Mentoring across borders

The ACFE’s mentoring program is going into its second round shortly. A quick scan through their database tells me there are currently no mentors in Norway, Sweden, Iceland, Austria or Denmark other than myself. Around ten mentors are available respectively in Germany and the United Kingdom, just a handful in Switzerland. Yet, the requests of mentees keep dropping in despite the system already indicating that I am at “maximum”.

Over the duration of the program, that is a period of six months, those accepted mentees will work with me. Others, I will attempt to mentor in alternative ways. For instance by encouraging them to use the association’s forum for more general discussion or anonymised requests that can tap into the wisdom of the crowd.

Just as when I embarked on the first run of the program, I have requests from around the globe. It is fascinating to see the diversity of cultural background, professional level and skill set and the specific requirements for mentoring. I am also intrigued to learn that professional and highly educated mentees frequently need a combination of mentor, coach and consultant rather than a mentor per se.

The initial task is to clarify and negotiate what guidance I can provide and where the limits of my engagement are. Communicating across cultural contexts, timezones and professional boundaries can be inspiring, energizing and great fun but it is neither easy nor always smooth, I am aware of that.

Establishing trust and a comfortable tone that allows for strengths, weaknesses, hopes and plans to be shared by the mentees is paramount to me. I know it all depends on how comfortable we become in a fairly short period of time to open up and discuss meaningful goals. There is no guarantee and I need to be skilled in reading in between the lines, raising questions, concerns and potential needs in a diplomatic manner. If I fail to adhere to this set of my own standards, I will encourage the mentee to communicate any frustrations in time.

Having been a mentee myself, I know that this is not necessarily the standard approach. Mentees may find themselves accepted quickly but then ghosted, weeks or months without engagement. Mentees may find a mentor having harsh ideas about imparting knowledge, instructing rather than developing and some may cross some borders.

But then, learning from less than best practice has always been valuable to me. I am committed to offering the best of what the good mentors have instilled in me. I know that the better I do my job as a mentor, the higher the chances the mentee will pass this on once they are ready to mentor others.

Once we are at that stage of trust within the mentoring relationship, I offer value by challenging respectfully where required, guiding gently with ideas and suggestions and a pace that is in line with the mentee’s requirements. I still allow the mentee to feel they have full ownership over the process and in fact that they do own the outcome.

Ownership is a much-underestimated aspect. Both, in the world of risk management and corporate compliance as well as in political governance. I know how important it is not to impose, but to develop in collaboration and by permitting and maintaining a sense of authorship and ownership. It applies to risk policies, constitutions and work procedures just as it does to one’s career steps, professional narrative and decision-making processes.

My goal is to empower, to enable and to help the mentee grow. As far as possible I want to achieve this with the mentee in a partnership based on equality. This is an approach I have learned to value highly over the years and it is a way of dealing with each other that I have come to appreciate mainly in the Nordics but also to a substantial degree in the UK. It is an exciting way of accompanying someone’s professional journey. It is also deeply inspiring to see what empowering others can achieve and what developing skills in tandem can instil, both, in mentees and mentors.

2018 ACFE Global Study on Occupational Fraud and Abuse

Nearly 50% of all fraud cases result from internal control weaknesses, the 10th edition of the largest Global Study on Occupational Fraud and Abuse finds. The ACFE has just released its latest report, based on well over 2,500 real cases from over 20 major industries in 125 countries. Whether you call them whistleblowers, tipsters, informants or Hinweisgeber – those individuals who provided a tip were key to 50% of all fraud investigations.

The Report to the Nations is the go-to source for fraud fighters and risk professionals who look for trends, detection and mitigation tactics, numbers and qualitative insights.

Internal Controls in a Culture of Fear

… rendered ineffective by socio-psychologically savvy fraudsters – are at the core of my forthcoming talk at the ACFE Conference in Frankfurt a.M. The invitation to hold a session has prompted me to focus on Germany’s “hidden champions”, its famed Mittelstand.

Those over 3 million Small and Medium Enterprises (short SMEs) have come under increasing and severe pressure from foreign direct investment (FDI), mainly from China but also in the form of European and North-American mergers and acquisitions (M&As).

Frequently marked by hierarchical and even patriarchal structures, sceptical of progressive whistleblowing and informant practices and approaches thanks to its history, Germany’s SMEs have suffered substantial losses and remain fairly resistant to lessons-learned, resulting from fraud committed by social engineers (Business Email Compromise or BEC, also CEO-Fraud or ChefTrick) that continues to balloon.

Fraud, frequently conceptually misunderstood as an exclusively external phenomenon urgently requires more attention and a better grasp in terms of scope and depth (i.e. covering holistically the aspects of Wirtschaftskriminalität, Betrug and Missbrauch of resources, data etc.). It finds fertile ground in an organizational culture of fear in particular where:

  • speaking up and speaking out are equated with insubordination,
  • creativity is the privilige of certain departments, functions, individuals or hierarchy levels (or even demographics) and
  • social compliance dominates every action in the organizational routine.

These unhealthy parameters provide the perfect conditions for fraudsters who understand to read the obscure and subtle signs (or absence of such) of victim organizations.

Mitigating this fraud risk (and related reputation risk) and effectively tackling this wide-spread and potentially existency-threatening dilemma is not what most SMEs believe it to be: the current dominant knee-jerk response of staff firing and shame-driven hiding of failed (or barely existent) risk cultures is only adding power to fraudsters – thereby benefitting foreign investors and competitors.

Instead, smart empowering and effective risk strategies can leverage existing functions but require radical rethinking and a thorough understanding of the socio-psychological factors that cannot be engineered on paper into Germany’s SMEs.

Overcoming fear and building trust across functions are central to this type of progressive and sustainable immunization. Transparency and non-authoritarian leadership styles are key pillars in building this type of risk resiliency.

Conference attendees will have full access to my paper including appendix and references and the slides.

Choosing wisely and timely: annual CPEs

Outside the US and the UK, this requirement is fairly unknown – certainly among all those who do not hold a qualification which requires Continuing Professional Education (CPE). As a Certified Fraud Examiner (CFE), earning and reporting CPE credit on an annual basis is mandatory. It’s not a nice to have, it’s a must.

Some of the misconceptions I have encountered are rooted in cultural differences. For instance, in Germany, CPE tends to be confused with concepts such as Lifelong Learning. Of course, the language barrier may play a role, too. CPE is most adequately translated to Kontinuierliche Berufliche Weiterbildung or Fortbildung. Howevermost German professional qualifications do not require any CPE, so the concept per se remains foreign to many.

I would like to help readers across Europe and beyond to understand what it means and why it is beneficial to the professional individual and the professional community but also to the wider industry, the employees, and even the public.  So I decided to clarify this here on my website:

The ACFE’s CPE requirements for CFEs – What are they, how do they work?
As Certified Fraud Examiners we have to fulfill a number of academic, professional and character-related criteria (see here) prior to our certification, these constitute the eligibility criteria. Subsequent to studying the 2,000 pages manual (or alternative ways to prepare) and passing the exam, certification can be applied for.

Once, we have achieved certification, an annual CPE requirement applies, as the ACFE specifies:

To maintain your CFE Credential, you are required to earn at least 20 hours of Continuing Professional Education (CPE) every 12-month period.
At least 10 of these hours must relate directly to the detection and deterrence of fraud and 2 hours must relate directly to ethics.

What’s the purpose and how is this meaningful?
CPE is not just meaningful but a vital means by which we CFEs maintain our professional knowledge and specific skill set. Continuing education in our profession is particularly valuable and vital, as the area continues to undergo frequent change and evolves on a global scale.

The competence maintained in this way benefits the individual in so far as we can continue to develop our full potential. It also aids the overall standard of the profession and keeps it on a high and up-to-date level. Ultimately though, this also helps the wider civic society.

CPE options, formats, and financial aspects:
The ACFE currently counts more than 60,000 certified members in over 120 countries. To some, their nearest chapter is the provider of workshops, seminars, and conferences where CPEs can be earned.

Others, in more remote locations, less mobile, with limited funding or a very tight schedule may prefer earning their CPEs with webinars, webcasts, self-study books, and university materials or authoring of materials. The ACFE provides a wide range of CPE credit options, they differ in the format of delivery, duration and in terms of subject area. They also differ widely in financial aspects, some are entirely free of charge – for an overview see here.

CPE reporting, failure, and disciplinary consequences:
CPE credits need to be reported to the ACFE on an annual basis, reminders are issued from around 90 days prior to the expiration of annual reporting period – which equals an individual member’s annual membership period.

CPE reporting is subject to audits. The ACFE also maintains a database of suspended members. Those who fail to earn their CPE credits or committed fraudulent acts in earning them become subject to disciplinary measures in line with the ACFE bylaws, rules and regulations.

Here is how I chose to fulfill my CPE requirement:
a) I opted for a 20 CPE self-study course, focusing on public sector fraud with a specific focus on the FCPA and the UK Bribery Act. This course contains the 2 mandatory CPE hours of ethics training and requires passing an exam. This could be sufficient to fully earn my annual CPE credits.

(b) However, I have also completed a number of webinars with the ACFE, each of them at 1CPE. This has provided me with fresh insights into areas the self-study course did touch upon but in a different way. For instance, I attended a webinar which focused on data analytics and how it can be used in compliance testing – which overall acted also as an eye-opener in terms of creative thinking when it comes to fraud prevention and detection.

(c) Further, I chose a few of the American Institute of Certified Public Accountants’ (AICPA) CPE webcasts (see all CPE courses). AICPA has been maintaining a very close collaboration with the ACFE for years. The webcasts differ slightly from the ACFE’s webinars insofar as they are often panel discussions, they contain test questions which pop up during the cast and an overall exam.

Especially the AICPA Behavioral Ethics webcasts, amounting to 1.5-2 CPE credits, are very interesting and useful (to fulfill ACFE ethics CPE requirement). They may cross-reference the ACFE material, for instance, the Annual Report to the Nations, or else.

Overall, I find the mix of sources, predominantly provided by ACFE and AICPA courses, very valuable and thought-provoking. The combination I strongly recommend also includes CPE credit from a wider variety of organizations, for instance, Protiviti and Thomson Reuters offer respectively 1 CPE for the attendance of a live webinar on Anti-Money Laundering Model Validation and a live webcast on hidden risks surrounding sanctioned entities.

Earning CPE credit and enhancing one’s skill set can be and should be as interesting, stimulating and positively challenging as possible. Hence, to me, earning CPEs are not just an annual duty – they are a vital part of my professional development and as such, I actively seek opportunities to enhance the mandatory requirement. You’ll never know where inspiration comes from…..




Interview with the ACFE

I’ve recently had the honor and the privilege to give an in-depth interview to the ACFE. It was published yesterday and is available here (PDF contains images, 3 pages) and here at the ACFE .

It provided a wonderful opportunity to reflect deeply and express my gratitude and appreciation for the many influences, challenges, and discussions over the years in academic, situational and professional settings. Not to forget the personal encounters, remarkable projects, and support I experienced and that underpin my motivation in fostering a better and broader understanding of fraud risk, effective controls, and applied ethics. Of course, it’s also a statement of deep appreciation for the ACFE organization and its members and an encouragement to share knowledge and mentor others in order to strengthen the professional community. Below the introductory paragraph compiled by the editors:

Britta Bohlinger, CFE, MA, BSc (Hons), Quality Manager and Auditor (IHK Berlin), founding director of RisikoKlár, is no stranger to debates or uncomfortable discussions. From a young age, she enjoyed lively conversations with her father about his work and later became active in academic association discussions. She said, “The element of informal mentoring was invaluable — a source of motivation, challenge and aspiration. [The discussions] were also a source of comfortable discomfort as being an active member always reminded me of how much more I needed to learn.” As the only female CFE in Iceland, she now brings her passion for discourse and spreading risk management knowledge […]

and the list of questions I answered:

  1. How did you first become passionate about fighting fraud?
  2. What is your current role and what does it entail?
  3. What caused you to start RisikoKlar?
  4. What is one of the biggest lessons you have learned since becoming a CFE?  
  5. You’re very active in the online ACFE Community. In your opinion, how important is the exchange of ideas and knowledge between anti-fraud professionals?
  6. What is a memorable case or project that you have worked on; one that made you feel especially proud?
  7. How has earning the CFE credential benefited your career?
  8. What do you like about being an ACFE member?
  9. What activities or hobbies do you like to do outside of work?

The Importance of Legal Counseling for Whistleblowers

By guest author Sercan Ercinler, who was born in 1987 in Istanbul, and currently lives in Vienna, Austria. He is a Certified Fraud Examiner (CFE) with a master’s degree in accounting and author of the two books: Corruption, Money Laundering and Financing of Terrorism (2017, English) and The U.S. Sarbanes-Oxley Act of 2002 and Internal Control (2016, Turkish).

Employees, who spare no sacrifice to report their organizations to competent judicial and/or administrative authorities because of the heir illegal activities, are widely appreciated by the public opinion in this day and age. According to the detailed information contained in the ACFE Reports to The Nations on Occupational Fraud and Abuse, the most common fraud detection method is tips from employees and some other parties such as customers or vendors when it comes to the financial crimes.

Whistleblowers come forward publicly when something illegal is going on in their organizations after they do not receive an acceptable reply through their organizations. This situation causes the risk of retaliation against a whistleblower by the employer. For this reason, authorities take legal measures to protect whistleblowers from retaliation.

Other than employer retaliation, whistleblowers face the risks of industry blacklisting, professional violations, legal consequences etc. Therefore, employees should get a legal counseling to minimize or eliminate the risks of being a whistleblower before reporting an illegal activity to competent authorities. Section 806 of the U.S. Sarbanes-Oxley Act of 2002 (the SOX Act), which is titled as “Protection for Employees of Publicly Traded Companies Who Provide Evidence of Fraud” states that reports must be filed with some specific authorities in order for the reports to be handled properly. These authorities indicated in Section 806 are:

  1. a Federal regulatory or law enforcement agency;
  2. any Member of Congress or any committee of Congress; or
  3. a person with supervisory authority over the employee (or such other person working for the employer who has the authority to investigate, discover, or terminate misconduct).

Otherwise, it will not be possible for the whistleblowers to be protected in accordance with the provisions of the SOX Act. A case which occurred in 2007 (Los Angeles Times, Two auditors not entitled to whistleblower protection, court rules, 4-May-2011) can be given as an example to the importance of legal counseling. The case involved two internal auditors assigned to assess Boeing’s compliance with stricter financial reporting regulations and safeguards imposed by the Sarbanes-Oxley Act. The two were fired after the Seattle Post-Intelligencer carried an article on July 17, 2007, headlined “Computer security faults put Boeing at risk.”

The story said Boeing had been unable for the previous three years “to prove it can properly protect its computer systems against manipulation, theft, and fraud.” These two auditors, Matthew Neumann and Nicholas Tides were not entitled to whistleblower protections because they leaked the information to a newspaper instead of the appropriate authorities indicated above.

Boeing legally fired Matthew Neumann and Nicholas Tides for the reason that they violated Boeing’s Company Principles:

  • PRO-3439* prohibits the release of company information to the news media without prior review by companies’ communications department
  • PRO-2227* considers information protection and
  • PRO-1909* considers companies’ reputation and its relation with the elements of business environment such as customers, creditors, and shareholders.

This case proves the importance of legal counseling in whistleblowing issues.

SILVERMAN, Circuit Judge:

We hold today that by its express terms, the whistleblower provision of the Sarbanes-Oxley Act, 18 U.S.C. § 1514A(a)(1), protects employees of publicly-traded companies who disclose certain types of information only to the three categories of recipients specifically enumerated in the Act—federal regulatory and law enforcement agencies, Congress, and employee supervisors. Leaks to the media are not protected

*Source: Tides and Neumann v. BOEING appeal of 2011 (13 pages, section OPINION)

Complex Risk: due diligence, conflict of interest, ultimate beneficial ownership

Recent headlines covered Brexit and Britain’s subsequent repeal of laws, Germany’s private bank Hauck & Aufhäuser, dissolved Welling & Partners in the British Virgin Islands (, and Fashion brand founder Karen Millen’s bankruptcy. Unrelated, at first glance, they also entailed various fraud-related issues and bring a pressing need for effective due diligence back into the focus of public attention.

National and international aspects:
The headlines and underlying cases are indicative of the complexity of cross-border transactions in a globalized world where legislation, regulation, and enforcement still remain largely a national matter.  Further significance has been added by the recent conflict of interest breach at the Bank of England, resulting in the Deputy Governor’s resignation.  The ongoing prolific debate around conflicts of interest in the current US White House (visualized web ) has additionally furthered public appetite for scrutiny and clarity byeond national confines and territories.

Spanning Britain, Germany, Iceland, the European Union (EU) and EEA (European Economic Area), as well as off-shore tax havens in the British overseas territories, taking a birdseye view helps to understand and illustrate the challenges resulting from a broad network of anti-money laundering regulatory provisions and policies.

Risk perspectives:

“EU legislation requires that institutions adequately manage and mitigate operational risk, which is defined as the risk of losses stemming from inadequate or failed internal processes, people and systems or from external events.

Operational risk includes legal risks but excludes reputational risk and is embedded in all banking products and activities. It has always existed in banking, and non-banking organizations but it has acquired a greater relevance given the increased complexity and globalization of the financial system and the recent materialization of unprecedented extremely large losses.”

Source: European Banking Authority (EBA)

Conducting required checks and ongoing monitoring and registry maintenance sufficiently, requires both, the buyer’s and seller’s concerted efforts in order to mitigate and manage risk emanating from improper or inadequate due diligence.


The complex landscape of regulations and guidelines:

  • Britain‘s exit from the EU will leave its leading role in anti-money laundering (AML), anti-corruption (and anti-bribery and sanctions compliance) mostly intact thanks to the UK Bribery Act which is independent of EU regulations.  Of greater concern is the stricter control of offshore territories, mainly in former colonies, as well as compliance regulation, applicable to financial firms, which is predominantly derived from EU legislation (OECD concern).
  • Iceland, as a member of the European Economic Area (EEA), has to comply with the EU regulations and its interpretations of the Financial Action Task Force (FATF) standards (Iceland in FATF). This scenario could also apply to Britain, depending on the outcome of future negotiations, for now, Britain remains a member of the FATF.
  • The European Union’s 4th Anti-Money Laundering Directive (4AMLD – summary) was adopted in May-2015, became effective in Jun-2015, and its national transposition is required by 26-Jun-2017.This will entail central registers of beneficial ownership as already set up in Ireland but currently not yet in place in Germany (see the Beneficial Ownership Transparency – Country report, 2015 – for in-depth analysis).


Knowing which rule, regulation, and watchlist apply:

Conducting checks is time-consuming, resource-intense and it may be costly.  However, failing to thoroughly substantiate the identity of a customer or UBO (buyer, seller, business or other transaction-partner alike) may be significantly more costly and damaging to the reputation and funds.

“Risk, I had learned, was a commodity itself. It could be canned and sold like tomatoes.  Different investors place different prices on risk. ”

(Michael Lewis, Liar’s Poker, 1989)

Outsourcing the checks may be one option but ultimate responsibility may remain with the outsourcing party – as the case of Karen Millen’s tax evasion scheme around-the-world (see EU Parliament Library note on corporate tax avoidance) demonstrated.  A list of significant failures of duty of care in this regard is available on the UK’s Financial Conduct Authority site (FCA).

Knowing when to conduct checks:
Certain types of risk cannot be insulated, transferred, or legally sold.  Due Diligence (and Enhanced DD: EDD), Know Your Customer (KYC), Conflict of Interest (COI), and Ultimate Beneficial Ownership (UBO) regulations and rules are neither effective nor meaningful past the event, which does not render them obsolete but makes their use all the more valuable as a set of preventive instruments throughout the interaction. Compliance programs and efforts have become increasingly sophisticated, however, human factors such as misplaced bias, trust, unquestioned routines, and practices may enhance the operational risk.

“Let me put it this way: I’m standing in front of a burning house, and I’m offering you fire insurance on it.”

(Jared Vennett explains Credit Default Swaps (CDS) in M. Lewis’ The Big Short: Inside the Doomsday Machine, 2010/2015)

Latent reputation risk and litigation risk may arise instantly, at a very early stage during negotiations.  This may apply irrespective of the nature of a transaction, whether an acquisition, a merger or a sale of a specific stake.

It requires due consideration and pro-active mitigation at a time when there is neither smoke nor fire, a long-term approach that may be deemed a challenge in environments where accounting for long-terms risk conflicts with short-term objectives. Adhering to ethics codes voluntarily may be one way to address the issue, voluntarily applying EDD can be yet another.

Overall, it can be argued that transparency of data, consolidation of watchlists, regulations, and enforcement efforts are increasing and increasingly streamlined, consolidated, and subject to public awareness and debate.

Do People Care More About Corruption Than They Used To? Evidence from the US and Germany

Korruption in Germany and corruption in the US – an interesting analysis that raises questions as to cultural differences, connotations and the role of the media: “This is perplexing. What explains the mismatch between the popular narrative that there’s been a surge in public concern about corruption?”

GAB | The Global Anticorruption Blog

Sometimes it feels like corruption has become the topic of the year: We’ve heard repeatedly that it is (the perception of) corrupt elites that has fueled the rise of populists, nationalists, and new socialist parties and politicians. The most prominently of these, though not the only one, is Donald Trump, who promised in his campaign to take back power from the corrupt elites (see here and here).

But has the topic of corruption actually become increasingly prominent in popular and media discourse over the last two years? To investigate this question, I did a simple search on the Factiva database within the eight most widely-circulated American newspapers (USA Today, the New York Times, the Wall Street Journal, the Los Angeles Times, the New York Post, the Chicago Tribune, the Washington Post, and Newsday) for the term “corruption.” I did a…

View original post 704 more words

Do Codes of Conduct work? Misconduct, Fraud and Ethics.

Just another document

In a recent interview, I talked about internal controls and ethics and referred to Wells Fargo as an example of the implementation of a Code of Conduct which did not result in the desired ethical behavior.

The reasons, as far as I have been able to observe and analyze are complex, far from obvious and even counter-intuitive. I believe we require a much better and more holistic understanding of the power dynamics, the collective unconscious and the interplay between individual-peer-community dynamics and pressures, sector and industry practices and the national society as well as the global.  This applies especially to transnational corporations and cross-border operations where cultural aspects further add to the complexity and potential failure of a Code of Conduct.

The main reasons why an Ethics Code or Code of Conduct, even if fully embedded, rolled out and vigorously communicated, fails to bring the desired change, center strongly around the following:

Corporate predicaments:

  • Tone at the top (set by CEO or the entire C-suite) mismatches tone at the middle – long-serving middle management has its own practices;
  • Expectations at the top (C-suite, Board but also shareholders) remain profit-focused, no shift towards a greater paradigm shift gets underway;
  • Ethical behavior is mainly valued as reducing litigation risk (and costs) but not valued as profit-generating;
  • Compliance and risk departments are seen as non-profit generating, no counter-narrative from the C-suite is offered/communicated;
  • Weak internal controls including weak HR division are impacting internal whistleblowing and act as a deterrent (rather than deterring misconduct).

Cultural issues:

  • Ethics and the Code of Conduct are being mocked by (long-serving) middle-management as something that will pass as so many initiatives before;
  • Code of Ethics is coupled with zero tolerance – correctly interpreted as unrealistic;
  • Acting ethically may be deemed “nice” and interpreted as weakness rather than a strength (by both gender) – this is usually even more so in industries with fierce competition and a glass ceiling;
  • Morality is not seen as in line with the Code of Conduct – ethics are understood as more abstract and deemed over the top;
  • Morality has been mainly lived and practiced by a (corporate and societal) culture of naming & shaming and scapegoating rather than embracing the messenger who delivers bad news before the event – shooting the messenger has been the norm.

Mechanisms and knowledge missing:

  • No, or no sound, internal crowd-sourcing platform or system to gather issues and reward those who point them out and provide potential solutions are in place – promised anonymity communicates inherent threats/risks to those who wish to protect the organization and name problems versus transparency of issues, discussed in open forums beyond the confines of a department which would indicate openness to fix rather than to blame;
  • Morality and ethics are wrongly deemed as inherent – they are not understood as learned, negotiated, agreed and practiced concepts, rather there is a lack of knowledge that they change in socio-historical contexts and are not universal per se;
  • Lack of respect and integration of experts in behavioral collective change – business consultants rather than social scientists shape the strategy and communication, resulting in a sense of rhetorical unrealistic exercise;
  • Lack of understanding that ethics cannot be imposed but need to be owned by the community of all staff at all levels – which is why crowd-sourcing can be such a powerful approach and which is why Volkswagen’s hierarchical structure played such a central role in the emissions scandal.

Broader factors:

  • A history of severe misconduct with inability to replace all those previously involved (due to size of organization or else) may result in a Code of Conduct being circumvented by creatively finding loopholes (the role of legal professionals in this context is another issue);
  • Other main players in the industry are not embracing a Code of Conduct as strongly, resulting in a competitive disadvantage.

I believe this question is incredibly important and we need a deeper discussion as to why the implementation of Codes of Conduct continue to fail and/or don’t bring the changes we want and need to see as widely and sustainably embedded and practiced as they should. I also believe that ownership (at all levels) of any Code of Conduct plays an extremely important role but is often hugely undervalued and misunderstood.

Aw SNAP something went wrong: valuation

Snap Inc.’s IPO has turned from hyped to sour in less than a week – NYSE: SNAP.  I had already flagged some concerns with the company’s valuation and potential issues as to underlying metrics which were, according to the lawsuit linked in my previous post, alleged to be fraudulently inflated.

There has been much debate across various media channels as to the underlying metrics which informed the calculation of the valuation. However, goodwill remained unmentioned. While notoriously hard to value, it deserves more public debate.  In particular so, as in the case of Snap Inc.’s going public the goodwill valuation shows a significant increase from 2015 (USD 133.9 mn) to 2016 (USD 395.1 mn), see p 35 in SEC Statement under The Securities Act 1933 where Snap Inc. states:

If our goodwill or intangible assets become impaired, we may be required to record a significant charge to earnings, which could seriously harm our business.

Under U.S. generally accepted accounting principles, or GAAP, we review our intangible assets for impairment when events or changes in circumstances indicate the carrying value may not be recoverable. Goodwill is required to be tested for impairment at least annually. As of December 31, 2016, we had recorded a total of $395.1 million of goodwill and intangible assets, net related to our acquisitions. An adverse change in market conditions, particularly if such change has the effect of changing one of our critical assumptions or estimates, could result in a change to the estimation of fair value that could result in an impairment charge to our goodwill or intangible assets. Any such material charges may seriously harm our business. [emphasis added]

The quick return down to earth may not come as a surprise to those who refrained from investing and held a critical view on the corporate governance issues and Snap Inc.’s business model.  But those among the public investors who hoped for sustainable profit may have had a rude awakening.

Some argue that a segment of the investors confused popularity with profitability. Looking beyond the hype and one’s personal preferences should be part of due diligence every potential investor invests in – as a tool of damage control and sound risk management practice, before the actual investment. Conducting this due diligence with respect to goodwill valuations and the choice of metrics underpinning the overall valuation is a challenge, though.

It helps, especially when it comes to tech stock or unicorns to keep a set of questions in mind, coupled with a few considerations that should guide the investor’s evaluation. Goodwill valuation, its challenges and the particular risks embedded in the metric that is prone to bias and often deemed an art rather than fact-based science, is equally important and difficult to assess in terms of accuracy.

For the purpose of understanding a whole range of motives, pressure and influencing circumstances that may inflate a valuation underpinning the going-public of a tech company, the following questions and aspects should be kept in mind:

  • Generally speaking, the industry’s standard needs to be taken into account – keeping in mind the dot-com bubble during the late 1990s and the related history of very short track records coupled with thin profits.
  • A key concern is and remains the fact that underwriters, such as large investment banks, charge considerable fees.   Up to 6-10% of the capital raised in the IPO are due and represent a considerable lucrative incentive, making this a non-deferred reward system prone to fraud.

    How do underwriters make their money? A bank or group of banks put up the money to fund the IPO and ‘buys’ the shares of the company before they are actually listed on a stock exchange. The banks make their profit on the difference in price between what they paid before the IPO and when the shares are officially offered to the public. Competition among investment banks for handling an IPO can be fierce, depending on the company that’s going public and the money the bank thinks it will make on the deal. (CNBC explains:IPO)

  • CEOs and CFOs are disproportionately frequently involved in financial statement fraud (underpinning the valuation), this is largely enabled due to their position of power, status and related access to systems and coupled with particular pressures and expectations that these roles entail.
  • The pressure and common reasons senior management cite when caught overstating their financial statements include (a) compliance with loan covenants, (b) meeting and exceeding earnings or growth expectations of stock market analysts, (c) showing a pattern of growth to support a planned securities offering or sale of the business, (d) meet personal or corporate performance criteria – to name only the most prevalent ones in this context (see Forensic Accounting and Fraud Examination, 2010, Wiley, by John Wells, Mary-Jo Kranacher, and Richard Riley).
  • Taking the figures at face value is not advisable, frequently footnotes and disclosure notes might indicate deviations from generally accepted accounting principles (GAAP).  Despite standards, guidelines, and rules, it is vital to keep in mind the subjective nature of book- and record-keeping. Differences in judgment can result in significantly differing valuations.  To illustrate:

    .5   Fair value measurements for which observable market prices are not available are inherently imprecise. That is because, among other things, those fair value measurements may be based on assumptions about future conditions, transactions, or events whose outcome is uncertain and will therefore be subject to change over time. The auditor’s consideration of such assumptions is based on information available to the auditor at the time of the audit. The auditor is not responsible for predicting future conditions, transactions, or events that, had they been known at the time of the audit, may have had a significant effect on management’s actions or management’s assumptions underlying the fair value measurements and disclosures.
    source: AICPA (American Institute of Certified Public Accountants) Standard Audit Test AU00328 and VS Section 100: Valuation of a Business, Business Ownership Interest, Security, or Intangible Asset

The issue with valuing young companies is not a new one.  In recent times we witnessed the case of Theranos (Fortune, 2016, Wired, 2016, Gawker) which turned from a USD 9  billion valuation into a serious fraud disaster.  Then there is The Honest Company which has been under persistent criticism for product fraud but more importantly in this context is its seemingly inflated and unjustified valuation, given these issues. Of course, there is also the valuation controversy around Uber, to name only a few examples.

Some argue that the current tech valuations are entirely made-up (see Zero Hedge, 2015).  We know for certain that the dot com bubble was a culprit in this regard (Business InsiderSEC action against Henry McKelvey Blodget, Merrill Lynch, internet sector stock fraud).  As mentioned above, the not so distant past might be an indicator as to where valuation practices remain problematic and require further regulation or more meaningful methodologies.

The key nagging questions that remain:

  1. If investors who provide large amounts of funds aren’t doing their proper due diligence, does this mean the data they rely on is insufficient and not sufficiently transparent?
  2. If availability, accessibility, and transparency of data are not the issue or main driver of lack of rigorous due diligence, what irrational drivers make such investors ignore all (or any) red flags?
  3. Is it the simple but persistent Gecko’s “greed is good” which appears to work again and again, even if in the very short-term only?

Further reading on valuation, in particular also goodwill valuation, in the context of IPOs:

  • SEC Comments and Trends: An analysis of current reporting issues (2012) Ernst & Young (167 pages, pdf)
  • Valuing Young, Start-up, and Growth Companies: Estimation Issues and Valuation Challenges (2009) by Aswath Damodaran Stern School of Business, NYU (67 pages, pdf)

Snap up a bubble

California-headquartered camera company Snap Inc.’s initial public offering (IPO), has been all the rage.  The valuation at USD 24 billion (~EUR 22.4 Milliarden), including staff stock and deal bonuses, set the IPO target at USD 17.  After its first day of trading at the New York Stock Exchange (NYSE: SNAP) markets are smiling and co-founder billionaires Evan Spiegel and Bobby Murphy, are beaming thanks to the stock closing 44% above its listing price.  Today’s performance has been no less impressive – or unsustainable – given the stock’s underlying business model and some risks I’ll look into in a minute.

Others, such as venture capital firms Benchmark Capital and Lightspeed Venture Partners,  Morgan Stanley as well as Goldman Sachs can also be reasonably expected to celebrate a nice pay-off.  Valuation and legal advice – as controversial as some of it may have been – generated USD 26 million and USD 21 million respectively for the underwriters.

Criticism hasn’t been missing, though, concerns have been raised that:

  • liberties were taken with investors’ rights, i.e. shareholders stripped of voting rights which leave them with no right to determine board members, influence merger & acquisitions or submit shareholder proposals;
  • the business model appears thin with a user base dwindling and user growth slowing, difficulty to reach over 35-year olds and securing their engagement for more than a daily couple of minutes on Snapchat they currently offer;
  • the company was founded in 2011, suffered a net loss of nearly USD 515 million in 2016, with an earlier net loss of USD 373 million in 2015 (see page 12 – Summary Consolidated Financial Data).

Snap Inc. has been aware of a range of risks, it seems.  In fact, among its financial information for investors – SEC filings, is today’s filing, a prospectus pursuant to rule 424(b)(4) which lists a whole set of – though in extra small-print- risks investors should take into consideration. The major potential areas of concern are cloud services and technical risks, competition issues within the industry, user loyalty (and over-reliance on non-Android – i.e. iOS users), sole reliance on advertising, reputational risk, intellectual property risk and in general a focus on user retention, growth, or engagement rates that are at the core of operations, which means a decrease would render Snap Inc’s products not only less attractive but also cause serious harm to the business.

What the report – a dense reading of 240 pages – does not mention at all, though, is whistleblowing or ex-employees who might engage in such act.  Litigation and lawsuits find ample discussion in the report and it seems Snap Inc. is acutely aware of the damage to reputation and drain on resources any legal action could have.

However, the (quite redacted) 31-pages lawsuit (via LA Times), filed in early January 2017 in the Superior Court in Los Angeles by former employ­ee Anthony Pompliano contains allegations regarding misrepresentation of the company’s fin­an­cial state.  Pompliano alleges that his refusal to give in to pressure and engage in cooking the books in order to inflate the company’s IPO value by means of false representations of metrics resulted in unlawful termination.

Inaccurate representations  and fake metrics are not just an ugly accusation of a disgruntled employee that is already causing reputational damage due to media coverage, but, if substantiated, carries serious penalties under the Securities Act of 1933 [amended]

UNLAWFUL REPRESENTATIONS SEC. 23. […] It shall be unlawful to make, or cause to be made, to any prospective purchaser any representation contrary to the foregoing provisions of this section. (…)
PENALTIES SEC. 24. Any person who willfully violates any of the provisions of this title, or the rules and regulations promulgated by the Commission under authority thereof, or any person who willfully, in a 75 SECURITIES ACT OF 1933 Sec. 27 registration statement filed under this title, makes any untrue statement of a material fact or omits to state any material fact required to be stated therein or necessary to make the statements therein not misleading, shall upon conviction be fined not more than $10,000 or imprisoned not more than five years, or both. [emphasis added]

Aside from all this remain two key questions:

  1. What role were analysts playing in the misrepresentation of metrics and related valuation, i.e. those individuals and teams working for the underwriters whose fees made headlines, i.e. above mentioned Morgan Stanley and Goldman Sachs?
  2. Also, the role of market data providers, such as Bloomberg who failed to raise the risks, the weak business model and other issues in their Snapchat/Snap Inc.coverage in late 2016 and seemed to contribute to what looks like another hype thanks to a price over revenue multiplied by an unsustainable valuation ratio of 60  (versus Facebook x 14.0, Twitter x 4.5).

Earlier this week we heard Warren Buffett (NY Times and Berkshire Hathaway 2016 letter) speaking angrily about [hedge fund] fee structures which he deemed “bordering on obscene”.  In the broader context of SNAP Inc.’s going public triggering similar questions about fees and performance, we may be at a point where perverse incentives coupled with fairly blatant ignorance of a whole host of risk issues enter the mainstream media and public awareness, gaining some of the urgently required attention they deserve.

Ironically, shareholders, who are supposed to have a voice and stake in such matters, have been muted.  In this bizarre tale of initial public offering marked by strange governance fascism, they have been – knowingly and with consent – robbed of their voice and potential power.

As to a potential case of IPO or valuation fraud, all hopes might be on the former employee who has been quickly dismissed as disgruntled.  We may just see this whistleblower case settled out of court, and the bubble further inflating before it eventually bursts, though.