Blog

September 13, 2021

Lessons From Theranos: Saga Nears Culmination as Elizabeth Holmes’ Trial Kicks Off

Few fraud cases have garnered as much attention in the last decade as the Theranos scandal. The spectacular rise and fall of the biotech startup and its founder Elizabeth Holmes have already inspired a documentary and a best-selling book, while a Hollywood film starring Jennifer Lawrence is in the making. And now, as Holmes’ criminal fraud trial is underway, it looks like the Theranos saga might be drawing to an end.

So, what made the case such a headline grabber and where did it all begin? And more importantly — what lessons can we learn from it to avoid such a massive waste of resources in the future?

The controversy surrounding Theranos began around six years ago, when a Wall Street Journal investigation raised questions about the high-flying startup’s promises to investors and consumers. As the firm’s founder, Stanford dropout Holmes had gained widespread recognition — she appeared on magazine covers and was even dubbed the “next Steve Jobs.”

Theranos’ apparent goal was nothing short of revolutionizing blood testing through innovative technology. The Palo Alto company claimed that its machines needed just a few drops of blood to perform lightning-fast tests for a wide array of conditions. Prospects for enormous returns drew prominent investors, such as Rupert Murdoch, Betsy DeVos, and the Walton family, heirs of Walmart founder Sam Walton. They pumped eight-figure sums into the venture, boosting its valuation to around $9 billion at its peak.

But the startup’s promise unraveled faster than it was made. After the initial damning report, allegations surfaced almost daily — whistleblowers came forward, patients recounted deception, and corporate partners withdrew. It looked like Theranos was not only unable to deliver, but it reportedly misled patients and investors about its processes and the capabilities of its instruments. Critics said its blood test results were often wildly inaccurate and relied on commercially available equipment from competitors.

By 2018, the company had dissolved and Holmes and other executives were facing criminal charges. Estimates placed investor losses at around $600 million and prosecutors claimed many patients’ lives were negatively affected.

After several setbacks over the years, including an inexplicably missing database and the defendant’s recent pregnancy, Holmes’ month-long trial finally started on August 30. Commentators on the highly publicized case speculate on the potential strategies that prosecutors and defense attorneys will use next, with the former aiming to prove intent to deceive and the latter maintaining it was simply a failed dream.

Whatever the outcome of the trial, one question remains: What made some of the world’s biggest investors throw hundreds of millions into the Theranos abyss?

The hype around the startup at the time and the founder’s charisma certainly played a part. Holmes had an almost cult-like following, so much so that despite her fall from grace, merchandise with her likeness is still widely popular online, and female health-tech entrepreneurs complain of constantly being compared to her.

There’s also the business side — investors are eager to get in on hot sectors like health tech, sometimes at the expense of doing enough diligence on new investments. It’s particularly hard to evaluate claims by Silicon Valley startups where the tech they develop is essentially a black box and the line between hopeful exaggeration and willful deception is often blurry. And although Theranos has made investors warier, the lure of the booming tech sector still convinces many to jump headfirst into risky ventures.

But there’s another area where red flags may be easier to spot and that’s often overlooked — a company’s financials. The prosecution’s first witness in the Theranos trial was Han Spivey, who was the firm’s financial controller from 2006 to 2017. Her testimony revealed financial troubles behind the scenes during the startup’s initial period of allure. Spivey said Theranos’ financial statements went unaudited for years, which is not illegal for a private company but is unusual.

Looking at a firm’s finances is one route stakeholders can take to avoid a sinking investment or partnership. The Theranos case teaches us that the best approach is to be skeptical and examine a company from as many angles as possible before going into business.


September 6, 2021

ESG No Longer Just a Buzzword as Regulation Creates Emerging Supply Chain Risk

With the UN’s Intergovernmental Panel on Climate Change (IPCC) sounding a “code red” alarm on the future of humanity, the topic of environmental, social and corporate governance (ESG) is more current than ever.

Various surveys have demonstrated that consumers want companies to incorporate ESG practices and studies link higher ESG scores with lower cost of capital. Investors are also hopping on the train, as shareholder resolutions pushing for increased ESG efforts reached a record high in 2021. What’s more, the COVID pandemic has accelerated ESG adoption as global conglomerates, such as Carrier, start linking their ESG goals to executive compensation packages. All in all, a commitment to ESG appears to be a no-brainer for any company looking to improve its image and sales.

But committed as companies may be, they rarely operate in a vacuum. An ESG push that doesn’t ripple through the supply chain can hurt a company more than it helps it, especially if accusations of greenwashing or human rights violations ever surface. Corporations worldwide are suffering the consequences of not keeping a close eye on the practices of their suppliers. Fashion brand Boohoo is just one example, as it faces renewed backlash over the actions of its suppliers.

“Companies are more aware that the greater risk comes not from their T1 suppliers, but from their sub-tiers (…) when a brand gets boycotted because of forced labor in a factory thousands of miles away, for example, it’s their product and their company that gets hurt,” Nancy Clinton from SupplyShift writes in a piece for SpendMatters.com.

And while investors and customers alike are reacting with their wallets, governments are starting to act against greenwashing as well – with UK regulators “homing in on green claims made for consumer products,” as outlined in the Financial Times. The Oxford Business Group even argues for the introduction of universal ESG standards as “the absence of a globally recognised ESG reporting system has led to accusations that companies can easily misrepresent their sustainability performance.”

And the efforts don’t just stop with greenwashing. A report by the European Commission on due diligence requirements through the supply chain revealed that “just over one-third of business respondents indicated that their companies undertake due diligence which takes into account all human rights and environmental impacts, and a further one-third undertake due diligence limited to certain areas. However, the majority of business respondents which are undertaking due diligence include first tier suppliers only.” This is notable, as the sub-tier suppliers are often where the ESG issues occur, as pointed out by Clinton.

One way to mitigate those risks is to establish ESG due diligence processes that cover the sub-tiers and EU authorities are waking up to that. In March, the European Parliament adopted a legislative initiative report, calling for EU-wide rules that would “oblige companies to identify, address and remedy aspects of their value chain (all operations, direct or indirect business relations, investment chains) that could or do infringe on human rights (including social, trade union and labour rights), the environment (contributing to climate change or deforestation, for example) and good governance (such as corruption and bribery).” Once adopted, these rules would apply to all companies operating on the EU internal market, even if they are established outside of the Union.

On July 12, 2021, the EU followed up with practical guidance for companies on how to “implement effective human rights due diligence practices to address the risk of forced labour in their supply chains.” Here’s a glimpse at the six-step due-diligence framework, as proposed by the EU:

1. Embed responsible business conduct into the company’s policies and management

systems

2. Identify and assess actual or potential adverse impacts in the company’s operations,

supply chains and business relationships

3. Cease, prevent and mitigate adverse impacts

4. Track implementation and results

5. Communicate how impacts are addressed

6. Provide for or cooperate in remediation when appropriate

In light of all that, regulatory risk related to ESG is now ranked second in Gartner, Inc.’s latest Emerging Risks Monitor Report. And while the Centre for the Promotion of Imports from developing countries (CBI), estimates that the new EU rules likely won’t start coming into effect before 2023, companies shouldn’t drag their feet on setting up an accountability system. In fact, some EU members have already introduced such requirements, or are about to do so very soon. In 2017, France adopted legislation requiring multinational companies to prevent human rights abuses through due diligence on their supply chains. And Germany has just followed suit, with regulation that will come into effect as of January 01, 2023.

If the code red alarm on global warming, investor pressure, and consumer backlash are not enough to alert companies to the need for proper ESG due diligence perhaps the fines, outlined in the German Supply Chain Act (Lieferkettengesetz), which reach up 2 percent of the annual turnover for large companies, will do the trick.


August 27, 2021

SEC Expands Use of Data Analytics to Detect Financial Reporting Misconduct

Data science has reshaped many industries in the last two decades. But it has notably entered the government sector too, as regulators increasingly rely on analytical tools to uncover and prosecute violators.

One agency that seems to be at the forefront of data science adoption is the US Securities and Exchange Commission (SEC). The regulator has been using analytics to combat insider trading for some years now. A recent example is a charge against three former Netflix engineers, which the SEC detected using its data analysis tools that pick out “improbably successful trading over time.”

But the agency has more recently accelerated the use of such tools in the fight against another common securities law violation — financial reporting misconduct. Commentators see the move as one aspect of a broader shift in the SEC’s agenda since new chairman Gary Gensler took over in April. Under Gensler’s leadership, the agency is expected to direct more of its efforts towards enforcement.

The latest example of the SEC’s increased reliance on analytics is its charge against Healthcare Services Group Inc. (HCSG), a provider of housekeeping and other services to healthcare institutions. The company’s agreement to a $6 million settlement made headlines last week after the SEC accused it of accounting violations that reportedly allowed it to inflate earnings per share (EPS) in its quarterly reports.

The commission credited the uncovering of the alleged misconduct to its Enforcement Division’s EPS Initiative, which uses risk-based data analytics. According to the official SEC release, HCSG failed to disclose certain loss contingencies, allowing it to report higher earnings.

The HCSG case is not the first time that the securities regulator has used analysis tools as part of its EPS Initiative. In September 2020, the agency announced that it had reached similar settlements with two other publicly traded firms — Interface Inc. and Fulton Financial Corp. And in April 2021, the SEC charged eight companies as part of a different initiative that focuses on Form 12b-25 filing lapses. The agency once again cited data analytics as the method for uncovering these irregularities.

But the analytical approach has long been a part of the SEC’s arsenal, albeit at varying sophistication levels. One curious example is the so-called case of the missing ‘4’. It goes back to 2009, when an academic team published a paper exploring the suspicious absence of the number 4 in companies’ financial reports. Researchers specifically looked at the first post-decimal digit of reported EPS and found that ‘4’ appears less often than would be expected by chance alone.

This finding led the study’s authors to suspect companies of improperly rounding up their EPS numbers to gain a strategic advantage and dubbed the phenomenon “quadrophobia.” Although the rounding itself might not amount to fraud, researchers found that it may be a red flag, as companies that practice it are more likely to have been charged with accounting violations.

The paper reportedly caught the SEC’s attention, which sought to implement the findings in its enforcement efforts. In 2010, the agency charged Dell Inc. with manipulating earnings and obtained a settlement of $100 million from the company. The investigation was prompted by the discovery that Dell didn’t report EPS with ‘4’ in the tenths place even once between 1988 and 2006.

With the SEC moving towards more enforcement through focused initiatives and data analytics, we’re bound to see more companies targeted in the near future. Time will tell if the latest charges represent the extent of typical accounting offenses or if these are just the tip of the iceberg.


August 17, 2021

Jacob Zuma and Thales: An Arms Deal with Repercussions Decades Later

Breaking into new markets and winning major government contracts can be a daunting task for even the largest corporations, doubly so in emerging markets that are in political transition or have gone through a recent major upheaval.

In the face of such challenges, some companies may decide that engaging in illegal activities, often taking the form of bribes to foreign government officials, is an acceptable cost of doing business. When caught, hefty fines and settlements serve as both punishment for and deterrent against corruption practices.

But even before sanctions are levied, an investigation or ongoing lawsuit will raise red flags in any thorough due diligence check. In the most egregious cases, allegations of bribery can haunt a company's reputation for decades.

One such case in the news in recent months is a lawsuit in South Africa, in which French defense group Thales is accused of racketeering, corruption, and money laundering. The other defendant in that trial is former South African President Jacob Zuma, who faces charges on 16 counts of racketeering, corruption, fraud, tax evasion, and money laundering.

Zuma is alleged to have accepted more than 700 bribes over a period of 10 years, including cash payments from Thales. The accusations cover the time when Zuma was deputy president of South Africa from 1999 to 2005.

The charges relate to the 1999 military equipment deal signed by South Africa with a group of European defense companies, worth 30 billion rands, or nearly $5 billion at the exchange rate at the time. Zuma is accused of accepting bribes totaling 4 million rands from Thales in exchange for shielding the company from the investigation.

Two Thales subsidiaries, Thint Holding (Southern Africa) and Thint, were charged with corruption in 2005, but the only people convicted were the African National Congress (ANC) chief parliamentary whip at the time, Tony Yengeni, and financial adviser Schabir Shaik.

Yengeni went to prison in 2006 and served five months of his four-year sentence, while Shaik, who was found guilty of soliciting a bribe from Thint on behalf of Zuma, was released on medical parole in 2009, four years into his 15-year sentence.

Shortly before Zuma was elected president of South Africa in 2009, charges against him were dropped, only for the South African Supreme Court to rule in 2018 that they should be reinstated. Thales sued to have the charges against the company dropped, but the Kwazulu-Natal High Court in Pietermaritzburg ruled in January 2021 to dismiss its application.

For the record, Thales has said it had no knowledge of any transgressions by any of its employees in relation to the award of the contracts. On May 26, 2021, its representative pleaded not guilty to the racketeering, corruption, and money laundering charges against the company.

Thales is not the only company involved in the 1999 South African arms deal to face investigation. The Serious Fraud Office in the UK investigated British defense firm BAE Systems over several contracts and reached a 30 million pounds plea settlement in 2010, without pursuing a criminal case concerning the South Africa deal.

The same year, BAE Systems also pleaded guilty and agreed to pay a $400 million criminal fine following a US Department of Justice investigation. That settlement did not specifically mention the South Africa deal.

Other recent corruption investigations resulted in even larger fines. Airbus agreed in January 2020 to pay $4 billion in fines as part of its settlement with authorities in France, the UK, and the US, after being investigated for allegedly using intermediaries to bribe public officials in numerous countries to buy its planes and satellites.

The trial against Zuma and Thales in South Africa is still in its early stages and has been repeatedly postponed—most recently, to September, due to his failing health. He was jailed last month on a contempt of court charge relating to a separate corruption investigation.

Thales may or may not be found guilty, and it remains to be seen what financial penalties the company might face but the shadow of suspicion over the company may linger even longer.

August 9, 2021

The Pegasus Project – What the Investigation Has Revealed So Far

In 2020, a list of over 50,000 phone numbers was leaked to Amnesty International and Forbidden Stories, a nonprofit media organization based in Paris, France. The numbers are believed to belong to individuals identified as "people of interest" by clients of the Israeli cyber defense firm NSO Group. The leak set off a worldwide investigative journalism initiative – the Pegasus Project.

Who is behind NSO Group?

NSO Group was founded in 2010 by Niv Carmi, Omri Lavie, and Shalev Hulio and is based in Herzliya, Israel. The firm is a subsidiary of the Q Cyber Technologies group of companies.

According to NSO’s website, it develops “best-in-class technology” to help government agencies detect and prevent terrorism and crime. It claims its products are used “exclusively by government intelligence and law enforcement agencies to fight crime and terror.” NSO Group also sells Eclipse – a cyber counter-drone platform.

What is Pegasus?

Pegasus is commercial spyware sold by NSO Group to governments and reportedly costs millions to purchase. The earliest versions were spotted back in 2016. Unlike any run-of-the-mill malware, Pegasus is designed solely for spying.

Once on a smartphone (Android or iOS), the software gains access to photos, emails, text messages, WhatsApp messages, incoming and outgoing calls, and past/present location data. It can also activate the phone’s camera or microphone and record conversations. What’s more, Pegasus monitors the keystrokes on an infected device – all written communications and web searches, even passwords – and returns them to the client.

NSO Group says that governments of more than 40 countries are on its client list. It also explicitly states that Pegasus “cannot be used to conduct cyber-surveillance within the United States, and no foreign customer has ever been granted technology that would enable them to access phones with US numbers.”

Our research could not identify which countries were among the clients or whether any of them are on the U.S. sanctions list.

The Pegasus Project

In 2020, Forbidden Stories and Amnesty International gained access to a set of more than 50,000 phone numbers believed to be targets of NSO Group’s software. Forbidden Stories then invited OCCRP, The Washington Post, The Guardian, and 13 other media partners to participate.

The investigation identified hundreds of individuals whose phones have had the Pegasus spyware at some point. The list did not include identifying information, but reporters were able to independently name the owners of more than 1,000 numbers through forensic analysis, additional databases, internal documents, interviews, court documents, and other sources.

Once the investigation results were made public, media outlets, human rights watchdogs, and politicians across the world started paying attention. Associated Press reported that Mexico spent $61 million on Pegasus spyware. The Washington Post reported on 11 Indian citizens who have been spied upon using Pegasus. The Post also said that people close to the murdered Saudi columnist Jamal Khashoggi were targeted.

French President Emmanuel Macron was forced to change his phone after being identified as a spying victim. Macron called an extraordinary national security meeting since France is one of the permanent members of the UN Security Council. European Commission President Ursula von der Leyen said Pegasus spying reports were “completely unacceptable.” According to CNBC, several African governments were also embroiled in the Pegasus spyware saga, which could prompt further diplomatic repercussions. And while Israel has appointed a team of ministers to deal with the fallout, Morocco and Hungary deny using Pegasus.

Meanwhile, in the U.S., the White House raised spyware concerns with Israel. President Joe Biden’s top Middle East adviser Brett McGurk met with Zohar Palti, a senior Israeli Ministry of Defense official, on July 22 and asked him what the Israeli government was doing about the NSO issue.

The full extent of the impact of the Pegasus Project investigation will be seen in time, but the first legal action is already in motion – the Gulf Centre for Human Rights and Reporters Without Borders have filed cases with the French Public Prosecutor.

In the meantime, public investors in the private equity firm that owns a majority stake in NSO Group are abandoning ship. According to The Guardian, Novalpina Capital is in talks to transfer management of that fund to Berkeley Research Group, a U.S. consulting firm.

The full list of people identified as victims of the Pegasus spyware so far is available on the OCCPR website.


August 3, 2021

UK Sanctions Five, “Flexing” Post-Brexit Autonomy

Public funds reportedly spent on items such as luxury yachts, private jets, and a diamond-encrusted glove worn by Michael Jackson prompted the UK Foreign Office to impose new sanctions.

Last Thursday, British Foreign Secretary Dominic Raab announced new sanctions aimed at five high-ranking officials and businessmen in Equatorial Guinea, Zimbabwe, Venezuela, and Iraq.

The news comes amid a broader push by Britain to become a major player on the global sanctions front. In April, the country announced the first asset freezes and travel bans under its new ​​Global Anti-Corruption regime, targeting 22 individuals from places such as Russia, South Africa, and Latin America.

Dr. Anna Bradshaw, a partner at economic sanctions consultant Peters & Peters, described the latest actions as “the most recent example of how the UK is flexing its muscles on the world sanctions stage.”

Britain is making use of its newly obtained ability to impose restrictions on foreign entities. Before leaving the European Union, the UK was bound by the bloc’s rules which require unanimous approval of all 27 members before introducing any sanctions. And even if all EU states favor such a measure, it rarely leads to concrete action as the union lacks enforcement authority.

According to the official release by the Foreign, Commonwealth & Development Office, the latest restrictions target individuals involved in “serious corruption,” which has “deprived developing countries of vital resources.” The five sanctioned are Teodoro Obiang Mangue, Kudakwashe Regimond Tagwirei, Alex Nain Saab Morán, Alvaro Enrique Pulido Vargas, and Nawfal Hammadi Al-Sultan.

Teodoro Obiang Mangue, Equatorial Guinea’s vice president and son of current president, has allegedly spent $500 million of misappropriated funds since first taking public office in 1998. His reported purchases include a $100 million mansion in Paris, a private jet, luxury yachts and cars, and a $275,000 diamond-encrusted glove worn by Michael Jackson during his ‘Bad’ tour. Despite Equatorial Guinea’s large oil reserves, more than three quarters of its population lives in poverty. In response to the sanctions the country closed its UK embassy.

Kudakwashe Regimond Tagwirei is a Zimbabwean businessman whose company Sakunda Holdings allegedly redeemed Government Treasury Bills at ten times their official value, accelerating the devaluation of Zimbabwean currency. This reportedly increased the price of essentials for the country’s citizens and led to macroeconomic instability.

Venezuelan President Nicolas Maduro's envoy Alex Nain Saab Morán and his associate Alvaro Enrique Pulido Vargas were also sanctioned for their alleged embezzlement of public funds by improperly granting contracts as part of Venezuela’s public programs. The scheme is said to have caused a serious price inflation of basic foodstuffs for the country’s already poverty-stricken population. Saab is currently detained in Cape Verde and may face extradition to the United States for his reported role in helping Maduro evade US sanctions.

Nawfal Hammadi Al-Sultan, former governor of Nineveh province, Iraq, was sanctioned for allegedly misappropriating public funds intended for reconstruction after the Da’esh occupation and consequent fight to liberate the province. Al-Sultan is currently in prison, serving a five-year sentence for participation in corruption schemes involving fictitious public works.

Some experts describe Britain’s recent moves as an attempt to align with non-EU partners like the US and Canada, which have been employing sanctions as part of their foreign policy. In fact, soon after the announcement of the latest UK restrictions, US Treasury Secretary Janet Yellen and Secretary of State Antony Blinken issued a joint statement commending the decision.

But critics warn against the spread of this type of measure, arguing there’s little evidence of its effectiveness in deterring corruption and achieving policy goals.

In any case, the short-term expansion in the use of sanctions as a geopolitical tool seems inevitable, highlighting the need for proper due diligence of potential business partners.