The case exposes a potential vulnerability in the nation’s banking system that has gone largely unrecognized. Banks have spent millions in recent years strengthening their security systems to fight cybercriminals seeking customer data and hackers attempting to exploit weaknesses in the financial world’s online tapestry. But the Wells Fargo scheme is striking because those accused included thousands of ordinary workers inside one of the country’s largest banks.

Chasing “compensation incentives,” employees went as far as creating phony email addresses to enroll existing customers in online-banking services and issued them debit cards they didn’t request, government regulators alleged. Some even created fake personal identification numbers.

AD

AD

Customers were then often hit with assorted fees totaling millions of dollars for accounts they never authorized, the regulators charged. The pervasive practice dates to at least 2011, regulators said.

“This widespread practice gave the employees credit for opening the new accounts, allowing them to earn additional compensation and to meet the bank’s sales goals,” the federal Consumer Financial Protection Bureau said in a statement. “Consumers, in turn, were sometimes harmed because the bank charged them for insufficient funds or overdraft fees because the money was not in their original accounts.”

The San Francisco-based bank agreed on Thursday to pay a fine of $185 million to various state and federal agencies, including $100 million to the CFPB, the largest fine ever collected by that office. Other agencies included the Office of the Comptroller of the Currency and authorities representing Los Angeles.

AD

AD

CFPB Director Richard Cordray blamed Wells Fargo’s corporate culture for allowing the “reckless, unsafe or unsound practices.”

“Today’s enforcement actions against Wells Fargo likely could have been prevented if the bank had a stronger compliance risk management program that fostered a more healthy culture, in which incentives aligned behaviors properly,” he said.

It is not unusual for banks to attempt to persuade customers to sign up for multiple products. The industry has been under pressure amid historically low interest rates and tighter banking industry regulations following the 2008 financial crisis, and “cross selling” can be a profit driver. But, according to regulators, Wells Fargo’s program went much further and the bank did not monitor it closely.

AD

“Today’s action should serve notice to the entire industry that financial incentive programs, if not monitored carefully, carry serious risks that can have serious legal consequences,” Cordray said in a statement.

Wells Fargo, which did not admit wrongdoing as part of the settlement, agreed to hire an independent consultant to review its procedures. It has also fired about 5,300 employees as part of the investigation. “Wells Fargo is committed to putting our customers’ interests first 100 percent of the time, and we regret and take responsibility for any instances where customers may have received a product that they did not request,” the company said in a statement.

AD

The bank agreed to repay $5 million to customers for fees they incurred after they were signed up for products they did not request. Wells Fargo said it had already paid back $2.6 million of that sum and that the average customer would receive about $25.

AD

The settlement announced Thursday follows a lawsuit filed against the bank last year in which Los Angeles City Attorney Michael Feuer alleged that in its hunt for growth Wells Fargo established unreasonable sales targets that prompted employees to break the law. The settlement is likely to be a particularly painful blow. Unlike big institutions such as Goldman Sachs, Wells Fargo’s chief customer base is made up of those with standard checking and savings accounts — not sophisticated Wall Street traders. It often touts that it serves 1 in 3 households in the United States.