October 17, 2019
We question the depth of EY’s “full scope audit” on CardSystems Middle East (CME) - our analysis finds the transaction data to be highly implausible.
In the treasure trove of information released by the FT, two spreadsheets show monthly data for the individual customers of Al Alam booked through Dubai and Ireland, over two separate periods.
According to the FT, between June and October, Wirecard’s lawyer, Herbert Smith, told them repeatedly that these documents were not real:
It is wholly unclear what you intend to achieve by continuing to approach our client with such questions, in circumstances where our client has told you time and time again (since at least June 2019) that it does not believe the document to be authentic and where you have refused to provide any evidence to support your bare assertion to the contrary.
However, whilst the Wirecard statement of the 16th of October confirms the authenticity of the documents, it contrives to challenge the conclusions and allegations that the FT has made. The statement specifically refers to the 34 company names mentioned by the FT, all of which are listed in the Al Alam spreadsheets.
The key allegations made by the FT were that many of these customers are no longer in business or claim to have no relationship with Al Alam, and therefore the revenues generated were unlikely to be real. Wirecard has neatly sidestepped that allegation by insisting that the “company names” mentioned (such as Banc de Binary, 1xBET.COM, or Africa Airtel) did not refer to customers per se, but instead “refer to labels of customer clusters created for reporting and reconciliation purposes, each containing hundreds of individual genuine merchants.”
This confirms the data presented is the real data being used to generate Wirecard’s accounts. But analysing it leads to startling conclusions. Every basic audit should include at least a sample of transaction data to confirm a high probability of authenticity. Under a full-scope audit, both CME and Wirecard UK & Ireland (WCUK) should have been counted as significant components that should have faced transaction sampling. And yet our basic analysis of Wirecard data suggests that Al Alam transactions for WCUK and CME were fabricated. This implies EY were either presented with different transaction data, or they did sample them but did not perform sufficient analysis on this data. Either way, a more detailed explanation and/or a new audit is required.
The two key customer spreadsheets report gross volumes and transaction counts by month. Dividing gross volumes by transaction count gives you gross volumes per transaction – essentially the average spend per transaction per merchant or “customer cluster”.
Some variation should be expected in these numbers month over month. For example, e-commerce merchants might have higher average spend in January sales than February. However, if merchants are clustered in groups of “hundreds of genuine merchants” as Wirecard claim, these figures should move even more significantly due to differing seasonal patterns of various merchants and global regions.
The one thing you would not expect is nearly identical figures month over month. Even an online business as consistent as Candy Crush has revenue per user variation of over 5% per month. To any auditor these figures should stand out as being suspicious. Gross volumes per transaction that are almost identical month after month for most customers are simply not credible.
Interestingly, the only group of merchants or clusters that is more inconsistent (closer to the data one would expect), is highlighted by us in grey above. We have added the grey for emphasis, but the difference in the merchants is emphasized in the original spreadsheet by CAPSLOCK. These two merchant cohorts have data that performs differently, CAPSLOCK all shrank in Feb and March, while Grey all grew. Perhaps these two cohorts were created by different authors?
One additional indication of accounting fiction looks like a typo on Molotok’s January and CyberPlat’s February numbers – where a decimal place error may have caused gross volumes/transaction to move 10x higher than the adjacent months. This simple hardcoding input error, which is incorporated into Wirecard’s EY audited financials, highlights the shallow nature of oversight, and the elementary level of this creation.
Frankly, we expected a higher level of creativity from Stephan von Erffa and Kai Zitzmann, the two authors of these spreadsheets.
The 2016 data for Wirecard UK & Ireland also shows remarkable autocorrelation. Either these CAPSLOCK merchant clusters are the most consistent in the world, or in our view more likely, they were simply made up.
We look forward to seeing how Wirecard will explain this statistical miracle. A logical interpretation of the data suggests fraud.
Interested in Wirecard’s numbers not making a lot of sense? You’ll love our work on MCA. We first starting publishing on Wirecard’s alleged MCA lending program in June, all research is published on our website www.mca-mathematik.com.
|Wirecard Brazil (€M)||Our|
|Company Reported MCA||400||400|
|Brazil % Estimate||40%|
|Brazil MCA Estimate||160||160|
|Monthly Credit Volume||37.2||37.2|
|Calculated MCA Balance||18.6||18.6|