Frauds don’t happen by accident – they require intent. In the rare instance that a fraud does occur, investors expect that the gatekeepers of fair financial reporting, the auditors, will be there to detect the fraud and protect their investment before it’s too late. But what happens when the gatekeepers don’t comply with the industry’s bare minimum standards of competency and quality? We get FTX’s bankruptcy and Prager Metis’ audit failure.
To be clear, the FTX fraud and resulting bankruptcy was first and foremost the result of actions perpetrated by its founder, Sam Bankman-Fried (frequently referred to as SBF). But for the fraud to persist and grow to the scale it did, it required negligence-based fraud on behalf of its auditor, Prager Metis, which recently settled misconduct charges brought by the SEC, agreeing to pay $745,000.
These charges are good for the industry, good for investors, and should help deter similar actions by opportunistic accounting firms in the future.
Auditing standards require at a minimum that auditors understand the entity and its environment, that it has the competency and independence to perform the audit, and that it can’t effectively staff the audit, among other things. These standards apply whether the audit client is a first-time client, a small local thrift shop, or a multibillion-dollar cryptocurrency exchange with a related party trading firm.
Prager Metis, which is based in New York, rushed into the latter space with abandon. The firm was the first to announce a metaverse headquarters in Decentraland. The firm took on FTX as a client. It apparently wanted to be seen as the accounting firm of the future. And yet, as the SEC has charged, it lacked the basic understanding and competency to audit the industry.
The blockchain and cryptocurrency industry has been plagued by frauds almost since its inception, even if fraud instances have seemed to contract from their 2018 levels. The industry itself is a high-risk industry requiring specialized knowledge and a deep knowledge of how traditional exchanges, blockchains, and investment strategies work together. Prager Metis seemingly lacked that fundamental knowledge. It didn’t understand the related party risk that FTX’s trading arm, Alameda Research, presented. And it didn’t do the due diligence to ensure that customers and investors were protected.
In situations like this, it’s always easy to play Monday morning quarterback and say this could have happened to any auditor and any client. But here, the failure was idiosyncratic. Prager Metis’ audit failed, and it failed because they didn’t mean the minimum standard for due professional care. And there were signs aplenty. FTX apparently kept its accounting record in Slack channels, personal messages, and QuickBooks. QuickBooks is a fine tool if you are a small business owner just starting out. It’s an unacceptable tool for a complex currency exchange worth billions and should have set off alarm bells for the auditor. Yet it didn’t. Maintaining records in Slack should have raised red flags. Yet it didn’t. The billions in cash transferred between FTX and Alameda should have raised red flags and led the auditor to investigate the relationship further. And yet it didn’t.
Read more: Francine McKenna – ‘A Complete Failure of Corporate Controls’: What Investors and Accountants Missed in FTX’s Audits
These aren’t complex misunderstandings in gray areas. They are clearly identifiable risks Prager Metis should have identified, responded to, and sought more evidence about to ensure the risk of a misstatement were lowered to a reasonable level. Prager Metis, as charged by the SEC, didn’t apply the appropriate level of skepticism to respond to the risks in large part because they seemed to lack the understanding or have the technical knowledge on crypto clients necessary to meet auditing standards.
The SEC’s actions should be warning signs to accounting firms regardless of their involvement in the cryptocurrency or blockchain industry. Just because there is a new and interesting field, like crypto, seeing huge inflows of cash doesn’t mean all accounting firms should jump in headfirst, even if there is new a market with new revenue streams waiting. Gaining an understanding of a new technology and industry takes time, research, and experience. If accounting firms don’t have the ability to upskill quickly, they would be wise to be late adopters to the industry and not first movers.
The actions by the SEC also show investors that regulators are still doing their job even when the gatekeepers fail to do theirs. They are still holding firms accountable when they fail to follow generally accepted auditing standards. They are still imposing fines and imposing independent quality control procedures even as the industry is preparing for more enhanced quality management standards in the coming years. And they are still watching over the watchdogs, the independent auditors.
Current and future auditors of crypto exchanges and blockchain businesses and platforms are clearly on notice from the SEC: know your industry and your client, or stay out. The standards are merely the minimum requirement. With new industries and clients, auditors need to go above and beyond to understand the risks the new industry and clients present. Reaching this standard won’t prevent bad actors from committing frauds. But it will greatly increase chances that the auditor correctly detects the fraud before investors are irreparably harmed – a task made significantly easier when the auditor has the competency and expertise to identify the risks early.
And, if a future auditor fails to heed the SEC’s warning, they too can expect swift and decisive penalties, sanctions, and actions.
Note: The views expressed in this column are those of the author and do not necessarily reflect those of CoinDesk, Inc. or its owners and affiliates.
