Summary
- Wirecard's 18 June 2020 disclosure that its auditor could not obtain sufficient evidence for EUR1.9 billion of purported trust-account cash was the collapse trigger, not a complete explanation of the underlying failure.
- The evidentiary problem was broader than one missing balance. For significant third-party acquiring business, investigators encountered missing transaction-level records, incomplete contracts, unavailable historical bank statements, unverified customer identities and confirmations that did not establish the full path from customer activity to cash.
- Germany's pre-2022 two-tier enforcement system divided responsibility between the private Financial Reporting Enforcement Panel, or FREP, and BaFin. ESMA found deficiencies in risk selection, examination scope, information exchange, escalation and internal coordination, while also recording controls that did work and finding no evidence that the Finance Ministry actually directed a case outcome.
- Audit accountability has a separate legal posture. Germany's auditor oversight body ultimately published final professional measures against EY, while civil proceedings, insolvency claims, model-proceeding admissibility disputes and access to audit working papers have followed different legal routes. A disciplinary finding is not automatically a criminal conviction or a damages judgment.
- Criminal allegations that the third-party acquiring business was fabricated remained allegations at the frozen boundary of this analysis. Official scheduling still listed Munich criminal-trial dates through 23 December 2026, and no final criminal judgment had resolved the defendants' responsibility.
- Reform replaced the two-tier model with direct BaFin enforcement and strengthened forensic, information-sharing, conflict and auditor-independence controls. ESMA's 2024 follow-up found the framework substantially improved but expressly left an implementation question: durable proof requires observed case performance, not redesigned rules alone.
- The practical lesson is a control architecture: bank-originated confirmations under investigator control, transaction-to-settlement reconciliation, explicit escalation clocks, independent whistleblower triage, conflict visibility, board-owned evidence gaps and public follow-up measures that can be retested over time.
The event boundary and the standard of proof
This analysis follows the Wirecard financial-reporting accountability chain from warning signals and reporting examinations through the June 2020 disclosure, insolvency, public reviews, professional discipline, criminal proceedings and reforms visible by 17 July 2026. It does not treat every official document as proving the same thing. A company announcement establishes what the company said at a particular time. A supervisory peer review can establish deficiencies against a regulatory standard without deciding civil liability. An indictment states allegations to be tested at trial.
A final court judgment controls the legal issue it actually decided, not every disputed fact in the wider collapse.
That distinction matters because Wirecard generated several superficially conflicting records. On 18 June 2020, the company reported that Ernst & Young could not obtain sufficient audit evidence for EUR1.9 billion said to be held in trust accounts and that there were indications of spurious confirmations. Four days later, Wirecard's board said the prevailing likelihood was that the money did not exist. Those are powerful first-party admissions, but they are not themselves a completed criminal judgment about who created each record or when.
The Munich Regional Court later declared the 2017 and 2018 annual financial statements and related profit resolutions void because assets were materially overstated, yet the court explained that it did not need finally to decide whether particular Asian bank confirmations were forged or whether the underlying third-party acquiring business was entirely absent.
The same discipline applies to accountability labels. The European Securities and Markets Authority, or ESMA, made supervisory findings about German enforcement in its 2020 fast-track peer review. Germany's auditor oversight body made professional findings about audit work and reports. Prosecutors alleged a commercial fraud. Civil courts have addressed procedural admissibility, document access, the validity of financial statements and the rank of shareholder claims in insolvency. These records overlap, but they do not merge into one universal verdict.
Confidence is high on the chronology of public disclosures, the architecture of the former enforcement system, ESMA's findings, the opening of insolvency proceedings, enacted reforms and final published professional measures. Confidence is lower on the complete mechanics of the alleged fraud, the final allocation of individual criminal responsibility, ultimate investor recoveries and whether the post-reform system will detect an analogous case early. Those questions were unresolved or only partly observable at the cutoff.
Chronology: evidence risk accumulated before the collapse
Wirecard presented itself as a payment-services group with direct acquiring operations and a third-party acquiring, or TPA, business used where it lacked its own local licences. In that model, external partners were said to process merchant transactions, with funds attributed to Wirecard held through trustee arrangements. The model was not inherently proof of misconduct. It was, however, evidence-intensive. The greater the distance between Wirecard, a merchant, a processing partner, a trustee and an account bank, the more important it became to verify the entire chain rather than accept an endpoint balance.
The company's 2017 annual report illustrates why the balance mattered. Audited group reporting was a principal source through which investors, lenders and counterparties assessed cash, receivables, revenue and profit. An unqualified opinion did not mean that every transaction had been inspected, but it communicated that the auditor had obtained reasonable assurance that the statements were free of material misstatement. Where a material asset depended on third parties, the assurance value therefore turned on the quality and independence of the evidence behind it.
Warning signals did not arrive all at once. ESMA's review examined German enforcement from January 2015 to 25 August 2020. It found that FREP did not select Wirecard's 2015, 2016 or 2017 annual reports for examination during the 2016-2018 period despite media reports and whistleblower information, and BaFin did not request an examination in that interval. ESMA did not say German authorities lacked all relevant expertise or that every selection decision was unreasonable.
Its more specific finding was that the selection process failed to incorporate important risk signals at a stage when the claimed business and cash could have received deeper scrutiny.
FREP had examined Wirecard's 2014 annual financial report. ESMA found weaknesses in the scope and execution of that examination, including limited public evidence attention to material receivables, useful-life assumptions, media allegations and whistleblower information. The accountability issue is not hindsight perfection. Risk-based enforcement cannot examine every issuer and every account. It must, however, document why persistent allegations, unusual business structures and material balances do or do not change the scope. Without that trace, a decision not to expand looks indistinguishable from passive reliance.
The supervisory response became more active later. FREP selected Wirecard's 2017 annual report, 2018 half-year report, 2018 annual report and 2019 half-year report through different risk and sampling routes. ESMA credited those selections as appropriate. That is an important counterweight to a total-failure narrative. The system did turn toward the issuer. The decisive question became whether the examination was designed and escalated to overcome the known evidence risk.
In early 2019, reporting about Wirecard's Singapore operations intensified. Market reactions, short positions and volatility also attracted BaFin's market-abuse attention. BaFin prohibited the establishment or increase of net short positions in Wirecard shares from 18 February for two months. ESMA's opinion on BaFin's emergency measure records the short-selling rationale: significant adverse events had generated serious concern about market confidence and a possible threat to financial-market stability under the Short Selling Regulation. The ban was a market-stability measure under the legal test then applied. It was not a finding that Wirecard's financial reporting was sound, nor does the later collapse by itself prove that every legal condition for the temporary ban was absent.
This distinction shows how institutional attention can be directionally wrong without being wholly irrational. One part of a regulator may see a threat to orderly markets from trading conduct while another must test whether the issuer's numbers are reliable. ESMA found that BaFin's internal coordination did not ensure that media reports and complaints received by market-abuse teams were consistently conveyed to the financial-reporting enforcement function. The organization possessed signals, but did not reliably assemble them into one issuer-risk picture.
FREP began examining the 2018 half-year report in February 2019 and later expanded to the 2018 annual report. Yet ESMA found that the scope did not focus sufficiently and early enough on the TPA business. It was not until October 2019 that this area was added, despite serious allegations earlier in the year. By then, the accountability problem had shifted from selection to pace, evidence design and escalation.
Wirecard commissioned KPMG to conduct a special investigation in October 2019. FREP suspended its own examination work while awaiting that investigation. ESMA found the initial decision understandable because KPMG was expected to have relevant independence, scope and resources, and BaFin did not entity. But this was also a transfer of practical momentum from a statutory enforcement process to an issuer-commissioned engagement. The engagement letter was not provided promptly to the authorities, and KPMG's access depended in part on company cooperation and third parties.
Deference became consequential when waiting was not paired with a hard deadline, parallel evidence collection or a pre-agreed escalation route if the special investigation could not obtain direct records.
The KPMG investigation: indeterminacy was the result
KPMG's special investigation is central because it did not simply endorse or disprove Wirecard's account. Wirecard announced receipt of the report on 28 April 2020, while ESMA's later peer review treated the report as a decisive supervisory signal rather than an exoneration. The investigation documented why important claims could not be verified. For the 2016-2018 TPA business, KPMG said the investigation encountered obstacles including unavailable transaction data, incomplete or missing contractual records, a lack of direct historical bank confirmations and non-cooperation from relevant third parties. It could neither confirm that the reported revenue existed in the stated amount nor conclude from the available material that it did not exist.
That indeterminacy was not neutral reassurance. In a forensic investigation, inability to verify a material claimed revenue and cash chain after targeted work is itself a control result. It means management has not produced evidence sufficient to close the question. The appropriate response is escalation, scope expansion and a decision about what can still be reported or assured, not conversion of uncertainty into a favorable conclusion.
The report identified weaknesses at several evidence layers. Some materials were electronic copies whose authenticity could not be independently established. Investigators did not receive all requested access to systems. Historical account records and confirmations for one trustee-bank arrangement were unavailable. The former trustee did not cooperate. Records associated with a later trustee did not by themselves establish the source and ownership of funds. Customer aliases could not be completely mapped to verified customers.
Aggregate balance information did not permit KPMG to reconcile every underlying merchant transaction through processing, receivable, settlement and cash.
Wirecard's public framing on 28 April was materially more favorable. In its announcement about KPMG's report, the company emphasized that KPMG had not found incriminating evidence and said audit evidence was sufficient. That statement is evidence of management's position, not an independent resolution of the gaps KPMG documented. The difference between the commissioned report and the company's characterization is an accountability signal in its own right. A board should require a public summary to preserve the investigator's limitations and unresolved exceptions, especially when the exceptions concern material revenue and cash.
ESMA regarded the KPMG report as a decisive new signal. Nevertheless, FREP waited roughly a month before sending further questions to Wirecard. Direct discussion between FREP and KPMG was also constrained. KPMG sought a release from professional confidentiality, but Wirecard did not provide it. Confidentiality protects legitimate relationships, yet a system that allows an issuer to prevent an enforcement body from efficiently interrogating the investigator it commissioned creates an avoidable information bottleneck. Confidentiality should govern disclosure, not provide an indefinite substitute for evidence.
The KPMG episode also shows why engagement ownership matters. An issuer can hire a respected firm and still control access, timing, third-party permissions and public messaging. Independence of professional judgment does not automatically create independence of evidence supply. A robust control must specify who sends confirmation requests, who receives replies, how bank identity is authenticated, whether investigators can access underlying systems, and what happens when a counterparty refuses. Without those operational rights, an impressive mandate can end with a carefully described inability to conclude.
The June 2020 trigger
On 18 June 2020, Wirecard disclosed that EY had not obtained sufficient audit evidence for EUR1.9 billion in cash balances on trust accounts, approximately one quarter of the consolidated balance sheet. The company said there were indications that a trustee or bank-account information supplied to the auditor included spurious confirmations intended to deceive the auditor. Publication of the 2019 annual and consolidated statements was postponed again. Wirecard also warned that loans of approximately EUR2 billion could be terminated if certified statements were not produced.
That announcement was the immediate collapse trigger because it joined three risks that had previously been discussed separately. The first was evidentiary: a material reported asset could not be verified. The second was integrity: the confirmation process itself appeared compromised. The third was liquidity: delayed audited accounts could activate financing consequences. Once these risks became public together, continued reliance on prior reported cash, earnings and financing assumptions was no longer tenable.
On 22 June 2020, the management board said the prevailing likelihood was that the EUR1.9 billion did not exist. It said prior descriptions of the TPA business were not correct, withdrew preliminary 2019 and first-quarter 2020 results and withdrew its forecast. This disclosure substantially changed the company's own position. It did not by itself adjudicate every period, transaction or entity, but it removed the basis for treating the missing evidence as a routine audit delay.
On 25 June 2020, Wirecard AG filed for insolvency because of impending insolvency and over-indebtedness. The insolvency court formally opened proceedings on 25 August 2020, according to the court-appointed administrator's notice. The short interval from missing-evidence disclosure to filing demonstrated that reported asset reliability, lender confidence and operational survival were connected.
The trigger should not be mistaken for the root cause. The June auditor decision was a late-stage control finally refusing to convert inadequate evidence into an opinion. The disclosure was damaging because earlier controls had allowed the disputed balances and business claims to remain credible long enough for investors, lenders, employees and business partners to depend on them. A stop that works at the last gate can still reveal that upstream gates failed for years.
Trigger versus root cause
The trigger was specific: EY could not obtain sufficient evidence for the trust-account cash, indications emerged that confirmations were spurious, audited reporting was delayed and financing consequences became immediate. The root cause was a layered verification architecture that did not reliably establish who controlled the claimed cash, what transactions generated it and whether evidence came independently from the institutions said to hold it.
At company level, the control question was not merely whether a spreadsheet balance added up. It was whether merchant identities, acquiring contracts, processor records, fee calculations, receivables, settlements, trustee movements and bank cash could be reconciled across the whole TPA chain. Records that exist only as management-selected copies or aggregate trustee confirmations cannot establish that chain. Where the business model depends on intermediaries, control strength must rise with intermediation risk.
At board level, unresolved access and authenticity problems should have been treated as governance exceptions with owners and deadlines. A special investigation is not remediation by itself. The supervisory board needed a direct view of requests outstanding, third parties refusing cooperation, system access denied, conflicting public descriptions and the financial-statement consequences if gaps remained. A board that receives only a conclusion such as no incriminating evidence can miss the more important fact that investigators could not verify the proposition they were asked to test.
At auditor level, the issue was the sufficiency and independence of audit evidence for material accounts and revenue. External confirmation is valuable because it can bypass management, but only when the auditor controls the request and response, authenticates the respondent and reconciles the balance to underlying records. A confirmation routed through a trustee, represented by a scan or unsupported by transaction-level evidence provides less assurance. When evidence conflicts or remains unavailable, professional skepticism must change the audit plan and, if necessary, the opinion.
At enforcement level, the roots included risk selection that did not consistently absorb public warnings, an examination scope slow to focus on TPA, statutory thresholds that complicated BaFin's takeover of a FREP case, confidentiality barriers, fragmented information and limited public evidence internal escalation. ESMA also identified a structural ambiguity around suspected fraud. FREP and BaFin did not have a sufficiently aligned understanding of how far financial-reporting enforcement should investigate possible fraud before or alongside referral to prosecutors.
The former system divided work by design. FREP, a private-sector panel, conducted first-tier examinations with issuer cooperation. BaFin could act at the second tier if an issuer refused, disagreed with findings or if BaFin had substantial doubts about the examination or result. Such a design can work when information moves quickly and escalation thresholds are operationally clear. It becomes fragile when the first tier lacks compulsory forensic powers, the second tier lacks detailed visibility into the live examination and each institution assumes the other has the better route to proof.
Institutional deference was therefore not one decision or one actor's motive. It was a sequence. Market warnings were sometimes treated through a market-abuse lens. FREP waited for an issuer-commissioned investigation. KPMG depended on access controlled by the issuer and third parties. The statutory auditor encountered a confirmation process exposed to intermediary influence. BaFin depended on FREP's first-tier examination while receiving information limited public evidence to overcome a legal takeover threshold. Each handoff could be defensible in isolation.
Together, they created time in which no institution held both the complete evidence question and the power to compel a timely answer.
Auditor accountability: evidence, discipline and legal limits
Audit responsibility must be assessed through the records that actually reached a final posture. Germany's Auditor Oversight Body, APAS, announced in 2023 that it had found professional-duty breaches in audits of Wirecard AG and Wirecard Bank for 2016 through 2018. The original decision included measures against the audit firm and five individual auditors, while proceedings involving others had ended after they surrendered professional licences. The APAS announcement also stressed that its professional decision did not bind civil or criminal courts.
Appeal and publication status matter. A later APAS publication of final measures identified EY GmbH & Co. KG, formerly Ernst & Young GmbH. It recorded a EUR500,000 fine and a two-year prohibition on accepting new statutory audits of public-interest entities, among other measures. The publication described audit performance and reporting deficiencies and found that several audit opinions did not meet applicable requirements. These are final professional measures against the firm. They support a finding of audit-quality failure within the oversight body's jurisdiction; they do not determine each investor's loss causation, each auditor's criminal intent or every disputed fact in the TPA business.
A later Federal Court of Justice judgment added an important evidence-access result. In December 2025, the court held that the insolvency administrator was largely entitled to information and inspection of the auditor's working papers for the 2016-2019 audits and the special Project Ring investigation. The judgment in case III ZR 438/23 also recited the procedural record around earlier audit concerns, including warnings associated with evidence for revenue, but it was principally a document-access case. It did not adjudicate all pending damages claims. Requests concerning 2014 and 2015 were time-barred, and the court rejected a preventive destruction claim because the necessary threat had not been shown.
This distinction creates three separate accountability layers. Professional oversight asks whether audit duties and quality standards were met and what sanctions are appropriate. Insolvency administration asks what records the administrator can obtain to investigate and recover value for the estate. Private litigation asks whether specific legal duties, causation and damages are established for particular claimants. A strong professional finding can be relevant to later cases, but one layer cannot be substituted for another.
Practical audit control begins with independence from the evidence channel. Confirmation requests should originate from and return to a domain and address verified by the auditor, not pass through management or a trustee whose role is under examination. The bank's legal identity, account title, beneficial entitlement, restrictions and balance date should be authenticated through independently sourced contact details. A positive balance reply should be reconciled to cash movements before and after year-end and to the revenue and receivables said to generate it.
Where a balance is unusually large or geographically remote from core operations, the plan should include direct inspection or an independently instructed local professional.
The auditor must also make exceptions visible. An unresolved confirmation is not a clerical item once it is material. It should enter an exception register with the affected assertion, alternative procedures attempted, contradictory evidence, management explanation, engagement-partner decision and audit-committee notification. The register should force a binary outcome before the opinion: sufficient independent evidence exists, or the report is modified or withheld. This prevents repeated extensions from gradually normalizing an evidence deficit.
Regulatory accountability: the two-tier system and its blind spots
ESMA's peer review offers the most systematic official assessment of the German financial-reporting enforcement response. It found deficiencies in supervisory independence safeguards, risk monitoring, examination procedures and the effectiveness of the two-tier system. Yet its findings were more nuanced than a claim that BaFin or FREP did nothing.
On resources, ESMA concluded that the authorities generally had adequate staffing and skilled personnel for their functions. On case selection, it found the later selection of multiple Wirecard reports appropriate. On independence, it identified a heightened risk from frequent and detailed reporting by BaFin to the Federal Ministry of Finance, sometimes before actions were taken, but found no evidence that ministry officials actually influenced a Wirecard supervisory decision. Converting a risk finding into an allegation of proven political direction would exceed the report.
Conflict controls were incomplete. BaFin did not have a comprehensive, continuously usable view of all employee financial holdings, and some employees in market-abuse functions traded Wirecard instruments during the review period. ESMA found no such trading by employees in the financial-reporting enforcement function. The relevant finding is therefore control insufficiency and activity in some organizational areas, not proof that the staff conducting the accounting examination traded on or manipulated the case.
Risk monitoring was fragmented across public reporting, whistleblower information and internal teams. ESMA found that earlier media and whistleblower signals did not lead to selection of the 2015-2017 annual reports when they should have influenced the risk process. It also found that information received in other BaFin divisions did not consistently reach the enforcement function. A regulator can have a whistleblower channel and still fail if intake, issuer matching, credibility assessment, confidentiality handling and escalation are not joined into one traceable process.
Examination control was also too dependent on cooperation. FREP did not have the full range of compulsory forensic powers later given to BaFin. BaFin, meanwhile, needed enough information to form substantial doubts before taking over an examination, but did not always receive sufficiently detailed live information from FREP. The threshold was legal; the information gap was operational. Together they made escalation difficult precisely when a first-tier inquiry was producing unresolved questions rather than a clean finding.
The KPMG wait exposed that design. FREP's decision to consider an independent special investigation was not inherently improper, and ESMA acknowledged the rationale. The failure was in the absence of an effective contingency when the engagement was delayed, its access was constrained and its report could not verify the central claims. A regulator may use external work, but should never outsource its escalation clock. It must define the evidence it requires, the deadline, the right to question the investigator and the consequence of non-production.
BaFin's market-abuse response and its financial-reporting response also needed a stronger common case view. Short-selling activity can coexist with accurate criticism, manipulation, inaccurate reporting or several of those conditions at once. A market-stability intervention should trigger, not suppress, an independent check of the issuer facts driving volatility. The control is not to assume short sellers are right. It is to keep trading-conduct and issuer-reporting hypotheses open until each has its own evidence.
A 2024 Federal Court of Justice decision illustrates why regulatory findings and damages liability can diverge. In case III ZR 57/23, the court rejected an investor's attempt to proceed with a state-liability claim relating to BaFin measures and found no basis to overturn the lower-court outcome. The official decision assessed a particular legal duty and liability standard. It did not invalidate ESMA's peer-review findings. ESMA asked whether supervisory practice met Union guidelines and functioned effectively; the court asked whether the claimant had established a viable damages route under the governing law. Accountability analysis must preserve both results.
Affected parties and the distribution of harm
Investors were the most visible affected group because Wirecard's share price collapsed and prior reports could no longer support valuation assumptions. But the accountability perimeter was wider. Bondholders and lending banks depended on audited reporting, covenant compliance and the existence of cash. Employees faced job losses and disrupted careers. Merchants and payment partners faced uncertainty about settlement and service continuity. Customers of regulated subsidiaries needed assurance that licensed operations and safeguarded funds were separated from the insolvent parent.
Suppliers and other unsecured creditors entered an estate in which recovery depended on asset realization and claim rank.
The distinction between Wirecard AG and regulated subsidiaries was operationally important. Wirecard said on 27 June 2020 that the bank subsidiary was not then part of the insolvency filing and that other licensed entities continued under their respective supervisors, while the UK Financial Conduct Authority had temporarily suspended Wirecard Card Solutions Limited. That business-continuity announcement is a company statement, not an independent guarantee of every customer outcome. It nevertheless shows why crisis controls need a legal-entity map: parent insolvency, bank supervision, e-money safeguarding and merchant settlement do not have identical asset pools or remedies.
The administrator reports that the Wirecard AG insolvency remains open and that asset sales, litigation and other recoveries have generated proceeds while preserving parts of the operating businesses. The administrator's case page is authoritative for the office's own actions and case status, but recovery estimates from an administrator are not a promise of distribution to any claimant class. Administration costs, legal outcomes, asset ownership, priority and the final claims pool all affect recoveries.
Users of financial statements were also harmed institutionally. A statutory audit opinion, an enforcement system and a listed issuer's disclosures are public confidence mechanisms. When their combined output fails to expose a material evidence problem promptly, the cost includes more than direct loss. Future issuers face more intrusive controls, audit clients pay for expanded procedures, regulators devote resources to reform and market entities discount assurance that should reduce information risk. That distributed cost is why accountability cannot end with identifying an alleged fraudster.
Remedies and their limits
The Munich Regional Court's 5 May 2022 decision declared Wirecard AG's 2017 and 2018 annual financial statements and related profit-allocation resolutions void. The court found material asset overvaluation sufficient for that result. It expressly did not need to decide every contested theory about forged confirmations or the existence of the TPA business. The remedy corrected the legal status of the statements, but it did not restore lost value or allocate all responsibility.
Criminal proceedings address another layer. Munich prosecutors alleged in March 2022 that former executives used fabricated TPA business and false financial statements to obtain financing and sustain the company. The indictment announcement is a formal prosecutorial record, but its factual assertions remained allegations to be proven against each defendant. The criminal trial began in December 2022. An official 26 May 2026 scheduling notice listed hearing dates through 23 December 2026 and cautioned against inferring when proceedings would end. At the cutoff, there was no final criminal judgment resolving the charged conduct.
Civil investors faced procedural complexity rather than one collective merits ruling. In February 2025, the Bavarian Supreme State Court held that many proposed declaratory objectives in the original model proceeding were inadmissible and that claims against EY could not be resolved in that proceeding under the former version of the Capital Markets Model Case Act. The partial model decision was procedural; it was not a finding that audit-related claims lacked merit. In January 2026, the court expanded the model proceeding to include some proposed findings concerning alleged incorrect TPA statements by the former chief executive. More than two thousand additional applications still required procedural treatment. In May 2026, the same court rejected recusal applications against all judges of the model-case senate, but stated that until legal force only non-deferrable acts could be carried out. The civil route therefore remained open, active and procedurally constrained rather than resolved on liability or damages.
In November 2025, the Federal Court of Justice decided an insolvency-ranking issue. Its judgment in IX ZR 127/24 held that capital-markets damages claims arising from shareholder status were not ordinary insolvency claims ranking alongside general creditors. The decision limits recovery through the issuer's estate for that category. It does not erase possible claims against other defendants, decide their merits or guarantee that a different route will produce payment.
These outcomes illustrate the limits of remedy after a reporting collapse. Nullifying statements repairs the legal record. Professional sanctions enforce audit standards. Criminal proceedings can impose individual punishment if charges are proved. Insolvency administration realizes remaining assets. Civil claims can allocate compensation where duty, reliance, causation and loss are established. None can recreate a solvent company or fully reverse decisions made on unreliable information. Prevention and early evidence escalation therefore have higher expected value than ex post enforcement alone.
Comparison: assurance by representation versus assurance by control
The central comparison is not Wirecard against another scandal. It is one evidence architecture against another.
In assurance by representation, management describes a business relationship, a trustee relays a balance, a document copy appears consistent with that account and an aggregate figure is reconciled to a ledger. Each item may look plausible. Yet the evidence path remains exposed to the same parties whose assertions are being tested. If a customer alias cannot be mapped, a processor does not provide data or a bank reply cannot be authenticated independently, the chain has not escaped management influence.
In assurance by control, the verifier defines the population and obtains evidence through channels it controls. Customer and merchant identities are matched to executed contracts. Processor data is extracted from source systems with completeness checks. Individual transactions are traced through fees, receivables and settlement. Confirmation requests go directly to independently verified bank contacts and return directly to the verifier. Account ownership, restrictions and beneficial entitlement are checked. Cash receipts and withdrawals around the reporting date are inspected. Exceptions remain open until resolved or reflected in the report.
The second architecture does not guarantee that fraud is impossible. Collusion, forged systems and compromised institutions can defeat individual procedures. It does make the attack more expensive and create contradictory traces across independent domains. It also converts non-cooperation into a visible result. If a bank, trustee, processor or issuer blocks access, the failure enters the reporting decision rather than disappearing into an extension of time.
There is a parallel regulatory comparison. The former two-tier system relied on cooperative first-stage examination and second-stage escalation through a legal threshold. The post-2022 model gives BaFin direct responsibility and stronger forensic powers. Centralization reduces handoff risk, but it can also centralize blind spots. The meaningful comparison is therefore not the number of institutions. It is whether the responsible authority receives all relevant signals, can compel source evidence, records conflicts, challenges management explanations and is independently reviewed against observable outcomes.
Reform: stronger design, incomplete proof
Germany's response developed through policy proposals, parliamentary amendments and the Financial Market Integrity Strengthening Act, or FISG. The Bundestag's legislative record records measures including direct BaFin responsibility for financial-reporting enforcement, stronger audit independence and rotation rules, expanded corporate governance obligations and revised sanctions and liability provisions. The final centralization of enforcement was significant because an earlier design had contemplated retaining more of the existing first-tier structure.
From 1 January 2022, BaFin became solely responsible for enforcement of listed issuers' financial reporting. ESMA's follow-up described the new function, including specialist and forensic capacity, against the background of the Financial Market Integrity Strengthening Act. Legal powers expanded to request information and documents, summon responsible persons, conduct searches and seizures under applicable conditions and publish certain examination information. Information exchange with auditor oversight and internal coordination were also strengthened.
ESMA returned to the reforms in its July 2024 follow-up report. It found that Germany had replaced the two-tier system, expanded staffing and expertise, improved media monitoring and whistleblower handling, introduced stronger employee-trading controls, formalized ministry-supervisor communication and enhanced information exchange. It assessed BaFin as fully complying with the relevant Guidelines on Enforcement of Financial Information from January 2022.
The report also preserved important caveats. BaFin still could not necessarily obtain an exhaustive real-time view of every employee holding. Formal reporting arrangements with the ministry reduced but did not make influence risk conceptually impossible. Most importantly, ESMA assessed the new framework and how recommendations were addressed; it did not review a representative set of completed post-reform enforcement cases to prove detection performance. Its conclusion was therefore stronger than a promise and narrower than proof that another Wirecard could not occur.
Parliamentary review also requires care. The Bundestag inquiry heard extensive evidence and published a report of more than two thousand pages. The committee archive records 110 witnesses and experts and the use of independent experts to evaluate audit files. The final report did not contain one consensual political assessment; it included a majority position and separate minority opinions. The evidentiary archive is durable, but political interpretations in the report should be attributed to the factions that made them rather than presented as a single parliamentary finding.
Practical control and responsibility
The Wirecard record supports a control model with named owners rather than a general demand for more skepticism.
Management owns the transaction-to-cash evidence chain. For every material intermediated business stream, finance and operations should maintain a controlled mapping from legal counterparty and customer identity through contract, source-system transaction, fee calculation, receivable, settlement instruction, trustee movement and bank account. Reconciliations should test completeness in both directions: ledger entries to source transactions and source transactions to ledger entries. Any use of aliases must preserve a separately controlled identity map available to auditors and supervisors.
Treasury owns bank-account authenticity and entitlement. An independently maintained account register should state the bank's legal identity, verified published contact points, account owner, beneficial entitlement, signatories, restrictions, trustee terms and reconciliation owner. The register should be confirmed periodically through bank-originated data, not management-uploaded scans. Material trust balances should receive enhanced procedures and independent legal analysis of whether cash is available to the reporting entity.
The audit committee owns unresolved evidence risk. It should receive an exception schedule showing every material external confirmation not obtained directly, every alternative procedure, every third party refusing access, every limitation on a special investigation and every disagreement over public characterization. Exceptions need deadlines and decision rights. If evidence remains limited public evidence, the committee should know before the reporting date what modification, delay, restatement or disclosure follows.
The statutory auditor owns the independence of the assurance channel. The engagement team should control confirmation creation, dispatch, authentication and receipt. It should use independently sourced contact information and verify unusual replies out of band. A material endpoint balance should be linked to transaction populations and post-period cash movements. Group-audit responsibility should specify how component and local evidence is reviewed, especially where core profit is generated outside the group's licensed operating footprint.
A commissioned investigator owns limitation reporting, not evidence access. The engagement letter should permit direct contact with banks, processors, customers, prior trustees, auditors and supervisors, subject to law. It should define system access, preservation obligations and a protocol for non-cooperation. The report should place unresolved scope restrictions beside any conclusion. The board should not publicly summarize the work in a way that turns inability to verify into exoneration.
The supervisor owns an issuer-level signal register. Media analysis, whistleblower reports, unusual trading, prior examinations, audit qualifications, delayed reports, enforcement referrals and cross-border information should feed one record. Signals should be graded for credibility and materiality, but not discarded because their source has an economic interest. A short seller can be biased and correct; an issuer can be targeted and still have reporting defects. Each hypothesis requires separate testing.
The supervisor also owns the escalation clock. When a cooperative examination depends on an issuer or its investigator, the authority should define required evidence, a short production deadline and takeover criteria. Missing direct confirmation for a material asset, refusal to release an investigator or inability to access source systems should automatically raise the case to a designated decision-maker. Extensions should state what new evidence justifies time, not merely that work continues.
Whistleblower and complaint teams own traceable routing. Every substantive report should be linked to the relevant issuer and accounting topics, checked against prior signals and acknowledged in an auditable case trail. Confidentiality should protect the reporter while allowing sanitized risk information to reach the examination team. Closure should require a reason that can be revisited if corroborating evidence arrives.
Compliance owns conflict visibility. Supervisors and audit firms need holdings disclosures, pre-clearance, restricted lists, trading prohibitions for relevant instruments, periodic broker confirmations where legally available and independent review of breaches. The purpose is not to infer bias from every holding. It is to make potential conflicts visible before staff influence a case and to produce evidence that restrictions were enforced.
The legislature and oversight bodies own system-level verification. Reform should be tested using measures such as time from high-risk signal to examination, time from evidence refusal to compulsory action, percentage of material confirmations obtained directly, unresolved exception age, cross-team referral completion and publication of follow-up findings. Aggregate metrics must be supplemented by confidential file review because a fast closure can be a weak closure.
Insolvency and courts own remedy within legal limits. Administrators preserve and obtain records, realize assets and pursue estate claims. Courts determine validity, procedure, liability and claim rank on the issues before them. Neither should be described as having delivered full compensation while litigation and distributions remain unresolved. Durable accountability reports what has been recovered, what remains contingent and which claimant groups bear legal subordination.
Findings, allegations, judgments, estimates and uncertainty
Several propositions can be stated as findings. Wirecard disclosed the failure to obtain sufficient audit evidence for EUR1.9 billion and then said the money probably did not exist. The company filed for insolvency. ESMA identified specified deficiencies in German financial-reporting supervision. APAS imposed final professional measures on EY. Germany replaced two-tier enforcement with direct BaFin responsibility. The Munich court declared the 2017 and 2018 statements void. These claims rest on first-party disclosures, final professional publications, enacted rules or court decisions.
Other propositions remain allegations. The prosecution's account that the TPA business was fabricated over years and that named defendants knowingly used false statements is a criminal allegation until adjudicated. Describing it as the official prosecution case is accurate; stating that every defendant committed the charged conduct is not. Political claims in majority or minority parliamentary opinions also require attribution.
Some propositions are judgments with narrow reach. The 2022 nullity judgment established invalidity of specified financial statements without resolving every disputed mechanism. The 2024 BaFin decision addressed a particular damages route and legal standard, not the quality of every supervisory choice. The 2025 shareholder-ranking judgment determined insolvency priority for a claim category, not the merits of all claims. The 2025 audit-workpaper judgment resolved substantial access rights and limitations, not final audit damages.
The 2026 model-case recusal decision addressed the composition and temporary procedural capacity of the senate, not whether the alleged statements were false or who must compensate investors.
Estimates require an owner and a method. Company references to financing exposure, administrator reports of realized proceeds and claimant assertions about losses describe different measures. They should not be added into one loss figure. Market capitalization decline is not identical to compensable investor loss; creditor claims are not identical to admitted claims; asset-sale proceeds are not identical to distributable recovery. This analysis therefore does not publish a synthetic total.
Uncertainty remains material. The criminal trial was ongoing with future hearing dates. Civil and model proceedings had not produced a final comprehensive allocation of liability, and the model proceeding was subject to a temporary post-recusal-decision limit on non-urgent steps until legal force. The insolvency remained open. Post-reform controls had been reviewed primarily for design and institutional implementation, not proven across enough analogous cases to establish long-term effectiveness. These are not omissions to be filled by inference. They are part of the accountability record.
Durable verification and source notes
Durable verification means that a reader can return to records that preserve both the claim and its procedural status. The core event disclosures are Wirecard's archived announcements of 18 June, 22 June and 25 June 2020. They establish what the company reported, not independent proof of every underlying act.
ESMA's peer-review landing page, full 2020 report and 2024 follow-up preserve the supervisory standard, findings and reform caveats. APAS's final publication preserves the professional measures and their status. The Bundestag archive preserves hearing and report material but must be read with its majority and minority structure. Court and prosecution pages preserve case posture; they should be checked for later judgments after the frozen boundary before any future republication.
For an operating institution, durable verification should also exist internally. Confirmation metadata should record who initiated a request, the independently verified destination, transport method, return path, authentication checks and exceptions. Transaction reconciliations should be immutable by period and linked to source-system extracts. Board minutes should identify evidence gaps and decisions without relying on conclusory presentations. Supervisory files should show which signals were considered, why scope changed, when compulsory powers were considered and who approved delay.
The accountability test is not whether institutions can explain, after insolvency, why each individual handoff seemed permissible. It is whether the system assigns one owner to the unresolved evidence question before market dependence becomes irreversible. Wirecard's June 2020 trigger was a failed confirmation process. Its deeper legacy is the danger of allowing representation, professional reputation, divided jurisdiction and procedural waiting to stand in for source evidence.
Reform becomes credible only when the next material refusal, inconsistency or missing confirmation produces a documented escalation while there is still something left to protect.

