From a massive accounting fraud scandal in Germany to deceitful consumer tactics among China-based companies to unethical practices on the environmental front in the United States—Compliance Week’s list of the top ethics and compliance failures of 2020 spans the globe.



Wirecard is to Germany what Enron was to the United States: An accounting fraud and oversight failure so epic in its scope and scale that its aftermath will forever alter the country’s auditing and accounting profession as it exists today.

The audacity of Wirecard’s deceitfulness is mind-boggling. From allegations of money laundering to falsifying accounts to fraudulently inflating its sales and profits—this is a case study for the history books.

Wirecard’s wrongdoing was only the half of it, however; denial was the other. This included blatantly ignoring warnings raised by a compliance officer, failing to cooperate with a KPMG audit, and allegedly duping EY through deceitful tactics. Ultimately, the payment processing company filed for insolvency just three days after acknowledging a “prevailing likelihood” that it fraudulently booked $2 billion in assets.

Now, the finger-pointing begins. In addition to the numerous investigations Wirecard itself is facing, EY is also taking heat for failing to uncover the fraud sooner. At the regulatory level, a scathing report issued Nov. 3 by the European Securities and Markets Authority found “a number of deficiencies, inefficiencies, and legal and procedural impediments” regarding the supervisory response of both Germany’s financial regulator, BaFin, and Germany’s accounting oversight body, the Financial Reporting Enforcement Panel (FREP), leading up to Wirecard’s collapse.

On an industry-wide level, big changes for the accounting profession are already afoot in Germany in direct response to the Wirecard scandal. The Federal Ministry of Justice and Consumer Protection, in consultation with the Federal Ministry of Finance, announced plans to terminate its contract with FREP at the end of 2021.


Luckin Coffee and iQIYI 


Luckin Coffee—the China-based equivalent of Starbucks in the United States—and China-based video streaming company iQIYI are two different companies in two separate industries, but the scams that each allegedly operated share the same detrimental impact on the U.S. accounting and auditing profession. Thus, both equally make our list of 2020 ethics and compliance fails.

Luckin and iQIYI represent just a glimpse into a much broader problem in which China-based firms listed on U.S. stock exchanges con U.S. investors out of billions of dollars—the focus of a 2017 documentary, “The China Hustle.” This problem is exacerbated by the fact the Public Company Accounting Oversight Board “continues to be prevented from inspecting the audit work and practices of PCAOB-registered audit firms in China on a comparable basis to other non-U.S. jurisdictions.”

For its part, Luckin is said to have fabricated most of its 2019 sales. An anonymous report shared by short-seller firm Muddy Waters sums up Luckin’s scheme in this way: “Luckin knows exactly what investors are looking for, how to position itself as a growth stock with a fantastic story, and what key metrics to manipulate to maximize investor confidence.”

separate report by investor activist firm Wolfpack Research (with assistance from Muddy Waters) highlighted similar allegations of overstated revenues at iQIYI. According to the report, iQIYI was “committing fraud well before its IPO in 2018 and has continued to do so ever since. Like so many other China-based companies who IPO with inflated numbers, IQ is unable to legitimately grow their business enough to true up their financial statements.”

In May, Luckin fired Co-Founder and CEO Jenny Zhiya Qian and Chief Operating Officer Jian Liu after more evidence emerged regarding the fabricated transactions. The U.S. Securities and Exchange Commission has launched investigations into both companies.


Wells Fargo 


“People can trust Wells Fargo to do the right thing, yes.”

That was the response given by Wells Fargo CEO Charlie Scharf during a Congressional hearing in March when he was asked whether customers can trust the scandal-plagued megabank in the wake of its failure to stem abuses in its banking, lending, and auto insurance divisions.

New evidence in the months following that hearing, however, pointed to the opposite being the case. According to a Wells Fargo internal memo, more than 100 employees were fired for creating fake profiles and filing fraudulent applications to get money from the Small Business Administration relief program—a program intended to help struggling small businesses amid the coronavirus pandemic. An asset cap placed on Wells Fargo in 2018 following the fake account scandal had temporarily been lifted by the Federal Reserve Board in order to grant the bank greater access to administer these loans, and this is how its employees repaid the gesture.

This is just the latest indication Wells Fargo still has a long way to go in instilling a culture of compliance—then the rebuilding of trust can begin.


Pacific Gas & Electric (PG&E) 


New allegations point to PG&E being at fault for one of the recent wildfires in California: Equipment from the embattled utility is suspected in the Sept. 27 Zogg Fire in Shasta County north of Sacramento, which would be the latest in a list of such catastrophes spanning decades.

In July, the California Department of Forestry and Fire Protection (CAL FIRE) found PG&E responsible for the October 2019 Kincade Fire in Sonoma County, which was “caused by electrical transmission lines owned and operated by [PG&E].” The Kincade Fire burned roughly 78,000 acres and destroyed 374 structures in the region.

Also this summer, PG&E exited Chapter 11 bankruptcy after agreeing to a $24.5 billion payout for wildfires it caused in 2015, 2017, and 2018. In June, PG&E pled guilty to 84 counts of involuntary manslaughter for the 84 lives lost in the 2018 Camp Fire.

Dishonorable mentions

Big banks: In the aftermath of the “FinCEN Files” report—the release of more than 2,100 suspicious activity reports (SARs)—what became clear is that the system for flagging potential wrongdoing needs to change … and it needs to start with financial institutions. Even though SARs concern potential “suspicious activity” of banking customers and aren’t by themselves proof of criminal activity, they should not be used as get-out-of-jail-free cards by big banks, which appears was the case in many instances.


National Rifle Association: One of the most politically polarizing associations in the United States came under fire (pun intended) after the New York attorney general sued the organization for a decades-long pattern of alleged fraud. The suit calls out the CEO and several top leaders by name, accusing them of puffing up expense reports with illegitimate trips and purchases to the tune of $64 million. Among the internal control failures cited by the New York AG is the lack of a chief compliance officer … or even a compliance department.


H&M Germany: The regional German data protection authority that handed out one of the biggest GDPR fines on record ($41.3 million) to H&M Germany called the company’s monitoring of employees’ behavior “extensive,” but we’ll take it a step further and call it both intrusive and inexcusable. According to the DPA of Hamburg, H&M team leaders would conduct “Welcome Back Talks” with employees after absences (vacations, sick leave, etc.) and would record details of those conversations that included their holiday experiences, symptoms of illness, and medical diagnoses. Not only does the content of those conversations cross a line, but storing the details of those conversations is obtrusive, reckless, and irresponsible.

An Oct. 16 letter by court-appointed monitor Mark Filip of law firm Kirkland & Ellis concluded PG&E had intentionally prioritized inspections in areas that posed a lower risk for fire and required little to no tree trimming so it could more easily meet state-mandated targets for inspection and remediation work. “[A]s the company pushed to meet its 2,455-mile [Enhanced Vegetation Management – EVM] target for 2019, it did not prioritize wildfire risk reduction according to its risk model,” the letter stated.

The letter was directed to U.S. District Judge William Alsup, who oversees PG&E’s criminal probation in a case related to the fatal San Bruno pipeline explosion in 2010. In the letter, Filip concluded the inspections and related analyses “identified material shortcomings in PG&E’s progress, as compared to its stated goals regarding wildfire risk reduction. This is not to say that the EVM and other wildfire mitigation work PG&E completed in 2019 and 2020 did not result in a meaningful reduction in the wildfire risk profile—they did, and directionally the risk profile is being lowered—but it strongly appears that the company failed to adhere to its risk models in its work execution and could have done better under its own chosen metrics and approaches.”

In court documents, PG&E denied the findings and argued it was not its intent to schedule work based solely on risk ratings. Nonetheless, PG&E continues to demonstrate it has miles to go to effectively enhance its governance, risk mitigation, and operational safety measures. And lives are at stake the longer it takes.


Environmental Protection Agency 


The “Environmental Protection Agency” is a misnomer, until it earns its name back.

The agency makes this year’s list of ethics and compliance fails for (disgracefully) having used the coronavirus pandemic as an excuse to issue a blanket enforcement discretion policy—rather than on a case-by-case basis—stating its intention to not seek penalties for violations of routine monitoring and reporting obligations “in situations where the EPA agrees that COVID-19 was the cause of the noncompliance.”

In truth, the pandemic is an easy scapegoat for the EPA. In December 2019, The New York Times published a comprehensive analysis on dozens of environmental rules and regulations that have been rolled back under the Trump administration. In totality, these rollbacks drastically cut back on disclosure obligations by oil and gas companies to report methane emissions; reduce emissions standards; put wildlife refuges and national parks at great risk; and open protected marine areas to commercial overfishing, among many other long-term, environmentally disastrous implications.

We will find a vaccine for COVID-19, but there is no cure for the health and safety risks posed by climate-related catastrophes due to extreme scaling back of environmental rules and regulations. So, until it demonstrates otherwise, the EPA should rightly change its name to the Environmental Destruction Agency.