SEC Risk-Disclosure Rule Changes Seem Certain & Are Certainly Troubling

In his first year as the 34th chairman of the SEC, Paul Atkins has focused on a primary goal: “Make IPOs Great Again” by encouraging companies to enter the public capital markets. As Atkins has suggested, the first pillar of this project involves simplifying and “scaling” the SEC’s mandatory disclosure requirements contained within Regulation S-K, a set of rules prescribing required content in non-financial statements, periodic reports and other filings made by public companies. In January, Atkins invited the public to provide views on amending Regulation S-K to avoid disclosure of immaterial information. The SEC appears ready to act after the closure of a general comment period, which was expected to end in mid-April. Atkins instructed the SEC’s Division of Corporation Finance to engage in a comprehensive review of Regulation S-K, and recent reporting reveals that the SEC is hiring additional staff to effectuate and implement the new rules.

The SEC should take care to ensure that any new rules are carefully considered and tailored in a manner consistent with the SEC’s ultimate objective, articulated by the SEC’s third chairman, William O. Douglas, in 1937: “We have got brokers’ advocates; we have got exchange advocates; we have got investment banker advocates; and we are the investors’ advocate,” Douglas told a group of Washington, D.C., reporters at his first press conference, according to the New York Times.

The evolution of Regulation S-K risk disclosures

In 1964, the SEC first published guidance that advised offerors of “speculative” securities to include in their prospectuses “a carefully organized series of short, concise paragraphs summarizing the principal factors which make the offering speculative.” In 1982, the SEC formalized this guidance as a regulatory requirement for all offerings in Item 503 of Regulation S‑K.

In 2005, when Atkins was one of five SEC commissioners, the SEC amended Regulation S-K to expand mandated risk-factor disclosures, including obligating their inclusion in annual and quarterly reports required to be filed by public companies. Risk-factor statements are now governed by Item 105 of Regulation S-K, which directs issuers to provide “a discussion of the material factors that make an investment in the registrant or offering speculative or risky” in a plain-English presentation that facially discourages the “presentation of risks that could apply generically to any registrant or any offering.”

Another 20 years on, now-Chairman Atkins has expressed a desire to amend these rules yet again, by contracting those required risk disclosures that he helped implement. In public remarks in February, Atkins said he believed risk-factor disclosures should contain a “concise discussion” of “what keeps management up at night” and indicated his belief that the 2005 changes had contributed to overly voluminous disclosures. Atkins also floated during his comments two potential changes to address these issues, though neither Atkins nor the SEC has yet posted any formal rule changes

First, he raised the “novel idea” that “an entity — perhaps the SEC or the company itself” — could create a separately published set of risks that broadly apply to most companies across most industries and that would “serve as a form of ‘general terms and conditions’ associated with any investment in securities.” Second, he suggested the creation of a safe harbor from liability through “a rule stating that failure to disclose impacts from publicized events that are reasonably likely to affect most companies will not constitute material omissions for purposes of some or all of the federal securities laws’ anti-fraud rules.”

When would general terms and conditions require additional, company-specific disclosures?

First, Atkins mused in his February public remarks that the SEC could draft a “set of risks, which could be published separately outside of the annual report, that broadly apply to most companies across most industries.” This would function as a form of “general terms and conditions” associated with any investment in securities, with the goal of shortening and streamlining the length of the risk disclosures section. However, Atkins shed no light on what constitutes risks that “broadly apply to most companies across most regions,” and did not provide any guidance as to the extent of a company’s disclosure obligation when a broadly applicable risk is likely to impact a company in a unique or imminent manner. These vagaries invite confusion.

Any attempt to separately define broad risks may not, in practice, change companies’ desire to include an exhaustive list of risk-factor disclosures. This may be because detailed risk-factor disclosures are often relied on by issuers in their defense of securities fraud claims. As a result, companies may fear that any paring back of risk-factor disclosures in their SEC filings could deprive them from asserting that defense in court. It is noteworthy that, for these sorts of reasons, most companies have continued to provide extensive risk disclosures even after a 2020 amendment to Regulation S-K attempted to lessen general disclosure requirements.

Compliance

A Busy Month at the SEC: What Compliance Teams Need to Do Now

by Jennifer L. Gaskin

March 25, 2026

Read moreDetails

Do issuers and executives need an additional safe harbor from liability?

Second, Atkins’ remarks also speculated on a new safe harbor that would foreclose liability for issuers, executives and related parties from “fail[ing] to disclose impacts from publicized events that are reasonably likely to affect most companies” in their risk disclosures, through a determination by the SEC that such a failure “will not constitute material omissions for purposes of some or all of the federal securities laws’ anti-fraud rules.” This proposal raises several red flags for investors.

At the outset, extending any additional safe harbors from liability by design encourages companies to withhold increasingly more information from investors. Thus, any new safe-harbor rule would need a robust justification showing it is, as US law mandates, “necessary or appropriate in the public interest or for the protection of investors,” a standard that seems to be lacking at present, particularly given the securities laws already afford issuers many defenses. Those include an existing safe harbor from liability in connection with forward-looking statements, so long as a statement is “identified and accompanied by meaningful cautionary language” as the Second Circuit Court of Appeals found in 2016.

Further, as commentators have noted, Atkins “sketched only the broad contours of a potential safe harbor, leaving open critical questions about its boundaries, operational details, and specific protections for issuers.” Atkins provided no clarity on what a publicized event is or what set of issuers most companies encompasses. Is a publicized event any macro-level, broadly known event that affects most or all public companies in some manner, such as data security breaches, Covid-19, major weather events, trade wars or global financial crises? If so, when, if at all, does a company have a duty to disclose how a broadly applicable risk poses a non-typical risk to a company? Any new safe-harbor rule must provide answers to these questions to avoid both issuer and investor confusion.

Finally, a serious cause for concern is the fact that Atkins’ contemplated new safe harbor turns the established disclosure framework in securities law on its head by focusing on materiality from an issuer’s viewpoint and not a reasonable investor’s viewpoint. Fifty years ago, the Supreme Court ruled that an omitted fact is material if there is a substantial likelihood that a reasonable shareholder would consider it important in deciding how to vote. Atkins has left the reasonable shareholder out of his public comments on this issue, focusing instead on what “keeps management up at night.” Any rule that tests materiality through the lens of the issuer rather than a reasonable investor would present a major shift in the securities space and would no doubt cause rather than curb new litigation.

Public and private actions could be curtailed

Broadly phrased amendments and new rules pose serious threats to the integrity of the capital markets and public and private enforcement of the securities laws if they are unnecessary or not in the investing public’s best interests. A look at one of the most notable securities cases in the past decade reveals how a new rule could harm investors. 

In 2017 and for years thereafter, Facebook (now Meta) contained risk-factor disclosures in its SEC filings such as “security breaches and improper access to or disclosure of our data or user data, or other hacking and phishing attacks on our systems, could harm our reputation and adversely affect our business.” Both regulatory and private enforcement actions ensued following the revelation of Cambridge Analytica’s misuse of Facebook users’ data. In sustaining the sufficiency of the complaint in the private securities class action, the Ninth Circuit Court of Appeals held that the complaint adequately alleged that Facebook misleadingly suggested that this risk was merely hypothetical when, in reality, Cambridge Analytica had already misused user data. Revelation of the truth led to substantial adverse impacts to the company, including a significant drop in Facebook’s stock price. In connection with the same misstatement and underlying conduct, in 2019, Facebook settled with the SEC for $100 million and the Federal Trade Commission imposed a $5 billion penalty on Facebook.

Considered in light of this example, Atkins’ proposals raise important questions: Would these same risk-factor disclosures made by Facebook be classified as a broadly applicable risk for which Facebook had no reporting obligation, and would Facebook and its executives have broad immunity for their failure to identify this risk in their filings under a new safe harbor? If so, would that result protect investors or just protect issuers?