Enterprise Risk Management in Wells Fargo during the pandemic

Enterprise Risk Management in Wells Fargo during the Pandemic
Introduction
As Beasley (2020) points out, enterprise risk management (ERM) is especially needed during the COVID 19 pandemic because of the “number of different, but interrelated risks spread all across most organization” (p. 2). COVID 19 is not just a factor that has impacted one business or industry. It has impacted all businesses and all industries in different ways. Grocery chains like Kroger, for instance, have seen increased demand. Restaurants on the other hand have seen business dry up due to mandated quarantine orders. Small business owners and large corporations have filed for bankruptcy. All of this impacts the banking sector and Wells Fargo specifically because of its role in managing loan products, using interest rates to attract savers, and offering investment advice. “No single risk associated with the COVID-19 pandemic crisis can be managed in isolation,” as Beasley (2020) points out (p.2). This means that from an ERM perspective the problem has to be approached comprehensively with risk understood at the macro level. This paper will provide 1) a critical analysis, including a comparison and contrast of Enterprise Risk Management (ERM) vs. traditional risk management; 2) a discussion of hazard, financial, operational and strategic risks; 3) a SWOT analysis of Wells Fargo; 4) an examination of the relationship between organizational culture and ERM; 5) a discussion of risk in terms of current and potential profit opportunities; 6) two specific ways in which auditors can incorporate ERM into the company’s audits; 7) a discussion of the role of financial derivatives as both risk management and a speculative tool; and 8) a discussion of the ways three leading companies (one domestic and two international) implement Enterprise Risk Management.
Critical Analysis and Comparison of ERM with Traditional Risk Management
ERM is simply a plan-based business strategy, the purpose of which is to identify, evaluate, and reduce the impact of potential dangers, threats, and challenges that could be catastrophic or damaging for the organization. ERM allows the firm to reduce exposure to these risks by preparing for them through safety mechanisms, altering strategy so as to avoid them, or developing a plan to meet these challenges head-on. The aim of ERM is to address the issue of risk holistically, comprehensively and from the macro perspective so as to enable the firm to pursue without constraint its goals and objectives (Sweeting, 2017). Managing risk effectively depends upon an organization’s ability to identify and deal with relevant risks while simultaneously understanding and preparing for accepted risks that cannot be avoided if the organization is going to implement its business plan. From this perspective, strategy risk is accepted risk that comes with the opportunity to do business (Kaplan & Mikes, 2012).
ERM is essentially an extension of traditional risk management in that in traditional risk management, risk is analyzed and monitored departmentally within an organization, and with ERM risk is analyzed and monitored from an organizational standpoint; all the risk factors that an organization faces are interpreted from this comprehensive macro viewpoint. In traditional risk management, the focus is on pure risk and every risk is viewed as its own separate and distinct problem; with ERM, risk is more comprehensively addressed as part of an overall strategy (Ogutu, Bennett & Olawoyin, 2018).
Traditional risk management looks at the micro; ERM looks at the macro. Traditional risk management issues might be missed opportunities with service partners, lack of innovation, and so on. ERM issues focus more on linking operational risk with strategic risk management. ERM must emphasize transparency, communication among departmental heads, and collaboration. This is one reason why silos are so damaging for organizations from an ERM perspective: they create walls and barriers, foster distinct cultures, and create a spirit of contention and distrust where there should be collaboration and communication (Lundqvist, 2014).
As Kaplan and Mikes (2012) point out, ERM looks at the mission, the values and the boundaries of the organization in order to assess and manage risk. It is not just a matter of the shipping department looking at suppliers or the accounting department looking at the audit review board. It is a matter of the various departments working together to discuss their plans and to assist the organizational leaders in identifying the company’s strengths and weaknesses and how best to utilize resources without inviting a scenario of disaster upon itself. For instance, in the case of Wells Fargo there have been many occasions in which the company has or should have taken a macro view of risk before initiating a strategy. Its attempt to collect commission fees from customers without customers knowing it was a quick way to enhance the firm’s revenue stream, but an ERM manager would have quickly seen this as a short-sighted, unethical and highly-risky way to increase revenue; for once customers realized how they were being taken advantage of they would sue and the company would face a severe liability. Its brand appeal would be lost and the company’s future guidance, share price, and reputation would decline. ERM looks beyond the risks that a single department faces and considers the whole. The exploration of macro-risks is what a firm like Wells Fargo should engage in so as to tailor its strategy one way or the other.
With traditional risk management, risk management is not the driver of the decision-making process at the executive and strategic levels. Instead, other inputs are analyzed and used to create the strategy, then the strategy is passed down to lower level department heads who must tailor their approaches to operations by managing risk so that operations conform with the strategic objectives and plans implemented at the top. Risk management in this case is reactionary rather than proactive. In ERM, risk management is proactive and used to drive strategy development at the upper levels of organizational and strategic management.
Thus, ERM adopts a much more comprehensive view of risk. Instead of seeing each risk as separate and distinct, it looks at the interconnected nature of risk and how one response to risk impacts other parts of the organization and how strategy can be developed from a risk management perspective. Traditional risk management adapts risk mitigation plans to the strategy. ERM adapts the strategy to risk mitigation plans. The scope of ERM is larger and more holistic.
Various Risks
Hazard
The idea of moral hazard is that an action may be taken so long as the risk can be transferred to a third party. Hazard risk in the financial industry in the past has been associated with mortgage backed securities and collateralized debt obligations and credit default swaps. The risk of writing loans to high-risk home buyers was mitigated so long as the loans could be bundled and sold to investors: that was the idea that helped fuel the home buying spree leading up to the 2008 global economic crisis. The bubble burst when creditors began defaulting on loans and the price of credit default swaps skyrocketed. Moral hazard came back to bite a number of high-profile banks that were left with millions if not billions in mortgage-backed securities for which there was no longer any market (Lewis, 2010).
For Wells Fargo, hazard associated with the coronavirus pandemic arises from the same premise: loans made to high-risk consumers or businesses that have since shuttered their doors in the wake of the pandemic, causing a rise in defaults and an avalanche of unwanted derivatives and securities. For many home owners, the pandemic has led to unemployment, with millions filing for government assistance as the US economy shut down for two months and still remains uncertain for the remainder of 2020. Mortgage payments have stopped in many cases, and government relief has been insufficient to address the needs of many families. In response to coronavirus-caused late payments, Wells Fargo is “granting 90-day forbearance to any mortgage customer who requests assistance. Customers who contact them for assistance won't be charged late fees or have their credit report impacted by the suspension,” according to the bank’s IR team (Steffenhagen, 2020). However, the problem is what happens when the 90 days are up? There is no indication as of yet how many home owners will default completely on home loans or how over-leveraged people are.
Even in the past Wells Fargo has not done well managing moral hazard. For example, the company created fake PIN numbers and email accounts for enrolling customers in online banking services so as to collect a commission from the unsuspecting customers. The company was protected against risk but the counterparty was incurring cost and did not even know it. The bank was fined for this egregious violation of its fiduciary duty and its reputation was severely tarnished, requiring a major PR initiative to help improve the firm’s brand.
Financial
The pandemic led to the CARES government bailout program, which would allow borrowers to take out loans that would be forgiven if used for payroll. However, banks like Wells Fargo declared that these loans were full of financial risk. One of the main concerns is that “lenders will be responsible for preventing fraudulent claims by verifying borrower eligibility, which is determined by a few measures including the borrower’s number of employees and its average monthly payroll costs” (Schroeder, 2020). Wells Fargo for instance has been concerned that it would face regulatory penalties down the road if it turns out that some of the money it leant under the government program went to fraudulent borrowers.
Thus Wells Fargo has been extra cautious in how it loaned money under the program, requiring borrowers to apply through the bank directly. For this reason, it is not surprising that watchdog groups have criticized Wells Fargo for only granting one loan to a black-owned business under the government program: the insinuation here is that black-owned businesses are riskier than white-owned businesses, and thus the storm of racialized lending has come to pass as a result (Derysh, 2020). As Olenick (2020) points out, the average loss on subprime loans in the 2008 crisis was 73%, so Wells Fargo is hesitant to add fuel to the fire by throwing good money at bad. From Wells Fargo’s point of view, “mitigating loss is a legal requirement and it’s also a good business practice” (Olenick, 2020). Thus, to come out of the pandemic without taking a major financial loss, the bank has had to be more discerning in its lending, even if it brings criticism from progressive groups.
Operational
Operational risk involves overseeing Fiduciary and Investment Risk, External Fraud, Transaction, Processing, and Execution (TPE) Risk, Safety and Physical Security (SPS) Risk, Payments Risks, Implementation Risk and Data Management Risk. In the face of the coronavirus pandemic, Wells Fargo faces operational risk in terms of investment risk (loans that are still on the firm’s books that now may not ever be paid back) and payment risk. Liquidity shortages were already a factor in the lending markets leading up to the March shutdown, and Wells Fargo has been forced to cut its dividend following the Federal Reserve’s stress test for the bank in 2020 (English, 2020). Operational risk recognized by Wells Fargo can include any of the following risk areas:
1. Capital adequacy risk, which involves the risk of holding insufficient capital to absorb unexpected losses under stress or to support future business growth as part of business as usual. It is this risk that the Federal Reserve has seen as greatest for Wells Fargo during this time of pandemic, which is why the central bank has required the firm to slash its dividend to shareholders as a means of preserving sufficient capital.
2. New business initiatives risk, which involves risks associated with a product change or significant business growth initiatives pursued to grow the business and serve new and existing customers. Because of the pandemic Wells Fargo must pause these initiatives as there is a high degree of uncertainty in the economy currently.
Strategic
Strategic risk at Wells Fargo refers to “the risk to earnings, capital, or liquidity arising from adverse business decisions, improper implementation of strategic initiatives or inadequate responses to changes in the external operating environment” (Wells Fargo, 2020). This risk can include strategic corporate transaction risk, defined as “risks associated with mergers and acquisitions, joint ventures, and divestitures resulting from inadequate decision making, lack of due diligence, failure to align the transaction with the strategic plan, and lack of an effective transition of the acquired or divested business” (Wells Fargo, 2020). It can also include strategic planning risk, defined as risks that are associated with the firm’s potential inability to engage in effective strategic decision making. Examples strategic decision making include decisions on offering new products, business models, or geographies, and these can also include decisions on how to address changes in the competitive market environment amid customer demand. The risk involved here is that decisions made wrongly can lead to “decline in market share or profit, which includes articulation of details in a three-year strategic plan that is aligned with the Company’s financial, liquidity, and capital plans and Statement of Risk Appetite” (Wells Fargo, 2020). Obviously, the firm’s attempt to swindle money from customers by creating fake online accounts for them was a major strategic error, as the fines and reputational hit cost the firm billions. The strategic risk that has been linked to COVID 19 is such that the bank has been more careful about monitoring who receives loans due to capital requirements that the bank must maintain. In short the firm is engaging in more ERM this time around.
SWOT Analysis
Strengths
Wells Fargo excels at catering to the commercial, personal and small business sectors of society. It offers banking, loans, insurance and investing opportunities to personal/retail consumers. It provides them with wealth management services and online banking. It facilitates commercial lending and small business development through its line of products and services as well.
The organization has also made a number of acquisitions in recent years that have allowed it to grow its customer base to 70 million. It thus has customers across a wide range of income groups, which means a diverse customer base. It provides wholesale, retail and community banking services.
Weaknesses
The company’s customer relationship status has taken a major hit since 2016 when its scandal involving skimming from customer accounts became public. Wells Fargo’s lower income consumers also do not receive the same attention as the firm’s higher income consumers. Its aggressive expansion has caused the firm great cost, which means less capital to go around and which is one reason the company has had to slash its dividend payment this year.
Opportunities
Opportunities may exist outside the US in countries like China or India where growth narratives are being promoted. However, there are challenges to penetrating these countries, which are deeply nationalistic, at a time when nationalist self-interest is rising around the world. Other opportunities may be found in small town America where fewer banking corporations have bothered to establish themselves.
Threats
Competition from Citibank, Bank of America and others are always threats in the industry. Goldman Sachs and JP Morgan are dominant and Wells Fargo has looked weak in the face of its reputation-killing scandals. There is also the external threat of financial instability and the economic toll that COVID 19 is having on the world. Shutdowns are not good for business and could pose greater risks for Wells Fargo into the foreseeable future.
Relationship between Organizational Culture and ERM
Organizational culture is the heart and soul of any business and therefore its relationship to ERM is important to consider. ERM is about adopting the macro perspective to deal with risk, and culture inherently plays a part in that macro perspective. This can be seen easily with Wells Fargo and its fraudulent services scandal in which it was charging unsuspecting customers for a service they had not requested. The get rich quick culture of Wells Fargo was dominant internally at the time, similar to what Enron’s had been before the energy company collapsed. Wells Fargo has had to redevelop its organizational culture in an effort to root out the unethical spirit that had come to nest in the firm’s management system.
When the organizational culture is rooted in the right ethical system and promotes moral ideas and actions, the company will naturally have a more robust ERM. ERM is but an extension of the firm’s organizational culture. This too can be seen with Wells Fargo. Since its 2016 scandal, the company has adopted a more thoughtful and considerate posture. With the PPP loan program set up by the federal government in response to COVID 19, banks like Wells Fargo were being pressured into giving out these loans. However, Wells Fargo adopted a holistic approach and used its macro perspective: if it gave out the kind of loans the federal government was asking it to give, the company could lose hundreds of millions of dollars should the applications turn out to be fake or should the borrowers turn out to be less than credit worthy. The company adopted a careful and cautious approach to the program and only made loans that it could verify so as to reduce risk. The company culture of “get rich quick” that led to the 2016 scandal had been changed; the culture now emphasized prudence and consideration, and it showed with the practical and pragmatic way the bank lent to borrowers seeking funds under the government CARES program.
Risk in Terms of Current and Potential Profit Opportunities
Currently Wells Fargo stands to profit only marginally from loans made under the CARES program. Home owners meanwhile want to take advantage of low interest rates to refinance. Wells Fargo is attempting to prevent home owners from taking advantage of these low rates because it would mean shrinking revenue and a loss of profit for the bank. Thus, the bank has been putting its borrowers into forbearance without telling them. Customers who are in forbearance, i.e., have suspended payments on their loans, cannot refinance and take advantage of better rates. This has been Wells Fargo’s way of locking in profits. Customers may “opt out” of forbearance (since they did not ask for it), but most customers are unaware that their payments are not even being credited to their accounts but are being withheld for the time being. Wells Fargo is betting that interest rates will rise at some point. Nonetheless, it has waded into yet another scandal of taking advantage of customer’s ignorance as a way to profit off them (Morgenson, 2020).
The risk of continuing to blindside customers with morally questionable tactics like this one is that the firm’s reputation will continue to be harmed. Potential profit opportunities in the time of coronavirus are limited, and loaning to worthy borrowers is one of the best opportunities to create revenue streams right now. However, the risk of default is high considering the uncertain state of the global economy. Another potential profit opportunity is in wealth management. With the stock market having sprung back from its March 2020 lows, many investors want to know what is going to happen next. The Federal Reserve has been providing immense liquidity injections and trillions of dollars of new money are now supporting markets the world over. The effect on equity prices and on precious metals can easily be seen: gold is now trading near $2000, up from $1200 earlier this year. Investment managers at Wells Fargo could potentially be helping clients to navigate this market, investing money wisely, and capturing alpha to the highest degree possible. The reputational risk of using customers exploitatively, as it continues to do by putting home loan borrowers into forbearance without their knowledge is one that Wells Fargo should not be flirting with. From the ERM perspective, it will only hurt the company’s long-term prospects and cause potential new customers to do business elsewhere with other banks. As Beasley (2020) points out, companies should be looking for opportunities to help customers—not for ways to take advantage of them, as Wells Fargo continues to do with its ethically questionable forbearance policy. Putting customers into forbearance without their asking for it may be a way to protect the bank’s locked-in interest rates with customers since it means they will not be able to refinance; but it hurts the company’s brand image once word gets out about the arguably fraudulent practice.
Two Ways in Which Auditors Can Incorporate ERM into the Company’s Audits
Since ERM is about centralizing risk management, two ways in which auditors can incorporate ERM into the company’s audits are: 1) develop risk based auditing procedures; and 2) targeting risks instead of processes in auditing. As Hall (2007) points out, “by communicating detailed audit reports organized by risk rather than process, internal audit can emphasize the ability of the organization to effectively or ineffectively manage that entire business risk (i.e. the vertical view)” (p. 10). For Wells Fargo, the audit report could include a section on policy risk, with risk management analysis and proposed solutions, while discussing the residual impact, the inherent risk, and the effectiveness of the risk management proposed solution with a target date for implementation. That would be a way to improve the audit report around developing risk based auditing procedures. Targeting risks instead of processes in auditing would entail looking at risks and the processes associated with those risks instead of the other way around. It helps to orient the audit process towards a risk-based approach instead of a process-based approach in which risk is the afterthought. The forethought here is risk, and processes are developed in response to risk. It is a proactive way to audit from an ERM perspective and Wells Fargo would be able to prevent departments from taking actions like putting customers into forbearance when the customers have not actually asked for forbearance and are actively paying on their loans.
The Role of Financial Derivatives as Both a Risk Management and Speculative Tool
Financial derivatives can help Wells Fargo both in terms of managing risk and as a speculative tool. Derivatives are contracts to buy or sell the underlying at an agreed upon price by a determined date. The contracts can be bought and sold, traded or held to delivery. Every contract includes a premium, the price that is paid to enter into the contract. The premium is determined by the market and is usually priced according to the volatility of the underlying. For very volatile stocks or financial instruments the premium can be quite high, making using the derivative for risk management purposes somewhat costly. As a speculative tool, however, derivatives can be quite effective, as Bill Ackman showed when his hedge fund netted billions by speculating with derivatives a stock market crash.
Wells Fargo could hedge risk by buying derivatives on its investments, using a call/put (i.e., long/short) strategy with options. The company could buy or sell long-dated puts or calls depending on the investment it has in the underlying. The point would be to protect against an opposite move in the price of the underlying. Thus, if Wells Fargo invests in GLD, it could purchase long-dated puts at an in-the-money strike price in order to hedge against downside risk in GLD. If the company shorts a stock like TSLA, it call options to hedge against upside risk. The company could also use derivatives as a speculative tool; instead of investing in GLD, the firm could purchase long-dated GLD options, puts or calls, to speculate on a directional move. Complex options strategies could be used, such as straddles, condors, or iron butterflies. Sometimes the more complex the strategy the more risk can be hedged. In any case, the company could easily use derivatives to hedge risk in FX, in MBS, in equities, bonds, or precious metals or REITs. There is no limit to hedging risk via derivatives, or in speculating with derivatives. A proper risk assessment should be done by calculating the cost of the premium against theta and the expected alpha should also be identified and factored into planned trading strategies. Wells Fargo currently uses derivatives effectively in hedging risk against portfolio investments in MBS. Derivatives do come with counterparty risk, and Wells Fargo is aware of this risk in its own risk management guidebook.
Ways Leading Companies Implement ERM
PNC is a direct domestic competitor of Wells Fargo that uses ERM to “consider both sides of the balance sheet” (Sartor & Dall, 2020). It looks at five components of enterprise risk: 1) unrestricted liquidity, 2) capital structure, 3) operations, 4) capital budgeting risks, and 5) defined benefit plans. Goldman Sachs is an international competitor of Wells Fargo and tends to succeed more than it its competitors because of a healthy risk culture. The bank does not seek to avoid risk but rather embraces and takes risks. It does so knowing that it has strong protections in place, including: an internal rule that poses that all capital at stake must be capital that the firm can stand to lose (i.e., no over-leveraging or playing with capital that would harm the company if lost); another protection is that managers discuss risk management models with staff and make sure lower level employees understand the risk posture that the upper level management is willing to permit (Riley, 2009). JP Morgan is another international competitor that engages in ERM by looking at systemic risk and seeing how a loss by one member or branch or department or division can affect the rest of the firm. It also looks at sovereign risk and credit risk as well as operational risk, reputation risk and fiduciary risk. It is these latter two that Wells Fargo tends to miss.
Conclusion
Wells Fargo’s approach to ERM could stand to improve. It lacks a proper assessment of reputation risk and fiduciary risk as it continues to face scandals like the 2016 fraud scandal and the current exploitative use of forbearance. Wells Fargo could use derivatives to protect against numerous kinds of risk and should use this option rather than risk its reputation again and again by acting against the interests of its customers.
References
Beasley, M. (2020). How to Leverage ERM Principles to Better Respond to COVID-19-Related Risks. ERM Professional Insights.
Derysh, I. (2020). Watchdog questions why Wells Fargo reported giving only one large PPP loan to a Black-owned business. Retrieved from https://www.salon.com/2020/07/22/watchdog-questions-why-wells-fargo-reported-giving-only-one-large-ppp-loan-to-a-black-owned-business/
English, C. (2020). Wells Fargo Forced to Cut Its Dividend After Fed Stress Test. Here’s What Other Banks Did. Retrieved from https://www.barrons.com/articles/wells-fargo-forced-to-cut-its-dividend-after-fed-stress-test-51593467664
Hall, J. (2007). Internal Auditing and ERM: Fitting in and Adding Value. Retrieved from https://global.theiia.org/about/about-the-iia/Public Documents/Sawyer_Award_2007.pdf
Kaplan, R. & Mikes, A. (2012). Managing risks: A new framework. Harvard Business Review, 3.
Lewis, M. (2010). The Big Short. NY: W. W. Norton.
Lundqvist, S. (2014). Abandoning Silos for Integration: Implementing Enterprise Risk Management and Risk Governance. Lund University.
Morgenson, G. (2020). More Wells Fargo customers say the bank decided to pause their mortgage payments without asking. Retrieved from https://www.nbcnews.com/business/personal-finance/more-wells-fargo-customers-say-bank-decided-pause-their-mortgage-n1234610
Ogutu, J., Bennett, M. & Olawoyin, R. (2018). Closing the gap. Professional Safety, April 2018.
Olenick, M. (2020). How Banks Can Avoid a Repeat of the 2008 Foreclosure Crisis. Retrieved from https://hbr.org/2020/07/how-banks-can-avoid-a-repeat-of-the-2008-foreclosure-crisis
Riley, P. (2009). ERM-capturing the upside. Retrieved from https://www.actuaries.asn.au/Library/Con09_Riley Paper_ERM Capturing the Upside_Final2.pdf
Sartor, P. & Dall, C. (2020). ERM. Retrieved from https://www.pnc.com/en/corporate-and-institutional/topics/specialty-segments/healthcare/healthcare-matters-articles/enterprise-risk-management.html
Schroeder, P. (2020). Reuters: Banks Cite Liability Risks, May Not Participate in Coronavirus Lending Plan. Retrieved from https://www.insurancejournal.com/news/national/2020/04/02/563154.htm
Steffenhagen, M. (2020). How to stop paying your mortgage during the pandemic. Retrieved from https://www.salon.com/2020/04/11/how-to-stop-paying-your-mortgage-during-the-pandemic/
Sweeting, P. (2017). Financial enterprise risk management. Cambridge University Press.
Wells Fargo. (2020). Risk management framework.