Most politicians and experts would agree that the next accounting scandal can be avoided by simply granting authorities more competencies and reforming the institutional framework of
auditing.
Regretfully, such actions merely increase operating costs of regulation without touching upon the root cause of the problem. The current state of ledger technology most widely in use comes with
limited abilities and is thereby driving the cost of auditing. For this reason, inadequate technology can be deemed as the main driver of fraud.
Only when this fact is acknowleded, will politicians be able to consider appropriate steps that effectively prevent misdoings at moderate cost. Accordingly, legislators should prescribe
ambitious guidelines that ledger technology mustly strictly comply with. In order to do so, regulators can formulate principles that do not favour any specific technology.
Such a principle could be the following: Store the consent of all parties to the contract about outstanding contractual obligations electronically and in immutable form. Interlink items
on the accounting ledger of a company to such a database in order to enable automated validations.
There are some technological options already available that satisfy such reasonable principles. Distributed ledger technology (DLT) is clearly among the most promising ones.
In order to derive an approach on how best to regulate, it is useful to start with a clear and simple view on the actual problem. In public discussion, the Wirecard case is mostly connected to
problems in how a firm's accounting figures are audited.
First things first: How to best look at firms in this context, what is accounting about, and how does auditing work?
From an abstract point of view, a firm can be described as a cash flow generating contractual arrangement. A
stock of contracts which generates flows of cash leaving and
reaching the company.
In the following, I will stick to this view where factors of productions only exist in the form of property rights in something that contributes to fulfilling
contractual obligations with clients. The business of banking is a more straightforward case: financial products are actually nothing more than contracts clearly stating who pays what under
specified terms and conditions. This applies as much to simple current accounts or mortgage loans, as it does to complex derivatives.
As the word "accounting" already implies, the act of keeping accounts is the foundation of accounting. The aim of accounting, however, is to truthfully report the financial state of a company. To
this aim, accounting reports are used to assign value to the stock of contracts that constitute a firm. In this respect, accounts are used to reduce the complexity of contracts in a way that
their current state is technically reportable and can be assigned a tangible value.
The normative book of rules that assigns value to contracts is simply the generally agreed accounting standards. Some professionals
infer these standards from principles which they regard as acceptable. This is different from stock market exhanges where the assignment of value is fully driven by subjective valuations of
individuals who may evaluate information very differently.
To give an example which is relevant for the banking case, the representation of a loan contract on the asset side of a bank balance sheet starts with its loan
account balance. The account balance states the current outstanding principal amount which the debtor (client) still has to pay to the creditor (bank). This essentially tells the reader that
a contract exists that will generate cash inflows amounting to the outstanding principal. Any unlikeliness to keep such contractual obligations will lead to provisions accounted for at the
liabilities side of the balance sheet.
The business of auditing is to give credit that assets (i.e. the contracts) exist and that the value which is reported for them is derived in line with a certain accounting standard.
To this aim, the art of auditing seeks to substantiate seven fundamental assertions.
-
Accuracy: correct amounts are stated
-
Completness: all relevant positions are covered
-
Cut-off: items are ascribed to the correct period
-
Existence: no fictious positions are assumed
-
Rights and obligations: full entitlement to assets, existing duties are correctly assumed
-
Presentation and disclosure: no obfuscation of results
-
Valuation: correct market values are assigned
The compliance with the above-mentioned principles is checked while sticking to the materiality principle according to which auditing and its
resulting corrections prioritize items that are most important to the accuracy of the entire financial statement as a whole.
An account balance states the value obtained after performing a netting of all postings to this account. The place where these postings and nettings take place is called ledger. Since paper as a
storage medium is outdated, ledgers are processed electronically on some type of data bank.
Confirming the truthfullness of an account balance implies that any posting on the ledger originates from the contractual
obligation the account represents. In accounting practice, this proof of existence, accuracy, and rights and obligations is technically performed by checking that the amount of each posting is backed up by a bill or comparable statement. A bill
is always issued under a contract and mentions its counterparts as issuer and addressee.
A thorough check not only comes with the proof that there is a bill backing the posting but that the bill actually represents a valid obligation of an
existing contract agreed upon by actual parties that accept responsibility for fulfilling the contract. A robust audit therefore should always include reaching out to the other contract party and let he/she confirm the terms of the
contract.
Unfortunately, given (outdated) technological limitations, auditors either perform such checks only on a sample basis and manually, or by
means of approximation and inference from log protocolls of IT systems. In this regard, a fundamental problem is that auditors can often only draw from
on-premise ledger data which is stating the view of the audited company itself, leaving room for manipulation.
Wirecard allegedly owned EUR 1.9 billion that were meant to exist on Philippine bank accounts which were administered by a trustee called the escrow agent. According to the terms of such
escrow accounts, Wircard (as the escrow) would not be able to withdraw money without the consent of the escrow agent. Statements that referred to the respective escrow
accounts where fictious. Upon request of the auditors, Philippine banks denied the existence of these accounts.
In a nutshell, auditors where not able to actually find a counterparty which was willing to confirm that it was part of a contract with Wirecard and therefore
obliged to pay back the assumed amounts, alledgedly parked on the escrow accounts.
Individually reaching out to each and every counterparty of an audited company is not tenable. Only fully automated processes will allow the gathering of evidence at
reasonable costs.
Fortunately, existing technology can already help bridge the gap between two contractual partners and let them confirm the terms of the contract as well as its current state of fulfillment, e.g.
any outstanding amounts on accounts kept at another bank. Subsequently, such confirmation can be stored in a way that makes ex post manipulation impossible without the consent of the
respective parties.
We see that regulators are able to easily formulate a simple principle that does not favour any specific technology: Store the consent of all parties to the contract about outstanding contractual
obligations electronically and in immutable form. Interlink items on the accounting ledger of a company to such a database in order to enable automated validations.
To be specific, DLT does already satisfy such demands. Alternatively, we could also imagine a publicly trusted agent to operate a database storing these confirmations. Contract parties could then
deliver and retrieve information from such database by the use of simple application programming interfaces (API).
Only the State has both the legitimacy and authority to determine the rules of the game. Such prominent position is coupled with the responsability to deliver the respective
public service.
Therefore, nobody other than the legislator and the related regulatory agencies should be blamed for not having prevented such missdoings, if we see yet again individual companies performing
fraud in a manner that could have been most effectively, as well as cost-efficiently, prevented by the state in the first place.
I thank Ulrike Verst and Terence Storey for valuable feedback. Views expressed in this blog are strictly my own as a private person. However, I want to disclose
that I work for a company which developed a DLT proof of concept in the area of regulatory reporting. I am not directly involved in the development or marketing of such applications.