Given that Wells Fargo (WFC) - Get Report  emerged from the Great Recession with relatively clean hands, it is particularly shocking that the bank has found itself embroiled in a scandal.

Yesterday the Consumer Financial Protection Bureau announced a massive enforcement action against Wells Fargo after regulators discovered that employees had opened more than 2 million dummy accounts using real customers' names. The practice was widespread, and in total investigators have found about 1.5 million unauthorized bank accounts and another 565,000 credit cards issued to bank customers who never requested them.

The blame is generally being placed with the bank's compensation incentives, bonuses that employees get for enrolling customers in new products. In order to qualify, these employees would open unauthorized accounts and, according to the CFPB, often funded them by transferring in some of that customer's money from savings or checking "to temporarily fund the unauthorized accounts in a manner sufficient for the employee to obtain credit under the incentive-compensation program."

About 5,300 Wells Fargo employees have been fired in connection with this practice, and the bank will pay $185 million in fines, including the largest fine that the CFPB has ever issued at $100 million. 

Cases like this always open up questions, and the Wells Fargo debacle is no different. Here are just a few of them answered, as best as we can this early on.

EXCLUSIVE LOOK INSIDE: Wells Fargo is a holding in Jim Cramer'sAction Alerts PLUS charitable trust portfolio. Want to be alerted before he buys or sells the stock? Learn more now.

How on Earth did this happen?

That's the billion-dollar question.

While Wells Fargo has admitted no wrongdoing as part of its settlement, it's also difficult to believe that thousands of employees could create millions of fake accounts right under the management's collective nose. One of two things seems inescapable here:

1. The higher-ups at Wells Fargo knew about or chose to ignore the wrongdoing (a distinction without difference), or

2. The bank is so poorly managed that many of its employees could commit fraud on a truly massive scale without the leadership ever realizing it.

Neither of these are comforting prospects, and almost certainly any further action will begin with the questions of what people knew and when did they know it.

Also disturbing is the fact that the kind of incentive structures blamed for this wrongdoing are a not-uncommon industry practice.

How can they not admit wrongdoing?

Often this question is phrased with more colorful language.

Settlements without admission of wrongdoing are a staple part of the financial industry's relationship with federal regulators. Often this is seen in the context of enforcement actions by the Securities and Exchange Commission. The SEC has made the no admission clause virtually standard operating procedure, so much so that it has actually drawn the attention of federal judges (who are notoriously reluctant to step on the toes of enforcement deals made by federal agencies).

From a company's perspective the purpose of a no admission clause is to avoid future liability. While the prospect of another lawsuit is murky (see below), admitting wrongdoing means that any future plaintiff could virtually skip the liability phase of a lawsuit. They'd have only to prove a legally viable claim before passing Go directly to damages. This is a simplification, but not by much, and as a result someone would almost certainly try.

Why federal regulators continue to allow no admission settlements is a trickier question, and one that has been much debated. In this particular case, though, it's possible that the CFPB doesn't actually have evidence of complicity by Wells Fargo's leadership. Without proof to the contrary regulators might consider their hands tied on the question of whether this was the work of a few (thousand) bad apples, as the bank argues, or an institutional problem.

What happens next?

What happens next depends, in part, on the actions by Wells Fargo. The bank has announced its plan to hire an independent consultant to review internal procedures and will repay the $5 million in fees that customers incurred on unauthorized products. The bank estimates that the average customer will get back $25 or so.

That's almost certainly not enough, and the plaintiff's bar will already be sharpening their knives. Damages in cases of fraud can be enormous, as courts are liberal with punitive awards and will often hold harm to be presumed. (Under ordinary circumstances a plaintiff must prove two elements of his case: both the bad act and the injury he suffered as a result. In many cases of fraud the court will accept as given that, if the fraud occurred, harm followed; to put it another way, fraud is often considered a harm in and of itself.)

The class action suits won't be far behind… maybe.

It's just as possible that the actions of the CFPB will preclude any new remedies. A principle of civil law is that a defendant can't get repeatedly sued for the same set of harms; each plaintiff gets one bite at the apple and then both parties have to move on. Since the federal government represents everyone, a fine by federal regulators can trigger this restriction. Enforcement by agencies such as the CFPB is considered an action on behalf of everyone who was harmed, so they probably won't be allowed to sue again for the exact same pattern of facts and law.

The viability of any future lawsuits will, as a result, depend on how fully the courts think this issue has been dealt with. Plaintiffs can make a good argument that $25 is laughable compensation for having had false credit cards opened in their names, but first they'll need to convince a judge that there are legitimate issues not addressed in the CFPB settlement. Otherwise any case will be dead on arrival.

How can I protect myself?

One of the scary things about bad actions by a bank is that they are supposed to be the gatekeepers. If a consumer has a dispute with their credit card company or a vendor, he can contact his bank to keep that money safe… but what do you do when it's the bank itself moving money around without approval?

Start with regular checks to your credit report.

While good financial hygiene under all circumstances it can be an excellent early warning signal for many kinds of financial fraud. An unauthorized credit card will jump off the page, for example, as will overdraft or late fees for bank accounts you shouldn't have. That said, bank accounts themselves will rarely show up. To protect from that requires regular combing through of your bank statements.

Scanning your monthly statement is, again, a good best practice in general. It can catch illegitimate activity, such as if your debit card number has been compromised or if someone has transferred out the minimum balance necessary to open a new checking account.

Should I switch banks?

Ironically, if you're a Wells Fargo customer you're probably one of the safest banking customers in the United States for the time being.

In the aftermath of any major enforcement action the target falls under extremely high scrutiny. Internal procedures kick in, external consultants are hired (as mentioned above, Wells Fargo has done this), FDIC insurance protects against the worst case scenarios and federal regulators are very sensitive to any allegations of future wrongdoing. The penalties for multiple infractions in a row can be extremely severe.

The upshot is that Wells Fargo will be on its best behavior for the time being. That's not to say that they won't be back in the news, major enforcement actions like this often uncover other wrongdoing as the case goes on, nor is it impossible for something new to happen. However for the immediate future this is going to be one of the most heavily scrutinized banks in America, and therefore probably a safer place to keep your money than most.