The Rise and Fall of Wirecard

In many ways, the first 20 years of the now-infamous German company Wirecard was a classic tech success story. A disruptive service in a rapidly expanding sector, perfectly aligned with technology advancements and the rapid growth of e-commerce. With a charismatic and visionary CEO, more often than not wearing a black turtleneck, Wirecard had risen to prominence as one of the key payment providers in Europe. But it was all a facade. One of the EU's brightest shining tech stars came crashing down when widespread financial fraud was brought to light. The story is going to take us from a sleepy Munich suburb to the prestigious DAX index, but will end with billions of vanished euros, prison sentences, and an international manhunt.

• The start: Wirecard was founded during the Dot-Com boom to provide payment services to underserved sectors.

• The CEO: Markus Braun took over the reins at Wirecard when it emerged from insolvency, and remained CEO until the fraud was discovered.

• Allegations and counterattacks: Throughout the years, allegations regarding Wirecard's balancesheet were common. Wirecard always responded in the same way: deny and accuse its critics of market manipulation.

• Germany's brightest tech star: Wirecard answered an unspoken German prayer, and was hailed as the country's arrival on the global tech scene.

• DAX 30 constituent: Two years before the collapse, Wirecard was admitted into most prestigious index in Germany.

• Failure in oversight: A large part of why the fraud wasn't uncovered sooner was multiple failures in oversight from auditors and regulators.

• The largest accounting fraud in Europe: When the scandal breached the damages totaled atleast €30 billion, and lead to criminal trials and sweeping reform in Germany.

Wirecard was founded in 1999, a time when the Dot-Com bubble was inflating with no perceivable end in sight, and so-called “internet companies” were (almost) trading as if they’d been able to commercialize the use of unicorn horns to cure cancer. Based in the Munich suburb of Aschheim, the company's early aim was relatively simple: to process payments for online merchants, particularly those dealing in high-risk verticals such as “adult content” and online gambling. While this might not sound like anything revolutionary today, these industries were severely underserved by traditional banks because of their reputational risk.

On paper, it made a lot of sense. These, albeit somewhat unglamorous, sectors were growing in tune with the rest of the internet, but had major issues securing efficient payment solutions. Wirecard, not weighed down by norms and with no reputation to defend, was going to fill the gap in the market and meet this demand.

We're going to take the opportunity to introduce one of the main characters of the scandal that was to be unraveled two decades later, as he joined the company in 2000. His name is Jan Marsalek, hired for his knowledge of WAP systems and was a part of the small team trying to establish the company at the turn of the millennium. He would eventually become COO of Wirecard – and one of Interpol's most wanted fugitives.

Wirecard was positioned to capitalize on the growing trend of the internet. It provided payment solutions in very lucrative sectors that the risk-averse German banks weren't willing to touch with a 10-foot pole. The company saw some success following its founding, but the Dot-Com bubble was about to burst and the ship carrying the hope of thousands and thousands of startups was capsizing. Wirecard would, like so many others, be pulled under the waves.

Wirecard filed for insolvency in 2002. It was one of the many small and struggling businesses that had accumulated debts and were unable to maintain financial stability in the aftermath of the crash. The music had stopped, and for many of the nascent “internet companies”, the party was over.

Wirecard may have been down for the count, but it wasn't knocked out just yet. It might have remained a footnote, were it not for the entry of Markus Braun, an Austrian with a PhD in social and economic sciences and with a background in consulting. Braun took over as CEO in 2002, and a group of Austrian and German backers injected fresh funds into the business, allowing it to pay off its debts, refocus its operations, and begin anew. However, the core idea remained the same: enable underserved websites, companies, and organizations to process online payments.

Under Braun's direction, Wirecard continued its focus on the aforementioned underserved segment and began expanding its infrastructure. In a few years, it developed software that allowed merchants to accept card payments, perform fraud checks, manage risk, and settle transactions across multiple jurisdictions.

When comparing it to other payment services like PayPal or the newest rising star on the scene, Klarna, there is a very clear difference: Wirecard weren't marketing themselves towards consumers. Instead, it remained anonymous and stayed behind the scenes, with most users never seeing the company's name when completing a transaction.

While the focus still lay on the aforementioned sectors, Wirecard was expanding its scope. A key element of Wirecard's strategy was vertical integration. It didn't want to be just another payment service provider, but wanted control over the entire payment chain. This ambition became evident in its push to acquire a banking license, which would eventually allow it to issue cards, handle deposits, and process payments without relying on third-party institutions. While the banking license would be approved somewhat later, the groundwork was laid during these early years.

Adult content, or as it was referred to internally, “emotional content”, and gambling may have been the start of its story, but Braun and the rest of the leadership had their sights firmly set on expansion far beyond that. For those paying attention, it was becoming increasingly clear what Wirecard was attempting to do: take over the global digital payment sector. The best way to shine a spotlight on its vision, increase credibility, and make the company grow? Go public.

The numbers during these years were incredibly impressive. In 2004, it reported revenues of €40 million, and over €55 million in 2005. Quick footnote here before we continue: Following the revelation of the scandal these numbers were examined. The subsequent financial forensic examinations of the claimed revenue led to an alarming, but not surprising, amount of red flags regarding accounting irregularities and income quality.

But growth at Wirecard during this time was non-negotiable. We're going to talk further about the culture and internal auditing systems that were partly responsible for the scandal later, but at this point in the story, things are only on the up and up. Taking the company public was the very obvious next step. But rather than pursue a traditional IPO, which would have required transparency and a degree of scrutiny that Wirecard more than likely wasn't prepared for, it opted for a reverse merger.

In 2005, Wirecard merged with a publicly listed company called InfoGenie Europe AG, a struggling German call center and information services business that was listed on the Frankfurt stock exchange. Once the merger was complete, InfoGenie's operations more or less ceased overnight, and the new entity was renamed Wirecard AG. Just three years after insolvency, Wirecard was a publicly listed company growing at a steady pace.

But even when taking a backdoor to the public markets there is some financial scrutiny to go through. From the outset, Wirecard's auditor was Ernst & Young (EY), one of the “Big Four” accounting firms. Wirecard's association with EY gave it a critical layer of credibility. Investors, regulators, and media could see the involvement of a globally recognized auditor, and had no reason to believe anything else than that the numbers presented were accurate.

The company's stellar growth would define the bulk of its public life and, for a time, earn it the status of one of Europe's most admired fintech companies. But in order to expand its capabilities as a company, it needed something that was going to be very difficult to come over with traditional means: a banking license.

Obtaining a banking license is, as you might imagine, incredibly time-consuming and costly. So, instead of going down the traditional route consisting of paperwork, more paperwork, and some additional paperwork on top of that, Wirecard more or less mirrored what it had done to be listed on the Frankfurt Stock Exchange. Wirecard did what would become characteristic of its approach to growth: bypassing the traditional route entirely.

In September 2005, it announced the acquisition of an obscure company named XCOM Bank AG, a small and struggling business with a full German banking license, and very little else of note. With XCOM acquisition, Wirecard instantly gained access to privileges that many fintech companies could only dream of. Markus Braun could now announce to the world that Wirecard was no longer just a payment processor. It was also a bank.

The banking license opened a multitude of avenues to broaden its operations. It allowed Wirecard to offer financial services that extended beyond payment processing, and it could now issue credit and debit cards, manage deposits, and operate as a principal member of Visa and Mastercard's networks. This vertical integration meant that the company no longer had to rely on third parties to move money, but instead could handle the full loop internally, from authorization to settlement.

Wirecard was now a software company with a banking license. While other payment firms were still dependent on partnerships with clearing banks, Wirecard became the partner bank. It could undercut competitors, streamline its operations, and present merchants with a tightly integrated value proposition.

By mid-2006, EBIT margins were comfortably surpassing 22%, an eye-catching figure in a sector where cost-intensive compliance and narrow interchange fees can compress profitability. For investors hungry for growth in Germany's underwhelming tech landscape, these numbers sparkled and provided proof that Wirecard was special. The fact that Wirecard was German, and what that meant in an economic and cultural context played a massive role in the scandal, and is something we'll discuss at length later on.

The bank's existence also served another, subtler purpose: it added to Wirecard's image as a financial institution that was to be taken seriously. No longer just a digital middleman for (as it would turn out) shady websites to handle their payments through, Wirecard from now on operated under the oversight of BaFin, Germany's financial regulator. The company could claim oversight, institutional credibility, and regulatory compliance, even as it began to expand into regions and verticals where such oversight would prove weak at best, and non-existent at worst.

With the banking license in hand, Wirecard presented itself as a nimble startup, but with the credentials and licenses of a legacy institution. By 2007, the company was ready to take the next steps, and they weren't happy to be a regional player any longer. It wanted to be everywhere – quickly.

With momentum in every corner of its business, Wirecard turned its attention to global markets, particularly those in Southeast Asia and the Middle East. These regions were undergoing rapid digitalization, and their regulatory frameworks were often patchy, inconsistent, or lenient, making them attractive environments for ambitious payment companies looking to expand.

Markus Braun believed the future of digital finance was in a global payments architecture, one that spanned continents and integrated seamlessly into the world's digital ecosystems. His vision wasn't merely to process payments; it was to build a financial backbone for the internet. But rather than building country by country, Wirecard again chose a faster route: acquisition.

Over the next five years, the company embarked on a rapid and global M&A spree. Payment gateways in Singapore and the Philippines, prepaid card issuers in Asia, service hubs in São Paulo and Dubai. Most were small, and located in regions where regulatory scrutiny was often limited. Many operated in high-volume, high-margin industries like online gaming, gambling, and low-friction e-commerce.

With each acquisition came a layer of complexity, and the company's reporting began to feature a growing number of “third-party acquirers” (TPA's). These were partners who processed payments on Wirecard's behalf in local markets where the company lacked licenses or infrastructure. They were, in Wirecard's eyes, the digital equivalent of undervalued assets: ripe for integration, easily rebranded, and, as it would turn out, difficult to audit.

While we've alluded to various misrepresentations and straight-up fraud in the company's accounts so far, up until this point in the story, there hadn't been any tangible challenge to Wirecard's narrative. In February of 2008, that changed. An independent German shareholder group, which represents the interests of private investors, called Schutzgemeinschaft der Kapitalanleger (SDK), released a dossier that would mark the beginning of Wirecard's long and never-ending entanglement with public skepticism.

SDK's report alleged serious irregularities in Wirecard's 2007 financial statements. Specifically, it accused the company of falsifying its accounts and manipulating the reporting and custody of customer funds in ways that made its balance sheet appear healthier than it was. We won't get into the nitty gritty details of this (we have too many fraud accusations to cover), but all in all, the dossier didn't mince words.

In short, it suggested that Wirecard was inflating revenues through dubious accounting practices and questioned whether customer deposits were being held in secure, transparent ways. A central claim revolved around where these customer funds were supposedly kept, and whether they were properly accounted for. The report argued that Wirecard was engaging in financial sleight of hand to pass its audits and keep the growth narrative on track.

As is often the case when these types of reports are released, Wirecard's stock took a tumble in the days that followed. BaFin, the German financial supervisory authority, took action. Regulators assigned EY with the task of performing a special audit of the 2007 numbers, while BaFin launched its own investigation – into the authors of the dossier. This is something that would become a pattern over the coming years, but it's important to clarify something before we continue: BaFin's regulatory powers.

While reading about the jurisdiction of a German financial body might not be the most riveting in the world, it's important to understand the context of the story. BaFin supervises financial markets, enforces financial laws, and oversees market abuse and transparency. There is another private sector company, the Financial Reporting Enforcement Panel (FREP), which conducts first-level enforcement of financial reporting standards for listed companies. However, BaFin could (and should) have directed FREP (or a different auditing firm than the ones who had already signed the accounts once) to launch a probe into Wirecard's accounts.

The dossier wasn't worded as a traditional short report, in which the firms opening short positions disclose their positions, but framed as information being shared in order to protect retail investors. The problem? Both authors had short positions in Wirecard.

The special audit by EY ultimately cleared Wirecard. The firm concluded that the allegations in the SDK report were unfounded and that Wirecard's accounting complied with applicable regulations. Its share price recovered, and the controversy faded from the headlines. BaFin, meanwhile, pursued legal action against the authors of the dossier due to their failure to disclose the fact that they both held open short positions against Wirecard. In the end, the courts found them guilty of having failed to disclose their short positions and convicted both authors of market manipulation.

All in all, the entire thing ended up as a win for Wirecard. It seized the moment to paint itself as a victim of unscrupulous traders manipulating the markets for their own personal gain. This is a strategy that would be employed time and time again in the years leading up to the collapse. However, it's worth noting that the techniques Wirecard (allegedly) used to inflate its balance sheet in 2007 reappeared in the massive fraud uncovered in 2020.

One of the more troubling aspects of the affair was the role of BaFin. Instead of investigating the claims made in the dossier, the regulator went after those who made them. While it's true that the SDK authors broke the law by failing to disclose their short positions, BaFin's response was the first instance of what would turn into a deeper institutional tendency to protect Wirecard from market volatility rather than protect markets from fraudulent companies.

Between 2007 and 2012, Wirecard's revenues grew rapidly, increasing from roughly €150 million to over €400 million with its operations now spanning multiple continents. Investor presentations featured maps dotted with subsidiary names and coverage zones, with graphics implying seamless cross-border flow of funds and services.

The company spoke of a “globally unified” payment infrastructure, and Braun regularly mentioned terms like “network effects,” “digital scalability,” and “platform convergence,” painting a picture of Wirecard as not just a service provider, but a technology layer essential to the modern economy.

Internally, the company continued to trumpet its transformation from processor to platform. With its banking license, Wirecard could issue its own cards, offer stored-value wallets, and provide acquiring services across Visa, Mastercard, and American Express networks. This vertical integration allowed it to book more revenue per transaction and justify its industry-leading margins. Braun spoke proudly of the company's margins, positioning Wirecard as not just competitive but vastly more efficient than its peers. For investors looking for a high-growth, high-margin European tech story, the narrative was irresistible.

Wirecard's headquarters just outside of Munich.

Wirecard's headquarters just outside of Munich.

At the corporate level, the company worked hard to solidify its image. Annual reports were glossy, and the investor relations team was polished. Financials were audited and released on time. The message to the market was clear: Wirecard wasn't just growing; it was maturing.

Yet underneath this exterior, the architecture of its expansion rested on increasingly shaky ground. Many of the entities fueling its revenue growth, particularly in Asia, were not directly owned, operated, or transparent. And because they were presented as third-party partners rather than subsidiaries, they sat outside the scope of a rigorous audit.

By 2012, the company had achieved something few in Germany thought possible. It was now a recognizable name in global fintech, with a footprint in emerging markets and a narrative that rivaled some of Silicon Valley's finest. It had made payments something to get excited about, an impressive feat in a country where banking was viewed through the lens of savings accounts and old institutions.

Wirecard's expansion strategy rested on two interrelated pillars: acquisitions and geographical reach. Rather than growing organically in markets from the ground up, it frequently opted to buy existing operations, especially those that came with licenses, merchant portfolios, or established transaction pipelines. Instead of applying for a new banking license in each country – a process fraught with regulatory hurdles – Wirecard could simply acquire a company that already had one. In doing so, it could integrate the business into its broader system and present the expansion as immediate, scalable growth.

Yet the structure of these international operations was far from transparent. Rather than processing all payments through directly controlled subsidiaries, Wirecard increasingly relied on third-party acquirers, independent companies based in target regions that handled local merchant transactions on Wirecard's behalf.

These third parties would remit a portion of their revenues to Wirecard, which in turn would book the income and report it as part of its consolidated global business. It was a model that provided plausible deniability and distance from any problematic activity, as Wirecard could claim it wasn't directly involved in every transaction, even as it reaped the financial benefits.

By early 2016, Wirecard had established itself as one of Germany's most visible and admired digital companies. Its expansion outside of Germany and the rest of Europe was paying off, with 40% of revenue coming from Southeast Asia and the Middle East. The stock was up roughly 800% since 2005.

But the first real test for Wirecard was looming. A group calling itself Zatarra Research & Investigations released a report that accused Wirecard of serious financial misconduct. The authors claimed that Wirecard was engaged in money laundering and fraudulent transactions by booking fake revenues by moving money between itself and third-party partners. Additionally, it accused Wirecard of misrepresenting the nature of its business relationships, particularly in Asia, and questioned whether many of the company's clients even existed.

These companies, supposed to be independent, were funneling funds back to Wirecard in a pattern that created the illusion of external revenue. This practice, commonly known as “round-tripping”, is difficult to detect if auditors or regulators rely on documents provided by the company itself, especially when those documents come from opaque jurisdictions with limited financial transparency.

Add to that a cocktail of allegations regarding money laundering, processing illegal payments, and corruption, and you've got a massive headache on your hands if you're Wirecard's management.

The stock fell more than 20% in the days that followed. Over €1 billion in market capitalization was temporarily wiped off the board, and Wirecard responded quickly. Its legal team issued a blanket denial of all allegations and launched lawsuits against those suspected of involvement in the report's publication. The company claimed that the report was not the product of independent analysis, but a coordinated attempt by short sellers to depress the share price for financial gain.

Once again, Wirecard also found a powerful ally in BaFin. Just like when the SDK-dossier was released, it launched an investigation into the authors of the report, and not into Wirecard itself. This is something that the company once again used to its advantage:

In other words, what Markus Braun was saying is essentially this: these accusations are unfounded, and since BaFin is investigating the short report, it's obvious who the criminals here are. But it wasn't just short sellers who were conducting research – the company was simultaneously under the microscope of The Financial Times.

Wirecard was about to go on the offensive against its critics.

One of the leading voices in financial media, The Finciacial Times, and one of their investigative reporters, Dan McCrum, is about to enter the story. After receiving a tip from a source, he wrote an article 2015 that raised questions about Wirecard's acquisitions and accounting practices, but it was far from an accusation of widespread fraud. Instead, it noted inconsistencies and asked why the market seemed to be ignoring them.

Wirecard, predictably, pushed back. McCrum actually spoke on the phone with Markus Braun during his research, where the CEO answered to the accusations with two words: “It's bullshit”. Following that, he claimed that those who had been pointing out inconsistencies were simply jealous and wanted to smear Wirecard's name.

The conversation and relationship between the FT and Wirecard at the time was somewhat strained, but professional. Following the Zattarra report in 2016, that changed.

McCrum had been given previous notice of the fact that the report was going to be published, and in the hours following the publication, he wrote an article talking about it. It’s important to note here that he did not join in the accusations, but did his job as a journalist: he reported on the events. Wirecard wasn't impressed and immediately struck back. In conjunction with denying the accusations, the company supported the narrative that McCrum was working together with the short-sellers to drive down Wirecard stock.

Anonymous blogs began appearing online, accusing McCrum of financial misconduct, unethical reporting, and collusion with short sellers. The company began a coordinated campaign to undermine McCrum's credibility. He would later discover that private investigators were monitoring the FT offices in London. Phishing emails were sent to him and his colleagues, designed to compromise their devices and uncover sources.

Meanwhile, private investigators who were (more than likely) hired by Wirecard set up shop across the Thames, attempting to use highly sensitive listening devices to spy on the editorial team. The short-sellers that Wirecard could identify were threatened with legal action and violence, were tailed by mysterious cars, and before long, the entire episode was more akin to a cold war-era spy novel than anything else.

Inside the company, the Zatarra episode and the battle with the FT hardened attitudes. It confirmed for many executives that, combined with the backing of BaFin, the best defense was a vigorous offense. Over the next two years, from 2016 through 2018, the company became more assertive in how it dealt with external scrutiny.

Some “critics” found themselves followed by private investigators, others were served with legal threats, and in the aftermath of the scandal, widespread hacking accusations emerged. All of these actions were made with the same intention: to make it costly to question the company's balance sheet.

Meanwhile, Wirecard's business continued to expand. The company announced new deals, new partnerships, and new licenses. In markets like India, the Malaysia, and the United Arab Emirates, it acquired local payment processors and presented them as strategic growth nodes. Wirecard's broader narrative remained intact: it was conquering the globe, one transaction at a time.

Growth was continuing at breakneck pace, and in 2017 Wirecard posted revenues of over €1 billion for the first time, with a CAGR of roughly 30% since going public. In March that same year, it completed the acquisition of Citibank's prepaid card business in the U.S. Americans could now purchase a Wirecard debit card and load its balance with cash. These prepaid debit cards can be likened to prepaid sim cards used in phones, and could be purchased completely anonymously.

Quick sidenote: these prepaid cards have largely been phased out globally, partly due to how well they're suited to launder money through. There have been reports of the option to load these prepaid cards with tens of thousands of dollars at a time.

As the dust settled following the Zattarra report, Jan Marsalek and the head of investigations at the FT had come to an agreement. The newspaper would stop regurgitating these old claims, but if something new came up, FT was going to cover it. As you may have understood at this point, something did come up.

The 24 September 2018 was perhaps the best day in Wirecard's history. That day, Deutsche Börse officially promoted the company into the DAX 30 (now DAX 40), Germany's most prominent stock index. Somewhat symbolically, Wirecard replaced Commerzbank, an institution that could trace its roots back to 1870. An old, historical bank had been replaced with the finance company of the future. Wirecard's market capitalization briefly topped €24 billion, making it more valuable than the largest bank in Germany, Deutsche Bank.

While most of Germany and Europe's financial establishment embraced Wirecard, the Financial Times had just been given a massive break: a whistleblower who provided internal documents. In an article in January 2019, it was alleged that Wirecard staff in the company’s Singapore office had engaged in backdating contracts, forging invoices, and manipulating accounts to make it appear that transactions had occurred when they had not.

The kicker? It had been looked into internally, but the investigation was buried by management. It no longer mattered whether third-party partners were “opaque.” This was now about intentional, tangible wrongdoing within Wirecard itself. The FT had been given 70 gigabytes of internal data, and could confirm that the head of Asian accounting (Asia was Wirecard's largest market at the time) had been orchestrating the scheme.

The whistleblower was the previous head of legal for Wirecard Asia, and he had been ousted after informing management in Munich. The person in management who had assured the whistleblower that it was going to be handled? COO Jan Marsalek.

The article, written by Dan McCrum and Stefania Palma, was the first in a three-part series and was immediately met with dismissal from management at Wirecard. However, the market reacted swiftly. Wirecard's share price dropped nearly 40% within days of the first article being published. Like clockwork, BaFin opened an investigation into market manipulation, but it also did something unprecedented: it banned short-selling of Wirecard stock for two months.

This has been met with massive criticism in hindsight, but their justification at the time is partly understandable. It argued that this had the real potential of causing serious, permanent damage to the trust in the German financial markets, and that the volatility could spread far beyond Wirecard. It was not an endorsement or an exoneration of Wirecard's balance sheets, but was a protective measure to defend the integrity of the German Markets.

The EU regulatory authority (untainted by previous experiences with Wirecard) did not oppose the measure. However, BaFin did do something different in regards to its investigation this time this time: it tasked FREP with looking into Wirecard once and for all. Its investigation started in February 2019 and would not be completed until after Markus Braun had been put in handcuffs and Jan Marsalek was Interpol's most wanted fugitive.

But this was only the first wave in what was going to be a never-ending cascade of troubles for Wirecard. The Singaporean police responded in stark contrast to German authorities and media, and in the days following the release of the article raided Wirecard's offices. Simultaneously, McCrum, Palma, and the rest of the FT were just getting started. In March, they published another article showcasing that half of Wirecard's business was outsourced to partners, who handled payments while paying a commission.

How did Wirecard management respond to all of this? By going back to the same drawn-up plays that it had for the past decade: deny and sue. It refuted the allegations, dismissed the whistleblower as disgruntled, and claimed the article was part of a continued campaign to depress its stock price. It submitted lawsuits against the authorities in Singapore and against the FT. Meanwhile, Markus Braun let himself be interviewed, in which he denied criminal wrongdoing, while announcing that Wirecard was going to increase its compliance department substantially.

But not everyone was spooked by the fact that one of the largest financial newspapers in the world was more or less calling Wirecard a straight-up fraud. In April, Softbank announced that it was injecting €900 million into the company. This was a massive break for Wirecard, which was in serious need of someone in its corner at the time.

However, it's worth noting that this was not a straight-up investment. It was part of an elaborate trade in a convertible bond, issuing Wirecard with a debt that can be repaid with shares instead of cash. At the same time, the two parties also announced that it was entering into a strategic cooperative agreement. As the 2018 numbers were finalized and realeased, EY once again signed them off after minor adjustments had been made regarding its Singapore accounts.

But the FT was far from being finished. In May, it published yet another article, exposing the fact that a majority of the company's revenue came from three business partners in Asia – all of which appeared to be fictitious. To mitigate the risk of sounding like an incredibly broken record (that ship might've sailed already), we're going to let you guess what Wirecard's response was.

In October, the British newspaper publishes internal documents that appear to show fraudulent revenue and forged customers originating from the Dubai and Dublin offices. But this time, the board took an additional step and commissioned an independent audit from KPMG. However, in the Q3 2019 report – published roughly a month after the Financial Times article – there are several instances where Wirecard report large cash reserves. The balance sheet in this report lists “cash and cash equivalents” of €3.3 billion, with the slide presentation continuing with the deception:

The “Net cash bridge” slide from the Q3 2019 report (sourced through Quartr Pro).

The “Net cash bridge” slide from the Q3 2019 report (sourced through Quartr Pro).

These quotes from the Q3 2019 earnings call paint a clear picture of how management viewed the audit:

The CFO, Alexander von Knoop continues:

As you can tell, both Braun and von Knoop stated that everything was in order with the books, and that this investigation was merely a formality to lay ungrounded accusations to rest once and for all.

When the report was released at the end of April 2020, weeks later than what was first communicated, KPMG had not found definitive evidence of fraud. But it had also not been able to verify the very things Wirecard had claimed for years.

The auditors stated that they were unable to obtain reliable evidence for the majority of Wirecard's reported revenue from Asia. The mechanisms of those numbers were either poorly documented or uncooperative. Most strikingly, KPMG said it could not verify the existence of €1 billion in cash balances supposedly held in trustee accounts in Asia.

This should perhaps have been the end of the entire Wirecard saga, and believe us when we say that it's coming. But we're not quite there yet, and Braun and the rest of management went on the defensive once again. They tried to paint the audit as an exoneration (it wasn't) and that EY had informed management that there would be no issues signing off on the 2019 numbers as usual (there would be).

We're now entering June of 2020, and the massive, elaborate house of cards that Wirecard had constructed was about to collapse. The walls were closing in very, very quickly, and Germany’s tech star no longer had BaFin in their corner. The regulatory body had shifted its perception of Wirecard and was at last doing what it should've done a long time ago: it opened an investigation into Wirecard following a series of statements made by the company in the days leading up to the KPMG report.

Prosecutors open a criminal investigation into Markus Braun and three other members of management, and on June 5th, the police raid Wirecard's headquarters. While they seized what they deemed necessary to conduct their investigation, the officers going through cabinets and gathering hard drives more than likely had no idea that the scope of their investigation was about to grow significantly in a matter of days.

The EY audit of the 2019 numbers was supposed to have been finished in late April, but was pushed back with Covid-19 being stated as the primary reason for the delay. On June 18th, the day that the audit was supposed to have been signed off, all hell broke loose. EY announced that it was unable to verify that €1.9 billion, supposed to be held in accounts in Asia, existed. Wirecard's shares drop 60% in one day, and pandemonium sets in.

Wirecard was in full damage control, but there was very little that could be done to contain the fallout. It had cooked its books and engaged in fraudulent activities for so long that there was no way back from this. The money simply didn't exist. The day after EY refused to sign the audit, Wirecard's management is completely out of options. Jan Marsalek was suspended due to suspicion of his involvement in the fraud, and flees the country in spectacular fashion.

While Marsalek is going to get his fair share of spotlight in a minute, it's time to introduce James Freis, who's about to have a very rough first day at his new job. He was the former chief compliance officer at the Deutsche Börse and was set to join Wirecard's management management as head of the new and improved Integrity, Legal, and Compliance department. He was set to start on July 1, but due to extraordinary circumstances (that's putting it mildly), Freis arrives at the Wirecard headquarters on the evening of June 18th and gets to work.

On his first night at Wirecard, Freis identified that the company's claimed €1.9 billion in trustee accounts likely did not exist. He worked through the night to investigate the situation and, by the morning of June 19, informed the supervisory board of the apparent fraud. That same day Markus Braun resigned, and Freis was appointed interim CEO with the very unenviable task of saving the company. Despite his best efforts, he would not succeed.

Three days later, Wirecard issued a press release which read:

The press release concludes with information that Wirecard's new management is doing everything it can to ensure the continuation of operations, but the company was out of cash. Banks were calling in loans, and credit lines were evaporating. Without the missing funds, Wirecard could no longer meet its obligations. By order of the Munich prosecutors' office, Markus Braun was arrested in his home, accused of fraud and market manipulation.

On the 25th of June, all options and possible saving graces had been exhausted, and Wirecard filed for insolvency. It was the first member of the DAX 30 ever to do so.

A visualization of Wirecard's collapse with key dates and events.

A visualization of Wirecard's collapse with key dates and events.

So, that's the story of Wirecard, from its founding to its incredibly dramatic collapse. But how could this happen? How did the largest accounting scandal in European history happen? It all boils down to a combination of factors: criminal actions by management, a deep desire for a German tech success, and failures by institutions who should have stepped in long, long before it got as bad as it did.

Wirecard's fraud was not executed overnight. It unfolded over years, primarily by outright deception, but also by the company's internal architecture. To maintain such a sophisticated financial illusion within a regulated, publicly listed firm, you need a culture and internal structure that makes oversight difficult and criticism unwelcome.

The real power within Wirecard resided in a small group of executives, many of whom had been with the company for over a decade. Together, they maintained a system that resisted external questioning extremely well. Internally, senior staff were discouraged from probing too deeply into areas outside of their official responsibilities. Decision-making was centralized, and it became clear over time that only a select few were truly aware of how Wirecard’s most profitable business segments functioned.

Information moved up the chain of command, but rarely branched out internally. Finance staff in Germany had limited visibility into operations in Dubai or Singapore. Internal audits were shallow, narrowly defined, or ignored altogether. The company operated on a need-to-know basis, and most people, by design, didn't need to know.

We previously mentioned that growth at Wirecard was non-negotiable, something that ran as a thread throughout the company's entire lifespan. The focus on growth served a dual purpose: it motivated staff – many of whom genuinely believed they were building something transformative – but it also masked anomalies.

If the company was expanding so quickly, perhaps it made sense that things were messy? If Asia was generating most of the company's profits, maybe it was natural that operations there looked different from those in Germany? Growth and moving at a breakneck pace were sacred at Wirecard. Financial staff were measured not only on accuracy but on how quickly they could close books, prepare reports, or support acquisitions. The pressure to deliver results was immense, and that pressure made it easier to overlook inconsistencies.

One of the most effective features of Wirecard's internal structure was how well it compartmentalized risk. No single employee, aside from those at the very top, had full visibility into the company's operations. Even within finance and accounting, processes were fragmented. Regional units reported to central finance, data was managed in separate teams, and employees lacked access to the company's full ledger. When auditors asked questions, responses were coordinated by a small group within senior leadership – the only ones who had the full picture. The problem was that the picture was a fraud.

In many ways, Wirecard was Markus Braun, and Markus Braun was Wirecard. He was the poster boy for the company's success and was painted as a visionary, giving talks and outlining grand visions for the future of the company and for global payments as a whole. He was quiet, intense, and rarely seen without his trademark black turtleneck, drawing comparisons to Steve Jobs both in dress and demeanor. With the rise of Wirecard, he had become something akin to a rock star in Germany. He was cool, calm, and collected, and with a vision that was incredibly captivating. But what perhaps most important in cementing his image: it really seemed like he knew what he was talking about.

It's also important to note that Markus Braun was not only CEO, but CTO as well. Much of the company's success was credited to his technical brilliance and vision, not only his business sense. So what role did he play in the fraud? Braun claims that he trusted the company’s structure, its audits, and its controls, and that hes also a victim of fraud.

But that claim has become harder to sustain as increasing amounts of evidence has emerged. Internal documents, meeting logs, and testimony from co-defendants suggest that Braun was deeply involved in the decisions that enabled the fraud. He approved key acquisitions, signed off on financial reports, and continued to present the company's growth story to investors even after internal discrepancies were raised.

In September 2024, the Munich Regional Court ordered Braun and two other former executives to pay €140 million in damages for breaches of fiduciary duty related to unsecured loans and bond subscriptions that resulted in substantial losses for Wirecard. It's important to note that the trio was held civilly liable, and that this was not a standard criminal proceeding.

At the time of writing, the verdict in the criminal proceedings against Braun has not been delivered. Due to the number of documents and the complexity of the fraud, the trial has taken years. While some lesser charges have been dropped to streamline the proceedings, Braun still faces serious allegations, including organized fraud, falsification of financial statements, misleading the capital markets, and defrauding banks of approximately €1.75 billion.

The prosecution is confident that it can secure a conviction on these core charges. He has been detained since 2020, and if he is to be found guilty when the trial concludes in late 2025, he faces up to 15 years in prison.

Whether he designed the fraud is not something for us to determine – it's now a matter for the courts and prosecutors in Munich. But that he, at the very least, created the conditions in which the fraud could take place is difficult to dispute. However, his main line of defence is that it was COO Jan Marsalek who was the mastermind behind the entire fraud.

Wirecard CEO & CTO Dr. Markus Braun.

Wirecard CEO & CTO Dr. Markus Braun.

As Wirecard came crashing down in June 2020, most eyes turned to Markus Braun. But for those who had followed the scandal closely, another name carried just as much intrigue. Jan Marsalek, the company's chief operating officer, had long been a key figure within the organization's inner circle. He was central to Wirecard's global operations, the architect of much of its overseas expansion, and responsible for setting up the structure that would ultimately lead to its collapse.

His responsibilities encompassed product development, global strategy, and, crucially, the company's relationships with its network of “third-party acquirers,” especially in Southeast Asia and the Middle East.

This third-party acquirer model, which generated the bulk of Wirecard's profits, was central to the company's ability to generate revenue outside the direct scrutiny of German regulators and auditors. Instead of processing all payments through subsidiaries under its own corporate control, Wirecard relied on a network of allegedly independent companies in far-flung jurisdictions to handle transactions and remit revenue. In reality, many of these entities were tightly linked to Wirecard itself, and in some cases, fictitious altogether.

Marsalek oversaw the development of these international relationships and, according to prosecutors and former employees, personally managed many of the arrangements with payment partners in places like the Philippines, Singapore, and the UAE. Many of these were the companies that were later revealed to have facilitated round-tripping schemes.

When the scale of the scandal became apparent, Marsalek announced internally that he was going to Singapore to go to the bottom of where the money was, to then meet with prosecutors to answer their questions. Instead, he vanished.

Later investigations revealed that he had chartered a private jet, using a fake name and cash, from Vienna, bound for Minsk, Belarus. Once in Belarus, he reportedly disappeared into Russia, with subsequent reports suggesting that he had been moved to a safe house controlled by Russian intelligence services, possibly under the protection of the GRU, Russia's military intelligence agency.

Interpol issued a red notice for his arrest, and overnight, he became the most wanted man in Europe. But efforts to locate him quickly hit a wall.

Several investigative journalists uncovered evidence that Marsalek had long-standing ties to Russian intelligence, possibly having been recruited as an asset back in 2010. While he was the COO of a DAX 30 constituent, he had simultaneously worked with the GRU. So what did he do for the Russians? He was allegedly involved in spreading Russian-aligned talking points into the European political and business circles which he had full access to.

But that was according to reports far from the only thing Marsalek did for the Russian intelligence. As COO, he had full access to all the information of payments made by German institutions through Wirecard's services, included the BKA (the German equivalent of the FBI) who used Wirecard's ecosystem to pay out salaries to its undercover agents. This allegedly made it possible to backtrack the true identities of police officers who were deeply embedded in criminal orginsations, in turn leading to a direct threat for their safety.

During his time in the company, Marsalek is claimed to have moved funds and handled payments for undercover russian operatives, set up payment networks for the private military group Wagner, and been the head of a spy ring comprised of members from the Bulgarian maffia in the UK. He is accused of coordinating this group in kidnapping and murder plots against Russian dissidents.

This is barely the tip of the iceberg of all the things that Marsalek stands accused of, and for the sake of brevity, we simply can't list them all here.

As you might imagine, Interpol, German police, and intelligence agencies are very keen to talk talk to him, but it seems highly unlikely that they're ever going to get the chance to do so. While it can't be said with certainty, all signs unsurprisingly point towards that he's in Russia. He has more than likely been given a citizenship, and with that, an extradition back to the EU is completely out of the question.

A wanted poster for Jan Marsalek, showcased throughout Germany and Europe.

A wanted poster for Jan Marsalek, showcased throughout Germany and Europe.

EY had a role to play in this, but before we get into this, it's also important to note something: this is a massive, global company that employs around 400,000 people. All of its employees, and the company as a whole, are not to blame for the Wirecard scandal. Did some of its accountants and the individuals tasked with properly auditing Wirecard allow themselves to be fooled, and should they have been able to recognize what was happening? Yes. Should the entire global firm and all it's employees across the board bear the blame? No.

The auditing process was complicated from the start. Wirecard's business model involved a web of international subsidiaries, partnerships, and third-party payment processors spread across jurisdictions with varying levels of regulatory oversight.

Much of the company's reported revenue came from oversea markets, where local financial practices, banking standards, and legal frameworks were difficult to reconcile with those in Germany. Wirecard claimed that it could not disclose full details of its third-party relationships due to confidentiality agreements, a justification it repeated consistently throughout the years.

In auditing Wirecard, EY faced the challenge of verifying not just operations in Germany, but the company's sprawling global presence. Yet rather than insisting on full transparency or seeking third-party corroboration of Wirecard's reported overseas revenues, EY often relied on documentation provided directly by Wirecard itself or from intermediaries with a vested interest in the company's success. Often, bank balances and revenue confirmations were accepted at face value, despite being routed through opaque channels or delivered by individuals close to Wirecard's management.

One structural vulnerability lay in EY's inability (or perhaps unwillingness) to conduct direct, independent confirmations with foreign banks holding Wirecard's claimed cash reserves. For years, a substantial portion of Wirecard's reported profits came from entities outside its core operations, particularly those linked to “third-party acquirers.”

These were ostensibly partners that processed payments on the company's behalf and then passed a share of the profits back to Wirecard. The problem was that these relationships were difficult to verify, and the banks supposedly holding Wirecard's funds in trust were located in jurisdictions such as the Philippines, where auditing procedures were looser and legal cooperation was limited.

Despite these red flags, EY continued to certify Wirecard's accounts. During the years of criticism, the presence of a respected auditor like EY served as a counterweight, an implicit assurance that whatever the company was doing, it had been signed off by an independent and respected accounting firm.

Following the collapse, BaFin's failure to investigate Wirecard and its repeated defense of the company in the face of mounting public evidence of misconduct became a scandal in its own right. The fallout would reshape Germany's regulatory framework, force leadership changes, and expose an organization in dire need of an overhaul.

BaFin's formal role is to supervise banks, financial services providers, insurance companies, and securities markets in Germany. It reports to the Federal Ministry of Finance and acts as a gatekeeper for market conduct and financial stability. But when it came to Wirecard, BaFin consistently failed to apply the level of scrutiny that might have prevented or at least curtailed the fraud.

Part of the problem stemmed from the aforementioned structural blind spot. At the time, BaFin did not have direct authority to investigate corporate financial reporting. That responsibility was delegated to the private-sector body FREP, and BaFin would only become involved if FREP found inconsistencies or failed to act.

Wirecard's collapse triggered a wave of criticism directed at BaFin from virtually every corner of German society. Politicians, investors, and the media all demanded answers. How could a company listed on the DAX, which was supposed to be vetted by auditors and overseen by the country's top regulator, grow so large through fraud? Why had BaFin been so slow to act, and why had it so aggressively defended the company in the face of legitimate allegations?

Reports emerged that some BaFin staff had personally traded Wirecard shares while the agency was involved in monitoring the company. Though these trades were not necessarily illegal at the time, they revealed a troubling lack of internal controls and ethical standards. The perception that regulators were acting as market participants, not impartial supervisors, further eroded public confidence. BaFin's approach to market integrity was also seen as reactive and overly defensive. Its interpretation of “market manipulation” focused narrowly on price volatility and investor sentiment, not on the integrity of underlying information.

Understandably, public trust in BaFin plummeted. In the aftermath of the scandal, the German government launched a wide-ranging reform of its financial regulatory framework. The most significant change was the reorganization of BaFin itself.

Under new leadership, BaFin began a process of structural overhaul. It was granted expanded powers, including direct authority to investigate financial statements of listed companies without needing to rely on third-party bodies. FREP's contract was formally terminated, and accounting enforcement was fully transferred to the state.

The scandal surrounding Wirecard must also be put into a cultural and geographical context in order to be fully understood. Germany, the richest and in many ways the flagship and natural leader of the EU, lacked a modern, global tech success. There is of course a counter-argument to this: SAP. But while it is one the largest software companies in the world, it's also over 50 years old. It does what it does extremely well, but it doesn't exactly reek of innovation and explosive tech growth. Wirecard did.

Germany is wealthy, powerful, and with some of the best engineers in the world, but was falling behind countries which were producing tech success after tech success. In order to fully illustrate this point, and to understand its importance to understand how regulators, politicians, and to some degree even the general public, allowed itself to be fooled, we're going to conduct a very short thought experiment. Please take a few seconds to think of a major, global German company.

Did you think of BMW, Bayer, Mercedes-Benz, Volkswagen, Siemens? In that case, you wouldn't be the only one. These, along with a couple more, are the ones flying the German flag (incredibly well) on the global stage. But they all have the same thing in common: they're old. They're stable and produce world-class products, but they're not something new and exciting. In Wirecard, Germany now had a massive, global, and most importantly, cutting-edge company.

If we allow ourselves to simplify just a tad, one of the two pillars of the German economy and business landscape is these “legacy” giants. The companies that make up the DAX 40, are globally recognized, and the largest in the country. The other is the Mittelstand companies.

The Mittelstand is comprised of small and medium-sized enterprises that form the backbone of the German economy. Around 99% of Germany's companies fall into the Mittelstand category. These are more often than not run by “owner-entrepreneurial families” throughout multiple generations, are very resistant to economic downturns, and have strong regional ties.

Mittelstand firms are rarely household names, even in Germany, yet many are world leaders in what they do. One might make high-precision valves for the oil and gas industry, another might specialize in machine components used in food processing. They tend to focus on a narrow product area and pursue incremental innovation, constantly refining their designs rather than radically reinventing them.

These companies are highly successful, and are in large part what has made Germany such an economic superpower in a European and Global context. But they lacked several things that Wirecard offered: growth, innovation, and perhaps most importantly in hindsight, prestige.

When Wirecard arrived on the scene, it was just what Germany had been looking for. An innovative company that had started as a scrappy startup and slowly but surely started taking over the world. It was a point of national pride, and with that, Wirecard automatically received strong support from regulators, lawmakers, and newspapers. This desire for a tech success story, though understandable, made it easier to look past warning signs. The result when the fraud was uncovered? An extremely rough awakening.

While impossible to put an exact figure on the economic damage that the Wirecard scandal caused as a whole, it's estimated to be at least €30 billion. But one thing that is often forgotten in these types of stories is the actual human impact that a collapse of this kind has. The headlines and aftermath are naturally going to focus on the court cases and what happens with management. Throw in ties to Russian intelligence, a red notice by Interpol, and a missing €2 billion, it's easy to see where the focus is going to land.

But financial crimes at this scale are far from victimless, and they have a real impact on real people. The most direct way is the thousands of employees at Wirecard who had done nothing wrong, and who, in the vast majority, were carrying out their tasks dutifully and professionally. Thousands and thousands of people lost their jobs almost instantly, because of a few individuals who cooked the books at an almost unprecedented scale.

One other aspect is the hundreds of thousands of investors who lost money. Everybody from large asset management firms, to pension funds, to private individuals buying shares through their brokers, lost everything. Sure, there is always the argument that you need to know what you're buying. But if large, prestigious auditing firms have time and time again stated that the income statement is in order, regulators don’t step in, and the company is included in one of the most prestigious indexes in Europe, should an investor account for this kind of risk?

The Wirecard scandal shook the German financial system to its very core. A few people in management orchestrated the fraud, but they were enabled by an establishment that either got fooled or chose to believe and ignored the warning signs. The largest accounting fraud in European history was expensive, embarrassing and we're more than likely going to continue to see ripple effects from the scandal for a prolonged period. For years, it was too complex to understand and too well-defended to challenge – until a pair of journalists toppled over the house of cards that had been built on lies.