Two former Colorado executives connected to Arrow Electronics were sentenced to federal prison for orchestrating a multi?year fraud scheme that funneled nearly two million dollars from a data management company through a shell consulting entity for work that was never performed.
The Denver?area case involved Michael Vergato, a former vice president at Arrow Electronics, and Mark Perlstein, a Colorado technology executive who served as CEO of the victim data management company during the relevant period.
Between about 2013 and 2020, Vergato created a shell company called Oracle Performance Tuning and Optimization, often referred to as OPTO or similarly styled, and positioned it as a specialized provider of database performance tuning services. Prosecutors and court filings describe how OPTO then submitted a series of contracts and invoices for performance tuning on Oracle E?Business Suite databases that, according to later testimony and records, were never actually performed.
Using his authority as CEO, Perlstein approved OPTO's statements of work and invoices and arranged for payments to be wired from the data management company to the shell entity, effectively causing his own organization to pay for fictitious services.
Evidence presented in the criminal case showed that OPTO had no identifiable employees or contractors, paid no salaries, and issued no contractor tax forms, while the victim company's current leadership testified they could not substantiate any legitimate work associated with the invoices.
Investigators also highlighted that the men concealed their involvement by routing communications through personal email accounts, using additional entities, and even employing a relative's identity in OPTO's documentation, which supported the government's theory of intentional deception.
In all, the data management company paid approximately $1,949,023 to the OPTO entity over the life of the scheme, and that figure became the loss amount used for sentencing and restitution.
Vergato retained roughly $874,000, which he used for personal expenses including luxury vehicles, credit card bills, rent, and retirement savings, while Perlstein personally received more than a million dollars from the diverted funds.
Sources: https://www.denverpost.com/2025/09/08/arrow-electronics-executives-fraud-prison-sentence/ and https://www.justice.gov/usao-co/pr/former-executives-sentenced-19-million-fraud-scheme
Commentary
Shell vendor fraud, as illustrated by the above, is difficult to detect because it mimics the appearance of normal third?party contracting in complex technical environments.
The offenders created a consulting entity with a plausible name, drafted statements of work for specialized Oracle database tuning services that few people internally were qualified to challenge, and routed payments through routine accounts payable processes, allowing nearly $2 million in losses to accumulate over years before investigators unraveled the deception.
This type of loss thrives on information asymmetry and role concentration. The executive who created the shell vendor controlled how the vendor was set up, what services were described, and how invoices were supported, while the CEO–co?conspirator held authority to approve contracts and payments, effectively collapsing segregation of duties and bypassing independent technical validation.
In many organizations, once a vendor is added to the master file and a contract is on record, subsequent invoices receive only cursory review for basic attributes such as amount, coding, and approvals, not for whether the underlying work was actually performed, making a fictitious vendor with fabricated but consistent paperwork very difficult to distinguish from a legitimate consultant.
Shell vendor schemes also exploit gaps in vendor due diligence and monitoring. OPTO did not have identifiable employees, contractor tax forms, or evidence of real operations, yet those red flags were only surfaced later through targeted investigation and tax record review, not through routine vendor onboarding controls.
When vendor risk assessments focus on creditworthiness and sanctions checks but do not systematically test for operational legitimacy - such as verifying staffing, independent references, and evidence of non?captive business activity - entities like OPTO can pass as low?profile niche providers, particularly in IT and specialized professional services.
Data patterns in shell vendor fraud further complicate early detection because the transactions are often engineered to look "normal." In the Arrow?related matter, OPTO issued a series of invoices over several years tied to seemingly specific database performance tasks, with amounts and timing that fit expectations for ongoing consulting arrangements rather than abrupt, one?time spikes that might trigger manual review.
Research on shell?company billing schemes shows that perpetrators often keep invoice values below approval thresholds, use regular intervals, and maintain consistent descriptions, which can evade rule?based alerts unless organizations utilize analytics that compare vendor activity against peers, look for vendors with only one customer, or flag entities with missing or unusual master?file attributes.
The final takeaway is that an effective defense against shell vendor fraud requires independent vendor onboarding, mandatory technical verification of specialized services by someone outside the approval chain, continuous analytics comparing vendor and employee data, and an open reporting culture where staff can safely question unusual vendors or opaque consulting arrangements.
Additional Sources: https://www.govinfo.gov/content/pkg/USCOURTS-cod-1_23-cr-00302/pdf/USCOURTS-cod-1_23-cr-00302-3.pdf
