April 5 (Bloomberg) — Here’s an unsettling fact for anyone thinking of ever buying shares in a newly public company: Even if its executives know their internal accounting systems are a wreck, they aren’t required to disclose this until after the company goes public.
It is a lesson that Groupon Inc. shareholders have learned the hard way. Groupon shares fell 17 percent on Monday, after the online coupon company said late last week that it had identified a “material weakness” in its internal controls over financial reporting, as of Dec. 31. The Chicago-based company also revised its fourth-quarter results to show lower revenue and a larger loss, after finding errors in its accounting for customer refunds. At $14.54, the stock now sells for 44 percent less than it did after the first day of trading.
Given that Groupon went public only last November, the latest news raises the question: Didn’t Groupon know before its initial public offering that its controls were weak? A company spokesman, Paul Taaffe, declined to comment. Let’s assume for the moment, though, that its executives did know. Even then, they wouldn’t have had to tell investors beforehand.
That’s because there is no requirement to disclose a control weakness in a company’s IPO prospectus. Groupon would have had no obligation to disclose the problem until it filed its first quarterly or annual report as a public company — which is what it did. Sandbagging IPO investors in this manner is perfectly legal, it turns out.
The reason lies with a gaping hole in the Sarbanes-Oxley Act, which Congress passed in 2002 in response to the accounting scandals at Enron Corp. and WorldCom Inc. That statute had two main sections related to companies’ internal controls, which are the systems and processes that companies are supposed to have in place to ensure the information they report is accurate. Those provisions apply only to companies that are public already, not ones that have registered for IPOs.
One section, called 302, requires public companies’ top executives to evaluate each quarter whether their disclosure controls and procedures are effective. The other section, known as 404, is better known. It requires public companies in their annual reports to include assessments by management and outside auditors about the effectiveness of their internal controls over financial reporting. Congress left it to the Securities and Exchange Commission to write the rules implementing those provisions.
Here’s where it gets tricky. Groupon reported the weakness in its financial-reporting controls through a Section 302 disclosure, not a Section 404 report. In other words, the problem was serious enough that it amounted to a shortcoming in the company’s overall disclosure controls.
Groupon won’t have to comply with Section 404’s requirements until its second annual report, due next year, under an exemption the SEC passed in 2006 for newly public companies. Likewise, Groupon’s auditor, Ernst & Young LLP, to date has expressed no opinion on the company’s internal controls in its audit reports.
Groupon’s IPO prospectus cautioned that future disclosures about control weaknesses were possible. It also said the company had only “recently filled a number of positions in our senior management and finance and accounting staff.” However, the prospectus made no representation about whether Groupon’s controls were effective at the time. None was required.
An SEC spokeswoman, Judith Burns, confirmed: “There is no requirement to disclose a material weakness in the prospectus.” She was speaking broadly, not about any specific company.
Give credit where it’s due: Two writers who made the perfect call on Groupon are Anthony Catanach, an accounting professor at Villanova University, and Edward Ketz, an accounting professor at Pennsylvania State University.
“It is absolutely ludicrous to think that Groupon is anywhere close to having an effective set of internal controls over financial reporting, having done 17 acquisitions in a little over a year,” the pair wrote in an Aug. 24 article on their blog, Grumpy Old Accountants. “When a company expands to 45 countries, grows merchants from 212 to 78,466, and expands its employee base from 37 to 9,625 in only two years, there is little doubt that internal controls are not working somewhere.”
Even before going public, Groupon restated its financial reports in September to correct errors in the way it reported revenue, which slashed 2010 sales to $312.9 million from $713.4 million. That alone should have flagged to investors that Groupon’s controls were lacking. Nonetheless, the stock market this week acted like it was surprised.
The debacle at Groupon understandably has drawn comparisons with the new securities legislation that President Barack Obama is scheduled to sign into law today. The act lets newly public companies go five years without providing internal-control reports by outside auditors, as long as annual revenue is less than $1 billion. (Groupon reported 2011 revenue of $1.6 billion.) The change comes after the Dodd-Frank Act in 2010 permanently exempted companies with less than $75 million of freely tradable shares from meeting this requirement — which means most U.S. public companies.
The new law will reduce disclosure obligations in many other ways. Pre-IPO correspondence between companies and the SEC’s staff initially would be stamped secret, for example. The act is a lurch in the opposite direction of what is needed.
Let’s not fool ourselves, though. The existing protections for IPO investors were feeble before the new law. That Groupon could stay mum for so long about any control weaknesses it had, legally, is merely the latest evidence. There is only one solution for investors who aren’t insiders: Don’t ever buy stock in a company that just went public.
(Jonathan Weil is a Bloomberg View columnist. The opinions expressed are his own.)