RegSol Blog


Governance & Internal Audit: Key Take-Aways from Wells Fargo Enforcement Action

August 2019

Wells Fargo Bank International (WFBI) is classified as a Less Significant Institution by the Central Bank’s risk profiling system which uses a rating system based on criteria relating to, amongst other factors, its size, its importance to the economy and the significance of its cross-border activities.

Nevertheless, WFBI was fined a total of €5,880,000, about 1.5% of its operating income (US$340,264,000), for serious failings in its regulatory reporting capability and governance and compliance.

WFBI is required to put in place and maintain robust corporate governance and assurance arrangements, which include the following:

  • a clear organisational structure with well-defined, transparent and consistent lines of responsibility;
  • effective processes to identify, manage, monitor and report the risks they are, or might be, exposed to;
  • adequate internal control mechanisms, including but not limited to—
    • sound administration and accounting procedures, and
    • remuneration policies and practices that are consistent with and promote sound and effective risk management.
    • its management body defines, oversees and is accountable for the implementation of the governance arrangements that ensure effective and prudent management of the institution, including the segregation of duties in the organisation and the prevention of conflicts of interest, and
    • monitors, and periodically assesses, the effectiveness of the institutions governance arrangements and takes appropriate steps to address any deficiencies.

How has the CBI defined ‘corporate governance’?

“Procedures, processes and attitudes according to which an organisation is directed and controlled. The corporate governance structure specifies the distribution of rights and responsibilities among the different participants in the organisation – such as the Board, managers, shareholders and other stakeholders – and lays down the rules and procedures for decision-making.”

So what does this mean for you?

The Guidelines state that ‘An institution shall develop and maintain a strong and comprehensive internal control framework, including specific independent control functions with appropriate standing to fulfil their mission.’

An internal control framework should:

  • Cover all business units and subsidiaries
  • Ensure effective and efficient operations, while at the same time ensuring:
    • Adequate control of risks
    • Prudent conduct of business
    • Reliability of financial and non-financial information reported
    • Compliance with applicable laws, regulations, supervisory requirements and the internal rules and decisions undertaken by effective internal audit and compliance functions

In conclusion, with the introduction of CBI corporate governance codes for most regulated sectors, this remains an area of continued focus for regulators. It is therefore important for all regulated entities to continuously improve on their governance and assurance arrangements. Unfortunately for WFBI, the board of directors did not monitor and periodically assess the effectiveness of the Firm’s regulatory reporting governance arrangements nor did it take adequate steps to address these deficiencies at the time. Procedural documentation was not subject to review by senior management and internal audit failed to provide independent assurance to the board as there were substantial gaps in the scope, depth and frequency of the internal audit review and testing of the regulatory reporting processes and procedures.

If you need assistance in your assurance testing or monitoring, contact RegSol today for a comprehensive audit of your processes.

Click HERE for the link to CBI Action of Wells Fargo

By: Judy DeCastro - Regulatory Consultant