The Wirecard debacle calls for a rethink of EU, not just German, financial reporting supervision
The spectacular collapse of Wirecard AG should serve as a wake-up call for the European Union on the need to pool the relevant supervisory mandates at
Wirecard AG, the Munich-based payments and financial services company that was a member of the DAX index of Germany’s 30 leading blue chip stocks, collapsed spectacularly and filed for insolvency on June 25, 2020. Among many lessons, this disaster has revealed major gaps in audit regulation and accounting enforcement in Germany and by extension in the European Union (EU). Like in other areas of financial supervision, having oversight over financial reporting in an integrated EU market only at the national level generates perverse incentives that impair supervisory effectiveness. The policy response to this challenge should be to pool the relevant supervisory mandates at the EU level.
This blog focuses on the financial transparency aspects related to Wirecard as a publicly listed company, leaving aside other important policy issues such as whether Wirecard should have been more tightly supervised as a payment services provider. The quality of listed companies’ financial reporting is critical to protecting investors and to the integrity and efficiency of securities markets.
A twin failure of audit regulation and accounting enforcement
In what is publicly known of the Wirecard story, none of the lines of defense that exist to prevent accounting misstatements appears to have functioned properly. Not the internal controls, the effectiveness of which “is monitored by the Supervisory Board of Wirecard AG” according to the company’s 2018 annual report, the last it published. Not the auditors, who in that same report state that Wirecard’s financial statements “give a true and fair view of the assets, liabilities, and financial position of the Group as at 31 December 2018.” (It appears that financial reporting malpractice at Wirecard started several years ago, and that the auditors omitted to perform basic controls.) And not the national accounting enforcement authorities, who are empowered to remedy any failures of publicly listed companies like Wirecard to publish financial statements that are compliant with the relevant standards, namely the International Financial Reporting Standards (IFRS) as adopted by the EU. The latter two lines of defense are matters of public policy.
Auditors act under a public mandate, enshrined in national legislation, which is only spottily harmonized at the EU level. They are also subject to public supervision. Following the high-profile bankruptcies of Enron and WorldCom, the US Sarbanes-Oxley Act of July 2002 established the Public Company Accounting Oversight Board (PCAOB) as the US audit regulator, with a mandate to inspect auditors and penalize those that conduct improper audits. EU countries have established their own audit regulators, in part to cooperate with the PCAOB to support US stock market listing of companies based in their respective territories. (China is the global outlier in terms of cooperation with the PCAOB, but this may be changing.) Germany’s audit regulator is the Auditor Oversight Body (Abschlussprüferaufsichtstelle), a tiny entity that is incongruously lodged in the Federal Office for Economic Affairs and Export Controls (Bundesamt für Wirtschaft und Ausfuhrkontrolle), an agency under the Economics Ministry.
As for accounting enforcement, in most EU member states it is in the hands of the national securities regulator, mirroring the United States, where the task belongs to the Office of the Chief Accountant within the Securities and Exchange Commission (SEC), the federal securities regulator. Germany has an idiosyncratic “two-stage” accounting enforcement framework, with two entities in charge: the Financial Reporting Enforcement Panel (known as DPR for Deutsche Prüfstelle für Rechnungslegung, or colloquially as the Bilanzpolizei—the balance sheet police) as a “first stage;” and BaFin (Bundesanstalt für Finanzdienstleistungsaufsicht), a public agency whose many tasks include securities regulation, as a “second stage,” stepping in when the DPR’s first stage is viewed as having failed to resolve a problem. The DPR is a private-sector entity that brings together national employers’ associations, trade unions, and industry associations of banks, insurers, and accountants, among other members. It operates with a small budget, €5.5 million in 2019.
Economic nationalism and national supervisory incentives
On the basis of publicly available information, it appears that this system failure to prevent Wirecard’s accounting malpractice was at least partly the result of a consensus among these various players to defend the company as Germany’s foremost financial technology success—“this delicate homegrown plant that needed to be protected,” as left-wing parliamentarian Fabio De Masi was quoted describing it in the Financial Times. In April 2019, BaFin went as far as filing a complaint against the FT journalists who had started investigating Wirecard’s alleged irregularities, even after it had asked the DPR to start an investigation of its own. In other words, economic nationalism—the impulse to protect and promote national corporate champions whose success is somehow deemed to be aligned with the national interest—twisted the incentives of authorities and led them to neglect their primary mandate, in this case the protection of investors and of the integrity of the German securities market. As the FT further quoted De Masi, “[a]nyone asking awkward questions [about Wirecard] was seen as trying to run down Germany and its finance sector.” One suspects that such perverse incentives were exacerbated by the fact that most of Wirecard’s competitors were outside Germany, particularly in the context of the EU internal market, which has eliminated many cross-border barriers to entry. In a closed national financial system, national authorities have reasons and means to resist a supervisory race to the bottom, but that is much less the case in the EU single market.
This pattern is not unprecedented. The combination of EU integration and national public oversight has distorted national authorities’ incentives to the point of making them neglect their core mandate in cases including the prudential supervision of banks and anti-money laundering (AML) supervision. In both cases, economic nationalism and related dynamics led to system failures, respectively, in the early and late 2010s. In both cases, the policy response has involved changing the incentives through supervisory centralization: respectively, European banking supervision (also known as the Single Supervisory Mechanism) entrusted to the European Central Bank (ECB), initiated in 2012; and an ongoing process of pooling AML supervisory entity in a single EU agency. Whereas European-level authorities can suffer from being less cognizant of national specificities, they are structurally less subject to capture.
Suggestions and prospects for EU reform
In light of the Wirecard debacle, financial reporting supervision calls for similar thinking on the policy response. The public mandates of both audit oversight and accounting enforcement should be pooled at the EU level, replacing the existing loose coordination structures. This could be done either directly within the European Securities and Markets Authority (ESMA), an autonomous EU agency that was created in 2011 and has legal capacity to make enforcement decisions of its own, or through a new specialized EU entity, possibly placed under ESMA’s oversight, like the SEC oversees the US PCAOB. It would also help bringing the reality of EU financial supervision closer to the bloc’s proclaimed vision of a capital markets union.
As ever, there are powerful obstacles to such reform. They include some member state governments’ defensive approach to sovereignty, according to which dysfunctional national supervision is preferable to more effective EU-level supervision; protection by incumbent national authorities, audit regulators, and accounting enforcers of their existing turf; and lobbying by private-sector participants that prefer lax local supervision driven by economic nationalism to what is likely to be a more demanding approach by an EU authority. The German government’s initial reaction appears to consider change only at the margin, for example replacing the DPR with another entity or merging it into BaFin. But the cases of prudential and AML supervision demonstrate that such obstacles can be overcome. They also represent relevant precedents from which to draw lessons on how to best design an effective EU framework. The European Commission’s announcement of an ESMA investigation of BaFin is a start, but the discussion will need to be broadened to supervisory structures.
To be sure, no supervisor is perfect, and pooling these mandates at the EU level would not be a panacea. The efficacy of audit regulation, in particular, remains debated. Even in the United States, where the PCAOB has vastly more resources than all its EU counterparts taken together, auditors may still have lapses. But the reforms suggested here would undoubtedly represent a significant improvement in the quality and credibility of supervision and ultimately of financial reporting by listed EU companies. The Wirecard shock should serve as a wake-up call.
Disclosure: The author is an independent non-executive director of the global trade repository arm of DTCC, which include EU operations that are supervised by ESMA.