Learnings from Wirecard: Interview with Dan McCrum
The Wirecard scandal has all the makings of a Hollywood thriller. But what went wrong?
On the evening of 19th June 2020, on a small Austrian airfield located 40 kilometres from Vienna, Jan Marsalek, COO of Wirecard since 2010, steps onto a private plane. His destination: Minsk. This is when Marsalek disappears. An international warrant is issued for Marsalek’s arrest. Insiders suspect he is staying at a private, guarded residence near Moscow. The €1.9 billion missing from Wirecard’s balance sheet is nowhere to be found.
The trial of former Wirecard CEO Markus Braun got underway in Munich in December 2022 where he faces charges including fraud and market manipulation that could result in a 15-year prison sentence if he is convicted. With Marselek still at large, the Wirecard story has all the makings of a Hollywood thriller. Yet this is one of Germany’s biggest corporate scandals. What went wrong? Why did it take so long for the company to be exposed?
Dan McCrum, investigative reporter at the Financial Times can provide some answers. He began researching Wirecard in 2014 and finally brought the company down in 2020 with a series of articles called the House of Wirecard. Former Wirecard CEO Markus Braun is now set to go on trial for commercial gang fraud, embezzlement and market manipulation in Germany this December. At the European Compliance & Ethics Conference 2020, McCrum not only told his story, but also explained what lessons can be learned from this scandal.
Learning 1: Question complex company structures
Wirecard was an electronic payments processor which launched in 1999 with promises to use the best and fastest technology. The start-up grew extremely fast and expanded worldwide. However, as Dan McCrum reports in a video about his Wirecard research on the Financial Times website, they also invented profits that never existed.
How was this possible? McCrum explains: “If you are planning a fraud, there are a couple of things that you can learn from what Wirecard did. So one of the first things is to wrap yourself in complexity”. Wirecard built up a confusing construct of partner and third party companies around itself and convinced auditors that Wirecard collected a decent commission for payments processed by these partners. However, the money wasn’t going into their own accounts, but into escrow accounts. At the beginning the fictitious profits were relatively small, but they gradually increased. At the end of 2019, after 20 years in business, these accounts were supposed to hold €1.29 billion, according to Wirecard. In fact, this money had never existed.
Learning 2: Beware of aggressive counter-attacks
The Wirecard management board responded to accusations with strong counter-attacks. Their repeated mantra was: “You want to manipulate our share price and are in league with short sellers. The accusations are groundless.” This tactic worked perfectly. In 2019, the payments processor filed a complaint against the Financial Times alleging insider trading among other things. In the same year, the Munich Public Prosecutor’s Office opened an investigation against Dan McCrum and his colleague Stefania Palma. Dan McCrum told the story: “No matter what we wrote – it didn’t seem to matter. And then I was investigated personally by the German authorities. They opened a criminal investigation into my colleague and I. And all of that was very intimidating. And then Wirecard also, with these private detectives, constructed this sort of sting operation which made it again look like we were in league with short sellers.”
It was only in September 2020 that the German authorities closed the case against Dan McCrum and his colleague. They found no direct contacts with these so-called short sellers, nor was there, according to the public prosecutor, sufficient evidence to support any suspicions.
Learning 3: Whistleblowers need a safe environment
Wirecard had an anonymous reporting system, but the management board misused it to monitor its own employees. According to Dan McCrum, there have been whistleblowers who have reported abuse or suspicion to Wirecard. The company then started an “investigation”, but nothing happened after that. The whistleblowers then turned to the Financial Times.
A reporting system alone does not protect whistleblowers. As Dan McCrum highlighted: “It’s good if you have a whistleblower system, but if the CEO or the finance director uses it to attack the whistleblower or even to find out who the whistleblower is, then you have a problem.”
A meaningful compliance programme does not just establish structures. It must also ensure that these structures are not subject to abuse and that the reports are taken seriously.
Learning 4: Criminals hide behind influential positions
McCrum noted something else he learned from the scandal: “The greatest lesson is that there are criminals who hide at the highest levels of the economy and society and behind the reputation of others. So you can hire law firms, you can hire compliance experts to hide what you are up to. You can hire PR firms to protect your reputation. The biggest lesson I think from this is: be aware, just because a company looks incredible, just because somebody is wearing a suit and a tie, and doesn’t look like a criminal, it doesn’t necessarily mean that they are innocent.”
He also offered the following advice to compliance experts at the ECEC 2020: “If you are a professional and arrive at a company and you find out that there are no processes in place, that there are no procedures (…), you may have been hired to remedy that. Maybe the question that then has to be asked is: why has none of this happened? Even if it’s a company like Wirecard which has been operating for almost two decades at that point.”
Learning 5: Don’t make assumptions
Why, in the Wirecard case, did nobody seem to suspect anything or listen to the whistleblowers? The so-called “bystander effect” should provide a partial answer to this question. This term describes a psychological phenomenon that arises when an accident or crime occurs: the more eyewitnesses are watching, the less likely it is that someone will intervene and help the victim or provide first aid. Researchers say that one of the reasons for this behaviour is that people are either afraid of embarrassment or assume that someone else will take responsibility.
Dan McCrum saw something similar happening at Wirecard: “Everyone probably has a tendency to only do the work that is really necessary – especially in the financial industry. (…) So I think everyone assumed that at some point there must be someone somewhere who was checking the company.”
Learning 6: When a company gets big enough people stop asking
With Wirecard, Markus Braun and Jan Marsalek weaved an opaque network of subcontractors and third-party providers behind which they could hide: “Of course, you don’t just start out and invent €1.9 billion out of nowhere. Wirecard’s fraud began with small sums of money,” said McCrum.
Over time, the fictitious profits grew larger. By the end of 2019, Wirecard was a DAX company with a market value of more than €20 billion – considerably more than Deutsche Bank. So who would really want to ask any more questions? Not the auditors from Ernst & Young. Nor the banks that granted Wirecard loans. The German authorities? Not a whisper. Besides, hardly any other German company had made investors as rich as Wirecard had in past years. Perhaps the main reason why no questions were asked.
For more details about the Wirecard story, check out the Netflix documentary about the scandal here.
Key principles of establishing an effective ABC programme