$DTOC Risk Factor changes from 00/04/13/22/2022 to 00/03/28/24/2024

Item 1A. Risk Factors Summary of Risk FactorsThe following summary highlights some of the principal risks that could adversely affect our business, financial condition, or results of operations. This summary is not complete, and the risks summarized below are not the only risks we face. You should read this summary together with the full and complete discussion of risk factors contained below:Risks Related to Our Business and Industry•We need to contract and form partnerships with Network Practices in order to execute our growth strategy. •Our Network Practices primarily depend on reimbursement from third-party payors, which could lead to delays, denials, or uncertainties in the reimbursement process.•A significant portion of our revenue is derived from a limited number of health insurance and medical group companies.•A significant portion of our revenue is derived from a limited number of Network Practices. •We have identified material weaknesses in our internal control over financial reporting and if we are unable to remediate these material weaknesses, investor confidence in our business and the value of AON common stock could be adversely affected.•The AON PNC Loans and the associated restrictive covenants thereunder could adversely affect our financial condition and will restrict our ability to raise capital.•The AON PNC Loans subject us to interest rate risk, which could cause our debt service obligations to increase significantly and potentially limit our ability to effectively refinance our indebtedness.•A pandemic, epidemic or outbreak of an infectious disease could adversely affect our business.•We must be able to attract and retain highly qualified physicians, medical professionals and other personnel, as well as new patients and obtain new payor contracts in order to grow our business.•We face risks associated with estimating the amount of revenue that is recognized under Network Practices risk agreements with health plans.•Reductions in government reimbursement rates or changes in the rules governing government healthcare programs could have a material adverse effect.•Our business could be adversely affected by health care reform and other changes in government programs.•Changes in the payor mix of patients and potential decreases in reimbursement rates as a result of consolidation among plans could affect our business.•We face significant competition from other healthcare services providers.•Competition for physicians and nurses, shortages of qualified personnel or other factors could increase our labor costs.•Our Network Practices must provide consistently high quality of care.•Our business could be adversely affected by supply price increases and shortages.12Table of Contents•We rely on third-party information technology systems that could suffer from disruptions and data breaches.•We could be subject to legal proceedings and litigation.•Some jurisdictions preclude AON from entering into non-compete agreements with physicians.•Current and future acquisitions may use significant resources, may be unsuccessful, and could expose us to unforeseen liabilities.•We need to protect the confidentiality of our trade secrets, know-how and other proprietary and internally-developed information.•Negative publicity regarding the managed healthcare industry generally could adversely affect our results of operations or business.•Our facilities may be negatively impacted by weather and other factors beyond our control.•Our investments in marketable securities are subject to certain risks which could affect our overall financial condition, results of operations, or cash flows.•Inflation may adversely affect us by materially increasing our costs.Risks Related to our Regulatory Environment•We are dependent on our relationships with our Network Practices to provide healthcare services.•Our managed clinics and our Network Practices providing professional services at such clinics may become subject to medical liability claims.•Changes in accounting standards by the Financial Accounting Standards Board (“FASB”) subjects us to risk.•Our managed clinics and our Network Practices may be subject to third-party payor audits.•We are subject to extensive fraud, waste, and abuse laws.•We face risks relating to loss of regulatory licenses, permits and/or accreditation status.•We face risks relating to applicable data interoperability and information blocking rules.•We face risks relating to actual or perceived failures to comply with applicable data protection, privacy and security, advertising and consumer protection laws, regulations, standards and other requirements.•We are subject to applicable tax laws and regulations.Risks Relating to Operating as a Public Company•The requirements of being a public company, including maintaining adequate internal control over our financial and management systems, may strain our resources and divert management’s attention.•The trading price of our Class A Common Stock may be volatile, and purchasers of our Class A Common Stock could incur substantial losses.•Anti-takeover provisions in our organizational documents could delay or prevent a change of control.•Our Charter designates the Court of Chancery of the State of Delaware as the sole and exclusive forum for certain types of actions and proceedings that may be initiated by our stockholders.Risks Relating to Our Common Stock and Warrants•The sale of securities registered for resale and future sales of substantial amounts of our securities in the public market (including the shares of Class A Common Stock issuable upon exercise of our warrants, conversion of our Class B Common Stock, or conversion of our Series A Preferred Stock), or the perception that such sales may occur, may cause the market price of our securities to decline significantly.•Certain existing stockholders purchased our shares at a price below the current trading price of such shares, and may experience a positive rate of return based on the current trading price. Other investors and stockholders may not experience a similar rate of return.•Because we do not anticipate paying any cash dividends in the foreseeable future, capital appreciation, if any, would be your sole source of gain.•A market for our securities may not continue, which would adversely affect the liquidity and price of our securities.•Nasdaq may delist our securities from trading on its exchange, which could limit investors’ ability to make transactions in our securities and subject us to additional trading restrictions.13Table of Contents•Our warrants may never be in the money, and they may expire worthless.•Warrants to purchase AON Class A Common Stock are exercisable which could increase the number of shares eligible for future resale in the public market and result in dilution to our stockholders.•Future offerings of debt or offerings or issuances of equity securities by us may adversely affect the market price of Class A Common Stock or otherwise dilute all other stockholders.•The price of Class A Common Stock could decline if securities analysts do not publish research or if securities analysts or other third parties publish inaccurate or unfavorable research about us.•We may be subject to securities litigation, which is expensive and could divert management’s attention.Risk FactorsYou should carefully consider the following risk factors in addition to the other information included in this Report, including matters addressed in the section entitled “Cautionary Note Regarding Forward-Looking Statements”. The risk factors described below disclose both material and other risks, and are not intended to be exhaustive and are not the only risks facing us. Additional risks not currently known to us or that we currently deem to be immaterial, or which are not identified because they are generally common to businesses, also may materially adversely affect our business, financial condition, results of operations and cash flows in future periods. The following discussion should be read in conjunction with our consolidated financial statements and notes to the consolidated financial statements included herein, as well as our other public filings with the Securities and Exchange Commission. Risks Related to Our Business and IndustryIn order to execute our growth strategy, we will need to acquire oncology practices and affiliated care providers (“Network Practices”). Our ability to grow depends upon a number of factors, including our ability to obtain referrals for cancer patient care services, identify appropriate physician practices to acquire, enter into contracts with such additional Network Practices, obtain leases, identify appropriate facilities to acquire, complete internal buildouts of new facilities within proposed timelines and budgets, and hire and retain employees including but not limited to physicians affiliated with Network Practices. We cannot guarantee that we will be successful in pursuing our growth strategy. Our growth strategy involves a number of risks and uncertainties, including that:•we and our Network Practices may not be able to successfully enter into contracts with local payors on terms acceptable to us or at all. In addition, we compete for payor relationships with other healthcare organizations, many of whom may have greater resources than we do. This competition may intensify due to the ongoing consolidation in the healthcare industry, which may increase our costs to pursue such opportunities. Patients may also choose providers with more competitive contracted rates than we are able to negotiate;•we will require additional capital and resources in order to acquire additional Network Practices;•we cannot make any assurance that we will be able to maintain relationships with our Network Practices;•through our Network Practices, we may not be able to recruit or retain a sufficient number of new patients to execute our growth strategy, and we may incur substantial costs to recruit new patients and we may be unable to recruit a sufficient number of new patients to offset those costs;•we may not be able to contract with a sufficient numbers of physicians and other staff and may fail to integrate our employees, particularly our medical personnel, into our care model;•our Network Practices may not conform to our exact business model, which may impact their profitability and in-turn, our profitability;•when expanding our business into new states, we may be required to comply with laws and regulations that may differ from states in which we currently operate;•we may not be able to easily monitor and track changes to state and local laws in the states in which we operate, which could increase our legal exposure; and•depending upon the nature of the local market, we may not be able to implement our business model in every local market that we enter, which could negatively impact our revenues and financial condition.14Table of ContentsThere can be no assurance that we will be able to successfully capitalize on growth opportunities, which may negatively impact our business model, revenues, results of operations and financial condition.Our Network Practices primarily depend on reimbursement from third-party payors, as well as payments by individuals, which could lead to delays, denials, or uncertainties in the reimbursement process. The reimbursement process is complex and can involve lengthy delays. Although we recognize revenue when our Network Practices provide services to patients, our Network Practices may from time to time experience delays in receiving the associated payments. Retroactive adjustments may change amounts realized from third-party payors. Our Network Practices are subject to audits by such payors, including governmental audits of our Medicare and Medicaid claims, and may be required to repay these payors if a finding is made that we were incorrectly reimbursed. Delays and uncertainties in the reimbursement process may adversely affect accounts receivable, increase the overall costs of collection and cause us to incur additional costs associated with raising capital. Third-party payors are also increasingly focused on controlling healthcare costs, and such efforts, including any revisions to reimbursement policies, may further complicate and delay our Network Practices’ reimbursement claims. In addition, certain of the patients are covered under health plans that require the patient to cover a portion of their own healthcare expenses through the payment of copayments or deductibles. Our Network Practices may not be able to collect the full amounts due with respect to these payments that are the patient’s financial responsibility, or in those instances where physicians provide services to uninsured individuals. To the extent permitted by law, amounts not covered by third-party payors are the obligations of individual patients for which our Network Practices may not receive whole or partial payment. Any increase in cost shifting from third-party payors to individual patients, including as a result of high deductible plans for patients, increases our collection costs and reduces overall collections, which we may not be able to offset such additional costs with sufficient revenue. In response to the COVID-19 pandemic, the Centers for Medicare and Medicaid Services (CMS), the federal agency responsible for administering the Medicare program, made several changes in the manner in which Medicare will pay for telehealth visits, many of which relax previous requirements, including site requirements for both the providers and patients, telehealth modality requirements and others. State law applicable to telehealth, particularly licensure requirements, has also been relaxed in many jurisdictions as a result of the COVID-19 pandemic. It is unclear which, if any, of these changes will remain in place permanently and which will be rolled-back following the COVID-19 pandemic. If regulations change to restrict our Network Practices’ ability to deliver care through telehealth modalities, our financial condition and results of operations may be adversely affected. A significant portion of our revenue is derived from a limited number of health insurance and medical group companies. Those payors could take action to remove, exclude, delay, or otherwise prevent the inclusion of our Network Practices in their provider networks. Our operations are dependent on a concentrated number of payors with whom our Network Practices contract to provide services to patients. We generally manage our Network Practices’ payor contracts on a state by state basis, entering into a separate contract in each state with the local affiliate of the relevant payor such that no one local payor contract accounts for a majority of our collective revenue. We believe that a majority of our Network Practices’ revenues will continue to be derived from a limited number of key payors, which may terminate their contracts with our Network Practices or the individual Network Practice physicians credentialed by them upon the occurrence of certain events. The sudden loss of any of our network Practices’ payors, or the renegotiation of any of our Network Practices’ payor contracts, could adversely affect our operating results. In the ordinary course of business, we engage in active discussions and renegotiations with payors in respect of the services our Network Practices provide and the terms of our Network Practices’ payor agreements. As the payors’ businesses respond to market dynamics and financial pressures, and as payors make strategic business decisions in respect of the lines of business they pursue and programs in which they participate, certain of the payors may seek to renegotiate or terminate their agreements with our Network Practices. These discussions could result in reductions to the fees and changes to the scope of services contemplated by the original payor contracts and consequently could negatively impact our revenues, business and prospects. Because we rely on a limited number of payors for a significant portion of our Network Practices’ revenues, we depend on the creditworthiness of these payors. The payors are subject to a number of risks including reductions in 15Table of Contentspayment rates from governmental programs, higher than expected health care costs and lack of predictability of financial results when entering new lines of business, particularly with high-risk populations. If the financial condition of our Network Practices’ payors declines, our financial results could be impacted. Should one or more of our Network Practices’ payors declare bankruptcy, be declared insolvent or otherwise be restricted by state or federal laws or regulation from continuing in some or all of their operations, this could adversely affect our ongoing revenues, the collectability of our accounts receivable, our bad debt reserves and our net income. Although our Network Practices have long-term contracts with many payors, these contracts may be terminated before their term expires for various reasons, such as changes in the regulatory landscape and poor performance by our Network Practices and our affiliated providers, subject to certain conditions. Certain of the payor contracts are terminable immediately upon the occurrence of certain events. Certain of the payor contracts may be terminated immediately by the payor if our Network Practices lose applicable licenses, go bankrupt, lose their liability insurance or receive an exclusion, suspension or debarment from state or federal government authorities. Additionally, if a payor were to lose applicable licenses, go bankrupt, lose liability insurance, become insolvent, file for bankruptcy or become subject to exclusion, suspension or debarment from state or federal government authorities, the Network Practices’ contract with such payor could in effect be terminated. In addition, certain of the payor contracts may be terminated immediately if a Network Practice becomes insolvent or file for bankruptcy. If any of the contracts with the Network Practice’s payors are terminated, the Network Practice may not be able to recover all fees due under the terminated contract, which may adversely affect our operating results. A significant portion of our revenue is derived from a limited number of our Network Practices. If there are unforeseen disruptions in the businesses of our top Network Practices or these Network Practices terminate their contracts with us, our revenue could decline.For the fiscal year ended December 31, 2023, our top ten Network Practices generated approximately 67.3% of our revenue. Unforeseen disruptions to these Network Practices could have a significant adverse effect on our revenues. Furthermore, while we enter into long-term contracts with our Network Practices, under certain circumstances and conditions, either party may terminate. The Network Practices have no obligation to renew their contracts after the initial term expires. In addition, our Network Practices may negotiate terms less advantageous to us upon renewal, which may reduce our revenue from them. If our top ten Network Practices terminate their contracts, decide not to renew their contracts, or renew their contracts on less favorable terms or at lower fee levels, our revenue may decline significantly, or our future growth may be constrained.AON has identified material weaknesses in its internal control over financial reporting. If AON is unable to remediate these material weaknesses, or if it identifies additional material weaknesses in the future or otherwise fails to maintain effective internal control over financial reporting, AON may not be able to accurately or timely report its financial condition or results of operations, which may adversely affect investor confidence in AON’s business and the value of AON common stock.

As a public company, AON will be required to furnish a report by management on the effectiveness of our internal control over financial reporting beginning with our second annual report on Form 10-K. If AON is unable to establish or maintain appropriate internal control over financial reporting or implement these additional requirements in a timely manner or with adequate compliance, it could result in material misstatements in its consolidated financial statements, failure to meet its reporting obligations on a timely basis, increases in compliance costs, and subject AON to adverse regulatory consequences, all of which may adversely affect investor confidence in AON and the value of AON common stock. As of December 31, 2023, material weaknesses existed in our internal control over financial reporting. The material weaknesses that AON identified were as follows: •The Company did not design and maintain an effective control environment commensurate with its financial reporting requirements. Specifically, the Company lacked a sufficient complement of resources with (i) an appropriate level of accounting knowledge, training and experience to appropriately analyze, record and disclose accounting matters timely and accurately, and (ii) an appropriate level of knowledge and experience to establish 16Table of Contentseffective processes and controls. Additionally, the lack of a sufficient complement of resources resulted in an inability to consistently establish appropriate authorities and responsibilities in pursuit of its financial reporting objectives, as demonstrated by, among other things, insufficient segregation of duties in its finance and accounting functions.•The Company did not effectively design and maintain effective controls in response to the risks of material misstatement. Specifically, changes to existing controls or the implementation of new controls have not been sufficient to respond to changes to the risks of material misstatement to financial reporting.These material weaknesses contributed to the following additional material weaknesses: •The Company did not design and maintain effective controls to identify, analyze, account for and disclose non-routine, unusual or complex transactions. Specifically, the Company did not design and maintain controls to account for its business combinations, asset acquisitions, clinical trial agreements, and related party transactions.•The Company did not design and maintain effective controls related to the period-end financial reporting process, including designing and maintaining formal accounting policies, procedures and controls to achieve complete and accurate financial accounting, reporting and disclosures. Additionally, the Company did not design and maintain controls over the preparation and review of account reconciliations and journal entries, including maintaining appropriate segregation of duties. •The Company did not design and maintain effective controls to achieve complete, accurate and timely accounting of accrued liabilities.•The Company did not design and maintain effective controls to achieve complete, accurate and timely accounting of revenue and accounts receivable. Specifically, the Company did not design and maintain controls over the inputs, assumptions, and calculations to develop our contractual allowances.•The Company did not design and maintain effective information technology (“IT”) general controls for information systems that are relevant to the preparation of its financial statements. Specifically, the Company did not design and maintain: (i) program change management controls to ensure that program and data changes are identified, tested, authorized, and implemented appropriately; (ii) user access controls to ensure appropriate segregation of duties and to adequately restrict user and privileged access to appropriate personnel; (iii) computer operations controls to ensure that processing and transfer of data, and data backups and recovery are monitored; and (iv) program development controls to ensure that new software development is tested, authorized and implemented appropriately.The material weaknesses above resulted in a revision to the Company’s previously issued financial statements as of and for the year ended December 31, 2020 as well as audit adjustments to the Company’s financial statements as of and for the year ended December 31, 2021 related to the amortization of leasehold improvements within property and equipment, non-controlling interest, accrued liabilities, operating expenses, and related financial disclosures. A revision was also made to the Company’s previously issued condensed consolidated interim financial statements as of and for the nine-month period ended September 30, 2022 related to marketable securities, cash and cash equivalents, patient service revenue, net, patients accounts receivables, net, accrued other, and cost of revenue. Additionally, these material weaknesses could result in further misstatements of the aforementioned account balances or disclosures that would result in a material misstatement to the annual or interim consolidated financial statements that would not be prevented or detected. The Company is in the process of designing and implementing measures designed to improve our internal control over financial reporting and remediate the control deficiencies which led to the material weaknesses. The Company’s remediation measures are ongoing and include the following: •The Company enhanced the technical capabilities of its accounting department via the hiring of an SEC Reporting Manager and intends to seek additional opportunities to further expand its full-time accounting leadership team going forward. Furthermore, the Company will continue to leverage third-party consultants for its technical accounting needs whenever specific technical accounting competencies are required;17Table of Contents•Management continues to enhance its review process for unusual, non-routine or complex transactions. These enhancements include, but are not limited to, when appropriate, the involvement of non-finance personnel (such as legal or operations personnel) in order to verify the validity and proper accounting treatment of such transactions;•During 2023, management collaborated with outside consultants possessing significant financial reporting and internal control expertise to perform an extensive review of the design of the Company's internal controls over financial reporting. This review included the identification of internal control deficiencies and the development of corresponding remediation plans for each of the deficiencies identified. These internal control deficiencies identified and corresponding remediation plans included, but were not limited to, the following: improvements to the financial close and reporting process, accounting for contractual allowances related to revenue recognition, the identification of related party transactions, and the timely development of quality estimates related to accrued liabilities;•Management is gaining a better understanding of system functionality through the review of permissions and profiles to be executed during the periodic user access reviews to be conducted going forward for each IT application that is significant to the Company's financial reporting objectives, and intends subsequently reconfigure profiles with appropriate permissions to better align with job responsibilities and enforce segregation of duties;•The Company enhanced its financial close process by introducing additional layers of independent reviews by appropriately qualified individuals and improving the precision and timeliness of reviews applied to various period-end activities and financial result analyses, including journal entries, account reconciliations, revenue recognition, and accrued liabilities. Additionally, the Company is developing evidence of review standards to be consistently applied to its various period-end control activities going forward, thereby requiring control owners to better formally document the operation of these controls; and•The Company has designed and implemented a broad suite of ITGCs over change management, the review and update of user access rights and privileges, controls over batch jobs and data backups, and program development approvals and testing. During 2024, the Company intends to continue improving its ITGC environment by more uniformly applying password parameter requirements across its base of IT applications that are significant to its financial reporting objectives, as well as by enhancing the precision of its periodic user access reviews for these systems.AON has begun the process to remediate its identified material weaknesses as detailed above. The material weaknesses will not be considered remediated until management completes the design and implementation of the processes and controls described above and the controls operate for a sufficient period of time, and AON has concluded, through testing, that the newly implemented and enhanced controls are operating effectively. At this time, AON cannot predict the success of such efforts or the outcome of future assessments of the remediation efforts. AON’s current controls and any new controls that it develops may become inadequate because of changes in conditions in its business, personnel, IT systems and applications, or other factors. If AON fails to remediate AON’s existing material weakness or identifies new material weaknesses in its internal controls over financial reporting, if it is unable to comply with the requirements of Section 404 of the Sarbanes-Oxley Act in a timely manner, or if it is unable to conclude that its internal controls over financial reporting are effective, it is possible that a material misstatement of AON’s financial statements would not be prevented or detected on a timely basis, investors may lose confidence in the accuracy and completeness of AON’s financial reports, and the market price of AON Class A Common Stock could be negatively affected. Our services are concentrated in certain geographic areas and populations exposing us to unfavorable changes in local benefit costs, reimbursement rates, competition and economic conditions. Our services are concentrated in certain geographic areas in the United States. Unfavorable changes in health care or other benefit costs or reimbursement rates or increased competition in the states in which we operate or any other geographic area where our Network Practices are concentrated in the future could therefore have a disproportionately adverse effect on our operating results. Additionally, the geographic concentration of a significant portion of our Network Practices may make them more vulnerable to events such as an outbreak of a pandemic similar to the COVID-19 pandemic. The AON PNC Loans and the associated restrictive covenants thereunder could adversely affect our financial condition and will restrict our ability to raise capital. 18Table of ContentsOn April 30, 2021, we entered into the AON PNC Loans with PNC Bank National Association (“PNC”). The AON PNC Loans contains various restrictive and financial covenants, including restrictions on indebtedness, leverage ratio, restricts our ability to (i) incur indebtedness other than (a) in connection with and as allowed under certain provisions of the agreements governing the AON PNC Loans or (b) in ordinary course of business, (ii) permit any lien or encumbrance upon our property except as generally permitted by PNC or as specifically enumerated in the agreements governing the AON PNC Loans, (iii) (a) purchase or redeem any of our membership interests, (b) declare or pay any dividend or set aside any funds for any such purpose (c) prepay, purchase or redeem any other debt, (d) lend or advance any funds or (e) repay any loans or advances to, for or from any of our affiliates, except, for each of the foregoing, as specifically permitted under the AON PNC Loans, (iv) merge or consolidate with or into, or convey, transfer, lease or otherwise dispose of (whether in one transaction or in a series of transactions) all or substantially all of our assets (whether now owned or hereafter acquired) to, any person or entity, (v) without prior written consent, make any change in any borrower’s name, identity, corporate structure or location under the AON PNC Loans or make any other change in such borrower’s identity or corporate structure, or (vi) acquire another business (via assets or equity) unless certain other requirements are met, including that acquisitions via capital stock may only be of a subsidiary of AON. Subject to customary exceptions and exclusions, our obligations under the AON PNC Loans are guaranteed by a perfected, first-priority security interest in substantially all of our assets, including our intellectual property and the equity ownership interests directly and indirectly held by us in our wholly-owned subsidiaries and excluding certain assets used in connection with medical services. Compliance with such covenants and our indebtedness will result in the following, which could materially and adversely affect our business, financial condition and results of operations: •require us to dedicate a substantial portion of cash and cash equivalents to the payment of interest on, and principal of, the indebtedness, which will reduce the amounts available to fund working capital, capital expenditures, product development efforts and other general corporate purposes;•oblige us to comply with negative covenants restricting our activities, including limitations on dispositions, mergers or acquisitions, encumbering our intellectual property, incurring indebtedness or liens, paying dividends, making investments and engaging in certain other business transactions;•limit our flexibility in planning for, or reacting to, changes in our business and our industry;•place us at a competitive disadvantage compared to our competitors who have less debt or competitors with comparable debt at more favorable interest rates;•limit our ability to borrow additional amounts for working capital, capital expenditures, research and development efforts, acquisitions, debt service requirements, execution of our business strategy and other purposes and otherwise restrict our financing options.Furthermore, because the interests of the lenders may potentially differ from ours and from those of our stockholders, we may be unable to engage in transactions or other activities that may be beneficial to our stockholders. The covenants under the agreements governing the AON PNC Loans could materially and adversely affect our business, financial condition and results of operations.Servicing our indebtedness requires a significant amount of cash. Our ability to repay the principal of, to pay interest on or to refinance our indebtedness depends on our future performance, which is subject to economic, financial, competitive and other factors beyond our control. Our business may not generate cash flow from operations in the future sufficient to service our indebtedness. If we are unable to generate cash flow, we may be required to adopt one or more alternatives, such as restructuring debt or obtaining additional financing on terms that may be unfavorable to us or highly dilutive. Our ability to refinance our indebtedness will depend on the capital markets and our financial condition at the time we seek to refinance such indebtedness. Our inability to satisfy our debt obligations could materially and adversely affect our financial position and results of operations. A failure to comply with the conditions of the AON PNC Loans could result in an event of default. An event of default under the AON PNC Loans includes, among other things, a failure to pay any amount due under the AON PNC Loans. If we fail to comply with any of the covenants under our indebtedness and are unable to obtain a waiver or amendment, the lenders may, among other things, accelerate our outstanding indebtedness and exercise rights with respect to collateral securing our outstanding indebtedness, each of which could have an adverse effect on our business, financial condition and results of operations. Any of these events could materially and adversely affect our business, financial condition and results of operations. 19Table of ContentsThe AON PNC Loans subject us to interest rate risk, which could cause our debt service obligations to increase significantly and potentially limit our ability to effectively refinance our indebtedness as it matures. Borrowings under the AON PNC Loans bear interest at variable rates and expose us to interest rate risk. If interest rates increase and we do not hedge such variable rates, our debt service obligations on the variable rate indebtedness will increase even though the amount borrowed will remain the same, which will negatively impact our net income and operating cash flows, including cash available for servicing our indebtedness. Additionally, our ability to refinance portions of our indebtedness in advance of their maturity dates depends on securing new financing bearing interest at rates that we are able to service. A pandemic, epidemic or outbreak of an infectious disease in the United States or worldwide, similar to the outbreak of COVID-19 or the continuation of such an outbreak, could adversely affect our business, financial condition, results of operations and growth. If a pandemic, epidemic or outbreak of an infectious disease occurs in the United States or worldwide, our business may be adversely affected. If we are unable to attract new patients and to obtain new payor contracts our revenue growth will be adversely affected. To increase our revenue, our business strategy is to expand the number of oncology clinics and affiliated physicians in our network. In order to support such growth, we must continue to win new contracts and retain or grow existing contracts with payors. Our Network Practices face competition from other oncology providers. If our Network Practices are unable to convince potential payors and patients of the benefits of our value-based system, or if potential or existing payors and patients prefer the care provider model of one of our competitors, we may not be able to effectively implement our growth strategy, which depends on our ability to attract new patient referrals and payors for our Network Practices. Network Practices’ inability to obtain new payor agreements and patient referrals and retain existing payors and patients would harm our ability to execute our growth strategy and may have a material adverse effect on our business operations and financial position. There are significant risks associated with estimating the amount of revenues that are recognized under Network Practices’ agreements with health plans in a reporting period and it is possible that we may not accurately estimate the amount of such revenues. The billing and collection process is complex due to ongoing insurance coverage changes, geographic coverage differences, differing interpretations of contract coverage and other payor issues, such as ensuring appropriate documentation. Determining applicable primary and secondary coverage for patients, together with the changes in patient coverage that occur each month, requires complex, resource-intensive processes. Errors in determining the correct coordination of benefits may result in refunds to payors. Revenues associated with Medicare and Medicaid programs are also subject to estimating risk related to the amounts not paid by the primary government payor that will ultimately be collectible from other government programs paying secondary coverage, the patient’s commercial health plan secondary coverage or the patient. Collections, refunds and payor recoupments typically continue to occur for up to three years and longer after services are provided. If our estimates of revenues are materially inaccurate, it could impact the timing and the amount of our revenues recognition and have a material adverse impact on our business, results of operations, financial condition and cash flows. 20Table of ContentsReductions in government reimbursement rates or changes in the rules governing government healthcare programs could have a material adverse effect on our financial condition and results of operations. Our Network Practices receive a significant portion of revenue directly from Medicare. In addition, many private payors base their reimbursement rates on the published Medicare rates or, in the case of Medicare Advantage, are themselves reimbursed by Medicare for the services our Network Practices provide.As a result, our results of operations are, in part, dependent on government funding levels for Medicare programs, particularly Medicare Advantage programs.The Medicare program and its reimbursement rates and rules are subject to frequent change. These include statutory and regulatory changes, rate adjustments (including retroactive adjustments), administrative or executive orders and government funding restrictions, all of which may materially adversely affect the rates at which Medicare reimburses our Network Practices for patient care services. Budget pressures often lead the federal government to reduce or place limits on reimbursement rates under Medicare. Implementation of these and other types of measures has in the past and could in the future result in substantial reductions in our revenue and operating margins.In addition, CMS often changes the rules governing the Medicare program, including those governing reimbursement. Changes that could adversely affect our business include:•administrative or legislative changes to rates or the bases of payment;•limits on the services or types of providers for which Medicare will provide reimbursement;•changes in methodology for patient assessment and/or determination of payment levels;•the reduction or elimination of annual rate increases; or•an increase in co-payments or deductibles payable by beneficiaries.Any reductions in reimbursement rates or the scope of services rendered by our Network Practices being reimbursed could have a material, adverse effect on our financial condition and results of operations or even result in reimbursement rates that are insufficient to cover our operating expenses. Additionally, any delay or default by the government in making Medicare or Medicaid reimbursement payments to our Network Practices or any reduction in patients eligible for such programs could materially and adversely affect our business, financial condition and results of operations.We cannot predict the effect that health care reform and other changes in government programs may have on our business, financial condition or results of operations. The impact of healthcare reform legislation and other changes in the healthcare industry and in healthcare spending is currently unknown, but may adversely affect our business, financial condition and results of operations. Our revenue is dependent on the healthcare industry and could be affected by changes in healthcare spending, reimbursement and policy. The healthcare industry is subject to changing political, regulatory and other influences. By way of example, the Affordable Care Act (“ACA”), which was enacted in 2010, made major changes in how healthcare is delivered and reimbursed, and it increased access to health insurance benefits to the uninsured and underinsured populations of the United States. Since its enactment, there have been judicial, executive and Congressional challenges to certain aspects of the ACA. On June 17, 2021, the U.S. Supreme Court dismissed the most recent judicial challenge to the ACA brought by several states without specifically ruling on the constitutionality of the ACA. Prior to the Supreme Court’s decision, President Biden issued an executive order initiating a special enrollment period from February 15, 2021 through August 15, 2021 for purposes of obtaining health insurance coverage through the ACA marketplace. The executive order also instructed certain governmental agencies to review and reconsider their existing policies and rules that limit access to healthcare. It is unclear how healthcare reform measures enacted by Congress or implemented by the Biden administration, if any, will impact our business. Other legislative changes have been proposed and adopted since the ACA was enacted. These changes include aggregate reductions to Medicare payments to providers of 2% per fiscal year, which began in 2013 and will remain in 21Table of Contentseffect through 2030, with the exception of a temporary suspension from May 1, 2020 through March 31, 2022. Under current legislation, the actual reduction in Medicare payments varies from 1% from April 1, 2022 to June 30, 2022, to up to 3% in the final fiscal year of this sequester, unless additional Congressional action is taken. In January 2013, the American Taxpayer Relief Act of 2012 was signed into law, which, among other things, further reduced Medicare payments to several types of providers, including hospitals, imaging centers and cancer treatment centers, and increased the statute of limitations period for the government to recover overpayments to providers from three to five years. New laws may result in additional reductions in Medicare and other healthcare funding, which may materially adversely affect consumer demand and affordability for our products and services and, accordingly, the results of our financial operations. Additional changes that may affect our business include the expansion of new programs such as Medicare payment for performance initiatives for physicians under the Medicare Access and CHIP Reauthorization Act of 2015, or MACRA, which first affected physician payment in 2019. At this time, it is unclear how the introduction of the Medicare quality payment program will impact overall physician reimbursement. The Inflation Reduction Act of 2022, or IRA, signed into law on August 16, 2022, also contains a number of provisions designed to limit or reduce drug prices under the Medicare program, reduce beneficiary out-of-pocket spending under Medicare’s prescription drug benefit, and expand subsidies for individuals to obtain private health insurance under the ACA. While these provisions of the IRA do not apply directly to healthcare providers like our Network Practices, we are continuing to evaluate the potential impact, if any, that the IRA may have on our business. Such changes in the regulatory environment may also result in changes to our payer mix that may affect our operations and revenue. In addition, certain provisions of the ACA authorize voluntary demonstration projects, which include the development of bundling payments for acute, inpatient hospital services, physician services and post-acute services for episodes of hospital care. Further, the ACA may adversely affect payers by increasing medical costs generally, which could have an effect on the industry and potentially impact our business and revenue as payers seek to offset these increases by reducing costs in other areas. Uncertainty regarding future amendments to the ACA as well as new legislative proposals to reform healthcare and government insurance programs, along with the trend toward managed healthcare in the United States, could result in reduced demand and prices for our services. We expect that additional state and federal healthcare reform measures will be adopted in the future, any of which could limit the amounts that federal and state governments and other third party payers will pay for healthcare products and services, which could adversely affect our business, financial condition and results of operations. The amounts our Network Practices receive for services provided to patients are determined by a number of factors, including the payor mix of patients and the reimbursement methodologies and rates utilized by the patients’ plans. Patient services revenue consists of fee-for-service agreements held by our Network Practices. Under a fee-for-service payor arrangement, our Network Practices collect fees directly from the payor as services are provided. Patient services revenue accounted for substantially all of our total revenue for the year ended December 31, 2023. A significant decrease in the number of fee-for-service arrangements held by our Network Practices could adversely affect our revenues and results of operation. The healthcare industry has also experienced a trend of consolidation, resulting in fewer but larger payors that have significant bargaining power, given their market share. Payments from payors are the result of negotiated rates. These rates may decline based on renegotiations and larger payors have significant bargaining power to negotiate higher discounted fee arrangements with healthcare providers. As a result, payors increasingly are demanding discounted fee structures or the assumption by healthcare providers of all or a portion of the financial risk related to paying for care provided through capitation agreements. We face significant competition from other healthcare services providers. Our failure to adequately compete could adversely affect our business. We and our Network Practices compete directly with national, regional and local providers of healthcare for patients and physicians. There are many other companies and individuals currently providing healthcare services, many of which have been in business longer and/or have substantially more resources. Other companies could enter the healthcare industry in the future and divert some or all of our business. If we expand to other geographies, we expect competition may change based on a number of factors, including the number of competing oncology care facilities in the local market and the types 22Table of Contentsof services available at those facilities, our Network Practices’ reputation for quality care of patients, the commitment and expertise of our Network Practices’ medical staff, our local service offerings and community programs, the cost of care in each locality, and the physical appearance, location, age and condition of our facilities. Some of our competitors may have greater recognition and be more established in their respective communities than we are, and may have greater financial and other resources than we have. Competing oncology care providers may also offer larger facilities or different programs or services than our Network Practices do, which, combined with the foregoing factors, may result in our competitors being more attractive to our current patients, potential patients and referral sources. Furthermore, while we budget for routine capital expenditures at our managed clinics to keep them competitive in their respective markets, to the extent that competitive forces cause those expenditures to increase in the future, our financial condition may be negatively affected. In addition, our relationships with governmental and private third-party payors are not exclusive and our competitors have established or could seek to establish relationships with such payors to serve their covered patients. Additionally, as we expand into new geographies, we may encounter competitors with stronger relationships or recognition in the community in such new geography, which could give those competitors an advantage in obtaining new patients. Individual physicians, physician groups and companies in other healthcare industry segments, including those with which our Network Practices have contracts, and some of which have greater financial, marketing and staffing resources, may become competitors in providing health care services, and this competition may have a material adverse effect on our business operations and financial position. Competition for physicians and nurses, shortages of qualified personnel or other factors could increase our labor costs and adversely affect our revenue, profitability and cash flows. Our operations are dependent on the efforts, abilities and experience of our Network Practices’ physicians and clinical personnel. We compete with other healthcare providers, primarily hospitals and other oncology practices, in attracting physicians, nurses and medical staff to support our managed clinics, recruiting and retaining qualified management and support personnel responsible for the daily operations of each of our managed clinics and in our Network Practices contracting with payors in each of our markets. In some markets, the lack of availability of clinical personnel has become a significant operating issue facing all healthcare providers. This shortage may require us and our Network Practices to continue to enhance wages and benefits to recruit and retain qualified personnel or to contract for more expensive temporary personnel. We also depend on the available labor pool of semi-skilled and unskilled workers in each of the markets in which we operate. If our labor costs increase, we may not be able to raise rates to offset these increased costs. Because a significant percentage of our revenue consists of fixed, prospective payments, our ability to pass along increased labor costs is limited. In particular, if labor costs rise at an annual rate greater than our net annual consumer price index basket update from Medicare, our results of operations and cash flows will likely be adversely affected. Any union activity at our managed clinics that may occur in the future could contribute to increased labor costs. Certain proposed changes in federal labor laws and the National Labor Relations Board’s modification of its election procedures could increase the likelihood of employee unionization attempts. Although none of our employees or the employees of our Network Practices are currently represented by a collective bargaining agreement, to the extent a significant portion of our employee base unionizes, it is possible our labor costs could increase materially. Our failure to recruit and retain qualified management and medical personnel for our Network Practices, or to control our collective labor costs, could have a material adverse effect on our business, prospects, results of operations and financial condition. Because competition for qualified personnel is intense, we may not be able to attract and retain the highly skilled employees we need to execute our business strategies and growth plans.To execute on our growth plan, we and our Network Practices must attract and retain highly qualified personnel. Competition for highly qualified personnel is intense, especially for physicians and other medical professionals who are experienced in providing oncology care services. We and our Network Practice have, from time to time, experienced, and we expect to continue to experience, difficulty in hiring and retaining employees with appropriate qualifications. Many of the companies and healthcare providers with which we compete for experienced personnel have greater resources than we have. If we and our Network Practices hire employees from competitors or other companies or healthcare providers, their former employees may attempt to assert that these employers or we have breached certain legal obligations, resulting in a diversion of our time and resources. As we become a more mature company, we may find our recruiting efforts more challenging. The incentives to attract, retain, and motivate employees provided by our stock options and other equity awards, or by other compensation 23Table of Contentsarrangements, may not be as effective as in the past. As such, we may not be successful in continuing to attract and retain qualified personnel. Our recruiting efforts may also be limited by laws and regulations, such as restrictive immigration laws, and restrictions on travel or availability of visas. If we fail to attract new personnel or fail to retain and motivate our current personnel, our business and future growth prospects could be harmed.If our Network Practices and the physicians affiliated therewith are unable to provide consistently high quality of care, our business will be adversely impacted. Our business is dependent upon our Network Practices and the physicians affiliated therewith providing high-quality care to patients. In particular, the ability to attract and retain patients and patient referrals is dependent upon providing cost effective, quality patient care that meets or exceeds the patients’ and payors’ expectations. We depend on third parties for certain of the patient care needs. If we, our Network Practices or the physicians affiliated therewith fail to provide service that meets the patients’ and payors’ expectations, we may have difficulty retaining or growing the patient base, which could adversely affect our business, financial condition and results of operations. We expect the importance of high-quality patient experience to increase as we, through our Network Practices, expand our business and pursue new lives served. Additionally, as the number of lives served by our Network Practices in our managed clinics grows, we will need to hire additional personnel to provide quality care at scale. If we, our Network Practices or the physicians affiliated therewith are unable to provide such care, our business, results of operations, financial condition, and reputation could be harmed. If certain of our suppliers do not meet our needs, if there are material price increases on supplies, if we are not reimbursed or adequately reimbursed for drugs purchased or if we are unable to effectively access new technology or superior products, it could negatively impact the ability of our Network Practices to effectively provide the services we offer and could have a material adverse effect on our business, results of operations, financial condition and cash flows. If our suppliers do not meet our Network Practices’ needs for the products they supply, including in the event of a product recall, shortage or dispute, and are not able to find adequate alternative sources, if our Network Practices experience material price increases from these suppliers that we are unable to mitigate, or if some of the drugs that our Network Practices purchase are not reimbursed or not adequately reimbursed by commercial or government payors, it could have a material adverse impact on our business, results of operations, financial condition and cash flows. In addition, the technology related to the products critical to the services we provide is subject to new developments which may result in superior products. If we are not able to access superior products on a cost-effective basis or if suppliers are not able to fulfill our requirements for such products, we and our Network Practices could face patient attrition and other negative consequences which could have a material adverse effect on our business, results of operations, financial condition and cash flows. We depend on our information technology systems, and those of our third-party vendors, contractors and consultants, and any failure or significant disruptions of these systems, security breaches or loss of data could materially adversely affect our business, financial condition and results of operations. Our business is dependent on maintaining effective information systems as well as the integrity and timeliness of the data we use to serve patients, support our care teams and operate our business. Because of the large amount of data that we collect and manage, it is possible that hardware failures or errors in our systems could result in data loss or corruption or cause the information that we collect to be incomplete or contain inaccuracies that our partners regard as significant. If our data were found to be inaccurate or unreliable due to fraud or other error, or if we, or any of the third-party service providers we engage, were to fail to maintain information systems and data integrity effectively, we could experience operational disruptions that may impact patients and care teams and hinder our ability to provide services, retain and attract patients, establish appropriate pricing for services, manage patient risk profiles, establish reserves, report financial results timely and accurately and maintain regulatory compliance, among other things. Our information technology strategy and execution are critical to our continued success. We must continue to invest in long-term solutions that will enable us to anticipate patient needs and expectations, enhance the patient experience, act as a differentiator in the market and protect against cybersecurity risks and threats. We believe our success is dependent, in large part, on maintaining the effectiveness of existing technology systems and continuing to deliver and enhance technology systems that support our business processes in a cost-efficient and resource-efficient manner. Increasing 24Table of Contentsregulatory and legislative changes will place additional demands on our information technology infrastructure that could have a direct impact on resources available for other projects tied to our strategic initiatives. In addition, recent trends toward greater patient engagement in health care require new and enhanced technologies, including more sophisticated applications for mobile devices. Connectivity among technologies is becoming increasingly important. We must also develop new systems to meet current market standards and keep pace with continuing changes in information processing technology, evolving industry and regulatory standards and patient needs. Failure to do so may present compliance challenges and impede our ability to deliver services in a competitive manner. Further, because system development projects are long-term in nature, they may be more costly than expected to complete and may not deliver the expected benefits upon completion. Security incidents compromising the confidentiality, integrity, and availability of our confidential or personal information and our and our third-party service providers’ information technology systems could result from cyber-attacks, computer malware, viruses, social engineering (including spear phishing and ransomware attacks), credential stuffing, supply chain attacks, efforts by individuals or groups of hackers and sophisticated organizations, including state-sponsored organizations, errors or malfeasance of our personnel, and security vulnerabilities in the software or systems on which we and our third party service providers rely. As techniques used by cyber criminals change frequently, a disruption, cyberattack or other security breach of our information technology systems or infrastructure, or those of our third-party service providers, may go undetected for an extended period and could result in the theft, transfer, unauthorized access to, disclosure, modification, misuse, loss or destruction of our employee, representative, customer, vendor, consumer and/or other third-party data, including sensitive or confidential data, personal information and/or intellectual property. We and certain of our service providers are from time to time, subject to cyberattacks and security incidents, and we cannot guarantee that our security efforts will prevent breaches or breakdowns of our or our third-party service providers’ information technology systems. While we do not believe that we have experienced any significant system failure, accident or security breach to date, if we suffer a material loss or disclosure of health-related or other personal or confidential information as a result of a breach of our information technology systems, including those of our third-party service providers, we may suffer reputational, competitive and/or business harm, incur significant costs and be subject to government investigations, litigation, fines and/or damages, which could have a material adverse effect on our business, prospects, results of operations, financial condition and/or cash flows. Moreover, while we maintain cyber insurance that may help provide coverage for these types of incidents, we cannot assure you that our insurance will be adequate to cover costs and liabilities related to these incidents. Further, our failure to effectively invest in, implement improvements to and properly maintain the uninterrupted operation and data integrity of our information technology and other business systems could adversely affect our results of operations, financial position and cash flow. We may be subject to legal proceedings and litigation, including intellectual property and privacy disputes, which are costly to defend and could materially harm our business and results of operations. We and our Network Practices may be party to lawsuits and legal proceedings in the normal course of business. These matters are often expensive and disruptive to normal business operations. We may face allegations, lawsuits and regulatory inquiries, audits and investigations regarding data privacy, security, labor and employment, consumer protection and intellectual property infringement, including claims related to privacy, patents, publicity, trademarks, copyrights and other rights. We may also face allegations or litigation related to our acquisitions, securities issuances or business practices, including public disclosures about our business. Litigation and regulatory proceedings may be protracted and expensive, and the results are difficult to predict. Certain of these matters may include speculative claims for substantial or indeterminate amounts of damages and include claims for injunctive relief. Additionally, our litigation costs could be significant. Adverse outcomes with respect to litigation or any of these legal proceedings may result in significant settlement costs or judgments, penalties and fines, or require us to modify our services or require us to stop serving certain patients or geographies, all of which could negatively impact our geographical expansion and revenue growth. Our Network Practices may also become subject to periodic audits, which would likely increase our regulatory compliance costs and may require us to change our business practices, which could negatively impact our revenue growth. Managing legal proceedings, litigation and audits, even if we achieve favorable outcomes, is time-consuming and diverts the attention of management and our affiliated providers from our business. The results of regulatory proceedings, litigation, claims, and audits cannot be predicted with certainty, and determining reserves for pending litigation and other legal, regulatory and audit matters requires significant judgment. There can be no assurance that our expectations will prove correct, and even if these matters are resolved in our favor or without significant cash settlements, these matters, and the time and resources necessary to litigate or resolve them, could harm our reputation, business, financial condition, results of operations and the market price of our common stock. 25Table of ContentsFurthermore, our business exposes our Network Practices and affiliated providers to potential medical malpractice, professional negligence or other related actions or claims that are inherent in the provision of healthcare services. These claims, with or without merit, could cause us to incur substantial costs, and could place a significant strain on our financial resources, divert the attention of management and our affiliated providers from our core business, harm our reputation and adversely affect our Network Practices’ ability to attract and retain patients, any of which could have a material adverse effect on our business, financial condition and results of operations. Although we maintain professional liability insurance coverage for our Network Practices and affiliated providers, it is possible that claims against them may exceed the coverage limits of our insurance policies. Even if any professional liability loss is covered by an insurance policy, our liability could exceed the limits of our insurance coverage. Professional liability claims in excess of applicable insurance coverage could have a material adverse effect on our collective business, financial condition and results of operations. In addition, any professional liability claim brought against our Network Practices and affiliated providers, with or without merit, could result in an increase of our professional liability insurance premiums. Insurance coverage varies in cost and can be difficult to obtain, in particular insurance coverage relating to cybersecurity, and we cannot guarantee that we will be able to obtain insurance coverage on behalf of our Network Practices and affiliated providers in the future on terms acceptable to us or at all. If costs of insurance and claims increase, then our collective earnings could decline. Some jurisdictions preclude Network Practices from entering into non-compete agreements with physicians, and other non-compete agreements and restrictive covenants applicable to certain physicians and other clinical employees may not be enforceable. Network Practices have employment contracts with physicians and other health professionals in many states. Some of these contracts include provisions preventing these physicians and other health professionals from competing with us both during and after the term of our contract with them. The law governing non-compete agreements and other forms of restrictive covenants varies from state to state. Some jurisdictions prohibit our Network Practices from using non-competition covenants with our professional staff. Other states are reluctant to strictly enforce non-compete agreements and restrictive covenants applicable to physicians and other healthcare professionals. There can be no assurance that our Network Practices’ non-compete agreements related to physicians and other health professionals will be found enforceable if challenged in certain states. In such event, our Network Practices would be unable to prevent physicians and other health professionals formerly employed by our Network Practices from competing with us, potentially resulting in the loss of some of our patients. Current and future acquisitions may use significant resources, may be unsuccessful, and could expose us to unforeseen liabilities. As part of our growth strategy, we may pursue acquisitions of oncology and other physician practices and services. These acquisitions may involve significant cash expenditures, debt incurrence, additional operational losses and expenses, and compliance risks that could have a material adverse effect on our financial condition and results of operations. We may not be able to successfully integrate the acquired businesses into ours and our Network Practices’, and therefore, we may not be able to realize the intended benefits from an acquisition. These acquisitions could result in difficulties integrating acquired operations, technologies, and personnel into our business. Such difficulties may divert significant financial, operational, and managerial resources from our existing operations and make it more difficult to achieve our operating and strategic objectives. We and our Network Practices may fail to retain employees or patients acquired through these acquisitions, which may negatively impact the integration efforts. These acquisitions could also have a negative impact on our results of operations if it is subsequently determined that goodwill or other acquired intangible assets are impaired, thus resulting in an impairment charge in a future period. In addition, these acquisitions involve risks that the acquired businesses will not perform in accordance with expectations; that we may become liable for unforeseen financial or business liabilities of the acquires businesses, including liabilities for failure to comply with applicable healthcare regulations; that the expected synergies associated with acquisitions will not be achieved; and that business judgments concerning the value, strengths and weaknesses of businesses acquired will prove incorrect, which could have a material adverse effect on our financial condition and results of operations. If we are unable to protect the confidentiality of our trade secrets, know-how and other proprietary and internally developed information, the value of our technology could be adversely affected. 26Table of ContentsWe may not be able to protect our trade secrets, know-how and other internally developed information adequately. Although we use reasonable efforts to protect this internally developed information and technology, our employees, consultants and other parties (including independent contractors and companies with which we conduct business) may unintentionally or willfully disclose our information or technology to competitors. Enforcing a claim that a third party illegally disclosed or obtained and is using any of our internally developed information or technology is difficult, expensive and time-consuming, and the outcome is unpredictable. We rely, in part, on non-disclosure, confidentiality and assignment-of-invention agreements with our employees, independent contractors, consultants and companies with which we conduct business to protect our internally developed information. These agreements may not be self-executing, or they may be breached and we may not have adequate remedies for such breach. Moreover, third parties may independently develop similar or equivalent proprietary information or otherwise gain access to our trade secrets, know- how and other internally developed information. Negative publicity regarding the managed healthcare industry generally could adversely affect our results of operations or business. Negative publicity regarding the managed healthcare industry generally may result in increased regulation and legislative review of industry practices that further increase our costs of doing business and adversely affect our results of operations or business by:•requiring us to change our products and services;•increasing the regulatory, including compliance, burdens under which we operate, which, in turn, may negatively impact the manner in which our Network Practices provide services and increase our costs of providing services;•adversely affecting our ability to market our products or services through the imposition of further regulatory restrictions; or•adversely affecting our ability to attract and retain patients.Our managed clinics may be negatively impacted by weather and other factors beyond our control. Our results of operations may be adversely impacted by adverse conditions affecting our managed clinics, including severe weather events such as hurricanes and flooding, natural disasters such as earthquakes and forest fires. In particular, Fort Myers, Florida where our headquarters are located, experienced significant damage in the wake of Hurricane Ian. We may not fully realize Ian’s impact on Fort Myers for some time, and Fort Myers is likely to be adversely impacted by other severe storms and/or hurricanes in the future. Our results of operations may also be adversely impacted by public health concerns such as contagious disease outbreaks, violence or threats of violence or other factors beyond our control that cause disruption of patient scheduling, displacement of patients, employees and care teams, or force certain of our managed clinics to close temporarily. Our future operating results may be adversely affected by these and other factors that disrupt the operation of our managed clinics. Our investments in marketable securities are subject to certain risks which could affect our overall financial condition, results of operations, or cash flows.We invest a portion of our available cash and cash equivalents by purchasing marketable securities in a managed portfolio and direct investments in a variety of debt securities, including corporate debt securities, municipal bonds, and U.S. government and agency debt securities. The primary objective of our investment activity is to maintain the safety of principal, preserve capital and provide for future liquidity requirements while maximizing yields without significantly increasing risk. Should any of our investments or marketable securities lose value or have their liquidity impaired, it could materially affect our overall financial condition. Additionally, should we choose or are required to sell these securities in the future at a loss, our consolidated operating results or cash flows may be materially and adversely affected.Inflation may adversely affect us by materially increasing our costs.Recently, inflation has increased throughout the U.S. economy. Inflation can adversely affect us by materially increasing the costs of drugs and medical supplies, labor, administration and other costs of doing business. We may experience material increases in the cost of labor due to a nationwide shortage of nurses and other clinical staff. In an inflationary environment, cost increases may materially outpace our expectations, causing us to use our cash and other liquid assets faster than forecasted. Our ability to pass on increased costs associated with providing healthcare to Medicare and Medicaid patients is limited due to various federal, state and local laws which have been enacted that, in certain cases, limit our ability to increase prices. If this happens, we may need to raise additional capital to fund our operations, which 27Table of Contentsmay not be available in sufficient amounts or on reasonable terms, if at all, sooner than expected. The Company minimizes the impacts of inflation by maintaining strong relationships with its suppliers and renegotiating payor contracts where possibleRisks Related to Our Regulatory Environment We are dependent on our relationships with our Network Practices to provide healthcare services, and our business would be harmed if those relationships were disrupted or if our arrangements with our Network Practices become subject to legal challenges. Our contractual relationships with our Network Practices may implicate certain state laws that generally prohibit non-professional entities from providing licensed medical services or exercising control over licensed physicians or other healthcare professionals (such activities generally referred to as the “corporate practice of medicine”) or engaging in certain practices such as fee-splitting with such licensed professionals. The interpretation and enforcement of these laws vary significantly from state to state. Regulatory authorities, state boards of medicine, state attorneys general and other parties may assert that, despite the agreements through which we operate, we are engaged in the provision of medical services and/or that our arrangements with our Network Practices constitute unlawful fee-splitting. If a jurisdiction’s prohibition on the corporate practice of medicine or fee-splitting is interpreted in a manner that is inconsistent with our practices, we would be required to restructure or terminate our arrangements with our Network Practices to bring our activities into compliance with such laws. A determination of non-compliance, or the termination of or failure to successfully restructure these relationships could result in disciplinary action, penalties, damages, fines, and/or a loss of revenue, any of which could have a material and adverse effect on our business, financial condition and results of operations. State corporate practice of medicine and fee-splitting prohibitions also often impose penalties on healthcare professionals for aiding in the improper rendering of professional services, which could discourage physicians and other healthcare professionals with whom we contract from providing clinical services. Our managed clinics and our Network Practices providing professional services at such clinics may become subject to medical liability claims, which could have a material adverse impact on our business. Our business entails the risk of medical liability claims against us, our Network Practices and their clinicians. Although we, our Network Practices and their clinicians carry insurance covering medical malpractice claims in amounts that we believe are appropriate in light of the risks attendant to our business, successful medical liability claims could result in substantial damage awards that exceed the limits of our and our clinicians’ insurance coverage, and/or plaintiffs in these matters may request punitive or other damages that may not be covered by insurance. In addition, professional liability insurance is expensive and insurance premiums may increase significantly in the future, particularly as we expand our services. As a result, adequate professional liability insurance may not be available to our clinicians, our affiliated practices or to us in the future at acceptable costs or at all. Any claims made against us or our Network Practices that are not fully covered by insurance could be costly to defend, result in substantial damage awards against us and divert the attention of our management and our Network Practices from our operations, which could have a material adverse effect on our business, financial condition and results of operations. In addition, any claims may adversely affect our business or reputation. If there is a change in accounting standards by the Financial Accounting Standards Board (“FASB”) or the interpretation thereof affecting consolidation of entities, it could have a material adverse effect on our consolidation of total revenues derived from our Network Practices. Our financial statements are consolidated in accordance with applicable accounting standards and include the accounts of our Network Practices, which we manage under long-term management services agreements but are not owned by us. Such consolidation for accounting and/or tax purposes does not, is not intended to, and should not be deemed to, imply or provide us any control over the medical decisions of our Network Practices. In the event a change in accounting standards promulgated by the FASB or in interpretation of its standards, we may not be permitted to continue to consolidate the total revenues of such practices which would negatively affect the market price of our common stock.28Table of ContentsOur managed clinics and our Network Practices may be subject to third-party payor audits, which, if adversely determined against us or our Network Practices, may have a material effect on our results of operations and financial condition. As a result of our Network Practices’ participation in the Medicare and Medicaid programs, our managed clinics and our Network Practices are subject to various governmental inspections, reviews, audits and investigations to verify our compliance with these programs and applicable laws and regulations. Payors may also reserve the right to conduct audits. We also periodically conduct internal audits and reviews of our regulatory compliance. An adverse inspection, review, audit or investigation could result in: •refunding amounts we have been paid pursuant to the Medicare or Medicaid programs or from payors;•state or federal agencies imposing fines, penalties and other sanctions on us;•temporary suspension of payment for new patients to the facility or agency;•decertification or exclusion from participation in the Medicare or Medicaid programs or one or more payor networks;•self-disclosure of violations to applicable regulatory authorities;•damage to our reputation;•the revocation of a facility’s or agency’s license; and•loss of certain rights under, or termination of, our contracts with payors.If adverse inspections, reviews, audits or investigations occur and any of the results noted above occur, it could have a material adverse effect on our business and operating results. Furthermore, the legal, document production and other costs associated with complying with these inspections, reviews, audits or investigations could be significant.We are subject to extensive fraud, waste, and abuse laws that may give rise to federal and state audits, investigations, lawsuits and claims against us, the outcome of which may have a material adverse effect on our business, financial condition, cash flows, or results of operations. The U.S. healthcare industry is heavily regulated and closely scrutinized by federal, state and local governments. Comprehensive statutes and regulations govern the manner in which we provide and bill for services and collect reimbursement from governmental programs and private payors, our contractual relationships and arrangements with healthcare providers and vendors, our marketing activities and other aspects of our operations. Of particular importance are: •the federal Anti-Kickback Statute, or AKS, which prohibits the knowing and willful offer, payment, solicitation or receipt of any bribe, kickback, rebate or other remuneration for referring an individual, in return for ordering, leasing, purchasing or recommending or arranging for or to induce the referral of an individual or the ordering, purchasing or leasing of items or services covered, in whole or in part, by any federal healthcare program, such as Medicare and Medicaid. A person or entity does not need to have actual knowledge of the statute or specific intent to violate it to have committed a violation;•the federal physician self-referral law, the Stark Law, which, subject to limited exceptions, prohibits physicians from referring Medicare or Medicaid patients to an entity for the provision of certain designated health services, or DHS, if the physician or a member of such physician’s immediate family has a direct or indirect financial relationship (including an ownership interest or a compensation arrangement) with the entity, and prohibits the entity from billing Medicare or Medicaid for such DHS;•the federal False Claims Act, or FCA, which imposes civil and criminal liability on individuals or entities that knowingly submit false or fraudulent claims for payment to the government or knowingly make, or cause to be made, a false statement in order to have a false claim paid, including qui tam or whistleblower suits. There are many potential bases for liability under the FCA. The government has used the FCA to prosecute Medicare and other government healthcare program fraud such as coding errors, billing for services not provided, and providing care that is not medically necessary or that is substandard in quality. We may also be subject to civil monetary penalties and other sanctions under the statute if we or our Network Practices hire or contract with any individuals or entities that are or become excluded from government healthcare programs, for the provision of items or services for which payment may be made under such programs;•the criminal healthcare fraud provisions of HIPAA and related rules that prohibit knowingly and willfully executing a scheme or artifice to defraud any healthcare benefit program or falsifying, concealing or covering up a material fact or making any material false, fictitious or fraudulent statement in connection with the delivery of or payment for healthcare benefits, items or services. Similar to the AKS, a person or entity does not need to have actual knowledge of the statute or specific intent to violate it to have committed a violation;•reassignment of payment rules that prohibit certain types of billing and collection practices in connection with claims payable by the Medicare or Medicaid programs;•similar state law provisions pertaining to anti-kickback, self-referral and false claims issues, some of which may apply to items or services reimbursed by any payor, including patients and commercial insurers;•laws that regulate debt collection practices;•a provision of the Social Security Act that imposes criminal penalties on healthcare providers who fail to disclose, or refund known overpayments;•federal and state laws that prohibit providers from billing and receiving payment from Medicare and Medicaid for services unless the services are medically necessary, adequately and accurately documented, and billed using codes that accurately reflect the type and level of services rendered;•federal and state laws and policies that require healthcare providers to maintain licensure, certification or accreditation to enroll and participate in the Medicare and Medicaid programs, to report certain changes in their operations to the agencies that administer these programs and, in some cases, to re-enroll in these programs when changes in direct or indirect ownership occur;•federal and state laws pertaining to the provision of services by nurse practitioners and physician assistants in certain settings, physician supervision of those services, and reimbursement requirements that depend on the types of services provided and documented and relationships between physician supervisors and nurse practitioners and physician assistants; and•Medicare and Medicaid regulations, manual provisions, local coverage determinations, national coverage determinations and agency guidance imposing complex and extensive requirements upon healthcare providers.The laws and regulations in these areas are complex, changing and often subject to varying interpretations. If we or our Network Practices’ operations are found to be in violation of any of such laws or any other governmental regulations that apply, we may be subject to significant penalties, including, without limitation, administrative, civil and criminal penalties, damages, fines, disgorgement, the curtailment or restructuring of operations, integrity oversight and reporting obligations, exclusion from participation in federal and state healthcare programs and imprisonment. In addition, any action against us or our Network Practices for violation of these laws or regulations, even if successfully defended against, could cause us to incur significant legal expenses, divert our management’s attention from the operation of our business and result in adverse publicity, or otherwise experience a material adverse impact on our business, results of operations, financial condition, cashflows, reputation as a result. If any of our managed clinics or Network Practices lose their regulatory licenses, permits and/or accreditation status, or become ineligible to receive reimbursement under Medicare or Medicaid or other third-party Payors, there may be a material adverse effect on our business, financial condition, cash flows, or results of operations. The operations of our managed clinics through our Network Practices are subject to extensive federal, state and local regulation relating to, among other things, the adequacy of medical care, equipment, personnel, operating policies and procedures, dispensing of prescription drugs, fire prevention, rate-setting and compliance with building codes and 30Table of Contentsenvironmental protection. Our managed clinics and Network Practices are also subject to extensive laws and regulation relating to facility and professional licensure, conduct of operations, including financial relationships among healthcare providers, Medicare and Medicaid fraud and abuse and physician self-referrals, and maintaining updates to our Network Practices’ enrollment in the Medicare and Medicaid programs, including addition of new clinic locations, providers and other enrollment information. Our managed clinics and Network Practices are subject to periodic inspection by licensing authorities and accreditation organizations to assure their continued compliance with these various standards. There can be no assurance that these regulatory authorities will determine that all applicable requirements are fully met at any given time. Should any of our managed clinics or Network Practices be found to be noncompliant with these requirements, we or our Network Practices could be assessed fines and penalties, could be required to refund reimbursement amounts or could lose our licensure or Medicare and/or Medicaid certification or accreditation so that we or our Network Practices are unable to receive reimbursement from such programs and possibly from other third-party payors, any of which could materially adversely affect our business, financial condition, cash flows or results of operations. If we or our Network Practices fail to comply with applicable data interoperability and information blocking rules, our consolidated results of operations could be adversely affected. The 21st Century Cures Act (the “Cures Act”), which was signed into law in December 2016, includes provisions related to data interoperability, information blocking and patient access. In May 2020, the HHS Office of the National Coordinator for Health Information Technology, or ONC, and CMS published the Cures Act final rule, which was intended to clarify provisions of the Cures Act regarding interoperability and information blocking, and include, among other things, requirements surrounding information blocking, changes to ONC’s health IT certification program and requirements that CMS-regulated payors make relevant claims/care data and provider directory information available through standardized patient access and provider directory application programming interfaces, or APIs, that connect to provider electronic health record systems, or EHRs. The final rule will transform the way in which healthcare providers, health IT developers, health information exchanges/health information networks, or HIEs/HINs, and health plans share patient information, and create significant requirements for healthcare industry participants. For example, the final rule, which went into effect on April 5, 2021, prohibits healthcare providers, health IT developers of certified health IT, and HIEs/HINs from engaging in practices that are likely to interfere with, prevent, materially discourage, or otherwise inhibit the access, exchange or use of electronic health information, or EHI, also known as “information blocking.” To further support access and exchange of EHI, the final rule identifies eight “reasonable and necessary activities” as exceptions to information blocking activities, as long as specific conditions are met. Any failure to comply with these rules could have a material adverse effect on our business, results of operations and financial condition. Actual or perceived failures to comply with applicable data protection, privacy and security, advertising and consumer protection laws, regulations, standards and other requirements could adversely affect our business, financial condition and results of operations. We and our Network Practices collect, receive, generate, use, process, and store significant and increasing volumes of sensitive information, such as employee, individually identifiable health information and other personally identifiable information. We and our Network Practices are subject to a variety of federal and state laws and regulations, as well as contractual obligations, relating to the collection, use, storage, retention, security, disclosure, transfer, return, destruction and other processing of personal information, including health-related information. Enforcement actions and consequences for noncompliance with such laws, directives and regulations are rising, and the regulatory framework for privacy, data protection and data transfers is complex and rapidly evolving and is likely to remain uncertain for the foreseeable future. In the United States, numerous such federal and state laws and regulations, including data breach notification laws, health information privacy laws, and consumer protection laws and regulations, including those that govern the collection, use, disclosure, and protection of health-related and other personal information, could apply to our operations or the operations of our Network Practices. For example, the Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health Act of 2009, and regulations implemented thereunder, which we refer to collectively as HIPAA, imposes privacy, security and breach notification obligations on certain health care providers, health plans, and health care clearinghouses, known as covered entities, as well as business associates that perform certain services that involve creating, receiving, maintaining or transmitting individually identifiable health information for or on behalf of such covered entities. HIPAA requires covered entities, such as our Network Practices, and business associates, such as us, to develop and maintain policies with respect to the protection of, use and disclosure of protected health information, or PHI, including the adoption of administrative, physical and technical safeguards to protect such information, and certain notification requirements in the event of a data breach. 31Table of ContentsEntities that are found to be in violation of HIPAA as the result of a breach of unsecured PHI, a complaint about privacy practices or an audit by HHS, may be subject to significant civil, criminal and administrative fines and penalties and/or additional reporting and oversight obligations if required to enter into a resolution agreement and corrective action plan with HHS to settle allegations of HIPAA non-compliance. HIPAA also authorizes state Attorneys General to file suit on behalf of their residents. Courts may award damages, costs and attorneys’ fees related to violations of HIPAA in such cases. While HIPAA does not create a private right of action allowing individuals to sue us in civil court for violations of HIPAA, its standards have been used as the basis for duty of care in state civil suits such as those for negligence or recklessness in the misuse or breach of PHI. Enforcement actions by HHS or state Attorneys General could result in significant financial liability and reputational harm, in addition to depleting financial resources. Numerous other state and federal laws, including consumer protection laws and regulations, govern the collection, dissemination, use, access to, confidentiality, security and processing of personal information, including health-related information, some of which are more stringent than HIPAA and many of which differ from each other in significant ways and may not have the same effect, thus complicating compliance efforts. In addition, these laws and regulations in many cases are more restrictive than, and may not be preempted by, HIPAA and may be subject to varying interpretations by courts and government agencies. Laws in all 50 states and other United States territories have been enacted that may require businesses to provide notice to regulators or to individuals whose personal information has been accessed without authorization or disclosed as a result of a data breach. Such laws are not always consistent, and compliance in the event of a widespread data breach is costly and may be challenging. We also may be contractually required to comply with various requirements relating to privacy and security of personal information and to provide notice or take other actions in connection with a data breach, and failures to comply with such contractual requirements could result in potential contractual liability. States are also constantly amending existing laws, requiring attention to frequently changing requirements, and we expect these changes to continue. For example, in June 2018, California enacted the California Consumer Privacy Act, or the CCPA, which became effective on January 1, 2020, and, among other things, requires covered companies to provide disclosures to California consumers, and affords such consumers certain data protection rights, including the ability to opt-out of certain sales of personal information. The CCPA provides for civil penalties for violations, as well as a private right of action for certain data breaches that result in the loss of personal information that may increase data breach litigation. While the CCPA includes certain exceptions for health-related information, including PHI, it still may require us to modify our data practices and policies and to incur substantial costs and expenses in an effort to comply. Further, the California Privacy Rights Act, or CPRA, recently passed in California. The CPRA will impose additional data protection obligations on covered businesses, including additional consumer rights processes, limitations on data uses, new audit requirements for higher risk data, and opt outs for certain uses of sensitive data. It will also create a new California data protection agency authorized to issue substantive regulations and could result in increased privacy and information security enforcement. The majority of the provisions went into effect on January 1, 2023, and additional compliance investment and potential business process changes may be required. As required by certain laws, we publicly post documentation regarding our privacy practices concerning the collection, processing, use and disclosure of certain data. The publication of our privacy policy and other documentation that provide promises and assurances about privacy and security can subject us to potential state and federal action if they are found to be deceptive, unfair, or misrepresentative of our actual practices. In addition, although we endeavor to comply with our published policies and documentation, individuals could allege we have failed to do so, or we may at times actually fail to do so despite our efforts. Any failure by us, our third-party service providers or other parties with whom we do business to comply with this documentation or with laws or regulations applicable to our business could result in proceedings against us by governmental entities or others. Our failure to take any steps perceived by the FTC as appropriate to protect consumers’ personal information may result in claims by the FTC that we have engaged in unfair or deceptive acts or practices in violation of Section 5(a) of the FTC Act. State consumer protection laws provide similar causes of action for unfair or deceptive practices for alleged privacy, data protection and data security violations. 32Table of ContentsIn addition to government regulation, privacy advocates and industry groups may propose self- regulatory standards from time to time. These and other industry standards may legally or contractually apply to us, or we may elect to comply with such standards or to facilitate our customers’ compliance with such standards. We expect that there will continue to be new proposed laws and regulations concerning privacy, data protection, and information security, and we cannot yet determine the impact such future laws, regulations, and standards may have on our business. New laws, amendments to or re-interpretations of existing laws and regulations, industry standards, contractual and other obligations may require us to incur additional costs and restrict our business operations. Because the interpretation and application of laws, standards, contractual and other obligations relating to privacy and data protection are still uncertain and changing, it is possible that these laws, standards, contractual and other obligations may be interpreted and applied in a manner that is inconsistent with our data management practices, our privacy, data protection or data security policies or procedures or the features of our technology. If so, in addition to the possibility of fines, lawsuits, regulatory investigations, imprisonment of company officials and public censure, other claims and penalties, significant costs for remediation and damage to our reputation, we could be required to fundamentally change our business activities and practices or modify our technology, any of which could adversely affect our business. We may be unable to make such changes or modifications in a commercially reasonable manner, or at all, and our ability to develop new software or provide new services could be limited. Any inability to adequately address privacy, data protection or information security-related concerns, even if such concerns are unfounded, or to successfully negotiate privacy, data protection or information security- related contractual terms with customers, or to comply with applicable laws and regulations, or our policies relating to privacy, data protection, and information security, could result in additional cost and liability to us, harm our reputation and brand, and adversely affect our business, financial condition and results of operations. We and our Network Practices are subject to federal, state and local laws and regulations that govern our business. These include regulations of our employment practices, including minimum wage, living wage, and paid time-off requirements, permitting and licensing, employee health and safety and the storage, treatment and disposal of waste. Failure to comply with these laws and regulations, or changes to these laws and regulations that increase our expenses, could adversely impact our operations. We and our Network Practices are required to comply with all applicable federal, state and local laws and regulations related to the operation of our business. These regulations include regulations governing our Network Practices’ dispensary services, the construction, the use of our managed clinics and the treatment of hazardous waste or drug products. Changes in regulations or new regulations could increase our costs, cause our Network Practices to lose licenses or accreditations or otherwise harm our business or the business of our Network Practices. We and our Network Practices are required to comply with all applicable federal, state and local laws and regulations relating to employment, including occupational safety and health requirements, wage and hour and other compensation requirements, employee benefits, providing leave and sick pay, employment insurance, proper classification of workers as employees or independent contractors, immigration and equal employment opportunity laws. These laws and regulations can vary significantly among jurisdictions and can be highly technical. Costs and expenses related to these requirements are a significant operating expense and may increase as a result of, among other things, changes in federal, state or local laws or regulations, or the interpretation thereof, requiring employers to provide specified benefits or rights to employees, increases in the minimum wage and local living wage ordinances, increases in the level of existing benefits or the lengthening of periods for which unemployment benefits are available. We may not be able to offset any increased costs and expenses. Furthermore, any failure to comply with these laws requirements, including even a seemingly minor infraction, can result in significant penalties which could harm our reputation and have a material adverse effect on our business. Future changes to applicable tax laws and regulations and/or their interpretation may have an adverse effect on our business, financial condition and results of operations. Tax rules and regulations are subject to interpretation and require judgment by us that may be successfully challenged by the applicable taxation authorities upon audit, which could result in additional tax liabilities. Changes in tax laws or their interpretation could decrease the amount of revenues we receive, the value of any tax loss carry-forwards and tax credits recorded on our balance sheet and the amount of our cash flow, and adversely affect our business, financial condition or results of operations. In addition, other factors or events, including business combinations and investment transactions, changes in the valuation of our deferred tax assets and liabilities, adjustments to taxes upon finalization of various tax returns or as a result of deficiencies asserted by taxing authorities, increases in expenses not 33Table of Contentsdeductible for tax purposes, changes in available tax credits, other changes in the apportionment of our income, and changes in tax rates, could also increase our future effective tax rate. In addition, our effective tax rate and tax liability are based on the application of current income tax laws, regulations and treaties. These laws, regulations and treaties are complex, and the manner which they apply to us and our diverse set of business arrangements is often open to interpretation, and can require us to take positions regarding the interpretation of applicable rules or the valuation of our assets that are subject to material uncertainty. Significant management judgment is required in determining our provision for taxes, our deferred tax assets and liabilities and any valuation allowance recorded against our net deferred tax assets. The proper tax treatment or characterization of the transactions we undertake is often subject to significant uncertainty, and the resolution of any related issues could affect the withholding tax liabilities to which we are subject or the tax deductions that we are able to claim. The tax authorities could challenge our interpretation of laws, regulations and treaties or the positions that we have taken regarding the valuation of our assets, resulting in additional tax liability or adjustment to our income tax provision. Our tax filings are subject to review or audit by various taxing authorities. As discussed above, we exercise significant judgment in determining our provision for taxes and, in the ordinary course of our business, there may be transactions and calculations where the proper tax treatment is uncertain. We may also be liable for taxes in connection with businesses we acquire. Our determinations are not binding on the IRS or any other taxing authorities, and accordingly the final determination in an audit or other proceeding may be materially different than the treatment reflected in our tax provisions, accruals and returns. An assessment of additional taxes because of an audit could have a material adverse effect on our business, financial condition, results of operations and cash flows. New income, sales, use or other tax laws, statutes, rules, regulations or ordinances could be enacted at any time, or interpreted, changed, modified or applied adversely to us, any of which could adversely affect our business operations and financial performance. We are unable to predict what changes will occur and, if so, the ultimate impact on its business. To the extent that such changes have a negative impact on us, they may materially and adversely impact its business, financial condition, results of operations and cash flows. Risks Related to Operating as a Public Company The requirements of being a public company, including maintaining adequate internal control over our financial and management systems, may strain our resources, divert management’s attention, make us incur increased costs, and affect our ability to attract and retain executive management and qualified board members. As a public company we will incur significant legal, accounting, and other expenses that we did not incur as a private company. We are subject to reporting requirements of the Exchange Act, the Sarbanes-Oxley Act, the rules subsequently implemented by the SEC, the rules and regulations of the listing standards of Nasdaq and other applicable securities rules and regulations. Stockholder activism, the current political and social environment, and the current high level of government intervention and regulatory reform may lead to substantial new regulations and disclosure obligations, which will likely result in additional compliance costs and could impact the manner in which we operate our business in ways we cannot currently anticipate. Our management team has limited experience managing a publicly traded company, interacting with public company investors, and complying with the increasingly complex laws pertaining to public companies. Our management team may not successfully or efficiently manage our transition to being a public company subject to significant regulatory oversight and reporting obligations under the federal securities laws and the continuous scrutiny of securities analysts and investors. These new obligations and constituents will require significant attention from our senior management and could divert their attention away from the day-to-day management of our business, which could adversely affect our business, financial condition and results of operations. Although we have already hired additional employees to assist us in complying with these requirements, our finance team is small and we may need to hire more employees in the future, or engage outside consultants, which will increase our operating expenses. We also expect that being a public company and complying with applicable rules and regulations will make it more expensive for us to obtain director and officer liability insurance, and we may be required to incur substantially higher costs to obtain and maintain the same or similar coverage. These factors could also make it more difficult for us to attract and retain qualified members of our board of directors and qualified executive officers. Compliance with these rules and regulations may strain our financial and management systems, internal controls, and employees. The Exchange Act requires, among other things, that we file annual, quarterly, and current reports with respect 34Table of Contentsto our business and operating results. Moreover, the Sarbanes-Oxley Act requires, among other things, that we maintain effective disclosure controls and procedures, and internal control, over financial reporting. In order to maintain and, if required, improve our disclosure controls and procedures, and internal control over, financial reporting to meet this standard, significant resources and management oversight may be required. If we encounter additional material weaknesses or deficiencies in our internal control over financial reporting, we may not detect errors on a timely basis and our consolidated financial statements may be materially misstated. Effective internal control is necessary for us to produce reliable financial reports and is important to prevent fraud. As a public company listed in the United States, we will incur significant additional legal, accounting and other costs. These additional costs could negatively affect our financial results. In addition, changing laws, regulations and standards relating to corporate governance and public disclosure, including regulations implemented by the SEC and Nasdaq, may increase legal and financial compliance costs and make some activities more time- consuming. These laws, regulations and standards are subject to varying interpretations and, as a result, their application in practice may evolve over time as new guidance is provided by regulatory and governing bodies. We intend to invest resources to comply with evolving laws, regulations and standards, and this investment may result in increased general and administrative expenses and a diversion of management’s time and attention from revenue-generating activities to compliance activities. If, notwithstanding our efforts to comply with new laws, regulations and standards, we fail to comply, regulatory authorities may initiate legal proceedings against us and our business may be harmed. Due to our annual gross revenues exceeding $1.235 billion in 2023, we lost our eligibility to qualify as an emerging growth company.

Although we lost our eligibility to qualify as an emerging growth company, our independent registered public accounting firm will not be required to formally attest to the effectiveness of our internal control over financial reporting in this Annual Report on Form 10-K because we are exempt from such requirement as a non-accelerated filer.

If we lose our eligibility to qualify as a non-accelerated filer as of the next measurement date of June 30, 2024, we expect that, for the annual report on Form 10-K for the fiscal year ending December 31, 2024, our independent registered public accounting firm will be required to formally attest to the effectiveness of our internal control over financial reporting. As a result, we expect to incur significant expenses and devote substantial management effort toward ensuring compliance with the auditor attestation requirements of Section 404 of the Sarbanes-Oxley Act. Despite our efforts, there is a risk that we will not be able to conclude, within the prescribed timeframe or at all, that our internal control over financial reporting is effective as required by Section 404. As a result, the market price of our common stock could be negatively affected, and we could become subject to investigations by Nasdaq, the SEC or other regulatory authorities, which could require additional financial and management resources. Failure to comply with these rules might also make it more difficult for us to obtain some types of insurance, including director and officer liability insurance, and we might be forced to accept reduced policy limits and coverage or incur substantially higher costs to obtain the same or similar coverage. The impact of these events could also make it more difficult for us to attract and retain qualified persons to serve on our board of directors, on committees of our board of directors or as members of senior management. The trading price of our Class A Common Stock may be volatile, and purchasers of our Class A Common Stock could incur substantial losses. The trading price of our Class A Common Stock may be volatile. The stock market in general has experienced extreme volatility that has often been unrelated to the operating performance of particular companies. As a result of this volatility, investors may not be able to sell their common stock at or above the price paid for the shares. The market price for our Class A Common Stock may be influenced by many factors, including: •actual or anticipated variations in our operating results;•changes in financial estimates by us or by any securities analysts who might cover our shares;•conditions or trends in our industry;•changes as a result of the COVID-19 pandemic, international hostilities or similar macroeconomic events;•unfavorable general economic conditions, such as a recession or economic slowdown;•stock market price and volume fluctuations of comparable companies;•announcements by us or our competitors of new product or service offerings, significant acquisitions, strategic partnerships, or divestitures;35Table of Contents•announcements of investigations or regulatory scrutiny of our operations or lawsuits filed against us;•capital commitments;•investors’ general perception of us and our business;•recruitment or departure of key personnel; and•sales of our common stock, including sales by our directors and officers or specific stockholders.In addition, in the past, stockholders have initiated class action lawsuits following periods of volatility in the market prices of these companies’ stock. Such litigation, if instituted against us, could cause us to incur substantial costs and divert management’s attention and resources from our business. Anti-takeover provisions in our organizational documents could delay or prevent a change of control. Certain provisions of our Charter and Bylaws contain an anti-takeover effect and may delay, defer or prevent a merger, acquisition, tender offer, takeover attempt or other change of control transaction that a stockholder might consider in its best interest, including those attempts that might result in a premium over the market price for the shares held by our stockholders. These provisions provide for, among other things: •the division of our Board into three classes of directors, with each class serving a staggered three year term;•there is no cumulative voting with respect to the election of our Board;•the ability of our Board to issue one or more series of preferred stock;•advance notice for nominations of directors by stockholders and for stockholders to include matters to be considered at our annual meetings;•limiting the ability of stockholders to call special stockholder meetings;•limiting the ability of stockholders to act by written consent;•the ability of our Board to exclusively fill a vacancy created by the expansion of our Board or the resignation, death or removal of a director in certain circumstances;•providing that our Board is expressly authorized to adopt, amend, alter or repeal our bylaws;•providing that stockholders may amend the bylaws only by the affirmative vote of at least 66.7% of the voting power of all then outstanding shares of capital stock of AON entitled to vote generally in the election of directors, voting together as a single class; and•AON is subject to the provisions of Section 203 of Delaware General Corporation Law (“DGCL”).These anti-takeover provisions could make it more difficult for a third party to acquire us, even if the third party’s offer may be considered beneficial by many of our stockholders. These provisions could also discourage proxy contests and make it more difficult for you and other stockholders to elect directors of your choosing and to cause us to take other corporate actions you desire. See “Description of Securities.” Our Charter designates the Court of Chancery of the State of Delaware as the sole and exclusive forum for certain types of actions and proceedings that may be initiated by our stockholders, which could limit our stockholders’ ability to obtain a favorable judicial forum for disputes with us or our directors, officers, employees or stockholders. Our charter will also provide that, to the fullest extent permitted by law, the federal district courts of the United States will be the exclusive forum for resolving any complaint asserting a cause of action arising under the Securities Act. This exclusive forum provision will not apply to claims under the Exchange Act, but will apply to actions arising under the Securities Act. Accordingly, there is uncertainty as to whether a court would enforce such a forum selection provision as written in connection with claims arising under the Securities Act, and investors cannot waive compliance with the federal securities laws and the rules and regulations thereunder. If a court were to find these provisions of the Charter inapplicable to, or unenforceable in respect of, one or more of the specified types of actions or proceedings, we may incur additional costs associated with resolving such matters in other jurisdictions, which could adversely affect our business and financial condition. Risks Relating to Our Common Stock and Warrants We were obligated to register for resale a substantial amount of our securities in the public market (including the shares of Class A Common Stock issuable upon exercise of our warrants, conversion of our Class B Common Stock, or conversion of our Series A Preferred Stock), and the future resale of such securities or the perception that such sales may occur, may cause the market price of our securities to decline significantly. We were obligated to register for resale a substantial amount of our securities in the public market and such securities represent approximately 536% of total AON Class A Common Stock outstanding as of March 26, 2024. The amount of Class A Common Stock offered for resale exceeds the number of shares of Class A Common Stock currently outstanding because a significant portion of the shares of Class A Common Stock registered and offered for resale is not currently outstanding and are issuable upon the exercise of warrants, conversion of our Class B Common Stock, or conversion of our Series A Preferred Stock. The sale of these securities in the public market, or the perception that holders of a large number of securities intend to sell their securities, could reduce the market price of our Class A Common Stock and public warrants. As of March 20, 2024, lock-up restrictions with respect to the AON LLC equity stockholders for whom 28,109,796 shares are registered for resale, have expired, and AON LLC equity holders may convert their AON LLC common units and Class B Common Stock for up to an aggregate of 28,109,796 shares of Class A Common Stock. Furthermore, the Sponsors and its permitted transferees for whom 14,450,833 shares are registered for resale, are currently prohibited from transferring its shares of Class A Common Stock for a period of 12 months following the Closing Date. The market price of our Class A Common Stock could decline if the holders of our Class A Common Stock sell such shares or are perceived by the market as intending to sell them. Certain existing stockholders purchased our shares at a price below the current trading price of such shares, and may experience a positive rate of return based on the current trading price. Other investors and stockholders may not experience a similar rate of return. The Sponsor paid the nominal price of $0.003 per share for the shares of Class A Common Stock held by it and $1.50 per private placement warrant as of March 12, 2021. The shares held by the Sponsor and its permitted transferees (including 2,839,375 Earnout Shares, which are subject to vesting) represent approximately 87% of the total outstanding shares of the Company’s Class A Common Stock. If the Sponsor exercised its 6,113,333 private placement warrants, the Sponsor would own an aggregate of 14,450,833 shares of our Class A Common Stock, or approximately 92% of our outstanding Class A Common Stock. As a result of these nominal prices compared with the market prices of our Class A Common Stock and public warrants, which as of March 26, 2024, were $5.97 per share and $0.39 per warrant, respectively, the Sponsor is likely to earn a positive return on its investment even if other holders of shares of Class A Common Stock, including our public stockholders, experience a negative return on their investment in the Company’s securities. Based on the closing price as of March 26, 2024 of $5.97 per share, the Sponsor and its permitted transferees could earn a profit of $49.8 million (assuming full vesting of the Earnout Shares). Based on the closing price of $0.39 per warrant, the Sponsor and its permitted transferees will not earn a profit on the sale of the private placement warrants, but if the trading price of the warrant exceeds the $1.50 price that the Sponsor paid for the private placement warrants, the Sponsors and its permitted transferees may realize a profit. As a result, the market price of our Class A Common Stock may be depressed because the Sponsor paid approximately $0. The Sponsor and its permitted transferees may be incentivized to sell its securities when others are not. Other stockholders and investors may not experience a similar rate of return. Because we do not anticipate paying any cash dividends in the foreseeable future, capital appreciation, if any, would be your sole source of gain.37Table of ContentsWe currently anticipate that we will retain future earnings for the development, operation and expansion of our business and do not anticipate declaring or paying any cash dividends for the foreseeable future. As a result, capital appreciation, if any, of Class A Common Stock would be your sole source of gain on an investment in such shares for the foreseeable future.A market for our securities may not continue, which would adversely affect the liquidity and price of its securities.The price of our securities may continue to fluctuate significantly. An active trading market for our securities may never develop or, if developed, it may not be sustained. In addition, the price of our securities can vary due to general economic conditions and forecasts, our general business condition and the release of our financial reports. Additionally, if our securities are not listed on, or become delisted from Nasdaq for any reason, and are quoted on the OTC Bulletin Board, an inter-dealer automated quotation system for equity securities that is not a national securities exchange, the liquidity and price of our securities may be more limited than if we were quoted or listed on Nasdaq or another national securities exchange. You may be unable to sell your securities unless a market can be established or sustained.Currently, Class A Common Stock and public warrants are listed on Nasdaq under the symbols “AONC” and “AONCW.” In order to continue the list of these securities on Nasdaq, we are required to maintain certain financial, distribution and stock price levels. Generally, we are required to maintain a public float of $500,000, a minimum market capitalization of $1,000,000 and a minimum number of holders of our securities (generally 300 round lot stockholders).The National Securities Markets Improvement Act of 1996, which is a federal statute, prevents or preempts the states from regulating the sale of certain securities, which are referred to as “covered securities.” Since Class A Common Stock and public warrants are listed on Nasdaq, they are covered securities. Our warrants may never be in the money, and they may expire worthless.The exercise price for our public warrants is $11.50 per share, and the exercise price for our private placement warrants is $11.50 per share (each as subject to adjustment as described herein), which exceeds the market price of Class A Common Stock, which was $5.97 per share based on the closing price of Class A Common Stock on Nasdaq on March 26, 2024. If all of our public warrants were exercised in full for cash, we would receive an aggregate of approximately $95.9 million. If all of our public warrants and private placement warrants were exercised in full for cash, we would receive an aggregate of approximately $166.2 million. We do not expect warrant holders to exercise their warrants and, therefore, we do not expect to receive cash proceeds from any such exercise, for so long as the warrants remain out-of-the money. There can be no assurance that the public warrants will ever be in the money prior to their expiration and, as such, the warrants may expire worthless.We may redeem outstanding warrants (excluding any private placement warrants held by the Sponsor or its permitted transferees) at any time after they become exercisable and prior to their expiration, at $0.01 per warrant, provided that the 38Table of Contentslast reported sales price (or the closing bid price of Class A Common Stock in the event Class A Common Stock is not traded on any specific trading day) of Class A Common Stock equals or exceeds $18.00 per-share for any 20 trading days within a 30 trading-day period ending on the third business day prior to the date we send proper notice of such redemption, provided that on the date we give notice of redemption and during the entire period thereafter until the time we redeem the warrants, there is an effective registration statement under the Securities Act covering the shares of Class A Common Stock issuable upon exercise of the warrants and a current prospectus relating to them is available. We also have the ability to redeem outstanding warrants (excluding any private placement warrants held by the Sponsor or its permitted transferees) at any time after they become exercisable and prior to their expiration, at $0.10; provided that (i) the last reported sales price of the Class A Common Stock equals or exceeds $10.00 per share, the Private Placement Warrants are also concurrently exchanged at the same price (equal to a number of shares of Class A Common Stock) as the outstanding Public Warrants; provided that on the date AON gives notice of redemption and during the entire period thereafter until the time AON redeems the warrants, AON has an effective registration statement under the Securities Act covering the shares of Class A Common Stock issuable upon exercise of the warrants and a current prospectus relating to them is available. If and when the warrants become redeemable by us, we may exercise our redemption right even if we are unable to register or qualify the underlying securities for sale under all applicable state securities laws.Warrants to purchase AON Class A Common Stock are exercisable, which could increase the number of shares eligible for future resale in the public market and result in dilution to its stockholders. We have 8,337,500 public warrants and 6,113,333 private placement warrants outstanding, all of which are currently exercisable. Each public warrant entitles its holder to purchase one share of Common Stock at an exercise price of $11.50 per share, and each private placement warrant entitles its holder to purchase one share of Common Stock at an exercise price of $11.50 per share (subject to adjustment as described herein). To the extent warrants are exercised, additional shares of Common Stock will be issued, which will result in dilution to our then existing stockholders and increase the number of shares eligible for resale in the public market. Sales of substantial numbers of such shares in the public market could depress the market price of Class A Common Stock. Future offerings of debt or offerings or issuances of equity securities by us may adversely affect the market price of Class A Common Stock or otherwise dilute all other stockholders.In the future, we may attempt to obtain financing or to further increase our capital resources by issuing additional shares of our Class A Common Stock or offering debt or other equity securities, including commercial paper, medium-term notes, senior or subordinated notes, debt securities convertible into equity or shares of preferred stock. We also expect to grant equity awards to employees, directors, and consultants under our stock incentive plans. Future acquisitions could require substantial additional capital in excess of cash from operations. We would expect to obtain the capital required for acquisitions through a combination of additional issuances of equity, corporate indebtedness and/or cash from operations. Upon liquidation, holders of such debt securities and preferred shares, if issued, and lenders with respect to other borrowings would receive a distribution of our available assets prior to the holders of our Class A Common Stock. Debt securities convertible into equity could be subject to adjustments in the conversion ratio pursuant to which certain events may increase the number of equity securities issuable upon conversion. Preferred shares, if issued, could have a preference with respect to liquidating distributions or a preference with respect to dividend payments that could limit our ability to pay dividends to the holders of the Class A Common Stock. Our decision to issue securities in any future offering will depend on market conditions and other factors beyond our control, which may adversely affect the amount, timing and nature of our future offerings. 39Table of ContentsThe price of Class A Common Stock could decline if securities analysts do not publish research or if securities analysts or other third parties publish inaccurate or unfavorable research about us.The trading market for Class A Common Stock will be influenced by the research and reports that industry or securities analysts publish about us or our business. We do not currently have and may never obtain research coverage by securities and industry analysts. If no or few securities or industry analysts commence coverage of us, the trading price for Class A Common Stock could be negatively impacted. If one or more of these analysts cease coverage of us or fail to publish reports on us regularly, we could lose visibility in the financial markets, which in turn could cause our share price or trading volume to decline. We may be subject to securities litigation, which is expensive and could divert management’s attention. The share price of our Class A Common Stock may be volatile and, in the past, companies that have experienced volatility in the market price of their stock have been subject to securities class action litigation. AON may be the target of this type of litigation in the future. Litigation of this type could result in substantial costs and diversion of management’s attention and resources, which could have a material adverse effect on its business, financial condition, results of operations and prospects. Any adverse determination in litigation could also subject us to significant liabilities. Item 1B. CybersecurityRisk Management and StrategyAON has developed a standardized and systematic process for identifying, assessing, and mitigating cybersecurity risks within the organization. The process includes the gathering of information on cybersecurity trends, assessing risks, and recommending mitigation actions for periodic reporting to boards or committees. The documented standard operating procedure (“SOP”) outlines the processes, responsibilities, and methodologies that the Company follows to proactively manage and mitigate risks associated with the confidentiality, integrity, and availability of sensitive organizational and healthcare information.The SOP includes guidelines for risk identification and information gathering, consistent with the National Institute of Standards and Technology Cybersecurity Framework (“NIST CSF”), risk assessment, mitigation planning and recommendation, executive board and committee reporting, and documentation and review. The SOP also identifies the roles and responsibilities of individuals and groups within the organization that participate in ensuring that risks are identified, assessed, and mitigated in a way that aligns with organizational goals, risk appetite, legal requirements, and best practices. The SOP is required to be approved by the Information Security Review Board (“ISRB”) as well as our SEC Reporting Manager and reviewed every 2 years for relevance and effectiveness. AON has implemented a risk-based approach to identify and assess cybersecurity threats (both internal and external) that could affect our operations (including, but not limited to, our mission, functions, image, or reputation), assets, information, and individuals. This approach incorporates both external and internal risk and threat identification methodologies. External: AON engages in penetration testing and external trend analysis, which primarily monitors industry reports, threat intelligence feeds, and cybersecurity news sources for potential risks and emerging threats/trends relevant to the organization.Internal: AON’s internal risk and threat identification includes the conducting of real-time monitoring of the AON data communications systems, transactions, and event logs on a 24x7 basis. We also conduct periodic security risk identification exercises including regulatory compliance assessments, vulnerability scanning and penetration testing to identify potential 40Table of Contentsrisks and threats. Finally, we periodically conduct cybersecurity awareness training for all users and continuously encourage/remind them to report any identified threats or potential risks.Identified risks are documented in a risk register or security gap remediation worksheet with detailed information and an expert opinion on their probability of occurrence and potential impact. These values are then used to determine the overall rating value of the risk.There are several major risk categories that AON takes into consideration when identifying risks. The major risk categories that AON recognizes include: “Advanced Persistent Threat” (“APT”), “Denial of Service” (“DoS”), “Equipment Loss or Theft”, “Inappropriate Use or Unlawful Activity”, “Malware/Ransomware”, “Phishing/Smishing/Vishing”, “Supply Chain/Vendor Incident”, “Unauthorized Access or Privacy Breach”, and “Unplanned Downtime/Outage”. AON also strives to categorize organizational data based on sensitivity levels. AON’s data is classified into one of the following categories: “Restricted/Confidential,” “Private/Internal,” or “Public”. These data categories are taken into consideration and aligned with potential risks and impact assessments.AON's risk management team is charged with the responsibility of ensuring that the processes described above are implemented according to the company's risk management policy and that they align with the organization's stated risk appetite and tolerance levels. AON's risk management policy dictates that the company shall identify, assess, and manage material risks and craft a risk response strategy to address each individual case of an identified risk.AON engages third parties in various stages of the risk management process. These third parties include a virtual chief security officer service (“vCISO”), which is engaged as needed, and an incident response team associated with our managed detection and response service. AON has established a comprehensive vendor management program to assess, monitor, and manage risks associated with all third-party vendors including cybersecurity service providers. Thorough due diligence is exercised when selecting cybersecurity vendors including the evaluation of the provider's reputation, experience, certifications (where applicable), and adherence to industry best practices. The evaluation process includes the review of “Business Associate and Information Security Questionnaires” as well as the company's “Service/System Organization Controls” (“SOC”) report, and these must be reviewed annually. Clear cybersecurity expectations and requirements are required to be defined in contractual agreements, as well as clauses related to data protection, incident response, reporting, and compliance with security standards. Vendors must comply with all applicable AON policies, practice standards and agreements, including, but not limited to: non-disclosure agreements, code of conduct and safety policies, privacy and security policies, auditing policies, and software licensing policies.GovernanceAON has defined multiple roles and responsibilities to create a collaborative and effective approach to cybersecurity risk management. Each plays a critical part in ensuring that risks are identified, assessed, and mitigated in a way that aligns with organizational goals, risk appetite, legal requirements, and best practices. The collaboration between these roles ensures a comprehensive and well-coordinated effort to protect the organization from cybersecurity threats.Business Owner / Data Stewardship - Has responsibility for specific business processes or data sets. Ensures that data is used, stored, and transmitted securely.Chief Information Security Officer (CISO) / Chief Information Officer (CIO) - Provides overall leadership for the information security program. Represents cybersecurity interests at the executive level.Compliance Officer - Ensures that the organization complies with relevant laws and regulations. Provides guidance on compliance requirements impacting cybersecurity.IT Security Team / Information Security Practitioners - Acts as point of contact for risk-related concerns within respective teams. Implements security measures based on risk assessments.Legal Team - Provides legal expertise on cybersecurity and data protection matters. Ensures that cybersecurity practices comply with applicable laws and regulations.41Table of ContentsRisk Officer - Facilitates and coordinates risk management activities. Ensures that the risk management process is followed consistently.Risk Management Committee - Provides expertise in various domains of cybersecurity. Ensures the overall effectiveness of risk management processes. This is an informal management committee that was initiated by the IT Security Director. Members include the CIO, CISO, Risk Officer, and Compliance Officer. Members were selected based on their existing roles within AON and their relationship to cybersecurity and risk management functions.The AON Risk Management Committee meets on a quarterly cadence to summarize cybersecurity trends, identified risks, and mitigation strategies. The committee works together to craft executive-level reports suitable for board or committee review. It is the responsibility of the CIO, CISO, or the Risk Officer, each of whom have at least 10 years of expertise in the cybersecurity field, to present key findings, risk assessments, and mitigation strategies to boards or committees, including the Information Security Review and Executive Boards. The AON Risk Management Committee reviews and summarizes key cybersecurity trends, identified risks, and mitigation strategies and crafts executive-level reports for AON's leadership. It is the responsibility of the CIO, CISO, or the Risk Officer to present these reports to boards or committees, including the Information Security Review and Executive Boards on a regular cadence.It is the responsibility of our board of directors to establish and maintain a robust cybersecurity risk governance framework within the organization. The board of directors is also responsible for defining and communicating our organizational risk appetite and tolerance for cybersecurity. Additionally, the board of directors provides input and oversight of the organization's cybersecurity strategy and objectives and ensures alignment between cybersecurity initiatives and overall business goals.AON’s board of directors is required to actively participate in risk identification workshops and crisis management planning, especially regarding cybersecurity incidents. The board of directors is also responsible for promoting a cybersecurity-aware and continuous improvement culture within the organization. Starting in 2024, AON’s board of directors will receive quarterly reports on the organization's cybersecurity posture, including risk findings and assessments, mitigation strategies, and key performance indicators (“KPIs”), which shall be presented in a review meeting by representative from the Risk Management Committee.Material Effects of Cybersecurity ThreatsThere is a vast array of potential material effects that AON could feasibly face from cybersecurity threats in the near future. While we have identified the most likely of these in our “Cybersecurity Incident Response Plan and Risk Management, Assessment and Mitigation Guide,” and have either taken proactive measures and/or created a response strategy to mitigate the likelihood and impact of each, there remains a distinct possibility that a new/emerging threat might impact the business. The most likely material effects that could impact the organization in the near future include:Business Disruption: Cybersecurity threats, such as malware or ransomware attacks or DoS attacks, which could lead to business disruptions. Unplanned downtimes or outages, particularly in critical systems or services, may impact the organization's ability to operate efficiently, affecting business continuity.Supply Chain Disruptions: Cybersecurity threats targeting third-party vendors or supply chain partners may lead to disruptions. Dependencies on external entities could impact the organization's ability to deliver services, affecting business strategy and financial conditions.Increased Operational Costs: Investing in cybersecurity measures, incident response, and recovery efforts may lead to increased operational costs. More importantly, budgetary constraints for other strategic initiatives may result from the need to allocate resources to address cybersecurity threats.Other possible material effects include, but are not limited to intellectual property theft, increased insurance premiums, unplanned litigation costs, reputation damage, and regulatory non-compliance..

Recently Filed

Click on a ticker to see risk factors

Ticker *	File Date
EAWD	1 day, 2 hours ago
ARAT	1 day, 2 hours ago
IONM	1 day, 2 hours ago
NHWK	1 day, 3 hours ago
GBBK	1 day, 3 hours ago
APOG	1 day, 4 hours ago
FWAV	1 day, 6 hours ago
JRSS	1 day, 7 hours ago
PPIH	1 day, 10 hours ago
WAVS	1 day, 23 hours ago
GBNH	2 days, 1 hour ago
ACCD	2 days, 2 hours ago
EFSH	2 days, 3 hours ago
RFAC	2 days, 3 hours ago
GXXM	2 days, 7 hours ago
PGY	2 days, 10 hours ago
KPLT	3 days, 2 hours ago
MSB	3 days, 3 hours ago
MMMB	3 days, 3 hours ago
LVPA	3 days, 5 hours ago
HELE	3 days, 12 hours ago
RILY	3 days, 21 hours ago
BHAC	4 days, 3 hours ago
STZ	4 days, 6 hours ago
ARMT	4 days, 11 hours ago
ARMT	4 days, 11 hours ago
RCFA	4 days, 23 hours ago
FSR	5 days ago
TPIA	5 days, 1 hour ago
MEDS	5 days, 2 hours ago
PVNC	5 days, 2 hours ago
CDTX	5 days, 2 hours ago
ENCP	5 days, 2 hours ago
ACI	5 days, 11 hours ago
AZZ	5 days, 13 hours ago
DGWR	5 days, 13 hours ago
AURX	1 week, 1 day ago
CIRX	1 week, 1 day ago
GTCH	1 week, 1 day ago
HWNI	1 week, 1 day ago
CSSE	1 week, 1 day ago
WNLV	1 week, 1 day ago
RBTK	2 weeks, 1 day ago
BTTR	2 weeks, 1 day ago
ROYL	2 weeks, 1 day ago
VIRC	2 weeks, 1 day ago
SCS	2 weeks, 1 day ago
DHAC	2 weeks, 1 day ago
ALOT	2 weeks, 1 day ago
NUBI	2 weeks, 1 day ago

OTHER DATASETS

House Trading

Dashboard

Corporate Flights

Dashboard

App Ratings

Dashboard

Strategies

Alerts

Browse Data

Risk Factors Dashboard

View risk factors by ticker

Search filings by term

Risk Factors - DTOC

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

$DTOC Risk Factor changes from 00/04/13/22/2022 to 00/03/28/24/2024

Recently Filed

OTHER DATASETS

House Trading

Corporate Flights

App Ratings

TRADE SMARTER

TRADE SMARTER

Strategies

Alerts

Browse Data

Risk Factors Dashboard

View risk factors by ticker

Search filings by term

Risk Factors - DTOC

-New additions in green-Changes in blue-Hover to see similar sentence in last filing

$DTOC Risk Factor changes from 00/04/13/22/2022 to 00/03/28/24/2024

Recently Filed

OTHER DATASETS

House Trading

Corporate Flights

App Ratings

TRADE SMARTER

TRADE SMARTER

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing