The way that due diligence would have discovered this was not to take the list and start doing spot checks on it.

The way due diligence should have found this is that it should have been written all over the financials. What do you mean you have 4 million customers and a support staff of 20? What do you mean you have 4 million customers but your revenue is {clearly too low}? What do you mean you have 4 million customers but your website spend is {clearly too low}?

It's over an order of magnitude. It should be written all over the company. Experienced DD should have smelled a rat within about 2-3 hours, although nailing it down could take much longer. The logical conclusion I draw is that there was no experienced DD done. In isolation this would a tough claim, however, I look around and I see a lot of Wall Street activity on this time frame that shows no evidence of Due Diligence being done and it seems to be part of a pattern.

(The question of why there was no DD is a separate one.)

> What do you mean you have 4 million customers and a support staff of 20?

Sure to the rest, but: Whatsapp had 55 employees and 450 million users when it was acquired. It's at least conceivable to tell a story (lie) that's two orders of magnitude smaller. (And the real number was "only" off by one zero.)

Whatsapp elaborately explained how it was doing this to the public, it was with a technology (Erlang/OTP) that had rarely been used before, and that technology had been designed for and very successful in an almost identically shaped context (telecom switches.)

Also, more obviously, people you knew were using it every day. 450M is different than 4M, and way different than 300K. If Whatsapp were lying and saying they had 4.5B users, I'd expect JP Morgan to catch that within a few hours, too.

> Whatsapp elaborately explained how it was doing this to the public, it was with a technology (Erlang/OTP) that had rarely been used before, and that technology had been designed for and very successful in an almost identically shaped context (telecom switches.)

Sure. But the point is, Whatsapp had 0.5 total employees per 4 million users, and Frank had 20 support employees per 4 million supposed users.

Even if you think Whatsapp has a massive advantage, those numbers don't make it look like Frank is the one that's lacking in staff.

> Also, more obviously, people you knew were using it every day. 450M is different than 4M, and way different than 300K. If Whatsapp were lying and saying they had 4.5B users, I'd expect JP Morgan to catch that within a few hours, too.

For these reasons it would be much harder for Whatsapp to lie that way.

The corollary of that is it would be much easier for Frank to do it.

WhatsApp doesn’t need staff because they weren’t processing regulated financial transactions. Thr app operated in a best efforts basis since it was mostly free. You don’t need customer support staff for that — there is no support.

FWIW, around 1/3 of the 55 were customer support. That's not a lot of support per user, but it's not none. And it is enough to get lots of feedback to engineering about things users are having trouble with, because the better you make the product, the less overloaded customer support is.

WhatsApp didn’t process financial txns and wasn’t in a regulated marketplace.

> Whatsapp had 55 employees and 450 million users when it was acquired.

WeWork had the opposite problem. A lot of employees and expenses and not enough paying users. Having lots of employees and lots of expenses by itself doesn't mean much. WeWork still got billions in funding. Due diligence was an issue there as well.

Consider it holistically, rather than one at a time. Every company has its own footprint of "per customer" resource usage, and every company probably has unusually low aspects one way or another, but when a company comes back as "low" to "very low" for every such metric, it's time to investigate harder. Maybe they're just that genius, or maybe there's something about the company you don't understand yet, or maybe they're cheating you... the whole point of due diligence is to resolve those "maybes" into "certainlies", because they all factor in to your decisions.

> Sure to the rest, but: Whatsapp had 55 employees and 450 million users when it was acquired.

JPM regularly acquires businesses that do not look like WhatsApp and look more like Frank. For 99% of the acquirers out there, seeing a business with $450m in ARR with 55 employees definitely makes your eyes bulge.

The problem here is this wasn’t about MAU. JPMorgan wanted a verified student data asset they could market to, so stale accounts were fine. Diligence focused on whether Frank had “records” (name, email, DOB, etc.), not whether those records were active.

Beyond that, JPMorgan didn’t want to push too hard and risk blowing up the deal as there was competitive pressure. Calling out “these numbers seem odd” could have spooked Jauvice, and they figured the reps & warranties in the contract gave them enough protection if things went south.

Funny how that has the exact same shape as a typical scam targeted at individuals. They usually rely on creating a sense of urgency and the sense that you could blow the whole thing if you aren't careful. A warrant scam will tell you that they need payment (in gift cards, of course) right now or you're going to jail, and likewise if you hang up or tell anyone what's going on (and thus might have someone tell you that you're being had) you're going to jail.

Not far off from "you can't inspect the business you're buying too hard, or the deal is off." And just like with individual scams, that should be a sign that it's shady and you should bail out.

Of course, but this is basic human psychology when power asymmetry is at play. Frank "held the cards" in this deal, so to speak, and was helmed by a CEO that demonstrated sociopathic tendencies willing to do whatever it took.

You can of course hold to a particular standard, but if a competitor is willing to relax that standard, you lose a distinct advantage.

No you don't - they are now vulnerable to scams and you are not.

> they are now vulnerable to scams and you are not.

if the scam is not going to hurt the agent (in this case, the CEO responsible for the buy out), and the success is going to reward the agent, then the incentives are not completely aligned between the agent and the principle.

So signing the deal with less due diligence, then correcting it later (if needed) seems more profitable to the agent, while the principle takes all of the losses (if any).

For this deal, sure. What about others? Many times your competitors will come out ahead.

Risky decisions happen all the time in business, as long as the risk is outweighed by the perceived reward.

> Frank "[..] was helmed by a CEO that demonstrated sociopathic tendencies willing to do whatever it took.

To be fair, Jamie Dimon also fits this description.

This entire case can be explained thusly: “JPM had FOMO during ZIRP and agreed to a stupid deal without doing proper due diligence.”

This deal would’ve never happened if rates had not been cut to 0%.

>> The problem here is this wasn’t about MAU. JPMorgan wanted a verified student data asset they could market to, so stale accounts were fine. Diligence focused on whether Frank had “records” (name, email, DOB, etc.), not whether those records were active.

This isnt about inactive data, they had an outside data scientist create an artificially generated usage dataset!

That's not what I said.

JPMorgan thought they were getting legitimate users of the product at some point in time - they didn't care whether or not they were currently active, hence vetting ops didn't really matter much.

A good fraudster has a good chance in any space where users don't pay for the service. Users, traffic, basically everything that isn't cold hard cash can be faked very well these days.

Is it just me, but doesn't it seem like the concept of Frank as a business just sounds like it wouldn't have lived that long and that it might even be predatory? Frank got in trouble with the Department of Education because they used the term "FAFSA" in their domain name. I was lucky enough to have mentors in my life who warned me away from clicking on sponsored links to paid preparers if I ever decided to Google search "FAFSA". So it makes me suspect like part of their business strategy was to convince low-income students who have great difficulty submitting the FAFSA to pay them to submit it for them. I don't recall what the environment was like years ago, but there had always been a desire on the part of ED to make the FAFSA easier to fill out, and this would have totally eroded the value of Frank even if it was a legitimate business. What's also confusing is that at some point they apparently had a `.org` domain, so maybe they were also a non-profit?

Apparently they also had some kind of service to submit an aid appeal letter to the student's financial aid office. This is also a ridiculous service for low-income students to pay for because I can almost guarantee that Frank wouldn't have the context necessary to actually convince a college's financial aid administrators to give more money to one of their users.

It's almost as if the people considering the deal might have been focusing more on the financial education aspects of Frank instead of how they actually would interface with the FAFSA.

As I mentioned a bit further down, the blind spot here is they really only cared about the user list. The product itself was immaterial, so they might have overlooked or simply not cared about some of the shadier tactics to acquire it.

Agreed. FAFSA is a bit tedious to fill out but it’s not difficult. No need to pay someone to do it. They’re just going to have to ask you for all the same information anyway.

> She pushed back on any direct vetting of the list using privacy laws as a shield and JPMorgan didn't challenge it due to competitive pressure to get the deal done ASAP.

DD guy here.

This is more common then people think. M&A deal dynamics are funny and this is usually a tactic that investment bankers who represent sellers use. According to my cursory research she didn't use an investment banker. For someone fresh out of biz school with no M&A/banking experience that's umm...BOLD.

You could also obfuscate all PII and just join the user table with the website clickstream table and notice that only 10% of the users had any associated clickstream.

Presumably JPM didn't have prod db access to run whatever queries they want, and had to ask for access. They also faked user tables. What makes you think they wouldn't have faked the user activity table as well?

Ok so sometimes when people come to me for an angel investment I ask to look at their Pendo/GA records. I mean you could fake those, but that’s a lot of work and possibly harder than actually getting the business in the first