In 2001, after the collapse of the energy trading firm Enron, it was discovered that their auditing firm Arthur Andersen had failed to detect blatant fraud and malfeasance on the part of their client. Arthur Andersen subsequently folded after it was charged with complicity in one of the largest corporate frauds in history. The scandal led to reforms of corporate accounting laws in the U.S. through the passage of the Sarbanes-Oxley act.
It turned out that Enron was far from the only bad company on Arthur Anderson’s client list, as the firm ended up being involved in at least a dozen major corporate accounting scandals.
In theory, an external auditor provides independent assurance that a company’s financial statements are complete and accurate. By acting as an unbiased third party, the audit firm provides investors with some reassurance that the financial statements of a firm can be trusted. However, the history of finance is riddled with example after example of independent accounting firms that failed to live up to these expectations.
An accounting firm called Armanino LLP has been one of the most prominent and active accounting services for the crypto world. Armanino serves some of the biggest names in the business. Notably, Armanino was the auditor for FTX’s US division and gave the company a clean bill of health. Of course, this was only one entity within the agglomeration of dozens of entities within the FTX/Alameda network. Armanino asserts that this was a perfectly valid audit that was limited in scope to a single entity. Consequently, they have argued it would have been impossible for Armanino to detect the wider fraud present throughout the FTX conglomerate.
While this may be true, it turns out that FTX isn’t the only questionable crypto client of Armanino.
While Armanino provides audit services, it is their “attestation” services that have been particularly popular among cryptocurrency firms. Attestations are a more limited examination of a company’s books than an audit. While an audit includes a formal opinion and detailed validation of a company’s financial claims, attestations only perform limited procedures that basically check that information provided by management matches the claims made by management.
For example, let’s say a company claims to have a bank account with $5,000 deposited. An auditor would independently request records from the bank confirming this deposit exists. If performing an attestation, the accountant merely compares management’s claim to documentation provided by management, then says “yep, these numbers match!”
Doesn’t seem very helpful, right? Especially if, say, management is lying about their books.
Armanino’s attestations have come under scrutiny recently from regulators and researchers. Let’s take a look at one example: Armanino’s relationship with the crypto lending firm Nexo and the use of their “real-time attestation.”
Nexo and Armanino’s Real-Time Attestation gimmick
Armanino’s flagship service is their “real-time attestation,” a service which “is the world's first application that provides independent accountant reports in real time.” Armanino generates daily reports that purport to increase visibility into their client’s financial health to provide “unparallelled transparency.”
One of the clients using this product is the crypto lending firm Nexo. Nexo is the “last man standing” of the crypto lending industry after the failures of all of its major competitors including Celsius Network, BlockFi, and Voyager Digital. Nexo claims to have over $2 billion in crypto assets under management and claims to be in good financial health.
Armanino’s site includes some strong assertions about Nexo’s balance sheet. For example, their Nexo attestation page includes a large plug-in stating that the firm’s liabilities are overcollateralized “100%+” with a checkmark next to the phrase “Fully Backed.”
However, a closer look at the Armanino attestation identifies several major flaws with this process. First, their attestation says nothing about the net equity position of the firm in question. In the most extreme case, Nexo could have $2,464,203,913 in liabilities and $2,464,203,913.01 in assets, and still be considered to have a collateral ratio of “100%+”.
Second, this analysis does not compare which assets Nexo holds to the liabilities it owes. In September 2022, multiple states filed cease and desist orders against Nexo. Among these orders, Kentucky state securities regulators who saw Nexo’s books asserted that Nexo is actually insolvent without including their ownership of NEXO tokens. NEXO tokens are their proprietary cryptocurrency, like FTX’s “FTT”tokens that got Sam Bankman-Fried into so much trouble. As we showed back in September, NEXO tokens suffer from many of the same problems as FTT. They are highly illiquid and their ownership is almost entirely concentrated in the hands of Nexo itself. We also demonstrated very questionable trading patterns concerning for wash trading inflating the already anemic markets for this token.
Third, Armanino obtains all of the data regarding customer deposits and Nexo’s loan book via API from Nexo. Armanino does not independently verify these numbers; they merely trust that the numbers provided by Nexo are accurate. More importantly, there is no attempt by Armanino to investigate the true value of Nexo’s loan book or their method for valuing these loans on their balance sheet.
Why is this a problem? We have no idea how Nexo values its loan book, or what loss provisions they have accounted for. Given that Nexo is lending in the highly volatile cryptocurrency world, the likelihood of counterparty failure is quite high. For example, Celsius Network’s loss provisions on its loan book are now over 50% according to their Chapter 11 filings. Without an understanding of what the quality of these loans are, Armanino’s report simply trusts that Nexo is fairly valuing these assets.
Nexo’s use of Armanino’s attestations has been directly called out by regulators, who have complained that these attestations provide insufficient information to be useful for either regulators or investors. Despite these complaints, Nexo persistently and misleadingly refers to these attestations as audits in public statements. As noted by a cease and desist order against Nexo from the State of Vermont:
Despite representations by Nexo, the data and figures set forth in the Armanino report contain several material shortcomings… includ[ing]: (1) failure to identify or account for non-customer liabilities that may be substantial and material… (3) failure to identify or account for reserves for doubtful loan accounts (e.g. for obligations of distressed borrowers or non-performing loans.
It’s worth noting that less than two weeks ago, Nexo announced that they will be leaving the United States due to a “lack of regulatory clarity.”
Armanino quits the crypto business
So to summarize, one of Armanino’s main products is the “attestation.” Since attestation procedures do not include much verification of management’s claims, these attestations are essentially worthless from the perspective of an investor. Despite this fundamental uselessness, it turns out that the majority of crypto firms (including all three of the largest stablecoins) rely on attestations to “prove” their financial health.
If an attestation doesn’t provide sufficient information to evaluate a company’s financial claims, what is the point? Are attestations just a ruse to confuse prospective investors into thinking the due diligence has been done?
It’s worth noting, of course, that we are not accusing Armanino of doing anything illegal. It might not be fair to compare this firm to Arthur Andersen, which engaged in egregiously bad conduct prior to their collapse. However, we wonder about the ethics of issuing confusing and limited analyses like attestations to the public. We also wonder what liability a firm like Armanino has if, say, they issue a statement on their website with a checkmark by “100%+” collateralization and it turns out their client was not actually solvent.
As we were putting the finishing touches on this piece, we were shocked when we discovered an article by Forbes on December 15th stating that Armanino is planning to close its crypto auditing practice in the wake of the FTX failure. This article speculates that Armanino was stopping its involvement in crypto “under pressure from Armanino’s non-crypto clients” who might be worried about the “reputational risk” the firm faces from doing business with crypto companies.
We wonder if there may be other possible explanations for this hasty exit, but we will leave speculation to others.
Armanino managed to miss one of the biggest corporate frauds in history despite performing a full audit. What questionable activity are they missing by performing limited attestation engagements? And what culpability does the firm share when they fail to publicly address their clients repeatedly misrepresenting their limited services as “audits?”
We have lots of questions, and few answers. All we know is, we are likely to be finding out those answers sooner rather than later.
👋 Armanino is probably having very difficult conversations with its insurers right now -- being implicated in an SEC suit will do that to you!
So one wonders if they got an ultimatum to either drop the entire unit or else face astronomical rate hikes or lose coverage altogether.
I don't have any specific knowledge of the situation, this is just speculation.
Great piece, as all the others from Dirty Bubble have been, on the unfolding FTX fiasco. Quick question: what was the effective date of Armanino's audit (and all clear) of FTX's books? Don't think I saw that in the piece and certainly would like to know how current that review was....