Skip to content


Harry Cassin
Publisher and Editor

Andy Spalding
Senior Editor

Jessica Tillipman
Senior Editor

Bill Steinman
Senior Editor

Richard L. Cassin
Editor at Large

Elizabeth K. Spahn
Editor Emeritus

Cody Worthington
Contributing Editor

Julie DiMauro
Contributing Editor

Thomas Fox
Contributing Editor

Marc Alain Bohn
Contributing Editor

Bill Waite
Contributing Editor

Shruti J. Shah
Contributing Editor

Russell A. Stamets
Contributing Editor

Richard Bistrong
Contributing Editor

Eric Carlson
Contributing Editor

At Large: Five reasons why compliance professionals should read ‘Risk Factors’

Compliance is all about risk — learning to see it, and how to manage it. One way to learn more about risk is by reading what others say about it. And a great place to do that is in Wall Street IPO documents.

Filings for initial public offerings are called S-1 registration statements. The SEC specifies in Regulation S-K what has to be disclosed in an S-1, including a full prospectus that the company or underwriters must deliver to any potential investor.

My favorite part of an S-1 is the section called Risk Factors. Here’s why I’m a fan, and why I recommend them to anyone interested in compliance:

Risk Factors are honest. When an IPO doesn’t succeed, when the stock price craters, it’s almost certain that everyone associated with the flop will be accused of malfeasance. Investment bankers, board members, executives, and legal and audit professionals all know that if failure happens, their best defense will be honesty in the S-1, especially in Risk Factors. We’re all “marketed to” all the time. But not by Risk Factors. Like great poetry or a child’s prayers, Risk Factors are honest. They expose the company and its problems — both actual and potential — to the eyes of the world.

Risk Factors are long. Since Risk Factors became a disclosure requirement for IPOs about 15 years ago, companies have learned that more is better. Book-length Risk Factors are now common. ZoomInfo’s Risk Factors in its recent S-1 filled 45 pages with dense text — 33,888 words. That’s more words than Animal Farm by George Orwell. Applied Molecular Transport Inc. filed an S-1 this month with an even longer Risk Factors — 37,922 words, or roughly the same length as The Lion, The Witch, and the Wardrobe by C.S. Lewis. Regulation S-K warns companies that Risk Factors should be “concise” and only cover “the most significant factors” that make an investment in the securities speculative or risky. Happily, companies are ignoring those admonitions and giving us the full monty.

Risk Factors explain how specific industries work, and what can go wrong. I don’t have a burning desire to be in the used-car business. But I enjoyed reading through Vroom’s Risk Factors. Why? Because I learned so much about the growing internet-based used vehicle business, and the awesome commercial, legal, regulatory, political, technical, reputational, environmental, and other risks thereof.

Risk Factors teach you about life as a compliance officer. Read a few Risk Factors from start to finish and you realize how overcoming risk is what makes a company successful, and often incredibly valuable. You also get a sense of the enormous challenges compliance officers face every day. In a post for the FCPA Blog last week, frequent contributor Vera Cherepanova brilliantly summed up the compliance officer’s mission vis-à-vis risk: “[R]egardless of whether these risk factors will or will not materialize into negative events, compliance professionals must be prepared for any scenario. That’s what risk management is all about. And that’s what the regulators are expecting to see – an effective C&E program should be based on the company’s risk profile.”

Risk Factors reveal human drama. Compiling an S-1 is a team effort. But I suspect this particular item from ZoomInfo’s Risk Factors was authored by a single compliance professional. I imagine the writer to be someone with battle scars, who knows how demanding, frustrating, and sometimes exhausting the compliance job can be. The italics are mine:

A significant increase in international customers or an expansion of our operations into other countries could create additional risks and challenges, including . . . compliance with multiple, conflicting, ambiguous, or evolving governmental laws and regulations, including employment, tax, privacy, anti-corruption, import/export, economic sanctions, trade controls, antitrust, and data transfer, storage and protection, and our ability to identify and respond timely to compliance issues when they occur.

You won’t find a better description of the mountainous expectations heaped on compliance officers. That short item — a mini masterpiece — also reveals why the compliance role can be so utterly satisfying and fulfilling. Doing the job well is a great accomplishment — harder than hitting a curveball. When I saw that gem, I hoped ZoomInfo’s board members and management were paying attention too.

Click to download ZoomInfo’s S-1/A

Click to download Vroom’s S-1

Share this post



  1. Ya know I sometimes read these things and wonder why anyone would ever invest in anything. They throw the kitchen sink in on those risk factors. To the point of being meaningless. Would have LOVED to see the one on issuing Hertz’s worthless shares!

    • I agree with this comment and disagree that it is a good thing that regulators’ requirements that risk factors should be concise and only cover material risks is ignored – it may provide compliance officers with useful info but it makes them meaningless for potential investors who they are aimed at after all.

      • That, in my opinion, is exactly right. The information is useful because it can alert the compliance professional to the “art of the possible” not necessarily probable, but it turns out to be meaningless in terms of informing on true risks. These disclosures are now merely a legal prophylactic when the inevitable law suit arises from a disgruntled investor.

  2. Thank you, Richard. Appreciate that!

Comments are closed for this article!