How did EU regulators miss the FTX horror story?

The more information comes to light following the bankruptcy filing of FTX on November 11, the more bizarre it seems that it was ever regarded as a serious financial institution.

Rostin Behnam, head of the US Commodity Futures Trading Commission, has argued that his agency lacked the legislation needed to block FTX’s acquisition of US post-trade firm LedgerX. But in the European Union, there was certainly an opportunity to prevent FTX gaining access to customers.

In March 2022, the Bahamas-headquartered crypto exchange group bought K-DNA, a firm supervised by the Cyprus Securities and Exchange Commission (CySec) under the second Markets in Financial Instruments Directive (Mifid II). CySec spent six months deciding whether to roll over that Mifid licence for the new owner – and then approved it just weeks before FTX collapsed.

CySec emphasises that the notification of the proposed acquisition of K-DNA was processed in strict accordance with Mifid II and other EU and national regulations, and that these rules were correctly implemented and enforced.

Under Mifid II, there are several key tests FTX had to pass to hold onto its newly acquired licence. First, acquirers must submit balance sheet and income statements from the previous three financial periods (in this case, presumably, the second half of 2021 and the first quarter of 2022).

CySec confirmed to Risk.net it did receive balance sheet information from the company. Only the regulator knows what that information looked like.

But a December 13 indictment issued by the US Securities and Exchange Commission accuses FTX of having cooked the books since the very beginning of the crypto exchange’s existence in 2019, commingling customer assets with those of proprietary trading firm Alameda, which was owned by the same man – Sam Bankman-Fried – now under arrest for fraud.

“It is optimistic to expect authorisation specialists to interrogate that information with a view to uncovering fraud,” says Harry Eddis, a partner at law firm Linklaters. Since FTX took steps to conceal the fraud – according to the SEC – it would be difficult for the untrained eye to have spotted it as part of a standard licensing procedure.

However, there were other warning signs with FTX’s financial records, as highlighted by the new chief executive. Veteran bankruptcy expert John Ray has stated in a declaration dated November 17 that he doesn’t trust the existing accounts for FTX.com – which was the parent of K-DNA.

The auditor of the consolidated financial statement for the period ending December 2021 was Prager Metis, which considers itself a “top 40” accounting firm, according to this press release, with a headquarters apparently in the “metaverse”. An unlikely candidate to audit a multinational financial corporation with more than 100 legal entities spread across the globe.

The Financial Times managed to acquire a copy of FTX’s balance sheet dated November 10 – the day before it sought bankruptcy protection. This wouldn’t have been presented to CySec, but if the information the Cypriot regulator received was of any similar quality, then the Mifid application should have been thrown in the trash. Entirely in Excel, the balance sheet contains warnings that values are “rough” and could be “slightly off”. It also warns: “there is also obviously a chance of typos.”

There’s another test for those seeking approval to retain a Mifid licence following an acquisition – regulators can scrutinise the responsible executives at the parent company. Leaving aside Bankman-Fried, whose previous experience was as a junior trader at Jane Street, chief regulatory officer Daniel Friedberg had a particularly troubling past. He had been an attorney at Ultimate Bet, a digital gambling company that was found by a US court to have defrauded millions from players by allowing preferred participants to look at opponents’ cards in games of online poker.

Then there’s Gary Wang, former chief technology officer, who was so elusive, the only picture of him online (on the website of FTX seed investor Sequoia Capital) showed the back of his head. Wang is now at the centre of allegations that FTX systems were coded to divert customer funds to Alameda, and potentially to hack the exchange to extract further funds as it was being placed into bankruptcy.

Perhaps CySec lacked the resources to get accurate answers that might have shed light on the true nature of FTX. But European investors who lost money on the exchange – in the double-digit millions, according to a regulator’s testimony given at the European Parliament in November – will want to know whether the necessary questions were asked in the first place.