Fraud, Wirecard and the Future of Fintech

Plus: Stress Tests, Switch from Cash, Bill Ackman

Issue #6 of Net Interest, my weekly newsletter on finance industry themes, and welcome to all new subscribers. You join a growing community that includes some of the smartest investors and most curious people around. If you like what you read, please invite friends and colleagues to sign up. You could even direct them to my new website: Thanks!

Fraud, Wirecard and the Future of Fintech

I. Fraud

Finance companies have a unique relationship with fraud. They are at the same time victims of it, vehicles for it and occasional perpetrators of it. 

As victims they are continually exposed to many small-scale attacks. Data from the UK suggests that fraud skims off 7.5p from every £100 spent on credit and debit cards. Over a billion pounds was pilfered through the banking system last year, with close to two billion more apprehended at the exit. Insurance companies wage a similar battle against false claims. Last year they detected fraudulent claims in excess of a billion pounds. 

In their commercial business units the numbers get bigger. ABN AMRO has disclosed that three-quarters of the impairments it has suffered in its Trade and Commodity Finance business over the past ten years stem from fraud. Its latest hit here was a €225 million clanger originating out of Singapore-based commodities trading firm Hin Leong.

Even bigger numbers, though, require a man on the inside. When asked why he robbed banks, bank robber Willie Sutton famously replied, “because that’s where the money is.” Bank managers see the money every day and sometimes lapse into complicity. The firm ORX compiles loss data for banks globally. In each of the past three years internal fraud losses have exceeded external fraud losses; across the three years combined internal fraud outstrips external fraud nearly four times over. 

Two weeks ago I wrote up the case of Punjab National Bank in India, which was defrauded of US$2.23 billion in 2018. The fraud was facilitated by a low-level employee on behalf of a client. The case brings up a question: Although the employee was clearly complicit, to what degree was the bank institutionally culpable? Punjab National Bank had a system in place which allowed the fraud to happen, a system characterised by weak fraud detection mechanisms. So it bears some responsibility even though the intent wasn’t there. 

There are other cases where the link between employee behaviour and corporate responsibility is clearer. A good example is Wells Fargo. In the years leading up to 2016, Wells Fargo employees set up millions of fake accounts in customer names in order to meet sales targets. The fraud was born out of an incentive structure put in place by management to bolster cross-selling. Unlike Punjab National Bank whose not doing something allowed the fraud to happen (i.e. establish robust fraud detection mechanisms) Wells Fargo was guilty of doing something to allow the fraud to happen (design a misaligned incentive structure). 

When it comes to corporate fraud there’s kind of a hierarchy:

At the base are frauds that emerge from systems of omission like at Punjab National Bank. The market is typically quite forgiving of these — CEOs don’t lose their jobs and litigation is restrained. In stock market terms they have a P/E of one.

Further up there are frauds that emerge from systems of commission. These tend to cost CEOs their jobs and attract the wrath of regulators. Wells Fargo had to pay US$3 billion to settle civil and criminal charges. The additional fines and lost revenues inflate the P/Es of these frauds above one. 

At the apex are what William Black, a former bank regulator, calls control frauds. Further down the hierarchy fraud emerges as an unintended consequence of the system — there isn’t a Blofeld-like character orchestrating the whole thing. With control frauds there is a Blofeld — a person of power who subverts the organisation for personal gain. Black elaborates on the framework in his book, wonderfully entitled: The Best Way to Rob a Bank is to Own One. These frauds have a P/E of whatever equity is left in the company. 

At the individual corporate level control fraud tends to be the most lucrative. In 2018 two financial companies reported even larger fraud-related losses than the multi-billion loss reported by Punjab National Bank; both were orchestrated by the men at the top. The owners of PrivatBank in Ukraine allegedly stole US$5.5 billion, allegedly syphoning the money off to Cyprus via insider loans. The former head of the central bank called it one of the biggest financial scandals of the 21st century. (I use the word allegedly judiciously because she has had several threats on her life.) Even bigger was the loss suffered by Angbang Insurance of China whose chairman unallegedly stole US$12 billion in a scheme involving falsified accounts and diversion of funds — he is now serving an eighteen year jail sentence.

II. Wirecard

The latest example of control fraud in the sector is Wirecard of Germany.

Last week auditor EY refused to sign off on accounts over a missing €1.9 billion and the CEO was subsequently arrested. At this stage we don’t know the motivation of the people involved. But already the reputations of many have been tarnished. The German financial regulator BaFin comes out looking especially bad. Rather than investigate allegations that came to light over a year ago it sought to shut them down. It launched criminal proceedings against two FT journalists and it put up a short selling ban on Wirecard stock. 

There are suggestions that BaFin may not survive this episode. But it wouldn’t be the first body to shoot the messenger, a practice that dates back to Roman times. That and regulatory capture are corruptions which have been widely studied and for which mechanisms have been created to address. (Short selling being an excellent foil for regulatory capture for the reasons I laid out here.)

Of more general concern is a comment the regulator made after the fact. According to Bloomberg, the regulator said: “As a technology company, Wirecard wasn’t considered a financial institution directly supervised by BaFin.In a follow-up, the regulator’s head of press doubled down: “Wirecard is not supervised by BaFin… I am not aware of any separate entity that is in charge of supervision of Wirecard.

The reason why this is concerning is because of the increasingly blurred demarcation between financial institutions and technology companies. Now, BaFin may just be slow; it has a more limited legal remit than regulators in other markets and it has traditionally been dominated by lawyers rather than practitioners.

But in form Wirecard offered many of the services that banks do. Its prepaid cards are used by many underbanked consumers as an alternative to bank accounts. Earlier today the Financial Conduct Authority in the UK shut down the UK subsidiary of Wirecard, preventing customers from accessing their money. It feels reminiscent of an ‘FDIC Friday’ when the US Federal Deposit Insurance Corporation shuts down failing banks (although the FDIC tends to wait until after business hours). 

The Wirecard episode exposes a regulatory gap between finance and tech.

III. Future of Fintech

Underpinning this gap is a convergence between tech and finance, happening more quickly than regulators can accommodate. Regulators were caught out before the financial crisis of 2008 by the growth that had taken place in shadow banking outside their purview. They have spent the last ten years dimensioning the boundaries of shadow banking and assessing the risks it presents. In the meantime, a lot of financial activity is being taken on by tech companies. 

The latest example of this is Facebook’s strategy to add payments functionality to Whatsapp. Having been rolled out in Brazil this month, it was swiftly shut down by the central bank pending an evaluation. Perhaps they realised that they need to understand the advertising business before allowing the strategy to proceed, something central bank regulators would not normally be expected to have expertise in. At his AGM in May, Mark Zuckerberg said:

So one way to think about, I guess, not just Libra, but all of the commerce work that we're doing is that you should really think about it in terms of our ads business…

…when we offer additional tools, whether it's around commerce like Facebook Shops or around payments like Libra or Facebook Pay, if we can make commerce be more effective for businesses if when they run an ad, somebody who clicks on that ad is now going to be more likely to buy something because they actually have a form of payment that works that's on file, then it basically becomes worth it more for the businesses to bid higher in the ads than what we see are higher prices for the ads overall. So that's broadly the strategy around going deeper on commerce and payments.”

Whether it’s as an adjunct to advertising or as an adjunct to other business lines like software, payments are gradually seeping out of the banking system. Two models are emerging. One, like Facebook, seeks to add payments as a tool to capture more value from a core product. The other model is the opposite — to give away the core product and capture value instead from the payments. This is the model Shopify is pursuing; it now generates the majority of its revenue from payments. 

Other examples include Toast, which provides software and facilitates payments in the restaurant industry and Mindbody which does the same in the fitness/wellness industry. The logic is clear. A restaurant or fitness studio with US$1 million in annual sales might pay US$5k a year for software, but they’re also paying as much as US$25–30k into the payments value chain. As a Sequoia partner said, “You don’t have to capture much of the payments value to double your revenue overnight. Offering payments is a force multiplier on revenue, unit economics, and total addressable market.

For the market overall, some estimates suggest that 8% of US merchant payments have already migrated to software companies and away from traditional payments companies. 

This broad trend makes joined up thinking between financial and technology regulation critical. A group of Princeton economists published a paper last year, suggesting that the trend could presage a new financial hierarchy. In the current financial hierarchy banks play the central role and payments play a subsidiary role, being dependent on banks. However in a more platform-based economy, activity could organise itself around the central payment functionality at the centre of a platform. A consumer’s point of contact would be the platform rather than the bank. In this new type of financial hierarchy, traditional financial institutions such as banks could be replaced by fintech subsidiaries of payment systems. Already in China such systems have emerged, with Yu’e Bao a subsidiary of Ant Financial, becoming the world’s largest money market fund and Sesame Credit, another subsidiary, becoming a dominant credit scoring system.

Financial regulators may have already inadvertently tipped the system closer towards this structure. In their eagerness to boost competition in retail financial services European policymakers introduced directives requiring financial services companies to open up their data to third parties. Last year the CEO of Italy’s largest bank, Unicredit, complained: “We are asked to open up our data to everyone, which is fine, that's the rule, but if one of my clients wants me to have access to his data on Amazon or Google that is not possible… There is no reason why there should be an asymmetric treatment of banks.”

It’s not just in data where the playing field isn’t level; it’s in capital, too. In Europe, a new payments company can get started with initial capital of just €50k euros; a new bank requires 100 times that amount.

The European Commission seems to realise the risks being run here. It recommended a few months ago that EU regulation conforms to principles ensuring a level playing field for incumbent market participants and new entrants in the form of start-ups and BigTechs. The Financial Stability Board also picked up the risk, and it is possible that the Brazil central bank has now done the same. 

IV. Afterword

Evil is the root of all money” — Nobuhiro Kiyotaki and John Moore

Finance emerges from a lack of trust, which is why there is a need for strong regulation to hold the whole thing together. But it can be undermined by fraud. Ultimately the buck stops with central banks (literally). Over the past decade central banks have been quite good at coming to terms with systemic risk. But payments systems are getting more complex and the participants are shifting. BaFin may be a maverick regulator, but a focus on one part of the system at the expense of another is clearly not good practice. 

How quickly the big picture comes into focus may depend on the nature of the Wirecard fraud. If it turns out to be ‘just’ an accounting fraud then progress may be made but the urgency could be low. If it turns out to be a money laundering fraud as well then the implications are more severe. And if it turns out that Wirecard has misappropriated customer funds, then we have an old-fashioned banking scandal on our hands.


More Net Interest

Stress Tests

The Federal Reserve released its annual stress test results for US banks yesterday, this year with a ‘Covid overlay’. The regulator guidance directed banks to the same place they had got to on their own initiative — buybacks banned but banks had stopped them anyway; and dividends restricted by a formula, but by no more than the market had anticipated (with the possible exception of Wells Fargo). The Fed has reserved the right to roll its guidance quarterly so some divergence may materialise in the future. It also wants to go again later in the year with another round of tests.

The tests highlight the difficulty trying to distil ‘an answer’ out of complex phenomena. The Fed devised three economic scenarios: a V (10% peak-to-trough GDP and 19.5% peak unemployment); a U (13.8% peak-to-trough GDP and 15.6% and peak unemployment); and a W (12.4% peak-to-trough GDP and 16% peak unemployment). It makes some assumptions on the second-order effects those scenarios have on customer behaviour and the third-order effects that behaviour then has on bank behaviour. But it stops short of incorporating the fourth(?)-order effects that policy response has back on the overall system. Unlike the UK Bank of England model which assumed a ~20% haircut on bank losses from fiscal response, the Fed makes no such assumption. Plus the whole thing is moving very quickly, hence the request to do a re-run later. 

It is perhaps no wonder that Governor Brainard threw her hands up and proposed the simpler solution that banks should just stop paying out capital until it all blows over. 

Switch from Cash

Covid has accelerated the shift from cash to electronic payments. ATM usage in the UK has been creeping back up since March but it is still down 46% on last year. Part of this is driven by what Paypal calls the “silver tech demographic” — the fastest growing demographic within its net new active customers are those over the age of 50. (I’m not quite there yet but never imagined that I would soon be categorised “silver”.) But because the costs of handling electronic payments are higher than the costs of handling cash, there is something of a backlash, particularly from small merchants.

A WSJ article drew attention to an independent coffee shop in Maryland which last year spent more on card-processing fees (US$18,645) than on green beans (US$12,827). The Bank for International Settlements estimates that in Europe the marginal cost of a cash transaction is €0.14 compared to €0.24 for a debit card transaction and €0.36 for a credit card transaction. All around the world authorities have taken measures to lower card fees. But on the other side of Covid, another round of measures could be forthcoming.

Bill Ackman

Six years ago I found myself with a front row seat at a lunch in London where Bill Ackman was roadshowing his Pershing Square Holdings IPO. Even though I was only feet away from him I nevertheless had to queue up after petit fours to ask him a question as other lunch guests cut in to have a selfie taken with him.

He put forward the argument that Pershing Square Holdings should trade at a premium to its net asset value because once it was announced that he had built up a position in a company, the company’s stock price would go up. What he didn’t caution at the time was that this relationship only held up so long as his previous trade was a good one. After a few bad trades Pershing Square Holdings slipped to a large discount to its net asset value. Now that he’s in the money again, Ackman is trying something similar. SPACs work by crystallising value tied up in the reputation of their promoter. This time he has a ticking clock — he has 24 months to find a deal and capture that value before the opportunity dissolves.