A $35 Million Control Failure: What the Shetty Fraud Case Tells Institutions

In March 2026, former Fabric CFO Nevin Shetty was sentenced to two years in federal prison for wire fraud. Over the course of his tenure, he misappropriated $35 million of company capital into a personal investment operation — without board knowledge or authorisation. The case is a direct illustration of what governance and control failures cost.

The Facts

Nevin Shetty joined Seattle-based software company Fabric as CFO in March 2021. He helped draft the company's own investment policy, which mandated conservative, low-risk capital deployment. Despite that, he redirected $35 million of company funds into high-risk speculative investments through a privately held vehicle, HighTower Treasury, which he controlled.

Neither Fabric's executives nor its board were informed. The transfers were conducted without authorisation and outside the bounds of the policy Shetty himself had authored.

Initially, the positions generated a modest $133,000 return. In May 2022, the collapse of the Terra ecosystem wiped out nearly the entire position. The financial damage forced Fabric to lay off 60 employees. Shetty was subsequently convicted on four counts of wire fraud.

Former startup CFO gets 2 years in prison for wire fraud, crypto-scheme that cost company $35M | DOJ Press Release

What the Case Exposes

Three control failures compounded to produce this outcome.

1. Policy without enforcement. Fabric had an investment policy. Shetty wrote it. Its existence did not prevent the breach — because no independent mechanism verified that treasury activity conformed to it. A written policy that is not tested against actual cash flows is not a control; it is a document.

2. Absent board visibility. A CFO was able to transfer $35 million across multiple transactions over an extended period with no board-level detection. That is a structural gap in financial oversight, not an isolated lapse. Boards and audit committees require timely, independently prepared reporting on treasury positions and material capital movements to discharge their oversight function.

3. Inadequate counterparty and personnel diligence. Shetty's conflict of interest — operating a personal investment vehicle while directing company capital — was not identified prior to or during his tenure. Thorough diligence on principals with fiduciary authority, including review of outside business interests, is a basic precaution that this case demonstrates cannot be treated as optional.

Practical Implications for Institutions

The lessons here are not novel, but the Shetty case gives them concrete form.

• Enforce the investment policy, not just its existence. Regular, independent reconciliation of treasury activity against authorised parameters is the mechanism that makes a policy operational.
• Require board-level transparency on capital deployment. Material movements of company capital should be subject to independent reporting lines that do not pass solely through the officer responsible for executing them.
• Conduct structured diligence on fiduciary appointments. Background review, conflict-of-interest declarations, and ongoing disclosure obligations for senior financial officers are proportionate to the authority they hold.
• Calibrate risk exposure to mandate. Speculative, illiquid, or highly volatile positions have no place in a treasury portfolio governed by a conservative mandate. When investment policy and actual practice diverge, the divergence should be visible — and consequential.

Context

The Shetty case is not isolated. A separate Seattle-area fraud involving a technology employee — sentenced to three years for misappropriating employer and third-party funds for personal use — underscores that this pattern of conduct is recurring, not exceptional. Both cases reinforce that sound financial governance is a structural requirement, not a periodic exercise.

FAQs

How can institutions reduce exposure to this class of fraud? Through layered controls: independent reconciliation of treasury activity, board-level reporting on capital deployment, structured diligence on fiduciary appointments, and a clear escalation path for employees who identify policy breaches.

What is the risk when investment practice diverges from investment mandate? Significant. Undisclosed deviation from an authorised investment policy creates legal, financial, and reputational exposure — compounded when the deviation involves speculative or illiquid positions that cannot be unwound quickly under adverse conditions.

Why does transparency in financial operations matter to investors and counterparties? Because it is the basis on which they extend trust and capital. Institutions that can demonstrate rigorous, independently verified financial governance are materially better positioned to attract and retain institutional relationships.