Print Article

McKinsey warned Wirecard a year ago to take ‘immediate action’ on controls


Management board later passed over consultancy for compliance work in favour of PwC

McKinsey warned Wirecard more than a year before the payment group’s collapse that it should take “immediate action” to deal with an absence of controls at its largest business.

The consultancy told the company in June 2019 that “risks related to business partnerships or third parties” were one of its main vulnerabilities, according to two people briefed on the details and a document seen by the Financial Times.

The third-party business, later exposed as a sham, was said to carry out payments processing on Wirecard’s behalf in countries where it lacked licences to do the work itself. It accounted for half of the group’s reported revenues and all of its operating profit.

Wirecard’s chief financial officer Alexander von Knoop said on the same call that Wirecard was “very well structured in the field of compliance and legal”. Mr von Knoop was responsible for compliance at the time.

Thomas Poppensieker, senior partner of McKinsey’s global risk practice, presented the final results in August 2019. The findings were devastating for a company that had joined Germany’s prestigious Dax index the previous September and that had faced repeated allegations of financial misconduct over the previous decade.

The consultancy reported that Wirecard’s third-party business lacked compliance policies and internal oversight. It warned that such shortcomings in control functions could lead to managers “cutting corners illicitly” who want to meet internal targets.

As a consequence, this could expose Wirecard to financial risks from a falling share price and the loss of clients, McKinsey warned.

McKinsey described a multitude of other risk and compliance shortcomings. For instance, Wirecard lacked any formal process for acquisitions and post-merger integration, while controls over the enforcement of state sanctions and embargoes were also found to be “non-existent”.

All of these shortcomings had a “high probability of reputational, economic and legal risks to the organisation and its statutory bodies”, according to the document seen by the FT.

McKinsey concluded that Wirecard’s risk and compliance culture was in need of “substantial change” and suggested hiring up to 50 additional staff, including a group compliance officer.

The findings triggered a heated discussion within Wirecard, people familiar with the matter told the Financial Times. Talks were held with McKinsey about a follow-up project to implement the proposed changes. However, Wirecard’s management board instead pushed for PwC to be given the job of setting up a new compliance organisation.

This project — code-named “Merlion” after the national symbol of Singapore, where whistleblowers in early 2019 raised flags over accounting fraud at Wirecard — was launched later in 2019 despite creating a potential conflict of interest: PwC is also the auditor of Wirecard Bank.

Moreover, while PwC’s remit included nine different “workstreams”, it did not address Wirecard’s third-party business, people briefed on the details told the Financial Times. Another controversy arose over the precise remit and powers for the newly created role of group compliance officer. The idea to give this person a management board seat was initially rejected and only revisited and implemented later as questions over Wirecard continued to mount.

James Freis eventually joined Wirecard as group compliance officer on June 18 this year from Deutsche Börse. He ended up being promoted to interim chief executive the following day, as Mr Braun resigned.

Wirecard, McKinsey and PwC declined to comment.


The Team

Meet the team of industry experts behind Comsure

Find out more

Latest News

Keep up to date with the very latest news from Comsure

Find out more


View our latest imagery from our news and work

Find out more


Think we can help you and your business? Chat to us today

Get In Touch

News Disclaimer

As well as owning and publishing Comsure's copyrighted works, Comsure wishes to use the copyright-protected works of others. To do so, Comsure is applying for exemptions in the UK copyright law. There are certain very specific situations where Comsure is permitted to do so without seeking permission from the owner. These exemptions are in the copyright sections of the Copyright, Designs and Patents Act 1988 (as amended)[]. Many situations allow for Comsure to apply for exemptions. These include 1] Non-commercial research and private study, 2] Criticism, review and reporting of current events, 3] the copying of works in any medium as long as the use is to illustrate a point. 4] no posting is for commercial purposes [payment]. (for a full list of exemptions, please read here]. Concerning the exceptions, Comsure will acknowledge the work of the source author by providing a link to the source material. Comsure claims no ownership of non-Comsure content. The non-Comsure articles posted on the Comsure website are deemed important, relevant, and newsworthy to a Comsure audience (e.g. regulated financial services and professional firms [DNFSBs]). Comsure does not wish to take any credit for the publication, and the publication can be read in full in its original form if you click the articles link that always accompanies the news item. Also, Comsure does not seek any payment for highlighting these important articles. If you want any article removed, Comsure will automatically do so on a reasonable request if you email