There is plenty of blame to go around for the stunning explosion of Wirecard. Until as recently as this year, the payments processing company was considered a German national treasure, the most exciting European technology firm since Nokia’s mid-2000s heyday. Valued in August 2018 at a peak of more than $28 billion, it looked like Wirecard and its executives were going to skate by on clout alone when a series of stories began appearing in the Financial Times in January 2019 suggesting that the company was falsifying the state of its financial accounts.

Wirecard maintained that the FT was coordinating with a pseudonymous British investor named “Nick X.” who was short-selling Wirecard stock, a dispiritingly ludicrous charge that somehow produced an official complaint in support of Wirecard’s position by German financial regulators, who went so far as to temporarily ban investors from betting against Wirecard stock (a first in the history of German exchanges). But as any short-seller will tell you, if a company is substantially cooking its books, the truth eventually comes out.

In Wirecard’s case, the truth is stranger than anything imagined at the time. The “fraudulent money flows” uncovered by the FT purportedly came, it turns out, from smaller payment processors around the world to whom Wirecard claimed it outsourced its business. Some of these cash flows never existed (“Attempting to visit some of these Wirecard partners in the Philippines, the FT instead discovers a retired seaman and his family, who are bemused to learn that their house is supposedly the site of an international payments business”), and others, like Wirecard partners in Dubai and Singapore, radically overstated their profits. Wirecard’s corporate auditors at Ernst & Young had apparently missed the fact that huge chunks of their client’s profits were pulled out of thin air. A new auditor, KPMG, was brought in to certify that Wirecard’s business was healthy, but its report published early this year concluded the opposite, preceding by only a few weeks the indictments of Wirecard’s leadership team.

Though tales of corporate spies and former Wirecard COO Jan Marsalek’s misadventures with Libyan militias have drawn the most attention (Marsalek remains at-large, with an international warrant issued for his arrest), it is the failure of the bean counters that truly sets Wirecard’s stunning fall in fuller context. Just beneath the surface of global capitalism’s most embarrassing and revelatory scandals — the stories that give the lie to the purported effectiveness of white-collar criminal enforcement and regulation — is an industry-wide dereliction of duty by the firms charged with keeping track of the numbers. What has happened to corporate accounting over the past decades mirrors broader political and economic shifts; as go accountants, so goes the globe.

Richard Murphy, now a professor of accounting at the University of Sheffield, began his career in 1982 as an accountant in the London office of Peat Marwick, a globally recognized firm. Modern corporate accounting was developed in England, where 19th century industrialization accompanied bureaucratization, giving rise to the kind of dreary Victorian office work memorialized in Dickens.

“Peat Marwick was the biggest firm in the world at the time, and we were incredibly sort of confident of the role that we had in society,” Murphy told me. “We were the people who were going to provide the assurance that it was safe to invest in companies, and therefore were the foundation on which capitalism was built.”

The 1980s would prove to be a raucous time in accounting, in contrast to the preceding century, during which accounting firms sought to cultivate an image of austerity. In the early 1900s, American and British accounting trade organizations disallowed their members from marketing to corporate clients, a policy meant to discourage accountants from giving biased audits. Accountants were supposed to be stiff-lipped moral watchdogs; there’s a reason PricewaterhouseCoopers has handled the tabulation of the Academy Awards since the 1930s. The pinstripe suit allegedly comes from its resemblance to ledger sheets. The profession’s cultural conservatism extended to its practitioners’ private lives: an anecdote in Ian D. Gow and Stuart Kells’ 2018 history of the accounting industry, The Big Four: The Curious Past and Perilous Future of the Global Accounting Monopoly, relates the story of an accounting executive mowing his lawn shirtless in Bermuda shorts, an act for which he was “raked over the coals” at work the next day, as an executive partner happened to see him while passing through the neighborhood.

Gradually, however, the accounting business began to resemble most other white-collar industries. Richard Nixon’s Justice Department successfully lobbied the American Institute of Certified Public Accountants to change its policies to allow accounting firms to bid against one another for corporate work (a 1977 Supreme Court ruling opened similar doors for law firms). In 1979, the Carter administration moved to scrap rules against marketing auditing services entirely. At the annual meeting of the AICPA in 1980, the group’s outgoing chairman claimed that “the effects of the phenomenal growth in the profession and competitive pressures have created in some CPAs attitudes that are intensely commercial and nearly devoid of the high-principled conduct that we have come to expect of a true professional.”

The most significant piece of evidence in favor of this perspective was rapid consolidation in the accounting business, part of a merger frenzy that extended throughout the entire economy. For most of the 20th century, the leading accounting firms were known as the Big Eight. By 1998, they had become the Big Five — KPMG, Ernst & Young, PricewaterhouseCoopers, Deloitte & Touche, and Arthur Andersen. Within a few years, the precarity of this state of affairs would become explosively clear, the Big Five thinning down to the Big Four we know today. 

The number of distinct corporate auditing firms has dwindled in recent years as the Big Four have consolidated their cartel control of the business. The top 100 U.K. firms by market capitalization are entirely audited by Big Four firms, as are 99 percent of the S&P 500 and 49 percent of all publicly listed companies in the U.S. 

It’s hard to remember now, but at the time of its 2001 collapse, Enron was viewed as nothing short of an American icon. Its CEO, Ken Lay, was a personal friend of President George W. Bush. Lay and his deputy Jeffrey Skilling were free market evangelists viewed as “revolutionaries,” symbols of Sun Belt economic ingenuity that was bringing Texas’s most valuable commodity, energy, into the internet age. It turned out the company had systematically overstated its earnings (in addition to causing blackouts in California that led to the recall of the state’s governor and the subsequent election of Arnold Schwarzenegger) by tens of billions in the late 1990s and early 2000s. By manipulating the value of contracts purchased and sold by its energy traders, Enron went from being what Fortune in 2002, just prior to the collapse, called America’s fifth-largest and “most innovative” company to a bankrupt rubble pile.

Enron was not the only casualty of the fraud it perpetrated. The firm’s stunning collapse shook the Justice Department into action, and prosecutors quickly zeroed in on Arthur Andersen — Enron’s corporate auditor. Investigators and Congressional hearings turned up grisly details: Andersen employees had shredded Enron documents, and Enron had hired eighty-six accountants who had previously worked at Andersen, including Enron’s chief accounting officer and treasurer (both of whom went to jail). In his book The Chickenshit Club, the definitive chronicle of American white collar criminal enforcement in the past two decades, ProPublica reporter Jesse Eisinger identifies Andersen as “Enron’s greatest enabler,” even more so “than top Wall Street banks and law firms.”

Enron was hardly alone. According to Eisinger, “Andersen faced thirteen major state and federal investigations over accounting frauds in the years before and just after Enron” related to botched audits of companies like (but not limited to) Supercuts, Waste Management, McKessonHBOC, and the Baptist Foundation of Arizona (“then the largest bankruptcy of a nonprofit in history”). When the Justice Department filed its indictments against Andersen and some of its individual partners in March 2002, the New York Post identified it as an effective “death penalty” for the company. This is half-true; Andersen partners were staring down individual liability lawsuits from other accounting frauds which almost certainly would have destroyed the firm over time. By the end of the summer, after the firm’s conviction (later unanimously overturned by the Supreme Court in 2005 for the judge’s improper jury instructions), Arthur Andersen was permanently dead.

The era of excess represented by Arthur Andersen prompted Republicans, perhaps for the last time, to co-sign substantial financial regulation and reform. Andersen’s collapse coincided with (and in some instances was directly linked to) accounting frauds at Worldcom, Xerox, Rite Aid, and elsewhere. With the deflation of the dot-com bubble and new accounting frauds coming to light each week, there was the sense that publicly disclosed financial numbers could no longer be trusted. The Sarbanes-Oxley Act of 2002, officially passed by Congress while the Andersen trial was ongoing, was supposed to augur a new era of financial sobriety and scrutiny. And it worked. Sort of.

The demise of Arthur Andersen, as sketched by Eisinger, triggered apocalyptic sentiments in corporate America and among the white collar defense bar. The firm’s name became a shorthand for prosecutorial overreach, its thousands of employees viewed as not the supplicants, perpetrators, or even victims of a corrupt leadership and institutional culture, but as the collateral damage of a government war on a few bad apples. In 2005, Mary Jo White, a former financial crimes prosecutor who would go on to chair the Securities and Exchange Commission during the Obama years (and who now serves as “Senior Chair” of the white-shoe law firm Debevoise & Plimpton), put it like this: “The Justice Department came under a lot of criticism for indicting Arthur Andersen and putting it out of business. That was justified criticism.” 

Over the past 18 years, analysts and academics have perceived that Sarbanes-Oxley did what it was supposed to do. Holding executives directly liable for the accuracy of financial statements (with penalties running up into decades-long sentences) was an effective deterrent, and the scandals that punctuated the turn of the millennium subsided. Dan Kaplan, a senior partner at Ernst & Young who recently retired after a thirty-eight-year career in accounting, told me that the profession had “dramatically” changed since Sarbanes-Oxley was initiated, but he emphasized that detecting a well-concealed fraud would always be a complicated task for an auditor for various reasons.

“Remember a basic principle of how an audit firm works: it’s a pyramid, a partner model where most of the people in the field actually doing the work do not have years of experience behind them,” Kaplan said. “There is probably fraud at almost every company, such as improper travel and entertainment reimbursements, or improper financial reporting. The question is, does it become material enough to elevate?”

Some of the success of Sarbanes-Oxley, however, is perhaps better identified as failure hiding in plain sight: convictions of major criminal offenses at large corporations dried up as Eric Holder’s Justice Department began signing “deferred prosecution” or “non-prosecution” agreements with defendants, and the SEC (led by Mary Jo White) pursued a similarly kid-gloves approach. When the SEC brought a $285 million settlement with Citigroup (against the bank’s profits of $160 million and investor losses of $700 million) before the U.S. District Court’s Jed Rakoff, the judge blocked the proposed deal, writing that if “the allegations of the complaint are true, this is a very good deal for Citigroup; and, even if they are untrue, it is a mild and modest cost of doing business.” 

Rakoff’s public spanking of the federal government was fully justified. According to data assembled by the Duke-UVA Corporate Prosecution Registry, between 1992 and 2005 the Justice Department signed a total of 51 non- or deferred prosecution agreements. Between 2006 and 2020, the federal government entered into at least 514 such agreements, while the number of guilty pleas — in which corporate defendants actually admit guilt — merely doubled. Not a single high-level financial executive was prosecuted either for the subprime mortgage bubble or for profiting from the exotic securities propped up on top of it. In 2018, the Federal Reserve Bank of San Francisco estimated that the financial crash cost every American “a lifetime present-value income loss of about $70,000.” Since its crisis low-point of $7,200 in February 2009, the Dow Jones Industrial Average has risen roughly 400% to over $28,600. When I interviewed former U.S. Attorney General Eric Holder in the fall of 2018 about the relative decline in major white-collar criminal prosecutions under his tenure, he insisted to me that it wasn’t “for a lack of trying.”

One Sarbanes-Oxley innovation not under the Justice Department’s purview was the Public Company Accounting Oversight Board (PCAOB), an independent 501(c)(3) non-profit charged with regulating the corporate auditing business. Colloquially it is known as “Peekaboo.” The agency’s budget is funded by the auditing companies it oversees, and it is governed by appointees chosen by the SEC. In a New York Times op-ed last year, Clinton-era SEC commissioner Arthur Levitt characterized it as a “relatively little-known agency tasked with an awesome responsibility,” one at which it was failing ruinously. Between 2003 and 2018, according to the Project on Government Oversight, 808 reported cases in which accounting firms prepared “fatally flawed” audits produced a total of $6.5 million in fines, about 246 times less than the $1.6 billion they could have been fined. On the PCAOB’s freshly redesigned website you can download the agency’s inspection reports of auditors. The most recent available report is more than two years old. In June 2019, KPMG (the firm whose audit revealed EY’s shortcomings at Wirecard) agreed to pay the SEC a $50 million fine for using stolen information to learn about “surprise” PCAOB inspections. Earlier this year, the SEC settled with the individual auditors. The terms of the settlement did not require them to admit or deny the charges. They will all be allowed to apply for reinstatement within the next three years.

James Cox, a law professor at Duke University who advised the PCAOB from 2008 to 2014, told me about a minor experiment he performed at one of the group’s quarterly meetings: “I just closed my eyes and pretended that I couldn’t recognize the voices.” On proposed policy and regulatory changes — e.g., instituting more rigorous internal auditing controls, making auditor reports more public — Cox said that with his eyes closed, he “could never tell when it was the SEC talking or a representative from KPMG, Deloitte, et cetera. They just sang the same songs: ‘Oh, it’ll be costly, or invite litigation or a lot of boilerplate.’” The culture of coziness at the PCAOB is like that of the SEC (which oversees it), the Federal Trade Commission or the Justice Department’s antitrust unit. The combination of a revolving door and constant political pressure have turned an ostensible enforcer into a tacit accomplice.

The way that a company chooses a corporate auditor in the post-Sarbanes-Oxley world looks like this: a company hires its board of directors, to whom its executive (usually) answers. The audit committee of that board of directors then hires an auditor. For most large companies, this does not happen all that often. A 2012 study found that 59 percent of Fortune 1000 companies had been using the same auditor for over ten years, and 25 percent for at least 21 years. Combined with the long-term trend in the U.S. of slowing new business formation, auditor loyalty should theoretically pose a structural revenue growth problem for Big Four firms. So what explains the record multi-billion-dollar improvements in revenue that they’ve posted in recent years? In short, the answer is consulting. 

Among Arthur Andersen’s many innovations in the 20th century, perhaps its most lucrative was figuring out that it could begin selling services and technology on top of auditing and dramatically increase its income. Andersen developed its first computer in 1950, dubbed “Glickiac” — an early model that automated bookkeeping services, putting Arthur Andersen in the business of making the machines that kept the books it audited. By 1989, the disparities in profit between Andersen’s auditing and consulting businesses had grown so great that the two groups agreed to split into different entities and share their profits. But by the end of 1997, Andersen’s higher-earning consultants would split off completely, forming the company that would go on to be known as Accenture. 

“The implications for the auditors were grim,” Wall Street Journal reporters observed over a decade later, and Andersen auditors were compelled to act “aggressively” to boost their own earnings. Andersen partners were required to carry out what one executive called a “2X strategy,” in which each dollar earned from auditing clients had to be matched by two dollars earned by selling them consulting services. Eventually, Enron came to be the “laboratory” for these practices, as the Journal put it — the largest of decentralized fiefdoms charged with earning as much money as possible and given long leashes with which to do it. From Arthur Andersen, the most exaggerated example, we can extrapolate how the Big Four operated more generally: “The rise of advisory services is generally considered to have fundamentally changed the culture and tone at the top at the firms and had firm leaders focusing more on offering broader services to audit clients,” a former PCAOB board member said in a 2014 presentation.

When Sarbanes-Oxley was passed, three of the Big Four firms (EY, PwC, and KPMG) sold off their consultancy units — in compliance with the legal requirements that independent auditors not perform a specifically enumerated set of services for the companies they audited. But in the past two decades, all have rebuilt their consulting arms, now carefully tailored to abide by laws passed more than 18 years ago. Between 2012 and 2018, Big Four firms grew their consultancy revenue by 44 percent and auditing by only three percent.

“The growing influence, the growing amount of audit firm revenues derived from non-audit services — that’s the canary in the coal mine,” Cox believes. Accounting firms have gotten “very creative” in how they describe non-audit services; for example, though auditors can’t themselves be bookkeepers (à la Glickiac), they could, say, sell the AI-powered software to record transactions. The end result is a “corrupt” influence on the entire system, a weakening of the will and expertise of the individual auditor, who — no matter how honest or rigorous — can’t compete with the software and advisory business that’s swallowed her work whole.

As of this writing, things are not looking good for EY in terms of publicity, but it’s hard to envision how any sort of long-term change might emerge from the predicament. BaFin, the German financial supervisory authority, says that “untangling” Wirecard will take years, and civil suits against both Wirecard and EY have to play out. But what is known is grim: EY actively stifled whistleblowers who detected the dummy accounts right under the auditors’ noses, and the firm failed to ask after Wirecard’s bank records for over three years.

“I think they saw themselves more as providing a service to Wirecard rather than, you know, let’s say, providing a service to the public by actually really asking critical questions and checking whether everything is alright,” says Fabio de Masi, a German member of parliament from Die Linke who has emerged as a vocal critic of Wirecard and BaFin’s conduct thus far.

In spite of EY’s apparent misconduct, de Masi thinks it’s not clear whether EY would even be on the hook for its actions in Europe, beyond a fine of “a few million Euros.” In Germany, where large-scale white collar criminal activity is similarly omnipresent and underpoliced, EY has “liability privilege” that would most likely indemnify it against prosecution. “EY Germany and the EY global network is safe from the Wirecard fallout,” longtime auditor watchdog Francine McKenna wrote this past summer. “That’s not just because EY Germany is so important to EY, but also because the global clients EY serves have no viable alternative.”

Everyone I spoke with — De Masi, James Cox, Richard Murphy, and others — discussed finding ways to remove auditing responsibilities from companies who are paid directly by the firms they audit. A conventional option might be to have the government assign independent auditors to companies; a more radical proposal would be to require the government to do the auditing for them. But what must happen, as Cox puts it, is very straightforward: “Busting up the Big Four in America would be a step in the right direction.”