Woke Capitalism or Sleepy Oversight?

Some of the same people who are trying to convince us that January 6 was a peaceful sightseeing outing and that the situation in Ukraine is a minor territorial dispute have come up with a remarkable explanation for the collapse of Silicon Valley Bank. They claim it is the result of what they call “woke capitalism.”

Politicians such as Florida Gov. Ron DeSantis and House Oversight Chair James Comer are echoing claims by propagandist Tucker Carlson that SVB’s collapse was the result of its involvement with ESG—environmental, social and governance policies meant to promote objectives such as sustainability and diversity.

There are two problems with this claim. The first is that SVB was hardly a leader in the ESG world. The bank’s preoccupation was apparently to ingratiate itself with venture capitalists, private equity investors and start-up entrepreneurs, whether or not they were pursuing social goals. It was also chummy with California wineries. SVB wanted to be a power in Silicon Valley, not a crusader. Like most banks, it made some ESG-type investments, but they were a small part of its portfolio.

The other problem is that there is no connection between ESG practices and the forces that led to SVB’s demise. Based on what has come to light so far, it appears what happened at the bank was largely a result of poor risk management. SVB failed to pay adequate attention to the consequences of having loaded up on long-term government debt securities that were rapidly losing value at a time of escalating interest rates.

Along with that poor internal risk management, there was apparently a failure of regulatory oversight. To some extent, this was the fault of the Trump Administration and Congress, which in 2018 watered down the Dodd-Frank Act and exempted banks of SVB’s size from intensive scrutiny.

As pointed out by the New York Times, Moody’s was more alert to the perils at SVB than the regulators or the bank’s own executives. Last week the credit rating agency contacted the bank’s CEO Greg Becker to warn him that SVB’s bonds were in danger of being downgraded to junk status.

This set off a scramble by SVB to raise more capital. Once depositors got wind of this, they began emptying their accounts, many of which had balances above the $250,000 limit normally insured by the FDIC. Soon there was a full-blown run on the bank, prompting regulators to take over SVB and shut it down. The Biden Administration then bailed out the depositors in whole, using assessments from other banks. ESG has nothing to do with any of this.

As this is being written, the business news is focusing on problems at Credit Suisse. It will be interesting to see if the U.S. Right tries to apply the woke label to that situation as well. Although it gives lip service to ESG, Credit Suisse has a track record of less than enlightened practices. Two decades ago, it was being sued over its investments in apartheid-era South Africa. It has a history of lending to oil and gas projects and has been slow to respond to demands to reduce that exposure.

As shown in Violation Tracker, Credit Suisse’s record in the U.S. includes numerous cases in which it paid penalties to resolve allegations relating to the facilitation of tax evasion, foreign bribery and other misconduct. Its U.S. penalty total is over $11 billion.

Come to think of it, the Right will probably decide that a bank with a history of making money from racism, fossil fuels, tax evasion and bribery is worthy of support.

The woke capitalism critique cannot be taken seriously as an explanation of what happened at SVB. Yet there is the danger that it will serve to divert attention for some away from the real problems: reckless bank management and sleepy financial regulation.

The Bank from Hell

Perhaps because it was announced just days before Christmas, the Consumer Financial Protection Bureau’s giant enforcement action against Wells Fargo has not received all the attention it deserves. The agency imposed a whopping $1.7 billion civil penalty and ordered the bank to provide more than $2 billion in consumer redress.

CFPB took these steps in response to what it called illegal practices affecting over 16 million consumer accounts. Wells was found to have repeatedly misapplied loan payments, wrongfully foreclosed on homes, improperly repossessed vehicles, and incorrectly assessed interest and fees, including surprise overdraft charges. Wells Fargo, it seems, was behaving like the bank from hell.

CFPB’s action does not come as a complete surprise. Wells already had a dismal track record. As shown in Violation Tracker, the bank has paid over $20 billion in fines and settlements during the past two decades. It has been especially tainted since 2016, when the CFPB revealed that bank employees, pressured to meet unrealistic sales goals, had been secretly opening unauthorized accounts in the name of unsuspecting customers who found themselves paying fees for services they had not requested.

Wells was initially fined only $100 million by CFPB, but the controversy over the bogus accounts continued. In 2020 the bank had to pay $3 billion to resolve criminal and civil charges brought by the Justice Department and the SEC. The impact of the case was diminished by the fact that DOJ offered Wells a deferred prosecution leniency agreement and by the decision not to prosecute any individual executives.

A different approach was taken by the Federal Reserve in its capacity as a bank regulator. In 2018 it announced that Wells would be subject to restrictions on its growth until it sufficiently improved its governance and internal controls. The Fed also pressured the bank to replace four members of its board of directors.

The new CFPB case suggests that neither the DOJ nor the Fed action was sufficient to get Wells to change its ways. Other evidence comes from private class action lawsuits. These include a $386 million settlement to resolve allegations the bank added unnecessary insurance fees to car loan bills and a $30 million settlement of allegations it improperly charged interest on Federal Housing Administration-insured loans after they were paid off.

All of this leads to two questions: Why does anyone continue to do business with Wells Fargo? And why do regulators allow it to continue to operate? The answers to both have a lot to do with the enormous concentration in the U.S. banking sector. In some parts of the country, Wells may be one of only a tiny number of full-service commercial banks doing business.

Size is also a factor in how Wells is treated by regulators. As outraged as they may be about the bank’s misconduct, they are not inclined to take any punitive action which might threaten its viability. A villainous Wells Fargo is apparently seen as preferable to the collapse of a bank with nearly $2 trillion in assets.

It is difficult to avoid the conclusion that Wells is taking advantage of this situation by pretending to reform its practices while continuing to conduct its dubious form of business as usual. Regulators need to find a way to bring this rogue bank under control once and for all.

Note: The new CFPB action was announced right after we completed an update of Violation Tracker. It will be added to the database as part of the next update later this month.

Another Crooked Bank

When one large corporation is found to be breaking the law in a particular way, there is a good chance that its competitors are doing the same thing. The latest evidence of this comes in an announcement by the Consumer Financial Protection Bureau concerning U.S. Bank.

The CFPB fined the bank $37.5 million for illegally accessing credit reports and opening checking and savings accounts, credit cards, and lines of credit without customers’ permission. U.S. Bank employees were said to have done this in response to management pressure to sell more financial products and thus generate more fee revenue.

If this sounds familiar, it is exactly what came to light in 2016 regarding Wells Fargo, which was initially fined $100 million by the CFPB for the fraudulent practice and subsequently faced a wave of other legal entanglements, including a case brought by the U.S. Justice Department in which Wells had to pay $3 billion to resolve civil and criminal charges.

The U.S. Bank case has not yet generated the tsunami of outrage that accompanied the revelations about the phony accounts at Wells. Perhaps that is because it is the middle of the summer. Yet chances are that the CFPB’s enforcement action will not be the only punishment the bank will face.

U.S. Bank’s practices were no less egregious than those of Wells. According to the CFPB, the management of the bank, which currently has more than half a trillion dollars in assets, was aware for more than a decade that its employees were creating fictitious accounts.

And like Wells, U.S. Bancorp has a long history of questionable behavior. Violation Tracker documents more than $1.2 billion in penalties from 40 cases dating back to 2000. Half of the total comes from offenses involving serious deficiencies in anti-money-laundering practices, including a 2018 case in which the bank had to pay $453 million to settle criminal charges brought by the U.S. Justice Department plus another $75 million to the Office of the Comptroller of the Currency to resolve civil allegations.

In 2014 U.S. Bank had to pay $200 million to settle allegations that it violated the False Claims Act by knowingly originating and underwriting mortgage loans insured by the Federal Housing Administration that did not meet applicable requirements. The bank also had a previous run-in with the CFPB, which penalized it $53 million in 2014 for unfairly charging customers for credit identity protection and credit monitoring services they did not receive.

It is likely that U.S. Bank’s penalty total will rise substantially through additional cases prompted by the CFPB’s latest allegations, which include accusations the bank violated not only the Consumer Financial Protection Act but also the Fair Credit Reporting Act, the Truth in Lending Act, and the Truth in Savings Act.

Apart from monetary penalties, U.S. Bank may face an additional form of punishment applied to Wells: in 2018 the Federal Reserve restricted the growth of the firm until it cleaned up its practices and improved its governance. Since fines have proven to be a weak deterrent against corrupt practices at major financial institutions, more aggressive measures provide the only hope of bringing the big banks under control.

ESG Besieged

Things have been rough lately for those high-minded asset management services promoting ESG investment practices. The Right is dragging ethical investment into its culture war, accusing the ESG world of promoting “woke capitalism.” In a recent op-ed in the Wall Street Journal, former Vice President Mike Pence went so far as to state that “the next Republican president and GOP Congress should work to end the use of ESG principles nationwide.”

Unfortunately, the ESG world has left itself vulnerable to such attacks. Its criteria for deciding which corporations deserve a seal of approval are often less than rigorous and may be based on unverified data produced by the companies themselves.

The problems of ESG have reached the point that the Securities and Exchange Commission recently proposed rules that would impose stricter disclosure standards on ethical investment funds and require them to meet somewhat stricter criteria in order to use ESG or related terms in the name of the fund.

Yet perhaps the biggest embarrassment for the ESG world just occurred in Germany, where dozens of agents from the Frankfurt public prosecutor’s office and the financial regulatory agency BaFin raided the offices of Deutsche Bank and its asset management subsidiary DWS. In the wake of that action, the chief executive of DWS resigned.

The investigators were reported to be seeking evidence that DWS defrauded clients by exaggerating the extent to which its green investment products were actually based on sustainable practices. In other words, the Deutsche Bank subsidiary appears to be under criminal investigation for engaging in greenwashing. The case is said to be related to a probe that the SEC has reportedly been conducting of the matter—though without any dramatic raids.

Without pre-judging the outcome of the investigation, I find it difficult to believe that DWS is innocent. After all, it is part of a corporation with a long history of engaging in misconduct. As shown in Violation Tracker, it has racked up more than $18 billion in fines and settlements for cases involving the sale of toxic securities, manipulation of interest rate benchmarks, promotion of fraudulent tax shelters, violations of anti-money-laundering laws, foreign bribery, and more. This is all on top of Deutsche Bank’s questionable business dealings with Donald Trump and Jeffrey Epstein.

I’ve always found it odd that a bank with a reputation such as this could put itself forth as a practitioner of ethical investing. Yet that is a big part of the problem with ESG. Rap sheets such as that of Deutsche Bank are often ignored, and companies are deemed worthy based on some specific practice that is far from representative of its overall behavior.

The Deutsche Bank case is not the only example of an ESG investment adviser being held to account. Recently, the SEC charged BNY Mellon Investment Adviser for misstatements and omissions concerning the ESG criteria used in some of its mutual funds. The company agreed to pay $1.5 million to resolve the matter.

Cases such as these signal that the ethical investing world is going to have to get a lot more ethical—and rigorous—if it is going to survive.

Reviving the Ultimate Corporate Punishment

Big business has despised the Consumer Financial Protection Bureau since its creation, and now the director of the agency has provided additional basis for that enmity. Rohit Chopra recently delivered a speech to the University of Pennsylvania Law School that amounted to one of the most aggressive statements on corporate misconduct ever made by a federal regulatory official. And he put forth some bold ideas for dealing with the problem.

Chopra began with the observation that the CFPB, which has been in operation for only about a decade, has had to take action against some major financial institutions on multiple occasions—five times in the case of Citigroup and four times against JPMorgan Chase, for example. These cases have resulted in billions of dollars in penalties and consumer redress.

The CFPB’s experience is not unique. “Repeat offenses – whether it’s for the exact same offense or more malfeasance in different business lines,” are, Chopra stated, “par for the course for many dominant firms.”

This conclusion is reinforced by the data collected in Violation Tracker. Over the past two decades, the commercial banks in the Fortune 100 have paid over $190 billion in fines and settlements. More than 100 corporations across all sectors have each paid over $1 billion in penalties.

The central question, as Chopra put it, is: “How do we stop large dominant firms from violating the law over and over again with seeming impunity? Corporate recidivism has become normalized and calculated as the cost of doing business; the result is a rinse-repeat cycle that dilutes legal standards and undermines the promise of the financial sector and the entire market system.”

Chopra’s address was remarkable in that it also put forth a vision for solving the problem. In addition to more prosecutions of individual executives, he calls for a focus on structural remedies, including putting restrictions on the ability of rogue corporations to grow.

This idea is not unprecedented; in fact, as Chopra notes, it was implemented by regulators in the case of Wells Fargo. In 2018, following revelations that the bank had created two million bogus customer accounts to generate illicit fees, the Federal Reserve took the unusual step of barring it from growing any larger until it cleaned up its business practices.

Chopra proposes to take even more aggressive measures. He wants to see misbehaving corporations forced to close or divest portions of their operations. He would deny such companies access to government-granted privileges. For example, pharmaceutical violators could lose their patents; lawless banks could lose access to FDIC deposit insurance.

Chopra indicated he is also exploring the most remedy of all: putting corrupt corporations out of business entirely. He warned that the CFPB will be deepening its collaboration with officials at the state level, where corporations are chartered, “to ascertain whether licenses should be suspended or whether corporate assets should be liquidated.”

In other words, Chopra is proposing greater use of what is often called the corporate death penalty (he doesn’t used that phrase). Such punishment is applied by some states in dealing with bad actors, but they are usually small, fly-by-night operations.

Talk of putting a large company out of business has been largely taboo since the case of accounting firm Arthur Andersen, which shut down in 2002 after being prosecuted for offenses relating to its role as the auditor of the fraudulent energy company Enron. There was a strong backlash in the business world against the prosecution, especially after the conviction was later overturned by the U.S. Supreme Court.

Chopra is no longer daunted by that episode. He argues that terminating corporate charters and licenses “should be considered for institutions of all sizes when the facts and circumstances warrant it.”

His speech may be a turning point in the prosecution of corporate crime. The two decades since the Enron/Arthur Andersen case have seen a tsunami of misconduct. Violation Tracker, whose mission is to document the phenomenon, is now up to more than 500,000 cases with fines and settlements of $786 billion.

While the penalties continue to accumulate, there is no evidence that corporate behavior is improving.  Another approach is needed. Chopra’s roadmap is a good place to start.

Credit Suisse and the Oligarchs

Russian banks are among the targets of Western sanctions in response to the invasion of Ukraine, but a financial institution in the middle of Europe is also part of the problem. According to recent press reports, Switzerland’s Credit Suisse is calling for the destruction of certain documents that could involve Russian oligarchs—a move that could impede efforts to locate and perhaps seize their assets.

The Financial Times is reporting that the bank is asking hedge funds and other investors to “destroy and permanently erase” documents relating to securitized loans backed by “jets, yachts, real estate and/or financial assets.” Credit Suisse had created these financial instruments to offload risks associated with its lending to the ultra-rich. When the Financial Times previously reported on these instruments, it described a presentation to potential investors mentioning that the bank had experienced defaults on yacht and aircraft loans to oligarchs related to U.S. sanctions.

It appears that Credit Suisse is concerned that the documents relating to the loans could be leaked. The bank has good reason to worry about unauthorized disclosures. It was recently the subject of a massive release of internal documents, dubbed Suisse Secrets, revealing its extensive dealings with individuals said to be involved in drug trafficking, money laundering and other corrupt practices.

Credit Suisse has a long history of ethically questionable behavior, extending back at least to the Second World War, during which it and other major Swiss banks allegedly profited by receiving deposits of funds that had been looted by the Nazis. In 1998 the banks agreed to pay a total of $1.25 billion in restitution.

After merging with investment bank First Boston in the 1970s, Credit Suisse became a significant player in U.S. financial markets and got into frequent trouble with regulators. Over the past two decades, it is racked up more than $10 billion in fines and settlements, as shown in Violation Tracker. This rap sheet includes a $5 billion settlement in 2017 concerning the sale of toxic securities and a $1.8 billion criminal penalty in 2014 for helping U.S. taxpayers file false returns.

Credit Suisse has also had previous problems relating to sanctions. In 2009 it had to pay $536 million to the U.S. Justice Department and the New York County District Attorney’s Office to settle allegations that it violated the International Emergency Economic Powers Act by engaging in prohibited transactions with Iran, Sudan and other countries sanctioned in programs administered by the Department of the Treasury’s Office of Foreign Assets Control.

The bank has also been implicated in bribery cases, paying $99 million last year to the Securities and Exchange Commission for fraudulently misleading investors and violating the Foreign Corrupt Practices Act in a scheme involving two bond offerings and a syndicated loan that raised funds on behalf of state-owned entities in Mozambique. The bank was also penalized nearly £300 million by the UK’s Financial Conduct Authority for the Mozambique matter.

Returning to the current situation, Credit Suisse is insisting that it has not been destroying any documents in its own possession while not denying it asked investors to do so. The bank may not have broken any laws in making this request, but it is a highly questionable action amid the current situation. Unfortunately, it is very much in keeping with Credit Suisse’s extensive track record of going out of it way to protect the disreputable clients with whom it likes to do business.

Trans-Atlantic Corporate Misconduct

It seems likely there is more corporate crime and misconduct in the United States than in any other country on earth. After all, Violation Tracker now documents 496,000 cases over the past two decades with total penalties of more than $724 billion. That’s a tough amount to beat, especially if you put aside kleptocracies such as Russia and look only at larger market economies with functional regulatory systems.

We will soon be able to make better comparisons between the U.S. and one of those economies—that of the United Kingdom. On October 26 the Corporate Research Project of Good Jobs First will release Violation Tracker UK. Like its U.S. namesake, VT UK will provide easy access to regulatory records covering a wide range of issues, including employment practices, environmental compliance, consumer protection, financial conduct and much more.

My colleagues and I are still finalizing the data, so I will not provide any actual penalty totals here. Yet there is one finding I can confidently share now: many of the same large corporations that feature prominently in the U.S. Violation Tracker will do so in the UK data as well. More than half of the 100 most penalized UK parents have also paid fines and settlements in the U.S.

The overlap between the penalty “leaders” in the two countries is concentrated in the financial services sector. I’ve noted numerous times that large UK banks such as NatWest (formerly Royal Bank of Scotland), HSBC and Barclays have behaved badly in the U.S. and have paid out billions of dollars in penalties for offenses such as interest-rate manipulation and violations of international economic sanctions.

It will come as no surprise that these same banks have been cited for some of the same sins at home. In fact, some of the U.S. cases resulted from investigations carried out in cooperation with UK regulators such as the Financial Conduct Authority and the Serious Fraud Office.

At the same time, giant U.S. banks have gotten into trouble in the United Kingdom. The VT UK list of most penalized corporations will include the likes of JPMorgan Chase, Citigroup and Goldman Sachs.

Banks headquartered in countries such as Switzerland and Germany also show up with large penalty totals in the UK as well as the U.S. Among these are UBS and Deutsche Bank.

Other portions of the financial services sector also engage in misconduct on both sides of the Atlantic. These include the accounting and auditing giants such as KPMG and Deloitte, which have gotten into trouble not only with the SEC and the Justice Department but also with Britain’s Financial Reporting Council.

Not all of the culprits that will appear in VT UK are multinational players. The database will include many homegrown offenders with little or no overseas presence. You will be able to check out the track records of offenders large and small when VT UK launches on October 26.

The Wolves of Wall Street

Morgan Stanley and Merrill Lynch are two of the oldest names on Wall Street. Morgan long focused on serving corporations with investment banking services, while Merrill was more of a retail brokerage. Both got caught up in the transformation of the financial services sector. Morgan purchased brokerage firms Dean Witter and Smith Barney, while Merrill was taken over by Bank of America during the 2008 financial crisis.

During the past dozen years, both Morgan and Merrill have seen their reputations tarnished by a series of legal controversies. When Violation Tracker began collecting data on financial offenses in 2015, BofA appeared atop the list of banks that had paid more than $1 billion in fines and settlements, thanks mainly to cases involving Merrill. Morgan ranked 7th.

The database, now with information extending back to 2000, shows BofA with total penalties of over $80 billion, far more than any other parent company.  Morgan has paid out more than $9 billion.

Morgan and Merrill also feature prominently in the newest category of data to be added to Violation Tracker: penalties imposed on securities firms by the Financial Industry Regulatory Authority. Unlike the other agencies whose cases are compiled in Violation Tracker, FINRA is not a government entity. It is, however, authorized by Congress to acted as an industry self-regulator and is overseen by the SEC.

By reviewing all press releases issued since 2000 by FINRA and its predecessor, the National Association of Securities Dealers, we have assembled 726 cases with total penalties of more than $1 billion. And when we matched the firms named in the cases to their corporate parents, we found that roughly half of the actions were linked to the giants of Wall Street. Those companies account for an even larger share of the penalty dollars.

Morgan Stanley and Bank of America (mostly via Merrill Lynch) are tied for first place in terms of the number of cases, with 38 each. Morgan leads in penalty dollars, with a total of $150 million, followed by BofA with $134 million. The other firms with the highest total penalties include Credit Suisse, Citigroup, Wells Fargo, Deutsche Bank, and UBS. (The Morgan and BofA totals on Violation Tracker’s FINRA summary page do not match the amounts cited here because they have been adjusted avoid double-counting of some penalties linked to cases handled jointly with the SEC.)

Because the penalties imposed by FINRA are relatively low, the case numbers are perhaps more significant. What does it say about Morgan and Merrill that they have each been cited more than three dozen times for violating rules meant to protect investors? In one case, Merrill was cited for failing to prevent one of its representatives in Texas from operating a Ponzi scheme.

And what does it say about FINRA that it allows the big players to commit violations over and over again without doing more than imposing additional modest fines?  

It should be noted that the cases we collected from the FINRA press releases make up only a portion of the organization’s actions, with thousands more against firms and individuals contained in a proprietary database. In other words, the level of recidivism among the large Wall Street firms is probably even worse than what is suggested by the press releases.

Moreover, just a few days ago, after we finished processing the FINRA data, the organization imposed a new $3.25 million fine on Merrill Lynch and ordered it to pay $8.4 million in restitution to customers.

Neither government action nor industry self-regulation seems to be very effective at curbing financial misconduct.

Note: Along with the new FINRA cases, Violation Tracker has just been updated with information from the more than 300 federal, state and local agencies covered by the database. The Tracker now contains 490,000 entries with total penalties of $669 billion.

The European Banking Blacklist

The European Union has shaken up the financial world by excluding a group of large banks from participating in the marketing of bonds being floated to help in the economic recovery of member states. According to reports in various business publications, the ten banks are being singled out because of their involvement in cases in which they were accused of manipulating bond and currency markets. In other words, they are being punished for misconduct.

While these moves may not have a major bottom-line impact on the banks—which include U.S. giants JPMorgan Chase, Citigroup and Bank of America—the EU is sending an important message about corporate wrongdoing.

Large companies have come to assume they can essentially buy their way out of legal jeopardy by paying fines and settlements that have grown larger but are still far from seriously punitive. As Violation Tracker documents, the big banks are Exhibit A for this phenomenon.

The database shows that the financial sector overall has paid more than $300 billion in U.S. penalties over the past two decades, far and away more than any other part of the economy. Bank of America is at the top of the list of penalty payers, with a total of $82 billion. JPMorgan is second with $35 billion, and Citigroup is fourth with $25 billion.

Non-U.S. banks being singled out by the EU have also accumulated substantial U.S. penalties, apart from what they have paid elsewhere. For example, Deutsche Bank has paid out $18 billion and NatWest (formerly the Royal Bank of Scotland) $13 billion.

The EU’s move is focused on a particular set of scandals in which these banks were alleged to have colluded to rig markets. Among these are cases involving the manipulation of currency markets. In 2015, Citigroup, JPMorgan, Barclays and Royal Bank of Scotland each paid hundreds of millions of dollars in settlements to resolve criminal charges brought by the U.S. Justice Department.

Unlike many other situations in which large corporations are offered deferred prosecution or non-prosecution agreements, the banks in this case had to plead guilty to the felony charges. Yet there was little in the way of consequences beyond the penalty payments. The banks were put on probation, on the assumption this would cause them to cease their bad behavior. Yet all the banks continued to rack up regulatory violations in subsequent years.

Reuters estimates that the blacklisted banks will lose out on about 86 million euros in syndication fees. This is a lot less than what the banks have paid in penalties. Yet, if banks begin to see that misconduct will cause them to be excluded from business opportunities, that may be more of an inducement to avoid corrupt behavior.

The dilemma for policymakers is that misconduct is so widespread in the financial sector that it is difficult to find service providers with clean hands. While excluding the ten banks, the EU turned to a group of others to handle the debt issue. Those included the likes of HSBC and BNP Paribas, which have their own substantial corporate rap sheets. Perhaps a larger blacklist is needed.

The 200-Year-Old Corporate Criminal

Boston-based State Street Corporation traces its history back to 1792 and now manages more than $3 trillion in assets, yet it has always maintained a lower profile than the goliaths of Wall Street. Recently, the company was in the spotlight, though not in a good way.

The U.S. Attorney’s Office for Massachusetts announced that State Street would pay a $115 million criminal penalty to resolve charges that it engaged in a scheme to defraud a number of its clients by secretly overcharging for expenses related to the bank’s custody of client assets.

“State Street defrauded its own clients of hundreds of millions of dollars over decades in a most pedestrian way,” said Acting U.S. Attorney Nathaniel Mendell. “They tacked on hidden markups to routine charges for out-of-pocket expenses.”

What’s remarkable is this simple fraud went on, according to prosecutors, for 17 years. This suggests that a large number of company executives were in on the scheme. In effect, it became part of State Street’s standard operating procedure.

It is disappointing that, aside from the monetary penalty—which can be easily absorbed by a company of its size–State Street was let off with what amounted to a slap on the wrist. Like numerous large corporate violators before it, State Street was allowed to enter into a deferred prosecution agreement rather than being compelled to enter a guilty plea.

The DPA is all the more controversial because State Street did not have a pristine record prior to this case. As shown in Violation Tracker, it has paid more than $1 billion in penalties in previous cases dating over a decade. These included a 2010 case in which it had to pay $313 million to resolve allegations by the Securities and Exchange Commission and the Massachusetts Attorney General that it misled investors about their exposure to subprime investments while selectively disclosing more complete information to specific investors.

Later, in 2016, State Street paid $382 million to the resolve an SEC case alleging that it misled mutual funds and other custody clients by applying hidden markups to foreign currency exchange trades. Hidden markups seem to be a recurring theme for State Street.

Since 2010 the company has paid out another $400 million in cases brought by the SEC and state regulators as well as class action lawsuits involving its management of pensions and benefit plans.

Yet perhaps the most disturbing entry on the Violation Tracker list is a 2017 case in which State Street paid a $32 million penalty to the Justice Department to resolve charges that it engaged in a scheme to defraud a number of the bank’s clients by secretly applying commissions to billions of dollars of securities trades.

As in this year’s criminal case, State Street was allowed to wriggle out of those charges by signing a deferred prosecution agreement. That puts the company in the dubious group of corporations that, as a 2019 Public Citizen report showed, have been offered multiple DPAs or non-prosecution agreements.

The ability of a corporation to obtain multiple leniency agreements makes a mockery of DPAs and NPAs. These arrangements are justified as a way to encourage a wayward company to change it practices, yet the ability to obtain multiple get-out-of-jail-free agreements does nothing more than incentivize more misconduct.