What tech investors can learn from three under-fire CEOs

Close-up profile photograph of Elizabeth Holmes

We’ve seen three high-profile corporate scandals recently, with three larger-than-life business leaders facing serious allegations. The companies at the centre of the action are Theranos, Wirecard, and Autonomy, and all three CEOs have been charged with fraud.

The former CEO of Theranos, Elizabeth Holmes, has been found guilty of fraud and is facing up to 20 years in prison. Holmes touted Theranos as a health technology company, raised $700 million, featured in Forbes, and defrauded a catalogue of wealthy families as well as a number of prominent statesmen.

The payment processing firm Wirecard’s former CEO Markus Braun languishes in jail after his bail was revoked. Braun is awaiting trial on charges of fraud, breach of trust, and accounting manipulation. But that’s the sanitised account. For the money shot, read Money Men by Dan McCrum, the Financial Times (FT) investigative journalist who brought down Wirecard. That book reads like a mash-up between the novelist John le Carré and the late, great gonzo journalist Hunter S Thompson.

Lastly, Autonomy founder and former CEO Mike Lynch is on track to be extradited to the US where he faces charges of wire fraud and conspiracy to commit wire fraud. Lynch created his company's core product, Intelligent Data Operating Layer (IDOL), a clever bit of kit focused on the analysis of unstructured data.

Three previously highly regarded CEOs are in a whole lot of hot water, awaiting sentencing, awaiting trial and awaiting extradition. These scandals provide useful fodder for investors generally, but tech investors especially, to recast what we think we know about corporate governance and due diligence. However deep their pockets, no investor can afford to put their money into a scheme that’s bound to fail in the future – or worse, is already failing now.

What difference does jurisdiction make?

There's a good deal of academic literature on corporate governance models in the UK, the US and Europe. Typically, the authors will make a case for one of these jurisdictions as a pre-eminent destination for investors because of oversight, monitoring and/or control of management. As if to demonstrate this is not the case, each of these businesses was incorporated in a different jurisdiction; Theranos in the United States, Autonomy in England and Wirecard in Germany.

Whether Theranos could have occurred in Germany isn’t for me to say. What I can say is that, obviously, each jurisdiction is capable of delivering a type of fraud that is really damaging to the investor. While jurisdiction provides no sanctuary, there’s no immunity for professional investors either.

Auditors and the value of verification

It’s a normal function of any professional team working to acquire a business or invest that they would seek to verify statements made by these companies with respect to cash reserves, revenue streams, profitability and so on.

Typically, auditors can be relied upon. Unfortunately, in the matter of Autonomy and Wirecard, the auditors failed to properly scrutinise the businesses they were auditing. Deloitte’s audit of Autonomy enabled Lynch and his Chief Financial Officer (CFO) to “present a misleading picture of its financial position”. Similarly, Ernst & Young’s audit of Wirecard’s revenue stream failed to reveal that the apparently highly profitable and cash-rich company was neither profitable nor rich.


Using application migration and modernisation to supercharge business agility and resiliency

Modernisation can propel your digital transformation to the next generation


This is deeply discouraging for any investor who would consider auditors a sound and reliable resource. Truth buys trust and if auditors aren’t capable of getting to the truth, then their reports are of no value. It raises the question: can an auditing business be truly independent when it’s dependent on the subject of its audit for revenue?

Verifying with independent, trusted experts has enormous value. Had Theranos investors checked with professionals from the pharmaceutical or biomedical sectors, or a medical doctor, then it’s entirely conceivable that they would have learnt the tech wasn’t possible and avoided substantial losses.

What could profiling the CEOs have achieved?

Profiling the CEOs of Autonomy and Wirecard would not have revealed anything that might have assisted the investors. If anything, the exercise may have been a source of comfort.

Lynch was a gifted academic, and he earned his PhD from Cambridge. Braun’s undergraduate degree is in commercial computer science and he completed his PhD in social and economic sciences while working as a KPMG consultant. On paper, these guys look like the real deal.

This is in stark contrast to Holmes. She had no background in any of the disciplines necessary to take part in, never mind run a medical diagnostics equipment project. If only those investors had checked.

Can you check the tech?

In the case of Autonomy, checking the tech did not assist in revealing the fraud. The product IDOL worked. In fact, IDOL worked so well that in the summary judgement, the judge referenced words attributed to Meg Whitman who became CEO of HP. She said it was “almost magical”. Tech doesn't go to the heart of the Autonomy fraud, which is a plain vanilla key metric and earnings manipulation fraud.

Investors in Wirecard, like Softbank for example, may have had more luck had they checked the tech before pumping in nearly €1 billion into the failing firm. Wirecard was, on the face of it, a profitable payment processing firm, but its revenues were fabricated. Checking the tech would have revealed data relating to the payment process. The payment process involved a few different actors: the end user, the issuing bank, the merchant and partners. A closer scrutiny of a random set of payments could have followed these “payments” up or down the pipe. Fabricating revenues is one thing. Fabricating users interacting with merchants and issuing banks is beyond the wit of men.

The most egregious tech fraud is undoubtedly Theranos. Its blood-testing system amounted to wires in a box. The tech didn’t exist. To test the efficacy of the Edison, the investors would only have needed to have had known an answer to a question in advance and sense checked that against the Edison’s response. The lack of imagination and determination by investors to verify the efficacy of this tech makes this a dreary fraud.

The great thing about techies is they want to show you how their kit works. They want to show you all the clever features, and when it works, they want you to play with it. Whether you’re investing in the firm or the technology, always kick its tyres. It’s the fastest way to determine whether something works.

Dubious morals are a giveaway

Both Wirecard and Theranos engaged in tactics that fell well beyond normal business practices, including surveillance, doorstepping, intimidation and threats against analysts, journalists and former employees. That is shameful behaviour. It indicates a willingness to cross the line that should have put current and future investors on notice of a failing firm. Integrity and principles aren’t subject to the hokey cokey routine. You’re either in or you’re out. The firm either behaves in a principled manner or it doesn't.

Another red flag was missed in both of these cases; individuals within the firms were promoted well beyond their capabilities into critical business roles while experts were demoted, demeaned and defamed. This shows such poor leadership that this alone should concern investors.

Why investors, meanwhile, didn’t raise an eyebrow when lawyers for Wirecard and Theranos pursued credible, leading global publications in an effort to silence them is anyone’s guess.

It's to their endless credit the investigative journalists and editors at both the FT and the Wall Street Journal (WSJ) wouldn't be intimidated into submission. Uncovering these frauds and bringing them to light was only possible because both publications had the might and the resources to withstand such tactics.

Doing your homework goes a long way

Anyone looking to invest in tech should not only be doing a lot of reading, but carefully considering the sources of that information. Had investors such as Softbank put more weight in the reports from the FT about Wirecard they could have saved themselves €900 million.

Auditors, as we learned, can’t be relied upon. They’re paid by the company and in no way meet the definition of “independent”. While large auditing firms hold themselves out as the unrivalled experts, that changes when they’re caught up in a fraud.. At that point, they’re only human. More of that humility at the front end and more confidence at the back end of these scandals would help to restore the reputation of some of these players.

Academic theory suggests that optimising for corporate governance makes a difference. The reality is that criminals will work around every system to perpetrate their fraud. Investors can’t afford to be complacent.


Achieving software health in the microservices age

Tips and tricks for the new and emerging remediation methods


Ultimately, what investors did right was to seek to verify the statements made by these firms. What they did wrong was to rely on sources that weren’t credible and simultaneously to dismiss those that were. To avoid a similar fate, investors would do well to rely on trusted, independent experts.

However you carve these scandals up, these leaders operated from the same fraud playbook. They overstated performance, recorded bogus revenue, and they trusted that the mocked documents painted a picture of firm value and that no one would bother to check. For all their differences, these scandals relied on the same tactics: dishonesty, deflection and misdirection. They just had different products.

Rois Ni Thuama PhD is a doctor of law and an expert in cyber governance and risk mitigation. She is head of cyber governance for Red Sift.