What are PPM Risk Factors and why do I need them?

What are PPM Risk Factors and why do I need them?

Every properly drafted private placement memorandum or PPM has a risk factors section.  And, although one primary purpose of a PPM is to present your startup company to private investors and crowdfunding portals, an equally important purpose to the PPM is to protect you and your company from legal exposure.  The risk factors section of a PPM essentially is the part of the PPM that tells investors why and how they could lose part or all of their investment.  However, it is critical to note that the Securities and Exchange Commission (SEC) has been clear that boilerplate or PPM template-based risk factors may not be enough to protect a company from the so-called anti-fraud provisions of the securities laws.  So, it is extremely important that your PPM includes custom, industry-specific risk factors in order for you to be protected from investor lawsuits and compliance violations.  If you don’t get this right, you are simply diving head first into shark infested waters.

More about risk factors.

Risk factors are cautionary statements about risks a company may face that could have a material adverse impact on its business, financial condition, and results of operations, and which, in turn, could lead to losses by investors.  Moreover, risk factor disclosure improves the overall quality of a disclosure document by highlighting for investors the challenges posed by a company’s business.  We may even think of risk factor disclosure as an insurance policy for a company because it can also help mitigate litigation and liability risk.

In connection with Regulation D exempt offerings, risk factors are typically included in a separately captioned heading of a PPM, and provide investors with management’s views on the risks the company faces and, if those risks materialize, the effect they may have on the company’s business and the value of company securities held by investors.

Naturally, the people who have the best insight on what the company needs to worry about are senior management.  The concerns that keep them up at night are likely those that should be highlighted in the risk factors section.  This is the reason why management should always work closely with legal counsel throughout the process of identifying risks and reviewing advanced drafts of disclosure documents to ensure the most important risks are identified, specifically described, and tailored as much as possible to the company’s business operations.

Ultimately, it is of critical importance that risk factors be specific to the company because the “safe harbor” protections under Regulation D do not extend to protect companies from the “anti-fraud” provisions of the federal securities laws, which generally require that offering documents include no material misstatements or omissions of material facts.  In the event that risk factors are not well drafted, and industry- and company-specific, their use could undermine the effectiveness of a PPM in protecting the company and its principals from legal exposure and civil liability.

General risk factor guidelines.

Businessman hand holding a pen pointing to RISK word on the paper





The risk factors section of a PPM should concisely summarize the major risks in investing in the company.  Risk factors should be specific, focused, and disclose enough information to place the risk in context and enable an investor to assess the magnitude of the risk.

The following are some disclosure guidelines to keep in mind:

  • Risk factors should be limited to those that are specific to the company, and avoid generic or boilerplate risks that could apply to any company or any securities offering.
  • Risk factors should be organized logically. A common and useful approach is to group them into company risks, industry risks, and investment or securities risks (more on this below).
  • Risk factors should be presented in the order of their importance within a particular category. It does not help the purpose of risk factors to identify a significant risk but bury it in the risk factors section between risks that are less significant.
  • Risk factors should specifically address actual emerging risks. It is not sufficient that a risk factor highlight a risk in the abstract if the risk has already begun to materialize.  For example, if a company’s business depends on its intellectual property, it is not sufficient to have a general risk factor on the risk of intellectual property infringement if there is actual ongoing litigation that may compromise, or that is challenging, the rights of the company to the intellectual property.  If the company’s intellectual property is a key asset, failing to disclose that there is litigation involving a key patent may be construed by a court as misleading (and could certainly invite litigation).
  • Risk factors should generally avoid discussion of the company’s plan for addressing such risks. Accordingly, even if the company has taken or is taking measures to address the risks, countervailing considerations that mitigate the risk should generally not be included in the risk factors section.

It is critical to have company-specific risk factors.

These are risks that affect the company specifically: for example, the risk that the company may be unable to successfully market its newest product or implement its medium-term strategy.  Company risk factors vary considerably among companies and industries and can include:

  • Inadequate insurance coverage.
  • Dependence on current management.
  • Lack of operating history.
  • Success of a growth strategy.
  • Risks related to acquisitions.
  • Current material litigation.
  • Challenges posed by competition.

It is critical to have industry-specific risk factors.

Industry risk factors describe risks that companies face by virtue of the specific industry in which they operate. These encompass risks that affect all companies in a similar industry, but may affect specific companies differently depending on a number of factors.  For example, a company operating in the coal industry faces the risk of fluctuating coal prices, but may be impacted differently if its business also encompasses other power and/or energy sources. Industry-related risk factors include:

  • General economic conditions.
  • Environmental risks and associated costs.
  • Legal and regulatory requirements and compliance with applicable laws.
  • Seasonality of the business and inability to predict cash flow.
  • Labor costs and shortages.
  • Uncertain supply, and price fluctuation, of raw materials.
  • Risk of increasing energy costs.

What other types of risk factors do I need?

Private Placement Memorandum or PPM risk factorsPrivate Placement Memorandum or PPM risk factors describe the risks to an investor specific to an investment in a company's securities. describe the risks to an investor specific to an investment in a company’s securities.  Securities include equity in a company as well as debt in a company.  Different types of securities carry different types of risks that affect their value in different ways.  Generally, these risk factors focus on the specific security being offered and the structure of the offering being conducted.

Debt Securities

When issuing debt securities, one of the main sources of risk factor disclosure is restrictions, or a lack of restrictions, on debt incurrence (because higher leverage could lead to an increasing number of competing claims in bankruptcy and an inability to incur additional debt if necessary may prevent the company from financing its operations or investments).  In addition, if the debt is subordinated or unsecured, it is appropriate for the company to highlight this fact to explain to investors the relative ranking of their investment.  If the company is highly leveraged and also has outstanding bank loans, for example, it should disclose this, along with total amounts outstanding, its current ability to service debt expenses, its sources of liquidity and the impact of a default under any one agreement.  These risks should also include the company’s ability to generate sufficient cash flow to pay down the debt and whether a trading market for the debt exists or may develop.

When issuing convertible debt, additional risks specific to convertible securities are also necessary, such as, for example, risks related to tax treatment, accounting treatment and conversion, such as the inadequacy of the value received on conversion due to certain adjustments to the conversion rate.  In addition, disclosure also includes risks related to ownership of the underlying securities (typically equity).

Equity Securities

Risk factors relating to equity securities will typically address equity class structure and the company’s dividend or distribution policy, as well as risk factors relating to dilution.  In addition, if the company is majority-owned by a small group of insiders who can effectively exercise control of the company, it is important to disclose that fact as well.

What happens if my risk factors are not good enough?

Because risk factors are particular to the risks of a particular company, there may be wide variation in the types of risks a company discloses.  However, in the category of company-specific risks, risk factor disclosure relating to the use of financial projections deserves some special attention.  Although accurate financial projections are difficult to prepare for any business, they are notoriously difficult to prepare for new businesses because of the lack of a significant operating history.  Because financial projections are likely to be inaccurate in some respects and may prove to be materially inaccurate, it is critical that risk factors be specifically tailored to the type of financial projections provided and the assumptions and estimates that underlie them.  Two recent cases illustrate the dangers of inadequate risk factor disclosure and why it is so important to have an experienced attorney draft custom industry- and company-specific risk factors.

First, in Greenwald v. Odom case, the Georgia appellate court found that the risk factor disclosure in a company’s private placement memorandum was not specifically tailored to the financial projections.  The risk factor disclosure did not address the assumptions underlying the following items: (1) the company’s revenue forecasts; (2) the ability of the company to satisfy its debt obligations through the future sale of one of its divisions; and (3) the company’s accounts payable.  For example, the company did not disclose that: (a) revenue forecasts were based on customer contracts in the pipeline rather than in hand; (b) there was no identified buyer for the division and no negotiations had occurred with any party for the sale of the division; and (c) the company had significant accounts payable that were long overdue.  Accordingly, the risk factors were not sufficiently cautionary to the investors and did not protect the company against an action for securities fraud.

Second, in SEC v. Tecumseh Holdings Corp., the Federal District Court for the Southern District of New York found that the risk factor disclosure failed to adequately caution how unrealistic Tecumseh’s profit projections were. Instead of stating that the company was losing money, the risk factor disclosure in Tecumseh’s private placement memorandum merely stated that the company “had not yet generated any operating profit” and suggested that the only reason it was not generating operating profit is because it had not “formally commenced its new operations.”  The court found that the other cautionary language— describing the investment as involving a “high degree of risk” and “highly speculative”— was too general to alert an investor to the fact that the company’s profit projections were unrealistic.

In short, companies that provide financial projections should ensure that they include robust disclosure regarding the material assumptions and estimates underlying that financial information, as well as risk factors that explain, in specific, accurate and plain language, the risks that may undermine the accuracy of the projections.

What exactly are the applicable securities laws and why do they matter?

This is the last part of a three part blog on PPM Risk Factors.When going through the fund raising process, regardless of whether you are using a Private Placement Memorandum (PPM) for crowdfunding or otherwise, there are two primary federal acts that regulate securities offerings, namely, the Securities Act of 1933 (the “Securities Act”) and the Securities Exchange Act of 1934 (the “Exchange Act”).  The Securities Act is based on the premise that investors are capable of evaluating the merits of a securities offering if they are provided accurate and complete information regarding the company and the offering.  The civil liability provisions of the federal securities laws impose special disclosure obligations and liabilities on a company and the offering participants when the company offers its securities for sale.  These provisions are intended to:

  • Create an incentive for full disclosure.
  • Compensate buyers who either:
  • are denied the opportunity to review an accurate and complete prospectus; or
  • are provided with materially misleading investment information.

The Securities Act and the Exchange Act provide aggrieved buyers of securities with several express and implied causes of action.  These civil liability provisions expose offering participants to severe sanctions for violating the Securities Act or the Exchange Act.  Nevertheless, some of these provisions do not apply if the company can utilize one of the exemptions available under the Securities Act to offer securities without a registration statement, including those exemptions contained in Regulation D.

There are many federal securities law provisions that create potential liability in connection with a company’s offering.  The liability provisions applicable to an offering exempt from the registration requirements of the Securities Act are limited to Section 17 of the Securities Act, and Sections 10(b) and 20 and Rule 10b-5 of the Exchange Act.  The other civil liability provisions generally do not apply if the company can use one of the exemptions available under of the Securities Act to offer securities without a registration statement.

Section 17

Section 17 of the Securities Act is the general ant-fraud provision of the Securities Act and prohibits any person involved in the offer or sale of a security from using material misstatements or omissions to obtain money or property.  Essentially, this section specifically applies to the offering materials, including a PPM, used in the sale of securities.  There is no private right of action under this section, and claims based on Section 17 are enforced by the SEC.

Section 10(b) and Rule 10b-5

Section 10(b) and Rule 10b-5 of the Exchange Act provide an implied private action for material misstatements or omissions, or manipulative and deceptive devices, in connection with the sale or purchase of a security.  Section 10(b) prohibits fraud in the purchase or sale of securities, while Rule 10b-5 is the general anti-fraud provision of the Exchange Act.  These provisions apply not only to offering materials, including the PPM, but also to any other communications connected to the offering.  For example, any general solicitation used under Rule 506(c) of Regulation D would be subject to Section 10(b) and Rule 10b-5, and may be used to impose civil liability as well as prompt enforcement action by the SEC.

For civil liability to attach under Section 10(b) and Rule 10b-5, there must be:

  • A false statement about, or omission of, a material fact.
  • The false statement or omission must be made with scienter (that is, an intent to deceive, manipulate or defraud).
  • Evidence that the plaintiff justifiably relied on the statement or omission.
  • Evidence that reliance on the false statement or omission caused damages.

Section 20

Section 20(a) of the Exchange Act imposes liability on any person or company who directly or indirectly controls any other person or company held liable under Section 10(b) or Rule 10b-5.  This controlling person can be held liable jointly and severally with and to the same extent as the controlled person.  For example, officers and directors of a company involved in an exempt offering under Regulation D could be held personally liable under Section 20(a) if the company is found liability based on material misstatements or omissions in its PPM.

These liability provisions can overlap, and liability under one provision or one federal act does not preclude liability under another.  In fact, most actions under the securities laws are brought under more than one section.  In particular, virtually all securities actions involve a claim under Section 10(b) and Rule 10b-5, which impose liability on anyone who makes a material misstatement or omission in connection with buying or selling securities.

Boilerplate and template-based risk factors really wont protect you.

The “bespeaks caution” doctrine is a concept developed in case law holding that statements that include projections and expectations about a company’s prospects (that is, statements that are forward-looking) are not misleading if they are accompanied by adequate risk disclosure to caution readers about specific risks that may materially impact the forecasts.  The bespeaks caution doctrine requires the cautionary language to be meaningful and tailored to the specific company, its business, and projections.  Boilerplate or vague cautionary language will not suffice.

Although the SEC and courts clearly frown upon boilerplate language, it is inevitable that companies will have some generic cautionary language and risk factors that apply to a company’s industry in general.  The key is to also address how those factors affect the company specifically, thereby lending further credence to an argument that such cautionary language is meaningful.

Don’t dive head first into shark infested waters.

Well-drafted risk factors can help protect companies engaged in capital raising against liability under the broadly used anti-fraud provisions of the Securities Act, including under Section 17 and Rule 10b-5.  In addition to offering statutory protection, adequate cautionary language in the form of properly drafted risk factors offers companies further protection under the judicially-derived “bespeaks caution” doctrine.  Under this doctrine, alleged misrepresentations or omissions are immaterial as a matter of law if sufficient, specific cautionary statements accompany the alleged misrepresentations or omissions.  Where cautionary language is present, courts have analyzed the allegedly fraudulent materials in their entirety to determine whether a reasonable investor would have been misled.

Ultimately, the SEC’s guidance on risk factors boils down to this: tailor the risks as they would impact the company or its securities as specifically as possible and clearly explain the anticipated impact on the company.  If the company’s PPM includes risk factors that adhere to these guidelines, the company’s senior management should sleep well at night, knowing they are fully protected against legal exposure and securities laws violations.

About the Author: Erik P. Weingold


Erik P. Weingold is an entrepreneur and corporate securities lawyer with over 20 years experience under his belt.  He has been practicing law since 1995, and since 1998 has been drafting PPMs that have been used to raise millions upon millions of dollars for startup companies and small businesses throughout the U.S.  Erik is the founder and General Counsel to PPM LAWYERS, as well as Of Counsel to Convergent Litigation Associates, LLC (www.cla-law.com), a national law firm focused on the representation of clients through complex securities and commercial litigation.

What Customers Say About Us

Featured Clients

Trusted Partners