How many “risk management fails” can Wells Fargo endure?

I have attached copy of my November 11, 2016 blog that appeared on LinkedIn.  At that time, I disagreed with the solution proposed by John Stumpf (CEO) and the Board of Directors of Wells Fargo.  Their initial solution was to discontinue the sales incentive goals.  If you remember the slogan, “Eight is great.”  This referred to a goal of 8 cross-sell products for each employee.  My point was that setting appropriate goals are fine if the goals have the oversight and reporting on “how employees achieve goals aligned with proper risk and compliance processes.”  The “how” must also include robust customer complaint monitoring. The Board and investors were clearly not informed on how goals were achieved.

My view is that Wells Fargo does not appear to have a robust risk management and compliance culture. The Washington Post has a great article by Renae Merle on August 31, 2017 titled “Wells Fargo finds an additional 1.4 million potentially fake accounts.”  These accounts show process failures going back for years with poor oversight as the customer impact is much larger than the estimate of 2.1 million fake accounts. Couple this recent finding of an additional 1.4MM fake accounts with the April 6, 2017 article, “Wells Uncovers More Abuses” reported by Emily Glass and Ruth Simon in the Wall Street Journal. The April report identified sales tactics problems (not included in the 3.5 million just reported) that were pervasive and not monitored. The evidence showed that Wells Fargo retail branch employees “pressured” small businesses into complex merchant servicing contracts by overstating the small business’s sales revenue to circumvent policies that verified the suitability of the contract for the small business customer.  The employee attained greater cross-sell product sales but at a detriment to the small business customer.

I strongly recommend that the Wells Fargo Board of Directors read my initial blog ” Sales Incentive Plans that Align with Regulatory Guidance – November 11, 2016″  to improve their risk and compliance oversight.



Risk Management Gets Tested


The US wakes up the first Monday after the catastrophic Houston flooding and risk managers will face questions on how to act. The phrase “Think Globally, Act Locally” rings true as most of the risk management actions will be locally focused in the Gulf Coast, but the negative impact on asset valuations will be felt across all US companies. Undoubtedly, our country’s priority is to support and protect the people along the Gulf Coast. However, let’s focus on risk management decisions that drive the economic impact to a company’s business and their employees’ and customers’ lives. Here are typical questions that the Board of Directors and Senior Management should be asking of their Risk Management teams.

1)     Are all employees safe and have we acted on the worksite contingency plan?

2)     What is our customer care policy and what is the communication plan for changes that must be made in our customer service network?

3)     What changes in debt collection, insurance payments, and lending will be instituted and how will it impact the customer, income statement, brand, and our regulatory compliance process?

4)     Do we have proper geographic risk management reporting? How long before we have accurate risk assessments of the impact to our employees, customers, and our financials?

5)     What are the forecasts for delinquency rates, recovery rates, write-off rates, and customer service staffing requirements?

6)     How has the company adjusted its models since these episodic events are NOT included in regulatory macroeconomic conditions and are underweighted in historical data?


Hurricane Harvey is the first real test of risk management leadership after the Great Recession of 2008.

Hurricane Harvey Risk Advisory – Investments

The US wakes up the first Monday after the catastrophic Houston flooding and the country is a bit poorer today.  Hurricane Harvey should have a negative impact on both the bond and equity markets, given the broad impact to business and consumers and the potential for increased government borrowing against a pending debt ceiling limit. I am writing because the usual media investment advice is following the usual albeit tired litany for hurricanes such as: watch out for insurance company losses; rising gas prices due to Gulf refinery shutdowns; buy any dips in the equity market, and specifically buy Home Depot and Lowe’s as they benefit from the rebuilding effort. Undoubtedly, our country’s priority must be to support and protect the people along the Gulf Coast, but I believe the risks are much broader than what is being discussed.

Let me focus on other companies that may be exposed to this event in the Gulf Coast. This analysis is purely based on my risk assessment, and my oversight role in managing money for my family foundation. I do have some equity positions in some of these companies as full disclosure. Please consult your financial adviser to review your risk tolerance and financial objectives before making any investment decisions.

What is so important in my mind in investing is what risk management details are provided in 10K’s and 10Q’s for investors. You will find that many companies do NOT break out regional or even state geographic concentrations, which are most helpful in assessing credit and operational risk from episodic events like Harvey. As a good risk management practice, large concentration risks should have an action plan framework so that management and the Board of Directors can make decisions quickly. Boards should proactively review event-based frameworks for any major concentration as part of annual risk management assessments. Here is my list of heightened risk exposures:

1)     JP Morgan (JPM) has the largest deposit base ($83B, 4.2% market share) and by that measure is one of the largest banks in the Houston area. JPM also has the United Credit Card program and Houston is the second largest hub for United Airlines. Risk managers use airport hubs as a credit card customer acquisition strategy. Collection of credit card debt from hurricane losses takes patience and thoughtful risk management decisions to minimize losses. The key is customer care that generates improved recoveries but the recoveries usually occur after a spike in delinquency rates that creates reserve volatility on the income statement.

2)     The next largest banks by customer and business deposits as a proxy for customer lending exposure in the Houston area are: Wells Fargo ($25B, 1.5% of deposits). Bank of America ($20.5B, 1.2% of deposits), BBVA’s Houston subsidiary (15% of subsidiary deposits), and Zion Bank (Subsidiary Amergy) (15% of Zion’s Deposits). These banks should expect higher delinquency rates and must manage regulatory expectations, which remain high especially regarding settlement and collection practices.

3)     This will be the first test of FinTech lenders’ collection strategies and there is no meaningful risk data by geography to assess true exposures.

4)     The largest home insurers by premium written in this region are: State Farm ($1.7B premiums, 22% market share); Allstate ($765MM premiums, 9.7% market share). Please remember homeowner’s insurance does not cover floods and usually requires separate flood insurance. Therefore, there will be higher mortgage delinquencies, increased demand for government support, and overall lower debt collection from all customers in the Gulf coast region. The largest auto insurers by premiums underwritten are: State Farm (16.2% market share); Progressive Auto (8.56% market share); Allstate (7.3% market share).


In my opinion, Hurricane Harvey losses could exceed expectations and ongoing monitoring is key to any risk management or investment decision. The stock market did not heed my risk assessment and it opened higher this morning on August 28, 2017 because of the positive interest rate and regulatory implications from Jackson Hole. Investors may not be risk-adjusting returns given the potential outcomes of hurricane Harvey, the debt ceiling vote, tax reform, and debt collection regulatory scrutiny. Perhaps I am a bit bearish, so take that into consideration with your cup of coffee.

Recognizing Diversity and the Evolution of Risk Management

Bob Phelan

Financial Risk / Asset Management / Advisor

One advantage of a long career in one business function is the ability to provide perspective on how the function has evolved. This year, I have taken the time to explore risk management options in different industries, evaluated the risk needs of corporate boards, and identified pricing of risk assets as part of my investment oversight role.

Risk management has improved over the last 15 years by:

1)    Expanding the role of risk management to cover the full spectrum of potential risks

2)    Collaborating with Compliance, Audit, Finance, Human Resources, and the Board

3)    Embraced diversity of leadership within risk management which is providing more opportunities for Women, Minorities, and Veterans

4)    Improving transparency and reporting of risks to all levels of management and the Board

5)    Providing trusted due diligence on new products, M&A activity, and strategic decisions

6)    Building a diverse risk culture with increased communication venues to discuss shareholder goals, customer engagement, employee satisfaction, competitive threats, and social impacts

When I started as a risk manager with Bankers Trust in the late 1980s, we leveraged data and analytics to identify risk drivers, determine P&L volatility (value-at-risk (VaR)), and estimate return on credit and market risk-adjusted capital (RAROC) as a framework for strategic decisioning. Almost every risk manager was quantitatively trained and a programmer. Risk management functions continue to use the latest technology to support profitable business opportunities. At the start of my career, I utilized a Cray Computer and a 3rd Party database of all collateralized mortgage obligations to monitor valuations of arbitrage positions and provide independent risk assessments which gave the firm a competitive advantage. Recently, my teams used text-mining to take action on customer feedback, implemented realtime data updates for transaction processing, controlled targeting using social media data, and leveraged BigData with machine learning models to improve prediction of risk and customer preferences.

Over the past 15 years, Risk Management has expanded its remit with broader assessments within the three main risk categories: credit, market, and operational risk. All have been influenced by regulatory requirements such as Basel and CCAR capital planning, as well as Dodd Frank resolution planning, Volker rule, and numerous other requirements. However, regulatory capital requirements have been hard to rationalize especially for operational risk. That said, risk leaders have engaged in improving operational risk processes and systems as they were trying to lower the risk capital requirements. We have made progress across operational risk by improving processes for 3rd party risk, anti-money laundering & sanctions, regulatory adherence, compliance, technology risk, reputational risk, fraud, cybersecurity, privacy, litigation risk, and human resource risk. The recent coordination with compliance and audit functions eliminates costly redundancy in assessing operations and systems. Due to the integration of risk management with other control functions, risk management teams now come from a variety of backgrounds and diverse cultures that benefits the entire organization.

There are some concerns that accompanied the evolution of Risk Management:

1)    The recent regulatory environment drove the creation of three lines of defense and created a higher cost structure that does not effectively drive risk-balanced decisions with clear accountability. On the positive side, the three lines of defense enhanced regulatory relationships as regulators relied upon the second line of defense to be the internal regulator that supplies analysis to them. The challenge role of the second line of defense can alter first line decisions but has been inefficient because it may: require extra documentation of challenge resolutions, address issues late in a new initiative execution plan, and lack measures of success.

2)    The current risk management environment primarily relies upon regulatory models as they are drivers of firm capital requirements. The regulatory models may increase systematic risk because the regulatory guidelines create similar models across the industry, and they use similar time periods of data to develop the models.

3)    Almost all risk assessments are based on models, historical data and typical risk scenarios impacting company assets, liabilities, and processes. However, there are numerous scenarios that are atypical but are not considered in current risk scenarios. In today’s world, the list of possible risk events is long and the world is unstable. There are competitive threats (Amazon, Fintech, foreign competition from China and India), disruptive technologies ( self-driving cars, automation/robots displacing workers, expanded mobile and digital capabilities), and government/political risks (trade wars, taxes, tariffs, sanctions, Federal Reserve raising short interest rates and impacting segments, Fed reducing its $4.5 trillion balance sheet and raising long interest rates and impacting segments, cybersecurity and impact on the electric grid, financial system, food systems), military risks (war, nuclear incident, impacting various geographic locations), social risks (decline of small business profitability impacting local communities, outsourcing of jobs to low-cost countries, minimum wage issues, moral and political suasion on financial obligations like debt repayment, changes in debt and bankruptcy forgiveness, tax policy implications especially mortgage and interest deductions, and healthcare cost implications).

Risk leaders have an obligation to preserve their firm value and drive profitable growth for the company, employees, customers, and society. There has been great progress and risk management is well-represented across many industries today. Risk leaders must continue to work with senior management and the board to establish a clear risk appetite framework and develop strategies to manage through whatever the future might bring, good or bad, from the unexpected.


Broadband is the best choice in Final Four against Facebook, Alphabet, Microsoft #FCC, #FTC,#BigData, #Privacy

Broadband is the best choice in Final Four against Facebook, Alphabet, Microsoft #FCC, #FTC,#BigData, #Privacy

A poem to research the impact of changing referees has on the investments game as the opportunity for high dividends and a higher foothold in BigData Marketing Competition.


Wake now! what light through FCC window breaks?
It is Ajit Pai, and broadband is the sun.
Arise, investors, this buffets the FAM* guns,
Who are already sick and pale with grief,
That Pai has made FCC Privacy more fair than FTC:
Be not so quick consumers to judge this win,
Our choice on personal data to 3rd Parties is a sin.
But on a comparison of valued added by data capture,
AT&T, Verizon, and Comcast delivers rapture.
Any investor should immediate consider in the latter,
And none but fools do wait, or else end up sadder.

* FAM = Facebook, Alphabet, Microsoft



McKinnon, John. “Privacy Provision Eases for Telecom” Wall Street Journal, 29 March 2017.

Fintech Eagles Soar with Consumer and Small Business Data

Article Topics:

How is data driving innovation and fueling the Fintech space?

What Risk Managers and Board Directors should worry about?


Blog Author Email:

LinkedIn Profile:

Date: March 5, 2017


How is data driving innovation and fueling the Fintech space?

  • The regulatory requirements for financial institutions requires a strict 3rd party control environment for Privacy, Information Security, Compliance Disclosures, and Fair Credit Reporting (Federal Reserve). The Fintech control standard is generally weaker and usually relies upon a customer granting authority to the Fintech company to have access to their bank account data. The Payment Services Directive version 2 (PSD2) in the European Union as well as Dodd-Frank Section 1033 in the USA – allow consumers to access and convey rights to 3rd parties to access their personal and business financial records. Therefore, checking account and other bank financial data can be transferred to Fintech companies to run surveillance and analysis of customer financial data, enabling Automated Clearing House payments, marketing, and credit decisions, which is fueling innovation.
  • Why are the large data sets captured by Fintech companies stirring the strong interest of investors and financial institutions? Simply said, Fintech companies know how to use the social networks, bank, credit bureau, and other 3rd party data better than traditional financial institutions. They have designed improved credit processes delivered through mobile, social networks, and cloud-services using BigData and machine-learning models.
  • What are some examples of outcomes? Fintech has found a way to tap the finite pool of credit-worthy customers with accounts at banks, acquire them cheaply, and offer them a product that is either emotionally or rationally superior. No small feat given that the banks have been doing this for 50+ years. Please see the excerpt below from a letter written by Benjamin Franklin to his daughter that defines behavior of our national symbol, the Bald Eagle, that could be analogous to outcomes mentioned above by Fintech Lending companies. However, there are many other Fintech successes ranging from customer friendly mobile apps and wallets, crowd-sourced funding, peer-to-peer marketplace, and blockchain technology for digital authentication.



Excerpt from Benjamin Franklin’s Letter to His Daughter


“For my own part I wish the Bald Eagle had not been chosen the Representative of our Country. He is a Bird of bad moral Character. He does not get his Living honestly. You may have seen him perched on some dead Tree near the River, where, too lazy to fish for himself, he watches the Labor of the Fishing Hawk; and when that diligent Bird has at length taken a Fish, and is bearing it to his Nest for the Support of his Mate and young Ones, the Bald Eagle pursues him and takes it from him.”


“For the Truth, the Turkey is in Comparison a much more respectable Bird, and withal a true original Native of America . . . He is besides, though a little vain & silly, a Bird of Courage, and would not hesitate to attack a Grenadier of the British Guards who should presume to invade his Farm Yard with a red Coat on.”


What Risk Managers and Board Directors should worry about?

  • I know that these days it seems that everyone wants less regulation. However, there are core regulatory practices in financial institutions that protect consumers and small businesses as well as the liquidity and sustainable credit worthiness of financial institutions. Financial institutions have built complete acquisition, underwriting, servicing, and collection systems, mostly on legacy platforms, but tested and refined through numerous macroeconomic conditions. They also have MIS that provides evidence of regulatory adherence for compliance, credit, and operational risk. Risk managers should evaluate risks when integrating a Fintech product with their systems. As part of oversight and due diligence, risk assessments should consider relevant risk exposures given the narrow specialization of most Fintech companies. Areas to consider include money laundering, fraud, payment and collection practices, disparate credit treatment/fair lending, truth in lending disclosures, 3rd party management, privacy choices and data sharing, information security, and other operational risks.


  • In addition to the usual risks covered above, Consider the following scenarios:
    1. The next economic downturn may be driven by changes in fiscal policy, monetary policy, or regulatory changes creating an unexpected credit impact to certain segments. The following are some examples:
      1. Consider the impact of non-deductibility of interest expense for small businesses. The firms that have low margins and high debt will clearly be at risk. Resellers of wholesale goods are the largest users of short term credit and the most vulnerable to a loss of interest deductions as they already have low margins.  In addition, consider the risk if cash advances are billed as fees and could these fees be recharacterized as interest and non-deductible. Either way, truth in lending will be a focus by the regulators.
      2. Since consumers cannot deduct credit card or loan interest today, a tax law change here may be no impact to consumers. However, watch out as mortgage interest deductions may be cut massively.  I will bet that very few financial institutions or Fintech companies have modeled the scenario where wealthy small business owners with large residential or commercial mortgages may not have enough income to offset the loss of deductions by the forthcoming tax cut. Historical analysis shows that if the small business owner defaults on their mortgage or consumer debt, there is a 70%+ chance their small business will also default.
  • There may be certain segments seriously impacted by a border adjustment tax. There is so much financial uncertainty around retail given the threat from online and potential non-deductible imported cost-of-goods-sold. Can retail produce low margin goods and clothing in the US? Probably not.  And, there is no export offset as most retailers are generally NOT large exporters.
  1. Funding – watch what happens when default rates and interest rates rise at the same time. Funding may dry up for Fintech lending portfolios but not for financial institutions.


  1. Valuation of Fintech companies: The aggregate Fintech space consists of over 1000 companies with $105 Billion invested. The current estimated market valuation of the Fintech space is $867 Billion, which is larger than the combined market capitalization of Chase/JPM ($323B), Wells Fargo ($290B), and Bank of America($242B) on February 26, 2017 (Su).  Another interesting sign of potential Fintech exuberance is the success of the LendIt and Fintech Conference in NYC on March 6-7, where there are 20+ main speakers and over 200 speakers for the exhibitors. The number of sponsors of the conference is approximately 83 which is in addition to the exhibitors (LendIt USA 2017).


  • Customer engagement happens through good communication, trust, service, financial security, and transparency. The current environment is enamored with technology innovation as evidenced by the large valuation and success of the social networks and technology companies.  The sharing of data across the technology ecosystem can have negative implications in cybersecurity, fraud, and privacy. Certain lending customer segments prefer long-standing business relationships, while millennials and other younger segments prefer the latest mobile technology and instant model-driven decisions that Fintech and leading financial institutions are providing.


The amount of data being captured today fuels faster decisions and better targeting, but certain customer segments want more transparency and control of their data in the future of risk management.


This blog reflects personal views, opinions and positions associated with my role in RiskDirector, LLC. and those providing comments on this blog are theirs alone, and do not necessarily reflect the views, opinions or positions of the companies discussed, current or former employer companies, nor of the authors in the works cited. I make no representations as to accuracy, completeness, timeliness, suitability or validity of any information presented and/or commenters on my blogs and will not be liable for any errors, omissions, or delays in this information or any losses, injuries or damages arising from its display or use.

I reserve the right to delete, edit, or alter in any manner I see fit blog entries or comments that in my sole discretion, deem to be obscene, offensive, defamatory, threatening, in violation of trademark, copyright or other laws, of a commercial proprietary nature, or otherwise unacceptable.



Department of Commerce. 2016 Top Markets Report Financial Technology (n.d.): n. pag. 2016 Top Markets Report Financial Technology. U.S. Department of Commerce, 2016. Web. Feb. 2017. <;.

Federal Reserve. “Fair Credit Reporting Act.” Consumer Compliance Handbook (2016): FCRA, SourceMedia. Nov. 2016. Web. Feb. 2017. <;.

“FinTech Landscape.” VB Profiles. Spoke Intelligence, 2017. Web. Feb. 2017. <;.

Franklin, Benjamin. “Turkey Quotes – The Eagle, Ben Franklin, and the Turkey.” Quotes Famous Quotes – Famous Sayings., 22 Nov. 2008. Web. Feb. 2017. <;.

“LendIt USA 2017.” LendIt USA 2017. Lendit Conference LLC, 2017. Web. 03 Mar. 2017. <;.

“Ranking the Top Fintech Companies.” The New York Times. The New York Times, 06 Apr. 2016. Web. Feb. 2017. <;.

Su, Jean Baptiste. “The Global Fintech Landscape Reaches Over 1000 Companies, $105B In Funding, $867B In Value: Report.” Forbes. Forbes Magazine, 28 Sept. 2016. Web. Feb. 2017. <;.


Fintech Lending Gobbles High Yield – Poem

Blog Author Email:

LinkedIn Profile:

Date: March 5, 2017


During my 16 years at American Express, I was called upon to provide employee engagement and levity for the opening presentation at Town Halls.  Working with employees at all levels, we would develop a communication strategy that aligned with the key messages of the Town Hall. I would usually write a poem to go along with the dance, song, or video. Here is a poem for those people who miss me.


Fintech Lending Gobbles High Yield  – Poem


Groups of wild turkeys are called flocks,

Fintechs produce technology building blocks.

Who are these Fintech lenders, who abound

Looking for unserved borrowers to be found?

BigData nearest neighbor targeting is all the rage,

But not proven through downturns at this stage.

Rush to machine-learning models to gain the edge,

But is the risk insight missing on how to hedge?

If customers disengage and make a partial repay

An early Charge-off is not a happy Thanksgiving Day.

Sustained low interest rates have created yield gobblers,

Which creates opportunities for risk perspective bloggers.