Friday, 10 July 2020

Corporate Fraud Part 2 -- An Alternative Proposal for Enchancing Detection

Abu Arqala Publishes His Proposal
In the previous post, I expressed some concerns about a proposal to combat corporate fraud.

Saying that a particular solution seems unworkable or difficult to implement isn’t really of much utility.

Don’t tell me what can’t be done. Tell me what can.

The point is to outline a possible solution.

What then is AA’s alternative? What is to be done?

To start we have to accept that just as with corporate misgovernance there is no financial equivalent of hydroxychloroquine that is a sure cure. 

Because fraud is not just equivalent of a bad “flu”, financial or otherwise, and won't just go away in July or some other month, we do have to take action.

To that end I offer this alternative proposal which seeks to use existing structures to enhance current risk disclosures and promote risk-based auditing.

A key goal is turning auditors’ attention and action away from what appears to be a sole focus on policies, internal processes and controls, and pieces of paper.

As the old joke goes, if it isn’t written down, it doesn’t exist for an auditor.

The real risk with that mentality is the converse.

If an auditor has a piece of paper—a confirmation, a copy of a contract, etc.--the existence of an asset or liability or a business relationship is a proven fact.

The steps I’m proposing would not mean that auditors would abandon examining adherence to financial reporting and accounting standards, reviewing internal controls and processes for adequacy, nor performing many paper based audit activities, including confirmations, nor issuing opinions on those matters.

Because the majority of companies do not engage in major fraud, that current audit work provides needed information to a wide range of third parties, e.g. shareholders, other investors, lenders, business partners, etc. And so it should continue.

If a company is fraud free, an investor is still going to want to know if the company is following accepted accounting principles, has proper accounting systems and internal controls, has documentary evidence to back up transactions, etc. That it uses reasonable assumptions when valuing hard-to-value assets.

One doesn’t want to invest one’s money with or make a loan to an honest but incompetent or disorganized company.

So my proposals are designed to leave those aspects of auditing in place but enhance the extent of auditors’ work.

First, emphasize the need for auditors to identify if the company has any serious or unusual risks in its business model or practices, including unusual vulnerabilities.

If such risks are found, require that they are disclosed in a clear form in a company’s audited financial statements.

When those risks are pose substantial or unusual vulnerabilties, auditors should include these in the “key audit matters” section of their audit opinion. That would require that they discuss the existence and materiality of such “matters”; describe the additional audit work they have performed to address them; and their resulting assessment on that matter.

If they don’t reach the level of a “key audit matter”, they should be noted and addressed/focused on in the audit plan. 

The goal is not to come up with a laundry list of every potential risk factor similar to a bond or stock offering memorandum which is primarily a CYA or more accurately a CYLE (cover your legal exposure) exercise for the underwriting/offering banks and the issuer. 

All business are subject to a variety of risks.

The point is to identify those risks or vulnerabilities that are not obvious and have a material impact. 

This will become clearer in the post to follow where I outline this “point” applied in actual cases or hypothesize how it might have been applied at Wirecard or Hin Leong Trading.

Second, require that auditing procedures be scaled to risk of an individual asset, liability, etc.

For example, one should not use the same method to verify bank deposits of Euros 1.9 billion that one uses to confirm a USD 100,000 receivable. 

What are these two principles designed to achieve?

The first is designed to alert market participants, lenders, and regulators of vulnerabilities and dependencies that could have a material affect on the company’s health. To raise a red flag. 

That's important because fighting fraud is not the sole job of one group any more than corporate governance is.

It is also intended to cause the auditor to focus on a class of risks that seem often to be overlooked at least in some cases.

Auditors are already required to assess a company’s risks and then develop a specific audit plan of work to ensure appropriate audit work is done on these areas. So this is a reminder with emphasis of this existing requirement.

But if they don’t focus on this latter class of risks, there is a real danger—as perhaps evidenced by some recent fraud cases—that they will not undertake the work they should have to address these issues.

The second is designed to "force" auditors to scale audit work to risks.

What’s the relation to fraud?

As I noted in an earlier post, many but not all types of fraud necessarily require the overstatement of assets. 

We’re most concerned with major frauds that threaten the viability of a company that is the reason for risk based scaling of audit work.

At first blush, this may sound like a good proposal. Or at least that's what I tell myself.

But it is not a panacea. There are no 100% solutions.

Why?

As to reliance on large numbers of market participants reacting to alerts (the first point), if you’ve read this blog before, you know I have little faith in the mythology of efficient markets.

Not no faith. Just a slight bit more than I have in the “Power Ponies”.

Admittedly, I’m banking on a very small number of market participants to read, understand, and then take action on any red flags raised by disclosure of these sort of business risks.  

That being said, just a few persistent sharp investigative (but probably underpaid) journalists at the FT played a major role in uncovering NMC and Wirecard
.
But, the effectiveness of this point doesn't just rely on those sort of market participants.

Widening auditors' risk focus and thus getting them to adjust their audit focus and work should also contribute to detection, particularly because they have access to detailed company financial information that other market participants don't.

But neither of these two intended goals will result in fraud detection all the time.

That’s the reason for the second point.

That’s why it’s in some respects more important than the first. 

Enhanced audit work. Moving beyond the tick-the-box approach to one that is based on risk. The more risk the more work required.

Why is that important?

As I’ve argued, “fiddling” with the income statement requires “fiddling” with the balance sheet pretty much dollar for dollar.

Major fraud requires major fiddling.  

If audit procedures disclose that assets are overvalued or non existent, it’s very good sign that the income statement has been overstated and income is non existent. And vice versa.

There are other cases of fraud that might be detected by enhanced audit work to confirm the existence of an asset or its carrying value.

Some examples.

Knowingly exchanging one asset for another of lesser or of no value.

Or, as happened at Hin Leong Trading, selling inventory without recognizing the sale in the accounts.

Failure to recognize the financial impact of a “good” transaction that has gone bad. A receivable associated with a legitimate sale turns out to be uncollectable. An asset purchased in good faith goes “south”. But there is no charge to the income statement or to equity.

Harder to detect frauds would be inflating expenses to take cash out of the firm. For example, overpaying for goods or services actually received. Or paying for non existent services.

Note in the second part of the previous sentence I’ve eliminated “goods”. It’s much easier to determine that an asset doesn’t exist, than it is that a service wasn’t performed. Or performed in full.

Enhanced audit procedures should lead to discovery of some and perhaps even many of those frauds, primarily those likely to have a material adverse impact on the company. 

Smaller amount items are likely to remain undetected. 

All well and good, you might say. But what about other cases of fraud like NMC where billions of US dollars in liabilities were not recorded in the financials.

Indeed.

These are extremely difficult to detect.

The “first line” of defense is the auditor’s confirm from lenders or providers of funds. This is not ironclad because auditors do not send confirms for each and every loan or other asset of the lender. 

If clever people are perpetrating the fraud, they may arrange a fraudulent reply to the confirms.  

One might hope that as part of annual credit reviews, lenders and other providers of funds look to see if their debt is reflected in the borrower's financials.  They have the details that generally should enable them to identify their debt, e.g., rate, tenor, currency in the absence of their name in the financials.

Banking on "hope" is a endeavor with limited probabilities of success.

Other difficult to detect frauds involve hard-to-value assets, e.g., non listed investments, or real estate. 

Slight changes in assumptions can result in large changes in value. If stock analysts have trouble accurately valuing listed securities, it’s unlikely that accountants or even forensic accountants will fare better.

Enhanced audit work (my second point) does not provide an airtight solution. It does, however, raise the odds of detection.

That means that at best my proposal will not detect all fraud, but it might result in more fraud being detected than currently.

In a post to follow, I’ll detail how both steps have been applied and might have been applied at Wirecard and Hin Leong.  The latter by drawing on my legendary powers of 20/20 hindsight.

In the Wake of Wirecard What is to be Done about Corporate Fraud? Part 1



Corporate fraud is a twin of corporate misgovernance. 

The two are frequently companions.

 “طيزين في سروال واحد “

Or, if you are a film buff like A, “طيزين بلباس “

I’ve written before on this topic but in relation to “corporate governance”. Here and here.

To launch this discussion intended to consist of three posts, let’s begin by looking at a proposal Edward Hadas made in an article at Reuters. 

When a sharp incisive journalist like Ed writes a piece, it’s always a good idea to take a close look.

In his article, he proposes the use of private sector forensic accountants to conduct investigations to uncover fraud.  

They would be funded by a portion of the fees that companies pay their "regular auditors" so that the "fraud busters" could be independent of the economic considerations that are often considered impediments to financial auditors' full performance of their duties.

The “fraud busters” would not check all companies but only those where they “sniff out suspicious activity”.

How?

Either from tips from stock analysts, whistleblowers, worried bankers, and/or investigative journalists. Or from their own ratio analysis, etc.

The “fraud busters” might also choose to focus on industries that “attract miscreants”.

They would be given “a government license to pry”, presumably at a minimum to conduct investigations and compel the company to provide access to confidential information. 

They would also have “the authority to prevent regular auditors from signing off on accounts.”

An interesting proposal.

However, I think this system would be difficult to institute and would pose several significant challenges.

First, the “government license to pry” and the authority “to prevent auditors certifying financial statements” imply that the “fraud busters” would be granted legal powers akin those to enjoyed by governmental agencies.

If so, this is likely to result in potential conflicts between the “fraud busters” and the governmental agencies.

Why?  

Because unlike investigative journalists, security analysts, etc. they would be able to compel testimony and the provision of records as well as issue binding judgements, e.g., on financial auditors.

Would the “fraud busters” or a government agency have the final say about inception, the determinative process, and disposition of a potential case?

As well, in order to the prevent the “fraud busters” from interfering with ongoing or contemplated non-public official investigations, they would need to be informed about them.

Official agencies would naturally be reluctant to provide this information for fear that it would be “leaked” in one way or another, thus alerting the “target”. 

Or potentially causing harm to the "target" before the process was complete. 

Or that such “inside information” would be misused for “insider trading”.

Second, and more importantly, giving private sector companies rights typically the monopoly of government agencies would raise significant constitutional and legal issues regarding due process and the rights of a defendant. And probably not only  in the USA. 

What would be the “probable cause” standard for a “fraud busters” investigation?

It would seem that at least it would have to be equivalent to the standards that governmental agencies must meet before formally commencing an investigation, including the legal right to compel testimony and provision of records. 

Think of the steps required for an SEC Formal Order of Investigation or the judicial processes associated with US DOJ actions. Or of “discovery” in civil cases.

There are operational issues on exactly how this would be arranged (structure) and managed (process) for "fraud buster" investigations to ensure the rights of “targets” are protected. And confidentiality were maintained.

I think these legal issues are particularly important because as I read Edward’s article—and apologies to him if I have misread it—the “fraud busters” seem to have fairly wide latitude to begin an investigation.

They seem to be “financial bounty hunters” or a version of the Met “Flying Squad” set free to range far and wide to uncover frauds.

For example, as per his article, they might “focus” on companies in an industry they judge “attracts miscreants”. This might be characterized as “guilt by association” by targets.  And even harder to justify on a “probable cause” basis if legal objections were raised by the target.

Other justifications would be “tips” as mentioned above from third parties and financial ratio analyses the “fraud busters” conducted themselves.

How would the credibility and “weight” of the “tips” be assessed? Particularly, when many of the tips are likely to originate from sources that do not have first hand access to inside information of wrongdoing.  

Or where the “tipper” has an economic interest in lowering the price of the target’s stock? Think Herbalife. 

All these raise issues about probable cause in a USA context. 

Should their investigations be limited to the subject of the tip? Or might they like Kenneth Starr range far and wide beyond their initial scope to find wrongdoing once they commenced an investigation?

Initial suspicions on NMC concerned overvaluation of acquisitions. What turned out to be the “real” problem was unrecorded liabilities. There were no tips that I am aware of on that problem until information came out at the final stages of the company’s unraveling.

What should be the impact of ostensible independent third party’s report that it found no evidence of fraud?

As per “Management” Note 2.5 on page 97 of Wirecard’s 2018 audited annual report a Singapore law firm, Rajah and Tann, conducted an investigation which cleared Wirecard at least preliminarily. A Government of Singapore investigation was still ongoing at the time.  

This may seem like pettifogging. 

But if we hope to see criminal or civil penalties imposed on fraudsters, we need to make sure that they have no defense from shortcomings in due process or violations of defendants' rights.

Third, if, as asserted, economic considerations motivate auditors to not properly execute their responsibilities, wouldn’t “fraud busters” be subject to the same temptations?

In their case the issue would not be doing too little but doing too much.

Investigation for the sake of investigation because presumably, they will be paid for the number of investigations they conduct. 

With the lure of a sizable “bounty” for uncovering a fraud perhaps providing  additional incentive to “keep digging” or to overstate wrongdoing.

There are other difficulties.

For example, because they receive their authorities from national governments, cross border investigations would likely be more limited that those by governmental agencies. That is not to assert that national governmental agencies have an easy time with cross border cases.

Similarly, granting the “fraud busters” powers similar to governmental agencies probably would require as well the provision of legal immunity regarding their investigative actions in order for them to discharge their duties.  

In the next post I’ll outline an alternative proposal—admittedly imperfect—that seeks to leverage existing structures to increase the detection of fraud.  

Friday, 26 June 2020

Wirecard - Why Income Statement Manipulation Results in Balance Sheet Manipulation

R^2 -Not Affiliated with Wirecard or Hin Leong
As you will recall, Financial Times articles reporting that Wirecard’s (WC) revenues and thus net income had been deliberately overstated triggered the unraveling of the company. Here is an article from early 2019.

If these allegations are true, then it should be no surprise that a significant amount of WC’s assets (most likely cash) does not exist.

And like AA’s “missing” Maybach S 850 Luxury Edition never did.

What that means is that Wirecard’s “billions” have not be misappropriated.

Nor have they been misplaced. Not left, perhaps, in the German equivalent of the Victoria Station Brighton Line cloakroom in a handbag or handbags.

Furthermore, we should have expected to learn that assets were inflated when we first read that income had been.

Since it seems that there is some confusion on this matter, (example here) I’m writing this post to explain why income statement manipulation necessarily requires manipulation of the statement of condition (balance sheet) by the same amount.

Similarly if there is misstatement of a company’s balance sheet, then it’s a very good “bet” that company’s income statement has been misstated as well as discussed further below. 

Why is this?

The answer comes the fundamental accounting identity: Equity = Assets – Liabilities.

If net income is overstated, then equity must be similarly overstated because the results of operations – net income or net loss – are added to equity.

As the balance sheet identity above demonstrates, if equity is overstated, then so must A-L.

Inflating net income then requires that one:
  1. overstate assets or 
  2. understate liabilities. 
  3. Or some combination of 1 and 2.
But there’s more.

There is a very close relationship between the income statement and balance sheet.

In general every entry on the income statement is mirrored in an equal but opposite entry or entries on the balance sheet.

If one reports USD 100 in revenues (a credit), then a debit or debits for the same amount must appear on the balance sheet, e.g., in cash and/or accounts receivable.

If one reports USD 100 in expenses (a debit), then an equal amount credit or credits appears in the balance sheet, e.g., in cash, prepaid expenses, and/or in accounts payable (a liability).

Non-cash revenues (e.g., revaluation of assets, reversal of provisions) must be accompanied by debits to the assets concerned or to existing provisions (contra accounts or liabilities).

Non-cash charges (e.g. depreciation, amortization, provisions) must be accompanied by credits most often to contra accounts to assets or in some cases creation of liabilities, e.g., reserve for litigation.

There’s no escaping this – if one’s balance sheet is to balance.

A dollar’s worth of “fiddling” the income statement, requires a dollar’s worth of “fiddling” the balance sheet.

As noted above, when one hears that a company's assets have been manipulated - usually to make them larger, then one should know that so has income.

By way of example is the case of Hin Leong Trading Singapore.

At this time, reports are preliminary not final.

Details remain “sketchy”--in both senses of the word.

Based on these three articles, CNBC, The Independent (Singapore), and AsiaOne, it appears that HLT hid some USD800 million in derivatives losses (oil futures), and fabricated some USD 2.2 billion of accounts receivable.

As well, the company's inventory is "short" USD800 million.

What that means in layman speak is that HLT’s inventory is overvalued. In this case the value of the actual (physical) inventory is USD800 million less than the value shown on HLT’s balance sheet.

HLT seems to have had two goals with the manipulation of its financials.

Creating fictitious income to cover losses.

Because the amount of the “inflated” receivables is much greater than the USD800 million derivatives losses it’s clear that HLT has been unprofitable for some time as well as cashflow negative.

HLT’s unrecorded sale of USD800 million in pledged inventory to obtain cash for its general operations not only supports the latter conclusion (negative cashflow) but shows just how serious it was.

Maintaining/expanding its “borrowing base”

Most banks lend to commodity traders on a secured basis, with the maximum loan expressed as a percentage (borrowing base) of receivables and inventory.

The “base” is always less than 100% to provide a margin of additional protection because typically one doesn't realize the face value of collateral.

When the outstanding loan is equal to the allowed borrowing under the “base”, the bank will make no further loans.

If outstandings are greater than the amount allowed under the "base", the bank will demand a repayment in the outstanding loan to bring it within the base.

Account Receivables

Banks generally tier the lending percentage according to the days outstanding of receivables, the credit standing of the obligor, etc. The quicker a receivable is collected the better credit quality it is. The longer a receivable is outstanding the lower the quality and therefore the "base".

The nature of the goods being sold is also a factor.

HLT fabricated multiple transactions to replace “aging” bogus receivables with new ones to maintain the borrowing base.

And critically as well to create additional amounts of receivables to expand its “base” and fund its cash “burn”.

Banks also monitor the turnover (inflows and outflows) in borrowers’ accounts, particularly those borrowers involved in trading.

If a borrower’s account is “stagnant”, it is a sign of distress in its business.

HLT round tripped cash through its accounts to give the appearance of robust cash flow, e.g. collection of receivables.

Inventory

Banks perform a similar borrowing base calculation with inventory, factoring in price volatility, nature of the commodity/goods, costs of sale, etc. 

For example, in general crude oil inventory would be considered “better” than specialty manufactured goods that could be used by only a limited set of potential buyers.

HLT needed cash and didn’t want to reduce its borrowing base which would prompt a demand for reduction in its loans. So it sold pledged inventory without recording it in the income statement or its balance sheet.