Corporate Risk Disclosures Wordy, Lack Detail: Report

Bloomberg BNA’s Corporate Law & Accountability Report is available on the Corporate Law Resource Center. This news service keeps corporate practitioners informed of legal developments of...

By Che Odom

Jan. 22 — Risk disclosures in Securities and Exchange Commission filings typically are too long, offer few details and provide little insight to shareholders, a new report says.

The analysis, “The Corporate Risk Factor Disclosure Landscape,” is based on a review of 50 large companies conducted by the Investor Responsibility Research Center Institute (IRRCi) and Ernst & Young LLP.

Corporate disclosures “read like a laundry list of generic risks couched in legalese and lacking meaningful specificity,” IRRCi Executive Director Jon Lukomnik said in a Jan. 21 release announcing the report, issued the same day. “This is not helpful for investors trying to understand corporate risks, and it certainly does not enable investors to distinguish between the relative risk profile of different companies or the relative importance of the risks on the laundry list.”

Companies can do a better job by describing the nature and intensity of key risks as well as the likelihood that they may occur, tightening up their language and removing “boilerplate” provisions, the IRRCi report said.

The report observed that corporations with lower risk profiles in particular could reduce the extent and number of risk factors disclosed.

Length of Disclosures

Risk-factor sections in Forms 10-K average eight pages in length and may range from two to more than 20 pages for individual companies, so there is a wide variation in the length and number of risk factors disclosed, the report continued.

Some companies identify a handful of risks, while others cover 50 or more, it said.

Certain risk factors, such as capital markets, economic conditions, competition, finance, growth strategies and legal liabilities, appear standard, the report said. “The seeming universality of these risk factor categories raises the question of to what extent the risk disclosure language is company-specific.”

Cybersecurity Reporting

On a positive note, the report found that companies are responding to concerns raised by policy makers and shareholders about cybersecurity.

Companies now are providing “more robust information on the extent, impact and management of cyber risks,” Lukomnik said in the release.

Lukomnik added that cyber disclosures could serve as an “example of the direction companies could take” in disclosing and explaining their risks. However, “there is still so much more that can be done across all areas of disclosure,” he said.

On SEC Radar

Meanwhile, the SEC has long focused on the quality of corporate risk disclosures.

In April 2014, Keith Higgins, director of the SEC's Division of Corporation Finance, remarked at an American Bar Association meeting that risk-factor disclosures often exceed 30 pages and that companies could be more concise, thereby allowing investors to zero in on the material risks (73 DER EE-4, 4/16/14).

To contact the reporter on this story: Che Odom in Washington at

To contact the editor responsible for this story: Yin Wilczek at

For More Information