Last week the Securities and Exchange Commission took its first enforcement action against a special purpose acquisition company (SPAC), in a case involving poor due diligence and misleading disclosures to investors. We should expect more such cases in the future, but there’s also another realm of compliance risk for SPACs that needs more attention.
The risk of accounting fraud and poor internal controls.
Last week’s enforcement action, against Stable Road Acquisition Corp. and the space technology company Momentus that Stable Road was trying to acquire, had nothing to do with accounting fraud. That case was all about Stable Road rushing to acquire Momentus as quickly as possible, which led to Stable Road rushing right past questions about Momentus’ technology and the role of its CEO, Mikhail Kokorich, a Russian national flagged as a national security risk by other U.S. regulators.
The allegations against Stable Road and Momentus were alarming, so we should be glad the SEC brought the case. (Both businesses agreed to settle the charges and paid a total of $8 million in civil penalties; an SEC complaint against Kokorich is pending in court.)
But Stable Road and Momentus are just an example of what’s likely to be the first act of SEC enforcement: cases involving slapdash merger plans that SPACs blow up investors’ backsides.
My question is whether — or, honestly, when — we’re going to see a second act of SEC enforcement: cases involving accounting fraud or financial restatements for SPAC deals that already closed, and then foisted baloney numbers onto the investing public for some period of time.
In that case, a much better example of SPAC risk is the plight of Lordstown Motors, the electric vehicle startup that went public via a SPAC merger last fall. Lordstown recently disclosed that its disclosures about preorder sales for its electric pickup truck were inaccurate; and restated its financial results; and sent its now-former CEO and several other senior executives packing in June. Now the company is under investigation by both the SEC and the Justice Department.
So what’s more likely to happen: that regulators intercept preposterous SPAC deals before such deals close, as we saw with Stable Road? Or that regulators chase down the misconduct after it happens, as we see with Lordstown?
Please be as cynical as possible when you answer that question.
SPAC-tacularly Unprepared for Public Life
The issue here is how much SPACs and their merger targets in the private world are prepared for life as a publicly traded company — for the enormous compliance obligations around internal controls over financial reporting (ICFR) and disclosure controls and procedures.
SPACs sprouted like weeds in 2020, and then even faster in the first quarter of 2021. How many of those outfits implemented strong ICFR and disclosure controls along the way? Especially considering that the accounting for SPACs isn’t all that complicated; you put most of investors’ money in a trust account and leave it there.
Meanwhile, how many private company merger targets have established strong ICFR and disclosure controls, so that they can pivot seamlessly into life as a public company? Especially if these firms are early-stage ventures (as Momentus was) or are racing through a high-growth phase? Not many, I’m willing to bet.
Stable Road is instructive here again. The SPAC originally formed with dreams of acquiring its way into the legalized weed business; when no such lucrative merger deals could be found, Stable Road’s CEO Brian Kabot shifted the SPAC’s focus to, well, whatever promising deal Stable Road could find.
Does anyone believe a SPAC shifting its focus so radically can evaluate a target’s ICFR with skill? Does anyone believe early-stage businesses devote much thought to internal control, rather than the lure of an acquisition and a large cash payout for the founders?
I mean, even the long answer to those questions is no.
Back to Enforcement
The compliance risks here are substantial. The SEC has made clear that it expects SPAC acquisitions to be in compliance with all relevant federal securities rules from the very first day a newly “de-SPACed” company begins trading.
Well, that means somebody has to anticipate those heightened ICFR and disclosure duties. I’m just skeptical that either the SPAC or the target will be competent enough to do that work, especially in the compressed timeframe that SPAC merger deals usually entail (three or four months, compared to the 12 to 18 months for a traditional IPO).
Moreover, we haven’t even mentioned the pandemic’s role in skewing ICFR effectiveness. That matters a lot, because the pandemic struck in 2020, which is the year of financial transactions that lots of SPACs are using to make judgments about merger deals and to cite to investors.
My fear is that lots of businesses went a bit easy on ICFR in 2020, as they re-jiggered business processes and internal controls to accommodate remote work, layoffs, economic uncertainty, and other variables.
Unto itself, going easy on ICFR and testing of key controls for one specific, pandemic-driven year might not be a disaster, if that year wasn’t going to coincide with a hyperactive merger market driven by SPACs desperate to close deals.
Except, that is what happened. The ICFR of these private-company merger targets might be a rickety mess thanks to the pandemic, and while they’re still standing today, they could collapse into a pile of material weaknesses in 2022 or beyond — leaving investors holding the bag.
What would all that mean for securities enforcement in 2022 or 2023? I dunno, but I’ll be there with popcorn when that day comes.