Update: KPMG: Whittle and Holder Plead Guilty

Update November 28, 2018:

On October 29 former KPMG partner Thomas Whittle,KPMG’s then-national partner-in-charge for inspections,  changed his plea, to guilty from not guilty on all five counts in the case of the alleged use of stolen confidential regulator information to subvert KPMG’s regulatory inspection process. Whittle is also now cooperating with prosecutors. Here’s what the judge told Whittle, based on the transcript to his elocution ordered from the court, about the potential for any reduced sentence based on any cooperation with prosecutors.

THE COURT: Have you entered into a plea agreement with the government?

THE DEFENDANT: Yes, I have, your Honor.

THE COURT: I have a copy of a plea agreement, it appears to be signed. Did you have a chance to sign this today?

THE DEFENDANT: Yes, I did, your Honor.

THE COURT: Before you signed it did you read it and discuss it with your lawyer?

THE DEFENDANT: Yes, I did, your Honor.

THE COURT: Do you feel you understand everything that’s in that agreement?



With respect to any assistance or cooperation I want to explain to you that it is up to the government to decide whether any cooperation or assistance has been helpful enough or productive enough for it to make a motion providing for a sentence below the guideline range of what would ordinarily be the guideline range or benchmark of a sentence when the Court considers a sentence, and even if the government does make such a motion, a 5K motion, it is up to me to decide whether to give any credit and what amount of credit is good for assistance or cooperation.

Do you understand that?

THE DEFENDANT: Yes, I do, your Honor.

Earlier in October Cynthia Holder also pleaded guilty to conspiracy to defraud the United States and to wire fraud. Brian Sweet was the first to plead guilty and cooperate with prosecutors, an action that supported many of the most colorful anecdotes in the original complaints.

That leaves David Middendorf, KPMG’s then-national managing partner for audit quality and professional practice, and David Britt, KPMG’s banking and capital markets group co-leader to defend themselves.

Middendorf, Britt and Jeffrey Wada, who never made it to KPMG from the PCAOB, are set to go to trial starting February 11.

Whittle’s guilty plea, based on the court transcript, leaves no question what he is admitting to and it implicates, in my opinion, the rest of the defendants, additional partners at KPMG and the firm itself.

THE COURT: Would you please tell me in your own words what you did that makes you believe that you are guilty of the charges in the indictment? And if would you like to read it, that’s fine, just please make sure you read it slowly and clearly so that I can hear it and that the court reporter can take it down.

THE DEFENDANT: Between approximately May 2015 and February 2017, I, along with other partners and employees at KPMG, including David Middendorf, David Britt, Brian Sweet, and Cynthia Holder, agreed to share and use confidential information from the PCAOB that we were not entitled to have.

We did so in order to try to improve the results of PCAOB inspections of KPMG audits. I knew that the results of those inspections were reported to the SEC. I also knew that the SEC used PCAOB inspection results to perform its governmental functions including overseeing and evaluating the performance of public companies and their auditors such as KPMG.

In connection with these actions, I and others used e-mail and telephones across state lines and did so on specific occasions in 2015, 2026, and 2017. Some of the conduct I described took place in Manhattan. I knew my actions were wrong at the time I took them.

Whittle faces a maximum total of 85 years in jail for the guilty plea for the five charges. He will be sentenced next September, after the trial and sentencing of any remaining defendants is completed and his cooperation is completed.

If you have been following the case against Paul Manafort brought by special prosecutor Robert Mueller case, you may have seen that he did something that I understand to be unprecedented but interesting in light of what has happened in the KPMG case. This PBS interview with former federal prosecutor Renato Mariotti says that prosecutors for special counsel Robert Mueller have accused Manafort of breaking his plea agreement and lying both to them and to the FBI “on a variety of subject matters.”

    • Judy Woodruff:

      President Trump’s former campaign chairman is in legal hot water again.

      In a court filing late Monday, prosecutors for special counsel Robert Mueller accused Paul Manafort of lying to them and to the FBI on a variety of subject matters. Manafort said in that same filing that he has provided truthful information. He was previously convicted on a number of criminal charges brought by Mueller. And, in September, he pleaded guilty to other crimes.

      In doing so, Manafort also agreed to cooperate with the special counsel’s team.

      Here now to help us digest this newest accusation is Renato Mariotti. He worked previously as a federal prosecutor focusing on white-collar crimes. He is now a defense attorney in private practice.

      Renato Mariotti, welcome back to the “NewsHour.”

      So, tell us, how unusual is this for a special counsel in a situation like this to have worked out a plea deal, but then to turn around and say, the defendant, the person we’re working with, has lied, and we think the plea deal is worthless now?

  • Renato Mariotti:

    It is extremely unusual, Judy.

    In my almost decade as a former federal prosecutor, when I was in that job, I had never gone to the step of having a cooperation deal fall apart and having to go to the judge and make a statement like this.

    And I will tell you, I worked in a very large office in Chicago with well over 100 other prosecutors. And I don’t recall that ever happening during the almost decade that I was doing it. So it’s very, very unusual situation, because, typically, coordinators want to be on the government’s team. That’s why they sign the deal.

    There are huge incentives for them to be truthful, to tell the government everything that they know. That is what they are instructed by the prosecutors and by the FBI agents.

    And, on the other side, the prosecutors are trying to work with the cooperator. They want their testimony. They want their information. So, typically, there is not this sort of falling apart to this level. It’s something that is really hard to get your head around.

A legal expert close to the KPMG case told me that the three legacy KPMG partners, while not having a formal written “joint defense agreement” did have an informal “common interests” cooperative agreement that allowed them to coordinate their defense, an effort which is now being paid for by KPMG. Whittle’s guilty plea would ordinarily mean that his attorney’s courtesy conversations with the other legacy KPMG attorneys would cease.

Certainly Whittle should also avoid following Manafort’s example of lying to prosecutors now or sharing his conversations with prosecutors with his former KPMG colleagues or their lawyers or he will, at age 55, end up serving the rest of his useful life in prison.

Update April 8, 2018:

What’s happening now?

No word from SEC on sanctions against KPMG or any other professionals, including the head of the KPMG audit practice who was also fired, Scott Marcello.

The KPMG and PCAOB professionals who were criminally charged appeared in court last week. KPMG is paying the legal fees for three of them.

Some of you may recall that KPMG learned a hard lesson when it pulled support for legal fees from several of its partners during its 2005 tax fraud scandal.


On January 22, the SEC and Department of Justice announced civil and criminal charges against five former KPMG executives —two of whom had previously been working for the PCAOB—and one more former PCAOB professional who didn’t make it to the promised land before the jig was up.

About a week after the initial story hit last April, I wrote, “KPMG Takes Its Turn With a Big 4 -Sized Scandal.”

At that time I rounded up the coverage including highlighting the initial scoop that broke the story at the Wall Street Journal.  I also wrote that it was quite odd that KPMG was so sure that the whole mess had not affected the integrity of any audits.

KPMG also says, “This issue does not impact any of the firm’s audit opinions or any client’s financial statements.”

I find that odd,  unless all of the terminated partners were leadership/national office partners, currently not assigned to lead engagements.  The two names revealed so far—Scott Marcello, the head of the United States audit practice and David Middendorf head of of the national office— do not appear to have been assigned as lead partners on any audits for 2016, based on the new PCAOB engagement partner database.

If that is the case, these non-client facing partners could still impact audit opinions or financial statements because they, perhaps, used the inspection information not directly for their own personal benefit but to warn or advise engagement teams to backdate workpapers, clean up files or otherwise cover up audit failures before the PCAOB caught them.The PCAOB says that when a firm does not provide sufficient evidence to support its audit opinion, then the opinion should not have been issued at all.

That would be an audit failure in my book.

The original WSJ article did not speculate about the civil, criminal or professional penalties that could be imposed by the SEC, PCAOB or the Department of Justice. About a week later I wrote here, “More on KPMG and the Precedents for Possible Punishment,” speculating on the possible charges and making the case for criminal charges.

I thought the KPMG case was eerily similar to another recent one. That case resulted in a trial for the perpetrator and significant fines for the firm that allowed stolen regulatory information to be used inappropriately by its employees.

If you are surprised by my mention of potential criminal penalties you should not be. This case mirrors the 2014 case where a junior Federal Reserve Bank of New York employee leaked “a regulatory gold mine,” according to a New York Times article, to a junior Goldman employee who was a former New York Fed employee himself.

What are they teaching—or not teaching— in the universities these days?

According to a NY Times report, the Fed said the confidential information stolen included reports of bank examinations and other “confidential reports prepared by banking regulators.” Goldman Sachs, the Fed said, illegally used the information in presentations to current and prospective clients “in an effort to solicit business.”

Goldman Sachs, like KPMG, not the New York Fed, or the PCAOB in this case, uncovered the leak. Goldman fired the recipient of the leaked info and an executive who supervised him who they said had “failed to properly escalate” the problem. The New York Fed fired the leaker employee and notified law enforcement agencies.

Rohit Bansal, the Goldman Sachs employee who prosecutors say instigated the theft by his friend Jason Gross, the NY Fed employee, pleaded guilty to a misdemeanor for obtaining about 35 documents on about 20 occasions from his partner in crime. Bansal escaped a jail sentence but was sentenced to two years probation, 300 hours of community service and a $5,000 fine. Gross pleaded guilty to a misdemeanor and was sentenced to a year’s probation.

Goldman paid a $50 million penalty to New York State regulators because its “management failed to effectively supervise” and paid another $36.3 million to the Federal Reserve Board, the central bank authority, because it is “illegal to use or disclose confidential supervisory information without prior approval.”

Joseph Jiampietro, the former managing director at Goldman Sachs’ investment banking division and Bansal’s supervisor, sued Goldman Sachs for failing to pay at least $350,000 in legal fees he incurred defending himself.

My colleagues at the WSJ followed up in April with a profile of “straight out of central casting,” and “the exact opposite of flashy,” Scott Marcello, the head of KPMG’s US audit practice. He was fired in April along with his deputy David Middendorf, three more partners, and a staff person, according to a statement at the time from KPMG.

KPMG said in the statement, “The firm learned through the investigation that the six KPMG individuals either had improper advance warnings of engagements to be inspected by the PCAOB, or were aware that others had received such advance warnings and had failed to properly report the situation in a timely manner.”

Six means Marcello, too. However, when the SEC and DOJ charges were made public on January 22, Marcello’s name was nowhere to be found. There was no mention of any sanctions or charges against KPMG the firm, either.

KPMG clients whose audits were reviewed and revised by KPMG partners based on use of the stolen inspection data —the DOJ said at least seven banks were affected —were not named, despite some pretty detailed descriptions of them and how the integrity of their audits and the regulatory process had allegedly been undermined.

The Wall Street Journal’s Dave Michaels asked the SEC on a press call that day about Marcello. Another reporter asked about charges against KPMG.  I asked about inherent contradiction of alleging KPMG’s audit leadership, its process and several audits were severely compromised but yet the companies and investors could still trust KPMG and their audit opinions.

But the SEC lead enforcement attorney, Steve Peikin, would only say that the SEC’s Chief Accountant had given his blessing on the audits and that the investigation was ongoing so additional individuals or entities could still be charged.

We did find out the rationale for the criminal charges from the DOJ complaint—a conspiracy—and the names of the rest of those fired from KPMG and the name of another person who had been fired from the PCAOB but had never made it to a job at KPMG in return for allegedly selling secrets.

I wrote for MarketWatch on January 23 that the, “KPMG indictment suggests many who weren’t charged knew regulator data was stolen.”

That is, the SEC and DOJ complaints implied a whole lot more folks at KPMG, “either had improper advance warnings of engagements to be inspected by the PCAOB, or were aware that others had received such advance warnings and had failed to properly report the situation,” as KPMG described the problem in its April statement.

The alleged scheme required a joint effort by the named defendants but also the complicity of others in the firm, including partners referred to in the DOJ complaint as Partner-1, Partner-2, Partner-3 and Partner-4 who were explicitly told by Sweet that their audits would be inspected before that formal announcement came from the PCAOB and used that information to fix audits ahead of those inspections, including audits at seven KPMG bank clients.

In addition to sharing the 2015 list of PCAOB inspections at KPMG with Middendorf, Whittle and Britt, Sweet also told at least one KPMG engagement partner who had not yet received notification from the PCAOB that the partner’s engagement would be subject to inspection, according to the Justice Department. He also showed a 2015 PCAOB inspection planning spreadsheet to additional KPMG partners, using it to explain why the PCAOB had selected certain audits for inspection.

On Feb. 3, 2017, at Whittle’s direction, Sweet notified several additional partners that their engagements would be inspected, the Justice Department said.

It wasn’t until early 2017 that another KPMG professional, Partner-5, reported the scheme to his superiors and then to the firm’s general counsel, who reported the misconduct to the regulators, according to the DOJ.

KPMG had been right, back in April, that no regulator would be willing to add stress to the financial system by suggesting there may be criminal or other serious charges against KPMG or would likely do anything to shake clients’ confidence or investors’ confidence in its audits just because the top tier of its audit practice were fired and now indicted for sharing confidential information that “potentially undermined the integrity of the regulatory process.”

The SEC’s Chairman Jay Clayton immediately put out a statement meant to assuage any panicked dropping of KPMG by clients or concern in the market about tainted or late audits.

Based on discussions with the SEC staff, I do not believe that today’s actions against these six individuals will adversely affect the ability of SEC registrants to continue to use audit reports issued by KPMG in filings with the Commission or for investors to rely upon those required reports. I do not expect that these actions will adversely affect the orderly flow of financial information to investors and the U.S. capital markets, including the filing of audited financial statements with the Commission.

In my story in MarketWatch, Lynn Turner, a former SEC Chief Accountant, said he’s skeptical.

Former SEC Chief Accountant Lynn Turner is not convinced KPMG’s audits should still be relied upon. “This episode raises a serious question about the culture of the KPMG firm.  Under the circumstances, how can the SEC expect investors to trust KPMG’s audits?” asked Turner.

“I’m not convinced the SEC has done enough to ascertain that these KPMG audits, especially the seven bank audits, are credible and will be credible in the future,” Turner told MarketWatch in an interview.

Based on the details about one client provided in the DOJ indictment, I identified one of the clients with 99.999999% certainty.  Why not 100% certainty?  Because neither KPMG nor the client would respond to my request to either confirm or tell me no, definitively.

Why Ambac was one of the KPMG clients that got a second look after inspection tip-off

Could that be because KPMG hasn’t told the affected clients and their audit committees why their audits were reviewed and, in some cases, revised after the allowed documentation period or even after the 10K was filed? In the Ambac case KPMG forced an amended 10K to be filed because it decided to withdraw its ICFR opinion as a result, I wrote, of the stolen second-look. I also suspect there are many more partners who used the tip-offs to clean up their audits and are still employed and still signing those audits.

Then, on Friday June 15, while reviewing the court docket for 1:18-cr-00036 USA v. Middendorf, et al, I found an unredacted document, filed publicly by two different defense attorneys, that names the KPMG clients, and responsible partners, along with the secret consulting firm that aided KPMG’s efforts that are referred to in the criminal indictment made public on January 22 of five former KPMG executives and one former regulator for allegedly taking advantage of advance notice of regulator inspections.

Read more about that here:  New Stories about the KPMG-PCAOB Scandal