Views presented in this blog are the author’s own opinion and do not constitute financial research or advice.
Psychologists tell us that we homo sapiens owe our evolutionary success to a culture of trust. Our ability to receive and believe information from others allows us to accumulate a shared view of the world, enables us to accumulate knowledge and, in the modern world, allows markets to flourish. It is a cornerstone of our civilization.
A culture of trust means that homo sapiens are an innately gullible species. Our instinctive desire to trust causes us to dismiss claims of fraud even when all evidence points to the contrary. Importantly, it explains why machines are more efficient at detecting fraud than humans.
Let’s consider an example to illustrate the gullibility problem: Wirecard. In this piece, we analyse how the Wirecard scandal unfolded, how the company got away with it, and how an AI fraud-detection system might have prevented it.
Table of contents
Wirecard: The beginning
In the 1990s, an Austrian businessman with a background in the porn industry builds a business to process wire transfers for internet porn. By the early 2000s, his business, built for the dial-up era, is struggling and cannot process credit cards. He needs an acquisition with better systems and access to credit cards or his business will die.
He negotiates with another payments business that can process credit cards. This company’s systems are not quite as advertised. Their key programmer, also Austrian and hired as a teenage hacker, caused a massive systems failure in 2000 after routing all of the company’s internet traffic to his own PC for reasons unknown. The acquisition target never recovers but rebuffs his offers.
In a stroke of luck, a burglary at the target’s office in 2002 brings it to insolvency. Our businessman buys the company and merges it with his own. He hires a consultant from KPMG, another Austrian, as the CEO. He keeps the company name, ‘Wirecard’, and keeps the hacker, who will become the COO in a few short years.
The rest of the Wirecard story is well known and is so intriguing that we cannot do it justice here. Those who like a good yarn should read the book. The full timeline is here, courtesy of the Financial Times.
The potted history is that under the new CEO, the company veers into online gambling. Some wags would say that this is a fertile field for payments since banks avoid gambling payments due to reputational risk, and for money laundering for those willing to circumvent national bans on online gaming.
Wirecard's global expansion
Global expansion requires capital. In 2005, Wirecard does a back-door listing on the Frankfurt exchange – a red flag. The owner subsequently sold all his shares – a larger red flag.
In 2006, Wirecard purchases a German bank, allowing it to issue cards under its own name and manage merchant money. The unusual merging of a banking and non-banking business muddies the numbers, forcing investors to rely on the company’s own ‘adjusted version’ of its accounts.
In 2010, the US government charges a German linked to Wirecard with money laundering. The prosecutor argues that Wirecard has laundered "at least" $1.5 billion of gambling proceeds. Wirecard stock plunges.
The company pivots to Asia, conducting a maze of roll-ups of Asian and Middle-eastern payments businesses in subsequent years. These businesses, located in dusty garages or paddy fields, are purchased for tens or hundreds of millions and become a key driver of Wirecard’s growth, now apparently enhanced by AI.
Within 12 years of the bank purchase, Wirecard has a larger market cap than Germany’s two largest banks and enters the Dax 30. Upon entry to the index of the country’s largest companies, Wirecard has no board committees, not even an audit committee.
Figure 1: Market value. Source: Bloomberg, Transparently.AI
Based on its early history alone, Wirecard should have provoked deep mistrust among investors and regulators. Subsequent revelations of money laundering and of the COO’s deep connection to Russian oligarchs, Russian organized crime and even Russian intelligence should perhaps also have aroused suspicion.
And yet, to the bitter end, this company was cheered as a national champion, constantly rated overweight or strong overweight by equity analysts, feted by investors, and staunchly defended and promoted by German regulators.
Wirecard is a classic example of homo sapiens’ gullibility.
Wirecard is a classic example of homo sapiens’ gullibility.
To be sure, the company had detractors over the years. Short-sellers repeatedly attacked the company. The FT began a long campaign against Wirecard from 2014 onwards, revealing increasingly damning evidence. None of these attacks, however, were successful.
Nothing stuck until the company finally admitted that €1.9 billion was “missing” from two Philippine bank accounts in June 2020.
Wirecard was arguably the most complex and multi-layered fraud operation of all time. It was a brazen high wire act, so interlaced with online gambling, organized crime, Russian oligarchs, and the shadowy world of intelligence that we may never fully understand the true extent of its wrongdoings.
Wirecard accounting fraud
The Wirecard fraud was unique. It combined accounting fraud with money laundering on an epic scale, meaning it simultaneously hid revenue and embezzled cash while also inflating its earnings.
Wirecard possessed the ideal attributes for accounting fraud:
- It engaged in millions of transactions across international borders using a web of escrow accounts and offshore affiliates. This made it impossible for an external observer to track revenue and difficult for auditors to verify cash balances;
- It had non-existent margin on its legal business, making profits easy to manipulate;
- Its business activities were almost impossible to physically observe, making it difficult for an external observer to gauge the scale of activity undertaken within the firm;
- It was in a booming sector, meaning it could report exceptional growth without suspicion;
- Its accounts, being a mishmash of a banking and non-banking business clouded many of the red flags normally exposed by forensic accounting;
- It was seen as a national champion. Those who challenged the company were routinely investigated or even charged with market manipulation by German regulators. Being both a bank and a non-bank it crossed regulatory boundaries, making oversight difficult.
- Its operations were complex, making it difficult for an auditor to check if there really was cash in the bank.
Using AI to predict accounting fraud
We are often asked whether our AI-powered Manipulation Risk Analyzer (MRA) system works to predict manipulation and failure risk outside of the sample that we used in our testing.
There are several technical reasons why it does, and one very practical reason, which is that every fraud is unique.
Our machine is not trained on the same pattern that repeats over and over again. To be sure, certain events repeat, we rely on that, but they do so in diverse and complex ways. This complexity provides an incredibly rich foundation from which our system can learn.
We’ve trained our system on 21,000 stocks with 200,000 stock- years of financial data, extending from 1994 through to 2022. There is virtually nothing out there that our system hasn’t seen before, albeit in different guises.
If ever a company might fool an AI-powered fraud-detection software, Wirecard had perhaps the greatest possibility.
That said, if ever a company might fool an AI-powered fraud-detection software, Wirecard had perhaps the greatest possibility.
And that’s because Wirecard was so well suited for hiding inflated earnings, because actual cash holdings were not verified by auditors in the last three years of operation, and because AI algorithms for fraud detection are typically used by banks, not trained to look for fraud in banks.
Provided cash holdings are not verified, and cash flows can be muddied by a complicit bank, a company will be free to engage in highly aggressive account manipulation with minimal trace.
Complicate that picture further with a maze of international escrow accounts, and some genuine high margin, but subsequently hidden and embezzled revenue from money laundering, and you have a near bullet-proof fraud machine, a veritable fortress, except perhaps for traces of working capital strain mixed with abnormal accruals or investment activity.
How Wirecard got away with it
Since equity analysts rarely look at working capital and accruals, and are always impressed by expansion plans, these traces are rarely negative for the stock price.
Wirecard’s formidable defences meant that attacks by short-sellers and the FT over the years were never conclusive. Most relied on close scrutiny of Wirecard’s offshore affiliates, entities operating at arm’s length to the business.
These attacks demonstrated that the activities of these affiliates did not tally with Wirecard’s reported numbers. They also revealed that Wirecard appeared to be overpaying for international affiliates.
But the attacks were piecemeal. They indicated accounting discrepancies at agencies in far-flung locations where fraud is prevalent. But there was always confusion whether the discrepancies originated at Wirecard, simply indicated misfeasance or whether the company itself was a victim of fraud. There was no killer blow.
None of the attacks drew on forensic problems that were neatly discernible in Wirecard’s published numbers. On the contrary, Wirecard's reported numbers were so Byzantine that it was virtually impossible to discern anything meaningful from them.
Since AI-powered fraud-detection software relies on reported numbers, this is a possible stumbling block.
Moreover, it is rare for a company conducting legitimate business to hide, embezzle and inflate earnings all at the same time. This is the domain of fronts for organized crime. Unlike the FBI, AI software can’t use an army of IRS analysts to catch such a company on tax evasion. All the software has is the published numbers. It can’t use a complicated tax code.
Another complicating factor is the way that Wirecard evolved from a relatively simplistic payments company focused on porn and online gambling to a bank intertwined with a complex multinational entity.
The nature of Wirecard’s money laundering changed over time. The methods used to inflate earnings evolved over time. The nature of the embezzlement also changed. As a consequence, Wirecard's numbers were never directly comparable from one year to the next, making it difficult to trace monkey business.
To be sure, we were uncertain how an AI system to detect fraud would cope with Wirecard.
Wirecard fraud: What the AI reveals
Wirecard betrayed the trust of gullible Homo sapiens but would it also fool untrusting AI fraud-detection algorithms? We decided to put it to the test.
Using Transparently.AI's MRA, we reviewed how Wirecard looked on our system in 2005, 2008, 2012, and 2018.
We chose these years because 2005 gives us the first full year of results after the company listed, 2008 gives the first year of ‘adjusted’ results after the bank acquisition, 2012 was when the company began to pivot to Asia after the US money-laundering case in late 2010, and 2018 shows what the accounts looked like after four years of damaging investigative reporting by the FT and two major short-seller reports.
Wirecard after listing: 2005
Directly after listing, the Transparently Manipulation Risk Analyzer (MRA) awarded Wirecard an accounting manipulation risk score of 86%, based on its 2005 numbers. This was a back-door listing into a dormant company, so the 2005 results were pure Wirecard.
86% is a very poor score. Wirecard registered the highest possible risk score on a number of categories including smoothing activity, asset quality, growth signals, investing activity, credit and working capital. It registered the second-highest risk score for accruals management, margin signals and corporate governance.
Basically, our MRA likened Wirecard to a shadowy figure in an alley with a gun; something to be avoided.
Digging a little deeper into the working capital signals, Wirecard had exceptionally long receivables and payables. Moreover, its inventory turnover was exceptionally long. This was a huge red flag for a payments company.
In 2005, international wire transfers rarely took more than two days and payment companies typically extract a clip during the transfer. There was no logical reason why Wirecard should demonstrate abnormal sales outstanding or possess inventory, let alone abnormally slow inventory turnover.
Imagine if a listed dairy claimed that it held four months’ worth of fresh milk supply as inventory. Wirecard’s claim was equally suspicious.
Wirecard income smoothing
When combined with the evidence of aggressive income smoothing, the signal of working capital manipulation risk was sufficient, with a little understanding of the company’s line of business, to make it deeply suspect.
Asset quality was low because the company held a very high amount of intangible assets? What intangibles? The original Wirecard purchase was for a song and the company used for the listing was dormant and held no assets.
One possible explanation is that the owner overpaid for the dormant company before listing. This would make sense if a majority owner wanted to back out immediately after listing. Investors familiar with backdoor listings by Chinese companies in Hong Kong will have seen this kind of activity a number of times.
The company showed investing risk due to the rapid capex growth. This would not be abnormal for a genuine tech company. However, at this stage, Wirecard was not actively acquiring assets and the company’s hardware was in the basement of a quite small building along with our hacker/soon-to-be COO.
A site visit would have raised a red flag. Fake capex is a great way to embezzle cash and has been especially popular in restaurant chains and agricultural companies over the years. In this case, however, it is more probable that Wirecard was inflating its capex to hide operating costs and inflate its margins.
The bottom line is that Wirecard’s 2005 accounts were frankly unbelievable for a company claiming to be a tech-savvy payments company.
Growth signals were suspiciously strong but perhaps realistic if this really was a successful internet service company. But if the company’s tech was good, why were simple cash transfers taking so long? You can have good tech and low working capital requirements, or bad tech and high working capital requirements. You cannot have good tech and slow payments.
Later revelations showed that payments were still being processed on spreadsheets at this stage of the company’s development.
The bottom line is that Wirecard’s 2005 accounts were frankly unbelievable for a company claiming to be a tech-savvy payments company.
Our system showed that the company was exceptionally high risk. When combined with some human understanding of the company’s business, the software showed that Wirecard was uninvestable.
Wirecard after its bank acquisition: 2008-2011
After the 2006 bank purchase, Wirecard’s accounts became increasingly muddied. The net effect was to water down the visibility of Wirecard’s account manipulation. We expected Wirecard’s risk score to decline after the bank purchase and this proved to be the case. The risk score for 2007 was 84% but fell to 69% in 2008 when Wirecard began offering its ‘adjusted’ accounts. The risk score subsequently fell to 66% in 2009, 57% in 2010 and 52% in 2011.
(It’s worth noting that according to our research, the risk that a company is manipulating its accounts and is at risk of failure jumps significantly when its MRA score exceeds 50%, so Wirecard is by no means out of the woods by 2011. If you would like our test data, please contact us.)
Regardless, subsequent events suggest that Wirecard’s account manipulation was not lessening. Rather, Wirecard was getting better at muddying its accounts and engaging in fraud practices that were less visible in its accounts.
In 2008, the AI software still suggested Wirecard was exceptionally high risk. Figure 2 shows an excerpt of the summary from the full company risk report that our system generates. Wirecard required extreme care on five categories and high caution on two further risk categories. On the basis of the MRA score, Wirecard was in the 95th percentile globally for account manipulation risk.
Figure 2: A snapshot from Transparently.AI's full Wirecard risk report for 2008
All of the red flags evident in the 2006 accounts remained present in 2008 and subsequent years, but slowly moderated.
Accruals management at Wirecard
In the 2008 accounts, two new items entered the list of factors pointing to possible accounting fraud – business manipulation and accruals management.
At this time, our AI software flagged that Wirecard warranted extreme care for discretionary expenses, abnormal cash generation and asset sales. Whenever the system flags business manipulation risk in conjunction with other red flags, we have found that it usually points to deep problems.
Discretionary expenses, asset sales, abnormal cash generation and SG&A expenses all rose dramatically in the wake of the bank purchase. Depending on the context, frenetic asset turnover can be a way to boost earnings, to mask accumulated fake revenue or to launder money.
As it turns out, this was the period when Wirecard executives are reported to have routinely carried home bags of cash from the company safe.
At this stage, we suspect asset sales were used to extract money laundering profits from the business while sharply rising accruals had become the principal tool used to inflate earnings. It is difficult to see why a payments company would have any need for accruals and this was an enormous red flag.
Discretionary spending and SG&A can be used to boost revenue or can be used to mask embezzlement. They can also signal channel stuffing, although in the case of Wirecard, where turnover could be whatever the company claimed, it is difficult to see a need for channel stuffing.
Interestingly, as time passed, our AI fraud detection system began to detect a number of statistical anomalies pointing to poor corporate governance. The governance risk score for 2008 was worse than 2006 due to these proprietary measures.
The bottom line is that, in 2008, the majority of the risk signals for Wirecard were rated as very high, high or significant. A prudent investor would only invest in such a company if management were holding their child hostage.
A prudent investor would only invest in such a company if management were holding their child hostage.
The risk scores for valuation and margins were low. Since Wirecard never had any true margin on its main business, margin was never going to register highly as a risk factor. Valuations were low in 2008 because in June of that year the stock price plummeted after the German shareholder association SDK accused Wirecard of having falsified its accounts for 2007.
SDK said the company held customer cash in its own accounts to satisfy audit checks of its 2007 accounts. SDK also claimed that Wirecard inflated its near zero margins, probably the weakest accusation they could make and the toughest to prove.
The accusations instigated a legal battle that resulted in Wirecard being cleared by an audit by EY and the director of SDK resigning and facing prison time for share price manipulation. Round 1 went decisively to Wirecard.
Wirecard after the US money laundering case: 2012
As noted previously, Wirecard was implicated in a US money-laundering law suit in 2010. A subsequent shift away from online gaming and a lengthy audit inspection by EY after the allegations forced Wirecard to alter its business focus between 2010 and 2012.
From 2011 onwards, Wirecard raised a total of EUR 500 million in equity from investors to fund a variety of obscure acquisitions across the globe, including its regional headquarters in Singapore. In later years, it also issued bonds. The company pivoted to channeling funds from Russia as the revenue from gaming fell away.
In spite of the curtailment of manipulation due to the EY audit, the Transparently.AI MRA gave Wirecard a risk score of 58% for its 2012 accounts. The risk score remained high because Wirecard was engaged in new suspicious activities.
As the company gained experience with using its bank and escrow accounts for offshore acquisitions, a less visible approach to account manipulation became available.
Specifically, Wirecard is accused by Singaporean authorities of having used the proceeds of offshore acquisitions to engage in “round-tripping” – a practice whereby sales and profits are inflated by sending money to a third party, usually by purchasing an asset for a highly inflated price. The proceeds are then used to buy fake services at inflated prices.
Famously, in 2015 Wirecard agreed to pay €300 million for an Indian business only weeks after it had changed hands for €37 million.
By 2012, offshore purchases were not quite at this scale. Nevertheless, reported transactions were sufficiently high to allow a market capitalization of €2.4 billion.
Wirecard continued to flash high-risk signals in critical areas
Cash quality improved as capital raisings and associated round-tripping eased the squeeze on operating cash flow and interest payments.
Nevertheless, Wirecard continued to flash high-risk signals in critical areas such as working capital, accruals management, asset quality, growth signals, corporate governance and business manipulation. The MRA risk score of 58% was high for a well-established and widely owned mid-cap company.
As noted, absent the imposition of the bank on Wirecard’s numbers, we expect Wirecard’s risk score would have been far higher. Even so, the sheer length of receivables and payables, the inexplicable inventory overhang and heavy use of accruals are phenomena one simply would not expect to see in a payments business.
Figure 3: An excerpt from Transparently.AI's full Wirecard risk report for 2012
Given Wirecard’s background, well known to investors at this stage and given its implication in a very large US money laundering lawsuit, a prudent investor would have avoided Wirecard based on the risk scores from the AI system in 2012. Given the mixing of bank results, we think it remarkable that our system was able to capture the extent of manipulation risk that it did.
Wirecard as the end approaches: 2018
By 2018, Wirecard had entered the Dax 30, was trading at an incredible valuation and was able to raise capital at will. It was able to recycle capital raising into inflated offshore acquisitions, using the proceeds to fund round-tripping and possibly embezzle funds.
This is the line of argument that prosecutors in Germany and Singapore have taken.
By 2018, however, the methods that Wirecard had developed and employed since 2011 to implement fraud were becoming fully extended.
Fraudulent accounting depletes future earnings and can only persist for so long before becoming unsustainable. By 2018, Wirecard had become increasingly reliant on bond finance. The company had been under attack from the FT and various short-seller reports for years. It is probable that those engaged in fraud at the highest levels had a sense that the writing was on the wall.
To the very end, the AI algorithms suggested that the risk of fraud at Wirecard remained high.
To the very end, the AI algorithms suggested that the risk of fraud at Wirecard remained high. The accounting manipulation risk score for 2018, the final year that the company published in accounts, was 53% - very high for such a large cap company.
Although the overall risk score was somewhat lower in 2018 than in 2012, closer inspection reveals that Wirecard was flashing more extreme risk signals in latter years than between 2011 and 2015. That is because it was now showing signs of risk of corporate failure.
Figure 4 shows an excerpt from the full report for Wirecard from its 2018 accounts. Many of the risk signals from 2012 remain, notably those relating to working capital, growth, asset quality, gearing, margin and corporate governance.
By 2018, however, scope for earnings enhancement via accruals appears to have become fully exhausted because accruals ceased to be a concern. Business manipulation signals also ceased, suggesting the company was no longer able to inflate its cash flow.
Figure 4: An excerpt from Transparently.AI's Wirecard risk report for 2018
Relative to 2012, the 2018 report showed deterioration on a number of fronts, notably asset quality, income quality, cash quality and operating margin. Years of fraudulent activity and increased reliance on debt left Wirecard in a weakened state. This is why signals for income, cash and margin quality had begun to emerge as serious concerns.
Reflecting the offshore acquisitions, investing activity had also become a serious cause of concern.
The AI fraud-detection software identified Wirecard as a highly dubious prospect from the moment it listed
It would be a stretch to say that Wirecard was a basket case with a risk score of 53% but interpretation has to be adjusted for that fact that the bank numbers seriously clouded the true picture of Wirecard’s numbers.
Moreover 53% is an ominously high-risk score for a large cap.
Based on the company’s history, the frequency of attacks on its veracity, its nosebleed valuation, and its ‘adjusted’ accounting method, Wirecard was still uninvestable in 2019 on the basis of the AI system’s risk assessment.
Wirecard failed to fool an untrusting machine. The AI fraud-detection software identified Wirecard as a highly dubious prospect from the moment it listed until the time that it failed.
We are confident that any prudent investor presented with the risk analysis we have discussed would have felt compelled to undertake deeper due diligence on Wirecard and found the company deeply suspect, if not uninvestable.
Wirecard: Aftermath
The Wirecard collapse led to criminal proceedings in Germany, Singapore, Philippines and other locations.
The main trial of Markus Braun, the former CEO of Wirecard, began in late 2022 and is being held at a high-security courtroom at Stadelheim prison in Munich. Oliver Bellenhaus, the head of Wirecard’s Dubai subsidiary, and Stephan von Erffa, who was in charge of accounting, are also on trial. Jan Marsalek, the former COO, is a fugitive and believed to be in Russia. Braun has already lost two civil cases.
The trial is proving exceeding complex due to a lack of hard evidence and is expected to last until the end of 2024 at the earliest. Markus Braun is accused of misrepresenting Wirecard’s accounts and of market manipulation by falsifying income from transactions with so-called third-party acquirers.
There have been many twists and turns since the prosecutions began. In the most recent development, an Israeli private detective was sentenced to 80 months in prison on 16 November for his role in a US$4.8 million hacking scheme that targeted journalists and critics of Wirecard.
Disclaimer: Both the author and Transparently Pte Ltd do not have trading positions in the companies it expresses a view of. In no event should the author or Transparently Pte Ltd be liable for any direct or indirect trading losses caused by any information contained in these views. All expressions of opinion are subject to change without notice, and we do not undertake to update or supplement this report or any of the information contained herein.
