There have already been more than enough shocking details published on the collapse of cryptocurrency exchange FTX and the fall of its founder, Sam Bankman-Fried. But the auditing world was treated to a few more last week, courtesy of the Securities and Exchange Commission, when it announced it had settled a case of “negligence-based fraud” with Prager Metis, FTX’s former auditor.
Forgive us for sounding like Stefon from SNL, but this case had everything. Questionable due diligence. Apparently unreviewed workpapers. An engagement partner who “fundamentally did not understand” his client’s industry.
In short, the SEC alleged that Prager Metis—the 59th largest CPA firm, according to Inside Public Accounting—“falsely misrepresented” that its 2021 and 2022 audits of FTX followed Generally Accepted Auditing Standards (GAAS).
While Prager Metis didn’t admit or deny the SEC’s findings, the firm agreed to pay a $745,000 civil penalty, accept limits to taking on new audit clients, and have an outside consultant review its auditing policies and procedures. The agreement is subject to court approval.
What happened? The SEC’s complaint lays out the alleged failures with painful clarity.
“In its rush to accept FTX as an audit client,” the SEC said, “Prager Metis assembled an engagement team that collectively lacked the competence, experience, and knowledge to appropriately conduct the audits,” starting with an engagement partner who “fundamentally did not understand FTX, or the crypto asset markets in which it operated,” or even attempt “to educate himself about the industry and the entity” enough to do his job.
And that wasn’t even the biggest failure. “The most significant deficiency,” according to the complaint, was the failure of the firm and the audit engagement team to clock the riskiness of FTX’s relationship with Alameda Research, the trading firm Bankman-Fried also owned, which could “borrow virtually unlimited amounts from FTX.”
Even though a partner at Prager Metis had “noted that there appeared to be significant related party transactions that had not been booked” between Alameda and FTX, the engagement team didn’t look more closely into the relationship.
News built for finance pros
CFO Brew helps finance pros navigate their roles with insights into risk management, compliance, and strategy through our newsletter, virtual events, and digital guides.
The team also accepted agreements between FTX and Alameda that were signed by Bankman-Fried on behalf of both companies, “and a one-page document that essentially amounted to an IOU between the two companies.” Prager Metis’s audit “largely excluded Alameda,” according to the SEC. “Ultimately, the FTX-Alameda relationship was at the heart of the misappropriation of billions of dollars of FTX customer assets that led to the collapse of FTX in November 2022.”
For its part, Prager Metis attorney Bruce Braun told the Financial Times that the firm “was a victim of the collusive fraud by management at FTX. Prager Metis remains dedicated to audit quality and committed to continuous improvement.”
“Red flags everywhere.” Robert Berry, an auditing educator and host of the Audit Bites podcast, told CFO Brew that the alleged behavior the SEC’s complaint described sounded “egregious.”
“Most organizations at least try to cover their tracks with paperwork,” Berry said, but Prager Metis had “evidence still sitting in their audit files that showed gross incompetence.” He pointed to the SEC complaint’s section saying that Prager Metis’s record of Alameda’s borrowing “wouldn’t be sufficient to verify the existence of a transaction,” he said, “in anybody’s opinion.”
“There were just red flags waving everywhere,” Berry noted. FTX, he said, “must have been shopping for a firm, because clearly a lot of firms turned them down.” But Prager Metis, he said, “bypassed their standard due diligence procedures.” Berry, a former corporate and higher education auditor, would also have turned them down. “There’s no way that I would have bypassed my standard due diligence procedures in order to bring on a client,” he told us.
But wait, there’s more. In the same press release, the SEC announced that Prager additionally paid $1.2 million in penalties and disgorgement to settle previous charges that it broke rules for auditor independence when it “improperly included indemnification provisions in engagement letters for more than 200 audits, reviews, and exams” between 2017 and 2020, “not independent from their clients, as required under the federal securities laws.”