At Wells Fargo, our vision is to satisfy our customers’ financial needs and help them succeed financially. Consistent with our Vision and Values, we recognize our responsibility to serve our customers’ needs through a wide choice of products and services, while also protecting and maintaining our customers’ most sensitive personal information. With the amount of data available today and the more sophisticated tools we have to analyze that data, we also recognize the importance of managing risks by collecting and using data consistent with applicable legal and regulatory requirements and our Vision and Values. Our business practices and operating model must support prudent risk management practices, including related to information security and information risk management. Ensuring appropriate use of data is a continuing effort, and we regularly assess our practices in light of ongoing product development, new and changing ways to engage with consumers, industry best practices, regulatory requirements and guidance, and new developments in evaluating and managing risk. We are dedicated to appropriate use of data in serving our customers’ needs and to providing them with meaningful products, advice and guidance so that they are able to make informed financial choices.
As a financial services company, our customers trust us to protect their confidential information and we take that responsibility seriously. To that end, we have developed and implemented extensive privacy and information security policies that are designed to comply with, and in some cases go beyond, applicable legal standards to protect our customers’ private information from unauthorized access and use. Wells Fargo customers are able to make informed decisions about how their information is shared, including opting to limit the sharing of some personal information. Wells Fargo has a corporate privacy program and our businesses and support functions, as appropriate, have appointed leaders to assist with implementation of our privacy policies. Our team members also take annual privacy training on the use of customer information, and are held accountable for complying with relevant policies, procedures, and laws concerning the confidentiality and protection of customer information.
Wells Fargo is committed to complying with the letter and the spirit of fair lending laws in our lending-related activities, which include developing and sourcing products, marketing and advertising, and providing products and services to customers. We also have established an overall set of Responsible Lending Principles for Consumer Credit that apply to all of our consumer lending products and Responsible Lending and Servicing Principles for U.S. Residential Real Estate Lending that span our full residential real estate lending process, from product development through our post-closing practices, and reflect our longstanding commitment to responsible servicing for real estate-secured consumer loans and lines of credit. Additionally, we created a set of Responsible Lending Principles for Education Financing for our student lending business that includes marketing activities. These principles support Wells Fargo’s vision, our fair and responsible lending policy, and further our commitment to fair and responsible lending practices. Each business within Wells Fargo must implement and maintain a dedicated fair and responsible lending compliance program of appropriate scope and rigor to manage the fair and responsible lending risks associated with its business activities. In addition, Wells Fargo has established multiple corporate level committees, in addition to other support groups with responsibilities for fair and responsible lending compliance and oversight, such as our Corporate Fair Lending and Responsible Banking Office within Corporate Risk which is responsible for administering our corporate fair and responsible lending program, and providing the oversight, framework, support, and tools necessary for Wells Fargo businesses to manage their fair lending and responsible business risks appropriately.
Our focus on information risk management
As a company, we use information to mitigate risks in our businesses, adhere to regulatory requirements, and help our customers succeed financially. Information is a critical Wells Fargo asset requiring protection, and a culture of accountability where management of risk is every team member’s responsibility remains a key part of our information security program. As a further reflection of our continued focus on managing risks in our collection, storage and use of information, in 2015 Wells Fargo created an Information Risk Management group within Corporate Risk to further strengthen our processes so that Wells Fargo takes a coordinated and comprehensive approach to managing information risk. In addition, we have established a Chief Data Office within our Technology and Operations group which embodies Wells Fargo’s Vision and Values by aligning our management of data with doing what is right for our customers. Our Chief Data Office is in the process of developing and implementing an Enterprise Data Governance Policy and supporting enterprise data standards which further define and document Wells Fargo’s approach for managing and maintaining effective data governance over critical data assets and will work in conjunction with our other corporate policies related to fair and responsible lending, information security, records management, and data protection and privacy. Leveraging data across Wells Fargo in the right way and in compliance with applicable legal and regulatory requirements is imperative in enabling operational efficiency and enhanced customer experiences consistent with our Vision and Values.
Our Board’s oversight of risks
Wells Fargo’s Board of Directors oversees the risks we take as a company. Each of the Board’s standing committees is responsible for oversight of specific risks outlined in its charter. The Board’s Risk Committee provides end-to-end ownership of oversight of all enterprise risk issues in one Board committee and across all risk types. The Risk Committee oversees, among other things, our enterprise-wide risk management framework, which outlines the policies, processes and governance structures used to execute the Company’s risk management program and our Corporate Risk function. To facilitate discussion and communication about enterprise-wide risk matters and avoid unnecessary duplication, the Risk Committee’s members include the chairs of each of the Board’s other standing committees. Our Board’s oversight of the risks associated with the Company’s approach to the use of data in its businesses includes the following Board committees:
- The Board’s Corporate Responsibility Committee, which oversees, among other things,
- Our Company’s policies and reputational issues relating to the Company’s fair and responsible mortgage and other consumer lending,
- The state of our Company’s relationships with external stakeholders regarding significant social responsibility matters and the Company’s reputation generally, including with our customers, and
- Customer service and complaint matters, and other metrics relating to the Company’s brand and reputation; and
- The Board’s Audit and Examination Committee, which oversees our compliance with legal and regulatory requirements.
The Board and its committees work closely with management in overseeing risk. Each Board committee receives reports and information regarding risk issues directly from management. Managers are accountable for managing risks through day-to-day operations and, in some cases, management committees have been established to inform the risk management framework and provide governance and advice regarding management functions, such as those described above.