"Then came June 2020, when, in the midst of an audit, Wirecard could not locate €1.9 billion in assets it claimed were being held somewhere in the world"
EY audited them for years without asking about the missing billions.
No, they did ask. And got Bank statements. They even went to a subsidiary branch of the bank and confirmed that the money exits in Indonesia (or was it the Philippines?). The problem: This bank had no branch in Singapore (or wherever it was). He set up a fake branch with actors that showed EY computer statements - EY took pictures of the screens - with the balance.
You can't make this up. EY screwed up, but they could not have reasonably assumed that someone sets up a fake bank branch.
It was the Philippines. Wirecard hired a Philippine lawyer Tolentino (who was also a government minister) to make up a fake trust that held the fake money
“The NBI said Arellano, an employee at the BPI branch in Malate, Manila, had admitted to receiving P10 million for issuing bogus bank certification documents that Tolentino and his law office needed as the supposed local trustee of Wirecard.”
I guess it goes to show that if you are dealing with enough cash to bribe third world governments then all kinds of new fraud schemes become possible.
As the responsible manager for IT (usually CTO - internal SOX was a different matter) I have been "asked" by EY (and KPMG) about IT setups and security several times for audits. And I could have told them whatever I like, the people were right out of university with no clue about the matter and in no position to ask the right questions except reading their checklist; I always had the impression they only knew half the words they were reading.
> And yes, I also hate when I misplace my billions. Especially since I have yet to relocate them...
I think you're joking, but I'm not sure. I work in trading, and I've been on the receiving end of that phone call. As I recall, it was around 9PM in the US, my work phone rang and could see from the caller ID that it was from our London office. There were no greetings, first words I hear were "We're missing over a billion dollars. You need to find it...NOW."
When I received that call, it was in the middle of the 2008 financial crisis. The daily PnL swings were wild, and it wasn't always clear on the cause. FX volatility was insane. We did all of our PNL reporting in USD, but held a lot of foreign assets.
There was no malfeasance; I'd just taken ownership of the system a week or two before, and a nightly job had silently failed. Perl job on Windows, extracting data from a 3rd party trading system that wasn't built w/ integrations in mind, feeding it into in-house systems. It was a very flimsy house of cards. A gentle breeze in the night would knock it over. Rewrote the integration in Python, hooked everything up into our monitored job scheduler. Had to do some janky UI automations in Python until we got the vendor to add a proper CLI-based reporting mechanisms. It was a "fun" ride, but I eventually got my evenings back. Did cause the end of a relationship, though, so there's that.
> EY believed the documents shown to them. Sloppy for sure, and EY got their amount of flak for it.
There are strict rules and guidelines around verifying an asset. The auditor isn't supposed to "believe the documents" - they need to form an independent opinion.^1
If the auditor is unable to obtain sufficient appropriate audit evidence to verify the asset, they can issue a qualified opinion due to a scope limitation.
EY offices in Singapore knew that their revenues were not traceable (Wirecard invented clients based in Asia). They hired a law firm to investigate, but the head office in Europe suppressed the findings because they wanted the contract.
There was a personal assistant who stole around GBP 4m from several of her bosses at Goldman Sachs. One of the bankers finally noticed when a 6-figure donation to Harvard bounced. One of other the victims later testified that his investment account felt "one or two million light".
If you pay the Big 4 enough money, they will look the other way or not ask for supporting documentation. Just google accounting scandals and see just how many of these shops were audited by the Big 4.
Any tax authority worth their budget should require extra evidence from any Big-4 customer. By now it's clear they are less reliable than your average smalltown accountant.
Unfortunately, there is typically a big revolving door between them and any tax institution. Why toil for decades in underpaid public roles, when you can step into the gilded world of consultancy and double or treble your salary? It's like the yacht scene in The Wolf of Wall Street, except in real life most civil servants take the corrupting deal (and I can't even blame them).
It really depends on the terms of the audit. Routine financial audits are not intended to be exhaustive forensic audits that assume every document might be forged as part of a massive fraud.
Most audits are just “does the documentation support the reporting”.
Isn’t that just because most of the biggest companies are audited by the Big 4, and in order to be a big accounting scandal, you need to be a big company?
I feel like this is pointing out something like, “More criminals drive Ford trucks than any other truck” which is true, but just because more people drive that brand than any other?
They broke the story, so I think if anyone else is carrying it, it will be framed as "new report says X" rather than their own independent reporting. But Michael Weiss has written for the Daily Beast, New Lines Magazine, CNN, etc., and Christo Grozev runs Bellingcat, which has a long track record of breaking big stories and winning investigative journalism awards, especially vis a vis Russia.
And there I was, believing Marsalek was just another useful idiot, and not a full blown GRU operative.
I ahve to say, I am impressed a little bit. Just puzzled about the whole goal of this operation. And bit worried the Wirecard management standing trial right now, can use this to get away with the fraud they actively engaged in.
I have not yet read the above linked article, so maybe it already says (or refutes) this, but the long-held rumor was that Wirecard was a useful mechanism for Russians to move around dark money--e.g. for sanctions evasion or payola.
"British prosecutors say that from 2020 to 2023, Marsalek ran a ring of five U.K. based Bulgarians who are alleged to have spied for Russia, directing them to gather information on people with the aim of helping the Kremlin abduct them. Officials say Marsalek was used by Russian intelligence services as a middleman to put distance between them and the spy network as it targeted individuals across Europe."
...
"While running Wirecard, Marsalek helped the GRU, Russia’s military intelligence agency, and the SVR, its main overseas spying organization, pay intelligence officers and informants and funnel money into conflict zones in the Middle East and Africa, according to the officials.
At the same time, these Western officials suspect Marsalek was gathering information on other customers of Munich-based Wirecard, most notably Germany’s main BND intelligence agency and the Federal Criminal Office, the country’s equivalent of the FBI, and handing it over to Moscow."
...
"Germany’s foreign intelligence service, the BND, as well as the country’s equivalent of the FBI, the BKA, told parliament during a public inquiry that ran from September 2020 to June 2021 that they had used Wirecard credit cards and bank accounts for their agents abroad as well as for paying informants at home and abroad. Senior German intelligence officials confirmed this to The Wall Street Journal. "
...
"Marsalek ordered Wirecard Bank employees to breach data-protection and other rules to compile data about clients, according to testimony by former executives to German prosecutors. Several intelligence officials said it could have provided information about intelligence agents’ work. Wirecard’s former chief product officer, Susane Steidl, said Marsalek had overruled objections to collecting customer data and told her in 2019 he needed the data for the BND—something the agency categorically denies."
... also Kim Dotcom who I met personally before going on a run to Asia. He too had cardboard cutouts of himself as a cartoon character all over his Munich office of DataProtect. Funny that Kim Schmitz managed to settle in NZ and not Russia. He is an outlier, probably lacked the RU connection back then.
I'd venture a guess at least partially explaining it - Russia has been importing/cargo-culting German style of education, science, government, law, military, etc. for several centuries. Before 1917 like a half of the top of the Russian government and society was German. Lenin for example was half-German. The modern Russian language has developed during the last about 300 years, and the most closest/easiest non-Slavic European language for Russians is German. That all didn't make Russians into Germans, far for it, yet it lets Russians understand and mimicry the German style when needed (at least much easily than say French, English or Italian. Also kind of not surprising that the USSR was helping the revolution in Germany, and later the first 2 mega-totalitarian regimes happened to be Germany and USSR, and they were allies the first 2 years of WWII fighting together against democratic countries of Europe).
And of course USSR had Eastern Germany for 40+ years - enough to develop deep networks and poison the minds.
> most closest/easiest non-Slavic European language for Russians is German.
Speaking as a Russian, I find this assertion very questionable. Lithuanian and Latvian are far closer to East Slavic languages, for one thing. But even among West European languages, Spanish is easier IMO.
In general, Russia borrowed a lot of science and engineering stuff from Germany, and definitely the military, but when it comes to governance - no, not really.
They are not in the conflict flow anymore. It's been trained out of their system for quite some time. It leads to some naive assumptions about how the world works.
Even the events around the current conflict seem not to have shaken the society, from what I witness. The Green parties wishes on the topic of heat pumps or people coming to their country whose skin color is not white have more revolutionary potential than Russians right around the corner or people blowing up their gas pipelines.
They are too busy with themselves and stuff like that is just embarrassing. It only serves as filling material for your everyday complaining orgy every single morning at work. Stuff a healthy German citizen leaves behind them at Feierabend.
> The Green parties wishes on the topic of heat pumps
... which are the most efficient way to wean us off of Russian gas. The Greens have pushed for years now to get rid of fossil fuel dependencies, turns out they did have a point all those decades.
It is a good book, but it isn't completely candid about one part of the FT's investigation.
When Dan McCrum was under threat of arrest in Germany, that was because Paul Murphy, Dan's editor, did in fact give away to some of his contacts the fact that they were coming out with a negative story on Wirecard and the time it would be published. Murphy has form for trading his own scoops with stock traders for favours. The Wirecard recording of one of Murphy's mates talking about shorting Wirecard to take advantage of the story is accurate and had Murphy (but I very much doubt McCrum) bang to rights.
McCrum's explanation for this is that Murphy's associates knew the exact time of the story being released because they had happened to guess it by sheer luck. Clearly if that's what Murphy told him he should have been a little more skeptical.
Ultimately the FT's internal investigation into Paul Murphy's behaviour and BaFin's into McCrum's work were abandoned for the same reason: the Wirecard revelations were legit, and much more serious than Murphy's breaches of journalistic ethics.
McCrum had already pointed out that Marsalek was at least looking for connections intelligence services, had confirmed connections to at least some former intelligence operatives, and that there were a lot of pieces of evidence that pointed to the strong possibility of connection to Russia. He just didn't find definitive proof, but that was also not the primary focus of his book.
> He was long suspected of being a Soviet asset. Recently uncovered documents indicate that are grounds to believe he was responsible for helping the Soviets kidnap at least four people and illegally render them to Moscow for torture and interrogation.
While I am not surprised that a socialist persecuted under the Nazis would join Soviet efforts, this is some useful backstory in understanding why Marsalek the younger apparently had no reserves in collaborating with the KGB.
> Though TradeRepublic moved away from them, makes you wonder.
TR got its own full-bank license a few months ago [1], it makes sense for them to consolidate stuff in-house instead of paying third parties for their services. That is useful as a startup with a few thousand customers, as the requirements of actually building a bank tech stack are quite massive, but TR has >4M customers now and makes a profit [2].
what?! no, they are a german bank (which translates to "deutsche bank" in german) but there is no connection (afaik, my infos are 2+ years old now) between Solaris and Deutsche Bank AG.
My bad. My comment was wrong indeed. I confused Solaris Bank with norisbank. Norisbank is Deutsche Bank, Solaris Bank is NOT. You were right of course.
Readit News
"Then came June 2020, when, in the midst of an audit, Wirecard could not locate €1.9 billion in assets it claimed were being held somewhere in the world"
EY audited them for years without asking about the missing billions.
You can't make this up. EY screwed up, but they could not have reasonably assumed that someone sets up a fake bank branch.
https://newsinfo.inquirer.net/1441886/ex-dotr-exec-others-fa...
“The NBI said Arellano, an employee at the BPI branch in Malate, Manila, had admitted to receiving P10 million for issuing bogus bank certification documents that Tolentino and his law office needed as the supposed local trustee of Wirecard.”
I guess it goes to show that if you are dealing with enough cash to bribe third world governments then all kinds of new fraud schemes become possible.
As the responsible manager for IT (usually CTO - internal SOX was a different matter) I have been "asked" by EY (and KPMG) about IT setups and security several times for audits. And I could have told them whatever I like, the people were right out of university with no clue about the matter and in no position to ask the right questions except reading their checklist; I always had the impression they only knew half the words they were reading.
A billion dollars can buy a lot of grift.
But I guess bean counters aren't the demographic for heist or confidence movies so maybe the Hollywood ending didn't occur to them.
People litteraly went to the banks in Asia during the extraordinary audit, something that is not usually done during "normal" audits.
And yes, I also hate when I misplace my billions. Especially since I have yet to relocate them...
I think you're joking, but I'm not sure. I work in trading, and I've been on the receiving end of that phone call. As I recall, it was around 9PM in the US, my work phone rang and could see from the caller ID that it was from our London office. There were no greetings, first words I hear were "We're missing over a billion dollars. You need to find it...NOW."
When I received that call, it was in the middle of the 2008 financial crisis. The daily PnL swings were wild, and it wasn't always clear on the cause. FX volatility was insane. We did all of our PNL reporting in USD, but held a lot of foreign assets.
There was no malfeasance; I'd just taken ownership of the system a week or two before, and a nightly job had silently failed. Perl job on Windows, extracting data from a 3rd party trading system that wasn't built w/ integrations in mind, feeding it into in-house systems. It was a very flimsy house of cards. A gentle breeze in the night would knock it over. Rewrote the integration in Python, hooked everything up into our monitored job scheduler. Had to do some janky UI automations in Python until we got the vendor to add a proper CLI-based reporting mechanisms. It was a "fun" ride, but I eventually got my evenings back. Did cause the end of a relationship, though, so there's that.
There are strict rules and guidelines around verifying an asset. The auditor isn't supposed to "believe the documents" - they need to form an independent opinion.^1
If the auditor is unable to obtain sufficient appropriate audit evidence to verify the asset, they can issue a qualified opinion due to a scope limitation.
^1 https://www.accaglobal.com/gb/en/member/discover/cpd-article...
Occurrences of 'litterally' your comments:
https://hn.algolia.com/?dateRange=all&page=0&prefix=false&qu...
Occurrences of 'litteraly' in your comments:
https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...
I really hate it when I leave my billions somewhere in the world and can't remember where.
https://www.independent.co.uk/news/uk/crime/secretary-who-ha...
Dead Comment
A throwback to the ancient world to the Middle Ages, hiding spies among the clergy!
They are also openly supporting invasion of Ukraine as a kind of "holy war".
The russian word for "non-government organization" is "foreign agent".
Unfortunately, there is typically a big revolving door between them and any tax institution. Why toil for decades in underpaid public roles, when you can step into the gilded world of consultancy and double or treble your salary? It's like the yacht scene in The Wolf of Wall Street, except in real life most civil servants take the corrupting deal (and I can't even blame them).
Most audits are just “does the documentation support the reporting”.
I feel like this is pointing out something like, “More criminals drive Ford trucks than any other truck” which is true, but just because more people drive that brand than any other?
Reminds me of https://xkcd.com/1138/
Deleted Comment
The stories about the threats against the journalist Dan McCrum who was investigating Wirecard between 2014 and 2020 are mental.
I've just checked and McCrum has shared this link as well on Twitter so I count that as a reason to trust it.
I ahve to say, I am impressed a little bit. Just puzzled about the whole goal of this operation. And bit worried the Wirecard management standing trial right now, can use this to get away with the fraud they actively engaged in.
"British prosecutors say that from 2020 to 2023, Marsalek ran a ring of five U.K. based Bulgarians who are alleged to have spied for Russia, directing them to gather information on people with the aim of helping the Kremlin abduct them. Officials say Marsalek was used by Russian intelligence services as a middleman to put distance between them and the spy network as it targeted individuals across Europe."
...
"While running Wirecard, Marsalek helped the GRU, Russia’s military intelligence agency, and the SVR, its main overseas spying organization, pay intelligence officers and informants and funnel money into conflict zones in the Middle East and Africa, according to the officials.
At the same time, these Western officials suspect Marsalek was gathering information on other customers of Munich-based Wirecard, most notably Germany’s main BND intelligence agency and the Federal Criminal Office, the country’s equivalent of the FBI, and handing it over to Moscow."
...
"Germany’s foreign intelligence service, the BND, as well as the country’s equivalent of the FBI, the BKA, told parliament during a public inquiry that ran from September 2020 to June 2021 that they had used Wirecard credit cards and bank accounts for their agents abroad as well as for paying informants at home and abroad. Senior German intelligence officials confirmed this to The Wall Street Journal. "
...
"Marsalek ordered Wirecard Bank employees to breach data-protection and other rules to compile data about clients, according to testimony by former executives to German prosecutors. Several intelligence officials said it could have provided information about intelligence agents’ work. Wirecard’s former chief product officer, Susane Steidl, said Marsalek had overruled objections to collecting customer data and told her in 2019 he needed the data for the BND—something the agency categorically denies."
https://darknetdiaries.com/transcript/79/
... also Kim Dotcom who I met personally before going on a run to Asia. He too had cardboard cutouts of himself as a cartoon character all over his Munich office of DataProtect. Funny that Kim Schmitz managed to settle in NZ and not Russia. He is an outlier, probably lacked the RU connection back then.
https://www.goodreads.com/book/show/9319468-kingpin
Especially liked the part where he is asked "so why do you keep your piles of cash in Pelican cases"? "Because they float."
Deleted Comment
And of course USSR had Eastern Germany for 40+ years - enough to develop deep networks and poison the minds.
Speaking as a Russian, I find this assertion very questionable. Lithuanian and Latvian are far closer to East Slavic languages, for one thing. But even among West European languages, Spanish is easier IMO.
In general, Russia borrowed a lot of science and engineering stuff from Germany, and definitely the military, but when it comes to governance - no, not really.
Even the events around the current conflict seem not to have shaken the society, from what I witness. The Green parties wishes on the topic of heat pumps or people coming to their country whose skin color is not white have more revolutionary potential than Russians right around the corner or people blowing up their gas pipelines.
They are too busy with themselves and stuff like that is just embarrassing. It only serves as filling material for your everyday complaining orgy every single morning at work. Stuff a healthy German citizen leaves behind them at Feierabend.
... which are the most efficient way to wean us off of Russian gas. The Greens have pushed for years now to get rid of fossil fuel dependencies, turns out they did have a point all those decades.
Deleted Comment
[1] https://www.imdb.com/title/tt21836620/
[2] https://en.m.wikipedia.org/wiki/Wirecard_scandal
When Dan McCrum was under threat of arrest in Germany, that was because Paul Murphy, Dan's editor, did in fact give away to some of his contacts the fact that they were coming out with a negative story on Wirecard and the time it would be published. Murphy has form for trading his own scoops with stock traders for favours. The Wirecard recording of one of Murphy's mates talking about shorting Wirecard to take advantage of the story is accurate and had Murphy (but I very much doubt McCrum) bang to rights.
McCrum's explanation for this is that Murphy's associates knew the exact time of the story being released because they had happened to guess it by sheer luck. Clearly if that's what Murphy told him he should have been a little more skeptical.
Ultimately the FT's internal investigation into Paul Murphy's behaviour and BaFin's into McCrum's work were abandoned for the same reason: the Wirecard revelations were legit, and much more serious than Murphy's breaches of journalistic ethics.
https://www.newyorker.com/magazine/2023/03/06/how-the-bigges...
[1] https://www.imdb.com/title/tt15407486/
> Marsalek's grandfather, [Hans Maršálek](https://en.wikipedia.org/wiki/Hans_Mar%C5%A1%C3%A1lek), was a member of the Austrian resistance and later a suspected spy for the Soviet Union.
And following the link to Hans Maršálek's page:
> He was long suspected of being a Soviet asset. Recently uncovered documents indicate that are grounds to believe he was responsible for helping the Soviets kidnap at least four people and illegally render them to Moscow for torture and interrogation.
While I am not surprised that a socialist persecuted under the Nazis would join Soviet efforts, this is some useful backstory in understanding why Marsalek the younger apparently had no reserves in collaborating with the KGB.
[0]: https://www.bafin.de/SharedDocs/Veroeffentlichungen/DE/Massn...
TR got its own full-bank license a few months ago [1], it makes sense for them to consolidate stuff in-house instead of paying third parties for their services. That is useful as a startup with a few thousand customers, as the requirements of actually building a bank tech stack are quite massive, but TR has >4M customers now and makes a profit [2].
[1] https://www.capital.de/geld-versicherungen/trade-republic-er...
[2] https://www.businessinsider.de/gruenderszene/fintech/neobrok...