Somehow they were doing this while having audited financials, passing due diligence from major investors, etc.? And Sam was supposedly a great fundraiser but was circulating a balance sheet with a $8B line item for “hidden poorly labeled account”? I would find it pretty helpful for someone to explain what actually happened here because this violates my models of how the world works.
Mine too, so I went digging. All in all, one can argue (and lawyers are) that there were a lot of enablers. Certainly, people trying to actively dodge being noticed as they violate standard models, is a predictable (but not necessarily pin-pointable at the time) way our models end up failing us.
For talk about audits specifically, there’s this and this. Essentially, “the firm’s auditors weren’t tapped to look into internal controls at FTX, and auditing the internal workings of a company isn’t a [legal] requisite for private corporations.” Of course plenty of people feel that doesn’t hold water, and a lawsuit by FTX customers is pending. [Edit: A suit may be reasonable because audit firms know well they are commissioned to literally prove financial safety, and the audit was used in FTX’s self-promotion. That FTX was still very unsafe might prove there is negligence in the firm’s business model. If I try to make this fit my model of the world, I get a thought like “corporate greed incentivizes taking on clients that want useless/partial audits that end up being no better than shams, and you look the other way as you assist them in their likely sham”. I reflect more on this in the footnote which you don’t have to read but>>[1]]
For talk about investors, there is this Feb 23rd piece on a major lawsuit against a few different VC banks who helped out FTX. That piece is frickin nuts just by virtue of the amount of info they fit into a mere 5 paragraphs. Here’s one quote to inspire a read:
The suit alleges that some of world’s largest venture capital firms, including Sequoia Capital, SoftBank Group, and Thoma Bravo, learned through due diligence that FTX was a fraudulent scheme, but nevertheless incited the Fraud with billions in necessary capital, provided guidance and other support critical to the Fraud, and publicly promoted Bankman-Fried and FTX to keep the Fraud concealed until FTX could go public or cash out in a private sale
And of course there was internal assistance. I’d bet there were both (1) employees who knew what they were doing and (2) employees just following direction without realizing they were committing crimes or aiding in them.
When it comes to improving models of how the world works, Zvi’s piece had some good discussion of this (and much more!). It’s long, but very worth reading even months later. Here’s a section on VC:
If you are a VC investor or taking VC money, the optimal amount of fraud, from your perspective, is not zero. You are more excited to invest if you suspect a fraud, those kinds of founders make good and make dreams real for you. So what if sometimes it all blows up? This is a game of hits for you, and you are much more worried about being asked why you didn’t invest in FTX than you should worry about people asking why you were. This goes double for crypto.
Therefore, I do not view ‘the VCs didn’t catch this’ as much of a justification. They are not supposed to catch it. It is not their job to catch it. I mean, they are supposed to do some things to catch this level of fraud, demanding voting shares and a company board in which they have a seat and doing proper audits, but they got none of that, because [SBF] needed to not allow it and the pitch was so good otherwise they went along (or, they took this to mean ‘this is a fraud’ and invested anyway thinking they were not the sucker, also plausible). [If] SBF said ‘you can’t check for fraud, invest or don’t’ then they are doing what they do, as much as we might hate that.Better to make that common knowledge. [emphasis mine]
The institutional traders are different. They face a different risk profile. If the exchange blows up in 10% of years that is a real drag on returns, whereas a VC expects 80% or more of their investments to go to zero, fraud or otherwise. Why did they trade?
Some of them Did Not Do the Research, no doubt. Others likely decided it was worth the risk. If FTX is an easy place to make money, because trading is very good against Alameda and generally they treat customers great, and they pay interest on USD and BTC, it is not difficult to imagine a decision that the blowup risk is worth taking, at least for some portion of one’s bankroll. Or one can say that if FTX goes down everything is terrible anyway, it’s already systemic risk, so assume it won’t fail.
Another play is to hedge the risk with a short position elsewhere, and put your leveraged longs at FTX since if FTX goes broke you would have gotten liquidated at Binance anyway.
[Note: There could also be a section about lack of regulation here. As commented on here. From a “how the world works” POV, it is the mother of all permissiveness that allowed the rest, especially the useless audits. Global heuristic = Pretty nuts how much can go wrong with a regulation gap. But FTX also maybe would have found away around/already did break regulations so idk]
Anyway, just thought that all might interest you. Thank you for sharing your insights. Really useful stuff.
Interestingly, now the company has stopped offering crypto audits due to “changing market conditions”. And I was going to say “good of them to notice that the bare legal minimum is not enough for one of the most volatile, least regulated assets the world has ever seen, eyeroll.” But actually that auditor firm is starting up crypto audits again under a different name, sigh. It appears that they only stopped offering crypto audits because some non-crypto clients of the audit firm put pressure on them to do so. Those non-crypto clients felt that the auditor being known to audit crypto, might reduce the trust their potential clients/users end up having in their own commissioned audits. So it appears that, to make sure they can catch the most non-crypto and crypto audit contracts without one segment compromising the other, the auditors are just splitting them under two companies. I didn’t see any mention of raising the crypto audit standards.
Additionally, through this process. I found mention a couple times that there are other auditing firms who do a much better job, “The big 4”, and it is sort-of business wisdom to downgrade trust in audits that aren’t from them. I was very surprised at this! There are auditors that business-people know to trust less? Then why do they exist? I guess because most consumers don’t know enough to downgrade trust? One has to wonder if the big 4 would have put their stamp of approval on FTX or even many of this audit firm’s non-FTX-clients. Probably not, right? And it makes you wonder why companies would go to these known-worse-auditors, especially if they can afford the best auditing like FTX should have been able to, if they don’t have something to hide. If the goal is consumer trust, and a company doesn’t have something to hide, that company should go to the best auditors, those that in-the-know-consumers trust the most, right? And surely a “worse” audit firm like this one would realize that is how the selection effect cookie crumbles. So lesser-known auditors should expect they will likely get a slew of clients who are nowhere near as reputable as those who hire the big 4 audit firms.
Sooo I think it’s easy to argue that the minor audit firm(s) are negligent or intentionally turning a blind eye somewhere in their business model. But it’s more a problem of incentives of corporate America and low federal standards for private corporations allowing those incentives to play out in auditing contracts, than it is a problem of a single actor. Even though the single actor/auditor might know damn well that they will end up giving a scammer cover eventually, maybe even frequently among their really wealthy clients like FTX who could have afforded better-known services. It appears to be part of the business model, chronic not acute. And as long as the private corporation and auditor are following the law in reviewing the bare minimum, oh well?
Thanks! I appreciate the link round up; the boundaries of what exactly was audited does seem helpful to know, and the claim that VCs have a preference for fraudulent founders is interesting. This is exactly the kind of comment I was hoping to get from my post.
And it makes you wonder why companies would go to these known-worse-auditors, especially if they can afford the best auditing like FTX should have been able to, if they don’t have something to hide.
Complying with an audit is expensive, and not just in money.
A thorough audit in progress is going to disrupt the workflow of all or most of your company in order to look at their daily operations more closely. This reduces productivity and slows down the ability to change anything, even if nothing improper is happening. It is expensive and disruptive.
A thorough audit is also going to recommend changes. Not just changes required to be technically in compliance, but ones which will make it easier to audit for compliance in the future and ones which remove something that could potentially be mistaken for bad behavior in a dim light. Making those changes is expensive and disruptive.
If you don’t need extremely high levels of trust from your customers and partners, choosing to receive a thorough audit means you’re paying a bunch of unnecessary costs. Much better to get a more lax audit, which is less disruptive to have ongoing and less disruptive to handle once the results are in. Better still if it also costs less money.
The correct audit is the one that provides your customers and clients—and/or your own management—with exactly as much trust and reassurance as you need them to get and no more. Anything less and you lose business that doesn’t trust you; anything more and you’re paying a cost for a benefit you don’t actually benefit from.
Corporations have their own legal personhood; it’s difficult to see how the corporation’s interest could be served by such a shoddy audit that failed to detect apparently unsophisticated, and certainly massive, raids on the corporate fisc by insiders.
Also, the only known raids on the corporate assets happened post-crash and therefore long post-audit. Under the espoused worldview of the management, everything before that was plausibly ‘good for the company’. In that it benefitted the company in raw EV across all possible worlds with no discount rate for higher gains or for massive losses.
There are auditors that business-people know to trust less? Then why do they exist? I guess because most consumers don’t know enough to downgrade trust?
Maybe the big 4 are enough more expensive that it’s common for people to go with other firms for reasons other than “we’re doing fraudulent stuff and hope to sneak it past auditors”? And so even if you would be able to afford one of the big 4 it doesn’t send a strong signal by going with someone else?
Yeah my thoughts exactly. Or, it doesn’t send a big signal to non-finance people. But like, I think it should send a signal to people in finance, eg the auditors. That FTX should have been able to afford a different service and yet didn’t. Or maybe, idk, should have revealed their internals for different certification (better than GAAP cert idk, I know nothing). I just think it should have raised flags for the auditor. If someone is enlisting you for purposes of increasing trust but they are clearly not doing their damnedest, according to their abilities, to ensure that trust is accurate. The US consumers can’t be expected to know the difference, but the auditor should. I think.
In general, standard corporate audits aren’t intended to be intelligible by consumers but instead by investors and regulators. It’s shocking that FTX’s regulator in the Bahamas apparently did not require a clean audit opinion addressing internal controls, and maybe no US regulator required it for FTX US either.
At present, my #2 on who to blame (after FTX insiders in the know) is the regulators. It’s plausible the auditors did what they were hired to do and issued opinion letters making it clear what their scope of work was in ways that were legible to their intended audience. I can’t find any plausible excuse for the regulators.
That makes sense. It is really shocking. I agree on blaming regulators [although I don’t give others a pass].
[I think a section on regulations def belongs from the POV of improving world models too. Before I added my long thinking-out-loud footnote, I didn’t realize just how much it all points at regulators as the original permissiveness break.]
Thanks for sharing this. I skimmed the relevant portions of the underlying lawsuit referenced in the press release, and my overall impression is “fishing expedition.” (Maybe more than that against the banks . . . but those banks just went bust and I doubt will have any money to pay a judgment, so I didn’t bother skimming that). Not that there aren’t reasonable grounds for a class-action law firm to engage in a fishing expedition, but they won’t have any real evidence until they (possibly) survive motions to dismiss and get to discovery.
Glad you liked it. Perhaps I wasn’t clear in purpose though. My point was not to talk about payouts, but to explain how things like this can happen. Because it “violates model of how the world works”. [Edit: I cut stuff from here and expanded on it in footnote above]
I’m just saying there are systemic reasons why the fiasco got as far as it did.
[Edit: Ah this is one of those times I might be being dramatic, but I may as well say] I’m a bit sad to hear “fishing expedition” to this. But [so many EAs didn’t feel similarly] about EA leaders taking some of the blame. I didn’t want to bring EA into this particular comment, but gee. The actors I’ve named here had like 1000x the likelihood of knowing what was going on and being negligent or otherwise at fault somehow than non-Alameda EAs did. It’s a bit flippant to call it a fishing expedition to go after others, if it is worth doing, and when our community has just spent so much time talking about EA fault. dies a bit inside on behalf of EATbh they seem like reasonable suits to me in general, and I hope disincentivize something like this from happening again :/
I characterized the lawsuit is a fishing expedition because I saw no specific evidence in the complaint about what the VC firms actually knew—only assumptions based on rather general public statements from the VCs. And the complaints allege—and I think probably have to allege—actual knowledge of the fraudulent scheme against the depositors. The reason is that, as a general rule, the plaintiff has to establish that the defendant owed them a duty to do or refrain from doing something before negligence liability will attach.
Of course, you have to file the lawsuit in order to potentially get to discovery and start subpoenaing documents and deposing witnesses. It’s not an unreasonable fishing expedition to undertake, but I think the narrative that the VCs were sloppy, rushed, or underinvested on their due dilligence is much more likely than the complaint’s theory that they knew about the depositor fraud and actively worked to conceal it until FTX did an IPO and they unloaded their shares.
(I certainly do not think anyone in EA knew about the fraudulent scheme against depositors either.)
Mine too, so I went digging. All in all, one can argue (and lawyers are) that there were a lot of enablers. Certainly, people trying to actively dodge being noticed as they violate standard models, is a predictable (but not necessarily pin-pointable at the time) way our models end up failing us.
For talk about audits specifically, there’s this and this. Essentially, “the firm’s auditors weren’t tapped to look into internal controls at FTX, and auditing the internal workings of a company isn’t a [legal] requisite for private corporations.” Of course plenty of people feel that doesn’t hold water, and a lawsuit by FTX customers is pending.
[Edit: A suit may be reasonable because audit firms know well they are commissioned to literally prove financial safety, and the audit was used in FTX’s self-promotion. That FTX was still very unsafe might prove there is negligence in the firm’s business model. If I try to make this fit my model of the world, I get a thought like “corporate greed incentivizes taking on clients that want useless/partial audits that end up being no better than shams, and you look the other way as you assist them in their likely sham”. I reflect more on this in the footnote which you don’t have to read but>>[1]]
For talk about investors, there is this Feb 23rd piece on a major lawsuit against a few different VC banks who helped out FTX. That piece is frickin nuts just by virtue of the amount of info they fit into a mere 5 paragraphs. Here’s one quote to inspire a read:
And of course there was internal assistance. I’d bet there were both (1) employees who knew what they were doing and (2) employees just following direction without realizing they were committing crimes or aiding in them.
When it comes to improving models of how the world works, Zvi’s piece had some good discussion of this (and much more!). It’s long, but very worth reading even months later. Here’s a section on VC:
[Note: There could also be a section about lack of regulation here. As commented on here. From a “how the world works” POV, it is the mother of all permissiveness that allowed the rest, especially the useless audits. Global heuristic = Pretty nuts how much can go wrong with a regulation gap. But FTX also maybe would have found away around/already did break regulations so idk]
Anyway, just thought that all might interest you. Thank you for sharing your insights. Really useful stuff.
Interestingly, now the company has stopped offering crypto audits due to “changing market conditions”. And I was going to say “good of them to notice that the bare legal minimum is not enough for one of the most volatile, least regulated assets the world has ever seen, eyeroll.” But actually that auditor firm is starting up crypto audits again under a different name, sigh. It appears that they only stopped offering crypto audits because some non-crypto clients of the audit firm put pressure on them to do so. Those non-crypto clients felt that the auditor being known to audit crypto, might reduce the trust their potential clients/users end up having in their own commissioned audits. So it appears that, to make sure they can catch the most non-crypto and crypto audit contracts without one segment compromising the other, the auditors are just splitting them under two companies. I didn’t see any mention of raising the crypto audit standards.
Additionally, through this process. I found mention a couple times that there are other auditing firms who do a much better job, “The big 4”, and it is sort-of business wisdom to downgrade trust in audits that aren’t from them. I was very surprised at this! There are auditors that business-people know to trust less? Then why do they exist? I guess because most consumers don’t know enough to downgrade trust? One has to wonder if the big 4 would have put their stamp of approval on FTX or even many of this audit firm’s non-FTX-clients. Probably not, right? And it makes you wonder why companies would go to these known-worse-auditors, especially if they can afford the best auditing like FTX should have been able to, if they don’t have something to hide. If the goal is consumer trust, and a company doesn’t have something to hide, that company should go to the best auditors, those that in-the-know-consumers trust the most, right? And surely a “worse” audit firm like this one would realize that is how the selection effect cookie crumbles. So lesser-known auditors should expect they will likely get a slew of clients who are nowhere near as reputable as those who hire the big 4 audit firms.
Sooo I think it’s easy to argue that the minor audit firm(s) are negligent or intentionally turning a blind eye somewhere in their business model. But it’s more a problem of incentives of corporate America and low federal standards for private corporations allowing those incentives to play out in auditing contracts, than it is a problem of a single actor. Even though the single actor/auditor might know damn well that they will end up giving a scammer cover eventually, maybe even frequently among their really wealthy clients like FTX who could have afforded better-known services. It appears to be part of the business model, chronic not acute. And as long as the private corporation and auditor are following the law in reviewing the bare minimum, oh well?
Thanks! I appreciate the link round up; the boundaries of what exactly was audited does seem helpful to know, and the claim that VCs have a preference for fraudulent founders is interesting. This is exactly the kind of comment I was hoping to get from my post.
Complying with an audit is expensive, and not just in money.
A thorough audit in progress is going to disrupt the workflow of all or most of your company in order to look at their daily operations more closely. This reduces productivity and slows down the ability to change anything, even if nothing improper is happening. It is expensive and disruptive.
A thorough audit is also going to recommend changes. Not just changes required to be technically in compliance, but ones which will make it easier to audit for compliance in the future and ones which remove something that could potentially be mistaken for bad behavior in a dim light. Making those changes is expensive and disruptive.
If you don’t need extremely high levels of trust from your customers and partners, choosing to receive a thorough audit means you’re paying a bunch of unnecessary costs. Much better to get a more lax audit, which is less disruptive to have ongoing and less disruptive to handle once the results are in. Better still if it also costs less money.
The correct audit is the one that provides your customers and clients—and/or your own management—with exactly as much trust and reassurance as you need them to get and no more. Anything less and you lose business that doesn’t trust you; anything more and you’re paying a cost for a benefit you don’t actually benefit from.
Corporations have their own legal personhood; it’s difficult to see how the corporation’s interest could be served by such a shoddy audit that failed to detect apparently unsophisticated, and certainly massive, raids on the corporate fisc by insiders.
Also, the only known raids on the corporate assets happened post-crash and therefore long post-audit. Under the espoused worldview of the management, everything before that was plausibly ‘good for the company’. In that it benefitted the company in raw EV across all possible worlds with no discount rate for higher gains or for massive losses.
That wasn’t the question. The question was why any company would go to less-than-maximally-trustworthy auditors.
Maybe the big 4 are enough more expensive that it’s common for people to go with other firms for reasons other than “we’re doing fraudulent stuff and hope to sneak it past auditors”? And so even if you would be able to afford one of the big 4 it doesn’t send a strong signal by going with someone else?
Yeah my thoughts exactly. Or, it doesn’t send a big signal to non-finance people. But like, I think it should send a signal to people in finance, eg the auditors. That FTX should have been able to afford a different service and yet didn’t. Or maybe, idk, should have revealed their internals for different certification (better than GAAP cert idk, I know nothing). I just think it should have raised flags for the auditor. If someone is enlisting you for purposes of increasing trust but they are clearly not doing their damnedest, according to their abilities, to ensure that trust is accurate. The US consumers can’t be expected to know the difference, but the auditor should. I think.
In general, standard corporate audits aren’t intended to be intelligible by consumers but instead by investors and regulators. It’s shocking that FTX’s regulator in the Bahamas apparently did not require a clean audit opinion addressing internal controls, and maybe no US regulator required it for FTX US either.
At present, my #2 on who to blame (after FTX insiders in the know) is the regulators. It’s plausible the auditors did what they were hired to do and issued opinion letters making it clear what their scope of work was in ways that were legible to their intended audience. I can’t find any plausible excuse for the regulators.
That makes sense. It is really shocking. I agree on blaming regulators [although I don’t give others a pass].
[I think a section on regulations def belongs from the POV of improving world models too. Before I added my long thinking-out-loud footnote, I didn’t realize just how much it all points at regulators as the original permissiveness break.]
Thanks for sharing this. I skimmed the relevant portions of the underlying lawsuit referenced in the press release, and my overall impression is “fishing expedition.” (Maybe more than that against the banks . . . but those banks just went bust and I doubt will have any money to pay a judgment, so I didn’t bother skimming that). Not that there aren’t reasonable grounds for a class-action law firm to engage in a fishing expedition, but they won’t have any real evidence until they (possibly) survive motions to dismiss and get to discovery.
Glad you liked it. Perhaps I wasn’t clear in purpose though. My point was not to talk about payouts, but to explain how things like this can happen. Because it “violates model of how the world works”. [Edit: I cut stuff from here and expanded on it in footnote above]
I’m just saying there are systemic reasons why the fiasco got as far as it did.
[Edit: Ah this is one of those times I might be being dramatic, but I may as well say] I’m a bit sad to hear “fishing expedition” to this. But [so many EAs didn’t feel similarly] about EA leaders taking some of the blame. I didn’t want to bring EA into this particular comment, but gee. The actors I’ve named here had like 1000x the likelihood of knowing what was going on and being negligent or otherwise at fault somehow than non-Alameda EAs did. It’s a bit flippant to call it a fishing expedition to go after others, if it is worth doing, and when our community has just spent so much time talking about EA fault.
dies a bit inside on behalf of EATbh they seem like reasonable suits to me in general, and I hope disincentivize something like this from happening again :/I characterized the lawsuit is a fishing expedition because I saw no specific evidence in the complaint about what the VC firms actually knew—only assumptions based on rather general public statements from the VCs. And the complaints allege—and I think probably have to allege—actual knowledge of the fraudulent scheme against the depositors. The reason is that, as a general rule, the plaintiff has to establish that the defendant owed them a duty to do or refrain from doing something before negligence liability will attach.
Of course, you have to file the lawsuit in order to potentially get to discovery and start subpoenaing documents and deposing witnesses. It’s not an unreasonable fishing expedition to undertake, but I think the narrative that the VCs were sloppy, rushed, or underinvested on their due dilligence is much more likely than the complaint’s theory that they knew about the depositor fraud and actively worked to conceal it until FTX did an IPO and they unloaded their shares.
(I certainly do not think anyone in EA knew about the fraudulent scheme against depositors either.)