eBay Compliance Monitoring - What Does Cyberstalking Have To Do With M&A Due Diligence & Risk?
UPDATE 3-7-24
Chief Legal Officer Marie Oh Huber is departing eBay to pursue "a new chapter in her career, while exploring personal interests and passions."
Were the cyberstalking scandal, DEA & EPA cases, regulatory scrutiny & due diligence concerns in TCGplay acquisition factors in this surprising eBay leadership shakeup?
Liz Morton
eBay's deferred prosecution agreement with DOJ over 2019 cyberstalking scandal has been raising eyebrows with its enhanced compliance monitoring requirements, begging the question - why would there would be a focus on Mergers and Acquisitions due diligence in a settlement for felony cyberstalking and harassment of journalists carried out by eBay security personnel?
Liz Morton
A deeper look into the cyberstalking case, as well as significant changes to eBay's once asset-light business model, may hold the key to unlocking this compliance monitoring mystery.
The shocking corporate plot that unfolded in the summer of 2019 targeted Ina and David Steiner of EcommerceBytes, seeking to change the content of their reporting through intimidation and to gain their assistance to unmask the identity of Fidomaster/unsuckEBAY, a frequent commenter and source who also sparked the ire of top executives at the company.
Senior Director Security Jim Baugh, Director of Global Resiliency David Harville, Security Manager Philip Cooke, Senior Manager of Global Intelligence Stephanie Popp, Senior Manager of Special Operations Brian Gilbert, Global Intelligence Manager Stephanie Stockwell and security analyst Veronica Zea all pleaded guilty and have either been sentenced or are awaiting sentencing for their roles in the crimes.
The Steiners have also filed a civil case against the criminal defendants plus ex-CEO Devin Wenig, ex-Communications Chief Steve Wymer, Ex-SVP Global Operations Wendy Jones, eBay Inc. and security company Progressive F.O.R.C.E Concepts - alleging communications from the very top of the c-suite directed and egged on the harassment.
While not named in either the criminal or civil cases, Chief Legal Officer Marie Oh Huber was copied on several emails that have been released as part of this ongoing litigation, including the now infamous "Whatever. It. Takes" email from Wymer.
The email that Wymer sent on August 7, 2019...was written in response to an earlier email that an in-house eBay attorney sent to Wymer, Huber, and Mr. Baugh, about the limited options for addressing...tweets about eBay, which the company believed were connected to, or provoked by, the Newsletter [EcommerceBytes].
The full thread makes clear that Huber and Aaron Johnson in eBay’s legal department requested that Mr. Baugh regularly update the company’s senior executives about “any news/developments on [his] end.”...
...During a lengthy discussion by email about @unsuckebay...Mr. Baugh reported to Wenig, Wymer, and Huber that the security department was working to gather “information regarding [the poster’s] identity and location”.
In the same thread, Wymer mentioned corporate and legal efforts to “get [@unsuckebay] killed.”
Source: USA v. Baugh 1:20-cr-10263 Doc 79
The email chain started with Wenig expressing his desire to see the unsuckEBAY Twitter account shut down - assigning the task to Baugh, with Oh Huber and Wymer copied.
Wymer confirmed he had previously discussed the issue with Baugh and explored all angles with Twitter but had been unable to get the account killed.
Huber echoed the frustration, but her and another member of eBay legal, Aaron Johnson, advised there wasn't a strong claim to appeal to Twitter to take action.
Baugh appeared to be trying to placate his bosses by offering that his team had been investigating for weeks and were close to discovering the identity and location of unsuckEBAY.
Oh Huber accepted that answer with a smiley face emoji, saying she would hold off on pursuing further legal steps in light of Baugh's investigation.
The next day Wymer expressed he was "utterly vexed" by the situation and that any effort to "solve" the problem should be explored...Whatever. It. Takes.
Oh Huber is still Chief Legal Officer and, as a result of eBay's internal investigation into these events, the Safety & Security unit was moved to the Legal Department from the Global Operations division, putting the entire security apparatus at eBay now ultimately under Oh Huber's purview.
Molly Finn, who was VP & Chief Compliance Officer at the time, was also copied on several related emails, according to redacted privilege logs included in court filings.
Finn also still works at eBay, though she moved out of the compliance role in December 2021 (2+ years after these events) to Vice President, Deputy General Counsel M&A and Securities - a position which she still holds today.
Were there red flags and holes in eBay's ethics and compliance procedures that were missed, allowing these criminal acts to occur on her watch, or is there more to the story?
Unfortunately, much of her correspondence in this matter is likely to remain out of the public record under attorney work product privilege, so we may never know what she knew or how she responded to emails related to these events.
Public records show the Securities and Exchange Commission sent a letter to current CEO Jamie Iannone on September 20, 2022 with some pointed questions about eBay's April 21, 2022 Proxy Statement - including directly asking for disclosure as to whether or not eBay had a Chief Compliance Officer at that time and, if so, to whom that person reported.
Notably, it was Molly Finn who responded, using her title of Vice President, Deputy General Counsel (leaving off the M&A part), and she completely glossed over the Compliance Officer question, neither explicitly stating she no longer held that title nor confirming whether or not eBay had anyone in that role at that time.
Per the SEC's request, eBay addressed these questions in "future proxy disclosures" with the Proxy Statement filed on April 28, 2023 purporting to lay the matter to rest by stating "Our Audit Committee has an annual cadence to review the risks included in its remit, including quarterly meetings regarding ethics programs with our Chief Compliance Officer (who reports to our Chief Legal Officer, with direct access to the Audit Committee Chair)."
But who was the Chief Compliance Officer reporting to Chief Legal Officer Marie Oh Huber and supposedly having quarterly meetings with the Audit Committee at this time?
Was Molly Finn still acting in this capacity even though her title had been changed in December 2021 and if so, why was that not disclosed anywhere? If someone else occupied that role, who was it and why were they not named?
eBay does not appear to have named a successor Chief Compliance Officer until the end of August 2023, presumably as part of ongoing negotiations with the US Attorney's Office and/or to address SEC concerns about eBay's risk and compliance disclosures.
Liz Morton
New Chief Risk & Compliance Officer, Ryan Jones, worked closely with Rob Chesnut during his time at AirBnB, which makes his selection for this role at that time even more interesting.
Chesnut was a former Federal Prosecutor before joining eBay as Senior Vice President Trust and Safety from 1999-2008, then moving on to become Chief Ethics Officer at AirBnB, as well as a celebrated advisor and author on corporate ethics, including the bestseller "Intentional Integrity: How Smart Companies Can Lead An Ethical Revolution."
Given that history, it's not surprising that Chesnut was tapped to speak to eBay employees at an all-hands meeting, along with Marie Oh Huber and Molly Finn, when news of this scandal first became public in 2020.
Iannone sent an internal memo about the meeting, reminding employees that"openness, honesty, respect and doing business with integrity drives eBay's success" and "ethics is everyone's responsibility."
However, if Iannone really believed that, why was new leadership for compliance and ethics only brought in just a few months before finalizing this agreement to avoid further criminal prosecution?
Page 57 of the agreement is where things get interesting, with the curious inclusion of Mergers and Acquisitions under areas in which eBay will have additional compliance requirements and monitoring as part of this deal.
The scope of the compliance monitoring, coupled with a historic $59 Million settlement with the DEA and ongoing litigation brought by the EPA, suggests the Department of Justice and other Federal regulatory bodies may be concerned about a wide variety of business practices, opening eBay's entire operation up to additional scrutiny.
Those concerns may include apparent due diligence and disclosure failures in eBay's October 2022 acquisition of trading card marketplace TCGPlayer, which led to the formation of the first US labor union in eBay's history and the sudden departure of Chief Accounting Officer Brian Doerger last year, as well as broader questions about the significant strategy shift eBay has undergone with increasing in-house labor-centric authentication operations in the last few years.
Liz Morton
Iannone has built his "focus vertical, high value, enthusiast buyer" strategy for the company largely around the idea of offering experiences and services to "enhance trust" and draw buyers to key categories on the platform.
Clawing back market share in the sneaker space that Wenig allowed to slip through his fingers to competitors like StockX was priority number one when Iannone took the helm, announcing a partnership with Sneaker Con in 2020 to provide authentication for qualifying sneakers and reducing selling fees to 0% to entice more sellers to list their kicks.
eBay eventually acquired Sneaker Con's authentication business in 2021,for an undisclosed sum, taking on their US facilities in Nevada and New York as well as operations in the U.K., Canada, Australia and Germany.
They've since added a third US location in New Jersey for in-house luxury handbag and fashion authentication, while authentication programs for watches, jewelry and some trading cards are still handled by third party partners.
eBay massively increased their investment in these services throughout 2023, disclosing millions of dollars in additional expenses related to authentication every quarter.
Q1 2023: $14 million increase related to the expansion of authentication services compared to 2022.
Q2 2023: $15 million increase related to the expansion of authentication services compared to 2022.
Q3 2023: $9 million increase related to the expansion of authentication services compared to 2022 for the quarter.
That comes to a total of a $38 Million increase in authentication service costs just for the first 9 months of 2023.
Despite pouring money into expanding authentication, eBay has struggled to gain traction with newly introduced categories like streetwear and to keep the momentum going with sneakers, while trying to find ways to monetize the service to cover some of the ever increasing costs.
When Iannone first embarked on his grand plan to bring authentication in-house at eBay, very little attention was given to the significant change in strategy it represented or the risks this strategy could pose to the company (and investors).
As unsuckEBAY noted at the time, it was a "significant step-change" for the company as it departed from the asset light, "just a venue" model that had previously protected it from unionization efforts which have targeted competitors like Amazon.
TCGPlayer employees had previously attempted to unionize in 2020, with concerns and demands about working conditions, pay, and management transparency similar to those cited in their ultimately successful organizing actions in 2023.
eBay should have been able to anticipate and prepare for the possibility of facing unionization efforts following the acquisition, given that the agreement allowed Founder Chedy Hampson and other management personnel to remain in an environment with a documented history of "strained" labor relations.
Interestingly, eBay chose not to reveal the potential risks that unionization efforts could bring to investors until February 23, 2023 in a 10-K filing with the SEC.
However, even after this disclosure, the company has continued to downplay the impact of TCGUnion-CWA and the potential that pro-union sentiment could spread to its other warehouse operations.
Not only is eBay's current M&A heavy strategy under scrutiny from regulators, investors also appear to be losing patience with Iannone and his executive leadership team who have failed to show this "high value enthusiast buyer" strategy can drive long-term positive growth for the company.
The future of eBay's strategy may be up in the air as Chief Business and Strategy Officer Stefanie Jay has reportedly resigned following last month's layoffs and ongoing cost cutting pressure.
Liz Morton
Jay joined eBay in May 2021, following Iannone over from Walmart, and M&A activity has ramped up considerably during her tenure, with the purchase of MyFitment for car parts guaranteed fit in 2022, Certilogo for digital authentication of fashion and luxury brands and 3PM Shield for AI-powered compliance and anti-counterfeiting tech in 2023, in addition to SneakerCon and TCGPlayer.
While those other acquisitions did not come along with the large physical warehouse operations of in-house authentication efforts, they did contribute to eBay's already bloated headcount and expenses.
Other questionable acquisitions and investments include NFT marketplace KnownOrigin, millions in funding via eBay Ventures down the drain when luxury fashion resale outlet Cudoni went out of business, and joining a consortium to take a 25% stake in Funko Pop, paying ~$21 a share for stock that now trades ~$7.30/share.
Liz Morton
Understanding this significant shift in business strategy, including costs and risks for the company and investors, puts a very different light on the enhanced compliance monitoring requirements in the cyberstalking deal.
Could the fact that the person who was Chief Compliance Officer at the time of the cyberstalking scandal is now Deputy General Counsel M&A and Securities have something to do with the DOJ's interest in having M&A due diligence explicitly called out for additional monitoring?
