As Wells Fargo reveals 1.4M more fraudulent accounts, companies must also eye internal threats

The news that Wells Fargo discovered another 1.4 million fraudulent bank accounts, as well as more than a half-million cases of online bill payments, underscores the fact that company trust and safety teams must be on the lookout for internal threats, not just external ones.

Wells Fargo publicly announced on Thursday that it has identified a new total of about 3.5 million potentially unauthorized consumer and small business accounts crated from January 2009 to September 2016. That’s 1.4 million more than the bank had previously indicated.

The results came from an expanded analysis as a result of court orders, and they also discovered that about 528,000 unauthorized bill pay enrollments were also created. To remedy that fraudulent activity, Wells Fargo has pledged to refund $910,000 to customers who incurred inappropriate fees or charges.

The company already agreed to pay $185 million last September, settling a number of government lawsuits regarding to the illegal creation of unauthorized customer accounts. The accounts were created — unbeknownst to legitimate customers — by thousands of Wells Fargo employees, under pressure to meet high sales goals.

Even worse, former Wells Fargo employees who attempted to report fraud within the company told NPR they were fired for trying to do the right thing, revealing a widespread systemic problem within the company.

Thursday’s latest disclosure reveals the troubles within Wells Fargo were even worse than the financial institution had previously thought.

The details also highlight the fact that potential risks and threats to a company are not always from outside forces. Sometimes, it’s the company’s own policies and personnel that can place it in a bind.

It also highlights countless flaws within the current systems, including existing identity protection services. At the moment, protection methods typically only eye actions that affect a customer’s credit score. And since the bogus Wells Fargo accounts had no activity on them, many people had no way of knowing they existed, let alone setting off red flags with credit protection agencies.

Such dormant accounts could also become easy targets for a fraudulent takeover — fraud begetting even more fraud, in other words.

For Wells Fargo, the damage, beyond erosion of trust and credibility, has mounted: corporate casualties include the ouster of its former chief executive, John Stumpf. The San Francisco-based company still remains under investigation from the U.S. Department of Justice.

Going forward, Wells Fargo has set up a new investigations unit whose goal is to try to ensure that fraudulent activity — and a toxic corporate culture encouraging it — doesn’t return.

Outsiders witnessing the continuing implosion at Wells Fargo might consider establishing such investigation teams from the outset, before an internal department can become truly rotten to the core.

Because sometimes the most damaging wounds are actually self-inflicted.