The Board’s Role in Compliance: The Traditional Oversight Approach is Not Good Enough

This is an Insight article, written by a selected partner as part of Latin Lawyer's co-published content. Read more on Insight

Introduction

Compliance as a necessary element of corporate checks and balances has been with us for some time. It is still too often implemented gradually, grudgingly and sometimes might seem more for show than to serve the corporation and its stakeholders. Nevertheless, compliance is now an accepted part of the management structure of companies traded on the world’s major exchanges.

There is, however, a worrisome fault in the design and oversight of compliance: the lack of proper attention and participation by board directors.

Board-level insouciance regarding compliance with ethical and legal standards has certainly contributed heavily to the upsurge in corruption in Latin America, as well as other regions. The aim in this chapter is to show – with some hair-raising examples – what went wrong, to argue that the traditional oversight approach is no longer sufficient to changed circumstances and expectations, and to set forth the necessary elements for effective board attention to, and oversight of, the compliance effort.

An important cause of inadequate board attention has been the general lack of consequences to directors.

For example, in a corruption case involving Embraer, the board of directors failed to take disciplinary action against a very senior executive even after the investigation showed that the executive knew of various bribes in several countries paid by employees who reported to him. The board’s failure to dismiss or even discipline the executive led to additional monetary penalties and other sanctions for Embraer.[2] In another corruption case, the CEO was personally involved in bribe payments in Argentina, yet continued as CEO, which again led to more severe penalties being imposed.[3] In neither case was the board sanctioned, and based on my review of the media coverage, even criticised, for failure to act.

In fact, the board response to these sorts of failures frequently goes as follows, at the most:

  • the bad thing happens: allegations of corruption, cheating on emission standards tests, a deadly dam collapse, publicity about a company’s pervasive culture of sexual harassment, etc.;
  • the board expresses resolute confidence in management but will ‘thoroughly and independently investigate’ the bad thing;
  • awkward facts come to the fore and C-suite members ‘resign’;
  • there are more awkward revelations and the CEO walks out with his head under his arm (and usually with a fat cheque in his hand); and
  • finally, the board expresses its shock and dismay and appoints a new CEO, often (and with no discernible sense of shame) a member of the board of directors or an executive who was present during the whole sad affair.

A vivid example is Boeing, where the extremely ‘bad thing’ was the tragic crash of two planes, both of them its newest model, the 737 MAX.

On 22 October 2019, Boeing fired the head of its commercial aviation division.[4] Board chair David Calhoun said that the CEO had ‘done everything right’ and should not resign.[5] The CEO was sacked one month after this endorsement, replaced by Calhoun.[6] Calhoun had been a director for nine years.

In many jurisdictions, the means to hold board members personally accountable are few, if any, and are difficult to assert successfully, for legal or political reasons. In Delaware, however, there are clear signs that the spotlight is now on directors too.

In Marchand v. Barnhill,[7] a 2019 case, on a motion appealing lower court decisions holding that the pleadings were insufficient (i.e., the facts asserted did not on their face support a finding of culpability), the Delaware Supreme Court reversed. The basic facts follow:

Blue Bell Creameries USA, Inc, one of the country’s largest ice cream manufacturers, suffered a listeria outbreak in early 2015, causing the company to recall all its products, shut down production at all its plants and lay off over a third of its workforce. Three people died as a result of the listeria outbreak . . . [S]tockholders also suffered losses.[8]

An aggrieved shareholder brought a derivative suit against various executives and the board of Blue Bell for breach of fiduciary duty.

The Delaware Supreme Court found that the plaintiff’s alleged facts supported the necessary inferences that the board failed to implement any system to monitor food safety issues and that this ‘utter failure’ by the board was in breach of its duty of loyalty.

The following is a partial list of board-related shortcomings noted by the Court:

  • Blue Bell manufactures only ice cream, thus making food safety a central compliance issue, yet the board did not have a food safety committee, no board-level process to address safety issues and no protocol for food safety issues to be raised to the board’s attention. See the Boeing and Vale discussions below.
  • For years before the 2015 listeria outbreak, safety inspectors had found troubling compliance failures. The Court mentioned six such reports.
  • Tests ordered by Blue Bell in 2013 and 2014 were positive for listeria.
  • The board never received any of this information.
  • More negative news came to light in 2014, yet board minutes reflect no discussion of these concerns.
  • On 13 February 2015, the Texas health authorities notified Blue Bell of positive listeria tests. The company itself, on 19 and 21 February, found listeria in the Texas facility. When the board met on 19 February 2015, there was no mention at all of the listeria problem.
  • Only four days after the February board meeting, Blue Bell initiated a product recall. Only then did the board discuss the listeria issue, for the first time.
  • Instead of then going into full disaster remediation mode, the board did not meet more frequently or receive constant updates, leaving the company’s response entirely to management.

On 1 May 2020, Blue Bell pleaded guilty to two counts of distributing contaminated goods. It was fined over US$17 million and agreed to pay more than US$2 million to settle federal false claims violations. This was, at the time, the second-largest sum ever paid in a food safety case.

There have been several cases coming out of Delaware in the wake of the Marchand case.

The Inter-Marketing Group case involved responsibility for a pipeline company’s disastrous oil spill. It was alleged that, as in the Marchand case, there was no board oversight of the company’s ‘intrinsically critical’ business operation. Evidence showed that pipeline integrity issues were not discussed by the board and no board subcommittee existed to discuss these matters. Further, in response to the defendant’s argument that the audit committee’s charter required the committee to ‘advise the Board with respect to policies and procedures’, the court found that there was no evidence at all that the audit committee had so advised the board.[9]

In Clovis, the alleged oversight failures concerned the company’s only product, an oncological treatment for which it was seeking regulatory approval. Company officers overstated the drug’s efficacy, misapplied testing protocol standards and misled regulators and investors. In assessing the board’s responsibility, the court stated that, ‘when a company operates in an environment where externally imposed regulations govern its “mission critical” operations, the board’s oversight function must be more rigorously exercised’.[10]

On the other hand, directors were untouched in dozens of scandals around the world, including at Volkswagen, Uber, CBS, Airbus, WeWork, Chipotle, Glencore, Theranos, FXT and Nikola, and, in Latin America at companies such as JBS, Biomet (later Zimmer Biomet), Biomet Argentina and Biomet 3i Mexico, Vale (more on this one later), Tyson de México, Petrobras, Odebrecht, Braskem, SQM (Chile) (and now, perhaps, Lojas Americanas in Brazil).[11]

What boards must do

Confidence in corporate governance is not high, with good reason. A recent study by professors from the University of Toronto, University of California at Berkeley and the University of Chicago finds that only about a third of corporate fraud is detected, that about 40 per cent of public companies violate accounting rules and 10 per cent or so of companies commit securities fraud every year.[12] Media attention has consequently been relentless and scathing, and activist shareholders and even stay-on-the-sidelines shareholders have increasingly made their unhappiness clear. The landscape is changing and risks for board members increasing. Many boards have taken notice, especially of the repeated exhortation that boards must set the ‘tone at the top’. (Forgive whoever fell into the amatory arms of alliteration and coined the phrase.)

Unfortunately, overdone emphasis on ‘tone at the top’ has taken attention away from all else that the board and the C-suite must do in this regard, and lulls into contentment those who believe that setting that tone is sufficient.

CEOs and board members have placed misguided faith in the manner and frequency with which they deliver their message, believing it to be the only contribution they needed to make. Consequently, they have not participated substantively, meaningfully, from the outset, in setting up structures and procedures to create the conditions for a compliance culture to form and take root. Those days are ending. Boards can no longer do all the talking and leave to others all the doing.

It is commonly accepted that the major duties of a board of directors are to think strategically and to keep an eye on management. This second obligation, influenced over time by practices in many countries and by jurisprudence, notably in the state of Delaware, with its development of the ‘business judgement’ rule to protect boards from undue second-guessing, has become defined largely by what the board ought not to do: directors should not act like executives, leaving to boards the somewhat removed task of receiving reports, asking questions and deciding matters in a reasonable, prudent manner. Consequently, boards have long been advised to maintain distance from operations, lest board members be judged by a more rigorous standard for having left their safe supervisory perch and mucked about in day-to-day affairs. Not surprisingly, boards take the attitude that risk assessment and compliance, being ongoing, everyday matters, are routine, and so left to management. That is incorrect, and dangerous.

My view may seem radical and a departure from the notion that boards should not meddle in operational matters. My answer: not only is this not radical but, in light of repeated scandals, it is necessary as part of the prudence and care that boards owe to shareholders. As for interference in operations, my proposal is to deepen board knowledge of, involvement in, and contribution to, enterprise risk management, not to supplant executive functions; this is not a difficult line to find.

A note on ‘compliance’

I use ‘compliance’ to include anti-corruption and anti-fraud. Discrimination, harassment, conflicts of interest and related-party transactions also are the responsibility of the compliance function. But the term clearly needs to be comprehended more broadly to include all significant business-related risks. You have read of ice cream, pipelines and drugs, and you will read about dam and airplane safety, and the cheating of customers, all of which fit into this category.

I do not advocate that the assessment of all risks and the processes to address them be the responsibility of the compliance department, but there must be in place very similar structures in conception, range of activity and autonomy and independence to monitor these other areas of concern. The board cannot assume that these issues are being handled properly because they are an integral, ongoing part of the ‘business’ of the company and are therefore for executives to deal with, as opposed to corruption or discrimination incidents or trademark litigation, which are not ongoing ‘business’ events (one hopes).

But watch for abuse of the term ‘compliance’. Conveniently tagging every corporate headache that is not directly operational as compliance-related will inevitably lead to the wrong people looking at problems the wrong way.

And a related thought, on ‘Board compliance oversight’. This is generally a delegated duty of the audit committee. A separate governance or compliance committee might make sense in some circumstances, but these committees could suffer from not having all the information an audit committee receives. So I see the audit committee as the board organ responsible for compliance supervision, which should at appropriate intervals fully brief the board. In turn, the board should engage actively and contribute to the compliance efforts of the committee and management. An exception to this rule might exist for an activity that is high risk and very technical, which would be watched over by board members with in-depth knowledge of the area, and perhaps even expert non-board members in an advisory capacity.[13]

Risk

To quickly and demonstrably mount or invigorate a compliance function, with new or additional codes, rules, prohibitions, remedies and punishments, companies are often tempted to skip the vital step of conducting a careful risk assessment.

This results from various attitudes: overconfidence (‘we know our business, we know what needs watching’), the time required, the cost and the worry I have heard more than once that mapping of relevant risks will make management gun-shy (like disconnecting the speedometer so you don’t scare yourself when driving too fast).

Risk assessment is absolutely crucial. As the 2020 US Department of Justice Guidelines puts it:[14]

The starting point for a prosecutor’s evaluation of . . . a well-designed compliance program is to understand the company’s business from a commercial perspective, how the company has identified, assessed, and defined its risk profile and the degree to which the program devotes appropriate scrutiny and resources to the spectrum of risks.

. . . Prosecutors may credit the quality and effectiveness of a risk-based compliance program that devotes appropriate attention and resources to high-risk transactions, even if it fails to prevent an infraction in a low-risk area.

And yet, an EY survey of 500 CEOs and board members found that fewer than 25 per cent of directors reported being ‘very satisfied’ with the effectiveness of their risk assessment processes and only 20 per cent of directors were confident in risk reporting from management.[15]

A good risk assessment exercise should:

  • freshly analyse the risks of the company in its significant areas of activity;
  • have the collection of information thoroughly informed by what front-line managers view as their risks and with what priority. These should be validated by interviews with senior executives;
  • include transaction-testing and walk-throughs to ascertain whether what should be working is, in fact, working;
  • from time to time, or for certain issues, include external consultants;
  • have as its analytical centre for the dimensioning of risks and assigning of priorities a committee that includes senior accounting, legal, controls, internal audit (IA) and information technology representatives, at least. This diverse group is not likely to miss anything important; and
  • most of all, this work should be closely followed by at least one audit committee member. Daily participation by this member is not necessary, but frequent involvement in the data analysis and priority-setting discussions is a must.

From conception to operation

Some fundamental principles govern the construction of every good compliance programme. While adhesion to best practices from top to bottom may be ideal, it is not realistic. But the principles of independence, autonomy, structure and cultural compatibility are key to the sturdiness of the compliance edifice and how well it will successfully meld into the corporate landscape. The first two qualities ensure reliability; the correct structure separates the operational from support functions and compatibility ensures that the programme fits the culture and language of the company. These principles being of the first order, the audit committee must be fully engaged in implanting and preserving them. Choices between ‘best’ and ‘it will do for now’ must be made by the audit committee and management together. Like other strategic business decisions, which routinely involve suboptimal elements and uncomfortable compromises, with potentially significant consequences, the building and oversight of the compliance function cannot be left only to executives.

Independence

I cannot overstate the importance of independence. Together with autonomy, these attributes must be self-evident and unassailable from the board down. It is not sufficient that audit committee members be considered ‘independent’ under relevant regulations. May a member who meets applicable requirements but who is a close, long-time friend of the CEO and other high-up executives be on the audit committee? Strictly, yes, as close friendship is not disqualifying factor under, at least, US or Brazilian regulations and most likely nowhere else either. But if that audit committee is called upon to oversee an investigation possibly involving one of these close friends, how will that appear to regulators, shareholders and the media? If the structure is not virtually immune to attack, the reliability of its findings and conclusions will be questioned from the outset.

This same care should extend to professionals hired for compliance-related work, especially investigations. I would be uncomfortable hiring a law or consulting firm for an investigation that is doing, or has recently done, considerable other work for the organisation. The justification for hiring a close professional partner (‘they know us, they won’t go crazy’) is precisely why hiring that firm is inadvisable: it may appear as an attempt to gain an advantage. In compliance, looking bad is almost as bad as being bad.

Autonomy

A perfectly independent audit committee relying on departments that have compromising or conflicting vectors acting upon them is of virtually no use. It is in this area that the board must be most firm, because it is likely to require structural changes, which most companies almost instinctively resist.

Compliance and internal controls should be grouped together and its head should report directly to the CEO. Often the reporting is to the general counsel, but this confuses an operational function that is intended for the detection and avoidance of irregularities with the management charge of the legal department to protect and defend the company from legal risks. As second-line components, these functions report to the CEO because they support the business operations. However, the department head should have regular access to the audit committee in executive sessions. Ideally, the audit committee chair should have a direct, informal relationship with the CCO. In a number of companies, the CCO reports directly to the audit committee. While I sympathise with the push for even greater independence, I am persuaded that having compliance as part of the operations of the company and not an enforcement arm of the board is the better approach. This is also the prevailing view. Compliance should be perceived by the company’s employees as supporting, not policing them.

It is also important to protect the CCO from financial pressures; costcutting, downsizing and similar performance tools ought not to be used for the compliance area, and any significant deviation in compensation of the CCO compared with peers within the company should be discussed with and approved by the audit committee. Likewise, the CCO’s demotion or dismissal should happen only with the committee’s concurrence. The CCO and other senior executives should be very aware of these protections.

IA should report directly to the audit committee, which ought to set compensation for the IA head (in consultation with human resources). I have not heard any convincing arguments against this structure but I will give the argument in its favour anyway. IA, the last line of defence, catches what the first line thought it could live with, or get away with, and that the second line missed. To have a group with this charge subordinate to those who looked away, allowed, or worst, participated in the transgression, is folly.

Compatibility with company ways

Whether putting together a new programme or overhauling a dated or misshapen one, there is a strong but wrong-headed temptation to borrow heavily from publicly available models for reasons of speed, economy and herd safety. Here the board must be patient. First, the compliance programme will have to address effectively the many, many differences between companies: geography, products, customers, employee base, regulatory environment and so on. But that is only part of the challenge. A compliance programme that does not organically fit the mores and traditions of the organisation, that does not reflect and absorb its cultural and even linguistic individualities, will fail. It will be rejected by the organisation, not with anger but with disdain.

To avoid this, the CCO will need to understand the organisation deeply, viscerally and how best to inject compliance into its core rather than grafting it on awkwardly. This thorough understanding is also necessary for the compliance programme’s designers, who must be very well informed about the company’s particular risks and the best way to address them in the company’s way.

To do this well, I suggest the formation of a committee. This committee, comprising senior members of internal audit, information technology, accounting, internal controls, legal and key line managers, from procurement and sales particularly, will be instrumental in helping to develop a programme that identifies the size and shape of the company’s particular risks, sorts them as to importance and addresses them in the language of the company.

In the structuring, or restructuring, of the compliance functions, the participation of an audit committee member is vital. This member can contribute valuable reflection on the views and concerns of senior executives and board members, and can give political and other support to the CCO. This effort, along with the comprehensive risk assessment that is solidly based on first-line worries, will result in a programme that has a familiar tone, is focused on the right issues and is introduced to the organisation as having the collaboration and support of a broad array of respected managers. This inclusive approach will assure greater and quicker adhesion to the compliance programme.

Case studies

I will present in some detail three potently illustrative episodes of shameful board failure. Taken together they comprehend all the mistakes I have touched on, even if not explicitly called out.

Wells Fargo

Founded in 1852 as a California stagecoach service, Wells Fargo (sometimes, ‘Wells’) grew into a major regional bank, then embarked on a 25-year acquisition spree to become the third-largest bank in the United States, 15th in the world by total assets, and a well-respected, reliable retail bank. ‘For 60 years, Wells Fargo was a feel-good brand name.’[16] Then corruption set in, and spread and spread.

The jaw-dropping behaviours and lapses detailed below had their inception in Wells Fargo’s acquisition of Norwest Bank in 1998.

Dick Kovacevich, CEO of Norwest and later of Wells Fargo, saw banking products – accounts, cards, loans – as consumer items. So the corporate goal of eight products per customer was set.[17]

Getting to eight products (the industry average is around three per client) required an aggressive programme combining relentless pressure on the sales force, clear financial incentives for doing well and nasty consequences for falling short. Abusive sales practices began in the early years of this century, and intensified enormously in 2007 and beyond.[18]

The Los Angeles Times article of December 2013 that blew the lid off this scandal relates the hell that branch manager Rita Murillo was put through:

Regional bosses required hourly conferences on her Florida branch’s progress toward daily quotas for opening accounts and selling customers extras such as overdraft protection. Employees who lagged behind had to stay late and work weekends to meet goals, Murillo said.

Then came the threats. Anyone falling short after two months would be fired. ‘We were constantly told we would end up working for McDonald’s.’

Subsequent investigations and reports by US regulatory and congressional bodies revealed astonishing managerial misbehaviour, such as threatening employees who did not meet sales expectations that they would be ‘transferred to a store [sic] where someone had been shot and killed’.[19]

A Board Report prepared by Shearman & Sterling at the request of the independent members of the board describes other disturbing behaviour.

The Community Bank produced daily and monthly ‘Motivator’ reports ‘as a source of pressure’, showing sales rankings down to the district level. Those reports ‘ramped up’ pressure on managers, some of whom ‘lived and died’ by them. The ‘Jump into January’ sales campaign, started in 2003, aimed to get salespeople to ‘start the New Year strong’ by raising daily targets even higher and rewarding more generously higher activity levels achieved.[20]

These shady practices gained Wells Fargo more than unauthorised 1.5 million accounts and more than a half a million unauthorised credit cards. (Included were 193,000 non-employee accounts opened between 2011 and 2015 where the only email address for the ‘depositor’ was @wellsfargo.com.[21])

In May 2015, the Los Angeles City Attorney filed suit against Wells.[22] The federal Consumer Financial Protection Bureau (CFPB) and the Office of the Controller of the Currency, a top bank regulator (OCC) also opened investigations. In September 2016, a settlement of US$185 million with the three authorities was announced.[23]

Predictably, Wells completely misunderstood the significance of these practices and the settlement. CEO John Stumpf was clear, if ungrammatical, in blaming employees: ‘The 1 percent that did it wrong, who were terminated, in no way reflects our culture nor reflects the great work the vast majority of the people do. That’s a false narrative.’[24]

In fact, the false narrative was Stumpf ’s.

US Senate hearings were held in September 2016. In her closing remarks, Senator Elizabeth Warren delivered this ‘epic takedown’:

You know, here’s what really gets me about this, Mr. Stumpf. If one of your tellers took a handful of $20 bills out of the cash drawer, they’d probably be looking at criminal charges for theft. They could end up in prison. But you squeezed your employees to the breaking point so they would cheat customers and you could drive up the value of your stock and put hundreds of millions of dollars in your own pocket. And when it all blew up, you kept your job, you kept your multimillion dollar bonuses, and you went on television to blame thousands of $12-an-hour employees who were just trying to meet cross-sell quotas that made you rich.[25]

Shortly after the hearing, Stumpf resigned without explanation. The board in November 2016 obtusely chose as his successor Tim Sloan, the president and chief operating officer, who had joined Wells in 1987.[26]

Before and after Sloan’s appointment, the federal banking authorities continued to express clearly their concern that Wells Fargo was unable or unwilling to implement an effective risk management programme. This should have been Sloan’s overriding preoccupation, but there is no evidence suggesting that was the case.

In April 2018, the OCC assessed a US$500 million fine on Wells Fargo, concurrently with a fine of US$1 billion from the CFPB. This followed action by the Federal Reserve Board applying the rarely used sanction of imposing a cap on Wells Fargo’s growth until Wells cleaned up its mess.[27]

These regulatory hammerings seemed to have no effect. Notes from a 24 January 2019 meeting with Wells senior executives reflected Fed staff concerns that ‘leadership seems to remain focused on lifting the asset cap by the end of the year as the primary goal and [shaping] remediation plans around that . . . affect the way management is thinking (or being asked to think) about how remediation should be shaped and accomplished.’

Sloan received a US$2 million bonus for his performance in 2018.[28]

In March 2019, Sloan testified before Financial Services Committee of the United States House of Representatives. The chair of the Committee addressed him: ‘I am simply asking whether or not the bank is in compliance [with the required remediation plans?].’ Sloan replied, ‘We are in compliance with those plans.’ The OCC promptly advised the House Committee that Wells was not in compliance.[29]

Less than two weeks later, Sloan ‘retired’ from Wells of his own accord.[30]

In September 2019, the Wells board chose as Well Fargo’s CEO and president Charles Scharf, formerly chair and CEO of Bank of New York Mellon.[31]

But Wells’ past continued to catch up with it. On 9 September 2021, the OCC assessed another US$250 million fine against Wells.[32] In September 2021, Federal Board Chairman Jerome Powell said that the asset cap would ‘stay in place until [Wells] has comprehensively fixed its problems’, suggesting the bank had a way to go before it would be allowed to expand in size.[33] It is still in place.

On 20 December 2022, the CFPB issued an order against Wells for a US$1.7 billion penalty and over US$2 billion in payments to consumers, stating in a press release that ‘Wells Fargo’s rinse-repeat cycle’ of consumer law violations has harmed ‘millions of American families’ through a series of other consumer frauds, including unlawfully repossessing vehicles and freezing bank accounts, wrongful foreclosures and illegal fees.[34]

I added this violation information, technically unrelated to the illegalities I focused on above, to drive home the point that by far the most difficult issue for a board, no matter how willing and determined it may be, is how quickly bad behaviour becomes normalised and pervasive.[35]

  • Root causes of the scandal include:
  • Performance incentives.
  • Corporate structure. Wells was recklessly decentralised: Legal, risk management and human resources reported to the heads of the business units and not to corporate.
  • Risk management. The Board Report found that certain of the control functions often adopted a narrow ‘transactional’ approach: ‘They focused on the specific [issue] before them, missing opportunities to put them together in a way that might have revealed sales practice problems to be more significant and systemic.’ And the Audit Department ‘did not view its role to include analysing more broadly the root cause of improper conduct’.[36]
  • Senior executives. The board oversaw the hiring and overcompensation of senior executives, 10 of whom were fined over US$58 million; three of them were banned for life from working in the banking industry. The 10 included Stumpf, the head of the Community Bank, chief risk officers, the chief auditor and the general counsel.

The Wells board

Throughout this years-long sordid affair, I cannot point to a single thing the board did competently. The board allowed management, for years and years, to drag its feet and mislead regulators. Moreover, the board itself was complicit in these failures.

In a November 2016 meeting with the CFPB, the CFPB and OCC, board member Quigley complained that ‘the Board was spending too much time on Sales Practices and that he was looking to reduce the level of detail with a “Less is More [approach] to Board materials”.’[37] Interviewed by the House Committee Staff, OCC officials ‘expressed concerns about Quigley’s leadership’ and that ‘Quigley did not pose “hard questions” to management.’

Betsy Duke (then the vice-chair of the board) asked the CFPB: ‘why are you sending [letters requesting actions by the Bank] to me, the board, rather than the department manager?’[38]

The House Report notes that ‘From at least mid-2018 through Sloan’s resignation in March 2019, concern about Sloan’s performance were raised by and to Wells Fargo’s board members’.[39]

The lead independent director of Wells Fargo received a letter from the board of governors of the US Federal Reserve System, finding that ‘there were many pervasive and serious compliance and conduct failures during your tenure as lead independent director’. The Fed went on: ‘you did not appear to initiate any serious investigation or inquiry into the sales practices problems . . . Your performance . . . is an example of ineffective oversight inconsistent with the Federal Reserve’s expectations.’[40]

The Federal Reserve was also quite unhappy with the board as a whole: ‘Management’s reports generally lacked detail and were not accompanied by action plans and metrics to track plan performance.’[41] The Federal Reserve also roundly criticised the shoddy oversight of compensation incentives by the Wells Fargo board.[42] Four directors resigned.

The day following Sloan’s testimony before the House Committee, OCC staff members met in executive session with Wells directors. Notes kept by the OCC of the meeting include this: ‘[W]e are also concerned that the Board has not held management appropriately accountable.’ Sloan resigned on 26 March 2019.

The board of Wells Fargo, over almost 20 years, delivered this to its shareholders:

  • a market capitalisation loss of at least US$220 billion from the imposition of the asset cap in 2018 through May 2020;[43]
  • a US$4 billion loss of profits up to only July 2020, according to a Bloomberg estimate[44] (it is fair to speculate that this number has at least doubled in the following almost three years since then);
  • by my calculations, fines aggregating over US$10 billion since 2016; and a stupendous fall in reputation. In 2017, Wells was ranked last in overall reputation.[45] In 2022, it was still in last place.[46]

A well-selected board that does its job gives a company a number of persons (in the case of Wells, 16 directors in 2015) of varied experiences, professional and personal, thereby materially increasing the probability that, if management loses its way, gets unmoored, is in denial – in short, is making a mess – one or more of the directors will see the dangers and jump in to clean things up.

Not this board. Excluding two directors, who were in their first year of service, in 2016 the 14 other members averaged over 14 years on the board, 144 years total. They had a century-and-a-half of exposure to Wells Fargo, but were not moved to act even symbolically in defence of shareholders and customers of Wells.

The Wells Fargo board was clueless and hapless, truculent and self-deluding.

Vale

Vale, a Brazilian company, is, and for many years has been, one of the world’s leading producers of iron ore.[47] Iron ore extraction is an environmentally hazardous business. The particular hazard we need to know about are iron ore tailings, the fine-particled slurry waste by-product of the process. This mud-like, heavy liquid is collected in tailing ponds, and contained, usually, by an earthen dam.

In 2015, a dam for one of these ‘ponds’ near Mariana in the state of Minas Gerais, Brazil, gave way and caused 19 deaths, the greatest environmental disaster in Brazil’s history to date.[48] The dam was owned by Samarco, a 50:50 joint-venture of Vale and BHP.

On 25 January 2019, a Vale tailing dam, up a hill from the small company town of Brumadinho, in the same state, collapsed, releasing 13 million cubic meters of tailings, obliterating the town, killing 252 and leaving another 18 unaccounted for. In its wake, numerous investigations were launched, resulting in the CEO of Vale and a number of other executives facing homicide charges and fines in the billions of reais being levied or negotiated.[49]

Vale itself commissioned an independent investigation, led by a former member of Brazilian’s Supreme Court. In its report, the investigative team deliberately ranged broadly in its search for answers, and ‘included aspects related to governance, risk management, corporate culture, [and] compensation policy and incentives’.[50]

As to these issues, after the Mariana dam failure of 2015, ‘dam safety became a frequent subject at meetings of the Board [and its committees.]’[51] The investigation devotes pages to the dam safety reports made to the board and its committees. Though it carefully avoids sharp criticism, we are gently led to two conclusions:

The management reports were general and vague, focused on the fact that regulatory approvals were obtained, rather than on low safety levels at Brumadinho and other dams. ‘[I]t was noted that presentations on the . . . dams made to the board of directors and their [sic] Advisory Committees signalled the safety of the dams.’ In other words, the board was getting sanitised information.[52]

‘The review identified no evidence of discussions regarding the decision to cease disposal of tailings at [the Brumadinho facility] or its low factor of safety at the Board of Directors, [or] its Advisory Committees.’[53] It is fair to infer that management chose what data to convey, and the board chose to do what many boards are accustomed to: receive the reports, make sure that their substance is recorded in the minutes, and no more.

The report found at Vale ‘a strong hierarchical structure that is resistant to the exposure of problems to higher levels . . . Furthermore, there was no incentive for questioning decisions made at higher hierarchical levels.’[54]

It also pointed to a ‘siloed environment’, with business units reluctant to share information with headquarters:

[There] was a work environment that lacked transparency and that did not encourage personnel to raise concerns and/or question leadership decisions[55] . . . This cloistered and closed structure led to relevant information that was understood to be unfavorable to generally remain restricted to . . . the Iron Ore Division.[56]

Vale was, to be kind, solipsistic. Discussions of dam ruptures were framed by monetary considerations only, without taking into account the possible loss of life. They focused mostly on workplace safety, with little attention paid to risks to neighboring communities, that is, ‘without the necessary focus on process safety (e.g., minimisation of large-scale risk . . . inherent to operation in a hazardous industry.)[57] . . . [M]ere regulatory compliance is rarely sufficient to generate the safety of highly complex structures.’[58]

The investigation also highlights a phenomenon prevalent at Vale, the ‘normalisation of deviance’, where repeated exposure to departures from standards over time inures those responsible from the need to deal with these variations. [59]

The report registers ‘a major emphasis on financial aspects’ of dam safety, finding little or no focus on safety measures. The report states that there were no safety goals for compensation purposes in 2018, and in 2016 and 2017, the only such goals were the completion of external audits and the obtention of favourable inspection certificates.[60]

Boeing

Another company to look at is Boeing and its troubles arising out of the crashes of two of its recently introduced MAX aircraft, in October 2018 and March 2019, resulting in the death of 346 persons.

Boeing, after decades of near-total commercial aircraft dominance, began in the mid 2000s to lose significant market share to Airbus. In 2010, it found itself in a battle with Airbus for a very large order from American Airlines, until then a loyal Boeing customer.

To satisfy American Airlines and others, the roll-out of the MAX needed to be at supersonic speed. This might seem like the maximisation of profit the stock markets generally expect, but Boeing is not a book publisher or a department store chain, so why did it behave as one, in the face of the ‘mission critical’ nature of safety for its commercial aviation business?

Boeing began to lose its way over 25 years ago. In 1997, it bought the failing McDonnell-Douglas aircraft manufacturer. Very quickly, the McDonnell-Douglas culture completely overwhelmed Boeing’s. The joke in Seattle was that ‘McDonnell Douglas bought Boeing with Boeing’s money’.[61] Harry Stonecipher, the McDonnell-Douglas CEO who took over leadership of the combined entity, could not have been clearer: ‘When people say I changed the culture of Boeing, that was the intent, so it’s run like a business rather than a great engineering firm.’[62]

The US House of Representatives Report on the 737 MAX crashes states: ‘The prowess of the engineers . . . [was] replaced by the accounting acumen and financial decisions of business executives.’[63]

A veteran business journalist, Jerry Useem, points to the move of Boeing headquarters from Seattle to Chicago in 2001, 1,700 miles from the nearest Boeing commercial airplane assembly plant. ‘The isolation was deliberate.’ The then-CEO said that when headquarters are close to principal facilities, ‘the corporate center is inevitably drawn into day-to-day business operations.’ That statement, Useem observes, ‘captures a cardinal truth about [Boeing]: The . . . MAX disaster can be traced back . . . to the moment Boeing leadership decided to divorce itself from the firm’s own culture.’[64]

A Los Angeles Times journalist points to the decision in 2011 to ‘tweak’ the existing 737 model rather than design a new one, as Airbus was doing. The then CEO, under ‘explicit pressure’ from the board to ‘bolster profit’, chose to limit cost and accelerate the development of the MAX, which led to software solutions, including the MCAS stability software that has been identified as the determinative factor in the MAX crashes.[65]

Boeing did whatever it could to ensure that regulators not require simulator training for the MAX, as, among other issues, it had a contractual obligation to Southwest that meant up to US$400 million in penalties should simulator training be mandated.

A Boeing test pilot, after undergoing the MCAS stability exercise in a simulator, described the result as ‘catastrophic’. The FAA, the US aeronautics administrator, defines catastrophic as: ‘Failure conditions that are expected to result in multiple fatalities of the occupants or . . . fatal injury to a flight crew- member normally with the loss of the airplane.’[66]

Edward Pierson, a graduate of the US Naval Academy, a 30-year Navy officer, joined Boeing upon retirement from the US Navy. He was a senior leader of the MAX final assembly facility. Pierson raised his safety concerns with the general manager of the MAX project, Scott Campbell. When Pierson said that in the military, ‘we would stop’, Campbell retorted: ‘The military is not a profit-making organization.’ Pierson then wrote to the CEO and even to the entire board of directors. He never heard back.[67]

On 7 January 2021, the US Department of Justice announced that Boeing had entered into a deferred prosecution agreement in which the company had been charged with one count of conspiracy to defraud the United States through misleading statements to regulators by Boeing employees. Boeing agreed to pay over US$2.5 billion, consisting of a criminal penalty of US$243.6 million, compensation of US$1.77 million to MAX airline customers, and US$500 million for a fund to compensate the families of the 346 passengers who died in the two crashes.[68]

Pension fund shareholders filed suit in Delaware Chancery Court against Boeing’s officers and directors allegedly involved in the MAX tragedies, seeking damages against those individuals for the benefit of Boeing, as shareholders in the Blue Bell case did. To prevail, the funds had to show that the board could not be trusted to bring the action, because of the board members’ own culpability. ‘This is extremely difficult to do’ under Delaware law, said the court: plaintiffs had to show that a majority of Boeing’s board members faced a ‘substantial likelihood’ of liability for Boeing’s losses. This showing, under Delaware law, could be based either on the ‘complete failure’ of directors to establish a reporting system for safety issues, or on directors turning ‘a blind eye’ to red flags evidencing safety issues.[69] Unusually, the court found that plaintiff stockholders met the pleading standards for both sources of liability.

In a 102-page opinion, the judge laid out a devastating story of carelessness, wilful blindness, duplicity and even plain lying by Boeing.

The court picked up on the dramatic cultural shift after the McDonnell/Douglas Boeing merger where the MCD executives became the top dogs.[70]

The court describes Boeing’s safety record as ‘spotty,’ citing recurrent battery fires with the 787 Dreamliner, and a crash of a Boeing 777. Continuing, the court cites 13 different safety issues as Boeing went into 2015 that went uncorrected. As a consequence, the FAA imposed ‘historic’ fines on Boeing.

The court further found, as to board oversight of airplane safety:

None of Boeing’s Board committees were specifically tasked with overseeing airplane safety, and every committee charter was silent as to airplane safety differently from other aviation companies with board-level safety committees, such as Southwest, Delta, United, Jet Blue and Alaska.

The Audit Committee was responsible for risk management, but its yearly updates on risk management did not address flight safety. For instance, the Audit Committee, from the inception of the MAX to its grounding, never mentioned safety. ‘Rather, consistent with Boeing’s emphasis on rapid production and revenues, the Audit Committee primarily focused on financial risks.’ Airplane safety was not a regular set agenda item for board meetings; the board did not have a channel for receiving in-house complaints about safety.[71]

The Lion Air crash occurred on 29 October 2018. Management did not inform the board for over a week, and when it did, it asserted that the MAX was safe.[72] (I was then on the board of Gol, which flies only Boeing planes and had signed on for delivery of a very large number of MAXes. Gol’s board members were told by Gol management of the crash the day after it happened.)

The court then related the underhanded manner in which Boeing tried to tamp down criticism, by denying and criticising media coverage. In a letter to the board on 18 November, the CEO ‘bemoaned a steady drumbeat of media coverage and continued speculation . . . and again falsely suggested that the 737 MAX was safe’. The board of Boeing was invited to an optional meeting to be held more than a month after the Lion Air disaster. Management’s ‘talking points’ for the meeting expressed unhappiness with people ‘commenting freely, including customers, pilot unions, media and aerospace industry pundits’.[73] Imagine that: Boeing received unflattering coverage for 189 persons being driven into Earth at terminal velocity.

The board formally addressed for the first time the Lion Air crash at its regularly scheduled meeting on 16 and 17 December. Its minutes, says the opinion, reflected not safety concerns but a preoccupation with ‘restoring profitability and efficiency’. During its two-day meeting, the board allocated five minutes to a four-page legal memo that included Lion Air matters, and another 10 minutes to compliance and risk management.[74]

At its next meeting, on 24 and 25 February, the board ‘decided to delay any investigation until the conclusion of the regulatory investigations’.[75]

A month after the board chose to ignore the causes of the Lion Air tragedy, an Ethiopian Airline MAX crashed on 10 March 2019, killing another 157 persons. Boeing again blamed the pilots, but at that point, a third of the world-wide MAX fleet had already been grounded.

The day that the Ethiopian crash became news, Boeing’s CEO got in touch with the board in writing and assured the members about ‘ongoing production operations’ (that was his big worry) and that management was ‘engaged in extensive outreach’ with customers and regulators, ‘to reinforce our confidence in the 737 MAX’.[76] On 12 March, the FAA grounded the MAX.[77]

Board members were not any more upset about the 157 deaths than about the 189 deaths five months before. Board member Giambastiani emailed the CEO to draw his attention to an article suggesting pilots were at fault in both the crashes.

On 15 March 2019, a director, Arthur Collins, summoned (presumably) all his courage and suggested a board meeting devoted to product safety. He was careful to explain, however, that: ‘I recognize that this type of approach needs to be communicated carefully so as not to give the impression that the board has lost confidence in management which we haven’t or that it is a systemic problem with quality.’

So: a director diffidently suggests that safety might be discussed at a board meeting, but I leave it to you, Calhoun, new lead director, and to the soon-to-be-fired CEO. ‘Just a thought.’[78] Two crashes, almost 350 deaths, a confidence sinkhole of unmeasurable depth, and ‘just a thought’.

Flaccid though it was, Collins’ suggestion had some effect and a subsequent board meeting devoted over two hours to safety and created a board-level safety reporting function by forming a committee on Airplane Policies and Processes. Unfortunately, this only looked good on paper. Its sessions were sparsely attended, with only one board member attending more than half of the Committee’s 18 sessions.[79]

The Airplane Committee in due course recommended that the board establish another committee dedicated to safety, which the board did, the Aerospace Safety Committee. This Committee very quickly suggested that the board form yet another committee, which it did, the Product and Services Safety Organization.[80] This is typical of vacuous, for-show, compliance-related responses. One committee is good, two are better. Three even more so.

But . . . hear the court: ‘The Board publicly lied about if and how it monitored the 737 MAX’s safety.’

The court cites Calhoun saying that, upon the Lion Air crash, the board had been notified immediately and met ‘very, very quickly’ thereafter; that the board participated in evaluating the MAX’s safety risks; that the board considered grounding that MAX fleet after the Lion Air crash; and that the board met within 24 hours of the Ethiopian crash and recommended that the MAX be grounded. The Court: ‘Each of Calhoun’s representation was false.’[81]

On 19 November, Calhoun said that from the ‘board’s point of view, Dennis [Muilenberg] has done everything right’. After the regulators learned ‘the extent of Boeing’s deceit under Muilenberg’s leadership’, on 22 December the board terminated Muilenberg and replaced him with – yes – Calhoun, as CEO. In 33 days, Muilenberg went from doing ‘everything right’ to doing everything wrong.[82] So the Boeing board replaced one insider with another insider, just as the Wells board did.

The Court proceeded to rule on the claim that plaintiffs made that defendants’ breached their fiduciary duty to shareholders, ‘which is possibly the most difficult theory in corporation law upon which a plaintiff might hope to win a judgement’. To do so plaintiffs needed to either show that (1) directors ‘entirely failed to implement any reporting on information System or controls’ or (2) ‘having implemented such a system, the directors consciously failed to monitor or oversee its operations’. The court found that both tests were met, which is rare indeed.[83]

In November 2021, about two months after the opinion was handed down, Boeing entered into a settlement of the suit for US$237.5 million, which would be the largest monetary recovery in Delaware from allegations that directors failed to protect the company and its shareholders against the risk of harm. In addition, Boeing agreed that:

  • its board would always have at least three directors with safety-related experience;
  • Boeing would separate the chair and CEO functions; and
  • it would for at least five years have an ombudsman programme to provide employees involved in certification work with a way to raise concerns;[84]

So now we have to change our whole culture?

Yes, if a culture has the kinds of problems here discussed. Here are some suggestions:

  • Change your board as much as you need to. The Wells Fargo board in 2021 kept only three directors (of 11) that had been on the board before 2018 and none who had been on before 2015, when the troubles became public.[85]
  • Pick as CEO someone from outside. Wells did not do that, and Sloan, the 29-year Wells veteran, turned out almost immediately to be a terrible choice. Calhoun, nine years a director and then the CEO of Boeing, was found by a Delaware judge to be a liar.[86] Charles Scharf, who succeeded Sloan in 2019 at Wells from outside the culture, seems to be trying, but time will tell.
  • Have the CEO turn the company upside down. Just as a crisis the size of Wells’ was not brought on by relatively few branch employees, or in Boeing’s case by four foreign pilots, it is also evident that a culture is not created by one or two directors or executives. Scharf has made sweeping changes at Wells, hiring nearly 90 new executives, at least. These executives came from 22 different companies.[87] Nine of the 17 executives on Wells Fargo’s leadership committee are new hires. They can probably continue to shed the old culture, but let us recognise that to meld all these and many other experiences and world views together is very daunting and will take time. Wells will also need for Scharf to do more than change executives. The CEO ‘should roll up his sleeves, mingle with the masses . . . to see what life is like in the rest of the company. He must communicate early, honestly and often . . . [The CEO] must set the tone by putting people first in every leadership action he takes.’[88]
  • Change behaviour. It is indispensable that management consistently and committedly do the right thing. In many cases, there will be no appetite for profound change because it requires from senior staff and managers qualities that are hard to come by: humility, openness, patience, a thick skin, fair mindedness and the ability to view oneself as a colleague. Amy Edmondson, a Harvard Business School professor, in referring to the MAX accidents and problems at the Boeing 787 Dreamliner plant in South Carolina, wrote: ‘This is a textbook case of how the absence of psychological safety – the assurance that one can speak up, offer ideas, point out problems, or deliver bad news without fear of retribution – can lead to disastrous results.’ The only way to change this, according to Edmonson, is by having ‘the behavior of managers up and down the line . . . vehemently and continuously supporting psychological safety’.[89]

Cast a constantly wary eye on your company or client, yourself and your colleagues. The arrogance and lack of reflection at Wells Fargo and at Boeing is evident through their handling of the affair. One of the two independent directors at Vale during the dam break crisis very sagely advises:

In the monitoring role, it’s having a chronic unease – exercising perpetual scepticism, assuming the worse [sic.] may happen and that things may not be working . . . In the advice role, the board should be as committed and close to management as possible without interfering with management responsibilities.[90]

This is precisely the change in approach boards need to make. The tendency to hold boards more accountable for compliance failures is clear and irreversible. Notwithstanding the protection that directors and officers insurance gives directors, and the care that legislators and the judiciary have historically taken to grant board members a lot of discretion in decision-making, these are being rebalanced to force responsibility on boards in situations such as the ones here described. Perhaps it will be in the form of fines or other sanctions implemented at the regulatory level, such as prohibiting a director, temporarily or for ever, from serving on boards. And until then, negative media coverage, excoriating criticism and relentless shaming will no doubt continue.

It is time for corporate directors everywhere to understand that expectations have changed, and to welcome becoming an active part of efforts that will help prevent the deaths of hundreds and the cheating of millions.


Footnotes

[1] Andrew Jánszky is an independent lawyer with more than 40 years’ experience in international capital markets, mergers and acquisitions, corporate governance and compliance, and has served as a board member of exchange‐listed companies.

[2] United States of America v. Embraer S.A., Deferred Prosecution Agreement, 24 October 2016, p. 4.

[3] United States of America v. Latam Airlines Group S.A., Deferred Prosecution Agreement, 25 July 2016, p. 4

[4] Gelles, David; Kitroeff, Natalie, ‘Boeing’ Boeing ousts Top Executive as 737 MAX Crisis Swells’, The New York Times, 22 October 2019.

[5] Koening, David and The Associated Press, ‘After Pressure From Congress, Boeing Chairman Says CEO Won’t Get Bonus Until MAX Flies’, Fortune, 6 November 2019.

[6] Kitroeff, Natalie; Gelles, David, ‘It’s More Than I Imagined’: Boeing’s New C.E.O. Confronts its Challenges’, The New York Times, 5 March 2020.

[7] Marchand v. Barnhill, 212 A.3d, 805 (Del. 2019).

[8] id. p. 807.

[9] Inter-Marketing Group United States v. Gregory L. Armstrong, C.A. No. 2017-0030-TMR

[10] In Re Clovis Oncology, Inc. Derivative Litigation, C.A. No. 2017-0222-JRS

[11] Stewart, James B, ‘Problems at Volkswagen Start in the Boardroom’, The New York Times, 24 September 2015; Griswold, Alison, ‘Now That Uber Has a New CEO, Employees Say Its Board Needs to ‘Grow up’’, Quartz, 2 September 2017; Kitroeff, Natalie; Gelles, David, ‘Boeing Fires C.E.O. Dennis Muilenberg’, The New York Times, 23 December 2019; Gardner, Eriq, ‘CBS Faces Credibility Questions Over Leslie Moonves Investigation’, Hollywood Reporter, 8 August 2018; ‘Airbus Executives Get Swept Away by a Corruption Investigation’, The Economist, 8 February 2018; Tan, Gillian, et al., ‘WeWork Plows Ahead with IPO Plans after Reshaping Board to Counter Skepticism’, Los Angeles Times, 13 September 2019; Carr, Austin, ‘Chipotle Eats Itself’, Fast Company, 16 October 2016; Phillips, Dom, ‘The swashbucking meat tycoons who nearly brought down a government’, The Guardian, 2 July 2019; Cassin, Richard L, ‘Zimmer Biomet Holdings pays $30 million to resolve new FCPA changes’, The FCPA Blog, 12 January 2017; Watson, R T, ‘Vale’s Management Team Is on Thin Ice After Deadly Dam Break’, BNN Bloomberg, 28 January 2019; Neumann, William, ‘Tyson Settles U.S. Charges of Bribery’, The New York Times, 10 February 2011; Schipani, Andres, ‘Petrobras in $853 million settlement of bribery case that rocked Brazil’, The Financial Times, 27 September 2018; Presley, Linda, ‘The largest foreign bribery case in history’, BBC World Service, 21 April 2018; ‘Chile’s SQM paying $30 million to resolve U.S. corruption cases’, Reuters, 13 January 2017; Cassin, Richard L, ‘Former Chile mining executive to settle FCPA offenses’, The FCPA Blog, 25 September 2018.

[12] Dick, A, Morse A & Zingales, L, “How pervasive is corporate fraud?”, Review of Accounting Studies, 5 January 2023

[14] US Department of Justice, Criminal Division, ‘Evaluation of Corporate Compliance Programs’, April 2019, pp. 2 and 3.

[15] Kiemash, Stephen; Doyle, Rani, Report: ‘Eight priorities for boards in 2020’, EY Center for Board Matters, 19 November 2019, p. 9.

[16] Peters, Justin, ‘How Wells Fargo Became Synonymous with Scandal’, Slate, 28 November 2020; Phaneuf, Alicia, ‘Top 10 Biggest Banks US Banks by Assets in 2022’, Insider Intelligence, 2 January 2022; Felba, David, Ahmad, Renan, ‘The world’s 100 largest banks, 2021’, S&P Global Market Intelligence, 23 April 2021.

[17] McLean, Bethany, ‘How Wells Fargo’s Cutthroat Culture Allegedly Drove Bankers To Fraud’, Vanity Fair, 31 May 2017.

[18] Office of the Comptroller of the Currency, ‘Notice of Changes for Orders of Prohibition And Orders to Cease and Desist and Notice of Assessments of Civil Money Penalty’, 23 Jan 2020, pp. 4–6.

[19] id. p. 20.

[20] Independent Directors of the Board of Wells, Fargo & Company, ‘Sales Practice Investigation Report’, 10 April 2017 (‘Board Report’), p. 6. As mentioned, the Board Report was commissioned by the Independent Directors of the Wells Board but prepared by Shearman & Sterling. I was an associate and partner at Shearman & Sterling for 34 years, leaving for another firm some seven years before the Board Report was produced. I think it is a well-done report, with a notable exception: the board receives only three minor criticisms in the Board Report, pp. 16–17. In light of the House Report, further regulatory actions and law suits, I consider this a significant shortcoming. Others were harshly critical: the Los Angeles Times called it a ‘whitewash’ and Howell Jackson, a chaired professor at Harvard Law School, was merciless: he labelled parts describing the Board Report (which he insisted on calling the ‘Shearman & Sterling Report’) as ‘self-serving and silly’, containing at least two ‘false narratives’, and, ‘one great big whopper’ regarding when the board first had knowledge of abuses (Jackson believes it was in 2011, while the Board Report has it at 2014). Michael Hiltzik, ‘Wells Fargo scandal report details board of directors’ dereliction of duty, gives them a pass’, Los Angeles Times, 10 April 2017; Howell Jackson, ‘One Take on the Report of the Independent Directors of Wells Fargo: Throw the Bums Out’, Harvard Law School Forum on Corporate Governance, 22 April 2017.

[21] McLean (footnote 17, above).

[22] Reckard, E Scott, ‘L.A. Sues Wells Fargo, Alleging ‘Unlawful and Fraudulent Conduct’, Los Angeles Times, 4 May 2015.

[23] Korey, James Rufus, ‘Wells Fargo to pay $185 million Settlement for ‘outrageous’ sales culture’, Los Angeles Times, 8 September 2016.

[24] Tayan, Brian, ‘The Wells Fargo Cross-Selling Scandal’, Stanford Closer Look Series, p. 3.

[25] Egan, Matt, ‘Elizabeth Warren’s Epic Takedown of Well Fargo CEO’, CNN Business, 21 September 2016.

[26] ‘Wells Fargo Chairman CEO John Stumpt Resigns; Board of Directors Elects Tim Sloan CEO, Director; Appoints Lead Director Stephan Sanger Chairman, Director Elizabeth Duke Vice Chair’, Business Wise, 12 October 2016; ‘Tim Sloan Named Wells Fargo’s President and Chief Operating Officer’, https://newsroom.wf.com, 17 November 2015.

[27] Office of the Controller of the Currency, ‘Press Release’, 28 April 2018; Board of Governors of the Federal Reserve System, ‘Press Release’, 2 February 2018.

[28] The Majority Staff of the Committee on Financial Services, US House of Representatives, ‘The Real Wells Fargo: Board & Management Failures, Consumer Abuses and Ineffective Regulatory Oversight’, 1 March 2020 (‘Wells House Report’), p. 58.

[29] id. p. 61.

[30] Merte, Renae, ‘After years of apologies for customers abuses, Wells Fargo CEO Tim Sloan suddenly steps down’, The Washington Post, 28 March 2019.

[31] ‘Wells Fargo Names Charles W. Scharf Chief Executive Officer and President’, https://newsroom.wf.com, 27 September 2019.

[32] Office of the Controller of the Currency; ‘Press Release’. 28 April 2018.

[33] Schroeder, Pete, ‘Fed’s Powell says Wells Fargo cap to stay until problems fixed’, Reuters, 22 September 2021.

[34] Consumer Financial Protection Bureau, Consent Order, In the Matter of Wells Fargo Bank N.A., Administrative Proceeding, File No. 2022-CFPB-011, 20 December 2022.

[35] If you read footnotes, you deserve a bonus. Here goes. In November 2022, police in India arrested a ‘top banking executive’ for allegedly urinating on a 72-year old woman in the business class of a flight from New York to New Delhi. The executive worked for Wells Fargo. Yasir, Sameer, ‘Bank Executive Accused of Urinating on a Fellow Airline Passenger’, New York Times, 7 January 2023.

[36] Wells Board Report, p. 14.

[37] Wells House Report, p. 46.

[38] id. p. 44.

[39] The Majority Staff of the Committee on Financial Services, US House of Representatives, ‘The Real Wells Fargo: Board & Management Failures, Consumer Abuses and Ineffective Regulatory Oversight’, 1 March 2020 (‘Wells House Report’), pp. 39, 50–58; Office of the Controller of the Currency, ‘Press Release’, 28 April 2018; Board of Governors of the Federal Reserve System, ‘Press Release’, 2 February 2018.

[40] Board of Governors of the Federal Reserve System, Board Letter re: Accountability as Lead Independent Director of Wells Fargo & Company Board of Directors. Washington, DC: The Federal Reserve, 2 February 2018.

[41] See also the discussion on Vale, below.

[43] Ennis, Dan, ‘2018 asset cap has cost Wells Fargo $220B in market value’, Banking Dive, 9 May 2020.

[44] Ennis, Dan, ‘Wells Fargo has missed out on $4B in profits since asset cap’, Banking Dive, 25 August 2020.

[45] Sposito, Sean, ‘2017 reputation survey: Banks avoid the Wells Fargo drag’, American Banker, 27 June 2017.

[46] Cross, Miriam, ‘2022 bank reputation survey: Payoff for thinking outside the box’, American Banker, 28 November 2022.

[47] NS Energy Staff Writer, ‘Top Five Iron Producing Company of the World from Rio Tinto to the National Mineral Development Corporation’, NS Energy, 1 September 2020.

[48] Relatório Final da CPI, Câmara dos Deputados, Comissão Parlamentar de Inquérito, ‘Rompimento da Barragem de Brumadinho’, outubro de 2019 (‘CPI Report’), p.27.

[49] id. pp. 27, 38–53.

[50] Extraordinary Independent Consulting Committee for Investigation – CIAEA, Executive Summary of the Independent Investigative Report – Failure of Dam 1 of the Córrego de Feijão Mine – Brumadinho, MG, 20 Feb 2020, p.6.

[51] id. p. 27.

[52] id. p. 40.

[53] id. p. 27.

[54] id. p. 34.

[55] id. p. 40.

[56] id. p. 34.

[59] id. p. 35.

[60] id. p. 39.

[61] Useem, Jerry, ‘The Long-Forgotten Flight That Sent Boeing Off Course’, The Atlantic, 20 Nov 2019.

[62] Callahan, Patricia, ‘So why does Harry Stonecipher think he can turn around Boeing’, Chicago Tribune, 29 Feb 2004.

[63] Committee on Transportation and Infrastructure, ‘The Design, Development & Certification of the Boeing 737 MAX’, US House of Representatives, 2020 September (‘Boeing House Report’), p. 37.

[64] Useem (footnote 61, above).

[65] Hiltzik, Michael, ‘Boeing’s Board Shouldn’t Escape Blame in 737 MAX Scandal’, Los Angeles Times, 3 Jan 2020. For a thorough and well-written account of the MAX fiasco, see Robinson, Peter, Flying Blind: The 737 MAX Tragedy and the Fall of Boeing (Doubleday, 2021).

[66] Boeing House Report, p. 113.

[67] id. pp. 165–6, 174–182.

[68] Boeing Deferred Prosecution Agreement, justice. gov., 7 Jan 2021.

[69] In Re Boeing Co. Derivative Litig. No. 2019–0907–MTZ WL 4059934 (Del. Ch. 7 September 2021).

[70] id. pp. 8–9.

[71] id. pp. 10–12.

[72] id. pp. 12–18.

[73] id. pp. 34.

[74] id. p. 40.

[75] id. p. 43.

[76] id. p. 46.

[78] id. p. 50.

[79] id. p. 52.

[80] id. pp. 53–54.

[81] id. pp. 55–56.

[82] id. p. 56.

[83] id. pp. 92–94.

[84] Shepardson, David, ‘Boeing directors agree to $237.5 million settlement over 737 MAX Safety Oversight’, Reuters, 5 November 2021.

[85] Wells Fargo. 2021 ‘Notice of Annual Meeting and Proxy Statement’.

[86] See footnote 68.

[87] Ungarino, Rebecca; Johnson, Carter; Tyson Taylor, ‘Wells Fargo has added nearly 90 series hires from JPM, MNY, and other firms in what Charlie Scharf has called a dramatic change to leadership. Here’s our exclusive look at the stunning overhaul’, Business Insider, 14 January 2022.

[88] Kanter, Rosabeth Moss, ‘It’s time for Boeing’s new CEO to restore trust by putting people first’, CNN Business Perspectives, 15 Jan 2020.

[89] Edmondson, Amy C, ‘Boeing and the Importance of Encouraging Employees to Speak Up’, Harvard Business Review, 4 May 2019.

[90] Davis, Stephan; Guerra, Sandra, ‘Crisis – Resilient Boards: Lessons from Vale, Harvard Law School Forum on Corporate Governance’, 23 February 2021.

Unlock unlimited access to all Latin Lawyer content