Skip to content
Fraud cases Fake documents Due diligence

Lessons learned from JPMorgan's $175M Frank acquisition fraud

by Luis Perez 8 min read

The shocking case of JPMorgan’s $175 million acquisition of Frank, a student loan startup, serves as a stark reminder of why automated document verification is no longer a “nice-to-have” in modern due diligence. Soon after closing the transaction, JPMorgan discovered that Frank’s founder had allegedly fabricated millions of customer accounts and manipulated financial documents to secure the deal. The founder, Charlie Javice, is currently on trial as of February 2025.

In this blog post, we will examine the anatomy of this fraud and how automated document verification could have prevented it. The lesson is clear: document verification is a crucial part of due diligence. The surprise was seeing an institution like JPMorgan, itself a major M&A advisory powerhouse, fall for this kind of scheme (disclosure: Luis Perez, one of the co-founders of VerifyPDF, is a former M&A banker at JPMorgan).

The anatomy of a $175 million fraud

Frank, founded in 2016 by Charlie Javice, was a startup that assisted student borrowers in obtaining loans and financial aid. Frank was meant to simplify the process of filling out the Free Application for Federal Student Aid (FAFSA), but was also promoted as a tool for middle and lower-income families that want to send their children to college. This made Frank an interesting bolt-on acquisition for JPMorgan, as it ticked the boxes for financial inclusion while having the firm make a move in the heated fintech market of 2021.

Frank claimed to have 4.25 million student users when in reality, they had fewer than 300,000. To support this claim, Javice allegedly engaged in sophisticated document manipulation, creating synthetic data and falsified financial records that went undetected during the acquisition process. The fraud was only discovered when JPMorgan’s marketing team decided to spam the millions of fake accounts with cross-marketing opportunities and nearly all bounced back. Dismal engagement rates and a paltry 28% email delivery rate.

In other words… the customer database was fake. Once a proud member of the Forbes 30 Under 30 list, Charlie Javice said that her biggest challenge at Frank was scale. So she made it up!

What went wrong with JPMorgan’s due diligence?

The bank first noticed irregularities with the list when a JPMorgan employee observed that the list contained exactly 1,048,576 rows. Those of you who are into Excel, may recognize that as the maximum number of rows in a single sheet, which is a bit strange but I guess any junior employee on a live deal like this can make a mistake. Charlie Javice hired an outside data scientist (a university professor) to create a synthetic data set of over 4.25 million users. But nobody raised the alarm.

JPMorgan’s delayed discovery of the fraud stemmed from its decision to outsource data validation to a third party rather than directly inspecting Frank’s records. The external auditor hired by JPMorgan conducted surface-level checks without verifying email addresses, analyzing account activity or cross-referencing with Frank’s internal databases. Relying on these representations alone, JPMorgan agreed to purchase Frank for $175 million at the end of 2021.

The external auditors reportedly examined only aggregated metrics rather than individual records, missing patterns like duplicate IP addresses across “unique” accounts, clustered account creation timestamps and geographic inconsistencies in user locations. Too much reliance on third-party due diligence consultants is something that we have seen in the past: for example, Bain had performed due diligence on FTX on behalf of Tiger Global, overseeing what later would cause FTX’s spectacular demise.

How automated document verification could have prevented this

Modern automated document verification systems are designed to catch exactly these types of discrepancies. By analyzing metadata, document patterns and cross-referencing information across multiple sources, these systems can identify suspicious patterns in user data, inconsistencies in financial statements and signs of document manipulation or synthetic data generation. For example, bank statements can offer proof of a customer’s existence.

Forensic experts emphasize that manipulated PDFs often contain telltale signs like font inconsistencies in text layers, resolution mismatches in embedded images and hidden layers that explain what was added or removed from the document.

The role of proper document forensics

Traditional due diligence methods proved insufficient, so emerging detection methodologies offer more robust countermeasures. Document forensics for PDF files has become increasingly crucial in M&A due diligence. Advanced verification systems can detect:

  • Metadata inconsistencies
  • Signs of content layer editing
  • Timestamp manipulations
  • Font discrepancies
  • Evidence of synthetic data generation

Recommendations for M&A due diligence

To prevent similar fraud cases, organizations should focus on enhanced data validation and document integrity checks. Deal teams should verify data directly rather than relying solely on third-party reports. M&A teams should prioritize skepticism and operational verification over contractual assurances to avoid overreliance on surface-level checks. It is also crucial to avoid common pitfalls such as accepting or relying on screenshots as proof.

It is also imperative to train M&A execution teams on common document manipulation techniques and warning signs and establishing a clear escalation procedure when document irregularities are discovered. Consider using specialized forensic firms for high-value transactions rather than relying solely on general auditors who may not have the expertise to detect the most advanced document manipulation techniques.

Implementing a comprehensive document verification strategy that combines these technical and procedural controls can significantly reduce exposure to fraudulent schemes in M&A transactions.

The consequences of this fraud have been severe. Charlie Javice was arrested in April 2023 and faces multiple federal charges, including securities fraud and bank fraud. The SEC has also filed civil charges, highlighting the serious nature of document manipulation in financial transactions.

The Frank scandal serves as a watershed moment in M&A due diligence, highlighting why automated document verification is essential in today’s digital landscape. As fraudsters become more sophisticated, relying on manual verification or surface-level checks is no longer sufficient. Organizations must embrace comprehensive automated document verification systems like VerifyPDF to protect themselves from similar fraudulent schemes.

Stop guessing. Know in 5 seconds.

Upload a PDF. In under 5 seconds, VerifyPDF tells you if it's genuine or forged, with detailed evidence of every modification. Try it free for 15 days, no credit card needed.

Start free trial Watch demo

Trusted

This document is identical to others from this issuer

Match found in our document database
Document integrity verified
No traces of suspicious editing software