Professional Diligence and Integrity: Lessons from the Wells Fargo Case for Risk Managers and Internal Auditors

 

The recent decision by the Office of the Comptroller of the Currency (OCC) against former Wells Fargo executives underscores the importance of professional diligence and integrity in risk management and internal auditing. This case highlights how failures in monitoring improper practices can lead to severe penalties, impacting both the company and its executives.

The OCC investigation revealed that Claudia Anderson, who served as the Community Bank Group Risk Officer, failed to adequately challenge the bank’s incentive program, neglected to implement effective controls to mitigate the risks of improper sales practices, and did not escalate known risks. Additionally, she was found to have provided false or misleading information to regulators during 2015 examinations. Former internal auditors David Julian, Chief Auditor, and Paul McLinko, Executive Audit Director, also failed to design effective audits to detect and document irregularities and did not properly escalate issues. In McLinko’s case, there was an additional concern regarding his compromised professional independence due to his close relationship with the bank’s retail division.

To prevent such scenarios, risk managers and internal auditors must operate with technical rigor, independence, and integrity, ensuring that internal controls are effective, and that risk oversight and escalation mechanisms function appropriately. Professionals in these areas need the courage to challenge policies and practices that could compromise governance and expose the organization to financial, regulatory, and reputational risks. Furthermore, it is crucial that they are embedded in a corporate culture that prioritizes transparency and compliance, thereby reducing their own exposure to potential penalties.

The Wells Fargo case serves as a critical warning: governance failures and oversight negligence can lead to severe legal and reputational consequences. For professionals in risk management and internal auditing, the lesson is clear— 
complacency and negligence are not options. A proactive and vigilant stance, grounded in best governance practices, is essential to ensuring that business decisions are made with ethics and responsibility.

Questions for Reflection:

1. How can corporate governance strengthen the independence and effectiveness of risk managers and internal auditors?
2. In what ways can companies foster a culture of transparency and compliance to mitigate fraud and irregularities?
3. What challenges do audit and risk professionals face when attempting to escalate critical issues within an organization?
4. How can companies ensure that incentive programs do not pose risks to organizational integrity?
5. What steps can professionals take to develop a more critical and proactive approach to risk identification and mitigation?

In future articles, I will explore these questions in greater depth. For now, I leave you with this thought:

Are you comfortable with how you are currently managing risks or conducting audits? Do you feel supported in questioning company practices that could pose governance, integrity, or reputational risks?

Be Happy!