How do you tackle a fraudulent, blue-chip corporation that has the means and intent to deploy teams of lawyers, private investigators, hackers, and even foreign spies to stop your investigation?
Dan McCrum, an investigative reporter at the Financial Times (FT) in London, learned many of these techniques during a six-year investigation into German electronic payments company Wirecard, from using an air-gapped laptop in a secure bunker and shaking off physical surveillance in train stations to winning the trust of the mother of a potential whistleblower.
McCrum’s House of Wirecard series revealed what is believed to be one of the largest corporate frauds in history, and led to the collapse of the $30 billion global firm in 2020, the arrest of several executives, and the resignation of the heads of two German regulatory agencies. His investigation revealed a complex string of frauds, big and small, involving a network of shell company partners, dummy acquisitions, and fake customers, as well as forgery and inflated sales and profits.
McCrum described the steps he took — as well as the mistakes he made — in the lead-up to this scoop in a recent GIJN masterclass webinar, moderated by investigative journalist and author Katherine Eban. You can find the full story in his new book, Money Men: A Hot Startup; a Billion Dollar Fraud, A Fight for the Truth.
McCrum revealed that the “noise” around the story was so great — and the multi-pronged attacks from Wirecard so clever — that his reporting itself became the subject of investigations by German regulators, by private investigators, and even by the Financial Times. (An independent, internal investigation commissioned by the FT found no journalistic wrongdoing and no collusion with investors).
McCrum said that when looking at evidence that claims to show abusive behavior among corporations, it’s important that reporters understand how corporate fraud generally begins.
“Frauds don’t typically start with, ‘Let’s do a massive accounting fraud,’” he said. “What often happens is they say, ‘Ooh, we’ve run into a problem — we need to make this quarter’s numbers, and we can’t, so we’ll cheat a little bit, and then we’ll catch up.’ But of course, you can’t catch up, and the cheating becomes larger and larger.”
McCrum said there are likely many other Wirecard-type frauds going on, undetected, with rapid-growth companies around the world — especially in the cryptocurrency space — and that there are several approaches journalists can use to explore them.
“Many companies are just not being held to account,” he said. “They say they have billions in assets — okay, where are they?”
McCrum said short sellers — investors who profit when an investment fails — are often the source of useful leads to begin fraud investigations, and it was a short seller in Australia who first alerted him to problems at Wirecard in 2015.
“The company presented itself as a sort of European PayPal, worth about $4 billion at the time, but its business was very hard to understand,” he said. “I was then approached by a second short seller with an interesting theory about it — that it was an accounting fraud. The other theory essentially involved money laundering.”
McCrum warned that — like most players in financial markets — short sellers have a clear vested interest, and that journalists need to be cautious about their motives and claims, and exercise great care when deciding whether or not to quote them.
“I treated the short sellers as secret sources,” he said, explaining that he would generally use information from local registries to test their claims, rather than citing them directly in stories.
Two Mistakes that Stalled the Story
However, McCrum detailed one episode in which direct reliance on short seller information stopped the investigation in its tracks for more than a year. Having posted a short blog post that linked to a dossier of claims about Wirecard from a group of these investors, McCrum said his coverage was effectively paralyzed by legal threats from the company’s lawyers, who claimed that the FT was now responsible for any potentially libelous allegations within that report.
In addition to the legal threat, McCrum said the incident gave Wirecard’s public relations team ammunition to try to discredit the coverage, by claiming that he was either in league with short sellers to manipulate the stock price, or had been duped by them.
In what he now acknowledges was a mistake, McCrum said he neglected to consult an FT attorney before posting the link.
“If you ask the question ‘Should we run this by a lawyer?’ then you already know the answer,” he noted.
How Stories Can Beget Stories — and Sources
But his persistent coverage eventually paid off. One key takeaway from the success of the series is that, in the early stages, McCrum didn’t wait for iron-clad proof of wrongdoing, and simply began publishing stories on questions about Wirecard’s business. To avoid libel suit threats in the UK’s precarious legal system, he was particularly careful to avoid the word “fraud” in early stories — and, instead, framed the problems at Wirecard as “a puzzle.”
This proved to be important because, as he says, “stories get stories” — and his byline on the series would eventually attract contacts from whistleblowers, who, unlike the short sellers who had informed the initial questions, could share evidence from inside.
“The key is to just keep writing good stories,” he said. “People get in touch when they see you’re interested in the same subject.”
The mother of a Singapore-based Wirecard lawyer, for example, reached out to him – having read his prior stories and angered by the unethical practices she’d learned about – and also urged her son to meet with McCrum.
“As soon as the whistleblower found out, he was, like, ‘Oh my God, Mum, what have you done?’” McCrum chuckled. “But he then did the right thing. What he sent me first was a document — a report by an outside law firm on a report from Singapore — and I knew it was the good stuff, because it said ‘legally privileged,’ ‘do not make copies.’”
Further stories on the topic, he added, then attracted more whistleblowers.
The security steps McCrum took in meeting with the first Wirecard whistleblower in Singapore included these:
- He bought an untraceable, prepaid “burner” phone.
- Having been briefed by cyber security experts at the FT, he used an air-gapped laptop, with no ability to connect to the internet, but with software installed to encrypt files.
- He bought a new, basic Chromebook laptop with no files on it, in case he needed to use the internet during his trip. “In fact, I was told ‘Don’t use the hotel wifi,’” he said. “We were very concerned about Wirecard’s hacking capabilities.”
- Having received encrypted copies of emails from a source in person, he then communicated with the whistleblower only via the Signal app.
- On his return to London, he worked on the air-gapped laptop in a windowless “bunker” in the bowels of the Financial Times building.
- To print materials, he used an older, black-and-white laser printer, to avoid barely-visible digital watermarks that can reveal document metadata. “Some people don’t realize that if you use a modern color printer, it can produce microdot patterns on the printouts which can reveal where and when the document was printed, which you want to be wary of with very sensitive documents,” he explained.
- Having realized that the “legally privileged” phrase on the document leak could lead to a legal motion to block publication, McCrum searched for a document containing the same key information, but “without those two magic words” – and found it in a PowerPoint summary from another Wirecard lawyer.
One key takeaway from the masterclass was that investigating billion-dollar criminal enterprises involves walking a legal tightrope. One needs the discipline to either leave out factual but legally problematic evidence, or use it as a guide to find the same evidence elsewhere.
“We realized that at the heart of Wirecard’s business was this set-up that relied on business partners — basically, friends who were responsible for huge amounts of the company’s profits, and it was strange, because they never seemed to pay them any money,” said McCrum. “My colleague Stefania Palma began to knock on the doors of some of these partners, and she found a collection of smoking guns.”
When Palma visited the office of a key Wirecard partner in Manila, in the Philippines, she found that the space was shared with a tour bus company, and that no one there appeared to be associated with processing digital payments.
Tips for Tackling Corporate Fraud
McCrum offered five more tips for reporters working on long-term fraud investigations:
- Don’t dismiss evidence of minor frauds at billion-dollar companies. McCrum said many reporters are tempted to ignore source claims about financial irregularities that appear relatively tiny — like small backdated contracts, or forged invoices for, say, $20,000 — because the amount either seems negligible on a billion-dollar balance sheet, or it’s simply hard to believe that a huge company would take such risks. But he says these can point to systemic crimes. “When we published the stories about the whistleblowers, Wirecard said, ‘Well, the numbers are all small — they’re not material,’” he said. “And the mistake a lot of people made was to look at the amounts, which were admittedly small, rather than the practices. We asked: Why on earth were guys on Wirecard’s finance team doing these weird little frauds? And why weren’t they fired?”
- Use the WayBack Machine to spot radical changes to the websites of companies acquired in suspicious transactions. “The WayBack Machine I used a lot — it’s very useful when looking at companies that seem suspicious,” he said. “Wirecard would announce it was buying a company, and you can see just before Wirecard bought it, it would get a glitzy new website that would change the nature of its business. You can see: ‘Oh, this used to be a tourism website, now, suddenly it’s a payments company.’”
- Write interview dates prominently in your notebooks. “Having worked on this for six years, I really wish I had written the dates in large letters on the front of my notebooks,” he noted.
- Use reliable company registry databases. These include ACRA (Singapore), Companies House (UK), and OpenCorporates (international).
- If a company cannot clearly explain how their business works, then dig deeper. “You have to keep going until you get a good answer,” said McCrum. “With Wirecard, their explanation would shift after new questions, and you can go, ‘Aha!’ As we got closer to the truth, they couldn’t say anymore that it was just that we didn’t understand the complexity.”
Navigating Dirty Tricks
McCrum said the investigation was assailed by a wide range of “dirty tricks” – from physical surveillance and online harassment to an alleged $10 million bribe offer to the FT and even credible warnings of documents poisoned by Russian nerve agents.
“We realized [one Wirecard executive] was connected to Russian spies, and there were personal safety concerns, so I wouldn’t stand at the edge of a Tube (train) platform – precautions like that,” he said. “We realized at one point there was a team of 30 private detectives running around London trying to capture evidence of us talking to our sources, looking for evidence of us supposedly colluding with short sellers. We wouldn’t talk about the story with our phones in the room. Going to meet sources, I’d do things like duck into a Tube station and run out the other side, to shake any tails.”
Criminal trials for some executives are due to begin later this year, while the former chief operating officer of the company fled Germany and remains a fugitive.
Beyond its many specific impacts, McCrum said the investigation has refocused many other journalists on criminal wrongdoing at giant corporations: “For me, the big impact was: It’s prompted people to look out for major fraud again in the financial markets.”
Rowan Philp is a reporter for GIJN. He was formerly chief reporter for South Africa’s Sunday Times. As a foreign correspondent, he has reported on news, politics, corruption, and conflict from more than two dozen countries around the world.