On 1 January 1999 Wirecard AG (then named InfoGenie AG) was founded. At its peak in 2018, the German tech favorite had a valuation of almost €25 bn. Twenty-one and a half years later, on 18 June 2020, it announced that €1.9 bn that was supposed to be in Philippines banks was “missing”. 4 days later, it admitted the “missing” funds likely did “not exist”. 3 days after the admission, the Munich-based global payment processor and financial services provider filed for insolvency.
What went wrong?
What we know so far
While investigations are ongoing and more information will likely surface, we note the following key points highlighted so far:
1. German financial regulators were made aware of the problems are Wirecard in January 2019 by an anonymous whistleblower to the Financial Times
2. Investigations began in Germany, and the Singapore Commercial Affairs Department (CAD) began criminal investigations into Wirecard’s Asia Pacific HQ in Singapore in February 2019, raiding the local office after fraud allegations were made
3. The Philippines Central Bank claimed no money from Wirecard entered the country’s financial system
4. Two banks named by Wirecard, Bank of the Philippines Islands and Banco de Oro Unibank, have publicly stated that Wirecard is not a client.
5. Key points from the Financial Times report:
- for more than three years, Wirecard’s financial auditors did not request account information from the Singapore bank which Wirecard claimed held up to €1 bn of its cash. According to the report, the “routine” audit procedure of checking with the bank was skipped, as the auditors depended on documents and screenshots from a third-party trustee and Wirecard
- half of Wirecard’s business is outsourced, with payments processing handled by partners who pay Wirecard a commission
What we can learn
1. Whistleblowers were integral in bringing the alleged misconduct to the attention of regulators, the investment community and the public, despite Germany not having private sector whistleblower laws. Wirecard employees would have no legal remedies if they are fired or demoted.
- Implement a whistleblowing policy to allow reporting of irregularities or suspicious activities. Policies and procedures should be in place to ensure all valid concerns and irregularities raised will be treated with confidentiality throughout the process
2. Corporate governance and internal controls have to be properly implemented, not just established on paper. Examples:
- Segregation and rotation of duties for sensitive roles
- Setting up fraud risk policy and performing regular assessment to flag areas of weakness and gauging the effectiveness of policy
3. Independent auditors have a key role to play in reviewing controls without fear or favour. Rotation of auditors every few years should be considered
RHT Compliance Solutions comprises experienced and certified professionals with extensive regulatory, compliance and risk management experience from Singapore, Hong Kong and the region. The team aims to provide clients with insightful, risk-focused and cost-effective solutions through their extensive experience in serving a wide spectrum of clients across diverse financial sectors from regulators, asset managers, fintech firms, insurance agents and brokers, remittance to commodities and corporate services.
RHT Governance, Risk & Compliance is a professional services firm specialising in risk management, internal audit, IT audit, sustainability reporting, governance review and scrutineering. As trusted partners, our team recognises individual organisations’ requirements for managing growth and operational challenges whilst being mindful of the business risks and to achieve good corporate governance and meet regulatory requirements.
For further information, contact:
RHT Group of Companies
1 Paya Lebar Link #06-08
PLQ 2 Paya Lebar Quarter