The Question of the KPMG Whistleblower

Jack Newsham of reported on March 4 that, KPMG’s Middendorf Says He Blew Whistle On PCAOB Leaks

Law360, New York (March 4, 2019, 9:38 PM EST) — A former KPMG partner on trial for an alleged conspiracy to steal inspection plans from the Public Company Accounting Oversight Board took the stand in his own defense Monday…

David Middendorf, 54, testified that he told his colleague Brian Sweet not to share a list of inspection targets he obtained in 2017 until he had the chance to talk to his boss. But Sweet, who took a plea deal and cooperated with the government, previously told jurors that Middendorf told him that same night the list was “too good not to use.”

According to Middendorf, he told his boss Scott Marcello about Sweet’s list on Feb. 7, 2017, the day after he learned about it.

He said others at KPMG whose views he respected were troubled by the revelation, and that he and Marcello told Sven Erik Holmes, a former federal judge and one of the vice chairs of the Big Four auditing firm, a few days later.

Middendorf said he subsequently volunteered to Mark Rubino, a KPMG lawyer investigating the matter, that he received a similar list in 2016.

“I told him … it was probably poor judgment on my part” not to have said anything at the time, Middendorf said.


If you’ve been around for a while, you may remember the last time I wrote about Judge Sven Holmes.

 Judge Sven Erik Holmes, who KPMG hired to provide support in its negotiations, admits that KPMG “obstructed”. He’d been telling client Audit Committees that the firm’s failure to produce documents was “intentional”.

Judge Holmes comments about his discussions with Audit Committees are telling. It was a form over substance strategy. According to Holmes, audit committees, rather than looking out for shareholders, were aligned with KPMG’s desire to keep the audit engagements as auditors in spite of a tax fraud charge. They were hoping there’d be no obstruction charge. A criminal indictment would force their hands and mean potential liability for directors if they didn’t immediately dump KPMG.

The timeline of who told whom what and when, this time around, is a bit more complicated than Middendorf describes.

I have reported at length on the contents of Exhibit N and Exhibit O, both of which were filed to the docket in un-redacted form in June 2018.

 “The auditor of Citi, Credit Suisse and Deutsche Bank was tipped off before regulatory inspection,” was published June 20, the great consternation of the SEC who did not want the companies’ names published. The court filing made June 8 by lawyers for two of the KPMG partner defendants identified the audit clients caught up in the scandal. They are some of the largest financial companies in the world, including Ambac Financial which was mentioned specifically in the new filing.

KPMG partners allegedly obtained regulatory inspection data about their rivals, too.

“KPMG won BBVA audit with stolen data about rival’s inspections,” was published June 21, 2018 and describes how Brian Sweet, a former PCAOB executive who joined KPMG as a partner, used his contacts at the PCAOB to obtain highly confidential data about the audits of BBVA and Banco Santander, which were audited by rival firms. A local partner in Spain used the information to prepare a successful bid for KPMG Spain to take over the BBVA audit.

Finally, “KPMG turned to Palantir to help predict which audits would be inspected,”  was published on June 26, 2018 and describes how in April 2015 KPMG signed a $250,000 contract with Palantir, contingent on a certain rate of success. The effort was led by another KPMG partner who was not named by the SEC or in the indictment and has not been charged by either.

Exhibit N, the Postal Inspector’s Report of its examination of evidence provided to the DOJ by KPMG, including phone and email records and other data collected during its internal investigation, includes a timeline of the last days of the scheme:

On or about February 3, 2017:

At approximately 12: 15 p.m., Holder called Jeffrey Wada. The call lasted 47 minutes.

At approximately 1 :03 p.m., Holder called Sweet. The call lasted 2 minute.

At approximately 1 :2 1 pm., Sweet called Holder. The call lasted 3 1 minutes.

At approximately 1 :53 p.m., Sweet called Whittle. The call lasted 8 minutes.

At approximately 2 :46 p.m., Sweet called Holder. The call lasted 1 1 minutes.

At approximately 3 :48, Sweet called a KPMG partner assigned to the Chemical

Financial engagements, one of the engagements that was to be inspected in 20 1 7.

The call lasted 8 minutes.

At approximately 3 :57 p.m., Sweet called Britt. The call lasted 27 seconds.

At approximately 5 :07 p.m., Holder called Sweet. The call lasted 23 minutes.

At approximately 7 :39 p.m., Britt called Sweet. The call lasted 26 minutes.


Thomas Whittle’s testimony in the UNITED STATES DISTRICT COURT



  1. 18 Cr. 0036(JPO)




On February 26, 2019

Beginning at 9:35 a.m.



From an official transcript of the testimony, this is an excerpt of direct examination of the witness for the government Thomas Whittle by Rebecca Mermelstein, Assistant United States Attorney:


RM: Let me now direct your attention to February 3rd of 2017. Did there come time that you received a phone call from Brian Sweet on that day?

Whittle: Yes.

RM: What, if anything, did he tell you?

Whittle: He told me that he had just received the final board approved list of 2017 PCAOB inspections.

RM: What was your reaction?

Whittle: I was — I was shocked.

RM: Why?

Whittle: This was information we had never gotten before. It was a complete list. It was — so it was certainly a much longer list than in the past. The audits were still in progress. And it was just shocking that he would be able to have obtained that information.

RM: Were you unhappy to receive that?

Whittle: I think I had mixed emotions. I was pleased to get it but certainly concerned about, you know, how we would be able to go about effecting changes on that scale.

RM: How did the list you received in February of 2017 compare to the preliminary list you had received in January of 2017?

Whittle: There were quite a few differences between them.

RM: How did you respond when Sweet provided you with the information?

Whittle: My response was that we should get in touch with Dave Middendorf and we should have a call to discuss the list.

RM: Did you in fact arrange a call?

Whittle: I asked Brian Sweet to arrange a call, which he did for the following Monday.

RM: When did the call take place?

RM: So February 6th of 2017?

Whittle: Correct…

Whittle: “February the 6th, approximately, you know, 8/8:30 at night. [ a conference call between Whittle, Middendorf, and Sweet) “the call where we discussed the final 2017 list….”

RM: Did anyone on the call suggest that KPMG’s receipt of confidential information should be reported to the PCAOB?

Whittle: No.

RM: Did anyone suggest that it should be reported to the SEC?

Whittle: No.

RM: Did anyone suggest that it should be reported internally at KPMG?

Whittle: No.

RM: Did anyone suggest that you shouldn’t have the information?

Whittle: No.

RM: Did anyone express hesitation in using the information?

Whittle: No.

RM: By the end of the call, was there a final plan about how to use the information?

Whittle: There was not a final plan. Mr. Middendorf said he wanted to think more about it and was — said that he was going to talk to Scott Marcello, the Vice Chair, about it…

RM: When was the next time you spoke to Mr. Middendorf?

Whittle: I believe it was that Wednesday that same week. [Feb 8]

RM: How did that come about?

Whittle: I was in my office and I could see Mr. Middendorf walking what I thought was with purpose towards my office. He came in, closed the door, sat down, and, excuse my language, but said,

“What the fuck is Brian Sweet doing? Why is he telling people thereon they’re being inspected?”

RM: What did he say about how he had come to understand that Brian Sweet told someone they were going to be inspected?

Whittle: He relayed to me that Diana Kunz, a partner in the Chicago office, had been contacted by Brian Sweet [on Feb 3] and was told she was on the final inspection list and she had become concerned about the receipt of confidential information and she discussed it with her business unit leadership, who then raised it to Laurie Mullen, who is a Regional Professional Practice Partner, who raised it up to Mr. Middendorf…

RM: What was your understanding about why Mr. Middendorf was upset to learn that Mr. Sweet had told an engagement partner that he or she would be inspected?

Whittle: That he was sharing that with others that we had confidential information about the upcoming inspections.

RM: What, if anything, did Mr. Middendorf tell you to do?

Whittle: He told me to call Mr. Sweet and tell him to stop telling engagement partners that they were on the inspection list…

RM: Were you upset to learn that Mr. Sweet was telling engagement partners they were on the list?

Whittle: Yes.

RM: Why?

Whittle: Because then we were caught. We were caught with having confidential information that wasn’t ours.

RM: Did you have the conversation with Mr. Sweet that Mr. Middendorf had told you to have?

Whittle: I did.

RM: Did there come a time when KPMG conducted an internal investigation into the possession of confidential PCAOB information?

Whittle: Yes.


On April 11, 2017, KPMG announced it has fired six employees, five partners and a director, including Scott Marcello, the head of its audit practice in the United States, who was not charged by the SEC or indicted, and Brian Sweet.

KPMG LLP, the audit, tax and advisory firm, today said that it had determined that six individuals in its Audit practice, including the head of the Audit Practice, four other partners and one employee, had violated the firm’s Code of Conduct and they are leaving the firm.

The firm learned in late February, from an internal source, that an individual who had joined KPMG from the PCAOB subsequently received confidential information from a then-employee of the PCAOB, and shared that information with other KPMG personnel. That information potentially undermined the integrity of the regulatory process.

KPMG immediately reported the situation to the PCAOB and the SEC, and retained outside counsel to investigate. The firm learned through the investigation that the six KPMG individuals either had improper advance warnings of engagements to be inspected by the PCAOB, or were aware that others had received such advance warnings and had failed to properly report the situation in a timely manner.

This issue does not impact any of the firm’s audit opinions or any client’s financial statements.