‘They need new blood’: Wells Fargo is in another reputational crisis
- It's possible for companies to recover from reputational incidents, but Wells Fargo's perpetual PR mishaps signal a need for even bigger changes to its culture.
- The vendors may be the weakest links in an organization, but it's still the organization's responsibility to clean up the mess.
Wells Fargo has found itself in the midst of yet another PR fire — a minor flareup compared to last year’s phony accounts scandal, but a cringeworthy development nevertheless.
On Monday, the bank disclosed that earlier this month it had “inadvertently” released a trove of confidential data about at least 50,000 of its wealthiest clients in an email exchange between lawyers. Approximately 1.4 gigabytes of files — spreadsheets, names, Social Security numbers — and financial details including the size of their investment portfolios, and the fees the bank charged them.
“Wells Fargo is taking swift legal action to ensure client data, which was inadvertently released to a lawyer as the result of a subpoena, is returned immediately,” the bank said in a statement shared with Tearsheet on Tuesday. “Additionally, Wells Fargo is seeking to prohibit the data from being disseminated. We take the security and privacy of our customers’ information very seriously. We are continuing to thoroughly investigate this matter and will take all appropriate steps based upon the outcome of our investigation.”
It’s entirely possible for companies to recover from reputational incidents — just look at BP and AIG. What makes bank’s scandal so much worse is the succession of problems and inconsistencies between what they’re marketing and how they’re running the business, said Michael Rubin, chair of the crisis practice at Levick.
“These things are cumulative and can damage the brand,” he said. “It seems to be part of a pattern of a lack of oversight, accountability, management and controls. It’s different from what they dealt with last year but in many ways it conveys the same poor management and oversight.”
The story of the data breach was serendipitously released two days after Wells Fargo began pushing its latest consumer mobile banking product, one meant to convey the message that customers should own and control their data and how it’s used (and ideally, thereby build trust and develop emotional loyalty). “Control is about making you feel comfortable and it comes back to trust,” Ben Soccorsy, head of digital payments and digital product management at Wells Fargo, told Tearsheet.
Perhaps that was a little ambitious. With all the attention being paid by media and everyday consumers about cyber breaches and lost data, it’s just “the wrong story at the wrong time for Wells Fargo,” Rubin said.
Unlike Wells’ major event in September — in which it admitted to creating some two million fake accounts in order for bank tellers’ to make sales quotas and fired 5,300 of its employees — the average retail bank customer may not even know or care about the latest incident, said Dorothy Crenshaw, CEO of Crenshaw Communications.
First of all, the story mostly affects customers of Wells Fargo Advisors, the arm of the bank that caters to high-net-worth investors the wealthiest clients. While there was a breach of data, no sensitive, personal information has been posted or used in any way (that’s not to say it won’t or can’t be). And it was an emailing accident between lawyers, not Wells Fargo itself.
“The only thing they can really responsibly do right now is own it and explain how it’s never going to happen again,” Rubin said. “Blaming it on a law firm will not fly. They’re responsible for the law firm, for choosing the law firm. They can’t pawn this one off on the contractor, the only thing they can do is own up to it and show how it’s never going to happen again.”
The best thing for Wells to do at this stage would be to announce a thorough security review starting with email practices and all vendors. They’re its weakest links, Crenshaw said.
“The vendor is the weak link, the business partner is the weak link when it comes to email,” she said. “This is really a fairly common situation.”
But when it comes to saving your brand, that last detail is neither here nor there.
“Last years debacle is still fresh in people’s minds so when something of this magnitude comes up… everyday consumers will link what happened last time to what happened in this case,” Rubin said.
Not just that. In February, the company’s participation in financing the construction of the Dakota Access Pipeline led to demonstrations at multiple branches and corporate offices and prompted some customers to reconsider their business with the company. In May it surfaced that Wells employees scouted the streets and Social Security offices for potential clients: undocumented immigrants they would take to the branch and persuade to open bank accounts. Days later, the state of New York said it would cut ties with the bank. Last month it surfaced that officials in the bank’s mortgage business were putting through unauthorized changes to home loans held by customers in bankruptcy.
“It’s really about internal culture,” Crenshaw said. “What they have forgotten is internal culture extends to your partners, your vendors, your law firms, your PR firms, your digital marketing agencies.”
And replacing John Stumpf, the CEO at the time of last year’s major scandal, with Tim Sloan really wasn’t enough.
“They have to really clean house when it comes to their security practices,” said Crenshaw. “They need new blood. Sloan was a lifer, they need someone from outside the bank in a key position, maybe another C-level spot, who symbolizes a fresh start.”