On April 13, 2016, the SEC issued a Concept Release, Business and Financial Disclosure Required by Regulation S-K. In this release, which is part of the SEC’s initiative to review and improve its disclosure requirements, the SEC is seeking comments on whether its “business and financial disclosure requirements continue to elicit important information for investors and how registrants can most effectively present this information.” The Concept Release covers a wide range of topics, however, this blog post focuses on the SEC’s concerns about risk factor disclosures. Item 503(c) of Regulation S-K currently requires “disclosure of the most significant factors that make an investment in a registrant’s securities speculative or risky and specifies that the discussion should be concise and organized logically.”
Except for five specific examples of risk factors suggested by the SEC in Item 503(c) (the company’s lack of operating history, lack of profitable operations in recent periods, financial position, business or proposed business and lack of a market in the company’s securities), risk factor disclosure is principles-based. It is interesting to note that these five factors specified in Item 503(c) have not changed since the SEC published its initial guidance on risk factor disclosure in 1964.
In the Concept Release, the SEC focused on ways to improve risk factor disclosure. Some of the SEC suggestions on which it requested comments would require significant additional disclosures from the companies, if adopted. For example, the SEC is inquiring whether it should require companies to:
- accompany each risk factor by a specific discussion of how the company is addressing the risk;
- discuss the probability of occurrence and the effect on performance for each risk factor;
- describe assessment of risks;
- disclose the specific facts and circumstances that make a given risk material to the company;
- present risk factors in order of management’s perception of the magnitude of the risk or by order of importance to management; and
- identify and disclose ten most significant risk factors (without limiting the total number of risk factors disclosed).
The SEC is struggling with the lengthy risk factor sections in the filings, especially in light of its current requirement that the risk factor discussion should be concise, and a proliferation of generic risks when Item 503(c) requires companies not to present risks that apply to any issuer or any offering. The SEC is looking for a meaningful way to identify significant risk factors specific to a particular company and asking for comment on whether:
- the SEC should specify generic risks that companies are not required to disclose;
- certain risk factors should be included in a separate section of the filing or in an exhibit to distinguish them from the most significant risks; and
- there should be a risk factors summary in addition to the complete disclosure.
The SEC recognizes that the risk profile of a public company is constantly changing and evolving. For example, today, companies face risks associated with cybersecurity and climate change which did not exist when the original risk factor disclosure was being developed. Any meaningful changes to risk factor disclosure will have to go through a rule-making process. It will be interesting to see which revisions to risk factor disclosures will be actually implemented.