
Wirecard hired actors to fool auditors - ramboldio
https://www.manager-magazin.de/unternehmen/wirecard-jan-marsalek-soll-wirtschaftspruefer-ey-mit-schauspielern-getaeuscht-haben-a-00000000-0002-0001-0000-000172590382
======
jacquesm
Here's my little Wirecard story: Back in the day when Camarades.com/ww.com was
doing well we were through an intermediary approached by a German investor,
one Paul Bauer-Schlichtegroll (I'll never forget that name), an - at that
moment - successful German businessman, who was importing Vans sports shoes
into Europe.

He became a 5% investor in our company through an entity called Max Madhouse
GMBH with an option to buy a much larger share. The day after the deal was
signed he turned around and tried to screw us - the founders - out of our own
company through a minority shareholder lawsuit.

Eventually we got rid of him, but this cost us a lot of time, money and
momentum. Two years later Bauer was one of the founding members of what
eventually became Wirecard.

So I've always seen Wirecard as a bunch of crooks.

At the same time I have some sympathy for the BaFin people, there are way too
few of them and the opposition was very well versed in showing one face whilst
actually being something completely different, the length to which these
characters would go to show a good face was beyond anything that I would have
normally imagined. I'm still a touch paranoid because of it, and I'm sure the
same goes for the rest of the former Camarades.com/ww.com team.

I don't know what happened to him, he seems to have disappeared as well, but I
do know that anything that he's ever touched was rotten at some level.

~~~
StreamBright
I can also add some here. We worked for WD for a while. There was this weird
thing going on. We requested MacBooks because we were working on Linux and
cloud but the management had a policy that managers were entitled to have
MacBooks while by default engineers had to use Windows laptops. As externals
we were denied MacBooks.

So managers were running Powerpoints on Apple while engineers were running
Python, aws-cli on Windows. Perfectly reasonable according to them. I could
only estimate the amount of productivity lost on this. Of course WSL was not
allowed because corporate security classified it insecure.

~~~
ChuckNorris89
Management getting swaggy laptops and engineers having to work on the cheapest
and shittiest windows laptops is a thing in every German company where the
software isn't the core product(embedded, IoT, hardware, automotive,
mechanical, chemical, finance etc.) because Macs are expensive and since
beancounters are valued more than SW engineers they can make themselves look
like heroes in front of management by showing them how much money they saved
the company by leasing a fleet of cheap machines for everyone, regardless of
their job, from the local HP/Dell/Lenovo dealer vs the productivity loss of
their developers that they won't bother considering.

I only saw good machines in companies where only software was their
business(mostly web shops) so management there knew the value of providing
good laptops and monitors.

~~~
ashtonkem
The irony is that as I move into management, I less and less see the value of
me personally having a powerful laptop. My job is Jira, Github, and Zoom; why
should I carry around a 16” MBP for all the power I don’t need?

~~~
Nextgrid
Wait until you need to run Microsoft Teams. You’ll need to carry an entire
supercomputer to run that pile of shit and even then it won’t be smooth.

Even Jira is not too far off these days unfortunately despite being a
relatively simple tool (but they needed to justify hiring tons of JavaScript
developers).

~~~
phatfish
At least we can be safe in the knowledge that Teams will be the only bloated
Electron app Microsoft make a core part of the Office suite.

There is no way most company issue laptops can run two programs that resource
heavy at once, without Windows 10 randomly closing other applications or
flashing a black screen at you.

~~~
ashtonkem
Nothing can possibly be slower than a heavily customized Jira instance.

I opened up the api recently to discover that every story I edited had close
to 100 custom fields on them, most duplicative (presumably) and hidden.

~~~
Nextgrid
What angers me about Jira isn’t the slowness of the backend - that I can wait.
It’s the slowness of the frontend that’s the problem, which is a combination
of a JS-heavy front end as well as its hard dependency on the backend, where
as basic HTML forms & page navigations typically leave the previous page
interactive until the response from the backend arrives so you can still look
at the existing page as well as allowing you to cancel a page load and still
keep the currently loaded page.

------
KingOfCoders
As the person responsible for IT I was audited in several companies by several
of the large auditing firms. The people auditing IT had no clue what they were
doing, no clue about IT and were just running a checklist. I could have told
them whatever I liked.

~~~
arethuza
My wife started her career as an internal auditor at a UK financial company -
she was apparently repeatedly told to _stop finding problems_ , her manager
acknowledged that the things she was finding were real problems but nobody
wanted to have formal reports describing them.

She left after a colleague who apparently spent most of his time asleep in a
cupboard got promoted over her....

~~~
watertom
I hope she wasn't surprised. People who listen to their managers get promoted.

~~~
ben_w
Perhaps this is naïveté on my part, but I imagine that if I worked for an
organisation whose explicit purpose is to look for things which need fixing or
certify that no known issues are present, I would be surprised if “shoot the
messenger” was — even metaphorically — a real policy.

I would also ask myself how far the rot went, because if (for example) this
organisation was also supposed to audit the government and yet promoted those
who “slept in a cupboard” over those who worked diligently, then I would
expect the country to suffer a very large and very surprising economic
disaster.

~~~
curiousllama
Hi, yes, this is largely how audit firms work. If they find a problem, they
will not be hired next year.

That said - don’t despair! The purpose is NOT to catch purposefully-fraudulent
CFOs. That’s the SEC’s job. It’s much more of a forcing mechanism for
otherwise-honest CFOs: they know they have to justify what they’re doing
somehow, and the auditor knows that if something will inevitably blow up
anyway, they can’t sign off. So it just arrests the slippery slope when honest
mistakes are made.

~~~
cutemonster
> arrests the slippery slope

What does that mean? Not a native speaker, dictionary not so helpful

~~~
ben_w
“Slippery slope” is an (often misused) metaphor; the bottom of the slope is
generic badness, the top is a good place to be, and the slope is slippery
because if you start sliding down it can be very difficult to stop.

While “arrest” normally means a police officer putting someone in handcuffs,
it is derived from derived from the French word “arrêt“ meaning 'to stop or
stay', and can still be used in that sense.

Thus, “arrest the slippery slope” means “prevent bad behaviour”.

~~~
cutemonster
Thanks! Interesting to hear about the origins of the words

------
Tepix
What's the headhunter bounty for former Wirecard COO Jan Marsalek? He's still
at large: [https://www.finextra.com/newsarticle/36396/marsalek-joins-
in...](https://www.finextra.com/newsarticle/36396/marsalek-joins-interpols-
most-wanted-ranks)

~~~
jacquesm
[https://www.bellingcat.com/news/uk-and-
europe/2020/07/18/wor...](https://www.bellingcat.com/news/uk-and-
europe/2020/07/18/worlds-most-wanted-man-jan-marsalek-located-in-belarus-data-
points-to-russian-intel-links/)

Not sure how reliable that is but it would make some sense, close by and hard
to impossible to be extradited from there.

~~~
MiroF
It's ridiculous how any rich person accused of fraud in the West can take
asylum in Russia/China and vice versa.

~~~
mschuster91
Because it is more than likely that Wirecard was not just running a front for
illegal gambling and questionably legal (in terms of youth protection
compliance) porn sites, but also a front for Russian GRU/FSB to distribute
cash to agents and sources.

There is no other reasonable explanation as for why he is under the care of
GRU.

~~~
MiroF
?? The United States and Europe routinely do the same thing - I think that
other countries would do this as a "screw you" to US/EU just as much.

------
ludamad
Auditing - be it corporate accounting or election results - breeds false
security the moment it doesn't work. I think transparency into critical
vetting will be a big societal improvement.

~~~
jacquesm
I do this for a living and if there is one thing that I have found it is that
due to COVID-19 on-site visits are no longer an option (especially not
internationally) and this has caused us to be blind to certain classes of
problems. It is a lot of work to get around that remotely and to not have a
drop in quality because of that. We are at least aware of the problem but even
then this is a tricky thing to solve. When looking through a keyhole you can
get a completely different view of a company than the one you get when you
spend a day on their premises.

~~~
ludamad
Beyond your fair points, my statement is unfair because it's trivially true.
"Transparency into critical vetting" hides the complexity of individual
comprehension, single points of failure, etc. I just know I have very little
trust into opaque processes that randomly blow up

------
holidayacct
This happens all the time, I worked for a company that was audited by a
security firm. The security firm compromised every part of the company by
pretending to be employees, third party vendors or competitors looking to hire
away current employees. Some of their existing employees gave away every
single detail you'd need to compromise the infrastructure during interviews.

Fooling auditors isn't going to be all that difficult, most auditors get
confused if there is too much going on in the room . I've literally seen a
publicly traded company pass an audit just by making the audit frustrating and
then providing every perk you can imagine outside of the audit room (including
attractive men/women). As you can imagine, they didn't do a very thorough
audit.

------
pvitz
It's behind a paywall, but according to a summary [0], Marsalek or someone
from Wirecard built fake physical branches of banks on the Philippines. The
auditors of EY were invited to come to these branches to talk to actors who
convinced them that the 1.9 billion EUR of Wirecard exist on their bank
accounts.

It reminds me somehow of the movie "The Sting"...

[0]
[https://www.focus.de/finanzen/boerse/wirtschaftsticker/schau...](https://www.focus.de/finanzen/boerse/wirtschaftsticker/schauspieler-
in-der-videokonferenz-ex-wirecard-vorstand-marsalek-das-drehbuch-seines-fast-
perfekten-bluffs_id_12340700.html)

------
throwaway15516
I know someone who worked at a well-known Berlin Fintech and once there were
people visiting from a partner bank. They expected people in various formal
positions there so they filled them in ad-hoc with the available people.

I guess audit means most of the time just: checking some boxes without
actually following through paper trails.

------
stephenr
I can’t read German so I don’t know the details the story is detailing if any
but isn’t this just the ultimate example of “fake it till you make it”,
combined with an Uber-esque disdain for laws and regulations?

Why are people always so surprised when “disruptive” organisations actually
end up doing a bunch of weird shit?

~~~
jacquesm
I don't think they ever planned to 'make it'.

------
grenoire
Can we get an English report, preferably not paywalled? From what I can read
in the first few paragraphs, the title seems sensationalised.

~~~
gravitas
The website is user-hostile; if you accept the Advertisements it attempts to
set a cookie which the Firefox tracking protection layer won't allow to
happen, resulting in an error and no article access.

~~~
MichaelApproved
Is that FF tracking protection turned on by default?

~~~
marcosdumay
Yes, it's on by default.

There is a site-wide off switch if you know where to look, but I doubt most
people would find it.

------
shallowthought
This is the most irritating paywall I've ever seen. Why did you submit this?

