Lol the biggest loser here is the ad tech company that was used to validate the entirely generated emails and somehow gave JPMC the belief that the emails matched in the DB. Get fucking rekt.
>> A prosecutor, Micah Fergenson, though, said JPMorgan “didn’t get a functioning business” in exchange for its investment. “They acquired a crime scene.”
I do not understand how an acquisition this big got thru due diligence without noticing all the fake users. Anyone in corporate M&A know if it is normal to spend this much money without inspecting the goods? Seems like the most basic of OLAP queries and two days of effort would reveal very suspicious userbase.
I'm sure there are those that have had different experiences, but I've been party to several M&A due diligence exercises (including >$1B) at a large financial and there is *tremendous* pressure (on both sides) to move quietly (MNPI baby), quickly and not destroy your relationship with the acquired entity in the process. The business wants the sale to close, you're looking for issues that could be leveraged in the deal and/or actual show-stoppers. The interactions are clumsy as they are managed through third party portals that keep the data locked down and in escrow. The sell-side entity still has every right to protect their intellectual property until it's parceled in a contract, so you're not going to get access to shit (unless they are stupid I suppose). It's going to be in an audit-like situation where you are going to ask someone for samples (which obviously can be groomed) or doing screen shares and taking screenshots or similar.
The fact that the acquirer is large is somewhat immaterial, the teams 'under the tent' doing the investigation are going to be relatively small on both sides, including folks from the business trying to close the sale, internal/external counsel and singular SMEs from relevant domains.
I've been involved in a lot of due diligence efforts, from the tech side but I've seen all angles of it as the deals are often fast and intense and the various teams have to often coordinate to a degree (tech, legal, financial, tax, etc).
It is fairly common for the people initiating the acquisition to really want to close it in a hurry, and they do due diligence only as a check mark in someone's list. As someone else here mentioned, there is enormous pressure to close, and any red flags are often redirected, reworded, or even occasionally just squashed.
The further away a company is from something like private equity, who does acquisitions like we eat breakfast every day, the more likely you are to see rushed and potentially botched due diligence. Someone like a big bank may well have the main proponent not know anything at all about acquisitions or due diligence, and just wants to "get 'er done".
It is also very common for people to come in after-the-fact and do a second diligence, and while doing that diligence to hear one or more people opening the conversation with "I warned them about this before the acquisition...".
At the end of the day, particularly in a big public corp, people are focused on their bonuses and total comp, and people like that aren't going into a due diligence looking for red flags and "no's".
I remember when HP announced their plan to acquire Autonomy. I was very familiar with their tech and their status in the industry at the time and knew they were approaching irrelevance with no chance to boost sales of anything. They completed the deal anyway, which was followed by HP firing their CEO, lawsuits for misrepresenting their financial status and a complete writedown of the total acquisition cost. It seemed so obvious to me and my colleagues were doing integrations and software procurement and yet HP was completely blinded by everything besides their fabricated balance sheet.
I'm involved with a company taking some investment from the outside. We're really just sending them copies of our documents and data.
IF someone chose to blatantly lie on that paperwork (we're not), I'm not sure how much they could spot.
In the meantime this outside group isn't querying out DB that's for sure, but even then in the example of this case, they actually generated fake user data and records.
I'm not saying you're wrong generally, but I think a lot of due diligence really does trust that someone wouldn't blatantly fake ... everything.
This. Why bother going through DD properly if you can just sue the seller later if it turns out everything isn't what you expected?
I get that this is about the seller lying during the sale process, which is appropriate imho, you shouldn't be able to just lie about stuff like this. But it's the DD team's job to spot this stuff, that's what DD is all about. I notice the judge criticised the bank as well, which is a step in the right direction.
I've been part of due diligence from both sides of the table both in investment situations and cases of M&A activity. You're not really set up to detect out and out fraud like this. For one thing there might be a limited subset of data you really have access to (eg in this type of situation they may not have been in a position to see all the row level customer records before signing because they were competing for business in those customer segments so it is reasonable to restrict access. You might get aggregate data that looks sane and have to go on that for instance.
Secondly you may not actually have the time needed to check things out properly. There's often deadline pressure where the deal has to complete by a certain date or it triggers break clauses or some other party gets a right of refusal or whatever so often the clock runs out even if you would otherwise be able to do the analysis.
- a fraction of the board gets all gung ho on buying something
- board-1 gets marching orders to do due diligence. those people are typically aware of the sentiment in the board. they delegate to their underlings and share what they think the board wants,
- if you say no, you are guaranteed to upset one of your bosses. if you say yes, its typically a positive (your boss is happy),
- most M&As are typically bad ideas. Its typically nobody's fault when the thing is written off by the next management and nobody seems to mind that much. People who waved through the due dilligence are proper executives by then and the cycle continues.
Incentives are mis-aligned, and on top of this there is usually (a) not a lot of time and (b) a veil of secrecy. Missing those fake emails does not surprise me.
I'm not surprised. Was part of an acquisition by a large F100 company. There were some "interesting" accounting calculations that we discovered 2 years after.
My favorite thing about this case is how she bragged to her lead engineer she wouldn't go to prison, "“Don’t worry — I don’t want to end up in an orange jumpsuit" when she was trying to convince the engineer to fabricate their user data.
From the complaint:
> In particular, CC-1 and JAVICE asked Engineer-1 to supplement a list of Frank’s website visitors with additional data fields containing synthetic data.
> Engineer-1 was uncomfortable with the request and stated, in sum and substance,
“I don’t want to do anything illegal.” JAVICE and CC-1 claimed to Engineer-1 that it was legal. JAVICE stated to Engineer-1, in sum and substance, “We don’t want to end up in orange jumpsuits.” Engineer-1 declined the request from JAVICE and CC-1.
> shortly after Engineer-1 had declined the request to create a synthetic
data set—CHARLIE JAVICE, the defendant, contacted Scientist-1 and asked him to create the synthetic data set. In JAVICE’s communications with Scientist-1, she falsely represented that the data she provided to Scientist-1 was a random sample of a much larger database of Frank users.
> Also on or about August 3, 2021, JAVICE forwarded to Scientist-1 the Access Link
Email sent to her by Engineer-1. JAVICE wrote, “here is the link. will share credentials offline.” Based on Scientist-1’s communications with JAVICE, Scientist-1 understood that the data available via the Access Link Email—a data set of approximately 142,000 people—was a random sample of a larger database which contained data for approximately 4 million people.
This is why, as an engineer, it seems futile to make an ethical stand against something. They'll just find someone else to do it. Early in my career I was asked to write code to cheat a benchmark, essentially to make it seem our software performed better than it really did. I agonized over it because I was a junior developer just starting out my career, and eventually got the courage to tell my manager I wouldn't do it. He said, that's OK and then assigned it to Bob, three cubicles down who didn't have any problem with it and finished the cheat in a few days.
Nice. Find accomplices by leveraging the power gradient of employment. Giving them legal advice to boot. Think that should add more time. It's an evil thing to do.
At an investor event, a desperate journalist was running around the room asking people their age. He ended up at our table, with a drink in hand, and a defeated look on his face. He had given up.
We talked a bit, and he asked me, "are you under 30?" I answered "No. But this guy is." I pointed at the 28 year old cofounder of the start up I was part off. Before the evening was over, my colleague made it to the list of forbes 30 under 30.
> In seeking a 12-year prison sentence for Javice, prosecutors cited a 2022 text Javice sent to a colleague in which she called it “ridiculous” that Holmes got over 11 years in prison.
This seems utterly irrelevant to the sentencing, but what do I know.
It's interesting how nobody talks about due-diligence being completely broken. We raised $$$ from many VCs and the DD for some of them was crazy: line item by line item with calls to customers etc. Tech folks were on phone with me and had to explain them stuff step by step, revealing a lot of confidential recipes. Also did this for bigger customers. And the $175M deal.. isn't there an earnout? Like $10M cash now, 1/4*$175 wired on 1yr cliff, and then the rest over 4 years if some milestones are hit? The whole thing looks weird.
I think there is so many factors involved. I've been in ones where they are cutting the check before the elevator pitch has finished. If the founders are rock stars with prior receipts, then that DD goes out of the window. Especially if there is likely to be a ton of competition.
That’s not how it works in venture. Investors want to be rewarded immediately. There might be an earn-out, but it’s relatively minor as compared to the purchase price – maybe 10% to 25%. And just as often, it’s not an earn-out of the original purchase price – it’s an incentive to outperform on top of the purchase price.
I see the string of “30 Under 30” being a statistically valid predictor of future likelihood to go to prison continues. These lists feed on the narcissistic tendencies of grifters who are desperate to get on the list and then tell you about it on LinkedIn.
These lists have such a bad reputation these days that legit top folks are asking their PR people to keep the off!
"The judge said Javice had assembled a “very powerful list” of her charitable acts, which included organizing soup kitchens for the homeless when she was 7 years old and designing career programs for formerly incarcerated women."
At least for all my classmates doing the college application process, claims like that were almost always wild exaggerations of what we really did.
It's interesting to me that fraud appears to be a crime again, with Theranos and now this, when it was going on for so long and so obviously, and no one seemed to care when people were lying and frauding as long as it went on long enough for them to make a profit.
Former federal inmate here who was recently released from prison a month ago today (I did 18 months): The big deal here was the loss amount, which can be construed any number of ways whether we like it or not. This will jack up the points and tilt the scale for the sentencing guidelines, and believe me they are archaic.
After all is said and done, Charlie Javice will be hanging out at a prison camp—probably down there with Holmes and Maxwell, because it's cushy—and do no more than 4 years on the 7 assuming she completes all her programming requirements.
This feels like a case of both parties getting caught up in their own bullshit.
It seems unlikely that the founder was intentionally fabricating data in order to commit fraud. Far more likely is that the founder was caught up in Silicon Valley startup culture, told they were disrupting industries and changing the world, and didn't put enough into actually doing the work, and ended up thinking their company was much more important than it was. Throw in some of the toxicity of #girlboss culture (this is a criticism of the negative aspects, we do need more female founders), and you get a Dunning-Kruger situation. I can see how someone would then keep digging rather than pull out if things started to turn.
On the other side, JPMorgan obviously didn't do any real due diligence. They were too caught up in the industry hype, and want to continue their cosplay as a tech disruptor. Finding this would have taken almost no effort, there wasn't much attempt to hide it. Promoting what the company wants to be true rather than what is actually true is a clear sign of a rotten culture – people won't speak up even when there is literally no good outcome that can come from staying silent. JPMorgan got exactly what they deserved with this deal.
I feel sorry for the founder getting caught up in the cultural currents that led to this, and while they need some accountability, a prison sentence probably isn't right.
"In 2022, JPMorgan filed a lawsuit for fraud, claiming that the data reported by Frank was largely a fabrication and
alleged that Javice paid a data science professor $18,000 for a list of more than four million fake student names to convince JPMorgan to purchase Frank."
The startup world is made up of grifters of all sorts that make up BS all the time. And yet, in the end it’s always the women that get spectacularly sentenced?
The only exception I can think of is SBF, but that was a quite different case.
> Javice was among a number of young tech executives who vaulted to fame with supposedly disruptive or transformative companies, only to see them collapse amid questions about whether they had engaged in puffery [...]
I'm assuming the key punisher here is the "collapse" rather than the "puffery". I don't think I've seen an "honest", "unpuffed" company since the 90s when companies were still wishing their customers merry christmas over the radio.
48 comments
[ 1.5 ms ] story [ 67.8 ms ] thread...alongside other scrupulous business luminaries like Sam Bankman Fried, Shkreli and Holmes.
I do not understand how an acquisition this big got thru due diligence without noticing all the fake users. Anyone in corporate M&A know if it is normal to spend this much money without inspecting the goods? Seems like the most basic of OLAP queries and two days of effort would reveal very suspicious userbase.
The fact that the acquirer is large is somewhat immaterial, the teams 'under the tent' doing the investigation are going to be relatively small on both sides, including folks from the business trying to close the sale, internal/external counsel and singular SMEs from relevant domains.
It is fairly common for the people initiating the acquisition to really want to close it in a hurry, and they do due diligence only as a check mark in someone's list. As someone else here mentioned, there is enormous pressure to close, and any red flags are often redirected, reworded, or even occasionally just squashed.
The further away a company is from something like private equity, who does acquisitions like we eat breakfast every day, the more likely you are to see rushed and potentially botched due diligence. Someone like a big bank may well have the main proponent not know anything at all about acquisitions or due diligence, and just wants to "get 'er done".
It is also very common for people to come in after-the-fact and do a second diligence, and while doing that diligence to hear one or more people opening the conversation with "I warned them about this before the acquisition...".
At the end of the day, particularly in a big public corp, people are focused on their bonuses and total comp, and people like that aren't going into a due diligence looking for red flags and "no's".
"Other financial firms, such as Capital One, considered buying Frank but declined after looking at a sample of the company’s user data."
I'm involved with a company taking some investment from the outside. We're really just sending them copies of our documents and data.
IF someone chose to blatantly lie on that paperwork (we're not), I'm not sure how much they could spot.
In the meantime this outside group isn't querying out DB that's for sure, but even then in the example of this case, they actually generated fake user data and records.
I'm not saying you're wrong generally, but I think a lot of due diligence really does trust that someone wouldn't blatantly fake ... everything.
>summer of 2021
Ah, I see. Probably afraid someone else would snatch up Frank before they could in the summer of mania.
I get that this is about the seller lying during the sale process, which is appropriate imho, you shouldn't be able to just lie about stuff like this. But it's the DD team's job to spot this stuff, that's what DD is all about. I notice the judge criticised the bank as well, which is a step in the right direction.
Secondly you may not actually have the time needed to check things out properly. There's often deadline pressure where the deal has to complete by a certain date or it triggers break clauses or some other party gets a right of refusal or whatever so often the clock runs out even if you would otherwise be able to do the analysis.
- board-1 gets marching orders to do due diligence. those people are typically aware of the sentiment in the board. they delegate to their underlings and share what they think the board wants,
- if you say no, you are guaranteed to upset one of your bosses. if you say yes, its typically a positive (your boss is happy),
- most M&As are typically bad ideas. Its typically nobody's fault when the thing is written off by the next management and nobody seems to mind that much. People who waved through the due dilligence are proper executives by then and the cycle continues.
Incentives are mis-aligned, and on top of this there is usually (a) not a lot of time and (b) a veil of secrecy. Missing those fake emails does not surprise me.
From the complaint:
> In particular, CC-1 and JAVICE asked Engineer-1 to supplement a list of Frank’s website visitors with additional data fields containing synthetic data.
> Engineer-1 was uncomfortable with the request and stated, in sum and substance, “I don’t want to do anything illegal.” JAVICE and CC-1 claimed to Engineer-1 that it was legal. JAVICE stated to Engineer-1, in sum and substance, “We don’t want to end up in orange jumpsuits.” Engineer-1 declined the request from JAVICE and CC-1.
> shortly after Engineer-1 had declined the request to create a synthetic data set—CHARLIE JAVICE, the defendant, contacted Scientist-1 and asked him to create the synthetic data set. In JAVICE’s communications with Scientist-1, she falsely represented that the data she provided to Scientist-1 was a random sample of a much larger database of Frank users.
> Also on or about August 3, 2021, JAVICE forwarded to Scientist-1 the Access Link Email sent to her by Engineer-1. JAVICE wrote, “here is the link. will share credentials offline.” Based on Scientist-1’s communications with JAVICE, Scientist-1 understood that the data available via the Access Link Email—a data set of approximately 142,000 people—was a random sample of a larger database which contained data for approximately 4 million people.
source: https://www.justice.gov/usao-sdny/press-release/file/1577861...
https://a16z.com/why-i-did-not-go-to-jail/
Sometimes getting outside advice is a good idea.
We talked a bit, and he asked me, "are you under 30?" I answered "No. But this guy is." I pointed at the 28 year old cofounder of the start up I was part off. Before the evening was over, my colleague made it to the list of forbes 30 under 30.
This seems utterly irrelevant to the sentencing, but what do I know.
This is not surprising in any way.
These lists have such a bad reputation these days that legit top folks are asking their PR people to keep the off!
"greed exalted as ambition"
You can google "It is America’s shadow made flesh" to find the entire passage.
Separately, I hope a few folks at JPMC got fired over this. Even the most basic of due diligence should have caught this.
"The judge said Javice had assembled a “very powerful list” of her charitable acts, which included organizing soup kitchens for the homeless when she was 7 years old and designing career programs for formerly incarcerated women."
At least for all my classmates doing the college application process, claims like that were almost always wild exaggerations of what we really did.
If so, it's quite possible she considers the profit well worth the penalty.
After all is said and done, Charlie Javice will be hanging out at a prison camp—probably down there with Holmes and Maxwell, because it's cushy—and do no more than 4 years on the 7 assuming she completes all her programming requirements.
It seems unlikely that the founder was intentionally fabricating data in order to commit fraud. Far more likely is that the founder was caught up in Silicon Valley startup culture, told they were disrupting industries and changing the world, and didn't put enough into actually doing the work, and ended up thinking their company was much more important than it was. Throw in some of the toxicity of #girlboss culture (this is a criticism of the negative aspects, we do need more female founders), and you get a Dunning-Kruger situation. I can see how someone would then keep digging rather than pull out if things started to turn.
On the other side, JPMorgan obviously didn't do any real due diligence. They were too caught up in the industry hype, and want to continue their cosplay as a tech disruptor. Finding this would have taken almost no effort, there wasn't much attempt to hide it. Promoting what the company wants to be true rather than what is actually true is a clear sign of a rotten culture – people won't speak up even when there is literally no good outcome that can come from staying silent. JPMorgan got exactly what they deserved with this deal.
I feel sorry for the founder getting caught up in the cultural currents that led to this, and while they need some accountability, a prison sentence probably isn't right.
alleged that Javice paid a data science professor $18,000 for a list of more than four million fake student names to convince JPMorgan to purchase Frank."
I'm assuming the key punisher here is the "collapse" rather than the "puffery". I don't think I've seen an "honest", "unpuffed" company since the 90s when companies were still wishing their customers merry christmas over the radio.