Risk Factors Dashboard
Once a year, publicly traded companies issue a comprehensive report of their business, called a 10-K. A component mandated in the 10-K is the ‘Risk Factors’ section, where companies disclose any major potential risks that they may face. This dashboard highlights all major changes and additions in new 10K reports, allowing investors to quickly identify new potential risks and opportunities.
View risk factors by ticker
Search filings by term
Risk Factors - ELV
-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing
ITEM 1A. RISK FACTORS.
Our comprehensive cybersecurity and risk management programs are part of our continuously evolving enterprise-wide risk management practices. Aligned and measured against the National Institute of Standards and Technology (NIST) Cybersecurity Framework, recognized best practices and standards for cybersecurity and information technology, industry and government standards and other guidelines, our cybersecurity and risk management programs utilize policies, processes, and technologies to identify, assess, manage and mitigate cybersecurity risks and threats we face. We also conduct periodic reviews and updates to uphold our security standards, including implementation of tabletop crises exercises. We also conduct periodic reviews and updates to uphold our security standards. Our management implements ongoing and annual risk assessment processes to identify and manage risks that could affect our ability to safeguard sensitive data or provide reliable transaction processing and to minimize financial risk exposure. These risks include, but are not limited to, legal and regulatory compliance; third-party management , including risks from business partners and software providers; mergers and acquisitions; system availability and disruption of business operations; data use and security; vulnerability and configuration management; fraud and extortion; and reputational risk.
In evaluating our business, the risks described below, as well as the other information contained in this Annual Report on Form 10-K, should be carefully considered. Any one or more of such risks could materially and adversely affect our business, financial condition, results of operations and stock price and could cause our actual results of operations and financial condition to vary materially from past or anticipated future results of operations and financial condition. Additional risks and uncertainties not presently known to us or that we currently believe to be immaterial may also materially and adversely affect us.
BUSINESS RISKS
If we fail to appropriately predict, price for and manage healthcare costs, the profitability of our products and services could decline, which could adversely affect our business, cash flows, financial condition and results of operations.
Our profitability depends on our ability to appropriately predict and price for healthcare costs. It also depends on our ability to manage future healthcare costs through medical management, product design, negotiation of favorable provider contracts and underwriting criteria. Total healthcare costs are affected by the type, number and unit cost of individual services rendered. Numerous factors affecting healthcare costs may adversely affect our ability to predict and manage such costs, and could adversely impact our business, cash flows, financial condition and results of operations. Numerous factors affecting healthcare costs may adversely affect our ability to predict and manage healthcare costs, and may impact our business, cash flows, financial condition and results of operations. These factors include, among others: changes in healthcare practices; healthcare utilization patterns; demographic characteristics including the aging population; previously uninsured members entering the healthcare system; short and long-term risks associated with our members' lifestyle decisions; medical cost inflation; increased labor costs; provider and member fraud; evolution of new technologies, drugs and treatments; increased cost of individual services; increased number and cost of prescription drugs; direct-to-consumer marketing by drug manufacturers; clusters of high cost cases; increased use of services, including resulting from pandemics, large-scale medical emergencies, natural disasters, geopolitical instability and other public health crises; and new mandated benefits and treatment guidelines and changes to other regulations impacting our business.
Our estimates of future benefit cost projections involve extensive judgment and are subject to considerable inherent variability. Slight differences between our predicted and actual medical costs or utilization rates as a percentage of premium revenues can result in significant changes in our results of operations.Slight differences between predicted and actual medical costs or utilization rates as a percentage of premium revenues can result in significant changes in our results of operations. Generally, our premiums on commercial policies and Medicaid contracts are fixed for a 12-month period and are determined based on data from several months prior to the commencement of the premium period. Our revenue from Medicare policies is based on bids submitted to CMS six months prior to the start of the contract year. CMS has explicit gain and loss margin requirements within the bids, as well as contract-specific federal MLR annual requirements. Accordingly, the costs we incur in excess of our benefit cost projections cannot be recovered in the contract year through higher premiums. Existing Medicaid contract rates are often established by the applicable state, and our actual costs may exceed those rates. Many factors, including those discussed above, have caused, and may in the future cause, actual costs to exceed those estimated and reflected in our commercial premiums and Medicare and Medicaid bids. Many factors, including those discussed above, may cause actual costs to exceed those estimated and reflected in our Commercial premiums and Medicare and Medicaid bids.
We participate in the Public Exchange in many of the states where we offer Medicaid health plans. The Public Exchange markets in general are highly volatile and unpredictable from year to year. We develop each state's Public Exchange market premium rates during the spring of each year for policies effective in the following calendar year. Legislation, regulation enforcement activity and judicial decisions that cause the Public Exchange to operate in a manner different than we projected in setting premium rates, including any potential changes relating to the expiration of enhanced PTCs at the end of 2025, could affect our results. In addition, any variation from our cost expectations regarding acuity, enrollment levels, adverse selection, or other assumptions utilized in setting premium rates, could have an adverse effect on our results of operations, financial position, and cash flows. The collection, maintenance, protection, use, transmission, disclosure and disposal of sensitive personal information is regulated at the federal, state, international and industry levels and requirements are also imposed on us and vendors through contracts with clients.
Although federal and state premium and risk adjustment mechanisms could help offset health benefit costs above our projections if the assumptions we use to set our premium rates are significantly different than actual results, our results of operations and financial condition could still be adversely affected. The reserves that we establish for health insurance policy benefits and other contractual rights and benefits are based on assumptions concerning a number of factors, including trends in healthcare costs, expenses, general economic conditions and other factors. To the extent the actual claims experience is unfavorable compared to our underlying assumptions, our incurred losses would increase, and future earnings could be adversely affected. Further, if we are unable to provide higher quality outcomes and better experiences through the development and expansion of our value-based care products at lower costs or to integrate our care delivery model, our results of operations, financial position and cash flows may be adversely impacted.
Pharmaceutical products and services are a significant component of our healthcare costs. Evolving regulations and state and federal mandates regarding coverage may impact the ability of our health plans to continue to receive existing price discounts on pharmaceutical products for our members. Other factors affecting our pharmaceutical costs include, but are not limited to, existing prices, geographical variation in utilization of new FDA-approved pharmaceuticals and new FDA-approved indications for existing pharmaceuticals, current and potential future tariffs and changes in discounts.
-24-
In addition to the challenge of managing healthcare costs, we face pressure to contain premium rates. Our customers may renegotiate their contracts to seek to contain their costs or may move to a competitor to obtain more favorable premiums. Public Exchange plan selection by our customers is also highly price sensitive. Further, federal and state regulatory agencies may restrict or prevent entirely our ability to implement changes in premium rates. A limitation on our ability to increase or maintain our premium or reimbursement levels or a significant loss of membership resulting from our need to increase or maintain premium or reimbursement levels could adversely affect our business, cash flows, financial condition and results of operations.
A significant reduction in the enrollment in our health benefits programs, pharmacy services or diversified products and services, particularly in states where we have large regional concentrations, could have an adverse effect on our business, cash flows, financial condition and results of operations.
A significant reduction in the number of enrollees in our health benefits programs, pharmacy services, or diversified products and services could adversely affect our business, cash flows, financial condition and results of operations. A significant reduction in the number of enrollees in our health benefits programs, pharmacy services, or diversified products and services could adversely affect our business, cash flows, financial condition and results of operations. Factors that have contributed, and may continue to contribute, to a reduction in enrollment include: reductions in workforce by existing customers; a reduction in Medicaid membership due to the implementation of more stringent eligibility redetermination protocols by state agencies; a general economic upturn that results in fewer individuals being eligible for Medicaid programs; a general economic downturn that results in business failures and high unemployment rates; employers no longer offering certain healthcare coverage as an employee benefit or electing to offer coverage on a voluntary, employee-funded basis; participation on Public Exchanges; federal and state regulatory changes, including Medicaid community engagement requirements; changes in procurement practices or funding structures by government agencies; failure to obtain new customers or retain existing customers; premium increases and benefit changes; our exit from a specific market or health plan offering; negative publicity and news coverage; and failure to attain or maintain nationally recognized accreditations. Factors that have contributed, and may continue to contribute to, a reduction in enrollment include: reductions in workforce by existing customers, a reduction in Medicaid membership due to the end of the temporary suspension of eligibility redetermination for Medicaid recipients in response to the COVID-19 pandemic, a general economic upturn that results in fewer individuals being eligible for Medicaid programs, a general economic downturn that results in business failures and high unemployment rates, employers no longer offering certain healthcare coverage as an employee benefit or electing to offer coverage on a voluntary, employee-funded basis, participation on Public Exchanges, federal and state regulatory changes, failure to obtain new customers or retain existing customers, premium increases and benefit changes, our exit from a specific market, negative publicity and news coverage, and failure to attain or maintain nationally recognized accreditations.
The states in which we operate with the largest concentrations of revenues include California, New York, Virginia, Indiana, Ohio, Georgia, Florida and Texas. Due to this concentration of business in these states, we are exposed to potential losses resulting from the risk of state-specific or regional economic downturns or healthcare coverage changes impacting these states. If any such negative economic conditions fail to improve, we may experience a reduction in existing and new business, which could have an adverse effect on our business, cash flows, financial condition and results of operations. If any such negative economic conditions do not improve, we may experience a reduction in existing and new business, which could have a material adverse effect on our business, cash flows, financial condition and results of operations.
A cyber-attack or other privacy or data security incident sustained by us or third parties we rely on could result in an unauthorized disclosure of sensitive or confidential information, cause a loss of data, disrupt our operations, give rise to remediation or other expenses, expose us to liability under our contracts and federal, state and international laws, and subject us to litigation and investigations, which could have an adverse effect on our business, reputation, cash flows, financial condition and results of operations.A cyber-attack or other privacy or data security incident could result in an unauthorized disclosure of sensitive or confidential information, cause a loss of data, disrupt our operations, give rise to remediation or other expenses, expose us to liability under federal, state and international laws, and subject us to litigation and investigations, which could have an adverse effect on our business, cash flows, financial condition and results of operations.
As part of our normal operations, we collect, process, retain and analyze certain sensitive and confidential information, including personal information subject to privacy, security and data breach notification requirements. As part of our normal operations, we collect, store, process, retain and analyze certain sensitive and confidential information, including personal information subject to privacy, security and data breach notification requirements. Some of the data we process, store and transmit is outside of the U.S. due to the structure of our information technology systems and our internal business operations. We are subject to a variety of continuously evolving federal, state and international laws and rules regarding collection, dissemination, receipt, maintenance, protection, use, transmission, disclosure, privacy, confidentiality, security, availability, integrity, creation, processing and disposal of sensitive or confidential information that, depending on the specific business and intended data use, include without limitation, HIPAA's privacy and security rules, HIPAA's HITECH rule, the Gramm-Leach-Bliley Act, the General Data Protection Regulation and numerous state laws governing personal information, including the California Consumer Privacy Act, as amended by the California Privacy Rights Act. Regulators are also imposing new and greater monetary fines or penalties for privacy violations, and jurisdictions where we operate have passed, and continue to propose, data privacy legislation and/or regulations related to Artificial Intelligence (“AI”). We have programs in place to detect, contain and respond to data, privacy and security incidents and provide employee awareness training regarding phishing, malware, and other risks to protect against privacy and cybersecurity incidents. Our facilities and systems, and those of our third-party service providers, including our business associates, are regularly the target of, and may be vulnerable to, cyber-attacks, security breaches, acts of vandalism, computer viruses, misplaced or lost data, programming and/or human errors, negligent or wrongful conduct by associates or others with permitted access to our systems and information, or other threats or catastrophic events. Additionally, there have been, and may in the future be, heightened vulnerabilities due to our remote or varied geographical workforce operations.
We cannot ensure that we or our third-party service providers will be able to identify, prevent or contain the effects of cyber-attacks or other cybersecurity risks that bypass our or their security measures or disrupt our or their information technology systems or business. We cannot ensure that we or our third-party service providers will be able to identify, prevent or contain the effects of cyber-attacks or other cybersecurity risks that bypass our or their security measures or disrupt our or their information technology systems or business. Hardware, software or applications we develop or procure from third parties may contain defects in design, manufacturer defects or other problems that could unexpectedly compromise information security. In addition, because the techniques used to obtain unauthorized access, disable, disrupt or degrade service or sabotage systems change frequently, are becoming increasingly sophisticated (in part due to the use of evolving technologies), and may not immediately produce signs of intrusion, we may be unable to anticipate these techniques and threats, timely discover or counter them or implement adequate
-25-
preventative measures. Viruses, worms, malicious software programs or other unauthorized methods of acquiring data may be used to attack our systems or otherwise exploit any security vulnerabilities which may cause system disruptions or shutdowns, or may cause personal, proprietary or confidential information to be disclosed, misappropriated or compromised. We have business continuation and resiliency plans which are maintained, updated and tested regularly in an effort to successfully contain and remediate potential disruptions or cyber events, but there is no guarantee that such efforts will be effective. We have business continuation and resiliency plans which are maintained, updated and tested regularly in an effort to ensure successful containment and remediation of potential disruptions or cyber events. If those efforts are not effective, the functionality of our information technology systems or those of third parties could be interrupted. Cybersecurity and the continued development and enhancement of our controls, processes and practices designed to protect our systems, computers, software, data and networks from attack, damage and unauthorized access remain a priority for us.
We have been, and may in the future be, subject to litigation and governmental investigations related to cyber-attacks, privacy incidents and security breaches. Any such future litigation or governmental investigation could divert the attention of management from the operation of our business, result in reputational damage and have an adverse impact on our business, cash flows, financial condition, and results of operations. Moreover, our programs to detect, contain, and respond to data security incidents as well as contingency plans and insurance coverage for potential liabilities of this nature may not be sufficient to cover all claims and liabilities.
Noncompliance with any privacy, security or data protection laws and regulations, or any security breach, cyber-attack or cybersecurity breach, and any incident involving the misappropriation, compromise, exfiltration, theft, loss or other unauthorized disclosure or use of, or access to, sensitive or confidential information, whether by us or by one of our third-party service providers or their vendors, previously have and could in the future require us to expend significant resources to continue to modify or enhance our protective measures and to remediate any damage.Noncompliance with any privacy, security or data protection laws and regulations, or any security breach, cyber-attack or cyber-security breach, and any incident involving the misappropriation, theft, loss or other unauthorized disclosure or use of, or access to, sensitive or confidential information, whether by us or by one of our third-party service providers or their vendors, could require us to expend significant resources to continue to modify or enhance our protective measures and to remediate any damage. In addition, this could negatively affect our operations, cause system disruptions, damage our reputation, cause membership losses and contract breaches, expose us or our members to the risk of financial or medical identity theft, and result in regulatory enforcement actions, material fines and penalties, litigation or other actions that could have an adverse effect on our business, cash flows, financial condition and results of operations. In addition, this could negatively affect our operations, cause system disruptions, damage our reputation, cause membership losses and contract breaches, and could also result in regulatory enforcement actions, material fines and penalties, litigation or other actions that could have a material adverse effect on our business, cash flows, financial condition and results of operations.
If we fail to responsibly use and protect data, or if such data is found to be inaccurate or unreliable, our business and customers could suffer adverse consequences.
The collection, maintenance, protection, use, transmission, disclosure and disposal of sensitive personal information is regulated at the federal, state, international and industry levels and requirements are also imposed on us and vendors through contracts with clients. We are also subject to various other consumer protection laws that regulate our communications with customers. Certain of our businesses are also subject to the Payment Card Industry Data Security Standard, which is designed to protect credit card account data as mandated by payment card industry entities. In addition, more jurisdictions are regulating the collection, use and transfer of data across borders. We use de-identified and aggregated data, and sell such data to third-parties, to create analytic models designed to predict, and potentially improve, outcomes and patient care. These laws, rules, regulations and contractual requirements are subject to change, and the regulatory environment surrounding data protection and privacy is becoming more onerous. Compliance with existing or new privacy, security, technology or data protection laws, regulations and requirements may result in increased enforcement and costs, and may constrain or require us to alter our business model or operations. Compliance with existing or new privacy, security or data protection laws, regulations and requirements may result in increased enforcement, costs, and may constrain or require us to alter our business model or operations.
Further, if the data we rely upon to run our businesses is found to be inaccurate or unreliable or if we fail to maintain or protect our information systems and data integrity effectively, we could experience failures in our technology products; lose existing customers; have difficulty attracting new customers; experience problems in determining medical cost estimates and establishing appropriate pricing; have difficulty preventing, detecting and controlling fraud; have disputes with customers, physicians and other healthcare professionals; become subject to regulatory sanctions, penalties, investigations or audits; incur increases in operating expenses; or suffer other adverse consequences.
There are various risks and conditions associated with participating in Medicare and Medicaid programs, including payment rates, processes and timelines that are determined by the government, compliance with government contract requirements and regulatory oversight.
We contract with various federal and state agencies, including CMS, to provide managed health benefits services, such as Medicare Advantage, Medicare Part D, Medicare Supplement, Medicaid, TANF, SPD, LTSS, CHIP, Medicaid expansion programs and various specialty programs, products and services. We contract with various federal and state agencies, including CMS, to provide managed health benefits services, such as Medicare Advantage, Medicare Part D, Medicare Supplement, Medicaid, TANF, SPD, LTSS, CHIP, Medicaid expansion programs and various specialty programs, products and services. We also provide various administrative services for other entities offering medical and/or prescription drug plans to their Medicaid or Medicare eligible members, and we offer employer group waiver plans which provide medical and/or prescription drug coverage to retirees. We also participate in programs in several states for the care of dual-eligible members. Changes in existing laws or regulations applicable to these programs, or their interpretations, are difficult to predict and could have an adverse effect on our business, cash flows, financial condition and results of operations. Regulatory reform initiatives or changes in existing laws or regulations applicable to these programs, or their interpretations, are difficult to predict and could have a material adverse effect on our business, cash flows, financial condition and results of operations.
Revenues from the Medicare and Medicaid programs are determined, in whole or in part, by the federal government and/or applicable state governments, and base premium rates paid by each state or federal agency differ depending upon a combination of factors such as defined upper payment limits, a member’s health status, age, gender, county or region, benefit mix, member
-26-
eligibility category and risk scores. Rates may be affected by federal and state budgetary constraints. Certain state contracts are subject to cancellation in the event of the unavailability of state funds. Additionally, ongoing CMS changes to the calculation of risk in the Medicare Advantage program may impact our revenue. For example, CMS made significant changes to the structure of the hierarchical condition category model in version 28, which impacted risk adjustment factor (“RAF”) scores for a larger percentage of Medicare Advantage beneficiaries and resulted in changes to beneficiary RAF scores regardless of a change in the patient’s health status. The federal government or any state in which we operate could decrease rates paid to us, pay us less than the amount necessary to keep pace with our cost trends, cancel our contracts retroactively or seek an adjustment to previously negotiated rates. In addition, various states’ Medicare-Medicaid dual-eligible plans are still subject to uncertainty surrounding payment rates and other requirements, which could affect where we seek to participate in these programs. For example, CMS will require in future years that health plans offering certain dual-eligible products must also align with integrated Medicaid products in the same service area. Some states are also requiring companies to offer Medicaid within a state and are conducting competitive bid processes to qualify to offer dual-eligible products. An unexpected reduction in payments, inadequate government funding or significantly delayed payments for these programs may adversely affect our business, cash flows, financial condition and results of operations.
Other potential risks associated with Medicare Advantage and Medicare Part D plans include increased medical or pharmaceutical costs, data corrections identified as a result of ongoing auditing and monitoring activities, potential uncollectability of receivables resulting from processing and/or verifying enrollment, inadequacy of underwriting assumptions, inability to receive and process correct information (including inability due to systems issues by the federal government, the applicable state government or us), uncollectability of premiums from members and limited enrollment periods. Actual results may be materially different than our assumptions and estimates and could have an adverse effect on our business, financial condition and results of operations. Actual results may be materially different than our assumptions and estimates and could have a material adverse effect on our business, financial condition and results of operations.
Our contracts with CMS and state governmental agencies contain certain provisions regarding data submission, risk adjustment, provider network and directory maintenance, quality measures, claims payment, timely and accurate processing of appeals and grievances, oversight of service providers, encounter data, continuity of care, call center performance and other requirements specific to federal and state program regulations. Our contracts with CMS and state governmental agencies contain certain provisions regarding data submission, risk adjustment, provider network and directory maintenance, quality measures, claims payment, timely and accurate processing of appeals and grievances, oversight of service providers, encounter data, continuity of care, call center performance and other requirements specific to federal and state program regulations. We have been subject in the past, and may again be in the future, to administrative actions, fines, penalties, liquidated damages or retrospective adjustments in payments made to our health plans as a result of a failure to comply with these requirements, which has impacted, and in the future could impact, our profitability. We have experienced retroactive rate adjustments by certain state Medicaid agencies in the past, and such rate adjustments may occur in the future. Further, our state Medicaid contracts have not always been renewed, we have not always been awarded new contracts as a result of the competitive procurement process, and in some cases, we have lost members under existing contracts as a result of a post-award challenge by unsuccessful bidders, each of which could take place in the future and have an adverse effect on our business, cash flows, financial condition and results of operations.
The Star Rating System utilized by CMS to evaluate Medicare Advantage Plans may have a significant effect on our revenue, as higher-rated plans tend to experience increased enrollment, plans with a Star Rating of 4.0 or higher are eligible for quality-based bonus payments and plans with a Star Rating of 5.0 can market to and enroll members year-round. CMS has made, and continues to make, changes to its Star Rating program that have impacted, and continue to impact, the ability of plans to achieve Star Ratings of 4.0 or higher. CMS released our 2026 Star Ratings in October 2025, which will be used to determine our Medicare Advantage plans' quality bonus payments in 2027. Our 2026 Star Ratings reflect that approximately 59% of our Medicare Advantage members are enrolled in plans rated at least 4.0 stars or higher, or the equivalent, compared to approximately 40% of our Medicare Advantage members being in plans with 2025 Star Ratings of at least 4.0 stars. Uncertainties with respect to future changes to the Star Rating System, which are not determined until after the relevant measurement period, continue to make accurate predictions of each Medicare Advantage plan’s Star Ratings more challenging. If we do not maintain our Star Ratings in future years, or if quality-based bonus payments are reduced or eliminated, we would likely experience a negative impact on our revenues and the benefits that our plans can offer, which could adversely affect the marketability of our plans, our ability to expand our business, our membership levels, and our results of operations, financial condition and cash flows. Further, if we do not improve our Star Ratings, or if quality-based bonus payments are reduced or eliminated, we will experience further negative impact on our revenues and the benefits that our plans can offer, which could materially and adversely affect the marketability of our plans, our membership levels, results of operations, financial condition and cash flows. Similarly, if we fail to meet or exceed any performance standards imposed by state Medicaid programs in which we participate, we may not receive performance-based bonus payments or may incur penalties.
In addition, our failure to comply with federal and state healthcare laws and regulations applicable to our participation in Medicaid and Medicare programs, including those directed at preventing fraud, abuse and discrimination, could result in investigations, litigation, fines, restrictions on, or exclusions from, program participation, or the imposition of corporate integrity agreements or other agreements with a federal or state governmental agency, any of which could adversely impact our business, cash flows, financial condition and results of operations.
We are periodically subject to government audits, including CMS RADV audits of our Medicare Advantage Plans to validate diagnostic data, patient claims and financial reporting, and audits of our Medicare Part D plans by the Medicare Part D Recovery Audit Contractor (“RAC”), as well as state Medicaid RAC programs. Certain of our contracts currently have pending RADV audits
-27-
by CMS and the HHS Office of Inspector General that are awaiting CMS finalization. In addition, we routinely perform ordinary course reviews of, among other things, our Medicare Advantage data submitted to CMS. These governmental audits, or changes in how these audits are conducted, including changes that may result from the final RADV Audit rule that was issued in 2023, and our internal reviews, have resulted, and could in the future result, in reports or disclosures for prior, current or future filing years to federal or state regulatory agencies, submission of data corrections, and/or significant adjustments in payments made to our health plans and future Medicare Advantage bids, which could adversely affect our financial condition and results of operations. These governmental audits, or changes in how these audits are conducted, including changes that may result from the final RADV Audit rule that was issued in 2023, and internal reviews, could result in reports or disclosures for prior, current or future filing years to federal or state regulatory agencies, submission of data corrections, and/or significant adjustments in payments made to our health plans and future Medicare Advantage bids, which could adversely affect our financial condition and results of operations. Governmental regulators and agencies continue to heighten their scrutiny of business and reporting practices within the health services industry with respect to risk adjustment and claims payment. Additionally, state regulators are increasingly conducting audits to assess the quality of services we provide to our Medicare members. If we fail to report and correct errors discovered through our own auditing procedures, during a RADV or RAC audit or during state regulatory audits, or otherwise fail to comply with applicable laws and regulations, we could be subject to fines, civil penalties or other sanctions, which could have an adverse effect on our ability to participate in these programs, and on our financial condition, cash flows and results of operations. In addition, price transparency initiatives, such as the Health Plan Transparency in Coverage Rule, may impact our ability to obtain or maintain favorable contract terms. In addition, price transparency initiatives, such as the Health Plan Transparency Rule, may impact our ability to obtain or maintain favorable contract terms. For example, hospitals are required to publish online payer-specific negotiated charges for each item or service the hospital provides. For example, beginning in 2021, hospitals were required to publish online payer-specific negotiated charges for each item or service the hospital provides.
Our Medicare and Medicaid contracts are also subject to various MLR rules, including minimum MLR thresholds, rebate requirements and audits, which could adversely affect our membership and revenues if any of our state Medicare or Medicaid plans do not meet an applicable minimum MLR threshold. If a Medicare Advantage, MMP or Medicare Part D contract pays minimum MLR rebates for three consecutive years, it will become ineligible to enroll new members. If a Medicare Advantage or Medicare Part D contract pays such rebates for five consecutive years, it will be terminated by CMS.
A change in our healthcare product mix may impact our profitability.
Our healthcare products that involve greater potential risk generally tend to be more profitable than administrative services products and those healthcare products where the employer groups assume the underwriting risks. Our healthcare products that involve greater potential risk generally tend to be more profitable than administrative services products and those healthcare products where the employer groups assume the underwriting risks. Individuals and small employer groups are more likely to purchase our higher-risk healthcare products because such purchasers are generally unable or unwilling to bear greater liability for healthcare expenditures. Typically, government-sponsored programs also involve our higher-risk healthcare products. A shift of enrollees from more profitable products to less profitable products could have an adverse effect on our cash flows, financial condition and results of operations. A shift of enrollees from more profitable products to less profitable products could have a material adverse effect on our cash flows, financial condition and results of operations.
If we fail to develop and maintain satisfactory relationships with hospitals, physicians, pharmacy service providers and other healthcare providers, our business, cash flows, financial condition and results of operations may be adversely affected.
Our profitability is dependent in part upon our ability to contract on favorable terms with hospitals, physicians, pharmacy services providers and supply chain partners and other healthcare providers. Our profitability is dependent in part upon our ability to contract on favorable terms with hospitals, physicians, pharmacy services providers and supply chain partners and other healthcare providers. These partners may elect not to contract with us, and the failure to secure or maintain cost-effective contracts on competitive terms may result in a loss of membership or higher medical costs, which could adversely affect our business. In addition, consolidation among healthcare providers, Accountable Care Organizations practice management companies, and other organizational structures that physicians, hospitals and other care providers choose, as well as the ability of larger employers to contract directly with providers, has changed and may continue to change the way that these providers interact with us and may alter the competitive landscape overall. Such organizations or groups of physicians may compete directly with us or be owned by one of our competitors, which may impact our relationship with these providers or affect the way that we price our products and estimate our costs. Such competition may require us to incur costs to change our operations, which could adversely affect our business, cash flows, financial condition, and results of operations.
Our inability to contract with providers, providers attempting to use their market position to negotiate more favorable contracts or place us at a competitive disadvantage, the departure of prominent network providers or provider groups to competitors, or the inability of providers to provide adequate care could adversely affect our business. In addition, we do not have contracts with all providers that render services to our members and, as a result, may not have a pre-established agreement about the amount of compensation those out-of-network providers will accept for the services they render. State and federal laws, such as the No Surprises Act, define the compensation that must be paid to out-of-network providers in certain scenarios, and related litigation has lessened the weight of the Qualifying Payment Amount during independent dispute resolution processes, which may result in an increase in rates we must pay to out-of-network providers. Further ongoing regulatory developments or judicial interpretations may continue to shift payment responsibilities or calculation methodologies in ways that increase our costs. Both our lack of contracts with certain providers and the development of new federal and state laws could result in significant litigation or arbitration proceedings, including instances in which a provider attempts to obtain payment from our members for the difference between the amount we have paid and the amount they have charged, or other increases in rates paid to out-of-network providers. Both our lack of contracts with certain providers and the development of new federal and state laws could result in significant litigation or arbitration proceedings, to the extent a provider attempts to obtain payment from our members for the difference between the amount we have paid and the amount they have charged, or other increases in rates paid to out-of-network providers.
We are dependent on the success of our relationships with third parties for various services and functions.
-28-
We contract with various third parties to perform certain functions and services and provide us with certain information technology systems. Certain of these third parties provide us with significant portions of our business infrastructure and operating requirements. For example, a single vendor can provide to us a wide range of technology infrastructure services, such as end user (help desk and field support), data center, mainframe, payment card handling, storage and database services and multi-cloud management services, and we are subject to the risks of any operational failure, termination or other restraints in such an arrangement. We could become overly dependent on key vendors, which could cause us to lose core competencies. A termination of our agreements with, or disruption in the performance of, one or more of these service providers could result in service disruptions or unavailability, reduced service quality and effectiveness, increased or duplicative costs or an inability to meet our obligations to our customers. In addition, we may also have to seek alternative service providers, which may be unavailable or only available on less favorable contract terms or with more difficult integration hurdles. In addition, we may also have to seek alternative service providers, which may be unavailable or only available on less favorable contract terms. Any of these outcomes could adversely affect our business, reputation, cash flows, financial condition and operating results.
Our pharmacy services business would be adversely affected if we are unable to contract on favorable terms with third-party vendors, including pharmaceutical manufacturers. We delegate certain pharmacy benefit manager services, including, but not limited to, claims adjudication, pharmacy network administration, rebate administration, and advanced home delivery back-end dispensing to CVS pursuant to the CVS Agreement. We delegate certain PBM services, including, but not limited to, claims adjudication, pharmacy network administration, rebate administration, advanced home delivery back-end dispensing, and customer service, to CVS pursuant to the CVS Agreement. If CVS fails to provide pharmacy benefit manager services as contractually required, we may not be able to meet the full demands of our customers, which could have an adverse effect on our business, reputation and results of operations. If CVS fails to provide PBM services as contractually required, we may not be able to meet the full demands of our customers, which could have a material adverse effect on our business, reputation and results of operations. Additionally, we may not maintain favorable terms and conditions, including financial terms, to compete in the market. For additional information on the CVS Agreement, see “Business - Product and Service Descriptions,” in Part I, Item 1 of this Annual Report on Form 10-K.
The failure to properly maintain the integrity or availability of our data, or to successfully maintain, protect and upgrade our information systems could adversely affect our business.The failure to effectively maintain and upgrade our information systems, or the availability and integrity of our data, could adversely affect our business.
Our business depends significantly on effective information systems, and we have many different information systems for our various businesses, including those that we have acquired as a result of our merger and acquisition activities. Our business depends significantly on effective information systems, and we have many different information systems for our various businesses, including those that we have acquired as a result of our merger and acquisition activities. Our information systems require an ongoing investment, commitment of significant resources to maintain, integrate, upgrade, enhance and expand existing systems, and development of new systems, including systems powered by or incorporating AI and machine learning (including generative AI), to keep pace with continuing changes in information processing technology, emerging cybersecurity risks, changing customer preferences, evolving industry and regulatory standards and legal requirements, including as a result of the ACA, the Health Plan Transparency Rule, the 2021 Appropriations Act and federal data interoperability regulations. Our information systems require an ongoing investment, commitment of significant resources to maintain and enhance existing systems, and development of new systems to keep pace with continuing changes in information processing technology, emerging cyber-security risks, changing customer preferences, evolving industry and regulatory standards and legal requirements, including as a result of the ACA, the Health Plan Transparency Rule, the 2021 Appropriations Act and federal data interoperability regulations. In addition, we may obtain significant portions of our systems-related or other services from independent third parties (and their vendors), which may make our operations vulnerable if such third parties fail to perform and oversee adequately. Further, unauthorized third parties present additional risk, including by propagating misinformation related to products, business and the health industry.
Failure to adequately implement, consolidate, integrate, streamline, maintain and upgrade effective and efficient information systems, including those powered by or incorporating AI, with sufficiently advanced technological capabilities could result in investigations, audits, fines and penalties, competitive and cost disadvantages to us compared to our competitors, contractual damages, and diversion of management’s time, and could have an adverse effect on our business, financial condition and results of operations.Failure to adequately implement, consolidate, integrate, streamline, maintain and upgrade effective and efficient information systems with sufficiently advanced technological capabilities could result in investigations, audits, fines and penalties, competitive and cost disadvantages to us compared to our competitors, could divert management’s time, and could have a material adverse effect on our business, financial condition and results of operations. Failure or disruption of our performance of, or our ability to perform, key business functions, including as a result of the unavailability of, or cyber-attack on, our information technology systems or those of third parties (including cloud service providers), could decrease response times, lower levels of service satisfaction and harm our reputation and brand. Failure or disruption of our performance of, or our ability to perform, key business functions, including as a result of the unavailability or cyber-attack of our information technology systems or those of third parties (including cloud service providers), could decrease response times, lower levels of service satisfaction and harm our reputation. Our systems interface with and depend on third-party systems, hardware, infrastructure and cloud technologies, and we could experience service denials if demand for such service exceeds capacity, or these systems fail or experience interruption. Our systems interface with and depend on third-party systems and we could experience service denials if demand for such service exceeds capacity, or these systems fail or experience interruption. From time to time, we update, transition, acquire, or expand use of our and third-party information technology systems, which may result in heightened vulnerability. Some third-party systems that are necessary for the operation of our business processes are maintained outside of our control but would impact our business operations if compromised as a result of a cyber-attack. Despite our adoption and continued enhancement of business continuity and disaster recovery strategies, there is no guarantee that such efforts will be effective, which could interrupt the functionality of our information technology systems or those of third parties. Our failure to implement adequate business continuity and disaster recovery strategies could significantly reduce our ability to provide products and services to our customers and members, which could have an adverse effect on our business and results of operations.
In addition, connectivity amongst technologies is becoming increasingly important, with recent trends bringing greater consumer engagement in healthcare; therefore, the pace at which our customers will need enhanced technologies with sophisticated applications for mobile interfaces, including tools and products that leverage AI to improve the customer experience, will quicken.In addition, connectivity amongst technologies is becoming increasingly important, with recent trends bringing greater consumer engagement in healthcare; therefore, the pace at which our customers will need enhanced technologies with sophisticated applications for mobile interfaces will quicken. We anticipate that fast-evolving AI technologies will play an increasingly significant role in our information systems and technology products. If the information systems we rely upon to run our business were found to be inaccurate or unreliable or if we fail to adequately maintain, upgrade, enhance, expand and protect our information systems, security controls and data integrity
-29-
effectively, we could experience problems in determining medical cost estimates and establishing appropriate pricing and reserves, have disputes with customers and providers, lengthen the pace of integration activities or otherwise delay the launch of acquired products, face regulatory problems, including sanctions and penalties, incur increases in operating expenses or suffer other adverse consequences, including a decrease in membership.
We are subject to risks associated with our use of AI, which could adversely affect our business, reputation or financial results.
As part of our operations, we are making investments in certain AI tools and solutions to enhance our operations and positively impact the experience of our members, and we continue to explore further innovation using AI. The rapid advancement of these technologies presents opportunities for us, but there are risks associated with the development and deployment of AI. We have developed and implemented policies and procedures intended to promote and sustain responsible design, development and use of AI. Our AI-related efforts may give rise to risks related to accuracy, harmful bias, discrimination, intellectual property infringement, data privacy, and cybersecurity, among others. In addition, we may be subject to new or enhanced governmental or regulatory scrutiny, litigation or other liability and ethical concerns, and negative consumer perceptions as to the use of automation and AI, or other complications that could adversely affect our business, reputation, or financial results. Any inadequacy in or failure to comply with our responsible use of AI policies and procedures or emerging laws, regulations and standards governing AI use could cause our technology not to operate as intended or to produce outcomes that could have an adverse effect on our business, reputation, results of operations, financial position and cash flows.
We are subject to risks associated with pandemics, like the COVID-19 pandemic, as well as other extreme events, large-scale medical emergencies and public health crises, which could have an adverse effect on our business, results of operations, and financial condition and financial performance.
A pandemic or other large-scale medical emergency or public health crisis, such as the COVID-19 pandemic, referred to collectively as “public health crises,” may cause illness, death, quarantines, reduced operations or shutdowns of businesses and schools, unemployment, inflation, labor shortages, supply chain interruptions, disruptions in public and private infrastructure and overall economic and financial market instability.A pandemic or other large-scale medical emergency or public health crisis, such as the COVID-19 pandemic, referred to collectively as “public health crises,” may cause illness, death, quarantines, business and school shutdowns, reductions in business activity, travel and financial transactions, unemployment, inflation, labor shortages, supply chain interruptions and overall economic and financial market instability. The following are some risks that we could experience as a result of future public health crises, all of which could increase our costs, impair our ability to provide services, and have an adverse effect on our business, cash flows, financial condition and results of operations:
•Increased healthcare costs due to higher utilization rates of medical facilities and services and behavioral health services, increased labor costs resulting from labor shortages and increases in medical expenses and associated hospital and pharmaceutical costs, including testing, treatment and the administration of vaccines and other therapeutics and costs due to care deferred during the public health crisis, which may lead to additional care resulting from missed treatments.
•Increased estimation uncertainty for our claims liability, as well as decreased predictability of Medicare and Medicaid rates due to changes in utilization of medical facilities and services, medical expenses and other costs.
•A reduction in enrollment in our health benefits, pharmacy services, or other healthcare services and products or a change in membership mix to less profitable lines of business by existing customers due to reductions in workforce and other impacts of an economic downturn.
•Cash flow volatility or shortfalls caused by delayed, delinquent or non-collectable payments.
If any future public health crisis occurs and continues for a prolonged period, these risks could be exacerbated and cause further impact to our business and operations. Additionally, other extreme events such as natural disasters, war, terrorism, increased crime, civil unrest and sanctions could create public health crises, operations disruptions or otherwise have an adverse effect on our business, cash flows, financial condition and results of operations. Additionally, other extreme events such as natural disasters, war, terrorism, increased crime, and civil unrest could create public health crises or otherwise have a material adverse effect on our business, cash flows, financial condition and results of operations. In the event of a public health crisis, we may need to make temporary policy changes, such as waiving various medical requirements, assisting with replacement medications, transferring prescriptions and expanding our help line. Natural disasters or extreme weather events, such as wildfires, floods, hurricanes, tropical storms, and snow and ice storms, have impacted, and may in the future impact, our customers, associates, facilities and third-party vendors located in the affected area. Furthermore, climate change could result in certain types of natural disasters occurring more frequently or with more intense effects, which could have a long-term impact on general economic conditions and the health benefits and pharmacy services industries in particular.
LEGAL, REGULATORY AND PUBLIC POLICY RISKS
We are subject to significant government regulation, and changes or proposed changes in the regulation of our business by federal and state regulators may adversely affect our business, cash flows, financial condition and results of operations and the market price of our securities.
-30-
We are subject to significant state and federal regulation across many aspects of our business, including, but not limited to, licensing, premiums, marketing activities, provider contracting, access and payment standards, and corporate governance and financial reporting matters, as described in greater detail in Part I, Item 1, “Business - Regulation” in this Annual Report on Form 10-K. Further, the integration into our business of entities that we acquire, or our expansion into new businesses or jurisdictions, may increase our regulatory risk and affect how existing laws and rules apply to us. Further, the integration into our business of entities that we acquire, or the expansion of our business into new businesses or jurisdictions, may affect the way in which existing laws and rules apply to us.
Frequent and sometimes unpredictable changes to existing laws, rules and regulations or judicial interpretation, application or enforcement thereof, or development of new laws, rules, regulatory interpretations or judgments could force us to change how we conduct our business, affect the products and services we offer (and where we offer them), restrict revenue and enrollment growth, increase our costs, including operating, healthcare technology and administrative costs, restrict our ability to obtain new product approvals, modify existing products, and implement changes in premium rates, and require enhancements to our compliance infrastructure and internal controls environment.Changes to existing laws, rules and regulations or judicial interpretation, application or enforcement thereof, or development of new laws, rules, regulatory interpretations or judgments could force us to change how we conduct our business, affect the products and services we offer (and where we offer them), restrict revenue and enrollment growth, -29-increase our costs, including operating, healthcare technology and administrative costs, restrict our ability to obtain new product approvals and implement changes in premium rates, and require enhancements to our compliance infrastructure and internal controls environment, which could adversely impact our business and results of operations. Any of these developments could adversely impact our business and results of operations. In addition, legislative and/or regulatory policies or proposals that seek to manage the healthcare industry or otherwise impact our business may cause the market price of our securities to decrease, even if such policies or proposals never become effective. In particular, further regulations and modifications to the ACA and laws and regulations stemming from the ACA could impact the market for our products, funding for ACA programs, the regulations applicable to us, the methodologies used to determine our reimbursement, and the fees and taxes payable by us and otherwise affect our business and future operations, any of which may adversely affect our financial condition and results of operations. In particular, further regulations and modifications to the ACA and laws and regulations stemming from the ACA could impact the market for our products, funding for ACA programs, the regulations applicable to us and the fees and taxes payable by us and otherwise affect our business and future operations, some of which may adversely affect our financial condition and results of operations.
Furthermore, legislative or regulatory actions intended to address rising health-care costs or affordability concerns may result in the imposition of additional requirements on health insurers, including mandated benefits, restrictions on premium increases, or other pricing limitations, which could increase costs, constrain pricing flexibility, and adversely affect our financial condition and results of operations. In addition, this could negatively affect our operations, cause system disruptions, damage our reputation, cause membership losses and contract breaches, and could also result in regulatory enforcement actions, material fines and penalties, litigation or other actions that could have a material adverse effect on our business, cash flows, financial condition and results of operations.
We expect state legislatures will continue to focus on healthcare delivery and financing issues, including actions to reduce or limit increases to premium payments, provider billing protections, access to care and other reforms of state health insurance markets. We expect state legislatures will continue to focus on healthcare delivery and financing issues, including actions to reduce or limit increases to premium payments, provider billing protections, greater access to care and broader reforms of state health insurance markets. State ballot initiatives could also be put to voters that could adversely impact our operating environment. State ballot initiatives could also be put to voters that could materially impair our operating environment. If enacted into law, these state proposals and actions could have an adverse impact on our business, cash flows, operations or financial condition. If enacted into law, these state proposals and actions could have a material adverse impact on our business, cash flows, operations or financial condition. Additionally, state legislative actions and litigation could impact ERISA pre-emption. Further, Congress has considered, and may consider in the future, various forms of managed care reform legislation which, if adopted, could fundamentally alter the treatment of coverage decisions under ERISA, including limiting ERISA’s preemptive effect on state laws, and could increase our costs, expose us to expanded liability, permit greater state regulation of our operations, or require us to revise the ways in which we conduct business. Further, in the past, Congress has considered, and may consider in the future, various forms of managed care reform legislation which, if adopted, could fundamentally alter the treatment of coverage decisions under ERISA, including limiting ERISA’s preemptive effect on state laws, and other laws and could increase our costs, expose us to expanded liability, permit greater state regulation on our operations, or require us to revise the ways in which we conduct business.
We are required to obtain and maintain insurance licenses and other regulatory approvals to market certain of our products and services, to increase prices for certain regulated products and services and to consummate some of our acquisitions and dispositions. We are required to obtain and maintain insurance, licenses and other regulatory approvals to market certain of our products and services, to increase prices for certain regulated products and services and to consummate some of our acquisitions and dispositions. Delays in obtaining or failure to obtain or maintain these approvals, as well as future regulatory action by state or federal authorities, could have an adverse effect on the profitability or marketability of our health benefits, pharmacy services, healthcare and other products and services or on our business, financial condition, and results of operations. Delays in obtaining or failure to obtain or maintain these approvals, as well as future regulatory action by state or federal authorities, could have a material adverse effect on the profitability or marketability of our health benefits, pharmacy services, healthcare and other products and services or on our business, financial condition, and results of operations. In addition, changes in government regulations, policies or funding that apply to government-sponsored programs such as Medicare and Medicaid including, among other things, reimbursement levels, quality-based bonus payment determinations, eligibility and redetermination requirements, taxes or assessments for our programs, such as premium taxes on health insurance, benefit coverage requirements, rate-setting methodologies, audit and oversight practices, and additional governmental participation, have adversely affected, and could in the future adversely affect, our business, cash flows, financial condition, and results of operations.
We have experienced past assessments under state or federal insolvency or guaranty association laws applicable to insurance companies, HMOs and other payers, and may experience assessments in the future if, for example, premiums established by other companies for their health insurance products, including certain long-term care products, are inadequate to cover their costs. Any such assessment could expose us to the risk of paying a portion of an impaired or insolvent insurance company’s claims through state guaranty associations. We are not currently able to estimate our potential financial obligations, losses or the availability of offsets associated with future guaranty association assessments; however, any significant increase in guaranty association assessments could have an adverse effect on our business, cash flows, financial condition, and results of operations. We are not currently able to estimate our potential financial obligations, losses or the availability of offsets associated with potential guaranty association assessments; however, any significant increase in guaranty association assessments could have a material adverse effect on our business, cash flows, financial condition, and results of operations.
We are subject to various risks associated with our international operations.
As we expand and operate our business outside of the U.S., we are presented with different challenges, including challenges in adapting to new markets, languages, business, labor and cultural practices, regulatory environments and local civil unrest or political controversy. Adapting to these challenges could require us to devote significant senior management attention and other resources. If we are unable to successfully manage our international operations, our business, cash flows, financial condition and results of
-31-
operations could be adversely affected. In the future, we may acquire or operate new businesses outside of the U.S., increasing our exposure to these risks.
Certain of our subsidiaries operate internationally and are subject to regulation in the jurisdictions in which they are organized or conduct business related to, among other things, local and cross border taxation, intellectual property, investment, currency rate differentials, management control, labor, anti-fraud, anti-corruption and privacy and data protection, which vary by jurisdiction.Certain of our subsidiaries operate internationally and are subject to regulation in the jurisdictions in which they are organized or conduct business related to, among other things, local and cross border taxation, intellectual property, -30-investment, management control, labor, anti-fraud, anti-corruption and privacy and data protection, which vary by jurisdiction. In addition, we are subject to U.S. laws that regulate the conduct and activities of U.S.-based businesses operating abroad, such as the Foreign Corrupt Practices Act. Violations of these laws and regulations could result in fines, criminal sanctions against us, our officers or associates, restrictions or outright prohibitions on the conduct of our business and significant reputational harm and could adversely affect our ability to market our products and services, which may have an adverse effect on our business, financial condition and results of operations.
We face risks related to litigation. We face risks related to litigation.
We are, and may in the future be, a party to a variety of private party and governmental legal actions and investigations that may affect our business, such as administrative charges before government agencies, employment and employment discrimination-related suits, employee benefit claims, breach of contract actions, tort claims, intellectual property-related litigation and settlements. In addition, because of the nature of our business, we are subject to a variety of legal actions relating to our business operations, including the design, administration and offering of our products and services. These could include claims relating to the denial or limitation of health benefits; federal and state false claims act laws; dispensing of drugs associated with our pharmacy services business; professional liability claims arising out of the delivery of healthcare and related services to the public; development or application of medical policies and coverage and clinical guidelines; medical malpractice actions; allegations of anti-competitive and unfair business activities; provider disputes over reimbursement and contracts; provider tiering programs; narrow networks; termination of provider contracts; the recovery of overpayments from providers; fee-based business; disputes over co-payment calculations; reimbursement of out-of-network claims; the failure to disclose certain business practices; the failure to comply with various state or federal laws, including but not limited to ERISA and the Mental Health Parity Act; the calculation of minimum MLR and rebates related thereto; claims related to privacy, intellectual property and vendor disputes; claims related to our use of personal information and other proprietary data; and customer audits and contract performance, including government contracts. These could include claims relating to the denial or limitation of health benefits; federal and state false claims act laws; dispensing of drugs associated with our pharmacy services business; professional liability claims arising out of the delivery of healthcare and related services to the public; development or application of medical policies and coverage and clinical guidelines; medical malpractice actions; allegations of anti-competitive and unfair business activities; provider disputes over reimbursement and contracts; provider tiering programs; narrow networks; termination of provider contracts; the recovery of overpayments from providers; fee-based business; disputes over co-payment calculations; reimbursement of out-of-network claims; the failure to disclose certain business practices; the failure to comply with various state or federal laws, including but not limited to, ERISA and the Mental Health Parity Act; and customer audits and contract performance, including government contracts. These actions or proceedings could result in substantial costs to us, require management to spend substantial time focused on litigation, result in negative media attention, and may adversely affect our business, reputation, financial condition, results of operations and cash flows.
We are also involved in, or may in the future be party to, pending or threatened litigation incidental to the business we transact or arising out of our operations, including, but not limited to, breaches of security and violations of privacy requirements, shareholder actions, compliance with federal and state laws and regulations (including qui tam or “whistleblower” actions), or sales and acquisitions of businesses or assets. From time to time, we are involved as a party in various governmental inquiries, investigations, audits, reviews and administrative proceedings, including challenges relating to the award of government contracts. From time to time, we are involved as a party in various governmental investigations, audits, reviews and administrative proceedings, including challenges relating to the award of government contracts. These investigations, audits and reviews include routine and special investigations by state insurance departments, various federal regulators including CMS and the HHS Office of Inspector General, state attorneys general, the Department of Justice, and various offices of the U.S. Attorney General. Following an investigation, we may be subject to civil or criminal fines, penalties, and other sanctions if we are determined to be in violation of applicable laws or regulations. Liabilities that may result from these actions could have an adverse effect on our cash flows, results of operations and financial condition. Liabilities that may result from these actions could have a material adverse effect on our cash flows, results of operations and financial condition.
Recent court decisions and legislative activity may increase our exposure for any of these types of claims. In some cases, substantial non-economic (including injunctive relief), treble or punitive damages may be sought. Our international footprint also subjects us to additional potential disputes or differing interpretations related to contractual rights, tax positions, and regulatory oversight. Some liabilities and damages may not be covered by the insurance we carry, insurers may dispute coverage, or the amount of insurance may not be enough to cover the damages awarded. In addition, insurance coverage for all or certain forms of liability may become unavailable or prohibitively expensive in the future. Any adverse judgment against us resulting in such damage awards could result in negative publicity and have an adverse effect on our cash flows, results of operations and financial condition.
There are various risks associated with providing health benefits and other healthcare diversified products and services.
We continue to evolve our business to offer products and services beyond traditional health insurance, including digital health technology, pharmacy services, home health, and behavioral and clinical care services, which subjects us to litigation and regulatory risks that are different from our traditional product and services offerings and may adversely affect our exposure to other risks. We continue to evolve our business to offer products and services beyond traditional health insurance, including digital health technology, pharmacy services, behavioral and clinical care services, which subjects us to litigation and regulatory risks that are different from our traditional product and services offerings and may materially affect our exposure to other risks.
The direct provision of healthcare services by certain of our subsidiaries involves risks of additional litigation brought against us or our associates for alleged malpractice or professional liability claims arising out of the delivery of healthcare and related
-32-
services. In addition, liability may arise from maintaining healthcare premises that serve the public. Further, payment disputes with third party payers may result in unexpected reduction in payments or significantly delayed payments for health-care services delivered which may adversely affect our business, cash flows, financial condition and results of operations. Behavioral health services may also raise the risk profile of our business given the critical and sensitive nature of the services provided. In addition, we are, to a certain extent, self-insured with regard to litigation risks, including claims of medical malpractice against our affiliated physicians and us, and it is possible that the level of actual losses will significantly exceed the liabilities recorded for our estimates of the probable costs resulting from self-insured matters. The defense of any actions may result in significant expenses, and if we fail to maintain adequate insurance coverage for these liabilities, or if such insurance is not available, the resulting costs could adversely affect our business, cash flows, financial condition and results of operations. As we become more involved in direct care delivery and the provision of other services, such as crisis management services, there will be an increased possibility of litigation.
Additionally, many states in which certain of our subsidiaries operate limit the practice of medicine to licensed individuals or professional organizations comprised of licensed individuals. Additionally, many states in which certain of our subsidiaries operate limit the practice of medicine to licensed individuals or professional organizations comprised of licensed individuals. Business corporations generally may not exercise control over the medical decisions of physicians, and we are not licensed to practice medicine. Rules and regulations relating to the practice of medicine, fee-splitting between physicians and referral sources, and similar issues vary from state to state, and any enforcement actions by governmental officials alleging non-compliance with these rules and regulations could adversely affect our business, cash flows, financial condition and results of operations. Further, in certain states we are required to use professional corporations that are not affiliates, which exposes us to risk in the event the physician owners of those professional corporations take actions that are in breach of the contractual obligations that exist between us.
We rely on agreements with customers, confidentiality agreements with associates and third parties, and our trademarks, trade secrets, copyrights and patents to protect our proprietary rights. These legal protections and precautions may not prevent misappropriation of our proprietary information. Litigation and misappropriation of our proprietary information could hinder our ability to market and sell products and services, which could adversely affect our results of operations, financial position and cash flows. Litigation and misappropriation of our proprietary information could hinder our ability to market and sell products and services, which could materially and adversely affect our results of operations, financial position and cash flows. Further, certain of our businesses use, develop or sell software products that may contain unexpected design defects or may encounter unexpected complications during integration or when used with other technologies utilized by the customer. A failure of these products to operate as intended and in a seamless fashion with other products could also adversely affect our results of operations, financial position and cash flows. A failure of these products to operate as intended and in a seamless fashion with other products could also materially and adversely affect our results of operations, financial position and cash flows. In addition, the design of certain of our software products may expose us to allegations of intellectual property infringement and/or intellectual property infringement litigation, which could result in adverse outcomes.
Our pharmacy services business and pharmacy related operations are subject to various risks and uncertainties.
We provide pharmacy services and are responsible to regulators, our members and customers for the delivery of those pharmacy services that we contract to provide. We provide pharmacy services and are responsible to regulators and our customers for the delivery of those pharmacy services that we contract to provide. Our pharmacy services business is subject to the risks inherent in the dispensing, packaging, fulfillment and distribution of pharmaceuticals and other healthcare products, including exposure to liabilities and reputational harm related to clinical quality, patient safety, infusion center operations, and other risks inherent in these activities, and other operational errors by us or our pharmacy services suppliers. Our pharmacy services business is subject to the risks inherent in the dispensing, packaging, fulfillment and distribution of pharmaceuticals and other healthcare products, including exposure to liabilities and reputational harm related to purported dispensing and other operational errors by us or our pharmacy services suppliers. Any failure by us or one of our pharmacy services suppliers to adhere to the laws and regulations applicable to the dispensing of pharmaceuticals could subject our pharmacy services business to civil and criminal penalties.
Our pharmacy services business is subject to federal and state laws and regulations that govern its relationships with pharmaceutical manufacturers, physicians, pharmacies and customers, including without limitation, federal and state anti-kickback laws, beneficiary inducement laws, consumer protection laws, ERISA, HIPAA and laws related to the operation of mail-service pharmacies, as well as an increasing number of licensure, registration and other laws and accreditation standards that impact the business practices of a pharmacy services business. In addition, the pharmacy services business, which conducts business through home delivery, infusion and specialty pharmacies, is subject to federal and state laws and regulations, including those of state boards of pharmacy, individual state-controlled substance authorities, the U.S. Drug Enforcement Agency and the U.S. Food and Drug Administration. Growth of our home delivery, specialty pharmacy and infusion services businesses subjects us to an increase in licensure requirements, and to statutory, regulatory and operational risks due to the integrated nature of our pharmacy services business. Growth of our home delivery and specialty pharmacy business subjects us to an increase in licensure requirements, and regulatory and operational risks as our pharmacy services business becomes more vertically integrated. Also, we and our third-party vendors are subject to certain registration requirements and state and federal laws related to the practice of pharmacy. Also, we and our third-party vendors may be subject to certain registration requirements and state and federal laws related to the practice of pharmacy. Noncompliance with applicable laws and regulations by us or our third-party vendors could have adverse effects on our business, results of operations, financial condition, liquidity and reputation. Noncompliance with applicable laws and regulations by us or our third-party vendors could have material adverse effects on our business, results of operations, financial condition, liquidity and reputation.
Federal and state legislatures and regulators also regularly consider new laws and regulations as well as changes to existing requirements that could adversely affect current industry practices and our business. These new and changing laws and regulations include or could include changes to compensation, prohibitions or limitations on spread pricing contracting, requirements regarding rebates and/or fees, additional data reporting to plan sponsors and public sources, restrictions on the development and use of formularies and other utilization management tools, the use of average wholesale prices or other pricing benchmarks, pricing for
-33-
specialty pharmaceuticals, limited access to networks, prohibitions on pharmacy steering and pharmacy network reimbursement methodologies, and reporting requirements, as well as greater state regulation of pharmacy benefit managers, their ownership of pharmacy services and state involvement in the self-insured and Medicare Part D markets, which are typically preempted by federal law. Further, various government agencies have conducted and continue to conduct investigations and studies into certain pharmacy services practices, which have resulted and may in the future result in pharmacy benefit managers agreeing to civil penalties, including the payment of money and entry into corporate integrity agreements, or could adversely impact the pharmacy services business model. Further, various government agencies have conducted and continue to conduct investigations and studies into certain pharmacy services practices, which have resulted and may in the future result in PBMs agreeing to civil penalties, including the payment of money and entry into corporate integrity agreements, or could materially and adversely impact the pharmacy services business model.
Recently, California enacted legislation that significantly regulates pharmacy benefit managers and pharmacy pricing practices. The law imposes requirements related to price transparency, restrictions on spread pricing, rebate pass-through obligations, licensing, and fiduciary duties. In addition, Congress recently passed the Consolidated Appropriations Act of 2026, which includes pharmacy benefit manager reforms requiring pharmacy benefit managers to remit all rebates, fees (other than bona fide service fees), and other remuneration received from entities such as manufacturers and group purchasing organizations to commercial plan sponsors, and to provide detailed commercial claims reporting, effective thirty months after enactment. The legislation also imposes extensive reporting requirements and delinks pharmacy benefit manager compensation in Medicare Part D by prohibiting pharmacy benefit managers from receiving remuneration related to Part D drugs in any form other than bona fide service fees that cannot be based on a drug’s price, effective in 2028. There continues to be the potential that similar or additional legislation may be adopted at the state or federal level. These changes in legislation within the prescription drug industry and pharmacy benefit management practices have both short-term and long-term impacts that could have an adverse effect on our business and results of operations.
We are a party to license agreements with the BCBSA that entitle us to the exclusive and, in certain areas, non-exclusive use of the BCBS names and marks in our geographic territories. We are a party to license agreements with the BCBSA that entitle us to the exclusive and, in certain areas, non-exclusive use of the BCBS names and marks in our geographic territories. The termination of these license agreements or changes in the terms and conditions of these license agreements could adversely affect our business, cash flows, financial condition and results of operations.
Our license agreements with the BCBSA contain certain requirements and restrictions regarding our operations and our use of the BCBS names and marks, and failure to comply with those requirements could result in a termination of the license agreements. Our license agreements with the BCBSA contain certain requirements and restrictions regarding our operations and our use of the BCBS names and marks, and failure to comply with those requirements could result in a termination of the license agreements. The license agreements may be modified by the BCBSA, which could have an adverse effect on our future expansion plans or results of operations. The license agreements may be modified by the BCBSA, which could have a material adverse effect on our future expansion plans or results of operations. Further, BCBS licensees have certain requirements to perform administrative services for members of other BCBS licensees. As of December 31, 2025, we provided health benefit and other healthcare services to approximately 34 million Blue Cross and/or Blue Shield enrollees. If we or another BCBS licensee are not in compliance with all legal requirements or are unable to perform administrative services as required, this could have an adverse effect on our members and our ability to maintain our licenses, which could have an adverse effect on our business, cash flows, financial condition and results of operations.
Upon the occurrence of an event causing termination of the license agreements, we would no longer have the right to use the BCBS names and marks or to sell BCBS health insurance products and services in one or more of our service areas. Furthermore, the BCBSA would be free to issue a license to use the BCBS names and marks in these service areas to another entity. Our existing BCBS members would be provided with instructions for obtaining alternative products and services licensed by the BCBSA. We believe that the BCBS names and marks are valuable identifiers of our products and services in the marketplace.
Upon termination of either license agreement, the BCBSA would have the right to impose a “Re-establishment Fee” upon us, which would be used in part to fund the establishment of a replacement Blue Cross and/or Blue Shield licensee in the vacated service area. The fee is set at $98.33 per licensed enrollee. If the Re-establishment Fee were applied to our total Blue Cross and/or Blue Shield enrollees of approximately 34 million as of December 31, 2025, we would be assessed approximately $3 billion by the BCBSA. If the Re-establishment Fee was applied to our total Blue Cross and/or Blue Shield enrollees of approximately 35 million as of December 31, 2023, we would be assessed approximately $3 billion by the BCBSA. As a result, termination of the license agreements would have an adverse effect on our business, cash flows, financial condition and results of operations. As a result, termination of the license agreements would have a material adverse effect on our business, cash flows, financial condition and results of operations. For more information on the BCBSA license agreements, including requirements, restrictions and termination events set forth in these license agreements, see Part I, Item 1, “Business - BCBSA Licenses” of this Annual Report on Form 10-K.
Indiana law, other applicable laws, our articles of incorporation and bylaws, and provisions of our BCBSA license agreements may prevent or discourage takeovers and business combinations that our shareholders might consider to be in their best interests.
Indiana law, other applicable laws and regulations and provisions in our articles of incorporation and bylaws may delay, defer, prevent or render more difficult a takeover attempt that our shareholders might consider to be in their best interests. Indiana law, other applicable laws and regulations and provisions in our articles of incorporation and bylaws may delay, defer, prevent or render more difficult a takeover attempt that our shareholders might consider to be in their best interests. For instance, they may prevent our shareholders from receiving the benefit from any premium to the market price of our common stock offered by a bidder in a takeover context or adversely affect the price that some investors are willing to pay for our stock.
The insurance holding company system acts and certain health statutes of the states in which our insurance company or HMO subsidiaries are regulated restrict the ability of any person to obtain control of an insurance company or HMO without prior
-34-
regulatory approval. Further, the Indiana Business Corporation Law contains business combination provisions that, in general, prohibit for five years any business combination with a beneficial owner of 10% or more of our common stock unless the holder’s acquisition of the stock was approved in advance by our Board of Directors.
Our articles of incorporation and bylaws contain provisions that could have anti-takeover effects and may delay, defer or prevent a takeover attempt that our shareholders might consider to be in their best interests. Our articles of incorporation provide that no person may beneficially own shares of voting capital stock beyond specified ownership limits, except with the prior approval of a majority of the “continuing directors.” The ownership limits, which may not be exceeded without the prior approval of the BCBSA, are the following: (1) for any institutional investor (as defined in our articles of incorporation), one share less than 10% of our outstanding voting securities; (2) for any non-institutional investor (as defined in our articles of incorporation), one share less than 5% of our outstanding voting securities; and (3) for any person, one share less than the number of shares of our common stock or other equity securities (or a combination thereof) representing a 20% ownership interest in us.
In addition, our articles of incorporation and bylaws: divide our Board of Directors into three classes serving staggered three-year terms (which is required by our license agreements with the BCBSA); permit our Board of Directors to determine the terms of and issue one or more series of preferred stock without further action by shareholders; restrict the maximum number of directors and the ability to increase that number; limit the ability of shareholders to remove directors; impose restrictions on shareholders’ ability to fill vacancies on our Board of Directors; impose advance notice requirements for shareholder proposals and nominations of directors to be considered at meetings of shareholders; prohibit shareholders from amending certain provisions of our bylaws; and impose restrictions on who may call a special meeting of shareholders.
The health benefits industry is subject to negative publicity and sentiment, which could adversely affect our business, cash flows, financial condition and results of operations.
Negative publicity and sentiment in the healthcare industry is driven by factors that include, but are not limited to, premium rates, prior authorization practices, cost of care initiatives, level of customer satisfaction with our products and services and debate about current or proposed legislation. Such publicity and sentiment may lead to increased regulation and legislative review of industry practices, which may increase business costs and impact profitability by constraining our ability to market, maintain or expand our product and service offerings and result in increased regulatory oversight of our operations. Negative publicity and sentiment regarding the health benefits industry in general, the BCBSA, other BCBSA licensees, us, or our key vendors could limit our ability to attract and retain talent, impact the security of our workforce, and adversely affect our business, cash flows, financial condition and results of operations.
STRATEGIC RISKS
We face competition in many of our markets, and if we fail to adequately adapt to changes in our industry and develop and implement strategic growth opportunities, our ability to compete and grow may be adversely affected.
As a health company offering health benefits, pharmacy services and other diversified products and services, we operate in a highly competitive industry that is subject to significant changes from and competition due to legislative reform, business consolidations, new strategic alliances, new market entrants, aggressive marketing practices, technological advancements and changing market practices. We also must respond to pricing and other actions taken by existing competitors, suppliers, and new entrants that could disrupt our business. We also must respond to pricing and other actions taken by existing competitors and potentially disruptive new entrants in the Public Exchanges and in our other lines of business. These factors have produced and will continue to produce significant pressures on our profitability and membership. Furthermore, decisions to buy our products and services are increasingly made or influenced by consumers, through means such as direct purchasing (for example, Medicare Advantage plans) and insurance exchanges that allow individual choice, or by large employers that may increasingly be able to contract directly with providers. Our success and future growth depend on our ability to compete effectively under these unique market pressures in the consumer-driven marketplace, and our ability to develop and deliver innovative and potentially disruptive products and services to satisfy evolving market demands.
In addition, the pharmacy services industry is highly competitive, and our pharmacy services business unit is subject to competition from national, regional and local pharmacy services providers, other insurers, health plans, large retail pharmacy chains, large retail stores, supermarkets, mail order, web, and direct-to-consumer pharmacies, discount cards and specialty pharmacies. Strong competition within the pharmacy services business has generated greater demand for lower product and service pricing and enhanced product and service offerings. Our inability to maintain positive trends, satisfy financial commitments to customers, or to contract on favorable terms with CVS, wholesalers or pharmaceutical manufacturers for, among other things, rebates, discounts, administrative fees and inventory purchase prices, or a failure to identify and implement new ways to mitigate pricing pressures, could negatively impact our ability to attract or retain customers, negatively impact our margins and have an adverse effect on our business and results of operations. Our inability to maintain positive trends, contract on favorable terms with CVS, wholesalers or pharmaceutical manufacturers for, among other things, rebates, discounts, administrative fees and inventory purchase prices, or a failure to identify and implement new ways to mitigate pricing pressures, could negatively impact our ability to attract or retain customers, negatively impact our margins and have a material adverse effect on our business and results of operations. In addition, legislative reforms such as the regulation issued by HHS related to rebates and the
-35-
2021 Appropriations Act, which requires reporting of plan spending, the cost of plan pharmacy benefits, enrollee premiums and any manufacturer rebates received by the plan or issuer, may adversely affect our competitive position, cash flows, financial condition and results of operations.
In order to achieve our long-term financial targets, we need to not only grow our profitable medical membership, but also continue to profitably grow and diversify our sources of revenue and earnings, including through the increased sale of our pharmacy services, both integrated and external, other healthcare services and products, and specialty products, expand our products and services and establish new cost of care solutions. If we are unable to execute our strategy with respect to the growth of our healthcare, pharmacy services, and other diversified products and services businesses, or if we are unable to acquire or develop and successfully manage new opportunities that further our strategic objectives and differentiate our products and services from our competitors, our ability to profitably grow our business could be adversely affected.
We are currently dependent on the non-exclusive services of independent agents and brokers in the marketing of our healthcare products, particularly with respect to individuals, seniors and certain group customers. We face intense competition for the services and allegiance of these independent agents and brokers, who may also market the products of our competitors. Our relationship with our brokers and independent agents could be adversely impacted by changes in our business practices to address legislative changes, including potential reductions in commissions and consulting fees paid to agents and brokers. We cannot ensure that we will be able to compete successfully against current and future competitors for these services or that competitive pressures faced by us will not adversely affect our business, cash flows, financial condition and results of operations.
For additional information, see “Business - Competition” in Part I, Item 1 of this Annual Report on Form 10-K.
We have built a significant portion of our current business through mergers and acquisitions, joint ventures, strategic alliances and investments, and although we expect to pursue such opportunities in the future, we are subject to risks resulting from such business combinations.
The following are some of the risks associated with mergers, acquisitions, divestitures, joint ventures and strategic alliances and investments, referred to collectively as business combinations, that could have an adverse effect on our business, cash flows, financial condition and results of operations:
•some business combinations may not achieve anticipated revenues, earnings or cash flow, business opportunities, synergies, growth projections or other anticipated benefits;
•we may assume liabilities that were not disclosed to us, or which were underestimated, and which could lead to legal challenges, investigations and enforcement actions, and we may not be able to adequately recover from sellers or insurance carriers for such assumed liabilities;
•we may experience difficulties in integrating business combinations, including into our internal control environment and culture, be unable to integrate business combinations successfully or as quickly as expected and be unable to realize anticipated economic, operational and other benefits in a timely manner or at all;
•business combinations and proposed business combinations that are not completed could disrupt our ongoing business, lead to the incurrence of significant fees, distract management, result in the loss of key associates, divert resources, result in tax costs or inefficiencies and make it difficult to maintain our current business standards, controls, information technology systems, policies and procedures;
•IT system vulnerabilities may be more acute for IT systems associated with recently acquired businesses, and we may be unable to address such vulnerabilities, inadequacies, or failures immediately after acquiring a business, which could undermine integration activities, delay launch of acquired products, and increase infrastructure risk;
•we may finance future business combinations by issuing common stock for some or all of the purchase price, which could dilute the ownership interests of our shareholders;
•we may compete with other firms, some of which may have greater financial and other resources, to acquire attractive companies;
•we may experience disputes with or competition from our partners or former partners in our strategic alliances, investments and joint ventures, which could result in litigation or a loss of business;
•we may not be able to obtain required regulatory approval for an acquisition, in a timely manner, or at all, and government actions such as actions by the Federal Trade Commission, Department of Justice, or state governmental agencies may affect our ability to complete our business combinations, which could result in additional expenditures required to develop products and services internally, place us at a competitive disadvantage, or impact market perceptions of our business and brand;
•the integration of entities we acquire into our business may affect the way in which existing and future laws and rules apply to us, including expansion of applicability; and
-36-
•future business combinations may make it difficult to comply with the requirements of the BCBSA and lead to a risk that our BCBSA license agreements may be terminated.
We face intense competition to attract and retain associates. Further, managing key executive succession and retention is critical to our success.
Our success depends on our ability to attract, develop and retain qualified associates, including those with diverse backgrounds, experience and skill sets, to operate and expand our business. Our success depends on our ability to attract, develop and retain qualified associates, including those with diverse backgrounds, experience and skill sets, to operate and expand our business. We face intense competition for experienced and highly skilled associates, and we may be unable to attract and retain such associates, or competition among potential associates may result in increasing salaries. Further, adverse changes to our corporate culture could harm our business operations and our ability to retain key associates and executives. Adverse changes to our corporate culture could harm our business operations and our ability to retain key associates and executives. An inability to retain and attract associates and executives could have an adverse effect on our business, cash flows, financial condition and results of operations. An inability to retain existing associates or attract additional associates could have a material adverse effect on our business, cash flows, financial condition and results of operations.
In addition, if we are unable to attract, retain and effectively manage the succession plans for key associates and executives, including our President and Chief Executive Officer, our business, results of operations and future performance could be adversely affected. We may have difficulty in replacing key executives because of the limited number of qualified individuals with the breadth of skills and experience required to operate and successfully expand our business. The succession plans we have in place for members of our senior management and employment arrangements with certain key executives do not guarantee that the services of our senior executives will continue to be available to us or that we will be able to attract, transition and retain suitable successors.
Restrictions on our ability to obtain funds from our regulated subsidiaries could limit our ability to repurchase shares, pay dividends and meet our obligations and adversely affect our business, cash flows, financial condition and results of operations. Restrictions on our ability to obtain funds from our regulated subsidiaries could limit our ability to repurchase shares, pay dividends and meet our obligations and materially adversely affect our business, cash flows, financial condition and results of operations.
As a holding company, we are dependent on dividends and administrative expense reimbursements from our subsidiaries. Among other restrictions, state insurance and HMO laws restrict the ability of most of our regulated subsidiaries to pay dividends. In some states, we have made special undertakings that may further limit the ability of our regulated subsidiaries to pay dividends. Our ability to repurchase shares, pay dividends to our shareholders and meet our obligations, including paying operating expenses and debt service on our outstanding and future indebtedness, will depend upon the receipt of dividends from our subsidiaries. An inability of our subsidiaries to pay dividends in the future in an amount sufficient for us to meet our financial obligations may adversely affect our business, cash flows, financial condition and results of operations. An inability of our subsidiaries to pay dividends in the future in an amount sufficient for us to meet our financial obligations may materially adversely affect our business, cash flows, financial condition and results of operations.
In addition, most of our regulated subsidiaries are subject to minimum capital requirements and periodic financial reporting that require them to report their results of risk-based capital calculations to the departments of insurance and the NAIC. Failure to maintain these minimum standards could subject our regulated subsidiaries to corrective action, including state supervision or liquidation. We are also a party to license agreements with the BCBSA which contain additional minimum capital and liquidity requirements. Changes to existing minimum capital requirements could further restrict the ability of our regulated subsidiaries to pay dividends and adversely affect our business.
Our regulated subsidiaries are subject to state laws and regulations that require diversification of their investment portfolios and limit the amount of investments in certain investment categories. Failure to comply with these laws and regulations might cause investments exceeding regulatory limitations to be treated as non-admitted assets for purposes of measuring statutory surplus and risk-based capital, and in some instances, require the sale of those investments.
We have substantial indebtedness outstanding and may incur additional indebtedness in the future, which could adversely affect our ability to pursue desirable business opportunities and to react to changes in the economy or our industry.
Our debt service obligations require us to use a portion of our cash flow to pay interest and principal on debt instead of for other corporate purposes, including funding future expansion. Our debt service obligations require us to use a portion of our cash flow to pay interest and principal on debt instead of for other corporate purposes, including funding future expansion. We are exposed to interest rate risk to the extent of our variable rate indebtedness. Increases in interest rates could increase our cost of borrowing, and volatility in U.S. and global financial markets could impact our access to, or further increase the cost of, financing. If our cash flow and capital resources are insufficient to service our debt obligations, we may be forced to seek extraordinary dividends from our subsidiaries, sell assets, seek additional equity or debt capital or restructure our debt. However, these measures might be unsuccessful or inadequate to meet scheduled debt service obligations or may not be available on commercially reasonable terms.
We may also incur future debt obligations that might subject us to restrictive covenants that could affect our financial and operational flexibility. Our breach or failure to comply with any of these covenants could result in a default under our credit facilities or other indebtedness. If we default under our credit agreement, the lenders could cease to make further extensions of credit or cause all of our outstanding debt obligations under our credit agreement to become immediately due and payable, together
-37-
with accrued and unpaid interest. If the indebtedness under our notes or our credit agreement or our other indebtedness is accelerated, we may be unable to repay or finance the amounts due, on commercially reasonable terms, or at all.
A downgrade in our credit ratings could have an adverse effect on our business, cash flows, financial condition and results of operations. A downgrade in our credit ratings could have an adverse effect on our business, cash flows, financial condition and results of operations.
Claims-paying ability, financial strength and debt ratings by nationally recognized credit rating organizations are important factors in establishing the competitive position of insurance and health benefits companies. Claims-paying ability, financial strength and debt ratings by nationally recognized statistical rating organizations are important factors in establishing the competitive position of insurance and health benefits companies. We believe our strong credit ratings are an important factor in marketing our products to customers. In addition, if our credit ratings are downgraded or placed under review, our business, cash flows, financial condition and results of operations could be adversely impacted by limitations on future borrowings and a potential increase in our borrowing costs. Each of the ratings organizations reviews our ratings periodically, and there can be no assurance that our current ratings will be maintained in the future.
The value of our intangible assets may become impaired.
As of December 31, 2025, we had approximately $39.5 billion of goodwill and other intangible assets, representing 32.5% of our total consolidated assets. In accordance with applicable accounting standards, we periodically evaluate our goodwill and other intangible assets for potential impairment, using assumptions and judgments regarding the estimated fair value of our reporting units. Estimated fair values might be significantly different if other reasonable assumptions and estimates were to be used. If estimated fair values are less than the carrying values of goodwill and other intangible assets with indefinite lives in future impairment tests, or if significant impairment indicators are noted relative to other intangible assets subject to amortization, we may be required to record impairment losses against future income.
The value we place on intangible assets may be adversely impacted if existing or future business combinations fail to perform in a manner consistent with our assumptions. In addition, from time to time we divest businesses, and any such divestiture could result in significant asset impairment and disposition charges, including those related to goodwill and other intangible assets. Further, the estimated value of our reporting units may be impacted by any future changes to laws and regulations, macroeconomic developments, shifts in competitive dynamics, or other factors that alter the expected cash flows of our reporting units, which could unfavorably affect the carrying value of certain goodwill and other intangible assets and result in impairment charges in future periods. Further, the estimated value of our reporting units may be impacted because of business decisions we make associated with any future changes to laws and regulations, which could unfavorably affect the carrying value of certain goodwill and other intangible assets and result in impairment charges in future periods. Any future evaluations requiring an impairment of our goodwill and other intangible assets could adversely affect our results of operations and shareholders’ equity which could, in turn, negatively impact our debt ratings or adversely impact our compliance with existing debt covenants. Any future evaluations requiring an impairment of our goodwill and other intangible assets could materially affect our results of operations and shareholders’ equity which could, in turn, negatively impact our debt ratings or potentially impact our compliance with existing debt covenants.
The value of our investments is influenced by varying economic and market conditions, and a decrease in value may result in a loss charged to income.
We maintain a significant investment portfolio of cash equivalents and short-term and long-term investments in a variety of securities, which are subject to general credit, liquidity, market and interest rate risks. We maintain a significant investment portfolio of cash equivalents and short-term and long-term investments in a variety of securities, which are subject to general credit, liquidity, market and interest rate risks. As a result, we may experience a reduction in value or loss of our investments, which may have a negative adverse effect on our results of operations, liquidity and financial condition. Changes in the economic environment, including periods of increased volatility in the securities markets, recent changes in interest rates and currency exchange rates, can increase the difficulty of assessing investment impairment and increase the risk of potential impairment of these assets. There is continuing risk that declines in the fair value of our investments may occur and impairments may be charged to income in future periods, resulting in recognized losses. There is continuing risk that declines in the fair value of our investments may occur and material impairments may be charged to income in future periods, resulting in recognized losses.
GENERAL RISKS
We also face other risks that could adversely affect our business, financial condition or results of operations, which include:
•adverse or volatile securities and credit market conditions, which could impact our ability to meet liquidity needs or increase our financing costs;
•any requirement to restate financial results in the event of inappropriate application of accounting principles or the identification of errors or misstatements;
•changes in tax laws and regulations, uncertainty in the interpretation of tax laws and regulations or unfavorable resolutions of exams that could impact the future value of our deferred tax assets and deferred tax liabilities, or result in significant one-time charges in the current or future taxable years or otherwise adversely impact our effective tax rate;
•a significant failure of our internal control over financial reporting or a failure to remediate identified deficiencies;
•provider fraud that is not prevented or detected and impacts our medical costs or those of self-insured customers or exposes us to regulatory scrutiny or liability; and
•failure of our corporate governance policies or procedures or breakdowns in oversight that could impair risk management, compliance, or strategic execution.
-38-
ITEM 1B. UNRESOLVED STAFF COMMENTS.
None.
ITEM 1C. CYBERSECURITY
We operate in a highly regulated industry. Federal, state and international laws and regulations and contractual commitments guide our collection, use and disclosure of confidential information such as protected health information, personal financial information and personally identifiable information. Federal, state and international laws and contractual commitments guide our collection, use and disclosure of confidential information such as protected health information, personal financial information and personally identifiable information. Our success depends on maintaining a high level of trust among our stakeholders, including our customers, business partners, providers, regulators and associates. Failure to effectively secure, maintain and upgrade our information systems, or the availability and integrity of our data, could adversely affect our business, including our business strategy, cash flows, financial condition and results of operations.
Cybersecurity Risk Assessment
The steps we take to reduce vulnerability to cyber-attacks and to mitigate and remediate the impact of cybersecurity incidents in a timely and coordinated manner include, but are not limited to: establishing information security policies and standards, implementing information protection processes, tools and technologies, monitoring information technology systems for cybersecurity threats, coordinating internal reporting, assessing cybersecurity risk profiles of key third-parties, implementing cybersecurity training and collaborating with public and private organizations on cyber threat information and best practices.
In addition to our internal Information Security teams, we utilize trusted third-party auditors and recognized cybersecurity consultants and certified assessors, to assess our cybersecurity risks, related controls, and alignment to relevant regulatory and legal requirements. A third-party evaluates our information security policies, standards and control environment at least annually. A third party evaluates our Information Security Program and control environment at least annually. Assessments and testing protocols are performed by third parties against industry best practices and widely recognized security frameworks.
We face many cybersecurity risks in connection with our business. As of December 31, 2025, no known cybersecurity threats have materially affected, or are reasonably likely to materially affect, the Company, including our business strategy, cash flows, financial condition or results of operations; however, future cybersecurity incidents or threats may materially affect us, including by affecting our business strategy, results of operations or financial conditions. See Part I, Item 1A, “Risk Factors” for more information on our cybersecurity-related risks.
Management and Governance of Cybersecurity Risk
To manage our cybersecurity risk, we employ a cross-organizational steering committee, the Information Security Steering Committee (“ISSC”), that supports the direction and governance of our enterprise-wide Information Security Program. The ISSC is chaired by our Chief Information Security Officer (“CISO”) and is comprised of senior business leaders including our Chief Compliance Officer (“CCO”), Chief Risk Officer (“CRO”), legal counsel, and human resources, procurement and business segment leaders.
-39-
In addition to the ISSC, we have defined risk functions to cover overall enterprise risks and information technology and cybersecurity risks within our enterprise risk management framework, including, but not limited to: our IT Risk Management Program, led by our CISO; our Responsible Artificial Intelligence (“RAI”) Program, led by our Chief Digital and Information Officer; Compliance, led by our CCO; Internal Audit, led by our Chief Audit Executive (“CAE”); Enterprise Risk Management programs led by our CRO; Third-Party Risk Management, comprised of business and information security leaders; IT due diligence processes, led by business, technology and information security leaders; and our Corporate Insurance Program, including cybersecurity insurance, led by our Treasurer.
To evaluate cybersecurity and privacy incidents and enable us to comply with public disclosure requirements, we have a Privacy and Security Incident Response and Reporting Policy and Procedure (the “Policy”) with defined escalation criteria (the “Plan”) in support of our incident response processes. The Plan provides a framework to our Cyber Incident Response Taskforce, comprised of our Chief Privacy Officer (“CPO”), our CISO, legal counsel and business and corporate services leaders, for responding to cybersecurity incidents. The Policy, together with the Plan, identifies applicable requirements for incident disclosure and reporting and also provides protocols for incident evaluation based on the facts and circumstances of each incident, including the use of third-party service providers and partners, processes for notification and internal escalation of information to our senior management, including to our chief legal officer and CEO, a subcommittee of our SEC disclosure committee, and, ultimately, our Board of Directors and appropriate Board committees.In addition, our failure to comply with federal and state healthcare laws and regulations applicable to our participation in Medicaid and Medicare programs, including those directed at preventing fraud, abuse and discrimination, could result in investigations, litigation, fines, restrictions on, or exclusions from, program participation, or the imposition of corporate integrity agreements or other agreements with a federal or state governmental agency, any of which could adversely impact our business, cash flows, financial condition and results of operations. The Policy also addresses requirements for our external reporting obligations. The Policy is reviewed and updated, as necessary, under the leadership of our CISO and CPO.
Our Board oversees and guides our business and oversees our exposure to major risks, including steps taken by management to monitor and mitigate cybersecurity risks. The Board receives and reviews periodic reports from management on various risks, and delegates to its Audit Committee certain oversight responsibilities. The Board monitors cybersecurity risks and receives a report at least quarterly from our CISO regarding our Information Security Program. In addition, certain cybersecurity incidents are escalated to the Board in accordance with our Plan as described above. In addition, certain cybersecurity incidents are escalated to the Board in accordance with our escalation criteria as described below. Periodically, the Board also receives third-party assessments of our information security. Periodically, the Board also receives third party assessments of our information security. The Audit Committee receives regular updates on both information security and data privacy matters, and oversees data privacy, integrity, incident and breach risks.
Cybersecurity Expertise
Our Information Security Program is designed to minimize risk and safeguard the data of our members, customers, and associates. The program is led by our Chief Digital and Information Officer and our CISO, both of whom have extensive backgrounds in information security and technology. Our Chief Digital and Information Officer has more than 25 years of experience, including leading enterprise digital transformation initiatives at major corporations, while our CISO brings over 25 years of experience across technical, operational, and strategic security leadership roles in global organizations.
Our associates, including those responsible for cybersecurity, are evaluated for competence, including the knowledge and skills necessary to accomplish tasks that define associates’ roles and responsibilities, and undergo regular training regarding security-awareness, privacy, ethics and compliance. Our job summaries contain specific educational and knowledge requirements necessary for cybersecurity jobs. In addition, a criminal background check is completed for all new associates and performance reviews are conducted annually to measure performance results and achievements and to assess the job competency of our associates.
Recently Filed
Click on a ticker to see risk factors
| Ticker * | File Date |
|---|---|
| AAT | 7 hours ago |
| LVS | 7 hours ago |
| RTX | 7 hours ago |
| APTV | 7 hours ago |
| SYF | 7 hours ago |
| POWI | 7 hours ago |
| MAA | 7 hours ago |
| CHAC | 7 hours ago |
| VTR | 8 hours ago |
| ELV | 9 hours ago |
| MSCI | 9 hours ago |
| HNOI | 10 hours ago |
| HAL | 10 hours ago |
| AXP | 11 hours ago |
| RLEA | 12 hours ago |
| ATR | 12 hours ago |
| MTD | 12 hours ago |
| TXN | 13 hours ago |
| UNP | 14 hours ago |
| OMF | 15 hours ago |
| BIIB | 16 hours ago |
| PM | 17 hours ago |
| AMZN | 1 day, 5 hours ago |
| RDDT | 1 day, 6 hours ago |
| CCIX | 1 day, 6 hours ago |
| VRSN | 1 day, 7 hours ago |
| CUZ | 1 day, 7 hours ago |
| XPO | 1 day, 7 hours ago |
| PINE | 1 day, 7 hours ago |
| BYRN | 1 day, 7 hours ago |
| BKR | 1 day, 7 hours ago |
| OTIS | 1 day, 8 hours ago |
| APPF | 1 day, 8 hours ago |
| LUV | 1 day, 8 hours ago |
| BSET | 1 day, 8 hours ago |
| CFR | 1 day, 8 hours ago |
| HII | 1 day, 8 hours ago |
| CARR | 1 day, 8 hours ago |
| TT | 1 day, 8 hours ago |
| FAST | 1 day, 12 hours ago |
| SIRI | 1 day, 14 hours ago |
| IDCC | 1 day, 15 hours ago |
| ICE | 1 day, 15 hours ago |
| OCUL | 1 day, 16 hours ago |
| TW | 1 day, 17 hours ago |
| AMD | 3 days, 5 hours ago |
| PYPL | 3 days, 7 hours ago |
| KREF | 3 days, 7 hours ago |
| ISRG | 3 days, 7 hours ago |
| DOC | 3 days, 7 hours ago |
