Compliance is all about risk — learning to see it, and how to manage it. One way to learn more about risk is by reading what others say about it. And a great place to do that is in Wall Street IPO documents.
Filings for initial public offerings are called S-1 registration statements. The SEC specifies in Regulation S-K what has to be disclosed in an S-1, including a full prospectus that the company or underwriters must deliver to any potential investor.
My favorite part of an S-1 is the section called Risk Factors. Here’s why I’m a fan, and why I recommend them to anyone interested in compliance:
Risk Factors are honest. When an IPO doesn’t succeed, when the stock price craters, it’s almost certain that everyone associated with the flop will be accused of malfeasance. Investment bankers, board members, executives, and legal and audit professionals all know that if failure happens, their best defense will be honesty in the S-1, especially in Risk Factors. We’re all “marketed to” all the time. But not by Risk Factors. Like great poetry or a child’s prayers, Risk Factors are honest. They expose the company and its problems — both actual and potential — to the eyes of the world.
Risk Factors are long. Since Risk Factors became a disclosure requirement for IPOs about 15 years ago, companies have learned that more is better. Book-length Risk Factors are now common. ZoomInfo’s Risk Factors in its recent S-1 filled 45 pages with dense text — 33,888 words. That’s more words than Animal Farm by George Orwell. Applied Molecular Transport Inc. filed an S-1 this month with an even longer Risk Factors — 37,922 words, or roughly the same length as The Lion, The Witch, and the Wardrobe by C.S. Lewis. Regulation S-K warns companies that Risk Factors should be “concise” and only cover “the most significant factors” that make an investment in the securities speculative or risky. Happily, companies are ignoring those admonitions and giving us the full monty.
Risk Factors explain how specific industries work, and what can go wrong. I don’t have a burning desire to be in the used-car business. But I enjoyed reading through Vroom’s Risk Factors. Why? Because I learned so much about the growing internet-based used vehicle business, and the awesome commercial, legal, regulatory, political, technical, reputational, environmental, and other risks thereof.
Risk Factors teach you about life as a compliance officer. Read a few Risk Factors from start to finish and you realize how overcoming risk is what makes a company successful, and often incredibly valuable. You also get a sense of the enormous challenges compliance officers face every day. In a post for the FCPA Blog last week, frequent contributor Vera Cherepanova brilliantly summed up the compliance officer’s mission vis-à-vis risk: “[R]egardless of whether these risk factors will or will not materialize into negative events, compliance professionals must be prepared for any scenario. That’s what risk management is all about. And that’s what the regulators are expecting to see – an effective C&E program should be based on the company’s risk profile.”
Risk Factors reveal human drama. Compiling an S-1 is a team effort. But I suspect this particular item from ZoomInfo’s Risk Factors was authored by a single compliance professional. I imagine the writer to be someone with battle scars, who knows how demanding, frustrating, and sometimes exhausting the compliance job can be. The italics are mine:
A significant increase in international customers or an expansion of our operations into other countries could create additional risks and challenges, including . . . compliance with multiple, conflicting, ambiguous, or evolving governmental laws and regulations, including employment, tax, privacy, anti-corruption, import/export, economic sanctions, trade controls, antitrust, and data transfer, storage and protection, and our ability to identify and respond timely to compliance issues when they occur.
You won’t find a better description of the mountainous expectations heaped on compliance officers. That short item — a mini masterpiece — also reveals why the compliance role can be so utterly satisfying and fulfilling. Doing the job well is a great accomplishment — harder than hitting a curveball. When I saw that gem, I hoped ZoomInfo’s board members and management were paying attention too.ZoomInfo S-1:A