simply, Wells Fargo is a corporate recidivist that puts one-third of American households at risk of harm," CFPB Director Rohit Chopra said, calling the giant bank "one of the most problematic repeat offenders" in its jurisdiction.
One might think that a financial institution so soundly spanked would respond to the punishment with humility and candor. Sadly, no. This is Wells Fargo we're talking about, so in its own news release it described the CFPB's order as an "agreement ... to resolve multiple issues."
The release didn't even mention the $2 billion in redress and restitution to customers. It highlighted that the CFPB, in its Dec. 20 order, "recognized" that the bank had "accelerated corrective actions and remediation" since 2020, implying that the bureau was well pleased with the results.
In fact, however, Chopra said in his prepared remarks that the bank is "not making rapid progress" in fixing its long-standing problems. Indeed, its recent "product launches, growth initiatives, and other efforts to increase profits" may even have "delayed needed reform."
Of course, one doesn't expect PR departments to ballyhoo bad news. But it's still rare to see such a masterpiece of corporate-speak as the Wells Fargo statement crossing one's desk.
The bank implied that the CFPB's order merely cleans up some old business "related to automobile lending, consumer deposit accounts, and mortgage lending," without going into specifics about what it was accused of, beyond mentioning "a series of unacceptable practices." For that, one would have to refer to the CFPB's 32-page consent order itself, which offers considerable detail.
Before reviewing the bank's discreditable record, let's examine the regulatory system that has allowed it to get to this point.
The fundamental problem is the tendency of U.S. business regulators to go easy on big companies caught violating the law. The bigger and more important the company, the more indulgent its government overseers.
In the banking sector, a prime example is JPMorgan Chase & Co., which has compiled a truly impressive history of corruption and fraud even while operating under supposedly heightened regulatory scrutiny.
In 2020, the company got disciplined for a serious, flagrant, years-long plot to rig financial markets through thousands of episodes of unlawful trading in precious metals futures contracts and in U.S. Treasury futures.
Dan M. Berkovitz, then a member of the Commodity Futures Trading Commission, called "the scope of misconduct and market harm ... unparalleled."
The government hit JPMorgan with a record $920 million in fines and penalties. Yet the market watchdog organization Better Markets rightly termed the outcome a "sweetheart deal."
That's because the accusation of market-rigging was the third JPMorgan had faced in recent years, including a bid-rigging scheme in the California electricity market in 2010 and 2011 for which the bank paid a $410-million penalty.
JPMorgan was already under a sentence of probation imposed in May 2015 for manipulating the foreign exchange market, to which the bank pleaded guilty to a conspiracy count. In that deal, the bank was forbidden to "commit another crime in violation of the federal laws of the United States."
Yet the offenses at the heart of the 2020 enforcement case dated from at least 2008 and continued until at least January 2016, prosecutors said. That means the alleged market rigging was taking place place while the earlier settlement was being negotiated and continued for seven months after the bank promised not to break the law again.
In that 2015 settlement, JPMorgan pleaded guilty to a criminal count of conspiracy and agreed to pay $550 million in fines. Four other banks — Citicorp, Barclays, Royal Bank of Scotland and UBS — also pleaded guilty and agreed to pay a combined $2 billion in fines.
Prosecutors pledged that there would be no second chances for these offenders. "We will hold financial institutions accountable for criminal misconduct," one of the prosecutors said.
Instead, despite a new charge of "unparalleled" wrongdoing, JPMorgan's penalty was just rolled over to another three years' probation.
The instruments that regulators and prosecutors use to extract a few bucks from corporate wrongdoers without really punishing them fall into two categories: deferred prosecution agreements, or DPAs, and consent orders.
The first are settlements in which the government holds back from bringing a criminal case as long as the target promises not to commit the same crime or another within a specified period. The second are deals in which a company consents to paying a penalty and taking other compliance steps — repaying cheated customers, upgrading its internal anti-fraud compliance and so on — without admitting or denying the regulators' allegations.
The deferred prosecution game was exploited to great effect by JPMorgan. In 2014, the bank secured a deferred prosecution agreement related to its alleged failure to alert authorities to what it knew about the Ponzi scheme of Bernie Madoff, a Morgan client.
Yet the conduct charged in 2020 dated from the period covered by the agreement, so that prosecution should have been reinstated. Obviously, unless prosecutors follow through on their promise to enforce the DPA, it's worthless. As Better Markets put it, an unenforced DPA is nothing but "a farce and a fraud on the public."
As for consent orders, Wells Fargo has piled those up the way a forest deer collects ticks. From a corporation's standpoint, consent orders are terrific because corporations are almost always allowed to sign them without "admitting or denying" the regulators' findings of fact or conclusions of law.
From time to time, a regulator will call foul on recidivist corporate wrongdoers. In 2015, then-commissioner Kara M. Stein of the Securities and Exchange Commission dissented from a wrist-slap issued by the SEC to JPMorgan and four other banks that had pleaded guilty to the crime of manipulating the foreign exchange market.
The SEC granted the five banks waivers from rules requiring that they be disqualified from certain privileges as market participants. As Stein observed, that was the sixth such waiver granted Morgan in seven years; all told, the five banks had received more than 23 such waivers over the previous nine years.
"This type of recidivism and repeated criminal misconduct should lead to revocations of prior waivers, not the granting of a whole new set of waivers," Stein complained. "We have the tools ... yet we refuse to use them."
She was right. If regulators repeatedly let corporate wrongdoers off the hook, nothing will stop them from repeatedly breaking the law in the knowledge that they'll just be granted another waiver from the consequences.
In its latest news release, Wells Fargo congratulated itself for securing the termination or expiration of four earlier consent orders reached with the CFPB and the comptroller of the currency. In none of them did the bank admit or deny the allegations, though it did pay millions of dollars in penalties.
Nor does that scratch the surface. By my count, Wells Fargo has collected at least 14 consent orders from the CFPB, the comptroller and the Federal Reserve since 2011, of which 10 may still be in effect.
On one occasion, the bank had to stand up in federal court (so to speak) and admit its criminal activity forthrightly. That was in 2020, when Wells Fargo admitted to collecting millions of dollars in improper fees and interest, harming the credit ratings of some customers, and misusing customers' personal information to open accounts without their knowledge. The bank paid a $3-billion penalty and in return received — wouldn't you know it — a deferred prosecution agreement.
Let's now be reminded of what this bank has been up to. The emblematic case is the account-opening scam first uncovered by my former Times colleague E. Scott Reckard in 2013, in which Wells Fargo bankers opened as many as 2 million fake accounts in the names of existing retail customers or nonexistent persons in efforts to meet unrelenting sales pressure imposed from above.
The bank said it fired 5,300 mostly rank-and-file employees for this behavior, but plainly it resulted from an unforgiving and unrealistic corporate culture.
The CFPB's Dec. 20 penalty covers the bank's record of incorrectly applying borrowers' payments on auto loans, resulting in improper charges of fees and interest and in some cases improper repossession of borrowers' cars. Of the $2 billion in restitution, a total of more than $1.4 billion is due to 11 million of those borrowers. Most of that has already been paid out.
There were multiple problems in home mortgage servicing, including improper denials of loan modification applications and miscalculations of fees and other errors that resulted in foreclosures in as many as 3,200 cases. The bank is ordered to make about $275 million in recompense to affected mortgage customers.
The bank had a flawed system for dealing with account deposits it deemed "suspect" — freezing not only the suspect deposits but also the customers' entire account and any other accounts they held. That prevented the customers from accessing their money for as long as two weeks. Wells Fargo also charged improper monthly fees and overdraft charges to some customers. The bank will be returning about $300 million to at least 4 million affected customers.
Is that all? The CFPB isn't convinced that Wells Fargo has got its house in order. The bank is now on its third chief executive since 2016, when John G. Stumpf, who had served in that capacity since 2007, stepped down in the wake of the account-opening disclosures.
Wells Fargo has been trying to restore its reputation ever since, but it has suffered a few missteps. In 2018, for instance, it tried to defend itself against a shareholder lawsuit by asserting that corporate statements that it was working to "restore trust" were merely "corporate puffery ... on which no reasonable investor could rely."
CFPB officials say that Wells Fargo is not the only bank to mistreat customers in these ways, but it seems to land on regulators' dockets disturbingly often. The bank is still asserting that, as it said in its Dec. 20 news release, it "has made a series of changes to transform the way it operates." We'll see if that's finally, the real thing, or just more puffery.
