How did a financial audit not uncover the dramatic mismatch in actual vs. purported activity? How does a transaction value of $41 per user (x 4.25M users) not translate to an auditable revenue stream?
This doesn't look good on either party.
Not necessarily true. Depending on the type of audit, part of the audit is to cherry pick (or randomly pick) recorded accounts and confirm whether they are backed up by various documents. For example - anyone can put in a receipt for a plane ticket and then have that plane ticket hit the P&L as a journal entry. But an auditor may look at the plan ticket receipt and check for the date, name of person on it, what date they were flying, what was their origin an destination, etc. etc.
Source - currently under audit, and auditors are asking for confirmed records that support what is in an accounting system.
Typically, it's just compliance.
Diligence usually means talking to top customers, but deals get rushed, access is a negotiation point, and liars are hard to detect.
DD guy here. This is the most plausible explanation.
When you're under LOI there is a lot of back and forth, which ultimately guide how the purchase agreement gets formulated. So if this was the case, then they would have made the trade off of "ok she's not letting us see the list, but we'll make sure the SPA is ironclad about this". Ultimately deals then get some money locked into escrow or RWI to soften the blow of the cost implication.
At the end of the day, let's say you're JPMC and the company that you acquired did exactly what Javice did. You have an SPA that binds you legally (meaning, if they caught lying post close, they'll get sued), how on earth would you think someone was dumb enough to try to get through diligence, then operate the company post close, and NOT expect to be found committing fraud.
That’s pretty much what Theranos did. The due diligence people walked away and threw a few hundred million more at Theranos. That’s compares to the due diligence we went through when I worked at a small startup years ago. It was only for a few million but they made us go through hell with all their information request.
Seems if you want to commit fraud it’s best to go really big. The bigger you are the less scrutiny and less consequences.
And it's not like that money is completely gone. JPM will sue and probably recover a very large chunk of it. Say that of the $175 million, they get back $150M, so they are out $25M. It's just not that much money to them. Sure, someone didn't do their job and will probably get fired over this, but Jamie Dimon and the executive suite don't really think about $25M losses.
It's far less about the percentage of JPMC's market cap, and more about the fact that a competent due diligence effort would cost less than $250k, which is insignificant against the cost of the acquisition.
Who are they going to sue? Javice's stake in the company was only worth $21M.
If the rest is held by shareholders who weren't involved in the running of the company, good luck getting it back from them.
Bottom line it's human to trust. It will always be very hard to uncover deceit when it's part of your business to make sure it continues and work hard to cover it up. Looks to me like the auditors never had a chance.
I'm surprised that the founder didn't just grab the money and moved to a country where there's no extradition. Last I read she was still claiming that the business was 100% legitimate.
Anyway, wasn't there some business behind the supposed 4M users? You can fabricate 4M users in a csv file and insert them into your production DB, but shouldn't there be some revenue associated with those users, and couldn't the acquirers have looked to see if that revenue existed?
I have no problem with charges being filed, but seriously... it's not like the buyer was some kind of low-budget mom and pop shop or community bank. I'm just not very sympathetic to JPMorgan for being scammed in a situation where being wary should be standard.
A just question. How much due digilence was done on SBF / FTX by The New-York Times and by the VCs who poured hundreds of millions into a pure fraud?
NYT isn't an investor, so that's a total non sequitur.
VCs on the other hand...VCs dont do much diligence. And who really cares really? They lost their money, not yours.
My immediate reaction to when JPM found out they'd be duped after running an 'email campaign' was, hmmm, maybe well deserved, should have done your homework!
I want to put the blame solely on the executives, lawyers and team that drove the acquisition forward.
Obviously we can open the floodgates of conspiracy theories. Maybe, some from JPM team may have been on this...
One of the issues was that "she could not share her customer list due to privacy concerns". So maybe JPM could have pushed back against that more?
"""Javice also cited privacy concerns in sharing Frank’s customer data directly with JPMC. After numerous internal conversations, and in order to allay Javice’s concerns, JPMC agreed to use a third-party data management vendor, Acxiom, to validate Frank’s customer information rather than providing the personal identifying information directly to JPMC."""
The gap here was _huge_. If I was the JPM diligence team, I might have asked them for read-only access to their product analytics. They claimed something like 10K FAFSA applications/day. This should show up nicely in their analytics tools. Yes, they could fake these visits--but it would be much harder to fake that you're getting 10K visits from appropriate regions, at appropriate times of day, with appropriate dwell times, with appropriate distribution of completion rates.
Credit card processor revenue reports over prior months may have shown startingly small revenue. Match that with bank statements.
The real due diligence is their networks and reputations. If the people in charge say yes, then the paperwork will support whatever they said already.
This is a poster-child example for confirmation bias. You don't hear about all the DD that doesn't result in a fraudulent company being purchased.
“An internal investigation revealed that Javice and Frank chief growth officer Olivier Amar — referred to as "CC-1" in the federal charges — paid a New York data science professor $18,000 to create nearly 4 million fake accounts in order to juice Frank's user numbers, JPMorgan alleged in its lawsuit. Amar later bought a list of student email addresses from a marketing firm for $105,000 in order to make those accounts seem more credible, JPMorgan alleged”.
I guess it’ll be prison?
2. It's perfectly reasonable to ask someone to create a 'test' dataset for you. Just don't tell them that you're going full fraud with it.
3. People working for software firms get paid to create test datasets all the time. 18k for an outside one-time consultancy is not an insane number.
Software People: Ha they paid 18k for fake emails!
Business People: .. (nothing, they think nothing of spending 18k to push through a 175MM deal.)
The Frank founder went to work for them after this closed. It doesn't look like she thought she did anything wrong here otherwise you'd think she'd get as far away from the mark as possible.
When fake it until you make it and hustle culture goes horribly wrong.
She probably thought they would just be subsumed into a massive corporation, that JPM had shitty metrics and monitoring on their marketing campaign, and nobody would notice most of their emails were going nowhere.
A key piece of evidence is around whether Frank had 4.25 million users or 300k. Javice (Frank's CEO) alleges JPMorgan Chase (JPMC) is misrepresenting what she provided, saying she merely anonymized the data by making it "synthetic" to a third party for verification to avoid sending PII to JPMC before the deal closed.
Here's the problem though: it (allegedly) wasn't anonymized data - it was fake data, and later when JPMC asked for the real data after the company was bought, Javice bought data for ~4 million students from a third party vendor for ~$100k, combined the data to build the "final database," and JPMC very quickly realized that most of the data was no good.
And it is a wild story! It's probably going to get the miniseries treatment. The Uber/Theranos/WeWork shows were pretty popular, after all, so I'd bet that a second batch is coming with FTX, Frank, and that Korean guy who went on the lam in Montenegro. Hah.
"Frankly fradulent"
"When Frank tanked"
"Frank robs the Bank"
This seems entirely inevitable since the emails were largely not actual customers…
Very strange.
Maybe a fancier scam would be parsing for links and randomly fetching them with headless chrome. But I doubt that’d be required.
You don't think it would be at all suspicious that most of the emails in the customer list are using weird custom domains rather than the popular ones like gmail.com or outlook.com?
I made 10K fake users for testing the app I'm developing now. I used thispersondoesnotexist.com, and about a half hour's worth of PHP programming, to make an open-ended user generator.
I only need 10K users, and it takes about an hour or so to generate them, but I'm sure that this type of thing could be easily scaled.
"Hey, ChatGPT, can you give me the SQL for five million users, with the schema published here?"
You describe an idea and get very realistic users that you can chat with. Hooking that up to an email account could have been very convincing...
Typing in Frank's elevator pitch:
"Frank is a financial platform that helps college students manage their financial aid and student debt. Frank offers a free solution that allows you to streamline your FAFSA application, educates you about what FAFSA does and what parts of the application are important, and helps you potentially get additional money."
Gives some cool results
100% Fake business, fake customers. $175M valuation. What I don't get is why JPM didn't realize that this company had no revenue, unless they completely cooked the books.
Its unfair and awkward but ventures which heavily push the mission like this one should be pushed harder on their fundamentals by the investor / startup community.
