Called to Account: KPMG turned to Palantir to help predict which audits would be inspected
KPMG turned to the secretive data analytics firm Palantir to help it predict which of its engagements would be inspected.
The revelation, coming in court documents, shows that the accounting giant had help in its quest to prepare for audits from the Public Company Accounting Oversight Board. There are now civil and criminal indictments of three former KPMG partners and three former PCAOB employees for allegedly obtaining confidential regulatory information and using it to essentially cheat the test, in return for offering jobs.
Related: The auditor of Citi, Credit Suisse and Deutsche Bank was tipped off before regulatory inspection
None of the documents filed by law enforcement say specifically that Palantir knew the information they used was acquired illegally. There’s also no suggestion in the court documents that Palantir broke any laws.
A Palantir spokeswoman said the engagement with KPMG was short. “Our work with KPMG on this project never extended beyond an initial pilot phase. Work began in the second half of 2015 and was concluded before the end of the year,” she said in a statement.
A KPMG spokesman declined comment on the Palantir contract. KPMG has not been charged by either the SEC or the Justice Department.
Palantir, founded in 2004 by PayPal founder and Trump advisor Peter Thiel and based in Palo Alto, California, develops proprietary software to analyze data for government and non-governmental clients like Border Patrol and ICE and public companies like JPMorgan Chase and BP. Palantir’s earliest investors included In-Q-Tel, the venture capital arm of the CIA.
KPMG began faring very poorly in its PCAOB inspections in 2013. Its problems with the regulator peaked in 2014 when it received 28 comments about deficiencies in 51 audits inspected by the PCAOB that year. This was approximately twice as many comments as the average number of comments received by KPMG’s competitors.
By 2015, KPMG had enough.
According to the indictment, KPMG hired Palantir in April 2015 to assist the firm in predicting which of its engagements were likely to be inspected by the PCAOB, signing a $ 250,000 contract, contingent on a certain rate of success.
KPMG’s data collection initiative was led by partner John Amraen, who has not been charged by the Justice Department or the SEC.
Amraen emailed Brian Sweet in 2015, who has pleaded guilty to conspiracy and wire fraud charges and is cooperating with the government, to say what information Palantir needed.
“Thanks again for your time today,” Amraen wrote on Sept. 3, 2015, according to an email in a court filing. “The folks at Palantir were very appreciative of your forthrightness. As a reminder, we are looking for the following from you: 2015 random selections and 2015 Top 30.”
The criminal indictment says that the information requested “was also treated as highly confidential by the PCAOB, reflected the deliberative process of the PCAOB, and was never disclosed to KPMG by.the PCAOB even after KPMG was notified that those audits would be inspected.”
The model’s predictive value would improve if it was known which engagements on the list had been chosen at random versus selected based on risk factors, which also was highly confidential information.
Amraen did not respond to a direct request for comment on his leadership of the Palantir project at KPMG.
Later that month, Sweet emailed David Middendorf, KPMG’s then-national managing partner for audit quality and professional practice, and Thomas Whittle, KPMG’s then-national partner-in-charge for inspections — both of whom were indicted and also charged by the SEC.
“I’ve spent quite a bit of time with Palantir trying to guide their modeling efforts, but thought it may be beneficial to provide you both with what I suspect could be the most likely non-banking targets for potential inspection in 2016,” Sweet emailed on Sept. 25, 2015. “As a caveat, I was much closer to the banking selection process so am certainly more confident in that list of likely targets . . . However, I would suggest that these be considered as very good candidates for our internal coaching or pre-issuance review programs as they would have a higher selection likelihood based on my analyses. At the very least this would be good to compare against Palantir’s results to see how accurate their models are.”
The use of the word “models” is suggestive there could be data on more than one accounting firm.
“The evidence of more than one model at Palantir could mean that it was working for more than one firm,” Tom Selling, a former member of a PCAOB advisory group and author of the Accounting Onion blog, told MarketWatch.
Palantir denies that the company worked for any other auditor but KPMG. “Palantir has done no other work with any other Big Four firm on this issue. Did we develop models with the intention of working with other firms? No,” the spokeswoman said.
A spokesman for one of the other Big Four, Ernst & Young, said in an email that “EY has not worked with any entity on a project of that nature.” Deloitte and PwC did not respond to requests for comment.
Another explanation for the word “models” is that Palantir may have separate models for banking and non-banking client because of the different risk factors, Selling pointed out. Furthermore, as MarketWatch reported, KPMG had access to other auditors’ data through the PCAOB inside information.
In trying to win the contract of BBVA BBVA, +1.01% , KPMG used information gathered from Deloitte’s audits of BBVA and Santander SAN, -0.18% , according to court documents.
See also: KPMG won BBVA audit with stolen data about rival’s inspections
“Based on the BBVA episode we know that Sweet had access to other firms’ confidential data,” continued Selling in an interview with MarketWatch, “which perhaps he gave to Palantir. Based on these possibilities, one should expect that the prosecutors would be seeking information from Palantir about this – and how much they knew about where their data came from,” said Selling.
See also: KPMG indictment suggests many who weren’t charged knew regulator data was stolen