AuditBoard Live Webinar banner advert Diligent One Platform World tour ad April 2024 TeamMate ESG advertising banner 2023

Fines for internal auditors

Office of the Comptroller of the Currency (OCC) recommends fining Wells Fargo’s Chief Auditor $7m

Is it time for chief audit executives to have directors and officers (D&O) liability insurance?

You might want to rethink the emphatic no that is forming and read this December 2022 judgement by the US Department of Treasury OOC following enforcement hearings in relation to the Wells-Fargo Bank fraud scandal that hit the headlines in 2016.

Incentive schemes had led to staff creating fictitious bank accounts to meet sales targets, in the bank’s 2016 fake-accounts scandal. Click here for more details.

But back to the question of D&O insurance.

“Mr Julian, as the Bank’s Chief Auditor and serving as the head of the Bank’s third line, failed to timely identify the root cause of team member sales practices misconduct in the Community Bank, failed to provide credible challenge to Community Bank’s risk control managers, failed to timely evaluate the effectiveness of Community Bank’s risk management controls, and failed to timely identify, address, and escalate risk management control failures that threatened the safety, soundness, and reputation of Wells Fargo Bank.”

The OCC’s report is a damning, unnerving and ESSENTIAL read for internal auditors.

It describes a risk-based, internal audit function that will be alarmingly familiar to most of us. Yet it did not identify and report the systemic issues and was therefore found culpable.

D&O liability insurance is for directors or key managers who have specific duties, responsibilities and powers relating to their positions. If they are found to have acted outside of their terms of reference civil, criminal or regulatory proceedings can be brought against them. The D&O insurance covers the cost of defence and any compensation claims by shareholders, investors, employees, regulators or third parties. CAE’s fit this definition.

When you read the section of the report relevant to Mr Julian ask yourself if your internal audit plan really covers the key risks? Is it a fair judgement? Is too much expected of internal audit? Or is it the reality of the definition of the role of the third line?

Where is the line between management accepting risk and internal audit being complicit in failure, fraud or unethical behaviour?
Known knowns cannot be ignored.

For more years than most would care to remember, the internal audit profession has demanded a seat at the top table…to audit strategy…to be equals with other members of the executive.

And rightly so. But with that seat comes responsibility.

Internal audit must speak truth to power. Be brave in its opinions. Have a genuine understanding of risk. And raise the flag when necessary.

It’s a tough job. A highly rewarding one when done well.

But is D&O insurance now needed? Given the wake of scandals on both sides of the pond in recent years was this just a matter of time? Do the recommendations of this judge set the tone for the future?

The in-house judge for the OOC has recommended a $7m fine against Mr Julian.

Similar indictments were made against the chief risk officer at $10m and the former executive audit director at $1.5m.

Wells Fargo has paid more than $5bn in fines and legal settlements related to its 2016 fake-accounts scandal. But this is about individuals. Real people. Professionals. Real careers.

Food for thought.

We will follow the outcome of the appeal and update as information is published.

Richard Chambers | Fines against internal auditors raise serious questions

Content reviewed: 1 February 2023