The other day an ex-colleague reminded me that we had tried to sell a reconciliation solution to Wirecard about 5 years ago, but they sent us away with a flea in our ear. Ah! If only they had listened! Well maybe. They say that locks only “keep honest men honest” and similarly detailed, well reconciled accounting records only keep honest payment service institutions honest.
There has been some gloating about Wirecard in the British press. This is understandable but it might also be hubris. The FCA’s unseemly haste to upgrade the payment service regulations in the UK did cause me to wonder if a Wirecard could happen here.
What is clear from the Wirecard story is that ordinary workers will not have to use the Nuremburg Defence. Many of Wirecard’s staff and some brilliant and courageous FT journalists were whistleblowers extraordinaire, but Bafin, the German regulator, did not just ignore the whistleblowers, it seems to have actually worked with Wirecard’s management to persecute them. Bafin is clearly not fit for purpose.
The FT now reports that EY failed to check Wirecard’s bank statements for 3 years. In its defence, EY says that there were “clear indications that this was an elaborate and sophisticated fraud involving multiple parties around the world in different institutions with a deliberate aim of deception”. Like Inspector Renault in Casablanca, I am shocked! Shocked! Shocked that such a thing could go on! The check required to uncover this “sophisticated” fraud is so easy to do that it is normally given to the most junior member of the audit team to perform. Perhaps as Enron destroyed Arthur Anderson, Wirecard should now destroy EY; after all it is important from time to time to “execute an admiral to encourage the rest”.
The debacle represents an existential threat to the eMoney and Payment services sector. It is unclear yet whether the missing funds are client/segregated funds or Wirecard’s own funds. It is an irrelevant distinction if Wirecard goes bust as if there is no firm money to pay the liquidator’s fees then the segregated funds will have to be used. At that point people will learn that the big difference between a bank account and an eMoney account is that the latter is not protected by a bank deposit guarantee up to €100,000.
What are regulators to do then?
The FCA has made a good start with its hasty upgrade to the payment services regulations last month.
They appear to be moving the eMoney and Payment Services regulations to the same standard as CASS 7 rules. The regulations do not change that much but the approach does. From now on the regulations must be enforced to a standard that expects that the eMoney or payment service provider will go out of business that day. In other words, the company needs to be always ready for its own liquidation.
This approach has far-reaching implications. It means that a payment services firm’s accounting records and reconciliations have to be so good that a liquidator, taking over the business that day, could understand those records without the help of the firm’s existing staff, who would presumably all be sacked as the firm entered liquidation. These records must be so clear that, the liquidator should be able to return the funds to the failed firm’s customers promptly to prevent knock on effects to the clients and the broader economy.
The need for operational accounting and daily reconciliation
What the Wirecard fiasco has shown is that the segregated client funds AND the related firm money transactions need to be accounted for accurately using a proper general ledger-based solution and reconciled on an intraday or at least daily basis if they are to meet the “always ready” standard.
What is missing from the new FCA regulation is the requirement to check quis custodiet ipsos custodes- who guards the guards. When the client money rules for asset managers were shown to have failed to protect clients from the failure of Lehman’s and others in the noughties; three things happened. Firstly, the FCA got an education on the practical implementation of the rules from the Lehman’s liquidation, secondly, it insisted that the then accounting regulator, the FRC, ensured that the auditors knew how to audit client money and, thirdly, it punished non-compliance by firms and auditors. This approach, to my mind, worked, and the asset management industry got its house in order.
If the eMoney and payment services sectors do not take similar steps, will the FCA be capable or willing to enforce the new rules in a post Brexit Britain competing on a global stage? For the good of the industry I hope they do. It will keep the honest men and women honest and protect them from an uneven playing field that allows the dishonest to cut corners and costs and misappropriate funds. The FCA should bite the bullet and fully replicate its CASS 7 approach in the payments sector. European regulators could do worse than follow the British example.