finrep logo
Gana Misra
By Gana Misra
Thu Jun 18 2026

IR Disclosure Best Practices: The 2026 Playbook for CFOs and IR Teams

Share
IR Disclosure Best Practices: The 2026 Playbook for CFOs and IR Teams

IR Disclosure Best Practices: The 2026 Playbook for CFOs and IR Teams

If your IR disclosure program was built around prescriptive checklists, 2026 is the year to rebuild it around materiality judgment. The SEC under Chair Atkins is actively unwinding the rules your team has been checking boxes against, and the investors reading your filings want something those checklists never delivered: a coherent, consistent story across every document you publish.

This guide is for CFOs, IR officers, and disclosure counsel at mid-to-large public companies. It connects three forces reshaping IR disclosure right now: the SEC's Reg S-K reform agenda, the cross-filing consistency imperative, and the strategic repositioning of IR as a capital markets intelligence function. Read it to build a disclosure program that survives comment letters, satisfies institutional investors, and holds up when the rules change again.

Key takeaway: The best IR programs in 2026 are not compliance programs with a communications layer on top. They are materiality-first, cross-functionally governed, and measured like any other strategic function.

What the SEC Actually Expects from IR Disclosures in 2026

The SEC's direction under Chair Atkins is unmistakable: fewer prescriptive rules, more materiality judgment. In April 2026, the ABA, BPI, SIFMA, ICBA, and IIB filed a joint comment letter urging the SEC to rescind Item 106 of Regulation S-K (cybersecurity risk management disclosure) and Item 1.05 of Form 8-K (cybersecurity incident disclosure), arguing that the pre-existing principles-based framework already covers material cyber events adequately. The trade groups explicitly welcomed the Commission's goal of restoring "a materiality-centered, principles-based disclosure framework whereby companies assess disclosure obligations based on longstanding materiality standards."

That framing matters for your entire disclosure architecture, not just cybersecurity. If the SEC accepts the argument that principles-based materiality judgment should replace rule-specific checklists, companies that have built their disclosure programs around Item 106 compliance templates will need to shift to a judgment-based model. The practical implication: start building materiality assessment documentation now, before the rules change, so the transition is a process refinement rather than a rebuild.

Meanwhile, Skadden's 2026 annual meeting memo identifies four areas where SEC staff comment letters are expected to concentrate in 2026:

  1. MD&A disclosures for current and emerging macroeconomic trends, particularly tariffs and trade policy
  2. KPI disclosure and use, per the 2020 Commission MD&A guidance
  3. AI and cybersecurity disclosure alignment with market practice
  4. Government shutdown and tariff impacts on operations and liquidity

If your last 10-K addressed any of these with prior-year boilerplate, a comment letter is a foreseeable outcome.

The Cross-Filing Consistency Imperative

The highest-risk disclosure failure in 2026 is not what you say in any single filing. It is what you say differently across filings.

Skadden is explicit: "Disclosures in periodic reports, earnings releases, investor presentations and the proxy statement should be consistent and aligned, particularly when discussing the impact of a government shutdown and tariff and trade policy developments." SEC staff read across documents. So do plaintiff's lawyers. A 10-K that characterizes tariff exposure as a moderate risk, an earnings call that calls it material, and an investor presentation that omits it entirely is a comment letter waiting to happen, and potentially worse.

The practical fix is a disclosure consistency audit, run before each major filing:

  1. Map the disclosure universe. List every document that touches a given risk topic: 10-K risk factors, 10-K MD&A, 10-Q MD&A, 8-K press releases, earnings call scripts, investor day presentations, proxy statement, sustainability report, and website disclosures.
  2. Pull the relevant language from each. Put it side by side. Look for characterization mismatches ("moderate" vs. "significant"), quantification gaps (one document has numbers, another does not), and omissions (a topic covered in one channel but absent from another).
  3. Resolve before filing, not after. The resolution should be documented in your disclosure committee records.

For tariff disclosures specifically, Skadden advises including enhanced cautionary language about the uncertainty and variability of trade policy impacts in forward-looking statements, and disclosing specific mitigation actions, such as supply chain adjustments, contract renegotiations, and pricing changes, when those actions are material. Generic macro risk factors no longer meet the standard. Finrep's practitioner guide to SEC tariff accounting and disclosure covers the MD&A mechanics in detail.

The Highest-Risk Disclosure Areas in 2026

Cybersecurity: De Facto Standards Are Already Set

Even as the trade associations push to rescind Item 106, the market has already established a de facto disclosure floor. Per EY's September 2025 SEC Reporting Update, cited by Skadden:

  • 67% of Fortune 500 companies describe their cybersecurity frameworks (NIST CSF, ISO 27001) in their SEC filings
  • 65% reference incident response and preparedness plans
  • 64% disclose employee training and awareness efforts

If Item 106 is rescinded, these disclosures do not disappear. They become the baseline against which materiality is judged. A company that discloses less than this market standard without a documented materiality rationale is exposed. The transition from rule-based to principles-based disclosure does not lower the bar; it moves the bar from "did you check the box" to "did you make a defensible judgment."

AI: Four Risk Categories That Must Be Addressed

Skadden identifies four categories of AI-related disclosure risk that belong in 2026 filings:

Risk CategoryWhat to DiscloseCybersecurity threats from AIAI-enabled attacks, deepfakes, social engineering vulnerabilitiesRegulatory and legal uncertaintyEvolving federal, state, and international AI regulationsOperational and strategic riskExecution failures in AI initiatives; model reliabilityReputational and ethical riskBiased or erroneous AI outputs; third-party AI vendor failures

These belong in risk factors. Where AI initiatives are material to operations or capital allocation, they belong in MD&A as well. Finrep's guide to AI risks in SEC filings covers the disclosure mechanics and enforcement posture in detail.

Climate: A Two-Track Disclosure Environment

The SEC rescinded its 2024 climate disclosure rule, but the disclosure obligation did not disappear. It fragmented. Companies now operate on at least two tracks:

  • California: SB 253 (Scope 1, 2, and 3 GHG reporting) and SB 261 (climate-related financial risk disclosure) remain live obligations for companies doing business in California, with SB 253's first reporting requirement scheduled for August 10, 2026. SB 261 faces a Ninth Circuit preliminary injunction, but SB 253 does not.
  • Investor expectations: Institutional investors have not reduced their climate disclosure expectations because the SEC pulled back. Many continue to require TCFD-aligned or IFRS S1/S2-aligned disclosure for voting and engagement purposes.
  • SAB 74: Companies must still disclose the expected impact of IFRS S1/S2 and other pending standards under SAB 74 (Topic 11.M) if those standards are not yet adopted. Finrep's SAB 74 disclosure guide and SEC climate rescission drafting guide cover the footnote mechanics.

The decision is not whether to disclose climate information. It is where to put it and how to frame it. Voluntary disclosures in a separate sustainability report carry different liability implications than disclosures incorporated by reference into a 10-K. That distinction requires legal judgment, not just IR judgment.

How to Write MD&A and Risk Factors That Won't Draw Comments

Boilerplate is the single most common comment letter trigger. The SEC staff reads hundreds of filings in the same industry. When your risk factor on tariff exposure reads identically to your competitor's, it signals that no one assessed whether the risk is actually material to your specific business.

Skadden's standard for 2026 MD&A is operationally specific: companies should "periodically assess the materiality of a government shutdown and tariff and trade policy developments on the company's business, including both direct and indirect effects (e.g., supplier cost increases; customer demand shifts; and delays in contract awards, regulatory approvals or access to government services)."

The test for a well-drafted risk factor or MD&A section is simple: could this paragraph appear verbatim in a competitor's filing without changing a word? If yes, it is boilerplate. The fix is specificity:

  • Name the jurisdictions, products, or supply chains actually affected
  • Quantify the exposure where you can, or explain why you cannot
  • Describe the specific mitigation actions taken or planned
  • Connect the risk to the financial line items where the impact would appear

For results of operations disclosures, Finrep's guide to Item 303 MD&A practices covers the specific comment letter patterns and how to avoid them.

Governance Architecture: Who Owns the Disclosure Program

Best-in-class IR disclosure programs are not owned by IR. They are governed by a cross-functional disclosure committee with documented authority and process.

The governance structure that works in 2026 looks like this:

  • Disclosure committee: CFO or General Counsel as chair, with IR, legal, finance, sustainability, and communications represented. Meets before each major filing. Documents its materiality determinations.
  • IR as intelligence hub: IR owns the investor feedback loop, translating what analysts and institutional holders are asking into disclosure priorities. Per EY's survey of 876 IR professionals, 77% of IR representatives attend board meetings in person, and cooperation with the accounting and finance department is rated as the most important cross-functional relationship for IR teams.
  • Board-level reporting: IR should be providing boards with market and investor sentiment, investor movement data, the most frequently asked investor questions, and recent regulatory changes. This is not a quarterly update; it is a standing agenda item.
  • MNPI controls: Insider trading policies, trading blackout periods, and information barriers must be reviewed annually. Skadden specifically flags insider trading policy review as part of 2026 annual meeting preparation.

A KPMG survey cited by Nasdaq found that 65% of CFOs and 51% of CEOs are significantly involved in IR today. That C-suite involvement is a governance feature, not just a communications preference. Executive consistency ensures the market hears the same strategic framing that internal leadership uses.

Using AI in the Disclosure Drafting Workflow

AI tools can accelerate disclosure drafting. They can also create liability if the workflow lacks human oversight controls.

Skadden's guidance on AI-assisted drafting is direct: "AI-generated outputs should never be relied upon without human review. Companies remain liable for any misrepresentations or inaccuracies in public disclosures, regardless of whether the inaccuracies originated from AI tools."

The specific failure modes that practitioners need to control for:

  • Hallucinated statistics: AI models can generate plausible-sounding but fabricated numbers. Every statistic in a draft must be traced to a primary source before filing.
  • Incorrect regulatory citations: AI tools frequently misstate rule numbers, effective dates, and thresholds. A drafter who relies on an AI-generated citation to ASC 740-10 or Item 303 without checking the actual standard is signing off on a potential misstatement.
  • MNPI leakage: Confidential financial data or material non-public information must never be entered into unvetted AI platforms. Only enterprise-approved, secure tools should be used in the disclosure workflow.
  • Industry-specific terminology errors: AI outputs must be validated for accuracy in the specific regulatory and accounting context of your filing.

The practical control is a two-step process: AI drafts, human expert validates against primary sources, and the validation is documented. The documentation matters because it demonstrates the human oversight that Skadden and the SEC both expect.

IFRS 18: The IR Disclosure Change Most Teams Are Not Ready For

For IFRS reporters and dual reporters, IFRS 18 is the most significant financial statement presentation change in decades, and its IR implications are almost entirely absent from current IR best practice discussions.

IFRS 18, which replaces IAS 1 and is effective for annual periods beginning on or after January 1, 2027 (with early adoption permitted), introduces two changes that directly affect how IR teams communicate financial results:

  1. New income statement categories: Operating, investing, and financing income and expenses must be presented in defined categories, with mandatory subtotals. This will change how headline operating profit figures are calculated and presented, potentially making year-over-year comparisons difficult without explanation.
  2. Management-defined performance measures (MPMs): Any alternative performance measure that management uses in public communications and that is not defined by IFRS must be disclosed with a reconciliation, a description of why it is useful, and a label that distinguishes it from IFRS measures.

The MPM requirement is the one IR teams need to act on now. If your investor presentations, earnings releases, or analyst day materials reference adjusted EBITDA, adjusted operating profit, or any other non-IFRS metric, those metrics will require formal disclosure treatment under IFRS 18. Start inventorying your MPMs, documenting the rationale for each, and building the reconciliation templates before the standard takes effect. For the SAB 74 disclosure implications of IFRS 18's adoption, see Finrep's SAB 74 guide.

How to Measure Whether Your IR Program Is Working

Most IR teams cannot answer the CFO's question: what did we get for the IR budget this year? According to Bain research cited by Nasdaq, 90% of companies fail to connect investor relations with overall business strategy. That structural gap is what separates compliance-oriented IR programs from strategic ones.

The measurement framework that leading programs use:

Output metrics (what IR produces):

  • Number and quality of investor meetings per quarter
  • Analyst model accuracy before and after IR releases (a proxy for how well IR is communicating guidance)
  • Message retention measured through post-event surveys

Outcome metrics (what IR achieves):

  • Shifts in shareholder base composition toward long-term institutional holders
  • Relative stock performance during volatility periods (a measure of investor confidence)
  • Post-event capital flows tracked against IR activity
  • Perception study results compared to prior periods

Investor demand signals:

  • 61% of buy-side investors want clearer links between strategy, KPIs, and quarterly results, per Nasdaq's 2025 Global Issuer Pulse survey. Tracking whether your investor feedback reflects this gap closing is itself a KPI.

The cost per meaningful investor engagement metric is particularly useful for CFOs evaluating IR investment, because it converts IR activity into a unit economics framework that finance leadership understands.

The Proxy Statement as an IR Disclosure Document

The proxy statement is not a compliance filing that IR hands off to legal. It is an investor communication that institutional holders read carefully, and its quality increasingly affects voting outcomes.

Best-practice proxy disclosure in 2026 includes:

  • Compensation-strategy alignment: Executive pay programs should be explicitly linked to the strategic priorities described in the 10-K and investor presentations. Institutional investors and proxy advisors are specifically looking for this connection.
  • Board skills matrix: A skills matrix that maps director expertise to the company's specific strategic risks, not a generic list of credentials.
  • Shareholder engagement disclosure: A description of the off-season engagement program, including which investors were engaged, what topics were discussed, and what changes (if any) were made in response.
  • Vote projection modeling: Leading IR programs model likely vote outcomes before the proxy is filed and engage proactively with key institutional holders and proxy advisors on contested proposals.

For an example of current best practice in executive compensation disclosure, the CBRE 2026 DEF 14A filed April 3, 2026 illustrates the level of detail institutional investors now expect in grants of plan-based awards tables.

The Real Cost of Getting IR Communications Wrong

Two 2026 case studies illustrate the financial stakes of IR communication failures.

GameStop CEO Ryan Cohen's CNBC interview in May 2026 cost the company approximately 10% of its share price. The lesson from IR Impact's analysis is not that executives should avoid media; it is that unscripted C-suite investor communications without IR preparation and message discipline are a material financial risk. Media training and pre-approved messaging frameworks are not optional for companies where the CEO is a market-moving figure.

Swedish mining firm Boliden's response to a May 2026 rockfall incident at one of its sites illustrates the opposite failure mode: over-communicating in a crisis. The CEO's attempt to add positive color to a factual press release backfired. IR Impact's conclusion: sometimes the best disclosure decision is restraint. A dry, factual 8-K or press release that states what is known and what is not known is often more credible than a narrative that attempts to manage the emotional response to bad news.

As FedEx's Matt DeBerry put it: "At the end of the day we're selling trust." That framing captures what investor relations disclosure best practices in 2026 are actually about. Not box-checking, not narrative spin, not compliance theater. Trust, built through consistent, specific, and materially accurate communication across every channel where investors encounter your company.

FAQ

What are the most common SEC comment letter triggers for IR disclosures in 2026?

Skadden identifies four priority areas for SEC staff comment letter review in 2026: MD&A disclosures for macroeconomic trends (especially tariffs), KPI disclosure and use, AI and cybersecurity disclosure alignment with market practice, and government shutdown and trade policy impacts. Boilerplate risk factors that could appear in any company's filing without modification are the most consistent trigger across all categories.

Should we change our cybersecurity disclosures now given the pending Reg S-K review?

Do not wait for final rules to reassess your cybersecurity disclosures. The market standard is already set: 67% of Fortune 500 companies describe their cybersecurity frameworks, 65% reference incident response plans, and 64% disclose employee training efforts. If your disclosures fall below this baseline without a documented materiality rationale, you are exposed regardless of whether Item 106 is rescinded.

How do we handle climate disclosure after the SEC rescinded its climate rule?

The disclosure obligation did not disappear; it fragmented. California's SB 253 GHG reporting requirement remains live for companies doing business in California. Institutional investor expectations have not declined. SAB 74 disclosures may be required for IFRS S1/S2 if your company is an IFRS reporter. The decision is where to put climate information (10-K vs. sustainability report) and how to frame it, which requires legal judgment about liability implications.

What is the right governance structure for an IR disclosure program?

A cross-functional disclosure committee, chaired by the CFO or General Counsel, with IR, legal, finance, sustainability, and communications represented. The committee should meet before each major filing, document its materiality determinations, and report to the board on investor sentiment, regulatory changes, and disclosure quality. IR should function as the intelligence hub that translates investor feedback into disclosure priorities.

How do we use AI tools in disclosure drafting without creating liability?

Three controls are non-negotiable: use only enterprise-approved, secure platforms (no MNPI in unvetted tools); validate every statistic, regulatory citation, and quote against primary sources before filing; and document the human review process. The company remains liable for every word in a public filing, regardless of whether AI generated the first draft.

What does IFRS 18 mean for IR teams?

IFRS 18, effective January 1, 2027 with early adoption permitted, requires IFRS reporters to categorize income statement items into defined operating, investing, and financing categories and to formally disclose any management-defined performance measures used in public communications with reconciliations. IR teams should inventory all alternative performance measures used in investor presentations and earnings releases now, before the standard takes effect.

You might also like

How to Draft a Technical Accounting Memo That Survives Audit and SEC Review

How to Draft a Technical Accounting Memo That Survives Audit and SEC Review

Jun 18, 2026
Material Weakness Disclosure Requirements: 2026 SEC Compliance Guide

Material Weakness Disclosure Requirements: 2026 SEC Compliance Guide

Jun 18, 2026
How to Prevent Repeat SEC Comment Letters: A 2026 Process Guide for CFOs

How to Prevent Repeat SEC Comment Letters: A 2026 Process Guide for CFOs

Jun 17, 2026

Run your SEC filing cycle on Finrep

Company
PlatformUse CasesAboutPricingContactCareers
Resources
BlogSEC Reporting JournalSecurityPrivacy PolicyTerms of Service
LinkedInTwitter/X
Ask AI aboutFinrep
ChatGPT
Claude
Perplexity
SOC2 Type 2 badge
ISO 27001 badge
Backed By
Accel logo
Finrep Footer