Cynthia Holder, a former Public Company Accounting Oversight Board (PCAOB) inspections leader and director at KPMG has been sentenced to eight months in Federal prison. This is the first custodial sentence to be handed to one of the five former KPMG executives indicted over a scheme to steal inspection information from the PCAOB.

Holder also faces two years of supervised release and restitution of an as yet unspecified sum. She had pleaded guilty to one count of conspiracy to defraud the United States, one count of conspiracy to commit wire fraud, and two counts of wire fraud on 16 October 2018. The SEC had settled with KPMG itself on 17 June 2019, fining the firm $50 million and requiring ‘significant remedial actions’

Geoffrey S. Berman, the US Attorney for the Southern District of New York, issued a statement following Holder’s sentencing that said: “As a former employee of the PCAOB, Cynthia Holder understood the importance of the organization’s work:  to protect investors and the public by overseeing the audits of public companies.  But she undermined the Board’s and the SEC’s regulatory missions when she stole confidential inspection information and provided it to KPMG, her new employer.  KPMG, in turn, used this confidential information to cheat on PCAOB inspections.  Holder’s sentence should be an example to others that stealing confidential information and corrupting regulatory processes are crimes that this Office takes very seriously.”

KPMG had fared poorly in PCAOB inspections and in 2014 received approximately twice as many comments as its competitor firms.  By 2015, KPMG was engaged in efforts to improve its performance in PCAOB inspections, including but not limited to recruiting and hiring former PCAOB personnel such as Holder and her co-conspirator, Brian Sweet. 

KPMG’s efforts to improve inspection results, however, were not limited to legitimate means.  Instead, between 2015 and 2017, Holder, David Middendorf, Thomas Whittle, Jeffrey Wada, Sweet, and others worked to illicitly acquire valuable confidential PCAOB information concerning which KPMG audits would be inspected, in an effort to game the system and improve inspection results. 

While still employed by the PCAOB, Holder fed Sweet confidential information about certain pending inspections. She did so while simultaneously seeking employment at KPMG.

In March 2016, Holder obtained the PCAOB’s confidential 2016 inspection selections for KPMG from Wada, who was still working at the PCAOB but who had recently been passed over for a promotion.  Wada – who was not responsible for KPMG inspections at the PCAOB – accessed and stole valuable confidential information from the PCAOB and passed it on.

Middendorf, Whittle, Sweet, and others then agreed to launch a stealth program to ‘re-review’ the audits that had been selected.  In order to cover up their illicit conduct, the KPMG engagement partners were given a false explanation for the re-reviews.  The stealth re-review programme allowed KPMG to double-check its audit work, strengthen its work papers, and, in some cases, identify deficiencies or perform new audit work that had not been done during the live audit.

In January 2017, Wada, who had again been passed over for promotion at the PCAOB, again stole valuable confidential PCAOB information, misappropriating a preliminary list of confidential 2017 inspection selections for KPMG audits and passing it on to Holder.  At the same time, Wada provided Holder with his resume and sought her assistance in helping him to acquire employment at KPMG.  Sweet shared the preliminary inspection selections provided by Wada with Whittle and Britt, while noting that the information was only preliminary.  Whittle’s response was to ask Sweet to confirm that they would get the final list as well.

In February 2017, Wada texted Holder saying, “I have the grocery list. . . . All the things you’ll need for this year.”  Wada then spoke to Holder and provided her with the full confidential 2017 final inspection selections.  Holder again shared the stolen information with Sweet, who shared it with Middendorf, Whittle, and others.  Middendorf, Whittle, and Sweet agreed to inform engagement partners on the list so that extra attention could be paid to these audits in light of the forthcoming PCAOB inspections. 

In 2017, a KPMG partner who received early notice that her engagement was on the confidential 2017 inspection list reported the matter, as a result of which KPMG’s Office of General Counsel launched an internal investigation.  Thereafter, Holder and Sweet took a number of steps to destroy or fabricate evidence relevant to the investigation.  For example, Holder deleted a number of relevant text messages, emails, and documents, and said she was going to purchase a “burner phone” so her conversations could not be monitored.  Similarly, Sweet burned evidence of the 2017 inspection list and provided a falsified version of the list to KPMG counsel.

Thomas Whittle, David Middendorf, Brian Sweet and Jeffrey Wada have also either pled guilty or been convicted for their roles in the affair. David Britt, former co-leader of KPMG’s banking and capital markets group is expected to face trial in September 2019.