FTX – How to Do Fraud at a Futures Exchange

I’ve done a lot of research on FTX and I have…opinions. If you haven’t paid attention, FTX was a crypto futures exchange. It had a related/sister crypto hedge fund known as Alameda Research. All of it melted down in late 2022. There are significant fraud allegations and guilty pleas so far. There are also a lot of lurid allegations. Matt Levine’s column, How to Do Fraud at a Futures Exchange is the clearest explanation of FTX. We’re going to try to go there, but first I have to get a few things off my chest.

  1. Sam Bankman-Fried’s “Balance Sheet” that he passed around trying to raise last-minute funds is offensive to me as an accountant. Maybe some investors don’t care, but I’d get fired for showing anything like that to anyone at any job I’ve ever held. A copy of that balance sheet is the image for this post.
  2. Quickbooks is not an appropriate accounting system for a company the size of FTX mostly because of its inability to scale to that size. I suspect Quickbooks would be happy to have no association with FTX given what SBF’s balance sheet looked like.
  3. If our Craigslist Accountant from a few weeks back worked at FTX (and actually did the work) she could steal $15k/day, every working day for a year, and FTX would only be out $4 million instead of billions.

Whew! Ok, where do we start?

FTX was a futures exchange. In a futures exchange, people bet on some proposition, say Bitcoin will go up or down. Some people bet up (long) and some down (short) but they place that bet with the exchange, not with each other. To guarantee these bets, customers deposit cash. On some defined time frame, the exchange checks the results and if Bitcoin went up the exchange takes some money from the short bettors and gives some to the long bettors. If it goes down, the reverse happens.

If an account goes too low, the exchange asks the bettor to put in more money. This is a margin call. If the bettor doesn’t cover, the exchange automatically closes out the position at a loss. If an account gets high enough, the bettor can take some money out. Ideally, the exchange is smart about this and limits the amount to reasonably match the volatility.

If an account goes below zero, that is if a bet on our Bitcoin example falls fast enough that there isn’t time to get more money or close out the position, the bettor owes more than what’s in the account. Collection from the debtor will be problematic at best and the exchange will have to pay out of their own money.

This is straightforward futures stuff. It’s very common and well-understood in traditional financial circles. That doesn’t make it easy or safe, but everyone knows that’s how this works. Notice that there are no actual Bitcoins in here, just bets on whether Bitcoin will go up or down. Much like betting on a football game, you don’t own the team, play for the team, or even get to see a game, you’re betting on the performance of something you don’t own.

Finally, we’re talking about leveraged futures trading here. Something like deposit $2k and the exchange lends you another $15k to bet on Bitcoin. Alternatively, deposit $2k and the exchange lends you $15k in Bitcoin to bet on. The exchange may hold a little of a given asset like Bitcoin, but it doesn’t really have to because it has customers on both sides of the trade so they more or less offset.

Leverage like this is really, really, one more really, risky. That’s a big loan on a small deposit. If prices move in the wrong direction quickly, positions get wiped out leaving the exchange holding the bag. Crypto often moves quickly in the wrong direction for someone.

Future Exchanges control risk by:

  1. Charging high margins.
  2. Tailoring the margin to the riskiness and size of the bets.
  3. Monitoring and closing out losing positions quickly.
  4. Limiting withdrawals. If a position grows and too much is removed, there isn’t enough to cover a reversal in fortune.

At least well-managed ones do. FTX on the other hand:

  1. Setup a futures exchange.
  2. Advertised their impressive risk engine with customized margin factors designed to carefully take into account volatility, liquidity, account position size, and unusual market moves to quickly close out losing positions and limit withdrawals as appropriate.
  3. Did a lot of trades with their own money.
  4. Without telling anyone, exempted themselves and related entities from all the risk management stuff they advertised.
  5. When bets moved in their favor, they withdrew funds for condos, political contributions, whatever.
  6. When bets moved against them, they didn’t put money back in, didn’t close out their bets, just let everything go negative and ignored it.

This is fraud because FTX advertised it had good risk management when it actually had bad risk management. Additionally, taking money out when FTX wins and not putting it back when FTX loses predictably moves money from customers to FTX. Third, FTX might be tempted to speed up this process with its own token. Say, create a bajillion magic beans out of thin air, trade a few magic beans with yourself and some friends to establish a price, then borrow against the remaining bajillion beans at the artificial price.

This is the crux of the SEC complaint against FTX. The infamous “back door” from early news reports was really exempting related firm Alameda from all the risk management constraints.

Also, there was additional comingling going on. FTX’s bank account couldn’t accept some foreign deposits so they went to Alameda who just kept them…apparently. There was some sort of loan(ish) disclosure, but the funds appeared as internal funds, not customer funds.

Eventually, if you take money out when you win and don’t put it back when you lose, you run out of money to play with. And when you borrow based on artificially inflated valuations, there is nothing left when the valuations pop.

Sam Bankman-Fried is going around apologizing, but this was not a mistake. Like Celsius from a few weeks ago, this was a failure to act as a fiduciary of the customer’s money. Being this reckless is not a mistake, it’s fraud.

I’ll try not to do too many of these giant frauds because the lessons are macro lessons. They aren’t actionable for average folks. But, fraud at the top is the most expensive kind of fraud. If you work for a company and see that, run. The tone at the top still matters and people have subsequently shown behaviors by FTX and Sam Bankman-Fried that should have raised red flags. As an FTX user, there doesn’t seem to be much that could have been done, other than quickly withdrawing funds at the first sign of trouble.

FTX appears to have melted down into a giant fraud. I don’t think it started that way. I’m not convinced that was the intent, but whether through hubris, a lack of maturity, or missing respect for the customer, it has ended up there.

As a footnote, FTX was a mess internally. We’ve previously seen that Celsius was a different kind of an internal mess. However, both failures were precipitated by credit bubbles and crazy leverage. Richard Rumelt covers this well near the end of Good Strategy. Covering the 2008 housing crisis Rumelt notes that Bear Steans was leveraged by at least 32 to 1. Lehman Brothers were similarly leveraged and it didn’t take much to tip everything over the edge. Before that Worldcom was an earlier example. The crypto winter of 2022 was ultimately a cascading failure of easy credit, probably triggered by the failure of Three Arrows Capital.

It is not unusual for leverage-based failures to devolve into financial statement fraud as management tries to keep the company afloat. FTX and Celsius both also suffered from a lack of internal control that made fraud possible.

Craiglist Accountant Fraud – What a Difference a Day Makes

My colleague Frank Vukovits and I talk about this case a lot. While it seems simple on the surface, there are a lot of unanswered questions and I have not been able to track down answers.

The base story is simple, Angela Phan was hired as an accountant for Triplematic Dispensers via a Craigslist ad. She worked one day and stole almost $15,000. The St. Louis Post-Dispatch story seems to be primary, but it’s behind a paywall. KSDK has an overview for free. Both articles are thin.

With a little digging, we find that we don’t know why Angela only worked one day. We don’t know if she quit or was fired. None of the articles say what day she actually worked. We just know that the fraud started in July 2014 and she wasn’t caught until December 2015.

Let’s back up. This is simple check fraud. Angela worked one day and got a paycheck mailed to her. The paycheck obviously had the company routing number and account number on the check as all checks do.

Angela is alleged to have used that information to pass fraudulent transactions through Triplematic’s bank account to the tune of $14,720.21. If you just read the headline Accountant Worked One Day, Allegedly Embezzled $15k it’s funny. When you realize the fraud went on for 18 months it gets weird. That’s a long fraud for only 15k. Phan gets points added for patience and deducted for stealing small amounts. If you’re going to commit felony identity theft (what she was charged with), don’t skimp.

A lot of people have suggested that Triplematic brought this on by hiring an accountant via Craiglist. I tend to agree, but she was gone after a day. We’re all allowed an occasional mistake. What I don’t understand is how this continued for 18 months. From the St. Louis Post-Dispatch article:

“The company later noticed several unauthorized transactions had been made on the business checking account. The company’s bank said at least one of the transactions was made to an account connected to Phan.”

Assuming the articles are correct, why didn’t they catch these in the July 2014 bank rec and close the account? Why leave this open for 18 months?

I’m intrigued enough by this story that I poked around Missouri CaseNet to see if could find a final disposition. The articles indicate that she confessed to a felony so there should be some kind of resolution, but I couldn’t find anything. That means that Angela Phan could still be out there answering Craigslist ads for accounting jobs.

How do companies prevent this?

  1. Maybe don’t hire accountants off of Craigslist and do a little due diligence on candidates. In fairness, anyone who gets a check has routing and account information.
  2. Use a dedicated payroll account that doesn’t carry extra cash. This makes extra payments stand out.
  3. Perform bank reconciliations in a timely manner and investigate suspicious or missing payments.
  4. Use positive pay on the account to reject unauthorized payments. Positive Pay is a bank feature used as a control for checking accounts. Account holders submit authorized payments to the bank. Unmatched payments are rejected. Alternatively/Additionally, banks may present transactions online with a short timeline to reject unauthorized transactions.

Life imitates Office Space, Fraud and All

I believe you have my stapler

I love the movie Office Space. It’s full of what are now classic nerdy memes and tropes including red staplers, TPS reports, flair, and beyond. But a core piece of the movie revolves around fraud. When Peter finds out that Michael and Samir are going to get downsized, they hatch a plot to steal fractions of cents on each financial transaction. They manage to screw it up. There are other lessons in this movie, but that’s the fraud lesson. Expect to screw it up.

Interestingly, in the movie, they stole over $300k. Remember that number.

In the real world, Ermenildo “Ernie” Valdez Castro of Tacoma, Wash is accused of stealing around $300k from Zulily, the online retailer he worked for. In a reported confession to police, he called his plan the OfficeSpace Project and indicated inspiration from the movie.

Heist 101: Don’t name your heist after famous heists, real or fictional.

Ernie’s plan was a little different though. He didn’t steal fractional pennies. The specifics are a little fuzzy, but based on the GeekWire article, Ernie, a software engineer, wrote code to redirect shipping fees collected from certain customers to a Stripe account he controlled. Additionally, it appears that in some cases, the code double-charged customers for shipping and redirected the additional charge to an account he controlled. Those two schemes netted about $240k.

Not content with just that, Ernie changed pricing to buy items at a substantial discount. Those discounts amounted to about $40k. Potentially these items were purchased at a significant discount for resale. The articles aren’t clear, but a pile of products was found at his house.

Ernie’s price fixing was found first. After his laptop was seized, the company found evidence of shipping fraud. The side hustle fraud to his main fraud got him caught.

So where did all the money go? This is always a fun question because it so often evaporates.

“He clarified that he had used the money to invest in stock options, particularly GameStop stock options, and reiterated that all the money was now gone. He denied purchasing any physical assets with that money.”

Points to Ernie for being creative. Redirecting shipping fees is not your garden variety AP payment fraud or AR lapping scheme. Points are deducted for getting caught because the side hustle to your main fraud was exposed. Sloppy.

So how do companies find or prevent fraud like this?

  1. Segregation of Duties for code changes. It’s pretty clear that Ernie could change production code without a testing and review process. That’s a big no-no.
  2. A good budget and reconciliation process would show either shipping costs well below budget or missing cash depending on exactly how the payments were redirected to Stripe. That should lead to a lot of questions.
  3. Change tracking, like an audit trail on price changes, would show price reductions and an immediate return to the initial price. Definitely a red flag for investigations. Whether that change was done via code or an interface, my assumption is that the price is stored in a database and not solely in code, making change tracking easier. Based on my experience, that is a reasonable assumption.

I see so many companies not wanting to do the work to prevent fraud. It’s work. It takes time. In this case, Zulily is a $200 million dollar subsidiary of a publicly traded, multibillion-dollar entity. Three hundred K is an average fraud and a drop in the bucket. But it could just as easily have been a $3 million startup where a loss of $300k means people get laid off.

At the same time Zulily IS a $200 million dollar subsidiary of a publicly traded, multibillion-dollar entity. SOD for code changes, a robust budget/reconciliation process, and reasonable change tracking should already be in place. They can do better.

Celsius, Crypto, & Commingling Fraud

ripple etehereum and bitcoin and micro sdhc card

We’ll get to FTX eventually, but first, let’s look at Celsius.

Much of this post comes from the Celsius bankruptcy filing here. Celsius was a crypto lending firm founded in 2018. Their primary product was called an Earn account. Customers would deposit crypto asses with Celsius in exchange for rewards. Customers could also borrow against their crypto assets.

Celsius would move assets from bridge wallets tied to a customer to aggregator wallets from which it would invest and make loans. Think of this as similar to cash in a bank. If I deposit $100 it does not sit in an envelope with my name on it waiting for me to withdraw. It is comingled, loaned, etc. There is no way to trace my $100 through the bank, there is just a ledger entry that I’m owed $100 by the bank when I ask for it. (For clarity, each type of cryptocurrency, like Bitcoin or Ethereum, had its own aggregator wallet, like aggregating dollars and Euros in separate accounts.)

Later, US regulators pressured Celsius to change its business model under the theory that the Earn product was a security that should be regulated. As a result, Celsius launched its Custody program for US customers. Custody accounts were not eligible for rewards and would not be transferred, sold, loaned, etc. The custody model was supposed to be closer to a digital safe deposit box.

Because of the regulatory pressure (and their own procrastination), Celsius moved fast to launch Custody accounts and they broke things. A lot of things, Heck everything. Part of this speed run included:

  • Relying on manual reconciliations of crypto assets without robust controls. If you’ve ever tried to reconcile a bank account where bank deposits were aggregated but the individual checks for that deposit were listed in the accounting system, you understand how ugly this can be. Now multiply that times thousands.
  • Creating a 3rd product, Withhold accounts, for states where they weren’t licensed for their Custody accounts. The Withhold accounts had no terms of service.
  • Not creating separate wallets for Withhold accounts and not otherwise separating the funds.

To fund the Custody accounts, Celsius transferred crypto assets from the main or aggregator wallets, but they did not have a process to separate new deposits. Deposits continued to come into the aggregator wallets.

Celsius’s Custody program did not automatically balance the number of coins reflected in Custody accounts to the number of coins held in aggregated Custody wallets. This is essentially making sure the value and currency type in the big custody envelope matches the ledger of all customers. Celsius had to manually reconcile those balances. Celsius performed this reconciliation 53 times during the 83-day period between April 20, 2022 (when it first reconciled the Custody wallet holdings to the Custody accounts) and July 12, 2022 (the day before Celsius filed for bankruptcy). There were no defined rules or policies to guide this process. Finally, Celcius would move money into and out of custody wallets if reconciliations showed a shortfall or overage.

In May 2022, Celsius experienced significant withdrawals leading to a liquidity crisis. They responded by pausing withdrawals. Oddly, because of the speed with which they implemented these products, they had no way to pause deposits, and they kept coming in. As a result, despite a “pause” customer balances still weren’t static. Ultimately Celsius determined that they did not have the capital to fund continued withdrawals or they would take significant losses unwinding positions to fund withdrawals. Remember that Celsius loaned money on cryptocurrencies. Ultimately, Celsius declared bankruptcy.

Essentially, Celsius was a run on the bank. With longer-term loans funded by shorter-term deposits, if enough people decide to withdraw, there isn’t enough to pay them because cash is still tied up in loans. But under the hood, the story of Celsius is a story of missing controls. Missing controls to the point that Celsius was never really sure what they had. Missing controls to the point that they appear to have materially misled customers about how Custody and Withhold accounts were actually managed. A couple of quotes that illustrate this:

Mr. Koprivica summarized management’s message to the product development team as: “[G]o back to blackboard, do the minimum of all minimums, this may be manual for the start, involve less developers, lets discuss deadlines.”

…there was no “common understanding” of the concept of custody between team members with a “finance background”and those without…Celsius did not consider creating a Custody wallet for each Custody customer. In fact, Mr. Noy did not recall that idea ever being suggested.

…there was no “common understanding” of the concept of custody between team members with a “finance background”and those without…Celsius did not consider creating a Custody wallet for each Custody customer. In fact, Mr. Noy did not recall that idea ever being suggested.

– US BANKRUPTCY FILING SOUTHERN DISTRICT OF NEW YORK – CELSIUS NETWORK LLC, 11/19/22

Also, Celsius made the decision to initially overfund Custody wallets by 10% as a buffer against mistakes. As a result:

Because of the manner in which Celsius initially funded the Custody wallets—most notably the intentional overfunding—on April 15, 2022, no Custody wallet held exactly the number of coins that were supposed to be a part of the Custody program.

Custody wallet movement and reconciliation process

For Celsius, the reconciliation of Custody accounts wasn’t a mitigating control but the process itself. The reconciliation determined the amount rather than confirming the amount.

Turning to Withhold accounts, Celsius never separately identified Withhold accounts or funds in management reporting. Withhold funds remained in the main accounts available for any use Celsius saw fit. This is contradictory to communication with customers which encouraged them to withdraw these coins (Celsius no longer had a license for the state where those customers lived) and that the coins would be maintained until withdrawn.

When a company tells customers that they aren’t going to loan, sell, or do anything else with their funds, they have a right to rely on that. The company has a fiduciary responsibility to appropriately manage customer assets. Tone at the top continues to be important and fraud at the top of organizations continues to be the most expensive.

Matt Levine of Bloomberg likes to say that crypto keeps rediscovering all the mistakes of banking and finance at an accelerated rate. I agree. I would add that if the crypto community wants the world to quit treating crypto as play money, they should stop managing it like play money.

What are the lessons here?

  1. Controls matter – Like what we are seeing at FTX, there were few if any controls at Celsius.
  2. Process and infrastructure matter too. Just as the control should match the risk, processes and infrastructure need to be up to the task. Just as we wouldn’t consider a manual quarterly review of a high-value, high-volume bank account to be adequate, we shouldn’t consider a manual reconciliation against thousands of customers a reasonable, repeatable process.
  3. Tone at the top still matters. As much as this is a process failure, it’s also an ethical failure to properly manage customer funds.

Update 2/3/23 – The final bankruptcy report is out and it worse than what we saw earlier. Customer funds were used early and often in inappropriate ways. Risk was either poorly managed or not managed at all and there was an underlying pressure to support the value of the CEL token above everything else. CEL was held by owners and sales of CEL allowed them to convert CEL to dollars. Except that the primary, maybe only buyer was Celsius. Meaning that ultimately, Celsius was using customer funds to enrich executives with a lot of garbage obscuring that. If there is business mistake that can be made it’s in this report.

Carlos Ghosn and Fraud at Renault & Nissan

photo of white nissan car

I’m going to be adding a weekly fraud column for 2023. Frankly, I had about a dozen good examples without trying, so this should be fun.

Carlos Ghosn was the highly successful CEO of Renault and Nissan, two independent car makers who teamed up in an alliance driven by Ghosn to make both companies better. He ended up as the CEO of both companies at the same time. He is accused of overpaying himself by as much as $100 million.

Over Christmas I read Boundless: The Rise, Fall, and Escape of Carlos Ghosn by veteran Wall Street Journal writers Nick Kostov and Sean McClain. It has all the details. There is a smaller WSJ article here (subscription required). The book is absolutely worth a full read.

The nutshell version is that Ghosn is accused of manipulating how and what he was paid to hide the amount of his actual pay. Ghosn seemed to have wide latitude in controlling what he was paid, but disclosure of the size could be embarrassing in both France and Japan. Additionally, Nissan paid him in Yen and at one point a swing in currency values left a $20 million hole in his personal finances. Finally, he was required to report his pay to Japanese authorities (a new law at the time) and disclose it in financial statements. The disclosures did not reflect his actual pay and a number of intermediaries were used to hide payments. Kostov and McClain allege that payments to Ghosn were improperly funneled through suppliers. Additionally, there were properties and other items paid for by various Renault and Nissan organizations that may not have been appropriately authorized.

What makes this story even more interesting is that Ghosn was arrested in Japan, a country with a 99% conviction rate. Ghosn felt that he couldn’t get a fair trial in Japan and arranged to flee the country hidden in a box ostensibly designed for a large speaker or amplifier. Ghosn was spirited out of the country via private jet while hidden in the box. He fled to his native Lebanon, a country that doesn’t extradite its citizens. A BBC article here also has escape details.

Ghosn will probably never get his day in court, so there is no way to say definitively say exactly what he did or the extent of the fraud, but there are some lessons in here.

1). Fraud at the top is always more expensive than fraud from within an organization. $100 million is a lot of money. It’s hard to hide that much with garden variety AP or AR fraud. CEOs should still be subject to checks and balances.

2) Resentment over pay remains a key reason for fraud, even at the top.

Carlos Ghosn had been the world’s most prominent car man of the first two decades of the twenty-first century. To the astonishment of naysayers worldwide, he had forged two middling carmakers into a global powerhouse, the Renault-Nissan Alliance. But Ghosn never felt that he had been adequately compensated. Over the years, he had watched as people of lesser talent had made millions more than he did. It had grated on him to the point of obsession.

Since the financial crisis of 2008, he had started to take matters into his own hands, exploring numerous schemes to secretly pay himself what he thought he was worth. Ten years later, he had been ready to push through his last great act as an executive—a merger between the French and Japanese carmakers—before sailing off into the sunset aboard a 120-foot-long yacht. As part of the deal, he would be entitled to a massive payday, one that would enable him to retire as a very wealthy man.”

— Boundless: The Rise, Fall, and Escape of Carlos Ghosn by Nick Kostov, Sean McLain

The fraud triangle is Opportunity, Incentive, and Rationalization. As CEO Ghosn had the opportunity, he was the CEO and had few checks on his pay. He had the incentive, oddities with his pay in multiple currencies created a $20 million hole in Ghosn’s personal finances. Finally, there was rationalization. he felt he was underpaid based on what he had accomplished.

This risk exists at multiple levels in every organization. Strong controls are a key defense and Boundless is must read.

Cryptocurrency

gold bitcoin

Cryptocurrency, blockchain, Bitcoin, Dogecoin, Ethereum, Shiba Inu, whatever, the whole cryptocurrency thing can be a mess to understand. Matt Levine at Bloomberg has the best guide I’ve found to explain it all. It’s straightforward, well laid out, and about as easy to understand as it gets. Sadly, it’s behind the Bloomberg paywall, but still highly recommended.

https://www.bloomberg.com/features/2022-the-crypto-story/#xj4y7vzkg

Fun with Fraud – Two Strikes

mother and daughter on grass

Frank Vukovits and I do a session together highlighting internal threats. Internally we refer to it as Mark & Frank telling fraud stories. We might start just calling it that externally as well. We have another one for you today, a tale of a second chance gone very wrong.

Bonnie Sweeten stole as much as $1 million from her employer (amounts vary in different reports) and claimed she and her daughter were kidnapped but they were found in a luxury suite at Disney World. She was convicted and sentenced to 8 years in prison. After she got out, an excavating firm then gave her a job as…wait for it… a bookkeeper. She stole from the company by writing company checks to herself and fraudulently using the company credit card. I swear you can’t make this stuff up.

@legaleagle

Mom Who Faked Her Own Kidnapping and Went to Disney World is Bippidi Boppidi Booked Again #LegalEagle #Disney #disneyworld #crime #hoax #BucksCounty

♬ original sound – Legal Eagle

Help! My Auditor wants a report for Workflow approval information in Microsoft Dynamics GP

We get this request a lot. GP does a good job of showing individual workflow details, but full reporting is newer. Cheryl W. has a great article covering reporting on workflow for Dynamics GP. She includes standard reports and building a Smartlist Designer report.

https://community.dynamics.com/gp/b/dynamicsgp/posts/help-my-auditor-wants-a-report-for-gl-workflow-approval-information-in-microsoft-dynamics-gp

I you really don’t want to f*ck it up, it needs an internal control.

When we talk about controls at Fastpath, people often think about fraud prevention. If the company is publicly traded, the conversation may center around ensuring the accuracy of the financial statements. But there are some very public scenarios where significant screw-ups could have been prevented by functioning internal controls. Now I have a new example. Buckle up, it’s a doozy.

The long version is here: https://www.bloomberg.com/opinion/articles/2022-10-04/barclays-lost-track-of-its-notes#xj4y7vzkg (subscription may be required). A non-subscription description is here: https://www.nationandstate.com/2022/08/01/barclays-faces-billion-dollar-loss-from-structured-note-paperwork-error/

The short version is Barclays bank wanted to issue about $20 billion in securities in 2019. Because of past transgressions, they had to register these securities with the SEC and include an upper limit. As they approached the $20 bn deadline, they would need to register to issue additional securities above that amount. No big deal, just paperwork. Financial institutions have lots of analysts and lawyers who can do paperwork. 

The expectation was that someone, somewhere in Barclays would track the issuance of these securities and raise their hand when they got near the $20 bn limit even if that tracking process was just a spreadsheet. Anyone who has ever used a spreadsheet to track stuff over multiple years knows that this idea is fraught with problems. We all see where this is going…except we’d all be wrong. They didn’t use a spreadsheet to track issuances. They didn’t use a database. They didn’t even use a piece of paper. This is not the case of a failed internal control that failed, but of a non-existent internal control. No one tracked the issuance of these securities.

“Over the course of these efforts, it became clear to all involved that there was no internal control in place to track in real time the amount of securities offered and sold against the amount of securities registered.”

Instead, Barclays issued $36.4 bn of securities, about 80% more than authorized. This is technically securities fraud because Barclays sold unregistered securities. There was no intent to defraud. It was simply a paperwork mistake. A very expensive mistake. Barclays is being fined $200 million. Everyone who bought these securities above the initial $20 bn limit has an option to unwind their transaction. If they made money, they have an option to keep it. If they lost money, they can ask for it back. This was less of a problem when the stock market was roaring, but as the market has fallen, Barclays has received requests to unwind $7.7 bn, a little under half of the excess, and they are looking at estimated losses of £1.7 bn.

Not every company has this specific risk. But every company has important things that need to be managed where, failing that, very bad things happen. The nature of managing risk is that those items need controls too. 

Fastpath is hiring

I have been on every side of the ERP world. I have been a customer and a consultant multiple times. I’ve implemented and supported both sides of the fence. Six years ago I moved to the Independent Software Vendor (ISV) world with Fastpath and I wish I had made the move sooner.

If you like helping people but are tired of the travel, if 6-18 months on the same project doesn’t excite you, or if you’ve finally had your fill of month-end close, we have a spot for you.

Fastpath is growing and we have two positions open in Client Services. We are looking for a Client Education Manager and Associate. We like to hire smart people and see all the cool things they can do, so both positions are remote. These are training positions, but our training sessions tend to be short, focused, and often consultative. It’s the fun of helping people, without the travel and massive time commitment.

At Fastpath, a Client Education Manager develops and delivers training to our clients. This is an active training role. We deliver training remotely in 1-hour sessions. The Client Education Manager will also oversee training performed by Client Education Associates. You can see the full description here. https://fastpath.bamboohr.com/jobs/view.php?id=47

The Client Education Associate delivered training to customers and helps them understand how to get the most out of Fastpath. The full description is available here: https://fastpath.bamboohr.com/jobs/view.php?id=48

I’ve worked with some really great teams in the past and I’ve worked for some really great people. This company and this team are my favorite. Frankly, we simply treat people like adults. If you’re ready for something new, please apply.

%d bloggers like this: