14 Apr Global Governance Lessons from Wirecard, Europe’s Enron
For its sheer scope, daring, and size, Wirecard is being compared to Enron. What happens next seems both predictable and inevitable from a global governance perspective.
By Andrea Bonime-Blanc and Michael Marquardt
The original version of this article was first published in the January/February 2021 issue of Directorship, a publication of the National Association of Corporate Directors (NACD). Click here for the full article (requires NACD membership).
Last June, members of the Wirecard supervisory board dialing into a hastily convened global governance emergency call could hardly believe what they were hearing. The fast-growing German financial services provider that they were charged with overseeing only recently had been rumored to be in takeover talks with Deutsche Bank. Now, Wirecard board members were being told that €1.9 billion ($2.2 billion) in cash was missing and the company was €3.2 billion ($3.7 billion) in debt. Could Wirecard’s vast international business empire really have been based on lies and obfuscation? Indeed, it appears so.
On June 25, 2020, Wirecard filed for insolvency. Then, on Aug. 25, a court-appointed administrator issued a press release stating that it had been able “to stabilize the ongoing business and create a basis for [Wirecard’s] continuation.” As part of the stabilization efforts, all members of Wirecard’s management board—at least those who had not already resigned or fled Germany—and some 730 employees were let go.
As of mid-December, senior Wirecard executives including ex-CEO Markus Braun and former chief financial officer Burkhard Ley have been criminally charged and are awaiting trial in Germany. Another executive was released from jail as a cooperating witness for the prosecution. Former chief operating officer Jan Marsalek, who also served on the management board, is a fugitive from the country.
Wirecard leadership is accused of having conspired with others to inflate revenues and its balance sheet by faking business with third-party partners, said Anne Leiding, a spokesperson for the Munich State Prosecutor’s Office, during a press conference in which she announced the charges. The creation of a false impression of financial strength enabled Wirecard executives to borrow €3.2 billion from banks and investors.
“In reality, it was clear, at the latest by the end of 2015, that Wirecard’s real business was losing money,” Leiding told reporters in Munich. Wirecard executives are also suspected of harming investors by overpaying for acquisitions and for creating and perpetuating a culture “characterized by an esprit de corps and oaths of loyalty” to Braun as their leader.
Braun resigned after Wirecard auditor EY said it could not verify the €1.9 billion supposedly held in escrow on behalf of the third-party partners.
Altogether, the formal charges made against Wirecard’s leadership team include organized commercial criminal fraud, breach of trust, false accounting, and market manipulation. All of the former Wirecard executives now awaiting trial have declared their innocence.
Wirecard, like Enron until its own spectacular demise in 2001, had been on a wild and aggressive trajectory of growth. When the dot-com bust threatened Wirecard’s existence in 2002, Braun was recruited as CEO. With the benefit of hindsight and courageous reporting—notably by theFinancial Times (FT)—it is clear that the company’s lifespan was fueled by hubris and a win-at-all-costs corporate culture. Braun provided Wirecard with a cash infusion, and under his leadership proceeded to allegedly perpetrate an intentional accounting fraud over a period of years that escaped the notice of key stakeholders including regulators, auditors, and Wirecard’s own global governance board.
Now, in the aftermath of Wirecard’s insolvency, and as lawsuits add up, regulators and stock exchanges are reevaluating their checks and balances, looking to repair fault lines, and taking aim mostly at the corporate audit function—both internal and external. Many corporate governance observers expect to see regulatory reform in the European Union and in Germany on a scale akin to the Sarbanes-Oxley Act, the US federal law that was passed in 2002 after corporate accounting scandals—including at Enron, Tyco International, and Worldcom—came to light. Sarbanes-Oxley essentially gave board audit committees greater authority and thus increased both the responsibilities and oversight of the committee.
Given the sheer scope, daring, and size of Wirecard’s fraud, comparisons to Enron are both inevitable and predictable. The business community and the public began asking two ominous questions: Where was the board? And where were the regulators? After all, the Wirecard fraud was not discovered by these global governance stakeholders but instead by a cadre of short sellers and FT journalists, ultimately aided by lower-level whistleblowers who were paying much closer attention than those lawfully entrusted and compensated to do so.
BUSINESS AS UNUSUAL
What seemed like the sudden demise of Germany’s premier publicly traded fintech company was a shock to most in the global investment world, and seemingly to Wirecard’s supervisory board, shareholders, and most of its 5,300 employees (as of June 2019). Unsurprised were astute readers of the FT and those who paid attention to the reports of Wirecard investors, including hedge funds and short sellers, and at least three daring Wirecard employees in Singapore who became whistleblowers.
Examining Wirecard’s evolution in retrospect, the business was and did anything but the “usual.” It was founded in 1999 to provide payment processing largely for gambling and pornographic websites, according to a detailed FT timeline that it published on June 25, 2020, as part of its five-year-plus “House of Wirecard” investigative series. Wirecard, backed initially by venture capital, grew through acquisition, eventually expanding into banking. In 2005, Wirecard began trading on the Frankfurt stock exchange by acquiring a defunct call center’s listing, thus avoiding any scrutiny resulting from the more traditional route of going public. It moved into banking by acquiring XCOM, which it renamed Wirecard Bank. The FT reported that the “unusual” banking and non-banking hybrid “makes its accounts harder to compare with peers, and helps persuade investors to rely on the company’s adjusted versions of financial statements.”
In the annals of scandal, Germany has been home to its fair share. While Volkswagen (emissions), Siemens (bribery), and Deutsche Bank (spying and LIBOR issues) emerged intact, any number of lesser-known German businesses wracked by scandal have not been as fortunate. What these scandals all seem to have in common, though, is repeated systematic failures of German and global governance and regulatory watchdogs.
Germany’s corporate governance code mandates a two-tiered board model comprising management and supervisory boards, the latter of which most closely resembles the boards of American companies. The roots of the two-tiered corporate global governance structure go back more than a century, with well-intentioned measures enacted to allow workers greater influence and support for their interests and to provide stability in crises. In practice, it has resulted in corporate supervisory boards that are a good degree removed from day-to-day operations while focusing their attention on the performance and compensation of the management board. While American corporate directors tend to follow the “noses in, fingers out” dictum, German supervisory board members tend to act more along the line of “eyes on, hands off.” While it is difficult to generalize across hundreds of well-managed and ethical publicly traded corporations in Germany, it is fair to say that supervisory boards tend to get less deeply involved in the operations of the companies they serve than their American counterparts.
Even the most vigilant, skeptical board may be led to believe corporate management over external sources armed with potential axes to grind. Some of the problems revealed by the Wirecard fraud, in the opinion of these authors, stem from Germany’s business culture overall and fundamental deficiencies in corporate governance practices more specifically. Obedience, stoicism, pride, and a command-and-control bent often met by complacency are to varying degrees characteristic of German business, which may help explain why disconnects between a supervisory board and senior management are prevalent in the country’s corporate scandals.
Furthermore, an analysis by the authors of Wirecard’s supervisory board as it was composed in 2015 shows a lack of technical financial expertise and diversity. It was not until 2018 that two women were named to Wirecard’s six-member supervisory board, and that was only because new mandates by Germany’s federal government went into effect that year. And until 2018, environmental, social, and governance issues—including ethics and compliance—were just not part of the board’s oversight for any German company. Add in a German government intent on promoting a robust start-up economy, and possibly looking the other way to allow innovation to flourish, and what results is an almost perfect breeding ground for malfeasance.
Germany’s principal financial regulator, BaFin, is alleged in lawsuits filed by shareholders in the aftermath of Wirecard’s insolvency to have, at a minimum, failed to do a proper investigation and assigned officials who had little to no experience with fintech companies to conduct the inquiry. BaFin repeatedly sided with Wirecard. Instead of investigating Wirecard, BaFin pursued investigations into the FT and the short sellers who were alleging fraud. A small number of BaFin investigators were later found to have traded Wirecard shares based on insider information.
The Wirecard insolvency also reflects the absence of sufficiently robust and resilient internal controls for compliance and risk management, especially for a fintech business with cutting-edge and somewhat opaque products and services.
Wirecard was listed among Deutsche Börse Group’s DAX 30 on Sept. 24, 2018, at the height of its reported market valuation of €21.57 billion ($24.81 billion), replacing Commerzbank. (The DAX is a blue-chip stock market index of the 30 major German companies trading on the Frankfurt exchange. Admission to the DAX 30 makes it an automatic investment by pension funds around the globe.) Of note, the Wirecard supervisory board at that time did not have a single board committee, a standard requirement of US stock exchanges. The Wirecard supervisory board in early 2019 did, however, create a risk and compliance committee that immediately ordered an audit of its internal functions. Hired to conduct the review was McKinsey & Co. Its report included the recommendation that the Wirecard supervisory board oversee the creation of an internal 50- to 60-person compliance program office run by an executive-level compliance officer. The risk and compliance committee proceeded to hire PwC to create the program.
Altogether, whether the two-tier supervisory board structure that exists in several countries including Germany has the right duties entrusted to them by law and to oversee the interests of key stakeholders is open for debate. And, whether such a board could be properly empowered to supervise or regulate a rapidly growing tech company with opaque products in an emerging industry will certainly also be cause for renewed inspection.
Stock exchange operator Deutsche Börse in November 2020 announced that it was making a number of changes to the DAX index. Beginning in March 2021, member companies will be obligated to release audit- ed annual and quarterly financial reports. Companies that don’t comply will have a 30-day grace period, after which failure to produce this information will result in being removed from the index. In addition, listed companies will undergo reviews twice a year (up from once a year), and supervisory boards will be required to have an audit committee. In September 2021, the DAX will increase its membership to 40 companies, with new members being required to prove that they have positive earnings before interest, tax, depreciation, and amortization. In addition to providing greater accountability, these revisions are designed to provide greater resiliency, with an increased number of member companies reducing the market shock of a financially underperforming company.
While some were pleased by the new measures on speculation that they would increase confidence and international investors, others believe that not enough was done to correct the failings of global governance, corporate oversight and responsibility. For example, there are no provisions that outline qualifications for sitting on the audit committee of the supervisory board. In addition, Deutsche Börse declined a proposal to exclude companies that failed to meet sustainability requirements.
Beyond the stock market, the German government is making changes to how accounting firms are regulated. The Financial Reporting Enforcement Panel (FREP), a private entity that works on behalf of the government, has audited public companies’ financial reports in Germany since 2005. And while BaFin can ask FREP to launch an investigation, until the German cabinet passed a package of reform measures, it had no investigative authority. Given FREP’s limited staff—15 employees total—investigations can take a considerable amount of time. Only one FREP investigator was assigned to Wirecard after BaFin asked for an audit in early 2019.
The German government announced in June 2020 that its relationship with FREP will terminate at the end of this year and that BaFin will be permitted to launch its own investigations, a restructuring that will make BaFin more akin to the US Securities and Exchange Commission.
Board duties today encompass traditional areas such as CEO succession and compensation, strategy, and enterprise risk management; in the past decade, they also have come to comprise digital technology and transformation, cybersecurity oversight, and more recently, a growing list of environmental, social, and global governance issues.
Each of these oversight areas is deeply interconnected, which means that the good, the bad, and the ugly can all move that much more quickly. In turn, boards must be acutely attuned to what is being said about them and the companies they govern by key stakeholders—be they regulators, journalists, or short sellers.
Andrea Bonime-Blanc is CEO and founder at GEC Risk Advisory, board member, global governance ESGT strategist, start-up mentor, NYU cyber professor, and author, most recently of “Gloom to Boom: How Leaders Transform Risk into Resilience and Value” (2020).
Michael Marquardt is an international business advisor and global governance specialist who has served as CEO of four corporations and as a corporate director in the United States, France, and Indonesia. He holds the CERT Cybersecurity Oversight Certificate and is an NACD Board Leadership Fellow.