SEC Risk Factor Disclosure Rules

Dean Kingsley is Principal and Matt Solomon is Manager in Enterprise Risk Management at Deloitte & Touche LLP; and Kristen Jaconi is Associate Professor of the Practice in Accounting and Director of the Risk Management Program at the University of Southern California Leventhal School of Accounting. This post is based on their Deloitte + USC Leventhal School of Accounting Risk Management Program report. Related research from the Program on Corporate Governance includes The Illusory Promise of Stakeholder Governance (discussed on the Forum here) and Will Corporations Deliver Value to All Stakeholders?, both by Lucian A. Bebchuk and Roberto Tallarita; For Whom Corporate Leaders Bargain by Lucian A. Bebchuk, Kobi Kastiel, and Roberto Tallarita (discussed on the Forum here); and Restoration: The Role Stakeholder Governance Must Play in Recreating a Fair and Sustainable American Economy—A Reply to Professor Rock by Leo E. Strine, Jr. (discussed on the Forum here).

The level of risk and uncertainty faced by the world, its citizens, and its companies over the past two years is unprecedented in the modern era and shows no sign of abating. From multiple waves of the worst global pandemic in 100 years to large scale supply chain and labor market disruptions, social unrest and agitation for change, a quickly worsening climate crisis, crippling cyber attacks, extreme political instability, and investor activism, companies have been challenged as rarely before to predict, prepare, and respond to risk events.

It is in this unique risk management environment that the Securities and Exchange Commission (SEC) has asked registrants to reconsider their approach to risk factor disclosures in their SEC filings, to enable appropriate and thoughtful analysis by the investment community and other stakeholders. In order to understand the impact of these changes, Deloitte and the Risk Management Program at the University of Southern California’s Leventhal School of Accounting are conducting a series of analyses on the risk factor disclosures filed by the Standard & Poor’s (S&P) 500 companies.

We published our initial results in March 2021, Many companies struggle to adopt spirit of amended SEC risk disclosure rules, reviewing 88 companies that had filed their annual reports by early February 2021. Now considering the risk factor disclosures of 439 S&P 500 companies that filed their annual reports between November 9, 2020 and May 15, 2021, [1] this post identifies key trends, including an analysis of disclosures across different industries and a deep dive into two specific risk domains currently being highly scrutinized by regulators, investors, and society—climate change and human capital. And we have provided recommendations for companies to consider in the 2021 reporting season to further improve the quality of their risk factor disclosures, such as an opportunity to leverage existing enterprise risk management (ERM) and emerging environmental, social, and governance (ESG) reporting practices for their risk factor disclosure process.

Understanding the SEC Rule Changes

To address increasingly lengthy and generic risk factor disclosures the SEC introduced three changes to the rules governing these disclosures in SEC filings as follows:

Topic Rule Text What It Means
Disclosure of “Material” Risks Where appropriate, provide under the caption “Risk Factors” a discussion of the material factors that make an investment in the registrant or offering speculative or risky. (§229.105(a)) To focus risk factor disclosures, companies should disclose only “material” risks, those “to which reasonable investors would attach importance in making investment or voting decisions.” [2] The previous rule required the disclosure of an organization’s “most significant” risks.
Use of Headings This discussion must be organized logically with relevant headings and each risk factor should be set forth under a subcaption that adequately describes the risk. The presentation of risks that could apply generically to any registrant or any offering is discouraged, but to the extent generic risk factors are presented, disclose them at the end of the risk factor section under the caption “General Risk Factors.” (§229.105(a)) To improve the organization and readability of risk factors, companies should place risk factors into

related groupings under headings, with generic risk factors grouped together under a “General Risk Factors” heading.

Risk Factor Summaries for Longer Disclosures Concisely explain how each risk affects the registrant or the securities being offered. If the discussion is longer than 15 pages, include in the forepart of the prospectus or annual report, as applicable, a series of concise, bulleted or numbered statements that is no more than two pages summarizing the principal factors that make an investment in the registrant or offering speculative or risky. (§229.105(b)) To “enhance the readability and usefulness” of risk factor disclosures, companies with risk factor disclosures that are more than 15 pages must include a summary of their risk factors of no more than two pages. [3]

Analysis of rules adoption

To assess the adoption of the amended requirements, we have reviewed the risk factor disclosures in 439 S&P 500 companies’ annual reports filed as of May 15, 2021. [4] Key findings, which reaffirm those of our March 2021 report, are as follows: [5]

The number of pages did not decrease as intended.

  • 79% of companies actually increased the number of pages. The average number of pages is now about 13 per company, up from about 12 before the amendments. Although the inclusion of risk factor summaries and COVID-19 risks accounted for some of this increase, even excluding the risk factor summaries, the average number of pages still increased to over 12.5. On average, the rule changes did not “shorten the length of the risk factor discussion” as the SEC thought it might. [6]
  • The sectors with the highest average number of pages were Health Care, Financials, Real Estate, and Information Technology, the lowest, Materials and Industrials.
  • Almost all sectors increased the number of pages year over year, with Energy, Health Care, and Financials increasing the most. Communication Services however significantly decreased its number of pages.

Source: Deloitte and USC Risk Management Program Analysis

The number of risk factors also did not decrease.

  • 64% of companies also increased the number of risk factors, for an average of 30.6 risk factors per company compared to 30.1 before the amendments. The change from disclosure of “most significant” to “material” risk factors under the revised rules seemed to have no impact on the average number of risk factors.
  • As a sector, Real Estate disclosed the greatest average number of risk factors, and Industrials, the least. Communication Services showed the greatest decrease and Energy, the greatest increase.

Source: Deloitte and USC Risk Management Program Analysis

Most companies did not need to include a risk factor summary, and most that were required to include a summary bulleted verbatim and lengthy risk factor subcaptions.

  • Although the SEC estimated that 40% of registrants would exceed the 15-page threshold and require a summary, [7] only 19% of 439 S&P 500 companies did. Fourteen companies included a summary even though their disclosures did not exceed the threshold.
  • Thirty-two companies reduced their number of pages from over 15 pages before the SEC rule amendments to 15 pages or under this reporting season and only one of those companies included a summary. This reduction reflects the SEC’s prediction that the summary requirement “may create an incentive for registrants to reduce the length of their risk factor discussion to avoid triggering the summary requirement.” [8]
  • The average number of pages for the summaries was 1.5 pages, with a range from .25 to 2.25 pages.
  • The Financials and Health Care sectors included the most companies providing summaries, which is consistent with the fact that these sectors had amongst the largest number of pages.
  • Nearly all companies followed the SEC mandate to use “bulleted or numbered statements.” [9] However, one company wrote short paragraphs of two to five sentences under each heading used in the risk factor section, mentioning over half of its risk factors. Another company used a table and another, icons to align with key risk factor topics. No company used numbered statements.
  • Most companies included all or most of their risk factor subcaptions (often verbatim and in the same order as in the risk factors section), rather than including a prioritized and concise list as suggested by the SEC. [10] However, 21 companies prioritized risk factors or listed less than half their risk factors.
  • Although over 60 companies located their summaries at the start of “Item 1A. Risk Factors,” over 20 located the summaries elsewhere, including after or within the Note to Forward-Looking Statements. A few companies located the summary in “Item 1. Business.”

Headings are being used, but they are often very generic.

  • Nearly one-half of companies began using headings for the first time and, of the 230 companies previously using headings, 133 increased the number of headings used. Six companies did not comply with the requirement.
  • The average number of headings per company was five. The Communication Services sector had the least average number of headings, the Financials sector, the most.
  • The average number of risk factors per heading was six. However, over 70 companies included 20 and up to 47 risk factors under one heading, clearly not meeting the SEC’s expectations of headings improving “readability.” [11] The Consumers Staples sector had the least average number of risk factors per heading, the Real Estate sector, the most.

Source: Deloitte and USC Risk Management Program Analysis

Source: Deloitte and USC Risk Management Program Analysis

  • The most common heading categories were variants of legal, regulatory, and compliance; operational; market; business; COVID-19; cyber, information technology, data security, privacy; economic and macroeconomic conditions; strategic transactions; common stock; financial; strategic; indebtedness; industry; intellectual property; and tax and accounting.

One-third of companies used a “general risk factors” heading, contrary to the SEC’s advice. [12]

  • Companies used an average of just under five risk factors under the general risk factors heading and a range of one to 19. The Consumer Discretionary sector had the least average number of risk factors under the general risk factors heading, the Materials sector, the most.

Source: Deloitte and USC Risk Management Program Analysis

  • The most common risk factors included under the general risk factors heading were: recruitment and retention of talent; cybersecurity; stock price volatility; litigation and/or regulatory investigation; natural and man-made disasters; COVID-19; accounting standard changes; tax law changes; inability to access capital; financial reporting internal control weakness; strategic transactions; inability to pay dividends and/or repurchase shares; exchange rate fluctuations; restrictive change-of-control provisions; asset or goodwill impairment; international operations; lack of adequate insurance coverage; and adverse economic conditions.
  • All of these general risks mentioned above other companies have included under other heading categories, such as operational; business; common stock; industry; COVID-19; legal, regulatory, and compliance; and financial.

Insights on climate change and human capital risk factors

The SEC Chair and SEC staff have mentioned several times this year the agency’s intention to issue proposed disclosure rules on climate risk and human capital. [13] Given this regulatory focus, we reviewed specific risk factor disclosures on climate change and human capital to understand what information the 439 S&P 500 companies were disclosing and, in particular, how certain companies were making their disclosures less generic and more specific in the spirit of the SEC’s amended rules.

Specificity in risk factors may be all the more important due to two recent SEC actions: First, in August 2021, the SEC brought an enforcement action against an educational services provider for its “misleading” cyber risk factor disclosure. The SEC stated that the company’s “risk factor disclosure implied that [the company] faced the hypothetical risk that a ‘data privacy incident’ ‘could result in a major data privacy or confidentiality breach’ but did not disclose that [the company] had in fact already experienced such a data breach.” [14] Second, in September 2021, the SEC’s Division of Corporation Finance issued a sample letter being sent to companies requesting additional climate change disclosure in their risk factors and Management’s Discussion and Analysis of Financial Condition and Results of Operations. [15] Regarding risk factor disclosures, the SEC specifically mentioned the need to disclose transition risks and material litigation risks related to climate change, including “policy and regulatory changes that could impose operational and compliance burdens, market trends that may alter business opportunities, credit risks, or technological changes.” [16]

In addition, we provided sector information on these risk factors given, particularly, the recognition by the SEC that sector-specific climate disclosure may be justified. [17]

Climate change risk factors. We reviewed risk factors whose subcaptions mentioned climate change. The subcaptions were generally a variant of the following: Climate change could adversely impact our business and results of operations or regulations related to climate change could adversely impact our business and results of operations. Many of the topics included in the climate change risk factors, such as climate change legislation, regulation, and international accords, the physical and reputational risks associated with climate change, and the impact on consumer demand, the SEC had suggested previously in its 2010 Commission Guidance Regarding Disclosure Related to Climate Change [18] may warrant disclosure. And, as mentioned above, the SEC’s Division of Corporation Finance recently requested additional information on several of these topics. [19]

Many risk factors focused on how severe weather events induced by climate change would impact companies from both a physical risk and a financial risk perspective. Companies discussed physical damage and disruption to their own properties and those of suppliers, third parties, and customers. Companies in the Financials sector mentioned specifically the more significant credit risk of their clients whose operations are exposed to severe weather. Companies also referenced higher costs for maintaining operations, insurance, and raw materials as well as costs for repairing damaged properties. See the table below for the issues most commonly disclosed, specific examples provided by some companies, and sectors with the greatest focus on these issues.

Impact Specific Examples from Companies Sectors with Greatest Focus
Physical Damage to Company Assets
  • Location of operations in regions exposed to severe weather, such as coastal areas
  • Specific operations in regions exposed to severe weather, such as technology data centers
Real Estate, Utilities, Energy
Closed/Curtailed Facilities No specific examples No specific sector focus
Supplier/Third-Party Disruption Locations of supplier operations in regions exposed to severe weather Consumer Staples
Customer Disruption
  • Customers leaving exposed locations
  • Population migration
  • Population dislocation
No specific sector focus
Counterparty Specific counterparties with exposure to climate change, such as reinsurers and clients located in regions subject to climate change impact, such as wine industry No specific sector focus
Higher Operating Costs No specific examples Utilities, Energy, Materials, Industrials
Higher Material Costs Specific commodities, such as corn, grains, citrus, and sugarcane Consumer Staples
Higher Insurance Costs Increasing costs or unavailability of property and other hazard insurance No specific sector focus
Repair Costs Costs to repair buildings, transmissions lines No specific sector focus

Companies also spoke to the evolving regulatory environment, often describing specific legislation, regulations, or other policy pronouncements as well as judicial decisions relating to climate change.

Other Risks Specific Examples from Companies Sectors with Greatest Focus
Legal, Regulatory, Policy
  • Environmental Protection Agency regulations
  • Paris Climate Agreement
  • US Renewable Fuel Standard program
  • Biden Administration executive orders
  • California Senate Bill 100 (renewables and zero-carbon resources), energy efficiency standards, cap and trade program
  • New York Climate and Leadership and Community Protection Act and Climate Mobilization Act
  • Puerto Rico Energy Public Policy Act
  • European Union Emissions Trading System
  • Other initiatives in states, such as Colorado, Hawaii, Louisiana, New Mexico, Texas, Virginia, and Wyoming, and foreign countries, such as Brazil, Canada, Chile, China, Mexico, the Netherlands, Singapore, and the United Kingdom
  • Department of Transportation regulations
  • US and non-US banking regulatory initiatives, including the Federal Reserve’s joining the Network for Greening the Financial System
  • United Nation International Civil Aviation Organization’s Carbon Offsetting and Reduction Scheme for International Aviation (CORSIA)
Consumer Discretionary, Consumer Staples, Energy, Utilities, Materials, Industrials, Real Estate, Financials

Companies discussed both decreases and increases in consumer demand primarily due to the physical impact of severe weather, a consumer shift away from products with higher climate change impact, or legal restrictions.

Impact Specific Examples from Companies Sectors with Greatest Focus
Consumer Demand
  • Weather may impact demand for food items, retail space
  • Fluctuations in energy and water demand may be more pronounced
Energy, Utilities, Consumer Staples, Industrials, Consumer Staples, Real Estate

Several companies, primarily in the Financials, Energy, Industrials, Consumer Staples, Consumer Discretionary, and Real Estate sectors, mentioned the significant stakeholder pressure on their own efforts as well as customer efforts to combat climate change.

Companies expressed fear of not achieving the climate goals they have set and consequently experiencing a decline in their reputation and backlash from a variety of stakeholders. A few companies disclosed that the information in their publicly available sustainability reports was provided with limited assurance and may be inaccurate.

Several companies in the Energy sector noted that investor views on whether or not they are fulfilling climate goals could impact their stock price as could movements to divest from the sector. Likewise, several companies in the Financials sector noted the value of their investments in companies with larger impacts on climate change could decline. In addition, companies in the Energy and Utilities sectors noted their potential inability to access capital if banks become subject to restrictions on lending to companies contributing to climate change. These sectors also mentioned the litigation risks they are facing because of lawsuits launched by municipalities, states, and others for their contributions to global warming.

Human capital risk factors. We found human capital risk factors generally divided into two subcaptions: talent recruitment and retention and labor relations.

Talent recruitment and retention. Recruitment and retention subcaptions were generally a variant of the following: Failure to attract and retain key personnel and/or a qualified workforce may adversely affect operations, business, strategy execution, product development, and financial performance. The majority of companies disclosed such a stand-alone risk factor. Many companies also noted that not attracting a diverse workforce could adversely impact their business.

Some companies provided the names of key executives or the titles of key executives in these risk factor disclosures. However, most of the detail provided in these disclosures related to reasons that would hinder a company’s ability to recruit and retain talent. See the table below for the most common reasons, specific examples provided by some companies, and sectors with the greatest focus on these issues.

Labor relations. Labor relations subcaptions were generally a variant of the following: Labor disputes, work stoppages, and other labor-related disruptions may adversely affect operations, business, and financial performance. Several companies and primarily in the Industrials, Consumer Discretionary, Utilities, and Materials sectors included a labor relations subcaption.

To make the labor relations risk more specific, some companies included details, such as:

  • Percentage of employees covered by collective bargaining agreements;
  • Geographic locations of unionized employees;
  • Dates of soon-to-expire collective bargaining agreements; and
  • Past work stoppages and other labor disruptions.
Reasons Impacting Recruitment and Retention Specific Examples from Companies Sectors with Greatest Focus
Competitive Recruiting Environment
  • Locations of operations, such as Silicon Valley, in hypercompetitive recruiting environment
  • New competitors recruiting same talent
Information Technology, Health Care, Financials, Communication Services, Industrials, Real Estate, Consumer Discretionary, Consumer Staples, Materials
  • More lucrative competitor compensation packages
  • Stock price decline
  • Regulatory limitation on incentive compensation
  • Uncertainty as to shareholder approval of equity compensation plans
Financials, Information Technology, Health Care
Succession Planning
  • Ineffective implementation of succession planning
  • Recent executive-level changes
Information Technology, Materials, Consumer Discretionary, Health Care, Industrials, Financials
  • Remote work impact on culture
  • Inability to create diverse and inclusive work environment
  • Acquisitions’ and other strategic initiatives’ negative impact on culture
Communication Services, Information Technology, Consumer Staples
Immigration Restrictions Changes in visa requirements Information Technology, Consumer Staples
Retiring Skilled Workforce Inability to replace skilled workforce Utilities
  • Sector or company looks unattractive due to COVID-19
  • Exacerbated workforce shortage
  • Employee health and safety
  • Early retirement
No specific sector focus
Employment Law Changes to minimum wage laws Consumer Discetionary
Remote Work
  • More competition for employees because of remote work possibilities
  • Companies offering remote work more attractive
  • Difficulty in integrating new hires remotely
No specific sector focus
Written Employment Contracts Lack of employment contracts No specific sector focus
Key-Person Life Insurance Lack of key-person life insurance No specific sector focus
Skillset Mismatch Insufficient pool of workers Utilities
Labor Shortage Workers unavailable No specific sector focus
Contract Resources Contract resources unavailable Utilities
Turnover Rate High turnover rate No specific sector focus


Align ERM and external reporting activities to draw out material risks. In the amended rules, the SEC adopted a materiality standard for risk factor disclosures. The intent was to address the increasing “length of risk factor disclosure and the number of risks disclosed” by limiting the disclosure to only material risks rather than the previous, undefined “most significant” risks. [20] The change has not had its intended effect: The number of pages and the number of risk factors per company have not decreased on average.

To meet regulatory expectations, companies should consider using their ERM or equivalent function, responsible for identifying, assessing, and managing material risks to the company, for their risk factor disclosure. This could result in closer alignment of internal risk registers, typically focused on material risks and developed through the ERM process, with external risk factor disclosures. Such an alignment could also accomplish the SEC’s goals of “disclosure that is more in line with the way the registrant’s management and its board of directors monitor and assess the business.” [21]

One company highlighted in its annual report the alignment between internal and external risk reporting in the introduction to its risk factor disclosure. In addition, five companies which mentioned in their risk factor disclosures the role of their ERM processes in identifying and reporting on risks had a significantly lower than average number of risks and no risks under a “General Risk Factors” heading, perhaps reflecting their focus on material risks or—as discussed below—the use of their risk taxonomy as headings.

If lacking a strong ERM reporting process, some companies may look to approach the risk factor disclosure process in a similar fashion to the process they use to develop their sustainability reports. Ninety percent of S&P 500 companies issue sustainability reports that convey to investors progress against ESG goals, risks, and opportunities. According to Chris Ruggeri, ESG Leader for Deloitte Risk & Financial Advisory and principal at Deloitte Transactions and Business Analytics LLP, compilation of this information may involve a range of internal stakeholders, including risk and compliance, investor relations, legal, human resources, finance, and business

Additionally, human capital disclosure rules adopted by the SEC in 2020 at the same time as the risk factor disclosure rules [22] resulted in many companies bringing together a variety of internal functions to comply with these new standards.

Companies may want to consider modeling their risk factor disclosure process on human capital or sustainability reporting with its ERM-type approach to compiling and reporting on responsive information.

Avoid generic risks. Our March 2021 report recommended companies avoid using the “General Risk Factors” section as the SEC suggested in the amended rules. However, one-third of companies used such a section. [23] Companies are likely disclosing these generic risk factors with the aim of these disclosures being afforded the “meaningful cautionary statements” safe harbor under the Private Securities Litigation Reform Act. [24]

Companies should strive to make their risk factor disclosures more specific. For instance, in its 2016 Concept Release, Business and Financial Disclosure Required by Regulation S-K, the SEC identified “dependence upon a registrant’s management team” as an example of a generic risk factor disclosure. [25] In the Insights on climate change and human capital risk factor disclosures section above, we listed specific details some companies provided with respect to this risk factor, including listing titles of key management positions or executives by name. In addition, some companies discussed the intensely competitive environment for talent and provided more detail by listing a geographic area, such as Silicon Valley, or the type of talent, such as engineers. In addition, given the SEC’s recent enforcement action against a company for a misleading cyber risk factor disclosure (discussed above), companies would do well to review their risk factor disclosures to confirm their disclosures are up-to-date, accurate, and specific.

Use risk taxonomy as headings. In terms of number of risk factors per heading, as recommended in our March 2021 report, companies should aim for no more than seven risk factors per heading.

Many companies use generic headings, such as “business” risks, “industry” risks, “operations” risks, or “company” risks. These generic headings typically house a greater amount of risk factors. Of the just over 70 companies including 20 or more risks under one heading, all but three were using these four generic headings.

Instead of these generic headings, companies could use more descriptive headings to collect risk factors in smaller groups and make the disclosures more readable. To facilitate this approach, companies could employ the risk taxonomies used to report internally to their management and boards of directors. This approach aligns with the ERM approach recommended above as well as with the SEC’s goals of companies using their “existing” internal management and board of director reporting mechanisms for their external risk factor disclosures. [26]

Some companies in the Financials sector do employ their risk taxonomies, often using six to ten of the following risk types as headings: credit, market, liquidity, operational, compliance, legal, regulatory, capital, conduct, strategic, technology, reputation. [27] Two banks even discuss in the introduction to their risk factor disclosures their ERM approach to managing risks and use of a risk taxonomy, which they subsequently use as their headings.

Prioritize and concisely describe risk factors in summaries. The summaries generally do not meet the SEC’s expectations of prioritization and conciseness, often bulleting subcaptions verbatim and in the same order as in the subsequent disclosure. The subcaptions are typically not concise and often run afoul of Plain English standards for sentence length (no more than 20 words per sentence). [28]

Companies should work to “prioritize certain risks and omit others” in the summaries as the SEC suggested. [29] As noted above, 21 companies with summaries did this.

In addition, companies should avoid including subcaptions verbatim (unless they are short) and develop concise descriptions of the prioritized risk factors. Companies could also hyperlink to the full risk subcaption from the concise bullet as one company did.


The risk factor disclosures of 439 S&P 500 companies indicate that the SEC’s revised rules have not had their intended effect at least in this first year of implementation. Risk factor disclosures are generally lengthier. However, given the recent cyber risk factor disclosure enforcement action and the SEC’s intention to issue a climate risk disclosure proposal, the continued regulatory scrutiny in this area may compel companies to enhance these disclosures. In addition, we expect that the current focus on ESG, with its integrated, “ERM-like” sustainability reporting, will drive forward and strengthen ERM practices across S&P 500 companies, including contributing to enhanced SEC reporting of material risks.


1This review did not include analysis of risk factor disclosures in other SEC filings, such as Forms S-1, S-3, S-4, S-11, 1-A, and 10.(go back)

2Securities and Exchange Commission, Final Rule: Modernization of Regulation S-K Items 101, 103, and 105, Release No. 33-10825 (Aug. 26, 2020) [85 FR 63726, 63744 (Oct. 8, 2020)] [hereinafter Final Rule].(go back)

3Id. at 63743.(go back)

4Wilson Sonsini has issued an analysis of risk factors for 120 of the Lonergan Silicon Valley 150 companies. Wilson Sonsini, Silicon Valley 150 Risk Factor Trends Report (2021), available at back)

5In this report, we have used the sectors set forth in the Global Industry Classification Standard (GICS). We have disclosed average data rather than median data given the limited difference between the average data and median data for the 439 S&P 500 companies reviewed and ten of the 11 sectors. However, we caution that due to the small sample size of seven companies in the Communication Services sector, the average numbers for this sector do not reflect as closely the median numbers as the data provided for the other sectors.(go back)

6Final Rule at 63744.(go back)

7Id.(go back)

8Id.(go back)

9Id. at 63761 (§229.105(b)).(go back)

10Id. at 63743 (“We believe that imposing a page limit on the risk summary should lessen the burden of preparing the summary and also act as an incentive for registrants to give due consideration to the risk factors that are material to investors. Because the risk summary is not required to contain all of the risk factors identified in the full risk factor discussion, registrants may prioritize certain risks and omit others.”).(go back)

11Id. at 63746.(go back)

12Id. at 63761 (§229.105(a)) (“The presentation of risks that could apply generically to any registrant or any offering is discouraged, but to the extent generic risk factors are presented, disclose them at the end of the risk factor section under the caption ‘General Risk Factors.’’’).(go back)

13See e.g., SEC, SEC Announces Annual Regulatory Agenda (June 11, 2021), available at; Gary Gensler, Chair, SEC, Prepared Remarks before the Principles for Responsible Investment “Climate and Global Financial Markets” Webinar (July 28, 2021), available at; Gary Gensler, Chair, SEC, Investors want to better understand one of the most critical assets of a company: its people. Twitter (August 18, 2021), available at; Gary Gensler, Chair, SEC, Testimony before the United States Senate Committee on Banking, Housing, and Urban Affairs (Sept. 14, 2021), available at; Gary Gensler, Chair, SEC, Statement Before the Financial Stability Oversight Council (Oct. 21, 2021), available at See also Allison Herren Lee, Acting Chair, SEC, Public Input Welcomed on Climate Change Disclosures (Mar. 15, 2021), available at back)

14SEC, Order Instituting Cease-and-Desist Proceedings, Pursuant to Section 8A of the Securities Act of 1933 and Section 21C of the Securities Exchange Act of 1934, Making Findings, and Imposing a Cease-and-Desist Order, Administrative Proceeding File No. 3-20462 (August 16, 2021), available at back)

15SEC, Sample Letter to Companies Regarding Climate Change Disclosures (Sept. 2021), available at [hereinafter SEC Climate Change Letter].(go back)

16Id.(go back)

17Allison Herren Lee, Acting Chair, SEC, Public Input Welcomed on Climate Change Disclosures (Mar. 15, 2021), available at See also SEC Climate Change Letter.(go back)

18SEC, Commission Guidance Regarding Disclosure Related to Climate Change, Release No. 34-61469 (February 8, 2010), available at back)

19SEC Climate Change Letter.(go back)

20Final Rule at 63744.(go back)

21Id. at 63748.(go back)

22Id. at 63760 (§229.101(c)(2)(ii)).(go back)

23The SEC may have foreseen that companies would continue to disclose generic risk factors even with its contrary advice and mandated that the “General Risk Factors” section be included at the end of the risk factors disclosure, compelling companies to at least prioritize their risk factors at one level.(go back)

24See Final Rule at 63745 for the SEC’s description of a comment letter on the proposal describing the use of the risk factor disclosure to satisfy the Private Securities Litigation Reform Act safe harbor. See also SEC, Concept Release: Business and Financial Disclosure Required by Regulation S-K, Release No. 33-10064 [81 FR 23916, 23955 (Apr. 22, 2016)] [hereinafter Concept Release].(go back)

25Concept Release, at 23955-56.(go back)

26Final Rule at 63748.(go back)

27Note that these risk taxonomies generally align with those set forth by the prudential regulators in their guidance and examination manuals. See e.g., Board of Governors of the Federal Reserve System, Commercial Bank Examination Manual.(go back)

28Martin Cutts, Oxford Guide to Plain English, 5th ed. 22 (Oxford: Oxford University Press, Feb. 27, 2020).(go back)

29Final Rule at 63743.(go back)

Both comments and trackbacks are currently closed.