Press reports indicate that the Office of the Comptroller of the Currency has discovered that 40 financial institutions have been opening new consumer accounts without consent. The OCC has also said that it does not plan to release the names of these institutions, and that the matter is being handled administratively.
Because the names are not being released, there are several bank CEOs who are, or should be, breathing a sigh of relief. The fallout from such activity would likely be intense, particularly given that this activity allegedly continued to occur even after Wells Fargo was publicly excoriated and fined for such activity.
But banks that believe that the OCC's protection will be enough to shield them from being publicly disclosed are deluding themselves: The press, plaintiff’s attorneys, consumers, members of Congress and state attorneys general will be aggressive in trying to identify these institutions.
Disclosure is simply a matter of time. Banks should consider acting proactively before someone else does it for them.
Further, institutions should understand that the circumstances of their case will not protect them from criticism — when the story starts to break, they will be lucky to get a word in edgewise, so relying on facts to differentiate their activity from Wells will not be enough to avoid intense scrutiny.
The firestorm from disclosure is going to be even more intense for those first few institutions that are made public — they are going to bear all the brunt of this outrage, no matter what the circumstances surrounding their participation are.
Therefore, all of the institutions that find themselves on the wrong end of this potential firestorm should have a plan in place to address the outcry that they will face.
This plan should focus on two aspects. First is the response itself: what the company did, and what it is doing to address the problems identified by the OCC. Getting the whole truth out as quickly as possible should be a major focus.
Second, and just as important, is having an operational plan in place to mitigate the consumer harm that may have occurred. As we learned from the Equifax, Target and Wells Fargo experiences, how a company responds to a crisis may be as important to managing the resulting fallout as the problem itself. Having a response plan in place that stresses consumer protection will help take the pressure off, while a dysfunctional plan will cause the problem to linger and may generate additional problems.
Companies that are not prepared are likely to find themselves with an almost total inability to respond, and they may be forced to take steps to respond that go well beyond what a prepared company would have to do. For example, the first few institutions that are disclosed can expect calls for the CEO and other senior leaders to be fired; calls for stock and deposit divestiture; lawsuits; congressional hearings, state AG investigations and calls for fines that mirror the $1 billion penalty that Wells Fargo faced for similar activity. Trying to mitigate this without an aggressive plan in place is going to be fruitless.
Financial institutions that are caught up in this should learn from the lessons of Wells Fargo and Equifax — get the truth out and have a functional mitigation plan in place. It is easier to protect yourself from the wave than it is to fix the broken pieces.