TheCorporateCounsel.net

After a few years of ballooning risk factor disclosure despite the SEC’s “modernization” rules, the length of risk factors seemed to stabilize in 2023, at least in the S&P 500. Deloitte and the USC Marshall Arkley Institute for Risk Management have analyzed S&P 500 risk factors since 2021 to understand how the SEC’s 2020 amendments impacted those disclosures. This HLS blog discusses the findings from their latest review, which covered 440 S&P 500 companies that have filed three annual reports between November 2020 and May 2023 and looked for trends in this third 10-K since the amended rules. Here are some stats on the risk factor disclosures generally:

– Risk factor length is holding stable after increasing in prior years, with average lengths of 13.5 pages and 31.5 risk factors
– Only about a quarter of the companies had to include a summary, which averaged 1.5 pages long
– Organization of the risk factors section hasn’t changed much during the period:
          – Average number of headings was five in all three years
          – Average number of risk factors per heading was six in all three years
          – 64% of companies used the same number of headings all three years
          – Contrary to the SEC’s advice, nearly one-third of the companies still used a general risk factors heading, which included an average of five risk factors

The blog has a few simple recommendations for making risk factors more digestible. It encourages the use of plain English and descriptive headings but has very specific suggestions on how to do that:

Shorten sentence length. We have now reviewed four reporting seasons of risk factor disclosures. The SEC’s amended risk factor disclosure requirements have overall not prompted our largest public companies to make their disclosures more readable, a key purpose of these requirements.[16] We believe the greatest salve to readability would be for companies to decrease the number of words in each sentence in line with Plain English standards for sentence length (no more than 20 words per sentence).[17] Companies could start this exercise by shortening their subcaptions.

Use risk taxonomies from ERM program for headings. Companies continue to use generic headings, such as “business” risks, “industry” risks, and “operations” risks. To bring more specificity to headings and enhance readability, companies could rely on their internal taxonomies used to catalogue risks for their ERM and risk reporting to management and boards of directors. This could lead to the more integrated external and internal reporting the SEC sought in the revised risk factor disclosure rules. Avoid generic risks. The SEC suggested in its amended requirements that companies avoid using a “General Risk Factors” heading. However, one-third of companies have used this heading in the past three reporting seasons.[18] If companies are disclosing these “general” risks to their management and boards, companies could use the more descriptive headings they use in their risk taxonomies for management and board reporting.

– Meredith Ervine