The Good, The Bad and the Ugly
WIRECARD’S RISE AND FALL – THE SAD STORY OF GERMANY’S UNICORN
“Innovation”… innovation is the key to success. But at all cost? This question echoes to us readers of WIRECARD’S daily news, but what intrigues us the most is if this was the ending that the so-called WIRECARD German unicorn had in mind.
In a sector as competitive as the financial services industry, WIRECARD, the FinTech unicorn, was an entrepreneurs’ dream-come-true: a new and fresh company that provided payment processing services, card issuance and risk management to over 250,000 corporate clients around the globe, young and versatile; with only 20 years in the market, it was already competing with well – known financial services giants.
Its’ internet-based successful payment system, leveraged the access to operate as a German bank. They then managed to become prime members of Visa and MasterCard and started trading at the Frankfurt Stock Exchange at almost the same time that it was listed amongst the exclusive DAX index.
As great as this dream was, it bumped into an unexpected wakeup call: on January 20, 2019, their shares started plummeting after the FINANCIAL TIMES (“FT”) published an article claiming that a high executive in the company was a suspect of using forged contracts and laundering money in the South Pacific operations of the company. The article was backed by an internal presentation named “Project Tiger Summary” -dated May 7, 2018-, in which a whistleblower explained how EDO KURNIAWAN, an executive responsible for the payment group’s account in the Asia-Pacific region, engaged in suspicious transactions that violated Singaporean banking regulations, including “falsification of accounts” and “money laundering”.
FT’s article, spearheaded by Dan McCrum, highlighted that previous investors and analysts had raised concerns about the group’s financial statements in 2008, 2015 and 2016, while managing to get away with it, claiming external factors such as “market manipulation”.
During those times, a compliance officer prepared a document that was later presented to high executives of the company. He outlined how € 37MM had been moved in suspicious transactions, both internally between subsidiaries and externally to other businesses.
FT dived deep into the transactions and stressed one in which WIRECARD claimed to have provided payment services to a hydraulics and piping company named Flexi Flex in a software sale operation for Indonesian clients valued in € 3MM euro in the years 2017 and 2018. Even after reviewing invoices and sales agreement, an executive for such company told FT that he “had not heard of WIRECARD, and that his company did not sell software, have Indonesian clients, or even use a payment company”.
After describing several similar operations in Asia, FT mentioned that such concerns had faded following clean audits and at the same time the company witnessed unprecedented growth rising their earnings up to 38% thanks to revenues and profits on WIRECARD’S operations in Asia.
The article was deemed as false, inaccurate, deceiving, and defamatory by WIRECARD using a corporate statement followed by a lawsuit against the journal, claiming it manipulated the market using “unethical reports”. German prosecutors rapidly reacted and started investigating Mr. Mc Crum for violations of German securities regulations.
The outcome? BaFin, Germany’s financial securities authority, prohibited shorting against WIRECARD’S stock for approximately 4 months from February to April.
A few months later, in October 2019, FT published responses to the accusations of WIRECARD on a new report exposing internal documents from WIRECARD, proving that the company actually engaged in “inflat[ing] sales and profits”. This report explained how the situation on the company’s offices on the other side of the globe and explained how the following controversy sparked by the initial article white-collar crime investigators in Singapore had raided the offices of the company and had mentioned MR.KURNIAWAN as one of the suspects.
MARKUS BRAUN, by that time, WIRECARD’S financial wonder CEO, the one-man-show who brought the company from a startup FinTech to Germany’s unicorn, did not pay much attention to this problem, labelling it as “a local difficulty”. Subsequently, FT published internal company spreadsheets and correspondence between senior members of the company to address WIRECARD’S accusations and provided a wider picture of the accounting practices that demonstrated that WIRECARD’S actually cooked books and records. In short, they inflated sales and profits at WIRECARD’S branches in Dubai and Ireland and led to misleading EY, the bank’s auditor in their report.
This scenario led the company to hire accounting firm KPMG for an independent audit report to address such accusations, which was used by WIRECARD to reinforce there were no major discrepancies during the report in March 2019. However, the shares crashed 26% in April after KPMG claimed that the company did not provide “sufficient documentation” to stand before the accounting irregularities claims by FT in March 2020.
The aforementioned led to a new raid, now in the European offices, against senior executives for misleading the investors in a management probe effort. As if this wasn’t enough, the nightmare kept on growing when the company informed that there were 1.9MM euros in cash missing from WIRECARD’S accounts after a new EY audit report in June, 2020, which were allegedly safeguarded
in two Filipino banks. According to the new report, one of the company’s managers tried to deceive the auditor and hence led the company unable to share results in 2019 as the Filipino banks claimed that they had no idea on the whereabouts of the funds.
MR. BRAUN resigned on the following day, the company appointed JAMES FREIS as the new CEO, and the shares crashed 72%. MR. BRAUN was arrested on June 22 and on June 25 WIRECARD filed for bankruptcy.
WIRECARD COMPLIANCE OFFICER’S – A SERIOUSLY RISKY BUSINESS
A compliance officer is a person whose job is to make sure the company obeys any laws or rules that apply to this work. Conveniently enough for our purposes, this definition is followed by an example that claims “financial services companies must now take steps against money laundering, for example naming a compliance officer”. As aforementioned, the board of directors of most (if not all) companies are responsible for appointing a qualified individual as a compliance officer, this person will manage all aspects of the anti-money laundering program which can be summed up in designing, implementing a program within the first and second lines of defence, update it as necessary as per business needs or regulatory changes, constantly inform the stakeholders involved, and constantly train the company’s employees. This aims to achieve complete adherence to AML/CFT laws and regulations.
Article 8 of the DIRECTIVE (EU) 2015/849 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 20 May 2015 (EU Fourth Anti-Money Laundering Directive or AMLD4) mandates the appointment of a compliance officer at management level to implement the proper policies, controls and procedures to manage effectively the risks of money laundering and terrorist financing identified at the level of the Union, the Member State and the obliged entity.
One of the most important characteristics of a compliance officer, in order to achieve the aforementioned goal, is being able to effectively communicate in order for an organization’s AML/CFT program to function properly. This includes being able to communicate internally from a first-line defense analyst all the way up to a member of the Board of Directors, and externally.
In our particular case, Project Tiger Summary, this is, the article that led to the whole FT investigation and subsequent series of events, was prepared by a compliance officer. This is, in fact, a great example to demonstrate an actual adherence to his or her’ functions and responsibilities by effectively communicating externally after exhausting internal options.
Compliance officers are expected to articulate matters that represent risks to executive officers. One of the important matters would be a substantial increase or decrease in a transaction report, which was effectively caught by our subject of study. However, policing internal movements won’t do it; compliance officers need to be able to catch changes in laws and regulations that may need an immediate response, analyze, interpret and then find a way to implement an action plan within the institution to comply with this.
In accordance with the EU Fourth Anti-Money Laundering Directive, the AML compliance officer should have unfettered access to the board members in order for him/her to exercise his/her role effectively. Now, while being a member of the management team, is itself a responsibility, compliance officers must be able to delegate his or her AML duties in subgroups to effectively ensure that the entity is being defended from any potential risks. This usually includes KYC/CDD processes, Sanctions Screenings, PEP-designation procedures, transaction monitoring and financial investigations.
In our particular case, WIRECARD seems to be attempting to dramatically change its approach to compliance by appointing a former compliance officer board member of another institution, James Freis, as the company’s new COO and interim CEO. Mr. Freis used to be a Group Chief Compliance Officer, and Group Anti-Money Laundering Officer of Deutsche Börse AG, Germany’s Stock Exchange.
The compliance officer’s future is hard to tell. As usual in the financial services industry, changes are almost exclusively driven by crises. Across the Atlantic, in the USA, biggest market in the world, the sad 9/11 events led to the implementation of the Patriot Act, in which sections 314(a) and 314(b) aim to curb financing of terrorism through an extensive obligation on banks to “know their customers” or KYC.
This has even modified the Bank Secrecy Act which has included its provisions on their regulations. In this case, we might see something similar and, as usual, expect more regulations in the German market to take place.
As of now, the European Commission is investigating BaFin, German financial watchdog to corroborate if they violated European regulations on their dealings with WIRECARD.
But how could this happen? Well, in short, it is known that Germany is particularly permissive -so is to say- with legal entities. This statement stands before the absence of corporate criminal liability under current German laws, which are directed only towards individuals -corporations do fall to administrative fines, in some rare cases-.
WHERE’S THE MONEY? TRUSTS, TAX HAVENS AND THE SAME OLD STORY
Hypothesis No. 1 is that the numbers were cooked and that the revenue was never there, hence WIRECARD’S simply invented the company numbers (up, obviously) so that WIRECARD’S shares rocketed, making the company more attractive and achieving more borrowing from banks.
Option No. 2 was that these businesses existed, but that WIRECARD, again, tricked a bit (a lot bit) financial status. Hence, the money did not enter the company, it just channelled through it. So where is the money? No one can address that question today but probably the money was never there, and the shady businesses of MR. BRAUN and the rest of the gang were shorting the stocks.
In any case, fancy financials led to borrowing money, money that was probably taken out from the company if ever entered into the registers. Nowadays the loans have to be paid, so investors face this problem, owning a stake of rotten WIRECARD’S business.
Here is when comes KPMG comes into spotlight, WIRECARD’S actual auditor, replacing the former one. It’s job, a hard one for sure is to explain what happened with the balance sheets, and -again where can we find the missing € 2bln.
There are some places to start digging. A red-flagged trustee account directly linked with WIRECARD, with €1 bln in its accounts, was pointed for having insufficiently documented payments.
On the other side, the firm said that its missing cash was held in two banks in the Philippines, but the central bank of the Philippines denies this statement, claiming that this is totally fake.
There is a large list of people demanding quick and straight answers. Prosecutors, shareholders, and creditors are expecting WIRECARD to pay its debts.
Forging books and records was key to this scheme, and as FT investigation gathered, WIRECARD managed money from third party processing operations being held in trustee accounts. This money was accounted as WIRECARD’S net cashflow -cash equivalent-, which lend to filling balance sheets with dubious accounts. Was this clumsy accounting? Doubtfully it was, as money in trustee accounts can’t be accounted as cash, university accountant/law students know this.
CLUMSY AUDITING OR WILLFUL BLINDNESS? CHRONICLE OF AN FORETOLD TICKING BOMB
When WIRECARD SCANDAL busted, not all of us were taken for a surprise. By this time FT, as well as the WSJ, had been hearing about the company fishy business and the CEOs’ shady manoeuvres, all of which were formally introduced to BaFin (Germany’s financial regulator/watchdog) almost ten years ago, with no effect whatsoever.
Journalists mainly -but not limited to them-, US authorities, investors and company insiders spoke up these warnings, not heard ones apparently and even further, BaFin did not only denied the accusations, but hunted by experienced and tenacious journalists such as DAN McCrum (who covered the whole investigation as well as FT’s story).
WSJ was clearly right when said that Germany tends to look the other way when fighting corporate crime should be a must, and brought a solid example of this, Volkswagen AG’s emissions-cheating scandal, denounced by U.S. authorities, which does have a strong record of fighting fraud. Since 2008,
the SEC and DOJ have prosecuted ten German firms for FCPA offenses (DAIMLER, ZIMMER BIOMET, BILFINGER, ALLIANZ, SAP, LINDE GROUP, DEUTSCHE TELEKOM, just to name some…).
Was it the US not Germany who brought these companies before trial, so this has meant always and in a recurrent way, a pull of ears the US gave to Germany, but still the question remains and goes through the way in questioning why is the latter reticent to investigate?
In short, the real problem behind Germany’s lack of will is the absence of regulations protecting whistleblowers, something that the SEC in the US puts hard work on.
The outcome is restructuring the law governing the matter, same as happened in the US with FCPA, Anti Bribery Act in UK, Sapin II in France, to give some examples.
In connection with this, we should point out that on the verge of the scandal, on April 22, 2020, the Federal Ministry of Justice and Consumer Protection (BMJV) published its formal ministerial draft bill for a law on the sanctioning of company-related crimes (Corporate Liability Act: VerSanG (“Verbandssanktionengesetz”), a law project, -the Corporate Sanctions Act-, dating back from 2013 to align with OECD linings.
CRIMINAL LIABILITIES – THE GOOD, THE BAD AND THE UGLY COME INTO SCENE
It is yet to understand the criminal liabilities of the people involved in the scandal, but apart from the CEO, MR. BRAUN, the Compliance Officer, and the rest of the board members involved, BaFin as well and the FREP (German Financial Reporting Enforcement Panel), and last, WIRECARD’S former external auditor (who may be blamed for turning a blind eye to the balance sheets). All of them will be asked for answers in relation to the incidents.
None of the aforementioned considers themselves responsible for the money laundering scheme, nevertheless, what it is clear is that due diligence processes were not performed accordingly, deriving in investors damage. Someone must pay for what happened, held legally responsible.
But that is not yet the ending of this drama. Several of whistleblower’s reports were filed since 2008, with no positive outcome. Persecution was the clear result of these reports: when accounting irregularities were denounced back then, BaFin took actions against them, as mentioned, being DAN McCrum the clear victim of this persecution, for publishing articles about WIRECARD since 2015.
As of today, Germany’s auditor’s regulator (Apas) is examining the work of WIRECARD’S former external auditor. This information was exposed by the German Economy Ministry, who claimed that an examination has been running since October 2019, for audits taken place from 2015 to date.
Truth to be told, and as FT puts it, reports included inflated sales and profit figures, as well as staff tallying discrepancies, in order to mislead WIRECARD’S former auditor.
Was this the only manoeuvre WIRECARD did to assure the ongoing business? The answer is clearly no, as the appearance of a profitable business was kept alive as long as it remained unnoticed. This is to say, offices around the world with little to no activity at all and in some cases, non – existent office (Dublin, Dubai, Philippines).
Bottom line, immediate action following EU Whistleblower Directive should be performed.
WHAT SHOULD WE ACKNOWLEDGE FROM THIS EXPERIENCE (AND THE TONS BEFORE)
Those who thought financial crises were a thing of the past have found themselves amazed over and over again. Everybody gets excited when the economy rises, and we have the ability to expand our credit capacity and afford whatever luxury we desire. This applies from a single everyday two-legged person that is finally allowed to buy their dream house to an immense bank that is finally allowed to invest in a development project. However, history has taught us that when something is too good to be true, it usually isn’t. Economic booming requires caution as they might be a red flag for a financial crisis. And if one thing is for certain, is that regulators use such crises as examples to help taxpayers heal their wounds and to tighten the rules for the financial sector players.
After the Wall Street Crash of 1929 also known as the Great Recession, the Glass-Steagall Act was enacted to separate investment and commercial banking activities. After the Financial Crisis of 2007-2008, also known as the Global Financial Crisis, we understood that excessive risk-taking by banks led to the collapse of the financial sector, and the Dodd-Frank Wall Street Reform and Consumer Protection Act was enacted to promote financial stability and restore the faith in the financial market.
However, in order to do so, governments had to provide banks with funds for customers to make withdrawals which entitled enormous amounts of taxpayer money in bailouts and stimulus. Again, taxpayers’ wounds were reopened in a painful exercise to help us understand that liquidity is more important than we thought in such an important sector of our lives.
In a more sectoral perspective, we found that the European Sovereign Debt Crisis, also known as the Eurozone Crisis, showed that there is no such thing as an “individual” crisis. What began with a deficit in Greece in 2009 spread to multiple countries in the Eurozone that were unable to pay their government debt. After a painful bailout program, the European Financial Stability Facility was agreed upon in Brussels as a special stability mechanism that led to a 9% of bank capitalization within the European Union, and a series of write-offs for countries such as Portugal and Italy. Again, the developed nations were showing signs of need of smarter regulations in order to maintain an effective balance.
This was unprecedented to an extent that Iceland, a country known for its lack of corruption with an inclusive and progressive economy, ran into an unprecedented crisis when three of the major banks of the Nordic country defaulted after an immense multiplication of their sizes (and therefore, their debts).
Nevertheless, these crises not only happen when a country is facing depression. Big companies usually are big contributors to our economy. The term company or entity is a legal fiction created to provide this mutual effort with recognition, and hence rights and obligations. They provide millions of people with jobs and a corporate culture that enhances their lives, allows them to pursue their goals and improves the quality of life of any society. So, what happens when one of these companies, in which all this effort and dreams are invested, runs into a crisis of their own?
Alongside this article, we’ve come across all the reasons why a big company with a bright future such as WIRECARD, should have known better. But this is far from being the first example of a company crashing. ENRON CORPORATION was an example of an innovative energy and commodities company, that employed approximately 30,000 staff and was a paramount player in the American economy. It finally fouled its investors. The story of Enron is long known, and sure we all thought that was going to be a forever reminder of “letting the rope loose”…
As we have learned from the aforementioned, lack of careful measurement to surf the good times, usually leads to a crash. As in WIRECARD, an audit failure led the company to the largest bankruptcy reorganization. The two cases have multiple similarities such as the use of accounting loopholes, and the lack of transparency in financial reporting led both companies to make enormous amounts of money while hiding their true financial strength. After this fraud scheme, the US Securities and Exchange Commission began an investigation that led to many executives to be sentenced to prison such as it happened in our case of study.
Enron’s case is a great example that might be a beaten path for the US, but is less palpable for their German counterparts. Lessons learned from the other side of the Atlantic, is that the crisis, even if it’s not nationwide, will lead to more regulation.
In order to assure the accuracy of financial reporting, the Sarbanes-Oxley Act was enacted to increase penalties for altering records, reward whistleblowers for reporting wrongdoings and increase responsibility on audit companies.
If this were to happen after the WIRECARD scandal, we should be expecting new and more strict regulations, more penalties, a huge reward for the whistleblower, and a change on the current dominance of the big-four accounting firms. In any event, if WIRECARD survives this crisis, it will be an example for the rest of the world of a company that after hitting unprecedented lows, came back to life. The recipe is never simple but starts with implementing compliance to a full extent. More than a liability, a sound compliance program assures that this is not repeated again in the future, and should be the #1 lesson to be followed by companies all around the globe.
Gustavo Fideney, a former senior government official (13 year as a court clerk, leading Corporate Criminal investigations/ AML/ Corruption cases). For the past three years, I have been conducting investigations at Baker McKenzie, on the Criminal and Regulatory Compliance Department (Financial – Banking oriented). JD in Criminal Law, an LL.M. in Criminal Taxation (Criminal Corporate Liability – Transfer Pricing Fraud) and an LL.M. in Criminal Law and Compliance (European – Corporate oriented), as well as several postgraduates courses/certifications on AML and Compliance. LinkedIn Profile
Alvaro Ruiz Ostos, a banker from Morgan Stanley, JD in law, LLM in Banking and Financial Law (Boston University) and postgraduate of Corporate Law. Alvaro currently implements AML/CFT efforts on the first line of defense for the International Wealth Management and Private Banking units of the firm, focusing on the onboarding process of high-risk jurisdiction clients. LinkedIn Profile