April 5 (Bloomberg) — Here’s an unsettling fact for anyone thinking of ever buying shares in a newly public company: Even if its executives know their internal accounting systems are a wreck, they aren’t required to disclose this until after the company goes public.
It is a lesson that Groupon Inc. shareholders have learned the hard way. Groupon shares fell 17 percent on Monday, after the online coupon company said late last week that it had identified a “material weakness” in its internal controls over financial reporting, as of Dec. 31. The Chicago-based company also revised its fourth-quarter results to show lower revenue and a larger loss, after finding errors in its accounting for customer refunds. At $14.54, the stock now sells for 44 percent less than it did after the first day of trading.
Given that Groupon went public only last November, the latest news raises the question: Didn’t Groupon know before its initial public offering that its controls were weak? A company spokesman, Paul Taaffe, declined to comment. Let’s assume for the moment, though, that its executives did know. Even then, they wouldn’t have had to tell investors beforehand.
That’s because there is no requirement to disclose a control weakness in a company’s IPO prospectus. Groupon would have had no obligation to disclose the problem until it filed its first quarterly or annual report as a public company — which is what it did. Sandbagging IPO investors in this manner is perfectly legal, it turns out.
The reason lies with a gaping hole in the Sarbanes-Oxley Act, which Congress passed in 2002 in response to the accounting scandals at Enron Corp. and WorldCom Inc. That statute had two main sections related to companies’ internal controls, which are the systems and processes that companies are supposed to have in place to ensure the information they report is accurate. Those provisions apply only to companies that are public already, not ones that have registered for IPOs.
One section, called 302, requires public companies’ top executives to evaluate each quarter whether their disclosure controls and procedures are effective. The other section, known as 404, is better known. It requires public companies in their annual reports to include assessments by management and outside auditors about the effectiveness of their internal controls over financial reporting. Congress left it to the Securities and Exchange Commission to write the rules implementing those provisions.
Here’s where it gets tricky. Groupon reported the weakness in its financial-reporting controls through a Section 302 disclosure, not a Section 404 report. In other words, the problem was serious enough that it amounted to a shortcoming in the company’s overall disclosure controls.
Groupon won’t have to comply with Section 404’s requirements until its second annual report, due next year, under an exemption the SEC passed in 2006 for newly public companies. Likewise, Groupon’s auditor, Ernst & Young LLP, to date has expressed no opinion on the company’s internal controls in its audit reports.
Groupon’s IPO prospectus cautioned that future disclosures about control weaknesses were possible. It also said the company had only “recently filled a number of positions in our senior management and finance and accounting staff.” However, the prospectus made no representation about whether Groupon’s controls were effective at the time. None was required.