Fifth Third Bank Settles Bogus Accounts Mess
Fifth Third Bank has agreed to pay a $20 million fine and to overhaul its employee performance management practices, to settle a long-running lawsuit that workers were opening fake accounts without customer permission to meet sales goals and that they were saddling auto-loan borrowers with insurance the borrowers didn’t need.
The Consumer Financial Protection Bureau, which filed the lawsuit against Fifth Third in 2020, announced the settlement on Tuesday. The bogus auto insurance nonsense was the headline for the CFPB, but compliance officers will be more interested in the unauthorized accounts scandal because (1) it bears a strong resemblance to the Wells Fargo fake accounts scandal that captivated our crowd for years; and (2) that’s where most of the compliance program improvements will be happening.
What fake-accounts nonsense did Fifth Third do, exactly? According to the CFPB lawsuit filed years ago, from 2010 to 2017 bank leadership set sky-high sales goals for bank branch employees, and then conditioned employees’ performance ratings — and in some instances, continued employment at all — on whether managers and their subordinate employees met those goals.
Thousands of Fifth Third employees couldn’t meet those sales goals. So, quite naturally, and fearing for their jobs, they started to cheat. As described in the CFPB lawsuit:
Fifth Third, without consumers’ knowledge and consent, opened deposit accounts in consumers’ names; transferred funds from consumers’ existing accounts to new, improperly opened accounts; applied for and issued credit cards; enrolled consumers in online banking; opened lines of credit on consumers’ accounts; and enrolled consumers in overdraft protection and other financial products.
Worse, Fifth Third senior managers knew that employees were opening unauthorized accounts. For example, in 2010, Fifth Third’s head of retail banking wrote that “there have been consistent problems around unauthorized credit card sales in Chicago.” That same year, that same retail banking head wrote that the Chicago leadership team had a reputation for “less than desirable sales management practices,” and that “bullying and threats are often used to achieve results.”
This is all very much in line with what Wells Fargo had done too, in roughly the same time period; so we won’t rehash old news any further. Suffice to say, Fifth Third agreed to pay $15 million for the bogus accounts, plus $5 million for the unnecessary auto insurance foisted onto unsuspecting customers.
Compliance Program Reforms
The interesting stuff for compliance professionals today are all the compliance program improvements Fifth Third agreed to make as part of its settlement.
Policies and procedures. Fifth Third cannot set any sales goals or performance-management practices that might lead to unauthorized accounts in the future. That includes a ban on product-specific sales goals (for example, no “sell four checking accounts per day or you’re fired”); and a requirement for compensation clawback policies that must be used whenever employees do try to open unauthorized accounts.
The bank must also provide prompt notifications to customers whenever accounts are opened in their name, and “otherwise ensure rigorous control and auditing functions to detect and prevent employee misconduct relating to potential unauthorized accounts.”
Internal investigations. Fifth Third must implement systems to assure that any allegations of unauthorized accounts are investigated thoroughly. That includes complaint hotlines for bank customers, as well as systems for internal employees to complain about unwarranted sales pressure. Plus, Fifth Third must have systems in place to monitor for potential unauthorized account openings and then alert the appropriate staff for follow-up investigation.
Board oversight and reporting. Fifth Third needs to draw up a detailed compliance plan within the next 90 days, which must spell out both how the bank plans to achieve all the stuff mentioned already and how the board of directors will be kept apprised of the compliance program’s progress on those goals. That compliance plan then gets submitted to the CFPB for review and approval.
One year after all that (meaning summer 2025), Fifth Third must submit a detailed report to the CFPB on its progress. The report must go through the settlement order paragraph by paragraph, identifying which improvements have already been achieved and any corrective actions that still remain outstanding.
Moreover, the board must “authorize whatever actions, including corrective actions, are necessary for Fifth Third to fully comply” with all those items outlined in the compliance plan.
So, yes, the board does bear ultimate responsibility for Fifth Third’s compliance program and all the improvements the bank needs to make — but by my reading of the settlement order, the board doesn’t have any room to exercise actual judgment about what’s necessary here; management just presents whatever is necessary to achieve compliance with the order, and the board has to approve those actions.
For the bank’s part, it released a statement today from chief legal officer Susan Zaunbrecher, declaring: “We have already taken significant action to address these legacy matters, including identifying issues and taking the initiative to set things right. We consistently put our customers at the center of everything we do. We are pleased to put these historical matters behind us so we can continue to focus on creating sustainable long-term value for our shareholders, customers, employees and in our communities.”
A Word on Flawed Incentives
The root of Fifth Third’s problems here is the same one that trapped Wells Fargo: a business strategy (selling more products to customers) that ignored the misconduct risks inherent to it (employees gaming the system with unauthorized accounts).
The chain of events here is not hard to grasp:
- Company sets strategy to achieve business goals.
- Company defines performance metric to measure progress toward those goals.
- Employees feel pressure to score better on that performance metric.
- Employees engage in fraud to game that performance metric in their favor.
In the cases of Fifth Third and Wells Fargo, the performance metric was account openings, and the rotten corporate culture in both companies drove employees to open unauthorized accounts. In other businesses, however, your metrics and ensuing attempts to game those metrics might look quite different. So I sketched out a flowchart that works at a more abstract level.

The logic chain to assess misconduct risk in strategy.
That’s one suggestion for how compliance and internal audit teams could assess misconduct risk in their organizations. If you have others, email me at mkelly@radicalcompliance.com and let me know!