Wirecard case

The story of Wirecard is one of the most striking corporate scandals in recent financial history. It shook not only Germany’s business community but also global markets. Founded in 1999 near Munich, Wirecard emerged as a promising player in European fintech. It started as a payment processor for online gambling and adult sites. Then it rapidly expanded into digital payments, offered prepaid cards, and acquired subsidiaries across Asia. By 2018, it had entered Germany’s prestigious DAX 30 index, marking its status as one of the country’s most valuable public companies. For many, Wirecard seemed to represent the future of cashless transactions in a digital economy. Yet beneath this impressive facade, a complex fraud was quietly unfolding.

The heart of the Wirecard scandal involved billions of euros in supposedly held cash that did not exist. For years, the company reported explosive growth and profits, much of it reportedly driven by partnerships and operations in Asia, namely the Philippines. Critics and investigative journalists, especially from the Financial Times, repeatedly raised concerns about irregularities in the firm’s accounts. Wirecard’s leadership dismissed these claims as attacks from short sellers, and German regulators often supported the company. The turning point came in June 2020 when Wirecard admitted that €1.9 billion, reported as held in trustee accounts in the Philippines, could not be found. Within days, CEO Markus Braun resigned, COO Jan Marsalek disappeared, and the company filed for insolvency. What had once been celebrated as a national champion of German innovation was exposed as one of the largest corporate frauds Europe had ever seen.

To grasp the magnitude of Wirecard’s collapse, it helps to look at the case from different angles. Briefly, from a legal standpoint, Wirecard shows the failures of regulatory oversight and the potential liabilities of executives, auditors, and watchdogs who allowed the fraud to happen. The behavioral perspective highlights the psychology of fraud - how ambition, arrogance, and denial blinded decision-makers and let questionable practices grow into systemic deception. The financial view examines how inflated balance sheets, fake revenues, and misplaced investor trust created an illusion of stability and growth while hiding deep structural weaknesses. Finally, the cybersecurity perspective reveals how technology acted both as a tool and a cover. While it enabled payment innovations, it also obscured the flow of funds and created a false sense of security around the company’s digital operations.

The Wirecard case is not just about missing money; it serves as a warning about how unchecked ambition, poor oversight, and misplaced trust can undermine even the most promising companies. It offers valuable lessons for the fields of law, psychology, finance, and technology.

Legal standpoint

In the December 2022 Trial, Munich Regional Court found Wirecard CEO Markus Braun, COO Jan Marsalek and several other officials, liable for breaches of fiduciary duties. These breaches constituted violations of the duty of care and business judgment rules under German Stock Corporation Act (AktG). They were ordered to pay EUR 140 million in damages related to negligent decisions such as granting an unsecured loan of EUR 100 million and subscribing to bonds without standard due diligence.They also ruled that shareholders, who were deceived by falsified financial reports in Wirecard, are entitled to compensation and should not be treated as subordinated creditors in insolvency procedure. 

However, there were legal challenges. Firstly, not all associates were charged. Members of the supervisory board were not held liable. The Court acknowledged that the supervisory board had supervisory duty breaches, but said that it was uncertain whether any actions or measures taken by the supervisory board could have effectively prevented the granting of the unsecured loan and the subscription to the bonds that caused losses. Additionally, the liability and the compensation owed to shareholders extends to personal assets but may not be covered by Wirecard’s managerial liability insurance, since they usually do not cover intentional criminal acts. 

EY was not held liable throughout the trials. Court ruled that while EY was negligent, the liability lies upon the executives of Wirecard. However, EY was banned from auditing public entities in Germany for two years over its failures as the auditor of Wirecard. They were also

fined €500,000 and smaller fines ,between €23,000 and €300,000, were issued to five individual auditors at the firm. The auditing ban applied to newer rather than existing auditing mandates.

Implications: The judgement strengthens the rights of shareholders relying on accurate financial information and places greater responsibility on companies to ensure transparency and avoid accounting fraud. The Wirecard case serves as a prime example of legal and regulatory challenges when dealing with major financial frauds. Commenting on the case, European Securities and Markets Authority (ESMA) advocated for more autonomy for Germany's markets regulator (BaFin) and the country's accounting watchdog the Financial Reporting Enforcement Panel (FREP). It claimed a high risk of influence from the Federal government, impacting the frequency and detailing of the report. Furthermore, there were deficiencies even though BaFin and FREP had adequate resources, though confidentiality requirements prevented them from sharing information. This necessitates the need for stronger legal frameworks, stronger shareholder protection, and more rigorous supervisory practices across the EU and Germany to prevent similar scandals. 

In summary, the Wirecard case has resulted in substantial legal consequences for involved individuals, reinforced shareholder protection in insolvency contexts, protection of whistleblowers, mitigation of supervisory and auditing failures, and instigated broader calls for systemic reforms to financial market oversight in Germany and the EU.

Behavioral standpoint

The behavioral aspects of corporate fraud provide a useful framework for understanding the Wirecard scandal. The fraud triangle, which highlights pressure, opportunity, and rationalization as the primary facilitators of misconduct, is a helpful place to start. Pressure on Wirecard came from the company's quick rise and the ongoing demand for rapid expansion. After growing from a tiny fintech company in 1999 to a company listed on Germany's DAX index by 2018, Wirecard came under intense scrutiny from regulators and investors. Executives who are subjected to high performance standards are more likely to manipulate results, according to research on accounting fraud. This dynamic was evident in Wirecard's leadership (Dorminey et al., 2012 and Lokanan, 2018).

Opportunities were created by the structure's flaws. Regulatory oversight had blind spots because Wirecard operated in a field that combined financial services and technology. BaFin, Germany's financial regulator, often treated the company more like a tech company than a bank, so many of its operations were not closely monitored. Due to this oversight gap and the company's reliance on unreliable third-party partners in Asia and the Middle East, it was extremely difficult for outsiders to verify revenues or cash balances. Studies on fraud in similar contexts show that complexity and insufficient supervision encourage dishonesty (Free and Murphy, 2015).

Another important factor was rationalization. Executives were able to defend dubious practices as a component of a greater goal by portraying Wirecard as a national champion that could compete with the giants of American and Chinese payments. People rarely see themselves as criminals; instead, they frame misconduct as necessary or even advantageous, according to research on fraud psychology (Murphy and Free, 2016). While COO Jan Marsalek fostered an air of competence and secrecy, Wirecard CEO Markus Braun positioned himself as a visionary leader spearheading innovation for Germany. According to behavioral fraud models, both individuals seemed to rationalize their actions by arguing that the goals outweighed the means.

Beyond the triangle, more recent frameworks that emphasize the roles of capability and arrogance include the fraud pentagon and hexagon. The executives at Wirecard had both. While Marsalek was renowned for his charm and secrecy, which helped him manage relationships with regulators and business partners, Braun was extremely talented, possessing deep technical knowledge and strong networks in politics and finance. According to scholars, fraud of this magnitude necessitates not only opportunity but also the ability to take advantage of vulnerabilities and the confidence to think one can avoid detection (Marks and Melville, 2012). Both qualities were demonstrated by Wirecard's leadership.

These behavioral risks were exacerbated by the company's culture. The perils of settings where power is unbridled and dissent is repressed are highlighted by research on organizational misconduct (Sutherland, 1983 and Cressey, 1953). Because of its insular culture, Wirecard was notorious for dismissing criticism from journalists, whistleblowers, and even auditors as an attack from foreign competitors or short sellers. The board and management promoted a culture of defensiveness and denial rather than openness. Even the company's longtime auditor, Ernst & Young, frequently accepted accounts in spite of warning signs, which strengthened the lax atmosphere that allowed misconduct to become accepted.

Additionally, the key actors' demographics match trends found in fraud research. Older, more seasoned executives at the top of companies who have the power and expertise to manipulate systems are frequently responsible for large-scale corporate fraud (Baucus, 1994). Marsalek, despite being younger, had enormous operational control as COO, while Braun, who was born in 1969, had decades of experience in technology and finance. They had the resources and credibility to execute the deception because of their seniority, networks, and reputational capital.

When considered collectively, Wirecard's behavioral features show a recognizable yet risky trend. One of the biggest corporate frauds in European history was maintained by a combination of capability, arrogance, and a permissive culture, as well as by intense pressure to perform, inadequate oversight, and persuasive justifications. Wirecard serves as a reminder that fraud is not just about numbers but also about people, culture, and the narratives they tell themselves. It is by no means an isolated failure, but rather a prime example of the behavioral dynamics outlined in decades of fraud scholarship.

Financial standpoint

The financial dimension of the Wirecard scandal underscores how fabricated accounts can destabilize markets and erode trust in corporate governance. At its peak, Wirecard’s market capitalization exceeded €24 billion, briefly surpassing that of Deutsche Bank and earning the company a place in Germany’s DAX 30 index (Engelen, 2021). Investors and analysts celebrated it as Europe’s fintech champion, but this image rested on systematically falsified balance sheets and revenues.

A cornerstone of the deception was the reporting of €1.9 billion in cash held in trustee accounts in Asia, balances that never existed (Dameshi, 2025). These fictitious reserves made Wirecard appear highly liquid and profitable, allowing it to raise debt and equity on favorable terms. By overstating assets and revenues, the company secured loans and bond issuances, exposing banks and institutional investors to significant credit risk (Betz and Kim, 2021). When the fraud collapsed in June 2020, Wirecard filed for insolvency, leaving creditors with billions in unrecoverable claims and shareholders with near-total losses as the stock plummeted from over €100 to less than €2 (Taub, 2023).

Auditing failures magnified the damage. Ernst & Young, Wirecard’s auditor for over a decade, signed off on its accounts despite repeated red flags, including unverifiable overseas operations and opaque third-party partnerships (Boyer, Pannese and Iannone, 2023; Storbeck, 2024). According to Möllers (2021), the scandal exposed structural weaknesses in Germany’s financial oversight, where BaFin treated Wirecard more as a technology firm than a financial institution. This regulatory gap, combined with aggressive defenses against critics, delayed exposure and amplified investor losses.

The broader financial impact extended beyond Wirecard’s stakeholders. The scandal undermined confidence in the integrity of the DAX index and raised concerns about the reliability of Germany’s audit and regulatory system (Dunn, 2021; Jo et al., 2021). Löw and Heyd (2024) emphasize that Wirecard’s flawed business model, heavily reliant on unverifiable third-party acquirers, should have prompted greater scrutiny earlier. Instead, the persistence of manipulated accounts distorted capital allocation, diverted investments, and eroded trust in European capital markets.

Wirecard’s collapse illustrates how financial fraud operates as a systemic risk rather than an isolated failure. Inflated balance sheets and falsified revenues not only misled investors but also destabilized creditor relationships and tarnished Germany’s reputation as a stable financial hub. As Zeranski and Sancak (2020) argue, the case highlights the vulnerabilities inherent in fintech firms that operate across regulatory blind spots. More broadly, it shows how unchecked growth narratives, weak oversight, and compromised auditing can create cascading effects across markets, leaving long-term scars on financial governance.

Cybersecurity Standpoint

In addition to the financial accusations that brought down Wirecard, there was a sinister, darker security program that came to light, one that involved coordinated hacking attacks and counter-surveillance operations designed to discredit and intimidate its most vocal critics. A 2020 report published by Citizen Lab found that one of the hack-for-hire groups identified as Dark Basin had been attacking journalists, short sellers, whistleblowers, and investment funds critical of Wirecard. They included highly targeted phishing e-mails, which were sent nearly every day over the course of months, designed to harvest log-in credentials. The campaigns were attributed to the Indian firm BellTroX InfoTech Services by the researchers (Citizen Lab, 2020).

Concurrently, a court suit filed in March 2023 revealed the physical side of the company's defense gear. According to the lawsuit, Wirecard hired major law firms like Jones Day and investigation agencies like Kroll to orchestrate an intimidation campaign. According to The Guardian, one of the most striking examples involved researcher Matthew Earl, who was followed by a black car parked outside his home; two men arrived to deliver a letter in person that was described as "targeted and intimidating." The claim also refers to hacking into communications, sophisticated mobile interception methods, and the deployment of hidden cameras, all part of a larger campaign of undermining the credibility of those examining the company (The Guardian, 2023).

This dual strategy, digital and physical, entailed a vision of cybersecurity that reached far beyond the bounds of what was reasonably conceivable as legitimate corporate defense. In the process of hiring mercenary hackers on one side and surveillance operatives on the other, Wirecard appeared more intent upon controlling narratives and silencing dissent than upon guarding its own systems.

This paper was made possible thanks to a multidisciplinary team:

Behavioral insights from Aleksandra Kostanecka, legal analysis by Siddhanth Achanta, financial research by Mateo Culic, and cybersecurity expertise from Salvatore Lorito.

Bibliography:

Baucus, M. S. (1994). Pressure, opportunity and predisposition: A multivariate model of corporate illegality. Journal of Management, 20(4), 699-721

Cressey, D. R. (1953). Other people's money; a study of the social psychology of embezzlement.

Citizen Lab. (2020, June 9). Dark Basin: Uncovering a massive hack-for-hire operation. The Citizen Lab, Munk School of Global Affairs & Public Policy, University of Toronto. https://citizenlab.ca/2020/06/dark-basin-uncovering-a-massive-hack-for-hire-operation/

Dorminey, J., Fleming, A. S., Kranacher, M. J., & Riley Jr, R. A. (2012). The evolution of fraud theory. Issues in accounting education, 27(2), 555-579.

Free, C., & Murphy, P. R. (2015). The ties that bind: The decision to co‐offend in fraud. Contemporary Accounting Research, 32(1), 18-54.

Lokanan, M. (2018). Theorizing financial crimes as moral actions. European Accounting Review, 27(5), 901-938.

Marks, G., & Melville, D. (2012). The evolution of fraud and anti-fraud activity in local authorities. Public service reform in the UK: revolutionary or evolutionary, 75.

Murphy, P. R., & Free, C. (2016). Broadening the fraud triangle: Instrumental climate and fraud. Behavioral Research in Accounting, 28(1), 41-56.

Sutherland, E. H. (1983). White collar crime: The uncut version. Yale University Press.

The Guardian. (2023, March 4). Covert cameras, alleged hacking: How bust payments company Wirecard hired spies and lawyers to silence critics. The Guardian. https://www.theguardian.com/business/2023/mar/04/covert-cameras-alleged-hacking-how-bust-payments-company-wirecard-hired-spies-lawyers-silence-critics

Betz, F. and Kim, M. (2021). Economic Regulation and Corporate Governance: The Case of Wirecard. Modern Economy, 12(9), 1386-1423.

Boyer, B., Pannese, D.A. and Iannone, P.N. (2023). Wirecard and potential US audit issues.

Dameshi, P. (2025). Germany was shaken by the collapse of its financial technology pride, Wirecard AG, following revelations of a €1.9 billion accounting black hole. LinkedIn.

Dunn, G. (2021). Consequences of Wirecard Scandal: New Requirements for Corporate Governance and Audit of German Listed Companies. Gibson Dunn.

Engelen, K.C. (2021). Germany’s Wirecard scandal. The International Economy, 35(1), 9-12.

Jo, H., Hsu, A., Llanos-Popolizio, R. and Vergara-Vega, J. (2021). Corporate governance and financial fraud of Wirecard. European Journal of Business and Management Research, 6(2), 96-106.

Löw, E. and Heyd, R. (2024). Wirecard Business Model. In: The Audit Failures of the Wirecard Scandal. Cham: Palgrave Macmillan.

Möllers, T.M. (2021). The Wirecard accounting scandal in Germany, and how the financial industry failed to spot it. The International Lawyer, 54(3), 325-360.

Storbeck, O. (2024). German watchdog finds EY’s Wirecard audits grossly negligent. Financial Times.

Taub, B. (2023). How the Biggest Fraud in German History Unravelled. The New Yorker.

Zeranski, S. and Sancak, I.E. (2020). Does the ‘Wirecard AG’ Case Address FinTech Crises? SSRN Electronic Journal.

The Wirecard Scandal: What Needs to Change” 2020. CEPR

Reuters. 2025. “German Court Says EY Not Liable for Damages in Wirecard Lawsuit.” 

Paola, Lucantoni, Tommaso Candidate, Orlandi, Advisor Prof, and Pellegrini. 2020. “Chair of Market Law and Regulation the Wirecard Case: Challenges for German and European Supervision.”‌

Osma, Beatriz, Ana Gisbert, and Begoña Navallas. 2020. What are the wider supervisory implications of the Wirecard case? Public Oversight Systems for Statutory Auditors in the EU

‌