As anybody who has spent even a small amount of time reading, or even writing, a risk report knows though, this is far from being the case. There seems to be little consensus amongst leading European companies as to even what a risk report is meant to do, let alone how to write one. With so many differences of opinion it becomes a huge challenge for any investor to rely on what they say.
Three inconsistencies seem to be at the root of this unsatisfactory situation. European companies are exposed to three sets of regulations surrounding risk reporting, with little guidance on how they should be reconciled or prioritised. The extent to which regulation is enforced is also highly inconsistent: some member states have implemented quite rigorous enforcement regimes, while others have barely done anything to either encourage or persuade businesses to comply.
At a more fundamental level though is a lack of agreement about the basic point of risk reporting – is it to inform shareholders, or to protect the company?