Risk Factors Dashboard
Once a year, publicly traded companies issue a comprehensive report of their business, called a 10-K. A component mandated in the 10-K is the ‘Risk Factors’ section, where companies disclose any major potential risks that they may face. This dashboard highlights all major changes and additions in new 10K reports, allowing investors to quickly identify new potential risks and opportunities.
View risk factors by ticker
Search filings by term
Risk Factors - AON
-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing
Item 1A. Risk Factors
The Company’s Board oversees Aon’s ERM program and allocates certain oversight responsibilities to its committees and any sub-committees, as appropriate. The Board has delegated to the Audit Committee the primary responsibility for the oversight of the Company’s ERM program. The Audit Committee also has primary responsibility for the oversight of cybersecurity risk and engages in regular discussion with management regarding cybersecurity and privacy risk mitigation and incident management, including risks arising from the use of artificial intelligence. Cybersecurity matters are an important focus of our Board’s oversight of risk. The Company’s management, including the Chief Information Security Officer (“CISO”) , regularly presents (no less than twice annually) to the Audit Committee of the Board regarding cybersecurity matters. Members of senior management attend Board and committee meetings to address any questions or concerns raised by the Board related to risk management, including those relating to cybersecurity, and any other matters.
Aon has established a third-party risk governance program that creates guidelines for selecting and managing its suppliers, including assessing of their operational capabilities, adherence to the Company’s data security requirements, and technical, organizational, and physical safeguards. Contractual requirements and periodic reviews are designed to promote compliance with Aon’s security requirements. Aon’s GPDTO and Law & Compliance department work with business units to incorporate appropriate controls into supplier contracts.
The risk factors set forth below reflect risks associated with our existing and potential businesses and the industries in which we operate generally and contain “forward-looking statements” as discussed in the “Business” Section of Part I, Item 1 of this report. Readers should consider these risks in addition to the other information contained in this report because our business, financial condition, or results of operations could be materially adversely affected if any of these risks were to actually occur and the occurrence of such risks could cause our actual results to differ materially from those stated in or implied by the forward-looking statements in this document and elsewhere.
Risk Factors Summary
The following is a summary of the principal risks associated with our businesses and the industries in which we operate generally as described in more detail in this report. We encourage you to carefully review the full risk factors immediately following this summary as well as the other information in this report.
Risks Related to Our Business
•An overall decline in economic and business activity could have a material adverse effect on the financial condition and results of operations of our business.
•We face significant competitive pressures from traditional and non-traditional competitors that could affect our business.
•If we are unable to effectively develop and implement innovative strategies, efficiencies and new solutions for our clients, our reputation, ability to compete effectively and financial condition may be adversely affected.
9
•If our clients are not satisfied with our services, we may face additional cost, loss of profit opportunities, damage to our reputation, or legal liability.
•Revenues from commission arrangements may fluctuate due to many factors, including cyclical or permanent changes in the insurance and reinsurance markets outside of our control.
•The profitability of our operations may not meet our expectations due to unexpected costs, cost overruns, inflation, early contract terminations, unrealized assumptions used in our contract bidding process or the inability to maintain our prices.
Financial Risks
•We are exposed to fluctuations in currency exchange rates that could negatively impact our financial results and cash flows. Similarly, changes in interest rates and deterioration of credit quality could reduce the value of our cash balances and investment portfolios and adversely affect our financial condition or results.Changes in interest rates and deterioration of credit quality could reduce the value of our cash balances and investment portfolios and adversely affect our financial condition or results.
•We have debt outstanding that could adversely affect our financial flexibility. In addition, a decline in the credit ratings of our senior debt and commercial paper may adversely affect our borrowing costs, access to capital, and financial flexibility.A decline in the credit ratings of our senior debt and commercial paper may adversely affect our borrowing costs, access to capital, and financial flexibility.
•Our tax assets and liabilities are subject to a variety of different factors, including the adoption and implementation of OECD tax proposals, which could create volatility in our global effective tax rate, expose us to greater than anticipated tax liabilities or cause us to adjust previously recognized tax assets and liabilities.
•We are a holding company and, therefore, may not be able to receive dividends or other payments in needed amounts from our subsidiaries.
Legal and Regulatory Risks
•We are subject to E&O claims against us as well as other contingencies and legal proceedings, some of which, if determined unfavorably to us, could have a material adverse effect on our financial condition or results of operations.
•Our businesses are subject to extensive governmental regulation, which could reduce our profitability, limit our growth, or subject us to legal and regulatory actions.
•Failure to protect our intellectual property rights, or allegations that we have infringed on the intellectual property rights of others, could harm our reputation, ability to compete effectively, and financial condition.
Operational Risks
•Natural or human-caused disasters could result in declines in business and increases in claims that could adversely affect our financial condition and results of operations.
•Our success depends on our ability to retain, attract and develop experienced and qualified personnel, including our senior management team and other personnel.
•We may not recognize all of the expected benefits from our Accelerating Aon United program and other operational improvement initiatives.
Risks Related to Technology, Cybersecurity, and Data Protection
•We rely on complex information technology systems and networks to operate our business. Any significant system or network disruption due to a breach in the security of our information technology systems could have a negative impact on our reputation, operations, sales, and operating results.
•Improper disclosure of confidential, personal, or proprietary data could result in regulatory scrutiny, legal liability, or harm to our reputation.
•Regulation in the areas of data privacy, data protection, data management, data transfer, data localization, artificial intelligence, and cybersecurity could increase our costs and affect or limit our business opportunities.
Risks Related to Being an Irish-incorporated Company
•We are incorporated in Ireland, and Irish law differs from the laws in effect in the U.S. and may afford less protection to holders of our securities.
10
•As an Irish public limited company, certain capital structure decisions regarding the Company will require the approval of shareholders, which may limit the Company’s flexibility to manage its capital structure.
•Irish law requires us to have available “distributable profits” to pay dividends to shareholders and generally to make share repurchases and redemptions.
Risks Related to Our Business
An overall decline in economic and business activity could have a material adverse effect on the financial condition and results of operations of our business.
The results of our operations are generally affected by the level of business activity of our clients, which in turn is affected by the economy of the industries and markets these clients serve. Economic downturns, volatility, or uncertainty in the broader economy or in specific markets (including as a result of endemics or pandemics, climate change, political unrest, actions by governments and central banks, or otherwise) have caused in the past and may in the future cause reductions in technology and discretionary spending by our clients, which may result in reductions in the growth of new business or reductions in existing business. Economic downturns, volatility, or uncertainty in the broader economy or in specific markets (including as a result of endemics or pandemics, climate change, political unrest, actions by central banks, or otherwise) may cause reductions in technology and discretionary spending by our clients, which may result in reductions in the growth of new business or reductions in existing business. If our clients become financially less stable, enter bankruptcy, liquidate their operations or consolidate, our revenues and collectability of receivables could be adversely affected.
The demand for property and casualty insurance generally rises as the overall level of economic activity increases and generally falls as such activity decreases, affecting both the commissions and fees generated by our Risk Capital segment. The economic activity that impacts property and casualty insurance is most closely correlated with employment levels, corporate revenues, and asset values. Downward fluctuations in the year-over-year insurance premiums charged by insurers to protect against the same risk, referred to in the industry as softening of the insurance market, has and could adversely affect these businesses as a significant portion of our revenue is determined as a percentage of premiums charged to our clients. Downward fluctuations in the year-over-year insurance premiums charged by insurers to protect against the same risk, referred to in the industry as softening of the insurance market, could adversely affect these businesses as a significant portion of the revenue is determined as a percentage of premiums charged to our clients. In addition, certain discretionary services within our business, such as our talent advisory services, project-related work within our Commercial Risk, Health, and Wealth solution lines, and transaction services, may see a decrease in activity if the overall level of economic activity results in a reduction to our clients’ discretionary spending. In addition, certain discretionary services within our business, such as Human Capital, project-related work within Commercial Risk Solutions and Health Solutions, and transaction liability, may see a decrease in activity if the overall level of economic activity results in a reduction to our clients’ discretionary spending. Insolvencies and consolidations associated with an economic downturn, especially insolvencies in the insurance industry, could adversely affect our brokerage business through the loss of clients by hampering our ability to place insurance and reinsurance business. Also, error and omission claims against us, which we refer to as E&O claims, may increase in economic downturns or due to natural or human-caused disasters, also adversely affecting our business. In addition, decreased underwriting capacity for insurance and reinsurance may create difficulty for our professionals to place business, which may adversely impact our ability to earn revenue.
We face significant competitive pressures from traditional and non-traditional competitors that could affect our business.
As a global professional services firm, we compete with a broad variety of firms, including global, national, regional, and local insurance companies that market and service their own products, other financial services providers, brokers, and investment managers, independent firms, and consulting organizations affiliated with accounting, information systems, technology, and human resources consulting firms. We compete with respect to service, delivery of insights, product features, price, commission structure, technology, financial strength, ability to access certain insurance markets, and name recognition. Our competitors may have better financial, technical and marketing resources, broader customer bases, greater name recognition, more comprehensive products, stronger presence in certain geographies, or more established relationships with their customers and suppliers than we have.
Alliances or mergers among competitors could also affect our business. Further, we compete on pricing and the innovation and quality of our service offerings, which could be affected by competitors’ lower cost structures, product development activities, and pricing policies, any or all of which could result in better market acceptance of our competitors’ offerings than those that we offer or develop. Further, we compete on pricing and the innovation and quality of our service offerings and could be affected by competitors’ lower cost structures, product development activities, and pricing policies, any or all of which could result in better market acceptance of our competitors’ offerings than those that we offer or develop.
This competition is further intensified by an industry trend where clients elect to engage multiple brokers to service different portions of their accounts. If we fail to respond successfully to the evolving competition we face, our financial condition or results of operations may be adversely affected.
If we are unable to effectively develop and implement innovative strategies, efficiencies and new solutions for our clients, our reputation, ability to compete effectively and financial condition may be adversely affected.
Developing and implementing innovative strategies, efficient business practices, and new solutions to current and emerging client needs is important to our business. We may be unsuccessful in developing innovative strategies, or our competitors may be more successful in innovating and delivering services to meet new and existing client needs. Competitors may be able to innovate faster and respond better to evolving client demand and industry conditions, or may price their products in a more attractive manner. Competitors may be able to innovate faster and respond better to evolving client demand and industry conditions, or price their services more aggressively than we do. Further, new and non- traditional competitors (including “InsurTech” firms utilizing artificial intelligence or
11
other advanced technologies), our clients’ increasing ability and determination to self-insure, and capital market alternatives to traditional insurance and reinsurance markets create an even more dynamic, competitive, and innovative market environment that could affect our business. If we are unsuccessful in innovating, if we cannot innovate as quickly as our competitors, if we are not able to make sufficient investment in innovation, if new or existing competitors develop more cost-effective or efficient technologies or cause disintermediation (including through the use of artificial intelligence or other emerging technologies), or if our ideas are not accepted in the marketplace, it could have a material adverse effect on our ability to obtain and complete client engagements or on our financial condition and results of operations. If we are unsuccessful in innovating, if we cannot innovate as quickly as our competitors, if we are not able to make sufficient investment in innovation, if our competitors develop more cost-effective technologies, or if our ideas are not accepted in the marketplace, it could have a material adverse effect on our ability to obtain and complete client engagements.
For example, we have invested significantly in Aon Business Services and the development of proprietary data and analytics tools including repositories of our global insurance and reinsurance placement information, which we use to help drive results for our clients in the insurance and reinsurance placement process. Our competitors have developed or are developing competing data and analytics tools, and their success in this space may impact our ability to differentiate our own data and analytics tools. Innovations in software, cloud computing, data and analytics, generative and agentic artificial intelligence, or other technologies that alter how our services are delivered could significantly undermine our investment in the business if we are slow to innovate or unable to take advantage of these developments. Innovations in software, cloud computing, data and analytics or other technologies that alter how our services are delivered could significantly undermine our investment in the business if we are slow to innovate or unable to take advantage of these developments.
In addition, innovation in the technology we leverage in our products and business processes, our capabilities, the sources of capital for our clients’ insurance and reinsurance needs, and the entry into new lines of business, services, or products require significant investment and present additional risks to our business, particularly in instances where the technologies and markets are new or developing or where we are new participants in such markets. Such risks include without limitation the investment of significant time and resources; the possibility that these efforts will not be successful or result in reputational damage to us; the possibility that the marketplace does not accept our products or services or that we are unable to retain clients that adopt our new products or services; the risk that our governance process and controls in these new areas may not be effective or consistent with legal, regulatory, or client requirements or expectations and the risk of new or additional liabilities associated with these efforts, including potential E&O or other claims. For example, we continue to invest in artificial intelligence, particularly in generative artificial intelligence tools, and maintain governance and oversight measures regarding its use. Certain use cases of artificial intelligence in our business processes could pose strategic, operational, legal, ethical, regulatory or reputational risks where there may be incorrect outputs or bias in those systems or processes, potential infringement of intellectual property rights, exposure of proprietary or personal information, heightened cybersecurity risks and challenges in safely deploying, governing or controlling artificial intelligence systems or where there is inadequate human oversight.
If our clients are not satisfied with our services, we may face additional cost, loss of profit opportunities, damage to our reputation, or legal liability.
We depend, to a large extent, on our relationships with our clients and our reputation for high-quality advice and solutions. If a client is not satisfied with our services, it could cause us to incur additional costs and impair profitability, or lose the client relationship altogether. Moreover, if we fail to meet our contractual, statutory, common law or fiduciary obligations, we could be subject to legal liability or loss of client relationships. Moreover, if we fail to meet our contractual, common law or fiduciary obligations, we could be subject to legal liability or loss of client relationships.
The nature of much of our work involves assumptions and estimates concerning future events, the actual outcome of which we cannot know with certainty in advance. For example, in our investment businesses, we may be measured based on our track record regarding judgments and advice on investments that are susceptible to influences unknown at the time the advice was given. In addition, we could make computational, software programming, or data entry or management errors. Clients have claimed and may in the future claim they have suffered losses due to reliance on our consulting advice, analysis, or reporting, which poses risks of liability exposure and costs of defense and increased insurance premiums. As we do not fully control the actions of these third parties, we are subject to the risk that their decisions, actions, or inactions may adversely impact us and replacing these service providers could create significant delay and expense. Many of our clients are businesses that actively share information among themselves about the quality of service they receive from their vendors. Adverse statements or claims from clients (including clients in the public sector or whose activities are frequently covered by the press) may receive media attention or other publicity. Accordingly, poor service to, or the adverse opinion of, one client may negatively impact our relationships with multiple other clients. Accordingly, poor service to one client may negatively impact our relationships with multiple other clients.
Damage to our reputation could have a material adverse effect on our business.
We advise our clients on and provide services related to a wide range of subjects and our ability to attract and retain clients is highly dependent upon the external perceptions of our level of service, trustworthiness, business practices, financial condition, and other subjective qualities. Negative perceptions or publicity regarding these matters or others could erode trust and confidence and damage our reputation among existing and potential clients and existing and future employees, which could make it difficult for us to attract new clients and employees and retain existing ones. Negative public opinion could also result from actual or alleged conduct by us or those currently or formerly associated with us. Damage to our reputation, including as a result of negative perceptions or publicity regarding a particular business partner, class of business, environmental matters, climate change, workforce make-up, pay equity, harassment, social justice, cybersecurity, data privacy and data protection, use of artificial intelligence or innovative technology, or our inability to meet commitments or client and stakeholder expectations
12
with respect to such matters, could affect the confidence of our clients, rating agencies, regulators, stockholders, employees and third parties in transactions that are important to our business adversely affecting our business, financial condition, and operating results.
Revenues from commission arrangements may fluctuate due to many factors, including cyclical or permanent changes in the insurance and reinsurance markets outside of our control.
Revenues from commission arrangements have historically been affected by significant fluctuations arising from uncertainties and changes in the industries in which we operate. A significant portion of our revenue consists of commissions paid to us out of the premiums that insurers and reinsurers charge our clients for coverage. We have no control over premium rates, and our revenues and profitability are subject to change to the extent that premium rates fluctuate or trend in a particular direction. The potential for changes in premium rates is significant, due to pricing cyclicality in the insurance and reinsurance markets.
In addition to movements in premium rates, our ability to generate premium-based commission revenue has been and could in the future be challenged by:
•the growing availability of alternative methods for clients to meet their risk-protection needs, including a greater willingness on the part of corporations to “self-insure,” the use of so-called “captive” insurers, and the development of capital markets-based solutions and other alternative capital sources for traditional insurance and reinsurance needs that increase market capacity, increase competition, and put pressure on premiums;
•decreases in available underwriting capacity for insurance and reinsurance;
•fluctuation in the need for, or relevancy of, insurance;
•the level of compensation, as a percentage of premium, that insurance carriers are willing to compensate brokers for placement activity;
•the growing desire of clients to move away from variable commission rates and instead compensate brokers based upon flat fees, which can negatively impact us as fees are not consistently indexed for inflation and therefore, may not offer the same financial performance;
•competition from insurers seeking to sell their products directly to consumers, including online sales, without the involvement of an insurance broker; and
•the growing number of technology-enabled competitors offering new risk-transfer solutions that eliminate the traditional broker-client relationship in both insurance and reinsurance markets.
The profitability of our operations may not meet our expectations due to unexpected costs, cost overruns, inflation, early contract terminations, unrealized assumptions used in our contract bidding process or the inability to maintain our prices.
Our profitability is highly dependent upon our ability to control our costs and improve our efficiency. As we adapt to changes in our business and the market, adapt to the regulatory environment, enter into new engagements, acquire additional businesses, and take on new employees in new locations, we may not be able to manage our large, changing workforce, effectively control our costs, or improve our efficiency.
Our profit margin, and therefore our profitability, is largely a function of the revenue generated from our services and the staffing costs for our personnel and related expenses. Accordingly, if we are not able to maintain the rates we charge for our services or appropriately manage the staffing costs of our personnel and related expenses, we may not be able to sustain our profit margin and our profitability will suffer. The prices we are able to charge for our services are affected by a number of factors, including competitive factors, the extent of ongoing clients’ perception of our ability to add value through our services, and general economic conditions. If we cannot drive suitable cost efficiencies, our profit margins will suffer. Our cost efficiencies may also be impacted by factors such as our ability to transition consultants from completed projects to new assignments, to secure new business, to forecast demand for our services (and, consequently, appropriately manage the size and location of our workforce), to develop, attract and retain suitable capabilities and talent, to obtain third party services at favorable prices, and to manage key suppliers to maximize delivery; product and efficiency opportunities; inflation (including wage inflation); and the need to devote time and resources to training and professional and business development. Our cost efficiencies may also be impacted by factors such as our ability to transition consultants from completed projects to new assignments, our ability to secure new business, our ability to forecast demand for our services (and, consequently, appropriately manage the size and location of our workforce), our ability to develop, attract and retain suitable capabilities and talent, our ability to obtain third party services at favorable prices, our ability to manage key suppliers to maximize delivery, product and efficiency opportunities, inflation (including wage inflation) and the need to devote time and resources to training and professional and business development.
13
Financial Risks
We are exposed to fluctuations in currency exchange rates that could negatively impact our financial results and cash flows.
We face exposure to adverse movements in exchange rates of currencies other than our reporting currency, the U.S. dollar, as a significant portion of our business is located outside of the U.S. These exposures may change over time, and they could have a material adverse impact on our financial results and cash flows. Approximately 51.8% of our consolidated revenue is non-U.S., attributed on the basis of where the services are performed, and where products are sold, and the exposures created can have significant currency volatility. These currency exchange fluctuations create risk in both the translation of the financial results of our global subsidiaries into U.S. dollars for our consolidated financial statements, as well as in those of our operations that receive revenue and incur expenses other than in their respective local currencies, which can reduce the profitability of our operations based on the direction the respective currencies’ exchange rates move. A decrease in the value of certain currencies relative to other currencies could place us at a relative disadvantage compared to our competitors that benefit to a greater degree from a specific exchange rate move and can, as a result, deliver services at a lower cost or receive greater revenues from such a transaction. Although we use various derivative financial instruments to limit the impact of foreign exchange rate fluctuations, we cannot eliminate such risks, and, as a result, changes in exchange rates may adversely affect our results. Although we use various derivative financial instruments to help protect against certain adverse foreign exchange rate fluctuations, we cannot eliminate such risks, and, as a result, changes in exchange rates may adversely affect our results. For example, the strengthening of the value of the U.S. dollar versus other currencies may adversely affect the value of our products and services when translated to U.S. dollar, even if the value of such products and services has not changed in their original currency.
Changes in interest rates and deterioration of credit quality could reduce the value of our cash balances and investment portfolios and adversely affect our financial condition or results.
Operating funds available for corporate use were $2.8 billion at December 31, 2025 and are reported in Cash and cash equivalents and Short-term investments.Operating funds available for corporate use were $1,142 million at December 31, 2022 and are reported in Cash and cash equivalents and Short-term investments. Of the total balance, $180 million was restricted to its use as of December 31, 2025. Funds held on behalf of clients and insurers were $7.4 billion at December 31, 2025 and are reported in Fiduciary assets. Of the total balance, $115 million was restricted to its use as of December 31, 2022. Funds held on behalf of clients and insurers were $6.4 billion at December 31, 2022 and are reported in Fiduciary assets. We also carry an investment portfolio of other long-term investments. As of December 31, 2025, these long-term investments had a carrying value of $192 million. Adverse changes in interest rates, performance, and counterparty credit quality, including default, could reduce the value of these funds and investments, thereby adversely affecting our financial condition or results. We may experience reduced investment earnings on our cash and short-term investments of fiduciary and operating funds if the yields on investments deemed to be low risk fall below their current levels, or if negative yields on deposits or investments are experienced, as we have experienced in Japan and certain jurisdictions in the E.U. On the other hand, higher interest rates could result in a higher discount rate used by investors to value our future cash flows thereby resulting in a lower valuation of the Company. In addition, during times of stress in the banking industry, counterparty risk can quickly escalate, potentially resulting in substantial losses for us as a result of our cash or other investments with such counterparties, as well as substantial losses for our clients and the insurance companies with which we work.
Our pension obligations and value of our pension assets could adversely affect our shareholders’ equity, net income, cash flow, and liquidity.
To the extent that the pension obligations associated with our pension plans continue to exceed the fair value of the assets supporting those obligations, our financial position and results of operations may be adversely affected. In particular, lower interest rates and investment returns could result in the present value of plan liabilities increasing at a greater rate than the value of plan assets, resulting in higher unfunded positions in our pension plans. In addition, the periodic revision of pension assumptions or variances of actual results from our assumptions can materially change the present value of expected future benefits, and therefore the funded status of the plans and resulting net periodic pension expense. As a result, we may experience future changes in the funded status of our plans that could require us to make additional cash contributions beyond those that have been estimated and which could adversely affect shareholders’ equity, net income, cash flow and liquidity.
Our worldwide pension plans are significant, and therefore our pension contributions and expense are sensitive to various market, demographic, and other factors. These factors include equity and bond market returns, fair value of pension assets, the assumed interest rates we use to discount our pension liabilities, foreign exchange rates, rates of inflation, mortality assumptions, potential regulatory and legal changes or developments, and counterparty exposure from various investments and derivative contracts, including annuities. Variations or developments in connection with any of these factors could cause significant changes to our financial position and results of operations from year to year. In addition, contributions are generally based on statutory requirements and local funding practices, which may differ from measurements under U.S. GAAP.
14
We have debt outstanding that could adversely affect our financial flexibility.
As of December 31, 2025, we had total consolidated debt outstanding of approximately $15.2 billion. The level of debt outstanding could adversely affect our financial flexibility by reducing our ability to use cash from operations for other purposes, including working capital, dividends to shareholders, share repurchases, acquisitions, capital expenditures and general corporate purposes. We also are subject to risks that, at the time any of our outstanding debt matures, we will not be able to retire or refinance the debt on terms that are acceptable to us, or at all.
As of December 31, 2025, we had two primary committed credit facilities outstanding.As of December 31, 2022, we had two committed credit facilities outstanding. The credit facilities are intended to support our commercial paper obligations and our general working capital needs. Each of these facilities is intended to support our commercial paper obligations and our general working capital needs. In addition, each of our committed credit facilities included customary representations, warranties, and covenants, including financial covenants that require us to maintain specified ratios of adjusted consolidated EBITDA to consolidated interest expense and consolidated debt to adjusted consolidated EBITDA, tested quarterly. In addition, each of these facilities included customary representations, warranties, and covenants, including financial covenants that require us to maintain specified ratios of adjusted consolidated EBITDA to consolidated interest expense and consolidated debt to adjusted consolidated EBITDA, tested quarterly.
A substantial portion of our outstanding debt, including certain intercompany debt obligations, contains financial and other covenants. The terms of these covenants may limit our ability to obtain, or increase the costs of obtaining, additional financing to fund working capital, capital expenditures, acquisitions, or general corporate requirements. This in turn may impact our flexibility to respond to changing business and economic conditions, thereby placing us at a relative disadvantage compared to competitors that have less indebtedness, or fewer or less onerous covenants associated with such indebtedness, and making us more vulnerable to general adverse economic and industry conditions. This in turn may have the impact of reducing our flexibility to respond to changing business and economic conditions, thereby placing us at a relative disadvantage compared to competitors that have less indebtedness, or fewer or less onerous covenants associated with such indebtedness, and making us more vulnerable to general adverse economic and industry conditions.
If we cannot service our indebtedness or continue to meet the terms of our financial covenants, we may have to take actions such as selling assets, seeking additional equity, or reducing or delaying capital expenditures, strategic acquisitions, investments, and alliances, any of which could impede the implementation of our business strategy or prevent us from entering into transactions that would otherwise benefit our business.If we cannot service our indebtedness, we may have to take actions such as selling assets, seeking additional equity, or reducing or delaying capital expenditures, strategic acquisitions, investments, and alliances, any of which could impede the implementation of our business strategy or prevent us from entering into transactions that would otherwise benefit our business. Additionally, we may not be able to take such actions or refinance any of our debt, if necessary, on commercially reasonable terms, or at all.
A decline in the credit ratings of our senior debt and commercial paper may adversely affect our borrowing costs, access to capital, and financial flexibility.
A downgrade in the credit ratings of our senior debt and commercial paper could increase our borrowing costs, reduce or eliminate our access to capital, reduce our financial flexibility, and limit our ability to implement our corporate strategy. Our senior debt ratings at December 31, 2025 were A- with a stable outlook (S&P), BBB+ with a stable outlook (Fitch), and Baa2 with a positive outlook (Moody’s). Our commercial paper ratings were A-2 (S&P), F-2 (Fitch) and P-2 (Moody’s).
Real or anticipated changes in our credit ratings will generally affect any trading market for, or trading value of, our securities. Such changes could result from any number of factors, including the modification by a credit rating agency of the criteria or methodology it applies to particular issuers, a change in the agency’s view of us or our industry, or as a consequence of actions we take to implement our corporate strategies. A change in our credit rating could adversely affect our access to capital and our competitive position.
Our tax assets and liabilities are subject to a variety of different factors, which could create volatility in our global effective tax rate, expose us to greater than anticipated tax liabilities or cause us to adjust previously recognized tax assets and liabilities.
We are, and anticipate we will be, subject to income taxes in Ireland, the U.K., the U.S., Singapore and many other jurisdictions. As a result, our global effective tax rate from period to period can be affected by many factors, including changes in tax legislation or regulations, the continuing development of regulations and other governmental action that affect the application of such legislation, our global mix of earnings, the use of global funding structures, the tax characteristics of our income, the effect of complying with transfer pricing requirements under laws of many different countries on our revenues and costs, and the consequences of acquisitions and dispositions of businesses and business segments. In addition, we could be subject to increased taxation as a result of changes in eligibility for the benefits of current income tax treaties between and among Ireland, the U.K., the U.S and other countries, including any future amendments to the current income tax treaties between and among such countries, or any new statutory or regulatory provisions that may limit our ability to take advantage of any such treaties. Significant judgment is required in determining our worldwide provision for income taxes, and our determination of the amount of our tax liability is always subject to review by applicable tax authorities. Our actual global tax rate may vary from our expectation and that variance may be material.
The overall tax environment in the jurisdictions in which we are or may be subject to taxes is highly uncertain and increasingly complex. The OECD, a global coalition of member countries, proposed a plan (commonly referred to as “Pillar Two”) to reform international taxation which includes the introduction of a 15% country-by-country minimum tax on book income with specified adjustments. Ireland, the U.K., Singapore, and many E.U. member states, among others, have enacted
15
legislation to implement the global minimum tax that is generally consistent with the OECD’s Pillar Two tax regime. Aon’s net income (generally determined under U.S. GAAP), with specified modifications and determined on a country-by-country basis, is subject to the 15% minimum tax in countries that have enacted Pillar Two, and in Ireland (Aon’s parent company location) with respect to countries that have not enacted a qualifying minimum tax under Pillar Two. There remains significant uncertainty as to how Pillar Two applies to Aon in prior years and how its application might change in the future. The OECD has issued numerous guidance documents that may change how Pillar Two operates, subject to enactment by each implementing country, and the OECD may issue additional guidance in the future. There is a risk that the global minimum tax regime could have a material adverse effect on our global effective tax rate, results of operations, cash flows and financial condition. If and when effective, the global minimum tax could have a material adverse effect on our global effective tax rate, results of operations, cash flows and financial condition.
We are, and anticipate we will be, subject to tax audits conducted by Ireland, the U.K., the U.S., and other tax authorities, and the resolution of such audits could impact our tax rate in future periods, as would any reclassification or other changes (such as those in applicable accounting rules) that increases the amounts we have provided for income taxes in our consolidated financial statements. The tax laws and regulations in Ireland, the U.K., the U.S., and the other tax jurisdictions in which we operate are inherently complex, and we will be obligated to make judgments and interpretations about the application of these laws and regulations to our operations and businesses. The interpretation and application of these laws and regulations could be challenged by the relevant governmental authorities, which could result in administrative or judicial procedures, actions or sanctions, which could be material.
We may be unable to mitigate the adverse impacts resulting from any changes in tax laws and regulations, including any changes in the interpretation of such tax authorities, or from audits and other matters. Our inability to mitigate the negative consequences of such actions could cause our global effective tax rate to increase, our use of cash to increase and our financial condition and results of operations to suffer.
Changes in our accounting estimates and assumptions could negatively affect our financial position and results of operations.
We prepare our consolidated financial statements in accordance with U.S. GAAP. These accounting principles require us to make estimates and assumptions that affect the reported amounts of assets and liabilities, and the disclosure of contingent assets and liabilities at the date of our consolidated financial statements. We are also required to make certain judgments that affect the reported amounts of revenues and expenses during each reporting period. We periodically evaluate our estimates and assumptions including, but not limited to, those relating to revenue recognition, pensions, recoverability of assets including customer receivables, valuation of goodwill and intangibles, contingencies, share-based payments, and income taxes. We base our estimates on historical experience and various assumptions that we believe to be reasonable based on specific circumstances. These assumptions and estimates involve the exercise of judgment and discretion, which may evolve over time in light of operational experience, regulatory direction, developments or changes in accounting principles or standards, and other factors. Actual results could differ from these estimates, or changes in assumptions, estimates, policies, or developments in the business may change our initial estimates, which could materially affect the Consolidated Statements of Income, Comprehensive Income, Financial Position, Shareholders’ Equity, and Cash Flows.
We may be required to record goodwill or other long-lived asset impairment charges, which could result in a significant charge to earnings.
Under U.S. GAAP, we review our long-lived assets for impairment when events or changes in circumstances indicate the carrying value may not be recoverable. Goodwill is assessed for impairment at least annually. Factors that may be considered in assessing whether goodwill or other long-lived assets may not be recoverable include a decline in our share price or market capitalization, reduced estimates of future cash flows and slower growth rates in our industry. We may experience unforeseen circumstances that adversely affect the value of our goodwill or other long- lived assets and trigger an evaluation of the recoverability of the recorded goodwill and other long-lived assets. Future goodwill or other long-lived asset impairment charges could materially impact our consolidated financial statements.
We are a holding company and, therefore, may not be able to receive dividends or other payments in needed amounts from our subsidiaries.
The Company is organized as a holding company, a legal entity separate and distinct from our operating entities. As a holding company without significant operations of its own, our principal assets are the shares of capital stock of our subsidiaries. We rely on dividends, interest, and other payments from these subsidiaries to meet our obligations for paying principal and interest on outstanding debt, paying dividends to shareholders, repurchasing ordinary shares, and corporate expenses. Certain of our subsidiaries are subject to regulatory requirements of the jurisdictions in which they operate or other restrictions that may limit the amounts that subsidiaries can pay in dividends or other payments to us. Changes in law, regulatory actions, or other circumstances could restrict the ability of our subsidiaries to pay dividends or otherwise make
16
payments to us. Furthermore, our subsidiaries may be unable to make timely payments to us when needed, which could impair our ability to meet our obligations, pay dividends, repurchase shares, or fund other aspects of our operations and corporate expenses.
Legal and Regulatory Risks
We are subject to E&O claims against us as well as other contingencies and legal proceedings, some of which, if determined unfavorably to us, could have a material adverse effect on our financial condition or results of operations.
We assist our clients with various matters, including advising on and placing insurance and reinsurance coverage and handling related claims, consulting on various human resources matters, and providing actuarial, investment consulting, asset management, and other services. E&O claims against us have in the past and may continue to allege our potential liability for damages arising from our services.
E&O claims include, for example, the failure of our employees or sub-agents, whether negligently or intentionally, to place coverage correctly or notify carriers of claims on behalf of clients, to provide insurance carriers with complete and accurate information relating to the risks being insured, or the failure to give error-free consulting, financial, investment or other advice. It is not always possible to prevent and detect E&Os, and the precautions we take may not be effective in all cases. In addition, we are subject to other types of claims, litigation, and proceedings in the ordinary course of business, which along with E&O claims, may seek damages, including punitive damages or damages on behalf of a plaintiff class, in amounts that could, if awarded, have a material adverse impact on the Company’s financial position, earnings, and cash flows. In addition to potential liability for monetary damages, such claims or outcomes could harm our reputation or divert management resources away from operating our business.
We have historically purchased, and intend to continue to purchase, insurance to cover E&O claims and other insurance to provide protection against certain losses that arise in such matters and other matters related to our operations. However, we may be unable to maintain, at commercially reasonable rates, our current levels of insurance coverage for E&O claims or other risks in future periods, and with respect to such periods may seek to expand our use of self-insurance programs such as captives, the funding of which may not adequately cover the costs of potential losses. Also, we have exhausted or materially depleted our coverage under some of the policies that protect us for certain years and, consequently, are self-insured or materially self-insured for some historical claims. Additionally, parts or all of an E&O claim could fall within insurance deductibles, self-insured retentions, or policy exclusions. Accruals for these exposures, and related insurance receivables, when applicable, have been provided to the extent that losses are deemed probable and are reasonably estimable. These accruals and receivables are adjusted from time to time as developments warrant and may also be adversely affected by disputes we may have with our insurers over coverage. Amounts related to settlement provisions are recorded in Other general expenses in the Consolidated Statements of Income. Discussion of some of these claims, lawsuits, and proceedings are contained in the Notes to Consolidated Financial Statements.
In addition, we provide a variety of guarantees and indemnifications to our customers and others. In the event of a default, our potential exposure is equal to the amount of the guarantee or indemnification.
Furthermore, our investment businesses provide advice to clients on: investment strategy, which can include advice on setting investment objectives, asset allocation, and hedging strategies; selection (or removal) of investment managers; the investment in different investment instruments and products; and the selection of other investment service providers such as custodians and transition managers.Our investment businesses provide advice to clients on: investment strategy, which can include advice on setting investment objectives, asset allocation, and hedging strategies; selection (or removal) of investment managers; the investment in different investment instruments and products; and the selection of other investment service providers such as custodians and transition managers. For some clients, we are responsible for making decisions on these matters and we may implement such decisions in a fiduciary or agency capacity without assuming title over the underlying funds or assets invested. Asset classes may experience poor absolute performance and third parties we recommend or select, such as investment managers, may underperform their benchmarks due to poor market performance, negligence, or other reasons, resulting in poor investment returns or losses. These losses may be attributable in whole or in part to alleged failures on our part or to events entirely outside of our control, including but not limited to uncertainty or volatility in financial markets due to economic, political, and regulatory conditions or pandemics. Plaintiffs have filed, and may continue to file, individual and class action lawsuits alleging investment consultants have charged excessive fees, given improper advice or taken investment actions due to conflicts of interest, or recommended investments that underperformed other investments available at the time. Defending against these claims can involve potentially significant costs, including legal defense costs, as well as cause substantial distraction, publicity and diversion of other resources. If any lawsuit against the Company or any other investment consultant or asset manager results in a large adverse verdict, the size of the verdict or resultant negative adverse publicity may prompt the filing of additional lawsuits. If any lawsuit – against the Company or any other investment consultant or asset manager – results in a large adverse verdict, the size of the verdict or resultant negative adverse publicity may prompt the filing of additional lawsuits. Furthermore, our ability to limit our potential liability is restricted in certain jurisdictions and in connection with claims involving breaches of fiduciary or agency duties or other alleged errors or omissions.
17
The ultimate outcome of claims, lawsuits, proceedings, guarantees and indemnifications cannot be ascertained, and liabilities in indeterminate amounts may be imposed on us. It is possible that future results of operations or cash flows for any particular quarterly or annual period could be materially affected by an unfavorable resolution of these matters.
Our businesses are subject to extensive governmental regulation, which could reduce our profitability, limit our growth, or subject us to legal and regulatory actions.
Our businesses are subject to extensive legal and regulatory oversight throughout the world, including the Irish Companies Act, the U.S. securities laws, rules, and regulations, the rules and regulations promulgated by the FCA and a variety of other laws, rules, and regulations addressing, among other things, licensing, data privacy, data management and data protection, artificial intelligence, trade sanctions laws, restrictions and export controls, anti-money laundering, wage-and-hour standards, employment and labor relations, antitrust and competition, anti-corruption, currency, reserves, government contracting, and the amount of local investment with respect to our operations in certain countries. This legal and regulatory oversight could reduce our profitability or limit our growth by: increasing the costs of legal and regulatory compliance; limiting or restricting the products or services we sell, the markets we serve or enter, the methods by which we sell our products and services, the overall structure of our business units, the type of services and prices we can charge for our services, or the form of compensation we can accept from our clients, carriers, and third parties; or by subjecting our businesses to the possibility of legal and regulatory actions, proceedings, or fines.
The global nature of our operations increases the complexity and cost of compliance with laws and regulations adding to our cost of doing business. In addition, many of these laws and regulations may have differing or conflicting legal standards across jurisdictions, increasing the complexity and cost of compliance. In emerging markets and other jurisdictions with less developed legal systems, local laws and regulations may not be established with sufficiently clear and reliable guidance to provide us adequate assurance that we are operating our business in a compliant manner with all required licenses or that our rights are otherwise protected. In addition, certain laws and regulations, such as the Foreign Corrupt Practices Act and the Foreign Account Tax Compliance provisions of the Hiring Incentives to Restore Employment Act in the U.S., the Bribery Act of 2010 in the U.K. and the General Data Protection Regulation in the E.U., impact our operations outside of the legislating country by imposing requirements for the conduct of overseas operations, and in several cases, requiring compliance by foreign subsidiaries.
In addition to the complexity of the laws and regulations themselves, the development of new laws and regulations or changes in application or interpretation of current laws and regulations or conflict between them also increases our legal and regulatory compliance complexity and risk. Additionally, our acquisitions of new businesses and our continued operational changes and entry into new jurisdictions and development of new service offerings increases our legal and regulatory compliance complexity, as well as the type of governmental oversight to which we may be subject. Additionally, our acquisitions of new businesses and our continued operational changes and entry into new jurisdictions and new service offerings increases our legal and regulatory compliance complexity, as well as the type of governmental oversight to which we may be subject. Changes in laws and regulations could mandate significant and costly changes to the way we implement our services and solutions, impose additional licensure requirements or costs to our operations, workforce and services, or cause us to cease offering certain services or solutions. New or evolving laws or regulations may also lead our clients to include contractual requirements in their agreements with us, which may increase our costs of compliance or introduce additional organizational complexity. Furthermore, as we enter new jurisdictions or businesses and further develop and expand our services, including through acquisitions, we may become subject to additional types of laws and governmental oversight and supervision, such as those applicable to the financial lending or other service institutions. Regulatory developments that could result in changes that adversely affect us or cause us to change our business or operations include: additional requirements related to the use of artificial intelligence, and the use, access, privacy, protection, management, localization and transfer of data in jurisdictions in which we operate that may increase our costs of compliance and potentially reduce the manner in which we can use data; changes in tax regulations in the jurisdictions in which we operate; regulatory actions or changes that require us to change our compensation model; or additional regulations or other governmental action in jurisdictions in which we operate. Regulatory developments that could result in changes that adversely affect us or cause us to change our business or operations include: additional requirements respecting data privacy, data security, and data usage in jurisdictions in which we operate that may increase our costs of compliance and potentially reduce the manner in which we can use data; changes in tax regulations in the jurisdictions in which we operate; regulatory actions or changes that require us to change our compensation model; or additional regulations promulgated by , regulatory bodies in jurisdictions in which we operate.
Governmental, investor, stakeholder and public attention to corporate sustainability matters, including new or changing reporting, diligence or disclosure rules and regulations, has increased in recent years and may continue to change the nature, scope, and complexity of matters that we are required to control, assess, and report. These and other rapidly changing laws, rules, regulations and expectations, which may differ across the jurisdictions in which we operate, may increase the cost of our compliance and risk management and increase the scope and rigor of data collection, controls, and external assurance of sustainability‑related information, and otherwise impact our business, each of which could have a material adverse effect on our business, results of operations, and financial condition. Increased scrutiny of corporate sustainability claims, and changes in client and investor preferences may also create legal, regulatory, contractual, and reputational risks and could require changes to our products, services, client engagements or operations, which may increase our cost of doing business. In addition, the shift toward a lower-carbon economy, driven by changes in laws, rules and regulations, low-carbon technology advancement, consumer sentiment, and/or liability risks, may negatively impact our business model and/or the business models of our clients.
18
In all jurisdictions, the applicable laws and regulations are subject to amendment or interpretation by regulatory authorities. Generally, such authorities are vested with relatively broad discretion to grant, renew, and revoke licenses and approvals and to implement regulations. Accordingly, we may have a license revoked, limited, or be unable to obtain new licenses and therefore be precluded or suspended from carrying on or developing some or all of our activities or otherwise be fined or penalized in a given jurisdiction. Accordingly, we may have a license revoked or be unable to obtain new licenses and therefore be precluded or suspended from carrying on or developing some or all of our activities or otherwise fined or penalized in a given jurisdiction. Our business may be unable to develop or be conducted in any given jurisdiction as it has been conducted in the past. Changes in the regulatory scheme, or changes in how applicable regulations are interpreted or applied, could have an adverse impact on our results of operations by limiting revenue streams or increasing costs of compliance. Changes in the regulatory scheme, or even changes in how existing regulations are interpreted, could have an adverse impact on our results of operations by limiting revenue streams or increasing costs of compliance.
Our business’ regulatory oversight also includes licensing of insurance brokers and agents, managing general agency or general underwriting operations, and the regulation of the handling and investment of client funds held in a fiduciary capacity. Our continuing ability to provide insurance broking in the jurisdictions in which we operate depends on our compliance with the rules and regulations promulgated by the regulatory authorities in each of these jurisdictions, and our failure to adhere to these rules and regulations can expose us to fines, penalties, or other sanctions. We can also be affected indirectly by the governmental regulation and supervision of insurance companies. Also, we can be affected indirectly by the governmental regulation and supervision of insurance companies. For instance, if we are providing or managing general underwriting services for an insurer, we may have to adhere to regulations affecting our insurer client. For instance, if we are providing or managing general underwriting services for an insurer, we may have to contend with regulations affecting our client.
Services provided in our Human Capital segment are also the subject of ever-evolving government regulation, either because the services provided to our clients are regulated directly or because third parties upon whom we rely to provide services to clients are regulated, thereby indirectly affecting the manner in which we provide services to those clients. In the U.S., legislative proposals have been introduced or proposed in Congress and in some state legislatures that would effect major changes in the health insurance industry, thereby impacting the cost for companies that offer healthcare benefits to their employees, or more broadly affecting the structure or the stability of the insurance markets. In particular, our health care exchange business depends upon the private sector of the U.S. insurance system and its role in financing health care delivery, and insurance carriers’ use and payment of commissions to agents, brokers, and other organizations to market and sell individual and family health insurance products and plans. Uncertainty regarding, or any changes to, state or federal law, or the interpretation of such law by applicable regulatory agencies could delay client adoption of our health care exchange, impair our ability to retain clients who have adopted our health care exchange, or cause insurance carriers to alter or eliminate the products and plans that they offer or attempt to move members into new products or plans for which we receive lower commissions. Uncertainty regarding, or any changes to, state or federal law, or the interpretation of such law by applicable regulatory agencies could delay client adoption of our health care exchanges, impair our ability to retain clients who have adopted our health care exchanges, or cause insurance carriers to alter or eliminate the products and plans that they offer or attempt to move members into new products or plans for which we receive lower commissions. In addition, changes in laws, government regulations, or the way those regulations are interpreted in the jurisdictions in which we operate could affect the viability, value, use, or delivery of benefits and human resources programs, including changes in regulations relating to health and welfare plans (such as medical), defined contribution plans (such as 401(k)), or defined benefit plans (such as pension), may adversely affect the demand for, or profitability of, our services.
If we violate the laws and regulations to which we are subject, we could be subject to fines, penalties, or criminal sanctions and could be prohibited from conducting business in one or more jurisdictions. There can be no assurance that our employees, contractors, agents or business partners will not violate these laws and regulations, causing an adverse effect on our operations and financial condition. There can be no assurance that our employees, contractors, or agents will not violate these laws and regulations, causing an adverse effect on our operations and financial condition.
Heightened regulatory oversight and scrutiny may lead to additional regulatory investigations, increased government involvement, or enforcement actions, which could consume significant management time and resources and could have adverse effects on our business and operations. For instance, increased scrutiny by competition authorities may increase our costs of doing business or force us to change the way we conduct business or refrain from or otherwise alter the way we engage in certain activities. Additionally, we could suffer significant financial or reputational harm if we fail to properly identify and manage potential conflicts of interest, which exist or could exist any time we or any of our employees or business partners have or may have an interest in a transaction or engagement that is inconsistent with our clients’ interests. This could occur, for example, when we are providing services to multiple parties in connection with a transaction. We also may provide multiple types of services to certain clients from more than one of our solution lines, creating a greater potential for conflicts with advisory services.
Due to the broad scope of our businesses and our client base, we regularly address potential conflicts of interest, including, without limitation, situations where our services to a particular client or our own investments or other interests conflict, or are perceived to conflict, with the interests of another client. If these are not adequately identified and managed, this could then lead to failure or perceived failure to protect the client’s interests, with consequential regulatory and reputational risks, including litigation or enforcement actions that could adversely affect us and our operations. Identifying and addressing conflicts of interest may also prove particularly difficult as we continue to bring systems and information together and integrate our existing and newly acquired businesses. Identifying conflicts of interest may also prove particularly difficult as we continue to bring systems and information together and integrate newly acquired businesses.
Insurance intermediaries have traditionally been remunerated by base commissions paid by insurance carriers in respect of insurance placements for clients, or by fees paid by clients. Intermediaries also obtain other revenue from insurance carriers. This revenue, when derived from carriers in their capacity as insurance markets (as opposed to as corporate clients of the intermediaries where they may be purchasing insurance or reinsurance or other non-market related services), is commonly
19
known as market-derived income, or “MDI.” MDI is another example of an area in which potential conflicts of interest may arise. MDI takes a variety of forms, including volume- or profit-based contingent commissions, facilities administration charges, business development agreements, and fees for providing consulting services to carriers. Accepting this revenue is a lawful and generally commercially accepted business practice that may nonetheless be subject to scrutiny by various regulators under conflict of interest, anti-trust, unfair competition and anti-bribery laws and regulations, subject to legal or regulatory change, or negatively impacted by internal controls that are not fully effective.
Failure to protect our intellectual property rights, or allegations that we have infringed on the intellectual property rights of others, could harm our reputation, ability to compete effectively, and financial condition.
To protect our intellectual property rights, we rely on a combination of trademark laws, copyright laws, patent laws, trade secret protection, confidentiality agreements, and other contractual arrangements with our affiliates, employees, clients, strategic partners, and others, as well as internal policies and procedures regarding our management of intellectual property. However, the protective steps that we take may be inadequate to deter misappropriation of our proprietary information. In addition, we may be unable to detect the unauthorized use of, or take appropriate steps to enforce, our intellectual property rights. Further, we operate in many jurisdictions and effective trademark, copyright, patent, and trade secret protection may not be available or adequate in every country or jurisdiction in which we offer our services or employ our colleagues. Additionally, our competitors may develop products similar to our products that do not infringe our intellectual property rights. Additionally, our competitors may develop products similar to our products that do not conflict with our related intellectual property rights. Failure to protect our intellectual property adequately could harm our reputation and affect our ability to compete effectively.
In addition, to protect or enforce our intellectual property rights, we may initiate litigation against third parties, such as breach of contract, infringement suits or interference proceedings.In addition, to protect or enforce our intellectual property rights, we may initiate litigation against third parties, such as infringement suits or interference proceedings. Third parties may assert intellectual property rights claims against us, which may be costly to defend, could require the payment of damages, and could limit our ability to use or offer certain technologies, products, or other intellectual property. Any intellectual property claims, with or without merit, could be expensive, take significant time and divert management’s attention from other business concerns. Successful challenges against us could require us to modify or discontinue our use of products, technology or business processes where such use is found to infringe or violate the rights of others, or require us to purchase licenses from third parties, any of which could adversely affect our business, financial condition, and operating results. Successful challenges against us could require us to modify or discontinue our use of technology or business processes where such use is found to infringe or violate the rights of others, or require us to purchase licenses from third parties, any of which could adversely affect our business, financial condition, and operating results.
Operational Risks
The economic and political conditions of the countries and regions in which we operate could have an adverse impact on our business, financial condition, operating results, liquidity, and prospects for growth.
Our operations in countries undergoing political change or experiencing economic instability are subject to uncertainty and risks that could materially adversely affect our business. These risks include, particularly but not limited to in emerging markets, the possibility we would be subject to undeveloped or evolving legal systems, unstable governments and economies, impacts from geopolitical conflicts, and potential governmental actions affecting the flow of goods, services, currency and particular sectors or entities. These risks include, particularly in emerging markets, the possibility we would be subject to undeveloped or evolving legal systems, unstable governments and economies, impacts from geopolitical conflicts, and potential governmental actions affecting the flow of goods, services, and currency.
We may not realize all of the expected benefits from our restructuring plan and other operational improvement initiatives.
In 2023, we initiated a three-year restructuring program, Accelerating Aon United Program (the “Program”). The Program is intended to streamline our technology infrastructure, optimize our leadership structure and resource alignment, and reduce our real estate footprint to align to our hybrid working strategy. The Program includes technology-related costs to facilitate streamlining and simplifying operations, headcount reduction costs, and costs associated with asset impairments, including real estate consolidation costs. The Program is currently expected to result in cumulative costs of approximately $1.3 billion, consisting of approximately $1.2 billion of cash charges and approximately $0.1 billion of non-cash charges.
We estimate that our annualized savings from the Program will be approximately $450 million by the end of 2027. Actual total costs, savings and timing may continue to vary from these estimates due to changes in the scope or assumptions underlying the Program and other operational improvement initiatives. We therefore cannot assure that we will achieve the targeted savings. Unanticipated costs or unrealized savings in connection with the Program and other operational improvement initiatives could adversely affect our consolidated financial statements.
Our success depends on our ability to retain, attract and develop experienced and qualified personnel, including our senior management team and other personnel.
We depend, in material part, upon the members of our senior management team who possess extensive knowledge and a deep understanding of our business and our strategy, as well as the colleagues who are critical to developing and retaining client relationships. The unexpected loss of services of any of these senior leaders could have a disruptive effect adversely impacting our ability to manage our business effectively and execute our business strategy. Additionally, competition for professional
20
personnel remains intense, and competitors are using increasingly aggressive measures to recruit professional talent in our industry. We are constantly working to attract, develop, and retain these professionals. If we cannot successfully do so, our business, operating results, and financial condition could be adversely affected. We have been and may continue to be involved in disputes and litigation in connection with our efforts to retain and hire personnel, which can be disruptive to our business, distractive to management, costly, and may expose us to potential liability for monetary damages or reputational damage. Additionally, we are a global and acquisitive organization and we therefore might not adequately identify weaknesses in certain of our information systems, including those of targets we acquire, which could expose us to unexpected liabilities and fines or make our own systems more vulnerable to attack. If our succession and long-term compensation plans and programs for our senior management team and critical colleagues do not operate effectively or we are required to change these plans or programs, our business could be adversely affected.
We strive to maintain an equitable work environment that unlocks the full potential of all of our personnel. This includes our focus on colleague wellness, mental health and belonging, and building a flexible work environment that meets colleague and client needs. If we are unsuccessful in maintaining such a work environment or adapting to colleague needs or expectations, we could experience difficulty attracting and retaining personnel, which could have a negative impact on our business.
Our global operations expose us to various international risks that could adversely affect our business.
Our operations are conducted globally. Accordingly, we are subject to regulatory, legal, economic, and market risks associated with global operations and sourcing, including:
•difficulties in staffing and managing our offices, and overseeing joint venture operations and compliance in disparate jurisdictions, including due to unexpected inflation (including wage inflation) or job turnover, and the increased travel, infrastructure, and legal and compliance costs and risks associated with multiple international locations (including increased exposure to financial crime);
•hyperinflation in certain countries;
•the impacts of geopolitical conflicts;
•conflicting regulations across the countries in which we do business;
•imposition of investment requirements or other restrictions by governments in certain countries;
•longer payment cycles;
•greater difficulties in collecting accounts receivable;
•insufficient demand for our services in certain jurisdictions;
•our ability to execute effective and efficient cross-border sourcing of services on behalf of our clients;
•difficulties in transitioning operations from one country to another without interruption or reduction in the quality of those operations;
•attracting, identifying and retaining qualified personnel in the countries in which we operate;
•the reliance on or use of third parties to perform services on behalf of the Company;
•disparate tax regimes;
•restrictions on the import and export of technologies; and
•trade barriers, trade wars, tariffs or trade sanctions.
Our business performance, strategies and growth plans could be negatively affected if we are not able to develop, implement, update, and enhance solutions to support our business operations or if we are not able to effectively drive value for our clients.Our business performance and growth plans could be negatively affected if we are not able to develop, implement, update, and enhance solutions to support our business operations or if we are not able to effectively drive value for our clients.
Our success depends, in part, on our ability to enhance and implement the systems necessary to operate our businesses and to achieve intended efficiencies and improvements. We may not be successful in anticipating or responding to rapid and continuing changes in technology, data and analytics, industry standards and client preferences. The effort to gain necessary expertise and achieve internal efficiencies through technology and data and analytics requires us to incur significant expenses, and we may not be successful in identifying the optimal funding priorities. The effort to gain necessary expertise and achieve internal efficiencies through technology and data and analytics require us to incur significant expenses, and we may not be successful in identifying the optimal funding priorities. We make investments in technology and data and analytics to operate our businesses and achieve intended efficiencies; however, our investments and enhancements may not be sufficient to respond to needs across all of our businesses. In addition, data quality, integrity and availability is increasingly important to the success of our business strategies, operations, and our ability to leverage our data, both in our products and as a
21
strategic asset. If we are not successful in developing and maintaining expertise in process excellence, technology and data management, our business performance may be compromised. In addition, if we are not successful in developing and maintaining expertise in process excellence, technology and data trends, our business performance may be compromised.
The occurrence of natural or human-caused disasters could result in declines in business and increases in claims that could adversely affect our financial condition and results of operations.The occurrence of natural or man-made disasters could result in declines in business and increases in claims that could adversely affect our financial condition and results of operations.
We are exposed to various risks arising out of natural disasters, including earthquakes, hurricanes, fires, floods, droughts, tornadoes, extreme weather, or other climate events; pandemic health events (such as the COVID-19 pandemic), and human-caused disasters, including acts of terrorism, civil unrest, violence, military actions, and cyber-terrorism (including, but not limited to, ransomware).We are exposed to various risks arising out of natural disasters, including earthquakes, hurricanes, fires, floods, tornadoes, extreme weather, or other climate events; pandemic health events, and man-made disasters, including acts of terrorism, civil unrest, violence, military actions, and cyber-terrorism (including, but not limited to, ransomware). The continued threat of terrorism and other events or disasters may cause significant volatility in global financial markets, and a natural or human-caused disaster could trigger energy shortages, public health issues, or an economic downturn or instability in the areas directly or indirectly affected by the disaster. The continued threat of terrorism and other events or disasters may cause significant volatility in global financial markets, and a natural or man-made disaster could trigger energy shortages, public health issues, or an economic downturn or instability in the areas directly or indirectly affected by the disaster. These consequences could, among other things, result in a decline in business and increased claims from those areas. They could also result in reduced underwriting capacity, making it more difficult for our professionals to place business. Disasters also could disrupt public and private infrastructure, including communications and financial services, which could disrupt our normal business operations and negatively impact the abilities of our counterparties to pay for our services on time or at all. Disasters also could disrupt public and private infrastructure, including communications and financial services, which could disrupt our normal business operations. If access to underwriting markets for certain lines of coverage becomes unavailable or difficult due to the impact of climate change on the claims environment, this may have a negative impact on our clients’ access to coverage, which could in turn reduce our ability to place certain lines of coverage and negatively impact our business.
A natural or human-caused disaster also could disrupt the operations of our counterparties or result in increased prices for the products and services they provide to us.A natural or man-made disaster also could disrupt the operations of our counterparties or result in increased prices for the products and services they provide to us. In addition, a disaster could adversely affect the value of the assets in our investment portfolio. Finally, a natural or human-caused disaster could increase the incidence or severity of E&O claims against us. Climate change may increase the likelihood or severity of a natural or human-caused disaster.
Our inability to successfully recover should we experience a disaster or other business continuity problem could cause material financial loss, loss of human capital, regulatory actions, reputational harm, or legal liability.
Our operations are dependent upon our ability to protect our personnel, offices, and technology infrastructure against damage from business continuity events that could have a significant disruptive effect on our operations. Should we experience a local or regional disaster or other business continuity problem, such as a security or cyber incident or attack, a natural disaster, climate event, terrorist attack, pandemic, power loss, telecommunications failure, or other natural or human-caused disaster, our continued success will depend, in part, on the availability of our personnel and office facilities, and the proper functioning of computer systems, telecommunications, and other related systems and operations. Should we experience a local or regional disaster or other business continuity problem, such as a security incident or attack, a natural disaster, climate 22event, terrorist attack, pandemic, power loss, telecommunications failure, or other natural or man-made disaster, our continued success will depend, in part, on the availability of our personnel and office facilities, and the proper functioning of computer systems, telecommunications, and other related systems and operations. In events like these, while our operational size, the multiple locations from which we operate, and our existing back-up systems provide us with some degree of flexibility, we still can experience near-term operational challenges in particular areas of our operations. We could potentially lose access to key executives, personnel, or client data or experience material adverse interruptions to our operations or delivery of services to our clients in a disaster recovery scenario. A disaster on a significant scale or affecting certain of our key operating areas within or across regions, or our inability to successfully recover should we experience a disaster or other business continuity problem, could materially interrupt our business operations and cause material financial loss, loss of human capital, regulatory actions, reputational harm, damaged client relationships, or legal liability.
We rely on third parties to perform key functions of our business operations enabling our provision of services to our clients. These third parties may act in ways that could harm our business.
We rely on third parties, and in some cases subcontractors, to provide services, data, and information such as technology, information security, funds transfers, data processing, support functions, and administration that are critical to the operations of our business. Certain parties may receive, or otherwise have access to, confidential client, employee, or company information.
These third parties include correspondents, agents and other brokerage and intermediaries, insurance markets, data providers, plan trustees, payroll service providers, benefits administrators, software and system vendors, business process outsourcing providers, health plan providers, investment managers, and providers of human resources, among others. These third parties include correspondents, agents and other brokerage and intermediaries, insurance markets, data providers, plan trustees, payroll service providers, benefits administrators, software and system vendors, business process outsourcing providers, health plan providers, investment managers, and providers of human resources, among others. As we do not fully control the actions of these third parties, we are subject to the risk that their decisions, actions, or inactions may adversely impact us and replacing these service providers could create significant delay and expense. Our failure to manage our key suppliers and our day-to-day operations with effective controls, and/or a failure by third parties to comply with service level agreements or regulatory or legal requirements in a high quality and timely manner, particularly during periods of our peak demand for their services, could result in economic, legal, and reputational harm to us. In addition, we face risks as we transition from in-house functions to third- party support functions and providers that there may be disruptions in service or other unintended results that may adversely affect our business operations. These third parties face their own technology, operating, business, and economic risks, and any significant failures by them, including the improper use or disclosure of our confidential client, employee, or company information, could cause harm to our business and reputation. An interruption in or
22
the cessation of service by any service provider as a result of systems failures, cybersecurity or data privacy incidents (including, but not limited to, ransomware), capacity constraints, financial difficulties, or for any other reason could disrupt our operations, impact our ability to offer certain products and services, and result in contractual or regulatory penalties, liability claims from clients, or employees, damage to our reputation, and harm to our business.
Our business is exposed to risks associated with the handling of client funds.
Certain of our businesses collect premiums from insureds and remit the premiums to the respective insurers. We also collect claims or refunds from insurers on behalf of insureds, which are then remitted to the insureds. Consequently, at any given time, we may be holding and managing funds of our clients. This function creates a risk of loss arising from, among other things, fraud by employees or third parties, execution of unauthorized transactions, errors relating to transaction processing, or cybersecurity events or security breaches. Our business could also be negatively impacted in the event the financial institution in which we hold these funds suffers any kind of insolvency or liquidity event. We are also potentially at risk in the event the financial institution in which we hold these funds suffers any kind of insolvency or liquidity event. The occurrence of any of these types of events in connection with this function could cause us financial loss and reputational harm.
In connection with the implementation of our corporate strategies and initiatives, we face risks associated with, among others, the acquisition or disposition of businesses, the integration and development of acquired businesses, and the entry into new lines of business or products.
In pursuing our corporate strategy, we often acquire other businesses or dispose of or exit businesses we currently own and we routinely are actively engaged in the process of identifying, analyzing, and negotiating possible transactions. The success of this strategy is dependent upon our ability to identify appropriate acquisition and disposition targets, negotiate transactions on favorable terms, secure regulatory approval of transactions where required, complete transactions and, in the case of acquisitions, successfully integrate them into our existing businesses and culture. If we are unable to identify appropriate acquisition targets, or if our competitors are more successful in identifying acquisition targets at favorable valuations, we may fail to achieve desired strategic goals, capabilities and efficiencies, and our results of operations may be adversely affected. If we are unable to identify appropriate acquisition targets, or if our competitors are more successful in identifying acquisition targets at favorable valuations, we may we fail to achieve desired strategic goals, capabilities and efficiencies, and our results of operations might be adversely affected. If a proposed transaction is not consummated, the time and resources spent pursuing it could adversely impact employees, clients and shareholders and the failure to consummate a proposed transaction could result in payment of termination fees and reimbursement of expenses, reputational harm, disputes and litigation and missed opportunities to locate and acquire other businesses. If acquisitions are made, there can be no assurance that we will realize the anticipated benefits of such acquisitions, including, but not limited to, revenue growth, operational efficiencies, or expected synergies, and we could incur unexpected or significant costs in connection with integration. Furthermore, integration of acquisitions, including the NFP acquisition, could divert management’s attention from other business concerns and involve inconsistencies in standards, controls, procedures, practices, policies and compensation arrangements, any of which could adversely affect our ability to achieve the anticipated benefits of a given acquisition or otherwise negatively impact our business. If we dispose of or otherwise exit certain businesses, there can be no assurance that we will not incur certain disposition related charges, will not be subject to post-closing liabilities, obligations or restrictions, will be able to reduce overhead related to the divested assets, or will realize the intended benefits of the disposition.
Many of the businesses that we acquire and develop will likely have significantly smaller scales of operations prior to the implementation of our growth strategy. In addition, many of the businesses that we acquire and develop will likely have significantly smaller scales of operations prior to the implementation of our growth strategy. If we are not able to manage the growing complexity of these businesses, including improving, refining, or revising our systems and operational practices, and enlarging the scale and scope of the businesses, our business may be adversely affected. Other risks include developing knowledge of and experience in the new business, product or service, integrating the acquired business into our systems and culture, recruiting and retaining experienced professionals, and developing and capitalizing on new relationships with experienced market participants. External factors, such as compliance with new or revised regulations, competitive alternatives, and shifting market preferences may also impact the successful implementation of a new line of business, products, or services. Failure to manage these risks in the acquisition or development of new businesses could materially and adversely affect our business, results of operations, and financial condition.
Risks Related to Technology, Cybersecurity, Data
We rely on complex information technology systems and networks to operate our business. Any significant system or network disruption due to a breach in the security of our information technology systems could have a negative impact on our reputation, operations, sales, and operating results.
We rely on the efficient, uninterrupted, and secure operation of complex information technology systems and networks, some of which are within the Company and some of which are outsourced to third parties. All information technology systems are potentially vulnerable to damage or interruption from a variety of sources, including but not limited to cyber-attacks, malicious or destructive code, ransomware, social engineering attacks, generative artificial intelligence and deepfake attacks, denial of service attacks, data and security breaches, and unauthorized access or improper actions by third parties with whom
23
we engage, insiders or employees. We are at risk of attack by a growing list of adversaries through new and increasingly sophisticated methods of attack, including methods that take advantage of remote work scenarios and evolving geopolitical risks. We are at risk of attack by a growing list of adversaries through new and increasingly sophisticated methods of attack, including methods that take advantage of remote work scenarios due to COVID-19. Because the techniques used to obtain unauthorized access or sabotage systems change frequently, we may be unable to anticipate these techniques, implement adequate preventative measures, or detect and respond quickly enough in the event of an incident or attack. Because the techniques used to obtain unauthorized access or sabotage systems change frequently , we may be unable to anticipate these techniques, implement and maintain adequate preventative measures, or detect respond, and if required, disclose to third parties quickly enough in the event of an incident or attack. We regularly experience social engineering attempts, and increasingly sophisticated attempted attacks to our systems and networks, certain of which have been successful and have resulted in unauthorized access to our systems and data. We regularly experience social engineering attempts, and increasingly sophisticated attempted attacks to our systems and networks. Aon has from time to time experienced cybersecurity incidents, such as malicious or destructive code, unauthorized parties gaining access to our information technology systems, ransomware incidents, data loss via malicious and non-malicious methods, and similar incidents, which to date have not had a material impact on our business. Aon has from time to time experienced cybersecurity incidents, such as computer viruses, unauthorized parties gaining access to our information technology systems, ransomware incidents, data loss via malicious and non-malicious methods, and similar incidents, which to date have not had a material impact on our business. If we are unable to efficiently and effectively maintain and upgrade our system safeguards, we may incur unexpected costs and certain of our systems may become more vulnerable to unauthorized access. Aon has from time-to-time experienced and may experience in the future problems with the information technology systems of vendors, including breakdowns or other disruptions in communication services provided by a vendor, failure of a vendor to handle current or higher volumes, difficulties in the migration of services or data to third parties or the cloud hosted by third parties, cyber-attacks, and security breaches, any of which could adversely affect our ability to deliver products and services to customers and otherwise conduct business. Additionally, we are a global and acquisitive organization and we therefore may not adequately identify weaknesses in certain of our information systems, including those of targets we acquire, which could expose us to unexpected liabilities and fines or make our own systems more vulnerable to attack. Additionally, we are a global and acquisitive organization and we therefore might not adequately identify weaknesses in certain of our information systems, including those of targets we acquire, which could expose us to unexpected liabilities and fines or make our own systems more vulnerable to attack. These types of incidents affecting us, our clients, insurance carriers, vendors, or other third-parties could result in intellectual property or other confidential information being lost or stolen, including client or employee personal information or company data.
We have implemented various measures to manage our risks related to system and network security and disruptions, but a security breach or a significant or extended disruption in the functioning of our information technology systems could damage our reputation, cause us to lose clients, adversely impact our operations, sales, and operating results, and require us to incur significant expense (in connection with incident response, remediation efforts, or otherwise) and divert resources to address and remediate or otherwise resolve such issues. Additionally, in order to maintain the level of security, service, and reliability that our clients require, we may be required to make significant additional investments in our information technology systems.
Improper disclosure of confidential, personal, or proprietary data could result in regulatory scrutiny, legal liability, or harm to our reputation.
One of our significant responsibilities is to maintain the security and privacy of our employees’ and clients’ confidential and proprietary information, including confidential information about our clients’ and employees’ compensation, medical information, and other personally identifiable information. We maintain policies, procedures, and technological safeguards designed to protect the security and privacy of this information, including its timely disposal in connection with applicable regulatory requirements. We maintain policies, procedures, and technological safeguards designed to protect the security and privacy of this information. It is possible that our internal policies, procedures and technical safeguards may not be adequate to ensure that confidential, proprietary or otherwise sensitive information is timely disposed of or deleted in a manner compliant with such policies and applicable law or regulation. We have experienced cyber incidents and cannot eliminate the risk of human error, employee or vendor malfeasance, or cyber-attacks that could result in improper access to or disclosure of confidential, personal, or proprietary information. Nonetheless, we have experienced cyber incidents and cannot eliminate the risk of human error, employee or vendor malfeasance, or cyber-attacks that could result in improper access to or disclosure of confidential, personal, or proprietary information. Such access or disclosure could harm our reputation and subject us to liability under our contracts and laws and regulations that protect personal data, resulting in increased costs, fines, loss of revenue, and loss of clients. The release of confidential information as a result of a security breach, human error, or otherwise could also lead to litigation or other proceedings against us by affected individuals or business partners, or by regulators, and the outcome of such proceedings, which could include penalties or fines, could have a significant negative impact on our business. The release of confidential information as a result of a security breach could also lead to litigation or other proceedings against us by affected individuals or business partners, or by regulators, and the outcome of such proceedings, which could include penalties or fines, could have a significant negative impact on our business.
Regulation in the areas of data privacy, data protection, data management, data transfer, data localization, artificial intelligence, and cybersecurity could increase our costs and affect or limit our business opportunities.
In many jurisdictions, including in the E.U. and the U.S., we are subject to laws and regulations relating to the collection, use, retention, security, and transfer of the confidential information of third parties, including our clients’ and employees’ confidential information. These laws and regulations are frequently changing and are becoming increasingly complex and sometimes conflict among the various jurisdictions and countries in which we provide services both in terms of substance and enforceability. This makes compliance challenging and expensive. In addition, many privacy laws and related rules and regulations require us to provide individuals with information on how their personal data is used within Aon or collected from our websites. Additionally, certain jurisdictions’ regulations include notice provisions that may require us to inform affected clients or employees, or the applicable regulatory authority, in the event of a breach of confidential information before we fully understand or appreciate the extent of the breach. Additionally, certain jurisdictions’ regulations include notice provisions that may require us to inform affected clients or employees in the event of a breach of confidential information before we fully understand or appreciate the extent of the breach. These disclosure and notice provisions present operational challenges and related risk. These notice provisions present operational challenges and related risk. In particular, there have been a number of recently adopted privacy laws around the globe including but not limited to significant privacy rulings in the E. In particular, there have been a number of recently adopted privacy laws around the globe including in China and, Brazil, and significant privacy rulings in the E. U., which have imposed significant changes to the way companies export personal data. New guidance issued by regulators has and will continue to require significant time and resources to implement and may
24
require significant effort to review changes to IT systems and transfer methods. Non-compliance with new and existing laws could result in proceedings against us by governmental entities or others and additional costs in connection therewith. We expect additional jurisdictions to continue to adopt new regulations in these areas and that existing regulations may be amended as governments continue to legislate in respect of personal data. We expect additional jurisdictions to continue to adopt new privacy regulations and there to be amendments to existing regulations as governments continue to legislate in respect of personal data. We have incurred expenses and devoted resources, and will continue to incur expenses and devote resources, to bring our practices into compliance with these regulations and future regulations. Our failure to comply with or successfully implement processes in response to changing regulatory requirements in this area could result in legal liability, proceedings or fines against us by governmental entities or others, or impair our reputation in the marketplace. Our failure to comply with or successfully implement processes in response to changing regulatory requirements in this area could result in legal liability, result in proceedings or fines against us by governmental entities or others, or impair our reputation in the marketplace. Further, regulatory initiatives in these areas are more frequently including provisions allowing authorities to impose substantial fines and penalties, and therefore, failure to comply could also have a significant financial impact. Further, regulatory initiatives in the area of data protection are more frequently including provisions allowing authorities to impose substantial fines and penalties, and therefore, failure to comply could also have a significant financial impact.
A growing number of jurisdictions, particularly in the E.U. and U.S., have introduced and enacted laws and regulations regarding the responsible development and use of artificial intelligence and similar tools. These new regulations and any subsequent laws or regulations may present additional complexity and risk to our business, particularly but not limited to where these laws overlap with privacy laws designed to protect individuals.
Risks Related to Being an Irish-incorporated Company
We are incorporated in Ireland, and Irish law differs from the laws in effect in the U.S. and may afford less protection to holders of our securities.
It may not be possible to enforce court judgments obtained in the U.S. against us in Ireland, based on the civil liability provisions of the U.S. federal or state securities laws. In addition, there is some uncertainty as to whether the courts of Ireland would recognize or enforce judgments of U.S. courts obtained against us or our directors or officers based on the civil liabilities provisions of the U.S. federal or state securities laws or hear actions against us or those persons based on those laws. We have been advised that the U.S. currently does not have a treaty with Ireland providing for the reciprocal recognition and enforcement of judgments in civil and commercial matters. Therefore, a final judgment for the payment of money rendered by any U.S. federal or state court based on civil liability, whether or not based solely on U.S. federal or state securities laws, would not automatically be enforceable in Ireland.
As an Irish company, we are governed by the Irish Companies Act, which differs in some material respects from laws generally applicable to U.S. corporations and shareholders, including, among others, differences relating to interested director and officer transactions and shareholder lawsuits. Likewise, the duties of directors and officers of an Irish company generally are owed to the company only. Shareholders of Irish companies generally do not have a personal right of action against directors or officers of the company and may exercise such rights of action on behalf of the company only in limited circumstances. Accordingly, holders of our securities may have more difficulty protecting their interests than would holders of securities of a corporation incorporated in a jurisdiction of the U.S.
In addition, depending on the circumstances, the acquisition, ownership and/or disposition of our ordinary shares may subject shareholders to different or additional tax consequences under Irish law including, but not limited to, Irish stamp duty, dividend withholding tax and capital acquisitions tax.
As an Irish public limited company, certain capital structure decisions regarding the Company require the approval of shareholders, which may limit the Company’s flexibility to manage its capital structure.As an Irish public limited company, certain capital structure decisions regarding the Company will require the approval of shareholders, which may limit the Company’s flexibility to manage its capital structure.
Irish law generally provides that a board of directors may allot and issue shares (or rights to subscribe for or convert into shares) if authorized to do so by a company’s constitution or by an ordinary resolution of shareholders. Such authorization may be granted in respect of up to the entirety of a company’s authorized but unissued share capital and for a maximum period of five years, at which point it must be renewed by another ordinary resolution. The Company’s constitution originally authorized our directors to allot shares up to the maximum of the Company’s authorized but unissued share capital for a period of five years from March 31, 2020. The Company’s shareholders passed resolutions at the Company’s annual general meetings of shareholders held on June 21, 2024, and June 27, 2025 to ultimately extend such authority to allot and issue, or grant rights to acquire, such number of shares up to approximately twenty percent of the Company’s issued share capital as of April 11, 2025, with such authority expiring on December 27, 2026. This authorization will need to be renewed by ordinary resolution upon its expiration and at periodic intervals thereafter.
Irish law also generally provides shareholders with statutory pre-emption rights when new shares are issued for cash. However, it is possible for such statutory pre-emption rights to be dis-applied in a company’s constitution or by a special resolution of shareholders. The Company’s constitution originally dis-applied statutory pre-emption rights up to the maximum of the Company’s authorized but unissued share capital for a period of five years from March 31, 2020. The Company’s shareholders passed a resolution at the Company’s most recent annual general meeting of shareholders renewing such authority until December 27, 2026, to (i) allot and issue, or grant rights to acquire, shares for cash in connection with a rights issue in
25
favor of the holders of shares where the shares (or rights to acquire shares) attributable to such holders are proportional to the respective number of shares held by them; and (ii) otherwise, for up to approximately twenty percent of the Company’s issued share capital as of April 11, 2025. This dis-application will need to be renewed by special resolution upon its expiration and at periodic intervals thereafter.
Irish law requires us to have available “distributable profits” to pay dividends to shareholders and generally to make share repurchases and redemptions.
Under Irish law, we may only pay dividends and, generally, make share repurchases and redemptions from distributable profits. Distributable profits may be created through the earnings of the Company or other methods (including certain intra-group reorganizations involving the capitalization of the Company’s un-distributable profits and their subsequent reduction).
While it is our intention to maintain a sufficient level of distributable profits in order to pay dividends on our ordinary shares and make share repurchases, the Company may be unable to maintain the necessary level of distributable profits to do so.
Item 1B. Unresolved Staff Comments
None.
Item 1C.Item 1A. Cybersecurity
Aon has from time-to-time experienced cybersecurity incidents. In the event of a cybersecurity incident, Aon responds in accordance with our policies, processes, applicable laws and regulations. When necessary, Aon also engages third parties, such as external cybersecurity advisors to investigate and remediate incidents. To date, the cybersecurity incidents have not had a material impact on our business strategy, results of operations, or financial condition, but we face risks from cybersecurity threats that, if realized, may materially affect us, including our business strategy, results of operations, or financial condition. For additional information regarding the risks from cybersecurity threats, please see the risk factors entitled “We rely on complex information technology systems and networks to operate our business. Any significant system or network disruption due to a breach in the security of our information technology systems could have a negative impact on our reputation, operations, sales, and operating results” and “Improper disclosure of confidential, personal, or proprietary data could result in regulatory scrutiny, legal liability, or harm to our reputation” in Part I, Item 1A of this report.
Aon strives to protect the personal and confidential data of our clients and our colleagues. To do so, Aon engages in a risk-based approach to adopting and implementing technical, organizational, administrative, and physical safeguards for cybersecurity. One key component to safeguard against risks facing Aon’s technology and security is Aon’s enterprise risk management (“ERM”) program. Aon’s management carries out the daily processes, controls, and practices of the Company’s ERM program, many of which are embedded within our operations, including the identification, assessment, prioritization, and mitigation of cybersecurity risks. Aon uses external service providers, where appropriate, to assess, test or otherwise assist with aspects of its security processes.
In addition, Aon maintains a Global Cybersecurity Services (“GCS”) organization, led by the CISO, with dedicated cybersecurity personnel responsible for protecting Aon’s information and information systems. Aon’s CISO reports to Aon’s Chief Operating Officer and is an experienced cybersecurity professional, with over 15 years’ experience in information security.
The Company’s Global Emergency Operations Center (“GEOC”) serves as a single point of control, coordination, and communication for protecting Aon's people, property, and information. The GEOC is responsible for triage of all incidents pertaining to the confidentiality, integrity, and availability of customer data. The GEOC monitors threat intelligence reporting and receives alerts and reports from Aon colleagues and IT systems. In coordination with the Global Privacy & Data Trust Office (“GPDTO”) and GCS, the GEOC reports significant cybersecurity incidents to the Cyber Incident Governance Committee (“CIGC”).
26
The CIGC is comprised of members of management, and is responsible for reviewing significant cybersecurity incidents. The CIGC includes the CISO, the Chief Privacy and Data Trust Officer, and other representatives from the Company’s GPDTO and GCS, as well as leaders from the Company’s operations, Risk Management, Law & Compliance, Controllership, Internal Audit, and Communications functions. The CIGC reviews and assesses cybersecurity incidents and is responsible for coordinating the mitigation and remediation of such incidents.
The Company regularly conducts security scanning and reviews of regulatory IT controls. Additional security reviews may be triggered in connection with the assessment of new projects, business initiatives or third-party/supplier engagements. The Company’s Internal Audit function follows a risk-based approach to evaluating controls over key enterprise risks, including cybersecurity, as well as compliance with select regulations and corporate policies.
The Company’s controls are designed to align to the National Institute of Standards and Technology (“NIST”) Cybersecurity Framework . This does not imply that we meet any particular technical standards, specifications or requirements at all times but that the aforementioned frameworks help us identify, assess, and manage cybersecurity risks relevant to our business. We also maintain insurance to provide protection against certain losses that may be associated with a cybersecurity breach or data privacy event, although our coverage may not be sufficient to offset all losses arising from such events.
We use the aforementioned risk-based approach to cybersecurity to promote accountability for all of our functions across our businesses as well as our third parties to monitor for and prevent any adverse consequences from cybersecurity risks. These risks are continuously evolving, and our program is designed to evaluate these risks on an ongoing basis.
Recently Filed
Click on a ticker to see risk factors
| Ticker * | File Date |
|---|---|
| HTH | an hour ago |
| HASI | an hour ago |
| OSCR | an hour ago |
| HCSG | an hour ago |
| MTH | an hour ago |
| MORN | an hour ago |
| DOV | an hour ago |
| PLD | an hour ago |
| CPS | an hour ago |
| EQR | an hour ago |
| VRTX | an hour ago |
| JPM | an hour ago |
| NEE | an hour ago |
| WY | an hour ago |
| HR | an hour ago |
| AON | an hour ago |
| ROKU | an hour ago |
| KMI | an hour ago |
| FROG | an hour ago |
| VRT | an hour ago |
| EXAS | an hour ago |
| UBER | an hour ago |
| AMGN | an hour ago |
| TRUP | an hour ago |
| NTGR | an hour ago |
| INSP | an hour ago |
| LEA | 2 hours ago |
| AAP | 2 hours ago |
| LSCC | 2 hours ago |
| NWL | 2 hours ago |
| TRIP | 2 hours ago |
| OM | 2 hours ago |
| WAB | 2 hours ago |
| TEX | 2 hours ago |
| RHI | 2 hours ago |
| GPI | 3 hours ago |
| HBAN | 3 hours ago |
| FCX | 3 hours ago |
| AGCO | 3 hours ago |
| PII | 3 hours ago |
| CHRW | 3 hours ago |
| CSL | 3 hours ago |
| WEX | 3 hours ago |
| ATMU | 4 hours ago |
| MHO | 4 hours ago |
| ITW | 4 hours ago |
| SXT | 4 hours ago |
| AXTA | 4 hours ago |
| TROW | 5 hours ago |
| DCH | 5 hours ago |
