Top 10 Practice Tips: Risk Factor Disclosures

Posted on 09-12-2018

By: Stuart Gelfond and Joshua Wechsler, Fried, Frank, Harris, Shriver & Jacobson LLP, Hayley Cohen, Tradeweb

Item 503(c) (17 C.F.R. § 229.503) of Regulation S-K requires that an issuer include in its registration statement a risk factor disclosure, which sets forth the possible circumstances or situations that could make investing in a company’s securities risky or speculative. While it is rare that an investor will base its investment decision solely on what is included in the company’s risk factors, risk factors are a key component of a company’s offering document as well as its annual and quarterly reports.

ONE PURPOSE OF RISK FACTORS IS TO EDUCATE POTENTIAL investors on the risks of investing in a business; however, risk factors also serve as a substantial mitigating factor in any lawsuit brought against a company in the event that the company and its securities do not perform as expected. As a result, in addition to being required by the Securities and Exchange Commission (SEC), risk factors are important for liability protection reasons. If an investor loses money on an investment but is properly cautioned about the potential risks of the investment, a court may in certain circumstances find in favor of a defendant company even if the stock price falls dramatically. In addition, the securities laws provide a safe harbor for forward-looking statements if the company has set forth appropriate disclosure regarding the risks and uncertainties that may cause such forward-looking statements to be untrue.

Below are 10 practice points that can help you craft an effective risk factors section to ensure that all relevant risks relating to a company are properly disclosed.

1. Tailor risks applicable to any company.

The SEC has indicated that risks that apply to any company (or any offering) should not be disclosed as risk factors. However, many of the risks that apply across the board to all companies will often impact your company as well, and these types of risks may be among the most material risks faced by your company. Examples of such risks may include failure to compete successfully, dependence on management team, cybersecurity concerns, and general economic and/or consumer spending conditions. You should disclose these types of broad risks in your filings, assuming they are material to you, but you should tailor the risk to your specific business and include a clear explanation as to how each broad risk applies specifically to your company. For example, general economic conditions may impact all companies but housing prices in California may impact your company specifically.

2. Review the risk factors of competitors.

For risk factors associated with the particular industry in which a company participates, reviewing the SEC filings of peers is particularly important. Reviewing these risk factors can help provide ideas for areas that your risk factors should cover as well as ensure that your disclosure is in line with what is currently required by the market for liability purposes. When benchmarking against other companies, define competitor broadly and try to find competitors in each business unit, even if a single competitor is not competitive in each of your business units. Some companies may compete in one or two segments of your business but may have described the risks to those segments separately. In addition, different types of securities may warrant different types of risks. As a result, when reviewing the SEC filings of peers, you should look for filings in which a company is selling similar types of securities. Make sure to also review a competitor’s quarterly reports, which will show changes in risk factors during the year. When there is a significant change in business climate or the law, it can also be helpful to look at the risk factors of other companies that are not necessarily competitors. For example, changes such as the bankruptcy of Lehman Brothers or LIBOR being disbanded have had and will have an impact on most businesses and are described in the risk factors of companies across various industries.

3. Interview management.

Risk factors are intended to provide investors with a sense of management’s perspective on the factors that may adversely impact a company’s business. As a result, it is important to talk to the company’s management about what aspects of the business keep them up at night and compare those concerns to existing risk factors. One would be surprised at how often the two lists do not match. In addition, be sure to interview people with different specialties within the company. The accountants may worry about different things than the individuals focusing on the company’s international business.

4. Review the entire document.

Risk factors should not be drafted in a vacuum. Review the period to period comparisons in the Management’s Discussion and Analysis of Financial Condition and Results of Operations section (MD&A), in particular, to see if there were any negative changes in the periods presented and the cause of such changes. For example, if the MD&A discloses that revenue was up 8% for the year due to increased sales in China offset by currency losses, make sure there is a risk factor on currency issues. Review the company’s balance sheet and note if there are decreases in one category of assets or increases in one category of liabilities as well as the reasons for such changes. Determine when large liabilities, such as long-term debt, are due and discuss with the finance staff how they will be paid. This disclosure may be more appropriate in MD&A but if there is no definitive plan for repayment, that fact should also be described in a risk factor. Examine the company’s long-term debt and make sure key factors are accurately described in the risk factors, including change in control and other items that can accelerate the debt. The risks associated with such long-term debt should also be accurately addressed. You may want to use cross references to other sections in the document when appropriate.

5. Consider both significance and probability.

The SEC requires disclosure of all risks that the company believes are material at the time of disclosure. When determining materiality, you should consider both the significance of the risk and the probability of occurrence of the risk and update general risks to include specific events that have recently happened or are expected to happen. If a risk can be very material but is unlikely, it still may need to be disclosed due to the magnitude of the potential problem. If a risk has already begun to materialize, highlighting it in the abstract may not be sufficient. One needs to discuss the specific facts that are occurring (e.g., it is not enough to say that the weather may impact the business when the flood in Houston from Hurricane Harvey has shut down a plant). In addition, when considering risks relating to litigation, the decision to include a risk factor cannot be based solely on the probability of prevailing in the case, but must also take into account the significance of a negative outcome, both from a strictly monetary perspective as well as other potential impacts on the business.

6. When in doubt, disclose.

If you are not sure whether a risk is material, you should err on the side of caution and disclose it. As discussed above, risk factors, and risk disclosure generally, often satisfy the dual purpose of serving as cautionary language for purposes of the Private Securities Litigation Reform Act of 1995 safe harbor and the bespeaks caution doctrine as well as compliance with Item 503(c) of Regulation S-K. As a result, additional disclosure of risks can play an important role in staving off antifraud liability and regulatory action for non-compliance.

7. Stick to the risks.

Risk factors are intended to note the risks that a company faces, and the section should not be used to explain mitigating factors associated with a given risk. Minimizing or eliminating risks with caveats often reduces the protection afforded to the company by the disclosure and is a perennial hot-button issue with the SEC. If you feel that such explanations are warranted, they should be addressed in the MD&A or Business section. In addition, if the mitigating factors are significant, consider that the risk may not be material and may not need to be disclosed.

8. Choose captions carefully.

The SEC often comments not only on the types of risks disclosed, but the language used to describe those risks. The SEC and courts have previously commented on the inadequacy of risk factor captions when they are not specific enough or adequately descriptive of the risk discussed in the accompanying text. As a result, each risk factor should, in plain English, have an appropriate caption that adequately describes the risk as well as the primary effects that the risks may have on the company’s business, financial condition, or results of operations. If a risk factor discusses many risks, it may be prudent to break the risk factor into multiple risk factors, each with a separate caption discussing a separate risk.

9. Organize your risk factors.

Risk factors should be organized logically and should be broken into subsections relating to industry risk, company risk, and investment risk, which will make it easier for investors and the SEC to follow. In addition, risks should generally be listed from the most significant to the least significant. Items that pose the greatest risk to the company or are of the greatest concern to management should be included early in the list of risk factors.

10. Update in future filings.

While the risks set forth in an offering document generally speak to the date of the document (and any obligation to update that document other than as required by law can be disclaimed), companies are required to update risk factors included in their Form 10-K and subsequent Form 10-Qs, to the extent applicable. Regardless of the requirement to update, the drafter of the risk factors section and the company’s disclosure committee should regularly review the company’s risks at least quarterly and update the risk factor section in each periodic filing. Note that updating risk factors may include not only adding risk factors to address new material risks that may have arisen, but may also require editing or removing existing risk factors that are no longer material and reordering risk factors to reflect changes in priorities, as necessary (although deleting risk factors is not generally market practice for filings made on Form 10-Q). Some companies have included all of its risk factors in each quarter; however, in our experience, most companies just include its updated risks in quarterly filings.

Stuart H. Gelfond is a partner at Fried Frank and co-head of the firm’s Capital Markets practice. Mr. Gelfond concentrates his practice on corporate finance transactions, including representation of issuers and underwriters in domestic and international highyield, investment-grade, and convertible debt offerings, acquisition financings, and IPOs. Mr. Gelfond has extensive experience serving as counsel to corporations and broker-dealers on securities, corporate governance, and other regulatory issues. He has also been actively involved in corporate restructurings, including acting as lead counsel to ACA Capital Holdings and Sonic Automotive in their corporate reorganizations. He also regularly represents clients in private equity and acquisition transactions. Joshua Wechsler is a corporate partner in Fried Frank’s New York office. Mr. Wechsler concentrates his practice in corporate finance and the U.S. securities laws, representing issuers, underwriters, and sponsors in a variety of financing transactions, including initial public offerings, private placements, high-yield debt offerings, and cross-border financings. Mr. Wechsler has represented an array of underwriters including Bank of America Merrill Lynch, Credit Suisse, Goldman Sachs, JP Morgan, and UBS. Mr. Wechsler served as a staff attorney in the SEC’s Division of Corporation Finance from 1994 to 1997. Hayley Cohen was an associate at Fried, Frank, Harris, Shriver & Jacobson, LLP focusing on capital markets transactions, as well as governance and securities law reporting. She is currently corporate counsel at Tradeweb Markets LLC.

To find this article in Lexis Practice Advisor, follow this research path:

RESEARCH PATH: Capital Markets & Corporate Governance > IPOS > Conducting an IPO > Practice Notes

Related Content

For advice on drafting or reviewing risk factors for a registration statement, see


RESEARCH PATH: Capital Markets & Corporate Governance > IPOs > Drafting the Registration Statement > Practice Notes

For a sample risk factor form describing cybersecurity issues that may be included in a public company’s registration statement, see


RESEARCH PATH: Capital Markets & Corporate Governance > IPOs > Drafting the Registration Statement > Forms

For information on drafting the risk factor disclosure for an Form S-1 registration statement, see


RESEARCH PATH: Capital Markets & Corporate Governance > IPOs > Drafting the Registration Statement > Practice Notes

For guidance on describing the relevant risk factors that should be included in Form 10 under Section 12 of the Securities Exchange Act of 1934, see


RESEARCH PATH: Capital Markets & Corporate Governance > Registration under the Exchange Act > Section 12 Registration > Practice Notes

For a list of practice points that issuers and counsel need to consider during the registration process, see


RESEARCH PATH: Capital Markets & Corporate Governance > IPOs > Drafting the Registration Statement > Practice Notes

For a detailed overview of the laws, rules, and regulations applicable to securities offerings registered under the Securities Act of 1933, see


RESEARCH PATH: Capital Markets & Corporate Governance > IPOS > Conducting an IPO > Practice Notes