Waving flags: CrowdStrike and Chime

Flag Day always brings memories of strawberry shortcake with Cool Whip and candles.

Gemini is symbolized by a pair of twins, which originates from the Greek myth of Castor and Pollux and, depending on where you are in the world, can often be seen in the night sky in the Gemini constellation. Although the Gemini star sign’s origin story varies by culture, one thing is for sure — the dual nature represented by the image of the twins is a perfectly apt descriptor of the Geminis we all know and love. Quick-witted, curious, and a touch hyperactive, they’re social butterflies best suited for fast-paced communication roles. When working on something they care about, Geminis often gets so much work done that it seems as if two people are working instead of one. When uninterested, however, they find it difficult to get motivated and energized. Geminis were born in a time of transformation, just as spring ushers in summer, the most bountiful season. Since late spring is Gemini season, Gemini sun signs are naturally optimistic about change and tend to take the lead during periods of transition. If Gemini is your zodiac sign, you probably aren’t afraid to make a bold career partnership, move to a new state, or take charge of an exciting project at work — in fact, these environments and situations are where Geminis thrive. These happy-go-lucky air signs were practically born to try new things. (Glad to be a Gemini!) https://www.yahoo.com/lifestyle/gemini-zodiac-sign-personality-traits-180102492.html

There are two stories I want to focus on today, Flag Day!

Photo Source: https://www.jfssd.org/event/free-citizenship-course-imperial-beach/

First up is a CrowdStrike/Carahsoft update and, then, after the paywall, five things to watch after the Chime IPO.

CrowdStrike/Carahsoft

On June 12, John Gavin published an update on CrowdStrike Holdings at his site Disclosure Insight.

Let's first review the timeline:

• Bloomberg: Crowdstrike, Carahsoft Struck Deal To Sell Software IRS Didn’t Buy October 27, 2024

Crowdstrike, Carahsoft Struck Deal To Sell Software Irs Didn’t Buy Bloomberg

12.7MB ∙ PDF file

Download

Download

• Disclosure Insight puts out an Early Signal of SEC probe: January 17, 2025

• Bloomberg: SEC and DOJ are investigating. February 21, 2025

Doj, Sec Investigating $32 Million Crowdstrike Deal With Carahsoft Bloomberg

960KB ∙ PDF file

Download

Download

Like Sisyphus, courageous journalists and auditors pushing tough stories up the hills

• I did an in-depth report on whether the revenue recognition concerns were justified and added a few more details regarding the CrowdStrike/Carahsoft relationship.

  Firehose: Some stories I am reading and commenting on

• Disclosure Insight: SEC probe confirmed as ongoing April 24, 2025

• Bloomberg publishes a piece confirming the existence of SEC/DOJ probes, highlighting the 2024 $32 million Carahsoft transaction for CrowdStrike software with the IRS as a key focus. (Gift link.)

• First disclosure by CrowdStrike of SEC/DOJ probes: June 4, 2025

John Gavin of Disclosure Insight is concerned!

After reviewing the timeline and parsing the disclosures we believe this situation is likely to worsen before it improves. We conclude restatement risk is now significantly elevated.

I wrote about the CrowdStrike July 2024 outage fairly immediately because I was caught in it, having to spend another day in Baton Rouge, LA after the LSU Fraud and Forensic Accounting Conference, where I spoke.

My friend and frequent collaborator Olga Usvyatsky was quick to ask me then if I thought the CrowdStrike outage would lead to additional disclosures and whether companies were vulnerable to SEC actions, given the recent court decision regarding the SEC's complaint against SolarWinds and its CISO.

The post goes into a discussion about the Solar Winds ruling against the SEC for its attempt to hold the company and its CISO responsible.

Short answer: It did not look promising for more disclosure after the CrowdStrike outage, and became almost impossible to imagine anyone holding companies' feet to the fire once former SEC turned defense attorneys became emboldened after the election of Donald Trump in November. Expectations quickly grew that the SEC would reverse course on a lot of enforcement activity that their clients had found overreaching such as the numerous cybersecurity-internal control actions.

CrowdStrike is audited by PwC, out of its San Jose office. The auditor has never cited a material weakness in internal controls for the company, even after the July 2024 IT outage that disrupted air traffic globally.

PwC has noted "Revenue from customer contracts" as a Critical Audit Matter in its opinion for CrowdStrike every year since 2021.

Here are a few things John Gavin at Disclosure Insight thinks should concern you about the new disclosure of SEC and DOJ investigative activity:

· Our work suggests CrowdStrike has known about an SEC investigation since at least January 2025, but waited until June to disclose it publicly. You should immediately ask: What changed? What developments prompted this delayed disclosure? In our experience, such changes often indicate the investigation is not going well.

· Revenue recognition problems are the leading cause of restatements. DOJ and SEC “requests for information” related to revenue recognition was the first item the company disclosed. CrowdStrike did not include this disclosure lightly—they recognize that their revenue recognition practices now represent a material risk.

· Both the SEC and DOJ are involved, which is unusual outside of Foreign Corrupt Practices Act cases. This dual involvement suggests potential criminal exposure, though the exact reasons remain unclear.

· Internal controls risk: In that same 10-Q in which we first learned of SEC/DOJ problems, CrowdStrike did tell us internal controls were effective, as of 30-Apr-2025. Management made a similar claim in the 10-K filed 10-Mar-2025, effective as of 15-Jan-2025. That surprised us and could change. An SEC investigation into revenue recognition significant enough to require disclosure almost certainly involves underlying internal control weaknesses.

Finally, a word on management intent. It appears CrowdStrike aimed to delay disclosure of the SEC/DOJ investigation until after the earnings call. The earnings release and prepared remarks made no mention of the investigation. The disclosure only came in response to an analyst question during the call.

We see this pattern of delayed disclosure too often now. It prevents analysts from asking informed questions during the call and signals a company seeking to limit transparency around material risks.

One more interesting thing that Disclosure Insight posts is the back and forth on that CrowdStrike June conference call, where we first heard the company confirm the SEC and DOJ investigation.

Excerpt From Transcript of CrowdStrike’s Earnings Call on 03-Jun-2025:

Matthew George Hedberg – Analyst, RBC Capital Markets

Congrats on the results. Not an easy environment for sure. George, I wanted to ask about U.S. Fed. I guess how has it been trending? Sort of what's baked into the guide? And if there's any comment that you could make on -- there was a Bloomberg article earlier in May, that would certainly be helpful.

Burt W. Podbere – CrowdStrike CFO

So I'll take the second part of your question, any comments with respect to Bloomberg. So for us, the company and how the -- and how Bloomberg reported what they reported, the company received request for information from the DOJ and the SEC relating to revenue recognition and reporting of ARR for certain transaction -- for certain transactions, the July 19 outage and related matters.

From the CrowdStrike 10-Q filed on 04-Jun-2025:

First disclosure in an SEC filing of SEC/DOJ exposure.

The Company has received requests for information from the U.S. Department of Justice and the U.S. Securities and Exchange Commission relating to the Company’s recognition of revenue and reporting of ARR for transactions with certain customers, the July 19 Incident and related matters. The Company is cooperating and providing information in response to these requests.

The CFO says that in addition to revenue recognition for a specific transaction — we assume the Carahsoft transaction — the SEC and DOJ are also interested in the "reporting of ARR" for that particular transaction.

Take a look at this chart from the newsletter AppEconomyInsights, and you can see why someone might wonder if the company's reporting of ARR or "annual recurring revenue", a non-GAAP metric, might be a little too good to be true.

After the paywall, five things I think you should look at after the Chime IPO on Thursday.