Skip to main content
Kelley School of Business, Bloomington, Indiana University, US.

18 billion text comparisons on IU supercomputers determine why companies use boilerplate risk factor disclosures

Researchers determine why companies use boilerplate language in their risk factor disclosures rather than original, company-specific language as required by federal guidelines.

Every February or March, depending on the fiscal year, a company will publish an annual report. Inside this report is a disclosure section that describes all of the possible risks for a company which could lead to results that are less ideal than what the company predicted in their report. Guidelines outlined in the Private Securities Litigation Reform Act (PSLRA) require that companies use original language for their disclosures rather than standardized or "boilerplate" language. The language is to be company-specific and concise so that investors can read it and understand the risks a company is facing. However, upon examination, Jeff McMullin, an assistant professor at the Kelley School of Business at Indiana University, and his colleagues found that most companies are using boilerplate language for their disclosures despite the requirements. McMullin, Rick Cazier, an assistant professor at the G. Brint Ryan College of Business at the University of North Texas, and John Treu, an assistant professor at the Chambers College of Business and Economics at West Virginia University, set out to determine why companies are using boilerplate language for their disclosures rather than original, concise, company-specific language, as required by the guidelines outlined in the PSLRA.

In the past, before the PSLRA, an investor could claim that they were misled if a company promised to increase growth by 10%, but they did not achieve the forecasted growth rate. The investor would have had legal grounds to sue the company. However, now companies can take advantage of safe harbor protection, which requires companies to disclose their risks by law in order to take advantage of this protection. Now, if a company promises to increase growth by 10% and they include all of the risks in the disclosures section that they could encounter that would prevent them from hitting this goal, then the company is afforded greater legal protection.

Jeff McMullin, Assistant Professor, Accounting, Indiana University

Instead of waiting eight to ten months [for the jobs to complete on a slower machine], I was able to finish my work in a couple of weeks [on Karst and Big Red 3].

Jeff McMullin

There are two main entities that read disclosures and assess whether the disclosure is adequate. These entities are the Securities and Exchange Commission (SEC) and judges presiding over lawsuits. The SEC will review a company's disclosure and then send the company a letter that effectively says, "We don't like that you didn't disclose X, Y, and Z. You need to disclose these items." A judge presiding over a lawsuit will read the risk factor language in order to decide whether or not the company provided sufficient disclosure to allow them to take advantage of the safe harbor protection over forward-looking statements. McMullin and his colleagues examined feedback from both the SEC and judges in order to determine why companies are using boilerplate language. In particular, McMullin documented that other companies add to their own disclosure the language that is approved by a judge in a lawsuit.

Measuring the rate at which Firm i’s disclosure is copied.

McMullin used plagiarism software to definitively show that language approved by a judge is picked up and added to a company's risk factor disclosure. In order to make this determination, McMullin had to first identify any new additions to a company's risk factor language. Then, McMullin had to isolate the language a company added after a lawsuit. Once that language was isolated, McMullin compared the newly added language to language that had been approved by a judge in a lawsuit. This comparison allowed him to determine if language approved by a judge was used at a higher rate than other language. McMullin performed approximately 18 billion text comparisons in order to make this determination. To perform these comparisons, McMullin used IU's supercomputers, Big Red 3 and Karst. McMullin says, "Karst and Big Red 3 allow for high throughput computing. Having access to these nodes, being able to send my jobs to these computers, makes it possible to finish this work in a timely fashion. Instead of waiting eight to ten months [for the jobs to complete on a slower machine], I was able to finish my work in a couple of weeks."

The research McMullin and his colleagues conducted showed that the SEC and judges prefer boilerplate language and are more likely to decide a company's disclosure is adequate if the company is using boilerplate, non-specific, lengthy, standardized language. While investors might look at boilerplate disclosures and assume that they are useless, they actually do serve a purpose. They exist because companies are responding to the decisions of regulators and judges who are accepting boilerplate disclosures as adequate. It is not necessarily a company's fault for using boilerplate language, but rather they are victims of the system in which they are operating. Companies are doing the best they can to get safe harbor protection over their forward-looking statements by using boilerplate language. According to McMullin, if we want to solve the problem of companies using boilerplate disclosures, then we need to do more than just say "Don't use boilerplate disclosures." Instead, he suggests judges and regulators not consider boilerplate as adequate disclosure.

To access the article by McMullin, Cazier, and Treu, visit The Accounting Review.