Wirecard, a German payment processing company, primarily focused on transactions via debit card, credit card, and other digital methods as the site initially focused on earning revenue by providing services to porn and gambling websites. Wirecard, being one of the largest listed corporations in Germany, orchestrated a scandal through accounting irregularities which estimated to €3.5 billion. The company was accused of faking transactions to inflate its revenue and profits. This was brought to limelight in April 2020 when KPMG during an independent probe stated that the auditors could not account for a total of €1 billion. This was followed by EY’s refusal to sign off on the company’s accounts for the financial year of 2018- 2019. Wirecard contended that they have kept the $2 billion/ €1 billion with two banks in Philippines, however, the banks released a clarification that they haven’t received any money from Wirecard and thus have no record of any such transaction. It is believed that Wirecard had international ambitions, and wanted to obtain a license to issue its prepaid cards in Hong Kong. Wirecard had to strengthen its financial figures to facilitate the expansion, which led to the accounting fraud.
Wirecard used the means of round tripping to facilitate this accounting fraud. Round-tripping can be understood as a situation where a company sells an unused asset to another company, while at the same time agreeing to buy back the same or similar assets at about the same price. In India, the Income Tax Act of 1961 in its General Anti-Avoidance Rule under Section 97 defines round trip financing as “any arrangement in which, through a series of transactions- (a) funds are transferred among the parties to the arrangement; and (b) such transactions do not have any substantial commercial purpose other than obtaining the tax benefit (but for the provisions of this Chapter), without having any regard to-(A) whether or not the funds involved in the round trip financing can be traced to any funds transferred to, or received by, any party in connection with the arrangement; (B) the time, or sequence, in which the funds involved in the round trip financing are transferred or received; or (C) the means by, or manner in, or mode through, which funds involved in the round trip financing are transferred or received.”
Wirecard transferred certain funds to its subsidiaries and showed that these subsidiaries received the said funds from their customers. This made the people believe that the said subsidiaries were making good profit. However, the same was transferred back to the parent company later. Additionally, in order to legitimize their revenue, Wirecard established certain bogus partner companies that provide services to the gambling and porn websites, and the revenues of these partner companies were reported in Wirecard’s books.
Where did Germany go wrong?
The downfall of Wirecard resulted in damaging the image of Germany as a financial center, undermining the reputation of the federal supervisory authorities, and ultimately, weakening Germans’ confidence in share investments. This accounting fraud revealed not only the potential gaps in audit but also the loopholes in accounting regulation and enforcement in Germany.
In Germany, the enforcement of any financial reporting is based on a “two-stage” model, with two institutions involved. The first institution is the Financial Reporting Enforcement Panel (FREP), a government-appointed privately organized institution that examines the financial reports of publicly listed companies, and second institution is the Federal Financial Supervisory Authority of Germany (BaFin). Following this fraud, both the institutions faced criticism for their slow and non-proactive method. However, BaFin faced major backlash and was criticized on three grounds: [A] the institution ignored the whistleblower’s allegations on the accounting fraud; [B] when Financial Times (FT) had initially reported the accounting fraud, BaFin in turn had criticized FT and lodged criminal complaint against the journalists; and [C] BaFin points out that it had oversight only of Wirecard Bank’s banking arm and not the core payments processing business, thereby shrugging off its responsibilities.
How did the German Regulators react to the scandal?
The plan put forward by Germany revolves around strengthening the powers of BaFin and abolishing the previously existing two-tiered system in which the onus for monitoring the financial reporting of listed companies was with the FREP. The German regulatory regime had a provision under which BaFin could ask FREP to open a probe into a company’s financial reporting and accordingly BaFin had to wait for the result before it could start its own investigation. The government cancelled its contract with FREP, acknowledging that a system of self-regulation by the auditing industry wasn’t effective.
Furthermore, Germany’s Finance Ministry has stated that the financial regulator will be equipped with “sovereign powers” to intervene “directly and immediately” in public companies. Their action plan aims at restructuring the organizational structure of BaFin in order to ensure that it is better equipped to audit company balance sheets and protect consumer and shareholders’ rights at the same time. Additionally, the government will also examine how to enhance the way it handles tip-offs from whistleblowers and increase incentives for them to disclose information. This step has been taken in light of the various accusations against the German authorities for disregarding the tip-offs from whistleblowers in the past.
This accounting fraud is also perceived as a failure for the European Union and therefore it is believed that the finance ministry of Germany will request to transform the EU’s financial oversight body into a ‘European Securities and Exchange Commission’ which will be modelled on the Securities Exchange Commission as in the United States of America. It has been adopted keeping in mind that the SEC in the United States of America has extensive powers to demand information from listed companies and Germany wishes to inculcate a similar model for the European Union.
Laws Governing FinTech in India
In India, payments are considered to be the most evolved fintech sub-category, in terms of both business and regulations governing this space. The Payment and Settlement Systems Act, 2007 (PSSA) governs and regulates the operation of payment systems in India. The PSSA under section 3(1) of the Act authorizes the RBI to regulate payment system participants and any entity wishing to operate a payment system in India is required to obtain RBI’s authorization under the PSSA.
However, certain fintech activities may be regulated by Securities and Exchange Board of India (SEBI) and the Insurance Regulatory and Development Authority of India (IRDAI). Additionally, there are other laws which are applicable laws to fintech and these include- Information Technology Act, 2000, Prevention of Money Laundering Act, 2002, and Consumer Protection Act, 2019.
Wirecard Scandal – An Eye Opener for India
Modification in current laws
In 2016, the RBI had set up an Inter-regulatory Working Group on Fin-Tech and Digital Banking. The following recommendations by the Working Group could prove useful in a case similar to Wirecard fraud:
[A] The report suggests that regulators need to take care to avoid two pitfalls with regard to fintech’s. The first is creating barriers for the entry to newcomers. This should be avoided as doing so would discourage financial innovation and stifle competition in the financial sector. The second potential pitfall is favoring newcomers by regulating them less stringently in the name of fostering competition. Regulators therefore have to provide a level playing field for all participants, but at the same time foster an innovative, secure and competitive financial market (paragraph 6.1.4).
[B] The report referred to the Watal Committee Report which has noted that the current law does not impose any obligation on authorized payment systems to provide open access to all Payment System Providers. This has led to a situation where access to payment systems by FinTech firms is restricted. Most of them can access payment systems only through the banks, which are their competitors in the payments service industry. Therefore while to a certain level this acts as an agency to verify transactions, however at the same time, the requirement to connect to banking systems to serve their customers leads to FinTech companies facing restrictive practices. This anti-competitive setting may not be conducive for innovation and consumer interest.
[C] Section 17 of the Payment and Systems Act empowers RBI to issues directions to payments systems and its participants. The RBI can therefore use this power in cases of FinTech innovations. However, it is important that a legal framework setting out the broad contours of what principles financial innovations should conform to are established to minimize RBI intervention.
[D] Additionally, the report has recommended setting up the innovation hubs and regulatory sandboxes. The innovation hub will help the fintech companies with regulatory uncertainty and improve access to supervisory authorities amongst other things. Further, regulatory sandbox will help in virtual testing of new products/services.
It is pertinent to note that the above mentioned points are extremely important in light of the Wirecard Fraud. As we have noted, one of the primary reasons why Wirecard opted the method of round tripping was to inflate its revenue. This was done in order to acquire the regulatory approval in Hong Kong without any hinderance. Accordingly Wirecard manipulated its finances to portray a picture that it was financially strong and therefore the license should be granted to the company at the earliest. While there exists no specific regulation to govern round tripping in India, the RBI in its FAQs on Foreign Exchange Management (Transfer or Issue of Any Foreign Security) Regulations, 2004 clarified that a foreign joint venture (“JV”) and/or wholly owned subsidiary (“WOS”) cannot be used by Indian Parties (as defined under the ODI Regulations means and includes, corporate entities incorporated in India making investment in overseas JV and/or WOS) to make investments back into India.
A whistleblower is somebody who makes a disclosure/revelation, that is assumed to be based on facts and not speculation. However, currently in light of the scam there is an urgent need for clarity on what refers to disclosure. The Government of India had enacted the Whistle Blowers Protection Act in 2014. This statute was formulated in order to provide public servants with a method that safeguards persons making such complaints from being victimized.
Additionally, The Securities Exchange Board of India (SEBI) clearly requires listed companies to have a whistleblower policy and also to make employees aware of such policy. Further, SEBI has also introduced a reward mechanism for incentivizing whistleblowers. Unfortunately, currently in India there exists no specific law on whistleblowing applicable to private employers. However, a vigil mechanism with adequate safeguards against victimization of whistleblowers is provided for under the Companies Act, 2013. Further, to encourage ‘disclosure’ by auditors, the Companies (Auditor’s Report) Order, 2020 (CARO 2020) enforces stringent rules for due diligence. By the same token, companies are required to share information on whistleblower complaints with their auditors, including the official action taken with regard to complaint.
Generally in India, the company’s management is primarily responsible for implementing whistleblower policies, procedures, and controls. Further, to some extent, the board of directors/audit committees oversee such implementation, but the fear of retaliation and the lack of assurance for respecting anonymity continue to deter effective ‘disclosure’. While India is striving to find the ideal balance between whistleblower policies, malicious complaints, and protecting commercially valuable information, the pressure of the whistleblower in the scandal has highlighted the urgency for a compliance refinement that protects the whistleblower with sensitivity while giving due seriousness to the matter. In light of this the CARO 2020 is a first great step towards addressing the issue at hand. It is important to ensure along with safeguards against retaliation as this will definitely lead to a rise in employee vigilance.
Therefore it can be concluded that what happened in Germany can reasonably be prevented in India. As noted above, India has a lot of regulations already in place and additionally has also been working towards curbing the existing loopholes in the current regulatory frameworks. The Wirecard Fraud has alerted the regulators worldwide and India is no exception to the same.
This article has been authored by Shradha Agarwal (member | Centre for Studies in Banking and Finance; student | National Law University, Jodhpur).