IT
Same fraud playbook by Rois Ni Thuama
Same fraud playbook
by Rois Ni Thuama
In a world brimming with shiny new tech and big promises, making important decisions about where to invest can be challenging.
If we only look to last year, we’ve seen three high profile corporate scandals with larger-than-life CEOs in the dock facing serious allegations and it is tech companies that are at the centre of all the action: Theranos, Wirecard, and Autonomy. All three CEO’s have been charged with fraud.

The former CEO of Theranos, Elizabeth Holmes has had her day in court, and has been found guilty of fraud. Late last year, a judge sentenced Holmes to 11 years in prison. More recently Holmes lost her bid to remain free during the appeal process and was ordered by a federal court to begin her sentence on April 27th.

Holmes touted Theranos as a health technology company, raised US$700 million, featured on Forbes and defrauded a catalogue of wealthy families, as well as a number of prominent statesmen.

The payment processing firm Wirecard’s former CEO Markus Braun languishes in jail after his bail was revoked. Braun is currently on trial on charges of fraud, breach of trust and accounting manipulation.

And last but not least, former Autonomy founder & CEO Mike Lynch is on track to be extradited to the US where he faces criminal charges of wire fraud and conspiracy to commit wire fraud.

Lynch created Autonomy’s core product: Intelligent Data Operating Layer (IDOL). IDOL is focussed on the analysis of unstructured data. It is a clever bit of kit, that’s not in doubt.

These previously highly regarded CEOs are in a whole lot of hot water, awaiting sentencing, awaiting trial and awaiting extradition.

The scandals provide useful fodder for investors generally but tech investors especially, to reflect on and to recast what we think we know about corporate governance and due diligence. Because however deep their pockets, no investor can afford to fund a firm that’s bound to fail in the future or worse, is already failing now.

In this article we will explore what investors did right, what made absolutely no difference, what went wrong and what, if anything, might have alerted them to wrongdoing. What could investors do differently in the future and is there one thing that might have alerted investors to wrongdoing within the companies Let’s start with the theory.

Jurisdiction & investor type
There is a good deal of academic literature on corporate governance models in the UK, the US, and Europe. Typically, the authors will make a case for one of these jurisdictions as a preeminent destination for investors because of oversight, monitoring and/or control of management.

As if to demonstrate this is simply not the case, each of these tech businesses was incorporated in a different jurisdiction; Theranos in the United States, Autonomy in England and Wirecard in Germany.

Could Theranos have occurred in Germany? Perhaps. What is abundantly clear is that obviously each jurisdiction is capable of delivering their own class of fraud. While jurisdiction provides no sanctuary, there’s also no immunity for professional investors either.

Two women browsing website on laptop
Oh oh auditors + the value of verification
It is a normal function of any professional team looking to invest that they would seek to verify statements made by these companies with respect to cash reserves, revenue streams, profitability etc.

Typically, auditors can be relied upon. Unfortunately, in the matter of Autonomy and Wirecard, this wasn’t the case. Deloitte’s audit of Autonomy enabled Lynch and his Chief Financial Officer to “present a misleading picture of its financial position”.

Similarly, Ernest & Young’s audit of Wirecard’s revenue stream failed to reveal that the apparently highly profitable and cash rich company was neither profitable nor rich.

This is deeply discouraging for any investor who would consider auditors a sound and reliable resource. Truth buys trust and if auditors are not capable of getting to the truth, then their reports are of little or no value.

Verifying with independent, trusted experts would have added enormous value. Had Theranos investors checked with professionals, then it is entirely likely that they would have learned that the tech wasn’t possible and avoided substantial losses.

Check the Tech
In the case of Autonomy, checking the tech did not assist in revealing the fraud. The product IDOL worked. In fact, IDOL worked so well that in the summary judgement the judge referenced words attributed to Meg Whitman who became CEO of HP. She said that it was ‘almost magical’. Tech does not go to heart of the Autonomy fraud which is a plain vanilla key metric and earnings manipulation fraud.

Investors in Wirecard may have had more luck had they checked the tech before pumping in nearly a billion euros into the failing firm. Wirecard was on the face of it a profitable payment processing firm. Their revenues were fabricated. Checking the tech would have revealed data relating to the payment process. The payment process involved a few different actors: the end user, the issuing bank, the merchant and partners. A closer scrutiny of a random set of payments could have followed these ‘payments’ up or down the pipe. Fabricating revenues is one thing. Fabricating users interacting with merchants and issuing banks is beyond the wit of men.

The most egregious tech fraud is undoubtedly Theranos. Their blood testing system amounted to wires in a box. The tech didn’t exist. To test the efficacy of the Edison the investors would only have needed to have had known an answer to a question in advance and sense checked that against the Edison’s response. The lack of imagination and determination by investors to verify the efficacy of this tech makes this a dreary fraud.

The great thing about techie’s is that they want to show you how their kit works. They want to show you all the clever features, and when it works, they want you to play with it. Whether you’re investing in the firm or the technology. Always, kick its tyres. It is the fastest way to determine whether something works.

Hokey Cokey Principles
Both Wirecard and Theranos engaged in tactics which fell well beyond normal business practices including surveillance, doorstepping, intimidation, threats implicit and express against analysts, journalists, and former employees. That is shameful behaviour. It indicates a willingness to cross the line that should have put current and future investors on notice of a failing firm. Integrity and principles aren’t subject to the hokey cokey routine. You’re either in or you’re out. The firm either behaves in a principled manner or it does not.

Another red flag that was missed in both of these cases; individuals within the firms were promoted well beyond their capabilities into critical business roles while experts and qualified individuals were demoted, demeaned and defamed. This shows such poor leadership that this alone should concern investors.

The Free Press isn’t Free
Why investors didn’t raise an eyebrow when lawyers for Wirecard and Theranos pursued credible, leading global publications in an effort to silence them is anyone’s guess.

It is to their endless credit that the investigative journalists and editors at both the FT and the Wall Street Journal (WSJ) would not be intimidated into submission. Uncovering these frauds and bringing them to light was only possible because both of these well capitalized publications had the might and the resources to withstand the bullying tactics of criminals.

3 people in a meeting in office
Don’t let others define the world around you.
Holmes touted Theranos as a health technology company. That’s misleading. the proposal was actually to create medical diagnostic equipment capable of surpassing existing equipment and miniaturising it.

Reframing the proposition might have caused investors to pause. In addition, readers will recall that Holmes had no background in any of the disciplines necessary to take part in, never mind run a medical diagnostics equipment project. If only those investors had checked.

Consider your source
The free press isn’t actually free. Anyone looking to invest in tech should be doing their homework. Had investors, like Softbank put more weight in the reports from the FT about Wirecard they could have saved themselves 900 million euros. That’s a solid return on investment for a subscription.

Auditors, as we learned cannot sadly be relied upon, they’re paid by the company and in no way meet the definition of ‘independent’. While large auditing firms hold themselves out as the unrivalled experts, that tune changes when they’re caught up in a fraud. The very thing they’re expected to uncover. At that point they’re only human. More of that humility at the front end and more confidence at the back end of these scandals would help to restore the reputation of some of these players.

Conclusion
Academic theory suggests that optimising for corporate governance makes a difference. The reality is that criminals will work around every system to perpetrate their fraud. Investors cannot afford to be complacent.

Ultimately what investors did right was to seek to verify the statements made by these firms. Unfortunately, what they did wrong was to rely on sources that weren’t credible and simultaneously to dismiss those that were. In order to avoid a similar fate, investors would do well to rely on trusted, independent experts.

However, you carve these scandals up, these leaders operated from the same fraud playbook. They overstated performance, recorded bogus revenue, and they trusted that the brazen mocked documents painted a picture of firm value and that no one would bother to check.

For all their differences these scandals relied on the same tactics: dishonesty, deflection and misdirection, they just had different products.

Rois Ni Thuama headshot
Rois Ni Thuama
A Doctor of Law and subject matter expert in cyber governance and risk mitigation, Rois is Head of Cyber Security governance for Red Sift one of Europe’s fastest-growing cybersecurity companies. Working with key clients across a wide market spectrum including legal, finance, banking, and oil & gas Rois writes and presents on significant cyber threats, trends, addressing and managing risks.