ESG Besieged

Things have been rough lately for those high-minded asset management services promoting ESG investment practices. The Right is dragging ethical investment into its culture war, accusing the ESG world of promoting “woke capitalism.” In a recent op-ed in the Wall Street Journal, former Vice President Mike Pence went so far as to state that “the next Republican president and GOP Congress should work to end the use of ESG principles nationwide.”

Unfortunately, the ESG world has left itself vulnerable to such attacks. Its criteria for deciding which corporations deserve a seal of approval are often less than rigorous and may be based on unverified data produced by the companies themselves.

The problems of ESG have reached the point that the Securities and Exchange Commission recently proposed rules that would impose stricter disclosure standards on ethical investment funds and require them to meet somewhat stricter criteria in order to use ESG or related terms in the name of the fund.

Yet perhaps the biggest embarrassment for the ESG world just occurred in Germany, where dozens of agents from the Frankfurt public prosecutor’s office and the financial regulatory agency BaFin raided the offices of Deutsche Bank and its asset management subsidiary DWS. In the wake of that action, the chief executive of DWS resigned.

The investigators were reported to be seeking evidence that DWS defrauded clients by exaggerating the extent to which its green investment products were actually based on sustainable practices. In other words, the Deutsche Bank subsidiary appears to be under criminal investigation for engaging in greenwashing. The case is said to be related to a probe that the SEC has reportedly been conducting of the matter—though without any dramatic raids.

Without pre-judging the outcome of the investigation, I find it difficult to believe that DWS is innocent. After all, it is part of a corporation with a long history of engaging in misconduct. As shown in Violation Tracker, it has racked up more than $18 billion in fines and settlements for cases involving the sale of toxic securities, manipulation of interest rate benchmarks, promotion of fraudulent tax shelters, violations of anti-money-laundering laws, foreign bribery, and more. This is all on top of Deutsche Bank’s questionable business dealings with Donald Trump and Jeffrey Epstein.

I’ve always found it odd that a bank with a reputation such as this could put itself forth as a practitioner of ethical investing. Yet that is a big part of the problem with ESG. Rap sheets such as that of Deutsche Bank are often ignored, and companies are deemed worthy based on some specific practice that is far from representative of its overall behavior.

The Deutsche Bank case is not the only example of an ESG investment adviser being held to account. Recently, the SEC charged BNY Mellon Investment Adviser for misstatements and omissions concerning the ESG criteria used in some of its mutual funds. The company agreed to pay $1.5 million to resolve the matter.

Cases such as these signal that the ethical investing world is going to have to get a lot more ethical—and rigorous—if it is going to survive.

Reviving the Ultimate Corporate Punishment

Big business has despised the Consumer Financial Protection Bureau since its creation, and now the director of the agency has provided additional basis for that enmity. Rohit Chopra recently delivered a speech to the University of Pennsylvania Law School that amounted to one of the most aggressive statements on corporate misconduct ever made by a federal regulatory official. And he put forth some bold ideas for dealing with the problem.

Chopra began with the observation that the CFPB, which has been in operation for only about a decade, has had to take action against some major financial institutions on multiple occasions—five times in the case of Citigroup and four times against JPMorgan Chase, for example. These cases have resulted in billions of dollars in penalties and consumer redress.

The CFPB’s experience is not unique. “Repeat offenses – whether it’s for the exact same offense or more malfeasance in different business lines,” are, Chopra stated, “par for the course for many dominant firms.”

This conclusion is reinforced by the data collected in Violation Tracker. Over the past two decades, the commercial banks in the Fortune 100 have paid over $190 billion in fines and settlements. More than 100 corporations across all sectors have each paid over $1 billion in penalties.

The central question, as Chopra put it, is: “How do we stop large dominant firms from violating the law over and over again with seeming impunity? Corporate recidivism has become normalized and calculated as the cost of doing business; the result is a rinse-repeat cycle that dilutes legal standards and undermines the promise of the financial sector and the entire market system.”

Chopra’s address was remarkable in that it also put forth a vision for solving the problem. In addition to more prosecutions of individual executives, he calls for a focus on structural remedies, including putting restrictions on the ability of rogue corporations to grow.

This idea is not unprecedented; in fact, as Chopra notes, it was implemented by regulators in the case of Wells Fargo. In 2018, following revelations that the bank had created two million bogus customer accounts to generate illicit fees, the Federal Reserve took the unusual step of barring it from growing any larger until it cleaned up its business practices.

Chopra proposes to take even more aggressive measures. He wants to see misbehaving corporations forced to close or divest portions of their operations. He would deny such companies access to government-granted privileges. For example, pharmaceutical violators could lose their patents; lawless banks could lose access to FDIC deposit insurance.

Chopra indicated he is also exploring the most remedy of all: putting corrupt corporations out of business entirely. He warned that the CFPB will be deepening its collaboration with officials at the state level, where corporations are chartered, “to ascertain whether licenses should be suspended or whether corporate assets should be liquidated.”

In other words, Chopra is proposing greater use of what is often called the corporate death penalty (he doesn’t used that phrase). Such punishment is applied by some states in dealing with bad actors, but they are usually small, fly-by-night operations.

Talk of putting a large company out of business has been largely taboo since the case of accounting firm Arthur Andersen, which shut down in 2002 after being prosecuted for offenses relating to its role as the auditor of the fraudulent energy company Enron. There was a strong backlash in the business world against the prosecution, especially after the conviction was later overturned by the U.S. Supreme Court.

Chopra is no longer daunted by that episode. He argues that terminating corporate charters and licenses “should be considered for institutions of all sizes when the facts and circumstances warrant it.”

His speech may be a turning point in the prosecution of corporate crime. The two decades since the Enron/Arthur Andersen case have seen a tsunami of misconduct. Violation Tracker, whose mission is to document the phenomenon, is now up to more than 500,000 cases with fines and settlements of $786 billion.

While the penalties continue to accumulate, there is no evidence that corporate behavior is improving.  Another approach is needed. Chopra’s roadmap is a good place to start.

Credit Suisse and the Oligarchs

Russian banks are among the targets of Western sanctions in response to the invasion of Ukraine, but a financial institution in the middle of Europe is also part of the problem. According to recent press reports, Switzerland’s Credit Suisse is calling for the destruction of certain documents that could involve Russian oligarchs—a move that could impede efforts to locate and perhaps seize their assets.

The Financial Times is reporting that the bank is asking hedge funds and other investors to “destroy and permanently erase” documents relating to securitized loans backed by “jets, yachts, real estate and/or financial assets.” Credit Suisse had created these financial instruments to offload risks associated with its lending to the ultra-rich. When the Financial Times previously reported on these instruments, it described a presentation to potential investors mentioning that the bank had experienced defaults on yacht and aircraft loans to oligarchs related to U.S. sanctions.

It appears that Credit Suisse is concerned that the documents relating to the loans could be leaked. The bank has good reason to worry about unauthorized disclosures. It was recently the subject of a massive release of internal documents, dubbed Suisse Secrets, revealing its extensive dealings with individuals said to be involved in drug trafficking, money laundering and other corrupt practices.

Credit Suisse has a long history of ethically questionable behavior, extending back at least to the Second World War, during which it and other major Swiss banks allegedly profited by receiving deposits of funds that had been looted by the Nazis. In 1998 the banks agreed to pay a total of $1.25 billion in restitution.

After merging with investment bank First Boston in the 1970s, Credit Suisse became a significant player in U.S. financial markets and got into frequent trouble with regulators. Over the past two decades, it is racked up more than $10 billion in fines and settlements, as shown in Violation Tracker. This rap sheet includes a $5 billion settlement in 2017 concerning the sale of toxic securities and a $1.8 billion criminal penalty in 2014 for helping U.S. taxpayers file false returns.

Credit Suisse has also had previous problems relating to sanctions. In 2009 it had to pay $536 million to the U.S. Justice Department and the New York County District Attorney’s Office to settle allegations that it violated the International Emergency Economic Powers Act by engaging in prohibited transactions with Iran, Sudan and other countries sanctioned in programs administered by the Department of the Treasury’s Office of Foreign Assets Control.

The bank has also been implicated in bribery cases, paying $99 million last year to the Securities and Exchange Commission for fraudulently misleading investors and violating the Foreign Corrupt Practices Act in a scheme involving two bond offerings and a syndicated loan that raised funds on behalf of state-owned entities in Mozambique. The bank was also penalized nearly £300 million by the UK’s Financial Conduct Authority for the Mozambique matter.

Returning to the current situation, Credit Suisse is insisting that it has not been destroying any documents in its own possession while not denying it asked investors to do so. The bank may not have broken any laws in making this request, but it is a highly questionable action amid the current situation. Unfortunately, it is very much in keeping with Credit Suisse’s extensive track record of going out of it way to protect the disreputable clients with whom it likes to do business.

Trans-Atlantic Corporate Misconduct

It seems likely there is more corporate crime and misconduct in the United States than in any other country on earth. After all, Violation Tracker now documents 496,000 cases over the past two decades with total penalties of more than $724 billion. That’s a tough amount to beat, especially if you put aside kleptocracies such as Russia and look only at larger market economies with functional regulatory systems.

We will soon be able to make better comparisons between the U.S. and one of those economies—that of the United Kingdom. On October 26 the Corporate Research Project of Good Jobs First will release Violation Tracker UK. Like its U.S. namesake, VT UK will provide easy access to regulatory records covering a wide range of issues, including employment practices, environmental compliance, consumer protection, financial conduct and much more.

My colleagues and I are still finalizing the data, so I will not provide any actual penalty totals here. Yet there is one finding I can confidently share now: many of the same large corporations that feature prominently in the U.S. Violation Tracker will do so in the UK data as well. More than half of the 100 most penalized UK parents have also paid fines and settlements in the U.S.

The overlap between the penalty “leaders” in the two countries is concentrated in the financial services sector. I’ve noted numerous times that large UK banks such as NatWest (formerly Royal Bank of Scotland), HSBC and Barclays have behaved badly in the U.S. and have paid out billions of dollars in penalties for offenses such as interest-rate manipulation and violations of international economic sanctions.

It will come as no surprise that these same banks have been cited for some of the same sins at home. In fact, some of the U.S. cases resulted from investigations carried out in cooperation with UK regulators such as the Financial Conduct Authority and the Serious Fraud Office.

At the same time, giant U.S. banks have gotten into trouble in the United Kingdom. The VT UK list of most penalized corporations will include the likes of JPMorgan Chase, Citigroup and Goldman Sachs.

Banks headquartered in countries such as Switzerland and Germany also show up with large penalty totals in the UK as well as the U.S. Among these are UBS and Deutsche Bank.

Other portions of the financial services sector also engage in misconduct on both sides of the Atlantic. These include the accounting and auditing giants such as KPMG and Deloitte, which have gotten into trouble not only with the SEC and the Justice Department but also with Britain’s Financial Reporting Council.

Not all of the culprits that will appear in VT UK are multinational players. The database will include many homegrown offenders with little or no overseas presence. You will be able to check out the track records of offenders large and small when VT UK launches on October 26.

The Wolves of Wall Street

Morgan Stanley and Merrill Lynch are two of the oldest names on Wall Street. Morgan long focused on serving corporations with investment banking services, while Merrill was more of a retail brokerage. Both got caught up in the transformation of the financial services sector. Morgan purchased brokerage firms Dean Witter and Smith Barney, while Merrill was taken over by Bank of America during the 2008 financial crisis.

During the past dozen years, both Morgan and Merrill have seen their reputations tarnished by a series of legal controversies. When Violation Tracker began collecting data on financial offenses in 2015, BofA appeared atop the list of banks that had paid more than $1 billion in fines and settlements, thanks mainly to cases involving Merrill. Morgan ranked 7th.

The database, now with information extending back to 2000, shows BofA with total penalties of over $80 billion, far more than any other parent company.  Morgan has paid out more than $9 billion.

Morgan and Merrill also feature prominently in the newest category of data to be added to Violation Tracker: penalties imposed on securities firms by the Financial Industry Regulatory Authority. Unlike the other agencies whose cases are compiled in Violation Tracker, FINRA is not a government entity. It is, however, authorized by Congress to acted as an industry self-regulator and is overseen by the SEC.

By reviewing all press releases issued since 2000 by FINRA and its predecessor, the National Association of Securities Dealers, we have assembled 726 cases with total penalties of more than $1 billion. And when we matched the firms named in the cases to their corporate parents, we found that roughly half of the actions were linked to the giants of Wall Street. Those companies account for an even larger share of the penalty dollars.

Morgan Stanley and Bank of America (mostly via Merrill Lynch) are tied for first place in terms of the number of cases, with 38 each. Morgan leads in penalty dollars, with a total of $150 million, followed by BofA with $134 million. The other firms with the highest total penalties include Credit Suisse, Citigroup, Wells Fargo, Deutsche Bank, and UBS. (The Morgan and BofA totals on Violation Tracker’s FINRA summary page do not match the amounts cited here because they have been adjusted avoid double-counting of some penalties linked to cases handled jointly with the SEC.)

Because the penalties imposed by FINRA are relatively low, the case numbers are perhaps more significant. What does it say about Morgan and Merrill that they have each been cited more than three dozen times for violating rules meant to protect investors? In one case, Merrill was cited for failing to prevent one of its representatives in Texas from operating a Ponzi scheme.

And what does it say about FINRA that it allows the big players to commit violations over and over again without doing more than imposing additional modest fines?  

It should be noted that the cases we collected from the FINRA press releases make up only a portion of the organization’s actions, with thousands more against firms and individuals contained in a proprietary database. In other words, the level of recidivism among the large Wall Street firms is probably even worse than what is suggested by the press releases.

Moreover, just a few days ago, after we finished processing the FINRA data, the organization imposed a new $3.25 million fine on Merrill Lynch and ordered it to pay $8.4 million in restitution to customers.

Neither government action nor industry self-regulation seems to be very effective at curbing financial misconduct.

Note: Along with the new FINRA cases, Violation Tracker has just been updated with information from the more than 300 federal, state and local agencies covered by the database. The Tracker now contains 490,000 entries with total penalties of $669 billion.

The European Banking Blacklist

The European Union has shaken up the financial world by excluding a group of large banks from participating in the marketing of bonds being floated to help in the economic recovery of member states. According to reports in various business publications, the ten banks are being singled out because of their involvement in cases in which they were accused of manipulating bond and currency markets. In other words, they are being punished for misconduct.

While these moves may not have a major bottom-line impact on the banks—which include U.S. giants JPMorgan Chase, Citigroup and Bank of America—the EU is sending an important message about corporate wrongdoing.

Large companies have come to assume they can essentially buy their way out of legal jeopardy by paying fines and settlements that have grown larger but are still far from seriously punitive. As Violation Tracker documents, the big banks are Exhibit A for this phenomenon.

The database shows that the financial sector overall has paid more than $300 billion in U.S. penalties over the past two decades, far and away more than any other part of the economy. Bank of America is at the top of the list of penalty payers, with a total of $82 billion. JPMorgan is second with $35 billion, and Citigroup is fourth with $25 billion.

Non-U.S. banks being singled out by the EU have also accumulated substantial U.S. penalties, apart from what they have paid elsewhere. For example, Deutsche Bank has paid out $18 billion and NatWest (formerly the Royal Bank of Scotland) $13 billion.

The EU’s move is focused on a particular set of scandals in which these banks were alleged to have colluded to rig markets. Among these are cases involving the manipulation of currency markets. In 2015, Citigroup, JPMorgan, Barclays and Royal Bank of Scotland each paid hundreds of millions of dollars in settlements to resolve criminal charges brought by the U.S. Justice Department.

Unlike many other situations in which large corporations are offered deferred prosecution or non-prosecution agreements, the banks in this case had to plead guilty to the felony charges. Yet there was little in the way of consequences beyond the penalty payments. The banks were put on probation, on the assumption this would cause them to cease their bad behavior. Yet all the banks continued to rack up regulatory violations in subsequent years.

Reuters estimates that the blacklisted banks will lose out on about 86 million euros in syndication fees. This is a lot less than what the banks have paid in penalties. Yet, if banks begin to see that misconduct will cause them to be excluded from business opportunities, that may be more of an inducement to avoid corrupt behavior.

The dilemma for policymakers is that misconduct is so widespread in the financial sector that it is difficult to find service providers with clean hands. While excluding the ten banks, the EU turned to a group of others to handle the debt issue. Those included the likes of HSBC and BNP Paribas, which have their own substantial corporate rap sheets. Perhaps a larger blacklist is needed.

The 200-Year-Old Corporate Criminal

Boston-based State Street Corporation traces its history back to 1792 and now manages more than $3 trillion in assets, yet it has always maintained a lower profile than the goliaths of Wall Street. Recently, the company was in the spotlight, though not in a good way.

The U.S. Attorney’s Office for Massachusetts announced that State Street would pay a $115 million criminal penalty to resolve charges that it engaged in a scheme to defraud a number of its clients by secretly overcharging for expenses related to the bank’s custody of client assets.

“State Street defrauded its own clients of hundreds of millions of dollars over decades in a most pedestrian way,” said Acting U.S. Attorney Nathaniel Mendell. “They tacked on hidden markups to routine charges for out-of-pocket expenses.”

What’s remarkable is this simple fraud went on, according to prosecutors, for 17 years. This suggests that a large number of company executives were in on the scheme. In effect, it became part of State Street’s standard operating procedure.

It is disappointing that, aside from the monetary penalty—which can be easily absorbed by a company of its size–State Street was let off with what amounted to a slap on the wrist. Like numerous large corporate violators before it, State Street was allowed to enter into a deferred prosecution agreement rather than being compelled to enter a guilty plea.

The DPA is all the more controversial because State Street did not have a pristine record prior to this case. As shown in Violation Tracker, it has paid more than $1 billion in penalties in previous cases dating over a decade. These included a 2010 case in which it had to pay $313 million to resolve allegations by the Securities and Exchange Commission and the Massachusetts Attorney General that it misled investors about their exposure to subprime investments while selectively disclosing more complete information to specific investors.

Later, in 2016, State Street paid $382 million to the resolve an SEC case alleging that it misled mutual funds and other custody clients by applying hidden markups to foreign currency exchange trades. Hidden markups seem to be a recurring theme for State Street.

Since 2010 the company has paid out another $400 million in cases brought by the SEC and state regulators as well as class action lawsuits involving its management of pensions and benefit plans.

Yet perhaps the most disturbing entry on the Violation Tracker list is a 2017 case in which State Street paid a $32 million penalty to the Justice Department to resolve charges that it engaged in a scheme to defraud a number of the bank’s clients by secretly applying commissions to billions of dollars of securities trades.

As in this year’s criminal case, State Street was allowed to wriggle out of those charges by signing a deferred prosecution agreement. That puts the company in the dubious group of corporations that, as a 2019 Public Citizen report showed, have been offered multiple DPAs or non-prosecution agreements.

The ability of a corporation to obtain multiple leniency agreements makes a mockery of DPAs and NPAs. These arrangements are justified as a way to encourage a wayward company to change it practices, yet the ability to obtain multiple get-out-of-jail-free agreements does nothing more than incentivize more misconduct.

The Legacy of Financial Services Racism

At a time when numerous large corporations have been expressing support for the Black Lives Matter movement, it is important not to forget that big business has played a role in perpetuating systemic racism and widening the racial wealth gap.

This reality became clearer for me while I was collecting a new category of data for Violation Tracker: class-action lawsuits brought against financial services corporations engaging in discriminatory practices against their customers.

I was able to identify a total of 30 cases in which banks, insurance carriers and consumer finance companies paid a total of $400 million in settlements over the past two decades to resolve allegations that they charged higher premiums or interest rates to minority customers.

These private lawsuits are in addition to dozens of similar cases already in Violation Tracker that were brought by the Justice Department and state attorneys general during the same time period.

A wave of this litigation came in the early 2000s, when all the major automobile financing companies—including subsidiaries of carmakers such as Ford, General Motors, Toyota, and Honda—agreed to settle allegations that they allowed dealers to charge inflated interest rates on loans to African-American customers.

Subsequent years saw settlements with major insurance companies such as John Hancock, which in 2009 agreed to pay $24 million to resolve allegations that for decades it sold only inferior policies to Black customers. As recently as 2018, Travelers Indemnity settled a suit alleging it engaged in racial discrimination by refusing to write commercial policies for landlords who rented to tenants using Section 8 vouchers.

Over the past decade, major banks have faced private discrimination lawsuits concerning their mortgage lending practices. The defendant in four of these cases was Wells Fargo, which has paid more than $28 million in settlements. These include a case resolved just last year in which the City of Philadelphia had sued the bank on behalf of minority residents it allegedly steered to mortgages that were riskier and more expensive than those offered to similarly situated white homebuyers.

Discriminatory practices such as redlining began many decades ago. What the consumer civil rights lawsuits now documented in Violation Tracker show is that these injustices are not entirely a phenomenon of the distant past. The financial services sector has more work to do to ensure that their customers of color are treated equitably.

Note: with the addition of these lawsuits and other recent cases, Violation Tracker now contains a total of 438,000 entries involving $633 billion in fines and settlements.

The Other Regulators

When it comes to business regulation, we tend to focus on federal agencies, which for the financial sector means the SEC, the CFPB, the Federal Reserve and the like. Yet there is another world of financial regulation at the state level, which at a time of weakening enforcement is more important than ever.

My colleagues and I at the Corporate Research Project have just completed a deep dive in this world for a major expansion of Violation Tracker. We collected enforcement data dating back to the beginning of 2000 for each state’s regulatory agencies dealing with banking, consumer finance, insurance and securities. In all, we created 15,000 entries with total penalties of more than $17 billion.

The number of cases and penalty amounts vary greatly from state to state. Among the more than 150 agencies we looked at, some disclosed hundreds of successful enforcement actions while others reported a few dozen. Some states are active in one of the areas we examined and weak in others.

The state that has by far collected the most in overall penalties is New York, whose total is more than $11 billion. Its Department of Financial Services has gone after the world’s biggest financial institutions and has won major settlements such as the $2.2 billion paid by the French bank BNP Paribas for violating international economic sanctions and the $715 million paid by the Swiss bank Credit Suisse for facilitating tax evasion.

California is second in penalties at just over $1 billion but far ahead in the number of cases. Its financial regulatory agencies have carried out more than 2,000 successful actions. Their biggest settlement was the $225 million paid in 2017 by Ocwen Loan Servicing for mortgage abuses.

Three other states have collected more than $100 million in penalties: Arizona ($665 million in 488 cases), Texas ($632 million in 1,097 cases) and New Jersey ($339 million in 398 cases).

If we focus on the area of insurance, in which the states have pretty much exclusive jurisdiction, the largest number of penalties of $5,000 or more were found in California (1,475), Texas (950) and Virginia (633). Yet in terms of total penalty dollars, New York was first with $808 million, followed by Texas ($617 million) and California ($541 million).

We also identified more than 100 cases in which regulators from different states brought cases jointly. These actions are similar to the multi-state attorneys general cases we analyzed in our Bipartisan Crime Fighting by the States report published in September 2019.

The cases brought by groups of state insurance and securities regulators have yielded about $2 billion in penalties since 2000. The companies that have paid the most in penalties in these cases are: Citigroup ($251 million), American International Group ($204 million), Bank of America ($201 million) and the Swiss bank UBS ($179 million). 

Looking at both single-state and multi-state actions in banking, insurance and securities combined, the companies that have paid the most in total penalties turn out to be the big foreign banks, which account for every spot in the top ten. That New York sanctions case puts BNP Paribas on top with more than $2 billion, followed by Deutsche Bank and Credit Suisse.

The U.S. companies with the largest overall penalty totals are State Farm Insurance ($368 million), UnitedHealth Group ($354 million), Citigroup ($295 million), American International Group ($275 million) and MetLife ($263 million).  

With the addition of the state financial cases, Violation Tracker now contains 437,000 cases with total penalties of $627 billion imposed by more than 50 federal and 200 state and local agencies.

Another Crooked Bank?

For the past three years, Wells Fargo has been pilloried for having created millions of bogus accounts to extract unauthorized fees from its customers. Now it seems Wells may not have been the only financial institution to engage in this type of fraud.

The Consumer Financial Protection Bureau, despite having been somewhat defanged by the Trump Administration, has just filed suit against Fifth Third Bank for similar behavior. Based in Cincinnati, Fifth Third is a large regional bank with branches in ten states and total assets of about $170 billion.

According to the CFPB’s complaint, the problem at Fifth Third arose when it, like Well Fargo, imposed overly aggressive cross-selling targets on its employees, causing them to create bogus accounts to meet those goals. These actions not only generated illicit fees, the complaint states, but also exposed customers to a higher risk of identity theft when, for example, online banking accounts were created without their knowledge. The issuance of unauthorized credit cards may have harmed customers’ credit scores.

The agency is asking a federal court to order Fifth Third to stop these practices and pay damages and penalties for its actions. The bank issued a press release denying the allegations and vowing to fight the lawsuit vigorously.

Although its “rap sheet” is a lot shorter than those of Wells Fargo and the other megabanks, Fifth Third has not been free from controversy. Violation Tracker’s tally on the company runs to more than $132 million in penalties.

One of the cases on the list was brought by the CFPB. In 2015 the agency announced that Fifth Third would pay $21.5 million to resolve two actions—one involving allegations of using racially discriminatory loan pricing and another involving deceptive marketing of credit card add-on products. The second case included allegations similar to those in the new case: telemarketers for the bank were alleged to have failed to tell cardholders that by agreeing to receive information about a product they would be enrolled and charged a fee.

Fifth Third’s largest past penalty was the $85 million it agreed to pay in 2015 to settle a case brought by the Justice Department and the Department of Housing and Urban Development concerning the bank’s improper origination of federally insured residential mortgage loans during the housing bubble.

In 2013 Fifth Third paid $6.5 million to settle an SEC case concerning the improper accounting of commercial real estate loans in the midst of the financial crisis. It has also paid out more than $8 million in wage theft lawsuits.

If the allegations against Fifth Third hold up, bank regulators and federal prosecutors will also have to determine whether the scheme occurred at other financial institutions. Megabanks such as JPMorgan Chase and Bank of America have run up billions of dollars in fines and settlements for many different kinds of misconduct. We need to know whether the creation of sham accounts should be added to the list.