10-K Risk Disclosure Analysis · by Jack He · Offline

Advanced · Risk · Analytics

Mode: Local PDF/HTML analysis
Engine: PDF.js · DOMParser · LM Dictionary · TF-IDF · D3
Analysing section:

How This Program Works

In one paragraph
You drop in a 10-K filing as PDF or HTML. The tool finds the Risk Factors section, counts certain kinds of words, compares them year-on-year and against peers, then displays seventeen visualisations of what it found. Everything happens locally in your browser — no data is uploaded anywhere.

The problem this solves

Public companies have to file an annual report called a 10-K with the SEC. Buried inside is a section called "Risk Factors" where the company lists everything that could go wrong — lawsuits, supply chain issues, climate change, cyberattacks, you name it. These sections are long, dense, and written by lawyers. Reading one carefully takes hours. Comparing five of them across two companies takes days.

This tool reads them for you and shows you what matters in pictures.

The whole thing is one HTML file. You double-click it, drag PDFs onto it, and you get a dashboard.

What it actually measures

Think of it as having three different lenses, each answering a different question.

Lens 1 · How does the language feel?

There's a famous research project from Notre Dame called the Loughran-McDonald dictionary. Two finance professors went through thousands of corporate filings and classified about 80,000 words into categories: "negative" (impair, decline, lawsuit), "uncertain" (may, might, could, possibly), "litigious" (court, settlement, plaintiff), and so on. The tool counts how often each category appears.

If a company's "negative" word count goes up year over year, their tone is darkening. If "uncertain" words spike, management is hedging more — usually because something they previously claimed to know is now in doubt. If "litigious" language climbs, the lawyers have been busy. This is the basis for the risk score — a single number that combines these counts. Higher means more anxious-sounding.

Lens 2 · What are they talking about?

The tool has a list of risk topics — Cybersecurity, Regulatory, Supply Chain, Climate, Macroeconomic, Competition, Litigation, Talent, Geopolitical, Pandemic, AI, Consumer Health — and a set of keywords for each. It counts how often each topic comes up.

This lets you see things like: "Coca-Cola mentioned climate 18 times in 2020 but 48 times in 2024." Patterns over multiple years reveal what's emerging (AI rising sharply since 2023) and what's fading (COVID dropping off after 2022).

Lens 3 · What's new, missing, and different?

This is where it gets more interesting. The tool does three sophisticated things.

Year-over-year diffing. It chops each year's Risk Factors section into individual risks and tries to match them across years. Risks that don't match anything in the prior year are flagged as "added." Risks that disappear are "removed." Risks that match but with substantially different wording are "reworded" — and the rewording is often the most revealing thing of all.

Peer comparison. When you upload filings from two companies in the same year, the tool uses a technique called TF-IDF (term frequency–inverse document frequency, borrowed from search engines) to find phrases each company uses much more than the other. The phrases the other company uses but yours doesn't are your relative omissions — what your peers worry about that you're conspicuously quiet on.

Lifecycle tracking. For each individual risk, the tool tries to follow it through time. When did it first appear? Did it get more or less prominent? Is it still there? You see this as a timeline showing each risk's lifespan.

How it actually reads the files

For PDFs, the tool uses a library called PDF.js — the same technology Firefox uses to display PDFs in the browser — to extract text page by page.

For HTML files, it uses the browser's built-in HTML parser to walk through the document, throw away navigation menus, scripts, and hidden financial data tags, and pull out the readable text.

In both cases, once it has the text, it uses regular expressions to find three SEC section headings — "Item 1. Business," "Item 1A. Risk Factors," and "Item 7. Management's Discussion and Analysis" — and extract each section's content separately. The dashboard then lets you switch between sections via the selector bar that appears above the analysis tabs. Each section gets its own independent analysis: the same numbers (tone, hedging, categories, diffs) computed against different text.

Why three sections? Because they reveal different things. Risk Factors is the lawyers' worry list — what could go wrong. MD&A is management's voice — how they explain results and their own confidence. Business (Item 1) is the strategic narrative — what the company says it is and what it does. A company whose Risk Factors got darker but whose MD&A stayed upbeat is signalling something different from one where both moved together. A company whose Business description quietly evolved from "consumer goods company" to "consumer health and wellness platform" is repositioning before any other signal would catch it.

The seventeen visualisations

The dashboard has six analysis tabs. Here's what each one shows.

Overview

Your dashboard front page. A risk score for each company, a "weather report" card showing whether each filing reads as Calm, Cautious, Anxious, or Defensive, and a list of automatic flags — red for big changes, amber for things worth checking, green for stability.

Tone & Language

Five views of how the writing itself behaves. The main tone chart over time, the same chart with major external events overlaid (so you can see who reacted to COVID and who didn't), a hedge-density chart, a sentence-length distribution (long convoluted sentences read as evasive; short declarative ones read as confident), and a modal-verb breakdown showing the strong-vs-weak commitment ratio.

Risk Structure

Five views of how risks are arranged. A heatmap of all topics over time, a treemap showing topic proportions for one filing at a glance, a concentration index, radar fingerprint charts showing each company's risk shape, and a force-directed network graph showing which topics get mentioned together — revealing how the company thinks about its risks.

Change & Emergence

Four views of what's shifting. The detailed year-over-year diff, a streamgraph showing how attention reallocates across topics over time, a lifecycle chart, and a late-mover scatter plot showing when each company first started talking substantially about emerging risks like AI.

Peer Comparison

Three views of how companies compare. The TF-IDF distinctive-terms list, an omissions matrix highlighting where one company is conspicuously quieter than peers, and a baseline-deviation chart showing how far each company sits from the industry average on each topic.

Layman View

Three plain-English outputs. Auto-generated narrative summaries, one-page executive briefing cards designed to print on A4, and "story arcs" that follow a single risk topic across all years for one company with sample passages from each year.

What it is not

A few things are worth being clear about, because this is a pilot tool with real limits.

  • It's pattern matching, not understanding. The tool counts words and matches phrases. It doesn't comprehend meaning. When the narrative says "tone has darkened," it's because more "negative" words appeared, not because the tool grasped any particular risk. For nuanced interpretation you still need to read the filing.
  • The narrative summaries are rule-based. They follow templates filled with the numbers — accurate but rigid. A real LLM could write much more useful summaries, but that requires sending text out of the browser, which the pilot deliberately avoids.
  • It works best on a small set of companies. Sweet spot is 2 to 5 companies across 3 to 5 years — roughly 10 to 20 filings. Beyond about 25, the visualisations start to crowd.
  • The Risk Factors extractor is a regex. If a company formats its 10-K unusually, the extractor might grab too much or too little. The tool falls back to analysing the whole document if it can't find the section cleanly, and shows a warning.
  • It uses a curated word list, not the full Loughran-McDonald dictionary. This keeps the file small. The full 80,000-word dictionary would tighten the scores.

Why it's built this way

The whole tool is one HTML file that runs in your browser. There's no server, no database, no installation, nothing to maintain. You can email the file to a colleague and they can use it with no setup. Uploaded 10-K data never leaves your machine — read into browser memory, analysed, and forgotten when you close the tab.

This is the right design for a pilot. It removes every objection — no IT approval, no procurement, no security review, no API costs — and lets you find out whether the analysis itself is useful before committing to anything more substantial.

The point of a pilot tool is to be wrong cheaply and quickly. This one's set up to do that.

If the pilot answers the usefulness question with a clear yes, the next version can add things that require infrastructure: real LLM-written narratives, larger company sets, automated EDGAR fetching, scheduled monitoring. But none of that matters if the basic analysis doesn't earn its keep.

Ready to try it?

Upload Filings

Drop in 10-K filings as PDF or HTML. The tool extracts three sections — Item 1 Business, Item 1A Risk Factors, and Item 7 MD&A — runs the analysis on each, and renders everything across the tabs above. Switch between sections using the bar that appears above the analysis tabs. Nothing leaves your browser.

Drop PDFs here, or click to browse

Accepts PDF or HTML 10-Ks. Filenames like KO_2024.pdf or KO_2024.html are auto-parsed. Otherwise edit ticker/year on the cards.
For best results: 2+ years per company (year-over-year), 2+ companies (peer comparison).

3At a Glance

Run analysis on the Setup tab to populate.

4The Tone of the Disclosure

Run analysis first.

5Structure of Risk

Run analysis first.

6Change & Emergence

Run analysis first.

7Peer Comparison

Run analysis with at least 2 companies first.

8Made for the Layman

Run analysis first.