A grand jury indictment unsealed Monday by the U.S. Department of Justice charges five former KPMG audit executives and one former professional at its regulator, the Public Company Accounting Oversight Board, with conspiracy and wire fraud, alleging they repeatedly used stolen confidential regulator information to subvert KPMG’s regulatory inspection process.
The DOJ complaint suggests, however, that at least five more unnamed KPMG partners and one outside consultant either knew or chose to ignore the illegal source of the information.
The DOJ and the SEC allege that three KPMG partners lured three PCAOB employees — Brian Sweet, Cynthia Holder and Jeffrey Wada, all certified public accountants — into the conspiracy with promises of jobs at the accounting firm in exchange for stolen information. Sweet and Holder were later hired by KPMG; Wada remained at the PCAOB. Once at KPMG, Sweet’s and Holder’s jobs were then threatened if they did not continue to provide information.
The SEC said Sweet’s supervisors — David Middendorf, KPMG’s then-national managing partner for audit quality and professional practice, Thomas Whittle, KPMG’s then-national partner-in-charge for inspections and David Britt, KPMG’s banking and capital markets group co-leader — encouraged him to divulge stolen information to them and others at the firm.
The conspiracy to steal the regulatory inspection data lasted from 2015 and 2017, according to the charges.
Read: Former KPMG executives arrested on conspiracy charges
Middendorf, Whittle, Britt, Sweet and Holder were terminated by KPMG in April of last year when the scheme was uncovered, along with KPMG’s top U.S. audit practice executive who was not named in the complaints by the SEC or DOJ. Wada left the PCAOB in March 2017, according to the DOJ.
The PCAOB and SEC had been pressuring KPMG to improve its audit quality. For example, nearly half of the KPMG audits that the PCAOB inspected in 2013 were found deficient. KPMG hired a consultant in April 2015 for $250,000 with a promised bonus for good results, to assist KPMG in predicting the engagements the PCAOB would inspect. When Sweet was hired, a month later, he was asked to provide the PCAOB data to the consultant and to the KPMG partner in charge of the project.
That is the first of a number of instances where the DOJ and SEC suggest that many others knew or should have known — when the lists of potential inspections were discussed at lunches, in meetings and in emails — that the information came from illegal access to confidential PCAOB data by these former employees of the regulator now at working at KPMG.
The alleged scheme required a joint effort by the named defendants but also the complicity of others in the firm, including partners referred to in the DOJ complaint as Partner-1, Partner-2, Partner-3 and Partner-4 who were explicitly told by Sweet that their audits would be inspected before that formal announcement came from the PCAOB and used that information to fix audits ahead of those inspections, including audits at seven KPMG bank clients.
In addition to sharing the 2015 list of PCAOB inspections at KPMG with Middendorf, Whittle and Britt, Sweet also told at least one KPMG engagement partner who had not yet received notification from the PCAOB that the partner’s engagement would be subject to inspection, according to the Justice Department. He also showed a 2015 PCAOB inspection planning spreadsheet to additional KPMG partners, using it to explain why the PCAOB had selected certain audits for inspection.
On Feb. 3, 2017, at Whittle’s direction, Sweet notified several additional partners that their engagements would be inspected, the Justice Department said.
It wasn’t until early 2017 that another KPMG professional, Partner-5, reported the scheme to his superiors and then to the firm’s general counsel, who reported the misconduct to the regulators, according to the DOJ.
Sweet has already entered a partial settlement with the SEC, according to the regulator, agreeing to a permanent bar from appearing or practicing before the SEC as an accountant. He has also pleaded guilty to criminal conspiracy and wire fraud charges related to his involvement in the scheme and is cooperating with the government.
Robert Stern and Melinda Haag, partners at Orrick, the law firm representing Britt, emailed “the government has unfairly targeted Mr. Britt in this case. The allegations in the indictment against David involve conduct that is simply not a crime, and we look forward to proving his innocence in court.”
Attorneys for the other defendants did not respond to a request for comment.
KPMG, in a statement, said it’s been fully cooperating.
“When KPMG first discovered the issue in early 2017, we promptly notified the authorities and have been fully cooperating with the Government in its investigation. KPMG took swift and decisive action, including the engagement of outside legal counsel to conduct a detailed investigation and the separation of involved individuals from the firm. Since then KPMG has taken remedial actions to assure that such conduct cannot happen again. Integrity and quality are paramount for KPMG, including operating with the utmost regard for the critical importance of the regulatory process to our profession.”
On a call with reporters after its charges were announced, the SEC’s co-director of enforcement Steve Peikin told reporters that the investigation regarding additional individuals or organizations is continuing.
“I doubt the KPMG firm will be subject to any sanctions or its global network harmed by this episode,” said Jim Peterson, a former in-house attorney for Arthur Andersen and the author of the book, “Count Down: The Past, Present and Uncertain Future of the Big Four Accounting Firms.”
“Like the Hydra, KPMG has more than enough resources to immediately regenerate leadership after lopping off several top executives of its audit practice. KPMG has more to fear globally from its troubles in South Africa, or as a result of the Carillion failure in the UK.”
KPMG is the auditor of Carillion, a UK construction firm that is now in receivership, and is currently under investigation by South Africa authorities who have accused KPMG South Africa of criminal breaches of company law over its ties to a corruption scandal related to state-owned companies.
SEC Chairman Jay Clayton also put out a statement on Monday, specifically addressing any concerns that KPMG audits may have to be withdrawn because of the alleged fraudulent manipulation of audit workpapers and post-audit additional work to cover up errors based on the illegal early warnings about inspections.
“Based on discussions with the SEC staff,” wrote Clayton, “I do not believe that today’s actions against these six individuals will adversely affect the ability of SEC registrants to continue to use audit reports issued by KPMG in filings with the Commission or for investors to rely upon those required reports.”
Former SEC Chief Accountant Lynn Turner is not convinced KPMG’s audits should still be relied upon. “This episode raises a serious question about the culture of the KPMG firm. Under the circumstances, how can the SEC expect investors to trust KPMG’s audits?” asked Turner.
“I’m not convinced the SEC has done enough to ascertain that these KPMG audits, especially the seven bank audits, are credible and will be credible in the future,” Turner told MarketWatch in an interview.
The SEC’s Peikin was also asked on the Monday press call whether the agency is investigating other firms for similar misconduct. He told reporters that he can’t comment on any other investigations because the SEC has not said anything publicly about investigations at other organizations.
A spokeswoman for PCAOB Chairman William D. Duhnke highlighted in a statement that the PCAOB has been cooperating with the SEC and DOJ actions. “Immediately upon learning of the alleged misconduct last year,” the statement said, “the PCAOB Board and staff reviewed and reinforced the PCAOB’s safeguards against the improper disclosure of confidential information.” The board plans to conduct an ongoing review of its information technology and security controls, as well as its compliance and ethics protocols, to assess their effectiveness.