(Bloomberg View) -- If you work at a regulator, and you would like a more lucrative job at a company that you regulate, what should you do? How should you regulate, in order to make yourself as attractive a hire as possible? I have argued that, if your goal is to move to the other side, you should be an especially tough and vigilant regulator. On the one hand, every employer prefers to hire diligent ambitious go-getters, so being a diligent ambitious go-getter as a regulator sends a good signal to prospective employers. On the other hand, regulated companies may prefer not to be regulated by tough regulators -- but that is all the more reason to hire you. That way you'll stop regulating them!
Yesterday's Securities and Exchange Commission enforcement action (and the related federal criminal prosecution) against six accountants provides at least a little support for that view. Brian Sweet worked at the Public Company Accounting Oversight Board, a regulatory agency in charge of examining accounting firms for deficiencies in their audits. Specifically he was responsible for inspecting KPMG LLP's audits for deficiencies. He found a lot of deficiencies:
In September 2014, the PCAOB issued a report regarding its 2013 inspections of KPMG audits. The report found that out of 50 audits the PCAOB inspected, 23 were deficient. This 46 percent deficiency rate, which placed KPMG third among the “big four” accounting firms, reflected a significant decline from KPMG’s 34 percent deficiency rate the previous year.
So KPMG, naturally, was desperate to hire him:
As a result, KPMG leadership exerted meaningful pressure within the firm to improve the results. One of the steps KPMG took to improve its results was to hire Sweet, an Associate Director at the PCAOB who worked on the team inspecting KPMG audits, to join the firm. KPMG’s Vice Chair of Audit characterized Sweet’s recruitment as a “top priority.”
KPMG hired Sweet as a partner in the Department of Professional Practice (“DPP”) group in the firm’s National Office. Among other things, Sweet was responsible for conducting internal inspections of KPMG audits.
The cynical interpretation here is that the easiest way to get rid of a tough regulator is to hire him yourself: Better to have Sweet criticizing KPMG's audits in internal inspections than in regulatory findings. The more benign interpretation is that KPMG really was chastened by the findings of deficiencies in its audits, and wanted to improve them, and figured that hiring a regulator with a history of zealously inspecting its audits was the best way to do that. Either way, though, the incentives would seem to encourage regulators to be tough.
Oh then bad stuff happened, fine. On his way out the door at PCAOB, Sweet allegedly "copied from an internal PCAOB database to his office computer various confidential inspection-related materials he believed might help him at KPMG." Some of this stuff -- "inspection guides and manuals," etc. -- you could argue just made him better at his job of quality control for KPMG audits, and that the regulators should want him to be good at it. The point of the PCAOB is not to catch audit firms making mistakes; it's to reduce the number of mistakes that audit firms make, and if the PCAOB manuals can improve the audit firms' work then it's not the end of the world if the firms get their hands on them. Other stuff though -- like "the confidential list of KPMG audit engagements the PCAOB intended to inspect in 2015" -- seems more straightforwardly like cheating. You don't want KPMG doing the inspected audits well and the uninspected audits badly; that's the point of keeping the inspection list secret.
Actually it's even worse than that: In some cases, KPMG allegedly didn't even use the list of inspections to do those audits better. What it actually did was go back and review audits it had already issued, "within the 45-day period in which KPMG’s policy allowed audit teams to complete the administrative process of assembling the final audit file," and spruced up the work papers to make it less likely that the PCAOB would have objections.
Also for some reason KPMG brought in an outside consultant to build a model to predict which engagements the PCAOB would inspect, using Sweet's knowledge of how PCAOB made inspection decisions. That is ... just sort of a strange thing to do? Building a model of which of your work regulators will look at and which they won't? There is something almost Uber-ish about explicitly building a model to game the regulators.
Now, my view of the regulatory "revolving door" is not universally held. Many people think instead that the revolving door encourages regulators to go easy on the companies they regulate, in order to befriend them and ease their own transition into the private sector. I am usually skeptical of this view, but you can find evidence for it too in this case. Sweet took a lot of confidential PCAOB information with him to KPMG, but later he wanted more, so he allegedly called up other PCAOB employees to get it. In exchange, allegedly, for jobs:
Before he left the PCAOB, Sweet had discussed with Cynthia Holder, a friend who was then a PCAOB Inspections Leader, the prospect of her joining him at KPMG. On Sweet’s first day at KPMG (May 4, 2015), he informed Holder that he would be meeting with Whittle to push for the firm to hire her. On May 11, 2015, Sweet told Holder he was going to hand-deliver her resume to Whittle and “make a sell again” in person.
On May 12, 2015, Sweet asked Holder to send him a confidential PCAOB document reflecting comments he had written about KPMG’s audits while he was at the Board. At that time, KPMG personnel were preparing for a meeting with the PCAOB to discuss the firm’s performance on its audits, during which KPMG would make a presentation on the root causes of the firm’s audit failures. Sweet asked Holder for a document he had written while he was at the PCAOB so he could review it before helping his KPMG colleagues prepare that presentation. That day, Holder sent Sweet the document he requested.
Giving your buddies at the company you regulate confidential regulatory information, in exchange for getting a job there, is the classic behavior that people worry about when they think of the "revolving door." Holder eventually joined Sweet at KPMG, and the cycle continued: Jeffrey Wada, a PCAOB employee who wasn't even assigned to KPMG, "learned that he had not been selected for a promotion," "reacted angrily, telling a colleague the PCAOB had 'screwed' him by passing him over," and allegedly got his revenge by accessing "the PCAOB’s confidential list of KPMG engagements the Board had selected for inspection in 2016," calling up Holder, and reading her the names. This is not exactly zealous regulating. "Literally stealing the exam," is how the SEC enforcement co-director described it.
Wada, too, eventually tried to get a job at KPMG, with maybe the worst cover letter I have ever read. From the criminal complaint:
On or about January 10, 2017, one day after providing HOLDER with the confidential 2017 Preliminary List, WADA emailed HOLDER on her personal email account, and wrote: "It's funny how I was on the fast track to partner and clearly recognized for my talents at [WADA's previous employer] and then I end up in this [expletive] place with all the [expletive] politicking that I loathe and now I can't get a [expletive] promotion to save my life just because I refuse to kiss people's [expletive] and spread the political rhetoric. God this place sucks. Please let me know what else you need from me." WADA attached his resumé to the email.
Anyway the civil and criminal complaints are a fun read not only for the insight they provide into the regulatory revolving door, but also for the insight they provide into how not to do crime. They give the distinct impression that these people knew that what they were doing was illegal, and did it anyway, but with a big show of tiptoeing and stage-whispering:
The next day, Whittle emailed Sweet, asking him to have an assistant “scan and send me the banking selection list” (i.e. KPMG’s bank holding company clients the PCAOB had selected for inspection). Sweet complied by sending Whittle the complete list of planned inspections and asked Whittle to exercise discretion given the nature of the information. Whittle forwarded this information to Middendorf the same day, writing, “The complete list. Obviously, very sensitive. We will not be broadcasting this.”
"Shhh, very sensitive, don't tell anyone about our illegally obtained information" -- great thing to say, really, if you have illegally obtained information. Bad thing to put in email! They tend to find that stuff.
Even weirder is the cunning plan they allegedly came up with to hide what they'd done once an internal investigation was launched:
During the initial stage of KPMG’s investigation, Sweet and Holder agreed to conceal how they learned of the PCAOB’s 2017 inspection targets. They agreed to tell investigators that Holder had received a list of ticker symbols by mail with no return address or other identifying information. Sweet then created a document consisting solely of the ticker symbols, which he provided to KPMG attorneys after they interviewed him.
This column does not necessarily reflect the opinion of the editorial board or Bloomberg LP and its owners.
Matt Levine is a Bloomberg View columnist. He was an editor of Dealbreaker, an investment banker at Goldman Sachs, a mergers and acquisitions lawyer at Wachtell, Lipton, Rosen & Katz and a clerk for the U.S. Court of Appeals for the Third Circuit.
The main character in this story, Brian Sweet, pleaded guilty, settled with the SEC, and is cooperating. The rest are presumed innocent. The six are Sweet, Cynthia Holder and Jeffrey Wada, who worked at PCAOB, and three KPMG accountants who allegedly were involved in using the information they got from the PCAOB.
From the SEC order
Recognizing that the workpapers had not yet been locked per KPMG’s policy, Middendorf, Whittle, and Britt agreed to have Sweet and others conduct an additional examination of the audit workpapers for the seven banks on the list Wada had provided that were part of KPMG’s ALLL monitoring program to determine whether anything could be done to minimize the risk that the PCAOB would find deficiencies in those audits.
Middendorf and Whittle instructed that no one in the briefing should disclose that they had obtained confidential PCAOB information.
To provide cover for their project, Britt told others at KPMG that they were performing work in the ordinary course of business on all banking engagements in the firm’s ALLL monitoring program. On March Britt sent the engagement partners for these audits an email stating that, as part of the “wrap up and reporting of the results” of the ALLL program, DPP needed to gather “some additional information” from their audit workpapers.
Over the next few weeks, Sweet, Holder, and various partners and managing directors in DPP engaged in a review of the audit workpapers of the seven banks in the monitoring program that were on the list Wada provided. The DPP professionals suggested edits and proposed changes to the engagement teams, which then decided what changes to incorporate into the final audit workpapers.
ALLL is "allowances for loan and lease losses"; the PCAOB had found that KPMG's auditing of that area was pretty deficient, and so it had a program to review ALLL at banking clients. It just applied that program especially to the banking clients that were going to be inspected.
From the SEC order:
In April KPMG engaged an outside consultant to help it predict which audit engagements the PCAOB would inspect in In June Middendorf and Whittle both approached Sweet in his office and directed him to share everything he knew with the outside consultant. Sweet understood this to be an instruction to give the consultant all of the information he took from the PCAOB.
Sweet complied with Middendorf and Whittle’s directive by providing information about the Board’s selection criteria to a KPMG colleague, who then gave that information to the consultant. In September Sweet spoke directly with the consultant and gave them additional confidential information regarding the inspections selection process. At the end of September, Sweet reported to Middendorf and Whittle that he had “spent quite a bit of time with [the outside consultant] trying to guide their modeling efforts.”
I kind of don't get why this was necessary if he could just call up his buddies at the PCAOB and ask?
By the way
Manuel Goncalves, a KPMG spokesman, said in a statement that the firm promptly notified the authorities when it learned of the leaking and has been fully cooperating with the investigation. The firm “took swift and decisive action,” he said, including firing the individuals involved, and has since “taken remedial action to assure that such conduct cannot happen again.”
Albeit in this case information that the buddy had written, and that you'd hope he remembered the gist of?
Wada never did get a job at KPMG. The complaint has generous selections from his emails. For instance:
On or about March PCAOB's head of inspections sent a PCAOB-wide email congratulating PCAOB personnel who had been promoted that year. WADA was not included among the individuals who had been promoted. WADA forwarded the email to HOLDER's personal email account. HOLDER forwarded the email to Brian Sweet's personal email account.
On or about March WADA emailed another PCAOB employee who had also failed to obtain a promotion and complained that "I can't believe we both got screwed last year." Included in the email was a cartoon depicting a man with a screw in his back.
On or about March WADA emailed a second PCAOB employee and said, apparently in reference to himself, that "Jeff v.2.0 was a failure and it ended up getting my promotion delayed so I buried it and came up with v.3.0."
I tell you, one big reason why I try not to commit crimes is that I never want my own dumb complaining emails to become public in a court document.
Also, according to the criminal complaint, at some point Sweet "burned the true copy of the 2017 Final List" in order to throw investigators off the trail. That didn't work either.
To contact the author of this story: Matt Levine at mlevine51@bloomberg.net.
To contact the editor responsible for this story: James Greiff at jgreiff@bloomberg.net.
For more columns from Bloomberg View, visit http://www.bloomberg.com/view.
©2018 Bloomberg L.P.