Risk Management

Risk Factors: Time for a Tune-Up

Largely overlooked and disdained by CFOs, these nonfinancial disclosures deserve a close look this year.
Andrew FabensJanuary 11, 2012

Preparing the annual report is a significant effort that consumes many people’s time throughout a company. One section — risk factors — is particularly important but often neglected outside the legal department.

CFOs are inclined to give risk factors less attention than management’s discussion and analysis, which is understandable. They are, by their very nature, distasteful. But these disclosures need tending as well and should be revisited every year. Executives often set too high a bar for overhauling the prior year’s presentation or admitting new risks, while counsel’s fear of provoking the ire of top executives engenders years of tweaks rather than the necessary critical review and analysis that should happen with each annual report.

As a result, risk factors often are overlooked despite their role as a protective counterweight to forward-looking information in the annual report and other corporate communications. There’s a misconception that risk factors detract from a company’s significant positive achievements or are an admission of weakness. In fact, the failure to identify and present candid, complete disclosure of risks can itself mean missing an opportunity to mitigate significant potential securities-law liability. Well-crafted risk factors trigger protection of the “bespeaks caution doctrine” — the securities laws’ version of the commonsense principle that statements or omissions must be considered in the context of any warnings that are part of the disclosure.

A Faster Close with NetSuite ERP

A Faster Close with NetSuite ERP

Learn how Ubiquity Retirement + Savings switched from QuickBooks to NetSuite ERP and brought their close from 21 days to five.

When forward-looking statements are accompanied by the cautions of a good set of risk factors, a reasonable investor should not have a basis to assert that the statements are materially misleading. Risk factors thus can provide a way for companies to prevail in a motion for summary judgment in a lawsuit over disclosure, saving considerable legal fees, uncertainty, and management resources — not to mention potential damages or settlement costs.

Risk factors deserve particular attention these days because good disclosure that is the product of a careful process also can facilitate easier access to rocky and unpredictable capital markets. In uncertain times, increasingly risk-averse investment banks give greater scrutiny to corporate regulatory reports that may not have received intense outside scrutiny since a company’s initial public offering. A well-drafted annual report can ward off challenges in underwriters’ diligence later in the year, avoiding delays that could cost access to a fleeting market window.

Here are four simple checks for ensuring that key nonfinancial portions of the annual report have received due effort and are in good shape:

• Benchmarking. Survey comparable company disclosures, starting with the stock-performance peer group identified in your proxy and adding any other good comparables. Build a matrix of risk factors, with short summaries of each risk, to view the extent to which your risk factors overlap with your peers’ disclosures. Analyze risks that your peers discuss but your company doesn’t. Such lack of disclosure would be particularly hard to defend if the rest of your industry is focused on the issue. Also review your peers’ recent comment letters from the Securities and Exchange Commission to identify the regulator’s hot-button issues.

• Analyst and industry reports. Review analyst reports on your company and industry to consider the risks and challenges analysts and other experts are pointing out. They may be wrong and your company may disagree with the conclusions, but they are worth considering. If they are publicly discussing a risk to company or sector performance that you do not mention but that later comes to pass, your company may have a tough time explaining why it wasn’t addressed in the risk disclosures.

• Risk oversight convergence. As boards’ risk-management oversight functions continue to become more standardized, their work should be coordinated with company disclosures. Although the risk-management discussions with the board may differ from those addressed in the annual report, it would be indefensible if the company’s internal “heat map” of risks showed a severe risk that received little or no attention in its public risk-factor presentation. The opposite is true, too — board engagement is key to getting the most out of good disclosure. Therefore, identify the management-team owner of each risk factor and ensure that the board has regular access to each owner. Be aware that your management reporting structure may drive risk oversight in a manner that differs from clear and concise presentation in the annual report. In other words, you may identify five key risk areas for the board but find they are best conveyed to investors when broken up into more categories.

• Backup. Your disclosure team should consult and review backup each year when updating the annual report. This is key to presenting current and accurate data, of course, but also is a critical step that will avoid speed bumps in capital-markets offerings later in the year. In uncertain markets with limited windows, you cannot afford to slow down a deal while gathering diligence material to support assertions you made in the annual report.

While revisiting risk factors invariably means contemplating unpleasant and unpredictable scenarios, doing so as part of the annual-report process can pay dividends throughout the year — both in mitigating litigation risk and in smoothly accessing uncertain capital markets.

Andrew Fabens is a corporate transactions partner in the New York office of Gibson, Dunn & Crutcher LLP. He regularly advises companies and investment banks on corporate and securities law matters.