Close

Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.

The state of “Emperor’s New Clothes” corporate disclosure

Stephen Davis and Jon Lukomnik | March 1, 2016

for DeAnnWe wish we could force every corporate official and regulator to re-read Hans Christian Andersen’s fable of the emperor’s new clothes. In that tale, two fast-talking weavers convince the emperor to wear a “suit” that is invisible when worn by an incompetent. Everyone in the kingdom pretends to see the suit, until a child points out the obvious.

Welcome to the current state of corporate disclosure. Yes, there are some areas of adequate disclosure such as the financial statements, though even they could use some tweaking. However, all too often disclosures are either anodyne boilerplate or—even worse—non-existent. 

Many have bemoaned the state of disclosure, but there has been little hard analysis of what has gone wrong and what might be done to improve the situation. Two reports from the IRRC Institute (IRRCi) have the potential to change that status quo.

The first, released in January, examines the state of public company risk disclosures. Most everyone suspects that these are generally over-lawyered generic lists, designed to meet compliance rules yet communicate little. As SEC Chair Mary Jo White told the National Association of Corporate Directors in 2013, “Over time, [risk disclosures] became more and more extensive, not necessarily because of a change in the SEC requirements for risk factor disclosure (although it is now required in the 10-K) but, at least in part, because of legal advice from attorneys assisting with the preparation of filings.”

The IRRCi report supports that contention. Primarily researched and written by EY, the analysis meticulously examines the top five companies in all ten major industry sectors. Those companies total some $8 trillion in aggregate market capitalization, a fair chunk of the overall U.S. public equity market. It finds that disclosures are vague, repetitive, and boilerplate, offering investors and other readers little differentiated information about companies and little ability to judge the relative importance of the risks disclosed by any particular company. For instance, virtually all companies list competition, global market factors and regulation, but only in a generic way. How helpful is a recitation of those three universal risk factors to an investor seeking to make a buy/sell or voting/engagement decision?

In fact, the current state of the art is the worst of all worlds: Uninformative generalities and information overload, all at the same time. Despite the lack of specifics, the laundry list of risk factors is lengthy. The average risk disclosure in an annual report totals about 7 percent of the entire 10-K.  For technology companies, the risk disclosures total an average of 12 percent of the annual report; that is a percent more than the business description.

What we have now is bland compliance, not insightful communication. It is emperor’s-new-clothes disclosure. That is not transparency. It’s pretending that something exists when it’s not really there.

Interestingly, the one area where the report found disclosure to be more specific was cyber-security risk. A cynic might think that is because cyber is such a new risk that the lawyers and disclosure writers haven’t had a chance to compare 10-Ks across multiple companies and grind the disclosure into legalese.  But an optimist might think that the disclosure about this, the newest broadly disclosed risk, shows that corporate lawyers have learned to write differentiated disclosure and will begin to apply such an approach to other risk areas.  

As problematic as corporate risk disclosures are, disclosures about the board’s processes for CEO succession planning are even worse. Long-time governance scholar Annalisa Barrett examined all companies in the Russell 3000 universe that had a CEO succession in 2012.  The IRRCi report on her results, which is due out later in February, found that nearly a quarter (24 percent) had made no reference whatsoever to CEO succession planning in the previous two years’ proxy filings. Remember, these were companies which shortly thereafter went through a CEO succession, so they might be expected to be planning for one. Either they hadn’t planned, or hadn’t disclosed. There is no way for an outsider to know. Also, Barrett found that even when the proxies did discuss CEO succession planning, it was often cursory.   

The state of risk and CEO succession planning should be easy problems to fix, assuming you think these are problems.  Some may not. After all, there is no compliance requirement to disclose the board’s process for CEO succession planning. And laundry lists seem to meet the letter of SEC compliance standards for risk disclosure. Clearly, many corporate lawyers think the current status is adequate.

But being in compliance doesn’t mean appropriately serving the capital markets or, in a broader sense, contributing to business health. “We can all probably agree that risk factors could be written better … less generic and more tailored … [to] allow investors to zero in on the material risk,” noted Keith Higgins, the SEC’s Director of the Division of Corporate Finance nearly two years ago in remarks to the American Bar Association. U.K. regulators have come to a similar conclusion, now requiring enhanced disclosures on risk factors by auditors. So, while it might be difficult for us to write as columnists for Compliance Week, perhaps we should change the focus from compliance to communications if we have to want to fix this state of emperor’s-new-clothes corporate disclosure.

That wouldn’t be difficult. It would just require a refocus from doing what everyone does—which tends to be the minimum that satisfies the disclosure regulations—to what capital markets want.  

For example, with respect to risk disclosure, a previous EY report noted that streamlining risk disclosures by including generic risks in a checklist, without the paragraphs of boilerplate, would allow an issuer to focus disclosure on those risks that are important to the issuer. Ideally, those risks should be listed in some type of order by either the likelihood or magnitude of consequence; most audit committees today follow some type of risk dashboard that does exactly that, so it should be possible to give some indication of the relative importance of the risks without divulging confidential information.

Including which risks have materially changed since the last 10-K and how the company tries to mitigate key risks would also improve disclosure.

Insofar as CEO succession planning disclosure, some simple fixes would greatly improve disclosure: Say which committee is responsible (or the board as a whole) for succession, the periodicity of how often it is considered, how the board goes about the process (e.g. does the board identify internal and/or external candidates, whether the board meets regularly with potential successors, etc.), and whether or not there is an emergency succession plan in case of the need for a sudden transition.  No one is asking for specific personnel to be cited, just an overview of the process, and assurance that there is a process. The Conference Board issued a report in 2012 (CEO Succession Planning: Developments, Shareholder Activism, and Disclosure Practices) that offers real-world corporate examples. After all, choosing a CEO is one of the core responsibilities of the board; you would think directors would want to inform investors of how they are fulfilling that responsibility.

Of course, improving disclosure for the quarter of companies who never even mention CEO succession planning in the proxy statement is easy: Say something. Anything.

Capital markets move on information. And business in general improves in a competitive world when oversight is grounded in meaningful data. That’s why we advocate transparency in disclosure. But what we have now is bland compliance, not insightful communication. It is emperor’s-new-clothes disclosure. That is not transparency. It’s pretending that something exists when it’s not really there.