Yes, yes, the compliance community is buzzing today about the $850 million FCPA settlement announced Wednesday evening between U.S. authorities and Russian mobile phone company MTS.
We’ll get to MTS another day. The Justice Department also settled a securities and accounting fraud case yesterday with the owners of personal finance website Bankrate.com, and that one offers newer, more relevant lessons for compliance and audit executives. Let’s take a look.
Bankrate’s owner, private equity firm Red Ventures, agreed to pay $28.5 million in penalties and restitution for accounting fraud committed by two former executives while the website was a public company earlier this decade. Those then-senior executives (they’re in prison now) scammed investors via “cookie jar accounting” — where a company improperly books large reserves during good times, and then uses them to cover up losses during bad times.
First, this case offers several useful lessons to compliance and audit professionals about how executives might try to cook the books and then hide that misconduct from outsiders. Second, it’s also another reminder that strong governance and oversight matters, because that’s what Bankrate’s new leadership eventually did, and Red Ventures is walking away with a non-prosecution agreement despite egregious misconduct at the start of things.
The accounting fraud itself was masterminded by Ed DiMaria, Bankrate’s former CFO; and Hyunjin Lerner, the firm’s former vice president of finance. Both men have since pleaded guilty to personal criminal charges. DiMaria was sentenced last year to 10 years in prison, Lerner to 30 months.
So what was the scheme? As outlined in the Justice Department’s settlement order, in advance of Bankrate’s IPO in 2011, DiMaria and Lerner created an “accrued deal costs” account, where the company booked reserves for IPO-related costs that had been incurred, but not yet paid out. DiMaria and Lerner then recorded routine business expenses as accrued deal costs, and later reversed them — so they could manipulate earnings from quarter to quarter, to meet Wall Street expectations. (Hence the cookie jar metaphor: stuff costs into the account early, take them out later.)
Over a two-year period, DiMaria and Lerner crammed $1.8 million in routine expenses into that deal cost accrual account. (The account was known as “Ed’s cushion,” for pete’s sake.) They directed another employee to track those bogus expenses on a separate spreadsheet, which was kept hidden from Bankrate’s external audit firm, Grant Thornton. They also created sham entries on the balance sheet and other financial statements to cover up the scam.
Eventually everything unraveled, and in 2014 Bankrate announced a restatement of financial results for 2011 through 2013. By the time Bankrate completed that restatement the following year, investors had suffered $25 million in losses.
Internal Control Failures
The true mess here is abuse of management override: DiMaria, the CFO, short-circuiting proper accounting procedures to engage in fraud.
Managers do need the ability to override internal controls. Every time an employee asks for an exception to some corporate policy, he or she is essentially asking a manager to override a control. Hence the problem is abuse of management override.
That’s a tricky challenge firms can try to attack in several ways. First, it drives home the importance of strong accounting systems that rely on a single source of data — to make stunts like secret spreadsheets and bogus balance sheet entries harder to accomplish.
In a perfect world, accounting personnel should have transparency all the way down the chain of financial data: from balance sheet, to individual accounts, to individual transactions underlying those accounts, to supporting documentation for those transactions.
With more transparency in financial transactions available to more people, that also strengthens the other control to prevent abuse of management override: a speak-up culture. Yes, blowing the whistle on a corrupt CFO is daunting, and likely to give many employees pause. But when strong accounting systems make seeing the misconduct easier, talking about the misconduct becomes easier too — because the offending act can’t be refuted or hidden.
You want accounting systems designed to make unusual transactions stick out like a sore thumb, plainly visible to all. Those systems should rely on a single source of financial transaction data, not spreadsheets; with strong access controls and audit trails. Thankfully, technology today makes those goals much easier to achieve.
Governance and Investigation Failures
The other issue for Bankrate was its initial decision to evade probing questions from the Securities and Exchange Commission.
The SEC first began inquiring about Bankrate’s funny numbers in September 2012, while DiMaria was still CFO. Working with “previous counsel” back in 2012 and 2013 (we don’t know which firm), DiMaria steered the company so that it did reply to SEC document requests, but didn’t supply all relevant information. Some documents were outside the date range the SEC had asked about; others weren’t germane to the inquiry.
Only when Bankrate had to announce a financial restatement in 2014 did the audit committee take control over things. DiMaria resigned, the board hired new outside counsel to investigate, and “from that point forward, Bankrate fully and proactively cooperated” with the SEC and the Justice Department.
On one level — duh, what else would the audit committee do amid such a crisis? And from that decision, events would naturally bring Bankrate to where it is today: surviving with a non-prosecution agreement, since management today had nothing to do with DiMaria’s scheme at the early end of the decade. It’s a reasonable outcome, given the Justice Department’s philosophy rewarding corporate cooperation rather than punishing corporate misconduct.
On another level, however — why didn’t the audit committee take control of matters sooner? Because DiMaria had too much power to influence operations, because abusive management override was a weakness at the company. That’s how this point about cooperation ties back to our earlier point about accounting systems and visibility into suspicious transactions.
Strong accounting systems make suspicious transactions stand out more quickly and more prominently. Once those transactions are more visible, questioning their nature and origin becomes easier, because corrupt managers are less able to hide them away in a dark corner. Once employees can question potential misconduct more easily, escalation to the audit committee becomes easier, too.
And then, maybe, you can avoid any outcome with the Justice Department at all, even one as favorable as Bankrate’s owners received now.