As the SEC appears primed to release new risk disclosure rules under the leadership of Chairman Paul Atkins, Partners Lauren A. Ormsbee and Jesse L. Jensen and Associate Jessica N. Goudreault caution against a proposed framework that strays from the SEC’s fundamental objective in their article “SEC Risk-Disclosure Rule Changes Seem Certain & Are Certainly Troubling” for Corporate Compliance Insights.

Since taking office as Chairman, Atkins has aimed to “make IPOs great again” by encouraging more companies to enter the public markets. His latest proposal includes revisiting mandatory disclosure requirements under Regulation S-K, changes that appear to stray from the SEC’s traditional role as the “investors’ advocate.” These efforts seek to reshape how companies communicate risk to investors, signaling a shift in the SEC’s fundamental values. Notably, Atkins was one of five commissioners who previously amended these rules in 2005 to expand mandated risk-factor disclosures—requiring their inclusion in public companies’ annual and quarterly reports—but has since suggested those changes contributed to “overly voluminous disclosures."

First, Atkins suggested that the SEC, or a company itself, could develop a standardized set of risks, published separately from annual reports, that broadly apply across most industries. The authors strike a cautionary tone, noting that Atkins’ vagueness around implementing a “general terms and conditions” risk disclosure invites confusion and concern among investors as well as companies, as such disclosures are often relied upon to defend against securities fraud claims. “Any attempt to separately define broad risks may not, in practice, change companies’ desire to include an exhaustive list of risk-factor disclosures.” 

Second, Atkins floated the possibility of a new safe harbor that would shield issuers, executives, and related parties from liability for failing to disclose the impacts of widely publicized events reasonably likely to affect most companies. Under this approach, the SEC could deem such omissions immaterial for purposes of the federal securities laws’ anti-fraud provisions—an idea that raises significant concerns for investors. As the authors emphasize, “a serious cause for concern is the fact that Atkins’ contemplated new safe harbor turns the established disclosure framework in securities law on its head by focusing on materiality from an issuer’s viewpoint, rather than that of a reasonable investor.” The authors further contend that Atkins has left the reasonable shareholder out of his public comments on this issue, emphasizing that “any new safe-harbor rule would need a robust justification showing it is, as U.S. law mandates, ‘necessary or appropriate in the public interest or for the protection of investors’—a standard that appears to be lacking at present, particularly given that the securities laws already afford issuers numerous defenses.”

The authors underscore the threat these proposed rule changes pose to the integrity of the capital markets and to public and private enforcement of the securities laws. They point to one of the most significant securities matters of the past decade and ask a critical question: would the new regulations effectively absolve companies and executives of liability for presenting known risks as hypothetical? After revelations that Cambridge Analytica had misused Facebook user data—and that Facebook knew of the misuse despite framing such risks as merely hypothetical in its disclosures—both regulatory and private enforcement actions followed. Facebook ultimately paid a $100 million SEC settlement and a $5 billion FTC penalty, and the Ninth Circuit sustained securities fraud claims on the ground that Facebook had misleadingly presented a known risk as hypothetical. Under the new safe harbor, could those same disclosures be treated as broadly applicable risks? And if so, the authors ask, “Would that result protect investors—or simply protect issuers?”