In the days leading up to its twentieth anniversary on July 15, 2012, as a registered U.S. Futures Commission merchant, peregrine financial group inc., or PFG-best, saw its chairman and founder Russell Wasendorf unsuccessfully attempt suicide, had its trading halted by regulators, and Filed for bankruptcy protection under chapter 7 (liquidation).
Before the week was out, 98 percent of all customer positions were liquidated and the assets were in the hands of a trustee. These outcomes were not the consequence of some huge market meltdown or panic, but were directly tied to a new regulatory mandate requiring the use of an electronic confirmation request.
While only excerpts of Wasendorf's suicide letter have been released to the public, there is little doubt of the actions that he detailed, and the consequences. He clearly admits to committing fraud from customer accounts, embezzling the funds. He states that he created and used false bank statements, and that he maintained a post office box that he used to receive correspondence, including written confirmation requests from auditors on which he forged bank official signatures. To ensure that no one else would become aware of the fraud, he insisted that all bank mailings and correspondence come directly to him unopened, and he had the only online access. As the founder and sole shareholder of the company, he could exert strong influence over his employees.
But when regulators began to press him to allow electronic confirmations of his holdings, published reports suggest that Wasendorf realized he couldn't conceal his fraud for much longer.
REGULATORS AT WORK
After the MF Global scandal of November 2011, the self-regulatory organization overseeing the industry, the National Futures Association, formed an SRO Committee with the Chicago Mercantile Exchange and representatives of other exchanges, including the InterContinental Exchange or ICE, the Kansas City Board of Trade and the Minneapolis Grain Exchange.
According to the Senate Agriculture Subcommittee testimony of CME Group executive chairman and president Terrance Duffy, the SRO Committee implemented or is in the process of implementing:
1. Using an electronic confirmation tool, Confirmation.com, in regulatory audits, to verify bi-monthly SIDR (investment reports) and for periodic review of the accuracy of daily segregation statements; and,
2. Rules requiring all futures commission merchants, or FCMs, to provide direct access to bank or depository accounts to confirm segregated fund balances on a surprise basis.
The NFA board in May 2012 (a month prior to the collapse of PFG-Best) proposed new rules that have already been approved by the Commodities Futures Trading Commission, as follows:
1. All FCMs must report their financial condition on the NFA's Web site, including capital requirements, excess capital, amounts in customer segregated funds, excess segregated funds, whether proprietary trading is occurring (as defined by the Volker Rule), and whether any custodial bank holding customer funds is an affiliate of the FCM.
2. All FCMs must report how segregated customer funds are invested and available on the NFA Web site (the frequency of reporting was not mentioned).
3. If there is a change in excess segregated funds of 25 percent or more in a single day that is not for the benefit of the customer, then a financial principal must approve the disbursement and notify the designated self-regulatory organization and certify that the firm remains in compliance with segregation requirements.
The Futures Industry Association had several internal control recommendations that were due to be presented to the FCM Advisory Committee in August, including:
1. A requirement for FCMs to ensure a proper and appropriate separation of duties for staff responsible for compliance rules on customer accounts.
2. A requirement to document policies and procedures for segregated accounts, selection of banks and custodians, and the maintenance or withdrawal of excess funds deposited by firms in segregated accounts.
According to Confirmation.com founder Brian Fox, the first contact made by the National Futures Association to his company occurred in mid-2011 - several months prior to the MF Global meltdown, and almost a year before the PFG-Best events. This shows that the regulators at the NFA were on the right track to commence a dialog with a better way to audit - the only issue may have been the speed with which this change was initiated.
IMPROVING CONFIRMATIONS
The confirmation process is a source of reliable and relevant evidence for the auditor when performing an audit, assuming that certain characteristics are associated and present in the process. These characteristics are as follows:
1. Direct communication with and a response from a validated, knowledgeable third party who is authorized to respond and is free of bias.
2. The auditor must maintain control over the entire confirmation process.
3. The auditor must exercise due professional care and judgment, including professional skepticism, in assessing the quality of the evidence supplied.
The American Institute of CPAs' rules governing an audit -- which are not necessarily required by regulatory agencies -- mandate that when faxed copies of confirmations are received, the fax should be followed by a confirming telephone call and a request that the faxed copy also be sent via U.S. mail.
Auditors for years have been confirming with third parties the balances in many different types of accounts (cash, receivables, payables, notes, loan, etc) via the use of paper documents distributed through an impartial and trusted third party intermediary -- the U.S. mail. Over time, auditors have been duped by weaknesses inherent in the paper-based process, including falsified responses, pressures on the third-party respondents to falsely respond to requests, mail going to improper addresses, and many other forms of sabotage.
In an "in-network" electronic confirmation process (such as Confirmation.com's), the auditor securely logs into a value-added network that confirms their identity and accepts the confirmation in standard format addressed to another "in-network" respondent (a bank, vendor or customer). The confirmation is delivered to the proper respondent party after the identity is authenticated and a response is provided and sent securely to the auditor. The value-added network handles the delivery, authentication, and secure communications end-to-end.
RED FLAGS GALORE
At PFG-Best, a number of "red flags" were identified, some dealing specifically and directly with the audit and audit-related matters, and others questioning the character of management, operations and the general sense of ethics existing at the company:
Questionable confirmations. In early 2011, PFG-Best had a routine annual audit by the NFA. A confirmation was received back from U.S. Bank indicating that there was less than $10 million in the customer segregated account, when the auditors were expecting over $200 million. The NFA auditors inquired about the discrepancy to PFG-Best management, only to find out that several days later a new confirmation was faxed in on U.S. Bank letterhead stating that the account had in excess of $218 million.
No one is certain why the new faxed form was accepted over the direct-mail version received or why further inquiries (a call to U.S. Bank) were not made. Testimony before the Senate Committee on Agriculture, Forestry & Nutrition asked just this on Aug. 1, 2012, but the answer from the regulator was that a call to the bank is a lower form of evidence than a written confirmation. Actually, any evidence breaking the "tie" would have been preferred to no evidence at all.
Sole-practitioner auditor. PFG-Best used a sole practitioner working from a residential location to perform the audit of its wholly owned subsidiary, Best Direct Securities LLC, since 2008. The CPA firm was located in Glendale, Ill., to audit the firm in Cedar Falls, Iowa, and went by the name Veraja-Snelling & Co. The use of this name appears improper and may cross the threshold of being "misleading" under Illinois law since there is no "& Company" behind the sole proprietor, Jeannie Veraja-Snelling.
Further, according to a press release of a client for which Veraja-Snelling performed the audit, the firm had "over 20 years of audit and fraud prevention experience." According to the State of Illinois and several published accounts, Ms. Veraja-Snelling has been personally licensed as a CPA since 1999 and her firm has been registered since 2008. Unless she was licensed in other jurisdictions, the math does not appear to add up to the experience claimed. Additionally, the auditor certified compliance with Section 404 of the Sarbanes-Oxley Act, stating that after review of the internal controls over financial reporting, there were no material weaknesses noted.
Failure to complete proper inquiries in light of whistleblower direction. According to The New York Times, there were at least two occasions (2004 and 2009) in which a letter was sent to one or both regulators (the NFA and the CFTC) directing them to prevent the misuse of customer funds. No one knows how seriously the NFA took these tips, but there is no public record of any investigation relating to these issues.
Lack of independence. The NFA audited Wasendorf's company while he sat on the Board of Advisors of the NFA - which is a very visible and revered position. This is a clear conflict of interest.
Too many flags to count: A host of other management, operations and ethical red flags exist going back as early as 1995, including 31 NFA arbitration disputes; frequent fines from the NFA and the CFTC for improper reporting, failing to audit a broker, and misleading claims in promotional material; a $500,000 court award to a client over misuse of client funds; and many more.
CONCLUSION
While the PFG-Best case is far from the largest scandal, it painfully illustrates how inept many of our auditing processes are and how little we have learned from previous scandals (especially involving confirmation fraud). For years, electronic confirmations have been available and accepted into the standards deployed in the auditing community, but they have not achieved widespread adoption. Regulators and auditors failed to read the numerous warning signs of things to come (red flags) and continued to trust management despite the autocratic structure found at PFG-Best.
Regulators and investors must look at the auditors to see if they possess the skill and expertise capable of performing a quality audit.
Dr. Steven A. Solieri, CPA, CMA, CIA, CISA, CITP, CFF, CRISC, is an assistant professor at Queens College at City University of New York.
