Fraud Induced Panic at the WANDisco

This a frustrating case because it’s still ongoing and a lot of data isn’t available, but we’ll try. WANdisco is a UK company that specializes in moving large amounts of data to the cloud. The name is an acronym for wide-area network distributed computing. They grew organically and had a successful IPO in 2012 on the London Stock Exchange. In 2023 the company was exploring a dual US/UK listing.

In March of 2023, the company was forced to restate earnings. An initial investigation had revealed that purchase orders spanning revenue of $14.9 million last year and sales bookings of $115.4 million had been false, the company said. It meant annual revenues outlined in January should have been $9.7 million, rather than not less than $24 million, and bookings should have been $11.4 million, not $127 million.

Ouch. 2/3 of 2022 revenue was false. WANdisco had been audited by PWC through 2018 and subsequently by BDO. An initial investigation by FRP Advisory indicated that they “continue to support the initial view that the irregularities are as a result of the actions of one senior sales employee”.

If this is true, one person managed to almost triple revenue fraudulently. There appear to have been at least some red flags. Revenue tripled year over year but with significant growth in the percentage of receivables. The relationship between sales and receivables should have been consistent, but receivables growth significantly outpaced revenue growth. The presence of sales without collections is a definite red flag. Additionally, the company kept reporting contract wins without naming the customers. Certainly, there are customers who prefer not to be named in press releases, but not all of them.

WANidisco founder and CEO Dave Richards and CFO Erik Miller stepped down in April. Additionally, the company was forced to lay off 30% of its staff and indicate risks to its ability to continue as a going concern. However, the outcome is bigger than just this fraud. Like Wirecard in Germany, WANdisco was seen as a key example for luring and developing startups in the UK.

WANdisco was able to raise another $30 million so it appears that the going concern risk is mitigated for now. It doesn’t take a genius to argue a lack of internal controls here. I would argue that falsified revenue also points to a problem with the tone at the top.

It’s months later and there is still no indication of who was responsible which seems odd. This is a publicly-traded company with a material misstatement that seems to clearly indicate a responsible individual. I’m not into conspiracy theories, but this one is weird.

Eldridge, Iowa City Clerk Accused of Misuse of $75k of County Funds

corn field

In 2022 officials from the City of Eldridge, IA has some concerns about “spending and “certain financial transactions” processed by former city clerk Donna Benson. They asked the state auditor to review transactions from 2017 through 2022. The auditor’s report covered the period of January of 2017 through October of 2022, not quite 6 years.

Over that period the special investigation found a little over $76k in improper disbursements almost $9k of unsupported disbursements. The $76k included:

  • $42k of personal purchases made with the city’s credit card
  • $1.1k of unauthorized payroll
  • $16k in payments to Benson’s personal credit card
  • $16k in payments to other vendors for personal expenses.

The additional $9k was mostly credit card charges and payments to vendors that could not be conclusively proven to be personal.

The case has been turned over to law enforcement. If the allegations are true, Donna Benson is no criminal mastermind, but $12k a year was a nice little raise. It gets worse. In March of 2022, six months earlier, the state auditor issued a report recommending the city improve segregate duties, reconcile ending cash and investments, and implement a purchasing policy. None of those recommendations were adopted.

The auditor’s special report again recommends strengthening internal controls, including properly segregating duties, performing independent reviews of bank reconciliations, and ensuring all disbursements are properly supported, approved, and paid in a timely manner.

This is pretty straightforward stuff. If you think it can’t happen in your organization you’ve simply been lucky. But there’s one more fun piece to this. At the bottom of the article is this link to all of the State of Iowa’s Auditor reports. Additionally there is a detailed link for each case including this one. The details are fascinating and the number of investigations is eye opening. Not all of them result in referrals to law enforcement, one case found $151 in improper disbursement for example, but there’s a lot of shenanigans going on.

IT Purchasing Scheme leads to $1.4 Million Fraud


We’re off to New Hampshire this week. In early 2019 Tod Erickson of Londonderry, New Hampshire worked in Massachusetts for a Canadian-owned telecommunication company. He was an IT manager and he had responsibility for submitting purchase requests for IT equipment like computers and hard drives.

It is alleged that from 2012 through February of 2019 Erickson submitted fraudulent requests, essentially requests for unneeded equipment. He would then sell the equipment for his personal benefit. In a twist, he is also alleged to have filed false tax returns by not reporting his illegal income.

This one could be tricky. If Erickson managed to get the computer equipment properly added to the budget, he could make a legitimate purchase request, get it approved per the budget, appropriately received and invoiced. Everything would be above board coming in the front door and then quietly walk out the back.

At least some of these items should have been treated as fixed assets. Controls over assets should have turned up a problem over the seven years of this fraud. Segregation of Duties could have helped if someone else was responsible for managing and distributing the equipment. Appropriate inventory controls over unissued equipment would also help. Like I said, this one could be tricky to catch in a small office.

$400k of HR Fraud at Financial Magazines

man and woman near table

We’ve seen plenty of fraud out of the accounting department. We’ve seen fraud out of purchasing and fraud out of IT. Today we’ve got fraud out of HR.

Mansueto Ventures is the publisher of Inc. Magazine and Fast Company so this one is a little embarrassing for them. This case is also unique in that it deviates from my theory that fraud is often caught near breakpoints of 10k, 100k, etc. We could catch fraud around these breakpoints because those thresholds trigger additional controls. It could also be because prosecutors like bigger numbers. Either way, that’s what I see in reported frauds. This one falls in the middle at $429k.

Nirvani Sabess was Mansueto’s director of people and culture since September 2018. It is alleged that Sabess “would have had the ability to obtain administrative privileges” over the company payroll system. Sabess is accused of keeping payroll active for employees on leave or who had left the company and redirecting their direct deposits to her account.She allegedly used her elevated access to change employees’ passwords and security questions, then reroute their direct deposits to her own account.

The indictment is sealed so we don’t get to see the juice specifics yet. Sabees is actively fighting the accusations. Many accused fraudsters quickly confess and take a deal, but not Sabess. $429k might not seem like a lot compared to some other frauds we’ve looked at, but this is a small magazine publisher running with lean staff and $429k is a lot.

I really have two takeaways here. First, if Sabess did this as described it shouldn’t be to hard to prove. I’m still trying to think of an innocent reason why departed employees would still be active with your bank account on their record. It’s pretty damning. Second, we are back to beating the same dead horses, namely lack of segregation of duties and excessive access.

The allegations don’t describe anything especially creative here. Make it hard to for people to commit fraud at your company. Make them decide to pick another company.

Straight AP Fraud, $3 million over 10 years

orange and gray painted roof under cloudy

This case should be simple, but the info is very thin. The Justice Department press release is shortest I’ve seen yet. Thanks to Andrew Jewett who dug up more.

Judy M. Green of Baytown, TX was hired in 1994 by Liqua Tech where she served as the primary and often only Accounts Payable manager. Liqua Tech services commercial properties and focuses on roofing, siding, and building maintenance.

In 2011 Judy started to steal. She created fake invoices in the name of real vendors. Once the invoice was approved, she would change the vendor check name in the accounting system to the name of a credit card company for one of her credit cards or one of her children’s credit cards. Green would then cut a check and forge the owner’s signature since she didn’t have rights to sign checks. Green would then change the payee in the system back to the real vendor and mail the check to the appropriate credit card company.

There was a hint of segregation of duties here in that Green couldn’t sign checks. A cursory bank reconciliation with just check numbers and amounts wouldn’t have found this, but any kind of a review of check copies would have. Stricter controls around payments like validating payments to be made, comparing to payments planned, etc. could have helped, but it’s also not something an average business owner does.

Ultimately, in 2022 the owner noticed a large payment to an unknown credit card company and the scheme unravelled after, and I emphasize this, 10 years and $3 million. Green confessed and took a plea deal. As I write this, she has not yet been sentenced.

3 Years in Prison for Ex-CFO who stole $5M to trade crypto and ‘meme stocks’.

black blue and red graph illustration

People commit fraud for a lot of reasons. Often they want a lifestyle they can’t afford. Maybe they want to eliminate debt or they feel underappreciated, Perhaps they are trying to cover gambling or investment losses.

Today’s story is a modern twist on fraud to cover investment losses. In 2021 SPAC’s were all the rage. A Special Purpose Acquisition Company (SPAC) is designed to take cash from investors for the purposes of finding a company to take public. The SPAC creates a publicly traded entity, raises cash from investors, and acquires a private company. The owners of the private company get paid with SPAC money and the investors now own shares of a public entity, all without the hassle of a traditional IPO. (Note: I didn’t say this was a great way to go public, but it is a way.)

SPACs are not forever. They have a period of time to find a suitable target, usually 2 years. If a suitable target isn’t found within the timeframe, the money is returned to investors. If one is found, it’s used to acquire the target. The bottom line is that it’s not the SPAC’s money to do whatever they want, it’s investor money for a designated purpose.

Cooper Morgenthau didn’t quite agree with that. Morgenthau was the CFO of a SPAC named AGAC. To make this even shadier, AGAC stood for African Gold Acquisition Corp. If you’re thinking Nigerian princes, I am too. Nonetheless, AGAC raised $360 million at it’s IPO.

While searching for a target, Morgenthau took $1.2 million from AGAC to personally trade options and equity in crypto currency and meme stocks. Unsurprisingly, he lost just about all of it. To cover his crimes, Morgethau turned to a different fund, SMAC or Strategic Metals Acquistion Corp. This sounds like a more corporate name for African Gold Acquistion, but whatever.

SMAC was in the investment phase raising money for an future IPO. Morgenthau took money from that fund to try to recover his losses in AGAC. In total Morgethauh was conviced of stealing about $5 million.

In terms of sophistication, this fraud it pretty low. SPAC’s are effectively shells, so there aren’t a lot of employees and in this case, no segregation of duties. Morgenthau simply transferred the money to his personal accounts. Per the SEC investigation, he had full and unfettered access to the accounts. He then altered bank statements to conceal the fraud. Essentially there were zero controls on $360 million. I’m a little disappointed Morgenthau didn’t just disappear with as much as he could take. Then again, with lots of free time on his hands, he might have lost all of it trading crypto currencies and meme stocks.

AGAC was ultimately fined $104k by the SEC for reporting violations. Morgenthau is required to pay back $5.1 million and serve 3 years in prison.

Honestly, you can’t make this stuff up. An African Gold SPAC gets defrauded by their own CFO and let’s toss in a SMAC down to make it fun.

City Employee Stole More than $180,000

master card debit card

I have this rough theory that the first chance most organizations get to catch fraud is when the loss is in the $10-20k range. If they miss that the next chance is roughly $100-200k. After that, it’s about $1 million. Beyond a million, the sky is the limit.

Today we’ve got a garden variety fraud and after a couple of big company frauds, it’s fun to go back to the basics.

Allison Donaldson worked in the Public Works Department for the City of Covington, KY for 17 years as an administrative manager. As part of her job, she had a city-issued credit card for government-related expenses. Also as part of her job, Donaldson would log credit card purchases made by other employees and upload receipts and invoices into the city’s accounting system.

From 2020-2022 Donaldson used her city-issued credit card to buy personal luxury items like a Louis Vuitton agenda, a Channel tote, and repairs to her Mercedes. She also paid for furniture, a master bedroom remodel, and a garage remodel using her city-issued card.

Donaldson’s scheme was pretty basic. She would fabricate invoices and receipts, including approvals, and upload those into the accounting system. At some point, she got creative. Remember that Donaldson had access to everyone else’s credit card numbers. She was in charge of logging credit card expenses, so she had access to all the statements.

In a twist on her scheme, Donaldson used co-worker cards to purchase personal items. For example, she used a co-worker’s city-issued card to purchase 4 barstools totaling $4,600. I don’t know about you, but north of $1,000 for a single barstool feels expensive. She disguised this purchase as pool filtration equipment for the city pool.

Donaldson pled guilty to wire fraud and identity theft. Frustratingly, none of the articles indicate how the fraud was found. Using a P-Card or card controls to limit purchases to certain types of stores can help. Segregating card management from card users is critical. The number of credit card fraud cases where the perpetrator has access to both a card and management of the card payment process is extensive. Don’t let this happen. Card management applications can apply additional controls here, but if the person reviewing charges is the one committing fraud, software can only do so much.

Williams Sonoma $20 Million Fraud

chopping boards near oven under hood

Buckle up because this gets creative. Eric Marsiglia was vice president of engineering, projects, planning, facilities, and real estate for Williams Sonoma, a large retailer specializing in cooking and kitchen items. Marsiglia is accused of running a pair of schemes to defraud his employer.

In his position, Marsiglia was responsible for finding potential commercial real estate properties for Williams Sonoma. He would work with landlords and commercial real estate brokers on lease terms. These terms typically included broker commission rebates designed to be paid back to Williams Sonoma.

Marsiglia created a shell company with a pair of co-conspirators. The firm was named REM Group, LLC and Marsiglia represented that REM was affiliated with Williams-Sonoma and rebates should be paid to REM. As a result, Williams-Sonoma was overcharged for real estate leases because rebates were directed to REM. Marsiglia and his co-conspirators are alleged to have collected $5.9 million with this scheme.

Marsiglia also came to an arrangement with another co-conspirator, Michael Podhurst. Podhurst worked for a forklift and supply chain company. He later founded a storage and materials handling company. Podhurst came to an agreement with Marsiglia in which Williams Sonoma’s business would be directed to companies Podhurst worked for or controlled, in exchange for kickbacks to Marsiglia. As a result, $48 million in business was directed to Podhurst-associated firms and Marsiglia collected $12 million in kickbacks. The indictment alleges Marsiglia’s schemes netted as much as $20 million.

We say that collusion is hard to find, but clearly, some people do get caught. The charges include the commonly seen wire fraud charge, but Marsiglia and Podhurst also got charged with money laundering. This investigation was run by the IRS so it’s possible that the fraudsters didn’t pay taxes or that their activity triggered a money laundering investigation.

Kickbacks are illegal because they affect the ability of employees to make unbiased decisions in the best interests of their organization. The individual is acting in their own interest, not their employer’s. The practice is also considered anti-competitive because it subverts an unbiased bidding process. Kickbacks differ from referral commissions in that they are secretive and typically non-disclosed. In some cases, even referral commissions are illegal. For example, the Federal Anti-Kickback Statute [42 U.S.C. § 1320a-7b(b)] prohibits the knowing and willful payment of “remuneration” to induce or reward patient referrals or the generation of business involving any item or service payable by the Federal health care programs

Kickbacks from vendors are typically seen in buyer-type roles where an employee has a lot of discretion to select a vendor. Often these frauds are exposed via a tip. Strong vendor controls and regular vendor reviews can help prevent or identify kickbacks. Bidding controls for large projects can help as well.

Stealing to Payback Stolen Money


This week’s fraud isn’t especially remarkable except for the motive. But it can be a little confusing.

From Wales (the country not the species) , Mayur Gaglani (not to be confused with Mayor Giuliani), stole a substantial amount of money from his employer, believed to be about £250,000. It appears he was required to pay the sum back, so Mayur got to work. In 2017 Gaglani got a job with PSE 2 (not PS2), a small company selling electrical systems.

.Between June and August of 2022, Gaglani created fake invoices to the tune of £64,000, which the company paid. Additionally, Gagliani went to US on holiday and used the company credit card to rack up £5,000 of personal charges. It was the company card charges that got him caught.

So far this is pretty straight forward, falsifying invoices and personal use of the company card. It gets worse. At his sentencing hearing, it was revealed that Gaglani explained to Gary Porter of PSE 2 that he had a previous dispute with an employer and significant debts. Mr. Porter loaned Gaglani £60,000 and gave him a £22,000 salary advance to help him out.

Let’s do some math, £64,000+5,000+60,000+22,000 = £151,000.

Gaglani said that he committed fraud to pay back money stolen from his previous employer. It’s not clear how much of the stolen money was actually paid back because Gaglani also used part of the money to pay his own debts. Cleary Gaglani was in way over his head. I’m also not sure what his end game was. Did he think he wouldn’t get caught this time?

The effect of the fraud on PSE 2 was significant. Instead of growing and being able to hire more employees, they were forced to retrench and 5 employees had to change the nature of their work. Gaglani was sentenced to 20 months in prison.

Controls matter. Whether it’s Apple or PSE 2. Big or Small. I see plenty of companies say “we’re too small” to worry about controls, but £151,000 matters a lot more to small company than $20 million does to Apple.

$100 Million Fraud at ABB in only 2 years

low angle shot of manufacturing plant under blue sky

This one is a few years old now, it goes back to 2017, but there’s still a mystery here and $100 million is a lot of money.

ABB is a global Fortune 500, publicly traded electrical engineering conglomerate with Swedish-Swiss roots. In early February of 2017, an ABB executive in their South Korean operation named Myeong-se Oh disappeared. There were early reports that an internal investigation triggered the disappearance. Later reports indicate that his disappearance was a surprise.

It wasn’t only Mr. Oh who disappeared, more than $100 million US was missing. It’s now 2023 and I’m not able to find any reports of the capture of Mr Oh. In a rare case, he appears to have gotten away with it. Mr. Oh is reported to have fled to Hong Kong and then disappeared. It is believed he fled to mainland China which does not have an extradition treaty with South Korea.

How did we get here? Even for a company the size of ABB, $100 million is a lot of money. Their South Korean operation did roughly $525 million in revenue in 2015 when this theft is alleged to have started. and by early 2017, Mr. Oh was gone. Insurance payouts covered roughly $30 million of the loss, but pre-tax net income was impacted by roughly $73 million or about a 4% hit to net profit. Ouch.

Reports vary, but Mr. Oh was in his fifties and a 25-year veteran of the company. Until 2010, he had been the chief compliance officer. In 2017 he was the South Korean organization’s treasurer and one of two integrity ombudsmen. He was one of the officers designated to receive reports of ethical violations. Oh’s fraud has been described as a “sophisticated criminal scheme” and that seems incredibly appropriate. has some of the most detailed information based on their reporting and reporting by a German magazine Bilantz. I’ve not been able to drill back to the Bilantz source. Essentially Oh’s fraud had three prongs:

  1. Mr. Oh opened bank accounts at various institutions in his name and in the name of a KW Industry for who he was listed as CEO. Mr. Oh then transferred $75 million of ABB cash into his accounts. Simple theft at its finest.
  2. Oh borrowed $16 million on behalf of ABB and funneled the money to his own accounts.
  3. Oh also factored ABB’s receivables to the tune of $12 million and funneled the cash to his accounts.

Quick math gets us to $106 million US. How was this all possible? From the article:

Many Asian governments require that each of their businesses must have a single, official red-ink corporate seal for validating legal contracts. Each South Korean business must register its unique handmade seal, the “beobin ingam,” with the government. By law, only the representative director can use the seal. However, the courts will presume that a company has “agreed to be legally bound … if a contract is stamped with the beobin ingam” even if the representative director didn’t use it, according to “Law in Korea.”

A beobin ingam costs about $27, so whether Oh had permission to use ABB’s or fraudulently obtained one, he had the apparent authority to execute the moves.

Additionally, a report by EY concluded “ABB Ltd has not maintained effective internal control over financial reporting as of December 31, 201.” ABB has also admitted “because of his position in the firm, might have had “Omnipotent Super User” rights within ABB’s enterprise resource planning (ERP) system:”

Finally, “ABB did not maintain adequate segregation of duties in the treasury function in its South Korean subsidiary and failed to identify certain inappropriate access levels to the local enterprise resource planning system,” Chief Executive Ulrich Spiesshofer and Chief Financial Officer Eric Elzvik wrote in a joint letter to shareholders.

Mr. Oh seems to the be last person one would suspect to commit a crime like this. This appears to have been a systemic failure of internal controls. ABB took a $100 million hit to their reputation, a 4% hit to their bottom line, and replaced all of their South Korean top management post-scandal. As with last week’s Apple case, this is a major corporation with major controls and they still suffered a $100 million fraud. There is simply no substitute for appropriate controls.

%d bloggers like this: