Wells Fargo Bank International Unlimited Company reprimanded and fined €5,880,000 by the Central Bank of Ireland for regulatory reporting breaches and related governance failings

On 3 July 2019, the Central Bank of Ireland (the Central Bank) reprimanded and fined Wells Fargo Bank International Unlimited Company (WFBI or the Firm) €5,880,000 for serious failings in its regulatory reporting capability and compliance.

The Firm has admitted five breaches.  The breaches varied in duration from 1 January 2014 to 28 February 2019.  The breaches include failure to accurately report the Firm’s capital position and to comply with a requirement in relation to liquidity testing.

The Central Bank determined that the appropriate fine was €8,400,000, which was reduced by 30% in accordance with the settlement discount scheme provided for in the Central Bank’s Administrative Sanctions Procedure.

The Central Bank’s investigation into the Firm commenced following a thematic inspection of regulatory reporting (the Inspection) in five peer credit institutions in 2016.  The Inspection focused on end-to-end processes, internal controls and governance of regulatory reporting. 

The Central Bank found serious and systemic failings in the Firm’s regulatory reporting capability, relating to the following:

• Failure to calculate and report accurately the Firm’s capital position
• Failure to periodically monetise a sample of liquid assets, as required by legislation
• Weak governance arrangements including lack of robust Board and senior management oversight
• Inadequate internal control mechanisms including a failure to properly document processes and procedures 
• Inadequate review by internal audit of regulatory reporting processes and procedures
• Weaknesses in IT systems and a significant number of manual adjustments used to prepare regulatory returns

The governance arrangements and internal controls relating to regulatory reporting requirements in place at the time were inadequate to such an extent that the Firm did not detect its own non-compliance with those requirements.

Seána Cunningham, the Central Bank’s Director of Enforcement and Anti-Money Laundering, said:

“It is a minimum requirement of being regulated by the Central Bank that firms submit accurate and timely regulatory returns.  Regulatory returns are a tool used by the Central Bank to monitor the financial position of credit institutions and the risks to which they are exposed.  The submission of inaccurate information undermines the Central Bank’s ability to properly supervise.  Miscalculation and misreporting of the Firm’s capital position, in particular, is a fundamental failure.  A firm understanding its capital position, and the accurate reporting of this in its returns are of paramount importance to understanding its safety and soundness.  This enforcement action refers to failings in relation to both capital reporting and liquidity testing.  For that reason it is considered to be particularly serious.

A firm must have strong internal controls in place to ensure the accuracy and integrity of its data before submitting it to the Central Bank.  Robust governance arrangements, including sound accounting procedures, are the responsibility of the board of directors and are necessary to maintain the integrity of the firm’s regulatory reporting systems and for the early detection of risks.  Deficiencies in governance arrangements expose firms to unnecessary risk in all areas of their business. 

WFBI’s serious failings are of concern to the Central Bank and indicate that there was a poor compliance culture as it pertained to regulatory reporting.  The financial penalty imposed by the Central Bank reflects the widespread systemic failures in this instance, and the importance of regulatory returns as a tool used by the Central Bank to supervise firms.” 

BACKGROUND

WFBI is a public unlimited company, authorised by the Central Bank to carry on banking business pursuant to Section 9 of the Central Bank Act, 1971.  It is a wholly-owned, indirect subsidiary of Wells Fargo & Company, a US-based multinational banking and financial services holding company.  WFBI’s audited accounts for year ended 31 December 2018 show a turnover of US$586,427,000 and an operating income of US$340,264,000.

WFBI is a categorised as a Less Significant Institution (LSI).  Each bank’s rating is based on criteria relating to, amongst other factors, its size, its importance to the economy and the significance of its cross-border activities.  LSIs are subject to a proportional level of supervision.  The level of supervisory engagement with the Central Bank differs depending on whether a credit institution is categorised as a Significant Institution or an LSI.  The Central Bank places significant reliance on the regulatory returns submitted by LSIs in order to supervise them appropriately. 

PRESCRIBED CONTRAVENTIONS

The Central Bank’s investigation identified the following five breaches by the Firm:

Contravention 1

Failure to maintain robust governance arrangements in relation to regulatory reporting

Contrary to Regulations 61(1) and 76(1) and 2(a) to (d) of the European Union (Capital Requirements) Regulations 2014 (S.I. 158 of 2014) (the CRD Regulations) transposing Directive 2013/36/EU (CRD IV), the investigation found that the Firm failed to maintain robust governance arrangements and the board of directors failed to adequately oversee the implementation and monitoring of governance arrangements in relation to the regulatory reporting framework.  The failings, which resulted in inaccurate reporting to the Central Bank, were as follows:

Lack of oversight by senior management

Specifically, the board of directors did not monitor and periodically assess the effectiveness of the Firm’s regulatory reporting governance arrangements nor did it take adequate steps to address these deficiencies at the time.  Procedural documentation was not subject to review by senior management.

Weaknesses in governance arrangements

There were inadequate processes and governance arrangements in place to check the accuracy of regulatory returns.  The Firm failed to reconcile data to source systems.  Additionally, the Firm lacked an integrated data system which necessitated an excessively high level of manual adjustments to produce the returns.  There was no specific process governing the operation of these manual adjustments, creating a high risk of inconsistency and inaccuracy.  .

These failings contributed to incorrect calculations and the submission of inaccurate regulatory returns to the Central Bank.

Internal Audit failures

Internal audit provides independent assurance to the board of directors of the effectiveness of internal controls and governance.  The investigation found that there were failings in relation to the Firm’s internal audit activities relating to regulatory reporting.  In particular, there were substantial gaps in the scope, depth and frequency of the internal audit review and testing of the regulatory reporting processes and procedures.

Contravention 2

Failure to develop, document and maintain policies and procedures

During the period 1 January 2014 to 28 September 2017, contrary to Article 318(1) of the Capital Requirements Regulation ((EU) No 575/2013) (CRR), the Firm failed to develop and document specific policies for the allocation of business lines to the prescribed indicators when implementing the Standardised Approach for Operational Risk pursuant to Article 317 of CRR for the purpose of calculating its Pillar I Operational Risk capital requirements.

Calculation of Own Funds

For operational risk purposes, firms are required to hold sufficient own funds to cover their operational risk capital requirements and ensure that they are adequately capitalised.  One of the approaches which firms may adopt to calculate their Pillar 1 Operational Risk capital requirements is the Standardised Approach, which is outlined in Article 317 of the CRR.  This approach is fully prescribed in the CRR and firms are required to follow this approach as prescribed.

As a result of the Firm's lack of policies and procedures for the mapping of business activities to prescribed indicators, the Firm did not have controls in place to ensure the accuracy of its Operational Risk capital requirements.  The accurate calculation of Pillar 1 capital requirements is key to determining whether a firm’s own funds are sufficient to meet these requirements.

Additionally, the Firm’s procedures for the calculation of the Operational Risk capital charge specified the use of net income for the calculation of the Operational Risk capital charge whereas it should be calculated on the basis of gross income as required under CRR.  This led to a risk of the Firm miscalculating its Pillar I Operational Risk capital requirement.

Contravention 3

Failure to submit revised returns when audited figures were signed off

In relation to its December 2015 returns, the Firm breached Article 3(4) of the Commission Implementing Regulation (EU) No 680/2014 of 16 April 2014 laying down implementing technical standards with regard to supervisory reporting of institutions according to Regulation (EU) No 575/2013 of the European Parliament and of the Council (Regulation (EU) 680/2014).  Article 3(4) requires the re-submission of relevant returns without delay to reflect external audited figures, once the audited figures are available.

WFBI failed to submit the relevant revised returns which reflected the most recent audited accounts.  This resulted in its regulatory returns providing an inaccurate representation of the Firm’s capital and financial reserves.

Contravention 4

Failure to periodically monetise a sample of liquid assets

For the year 2015, WFBI breached Article 8(4) of the Commission Delegated Regulation (EU) 2015/61 of 10 October 2014 to supplement Regulation (EU) No 575/2013 of the European Parliament and the Council with regard to liquidity coverage requirement for Credit Institutions (Regulation (EU) 2015/61) which requires credit institutions to periodically monetise a sample of liquid assets, which are adequate to test access to the market for those assets and their usability.

The Firm did not monetise a portion of its High Quality Liquid Assets (HQLAs) on a periodic basis, as required under Article 8(4).  HQLAs are unencumbered assets that can be converted easily and immediately in private markets into cash to meet liquidity needs. 

Contravention 5

Miscalculation of exposure values for loans and receivables and off balance sheet items

In the December 2015 regulatory returns, WFBI breached Article 111(1) of CRR which requires credit institutions and investment firms, as part of the capital requirement calculations, to calculate the exposure value of an asset item as its accounting value remaining after specific credit risk adjustments, additional value adjustments (as per Articles 34 and 110 of CRR) and other own funds reductions related to the asset item.  Specifically, the Firm incorrectly included grossed up loans for the collective and specific impairments in its calculations of the exposure values for loans and receivables.

Additionally, the exposure value of off-balance sheet items is required to be calculated based on the risk classification outlined in Annex I of CRR.  Credit Conversion Factors (CCFs) are applied based on this categorisation in determining the credit risk capital requirements.  WFBI incorrectly reclassified some off-balance sheet exposures in calculating the exposure value for off-balance sheet items.  This classification resulted in incorrect CCFs being applied to WFBI’s off-balance sheet exposures and was a breach of Article 111(1) of CRR.  As a result, credit risk capital requirements, which are an integral part of a Firm’s capital ratios, were not accurately reported to the Central Bank in the regulatory returns.  Therefore, the Central Bank could not determine with accuracy the capital position of the Firm.

REMEDIATION

In March 2017, seven risk mitigation programmes (RMPs) were issued to the Firm as a result of the Inspection.  The Firm initially did not complete the required remedial action necessary to address the deficiencies and risks identified by the Central Bank, and deadlines were extended.  The Central Bank is satisfied that, following extensive engagement, the Firm has now taken the necessary steps to rectify the failings that gave rise to the breaches.

PENALTY DECISION FACTORS

In deciding the appropriate penalty to impose, the Central Bank has taken the following into account:

• The nature and seriousness of the breaches, which revealed serious and systemic weaknesses in the Firm’s regulatory reporting capability.
• The importance of the submission of accurate and timely regulatory returns, to support the Central Bank’s ability to properly supervise the Firm
• The extended period of time over which some of the breaches occurred – spanning the period from 1 January 2014 to 28 February 2019
• The need for an effective deterrent impact on the Firm, other LSIs  and other regulated entities
• The financial position of the Firm and the need to impose a proportionate level of penalty
• The Firm has not been the subject of any prior enforcement action
• The Firm’s cooperation with the Central Bank during the investigation

MITIGATING FACTOR

The Firm made full admissions at the earliest opportunity in the process.  This permitted the Central Bank to make time, cost and resource savings.

The Central Bank confirms that the investigation into the Firm is now closed.

NOTES

1. This is the Central Bank’s 131st settlement since 2006 under its Administrative Sanctions Procedure, bringing the total fines imposed by the Central Bank to over €96 million.

2. Funds collected from penalties are included in the Central Bank’s Surplus Income, which is payable directly to the Exchequer, following approval of the Statement of Accounts.  The penalties are not included in general Central Bank revenue.

3. The fine reflects the application of an early settlement discount of 30%, as per the discount scheme set out in the Central Bank’s “Outline of the Administrative Sanctions Procedure 2018” which is here. 

4. CRD IV was transposed into Irish Law by the CRD Regulations and applied from 31 March 2014.  CRD IV sets out the rules relating to corporate governance and capital buffers.

5. CRR is directly applicable to Member States and applied from 1 January 2014.  CRR sets out the rules relating to capital requirements, liquidity buffers, leverage ratio and credit, market and operational risks.

6. Regulation (EU) 680/2014 is directly applicable to Member States and applied from 1 January 2014.  It sets out the uniform requirements in relation to supervisory reporting for, inter alia, own funds requirements, large exposures, leverage ratio and liquidity coverage.

7. Regulation (EU) 2015/61 is directly applicable to Member States and applied from 1 October 2015.  It sets out the rules specifying the liquidity coverage requirements.

8. LSIs are banks that do not pose a significant risk to the financial stability of the economy or to the Euro area as a whole.  This rating is based on criteria relating to, inter alia, a bank’s size, its importance to the economy of a specific euro area country or the EU as a whole, and the significance of its cross-border activities.  The majority of LSIs are smaller banks whose assets do not exceed €30 billion.  They are subject to a lower level of supervision than Significant Institutions.

9. RMPs are issued by supervisors in the Central Bank for risks that are rated as medium-high or high.  RMPs require firms to take outcome-focussed actions to reduce the risk to an acceptable level by a given deadline.