As Wells Fargo Learned the Hard Way, Compliance Matters

By Aarthi Rayapura September 28, 2016

Compliance matters.

Don’t think so? Ask anyone affiliated with Wells Fargo, then brace yourself for an answer tinged with regret and wistful hindsight.

The big bank, as you’re likely aware, is mired in a mess of its own making on the heels of revelations over recent weeks of an employee-hatched scheme of two million accounts and credit cards opened on behalf of unknowing customers. The offenses, apparently going back to 2011, have to date resulted in the termination of 5,300 employees (most all at lower-level status, no executive level…so far) and $185 million in fines from the Consumer Financial Protection Bureau, Office of the Comptroller of the Currency and City of Los Angeles.

Where was the corporate governance?

You’d think more than a decade after the passage of the Sarbanes-Oxley Act (SOX), enacted in reaction to the proliferation of corporate accounting scandals, business leaders would embrace and build upon the need for internal compliance and controls. Instead, the biggest talking point seems to be the price tag for compliance. Maybe they are, maybe they aren’t. To wit, here’s what the former CEO of Wells Fargo, Richard Kovacevich, said on the topic a little over a year ago in a CNBC interview:

“They (banks in general) are getting rid of sales staff and investing in technology and so on, in order to pay for compliance. It is staggering. In our bank there are probably close to 10,000 compliance people…It is absurd that we are investing that kind of money on compliance.”

Guess that investment in compliance wasn’t enough.

Finance teams must follow strict compliance and control standards and none matter more than the requirements for corporate revenue accounting.

“Revenue can be tricky – there’s often intense pressure to achieve expected top line results, the revenue rules can be complex and require significant judgment,” said Pat Voll, Vice President at the finance and accounting consulting firm of RoseRyan. “There are plenty of gray areas. With all that, sometimes the lines can get blurred and well-intentioned people can make mistakes. That’s why it’s so vital to have a strong control environment. It takes some of the pressure off the team and helps ensure that revenue is recorded properly.”

She also stressed the importance of setting the right tone at the top as a key ingredient in this mix, the topic of a timely article from two members of her firm’s SOX practice.

“The thing to remember: Missing top line revenue results is not good,” said Voll. “Committing fraud is worse.”

Typically, a company’s general accounting department is responsible for key internal controls compliance. And, although internal controls systems vary by company, the purpose is uniform: help the finance function maintain integrity of the accounting data and resulting reports.

As company size increases, internal controls generally tend to be the responsibility of an internal audit. This shouldn’t be surprising, given the lack of internal audit departments at smaller firms, in which such responsibilities are usually covered by financial reporting or general accounting.

While many in revenue accounting roles today are hastily preparing for the onslaught of ASC 606, the new revenue recognition guidance set for 2018, compliance and controls in revenue management remains a critical component to consider yesterday, today and tomorrow.

The SEC sees it as such.

“These days, compliance and control functions and performance are at the top of the priority list for the SEC and other regulators,” said Tim Crudo, a Partner at Coblentz Patch Duffy & Bass in San Francisco, leading the firm’s white collar defense and government enforcement practice group. “This scrutiny falls especially on gatekeepers at all levels, from directors to mid-level managers to employees on the front lines. Robust compliance and control policies and processes can keep companies and individuals out of trouble by preventing adverse events from occurring, but they also can impact regulators’ charging decisions and willingness to resolve enforcement actions on more favorable terms when those events occur despite the efforts of a company and its employees.”

Crudo added: “Given its importance as the top line in a company’s financial system, revenue management is getting special attention in this regulatory environment.”

A survey of nearly 1,600 financial executives in the U.S. and Canada for a report by Financial Executives Research Foundation (FERF) and the consulting firm of Robert Half found corporations on the whole do stress the importance of strong internal controls while the number of those controls themselves continue to increase. More than three quarters of the U.S. executives surveyed expected their compliance burden to rise over time, compared to 68 percent the previous year. Only two percent of the surveyed executives believed their compliance burden would diminish.

The report also confirmed a preference for an approach by higher ups discussed in the RoseRyan article referenced earlier: Finance executives generally take a top-down, risk-based approach toward internal controls that leverages technology and emphasizes the importance of ethics.

All good, yet based on recent events, the occasional refresher couldn’t hurt.

“The Wells Fargo case is a good reminder that at its core, revenue requires an agreement with a customer,” said Diana Gilbert, Senior Consultant, Technical Accounting Director and SOX Project Manager at RoseRyan. “When a company’s culture motivates its employees to bend the rules or talk customers into ordering product that they don’t need or don’t understand, you end up with orders that may not stick. If the customer closes the account, demands refunds of fees, or returns the undesired product, you have an issue with the recognition of revenue. At the end of the day, it’s always healthier to create an environment that provides incentives to employees to provide solutions to customers that meet their needs.”