JPMorgan’s $175 Million Due Diligence Mistake: Part 1
The Frank Fraud Case and the Failure of Technology Governance
If you are reading this, you are probably aware of the recent fraud case against Charlie Javice, the founder of the student aid enablement startup, Frank. The government charged Javice after financial giant JPMorgan Chase alleged the founder had falsified millions of user records during the due diligence process to justify Frank’s $175 million acquisition price. In reality, Frank had only a few hundred thousand users, a fact JPMorgan only realized after the deal had closed when email campaigns to Frank users yielded abysmal results.
The Frank due diligence failure goes all the way up to the board level of one of the world’s most powerful and sophisticated companies. In our experience running due diligence processes for acquisitions by Amazon, Google, Microsoft, Apple and more, we have learned that the best technology due diligence process incorporates human and technology factors equally. What’s more, a successful technology due diligence process is not a simple exercise based on a checklist. Rather, it is an investigation - asking hard and probing questions, delving deeply into the leadership, org structure, team dynamics, processes, and the actual tech of any potential acquisition.
This wasn’t just a due diligence oversight. It was a governance failure. Specifically, it was a failure of technology governance. One of the world’s most powerful financial institutions was misled not by deepfake AI or quantum code but by a spreadsheet full of fake names and email addresses. And they had the opportunity to uncover the fraud, but for some reason chose not to.
A Fraud That Could Have Been Caught in Minutes
The core of the fraud was simple: Frank claimed over 4 million users when, in reality, it had fewer than 300,000. To bridge the gap, Javice allegedly hired a data science professor to generate millions of fake profiles, complete with synthetic names and email addresses. This data was submitted to JPMorgan as part of diligence materials.
And here’s the crucial part: the firm JPMorgan hired to assist with due diligence explicitly asked whether the bank wanted to verify the email list. This wasn’t a buried option. It was a direct offer that JP Morgan declined.
Had the bank agreed to that basic check, they would have learned that most of the email addresses didn’t correspond to real people or weren’t even valid. There were no complex AI models or secret codebases. Just data that didn’t stand up to the most routine scrutiny. And sadly, this is the reality of most technology due diligence. While technology can seem opaque and complex, and teams that build and manage technology speak in a different language, asking common sense questions and listening carefully to the answers in search of the truth and potential red flags is the most important part of technology due diligence.
The Technology Governance Gap
Boards have a fiduciary duty to ensure that management is properly vetting that material representations—financial, legal, or technological—are accurate. In this case, the bank relied on unverified digital claims to drive investment and strategic decision-making.
The Frank case is a textbook example of how boards at even the most sophisticated institutions still allow management to treat technology risk as a separate, lower-tier category of concern. JPMorgan didn’t insist on a technical audit. It didn’t perform basic data integrity checks. It didn’t follow up when given a direct opportunity to verify the user list.
Digital assets like user data, algorithms, platform performance, and customer engagement are as material to modern businesses as inventories and intellectual property. Yet, many CEOs and their boards continue to view technology as something that can be safely delegated to technical leaders alone. That approach is outdated and dangerous.
Technology Risk Is Fiduciary Risk
The core lesson from this case is simple: technology governance is not optional. It is part of a CEO’s and board’s fiduciary responsibility. If directors allow management to fail to verify material digital assets, especially in acquisitions or capital raises, they are just as liable as they would be for signing off on misleading financials.
In the Frank case, the data was the business. And by refusing to verify it, JPMorgan’s leadership failed to execute its most fundamental responsibility.
This fraud wasn’t sophisticated. It didn’t require forensic AI or red-team hackers to uncover. Just a few steps could have revealed the truth. These are not cutting-edge techniques. They are table stakes in any serious technology acquisition.
Where Boards Must Go From Here: Elevate Technology Oversight
The Frank acquisition should be a watershed moment for boardrooms everywhere. As technology becomes the dominant driver of enterprise value and M&A, boards must develop the literacy, tools, and frameworks to oversee it effectively. That means ensuring at least some directors have real technology expertise and are evaluating digital representations as material disclosures on par with sales figures and cash flows. For every technology acquisition that relies on buying users or any other form of digital assets, the board must demand the same verification and audit standards as they expect for financial assets.
More broadly, boards must elevate technology oversight and governance to equal status at the board level for every business that depends heavily on technology. Today, this is every business. The cost of ignoring technology governance is now measured not just in dollars but in reputational risk and strategic failure. Boards that don’t adapt will not just make poor decisions—they may face real liability.
Anthony Bay is CEO and co-founder at Techquity. www.techquity.ai He has previously held senior roles at Amazon, Apple, and Microsoft as well as early-stage companies, served on multiple private and public boards, and launched the world’s first social network before the Internet even existed. He has led product groups, M&A, CEO, and board governance for everything from early-stage startups to large corporations.
Alex Salkever is a partner at Techquity and a former BusinessWeek technology editor, as well as an advisor to startups and large companies on the impacts of technology change and artificial intelligence. He is the author of four award-winning business books, including “Driver in the Driverless Car” and “Your Happiness Was Hacked”.