Item 1A. Risk Factors

The following “risk factors” could materially and adversely affect the Company’s business, operations, reputation, financial position or future financial performance. You should carefully consider each of the following risk factors and the other information contained in this Annual Report on Form 10-K. The Company faces risks other than those listed here, including those that are unknown to the Company and others of which the Company may be aware but, at present, considers immaterial. Because of the following factors, as well as other variables affecting the Company’s operating results, past financial performance may not be a reliable indicator of future performance, and historical trends should not be used to anticipate results or trends in future periods.

---

STRATEGIC RISK FACTORS

The Company’s risk management framework is designed to identify, monitor and mitigate risks that could have a negative impact on the Company’s financial condition or reputation. This framework includes departments or groups dedicated to enterprise risk management, treasury management, information security, disaster recovery and other information technology-related risks, business continuity, legal and compliance, compensation structures and other human resources matters, vendor management and internal audit, among others. This framework includes departments or groups dedicated to enterprise risk management, information security, disaster recovery and other information technology-related risks, business continuity, legal and compliance, compensation structures and other human resources matters, vendor management and internal audit, among others. Many of the processes overseen by these departments function at the enterprise level, but many also function through, or rely to a certain degree upon, risk mitigation efforts in local operating groups. This is especially the case with respect to the Company’s operations outside of the United States and recently acquired businesses, which may not be fully integrated into the Company’s risk management framework. This is especially the case with respect to the Company’s operations outside of the United States and recently acquired businesses. Similarly, with respect to the risks the Company assumes in the ordinary course of its business through the issuance of title insurance policies and the provision of related products and services, the Company employs localized, as well as centralized risk mitigation efforts. Similarly, with respect to the risks the Company assumes in the ordinary course of its business through the issuance of title insurance policies and the provision of related products and services, the Company employs localized, as well as centralized risk mitigation efforts. These efforts include the implementation of underwriting policies and procedures, automated underwriting and other risk-decisioning tools and other mechanisms for assessing and managing risk. These efforts include the implementation of underwriting policies and procedures, automated underwriting and other risk-decisioning tools and other mechanisms for assessing and managing risk. Underwriting title insurance policies and making other risk-assumption decisions frequently involves a substantial degree of individual judgment and, accordingly, underwriters are maintained at the state, regional, divisional, and corporate levels with varying degrees of underwriting authority. Underwriting title insurance policies and making other risk-assumption decisions frequently involves a substantial degree of individual judgment and, accordingly, underwriters are maintained at the state, regional, divisional, and corporate levels with varying degrees of underwriting authority. These individuals may be encouraged by customers or others to assume risks or to expeditiously make risk determinations. If the Company’s risk mitigation efforts prove inadequate, the Company could be adversely affected.

In an effort to speed the delivery of its products, increase efficiency, improve quality, improve the customer experience and decrease risk, the Company is utilizing innovative technologies, processes and techniques, including artificial intelligence, in the production and delivery of its products and services. These efforts include converting certain manual processes into automated ones to streamline searches, examinations and other underwriting functions in connection with the issuance of title insurance policies, building and maintaining title plants and other data assets, and digitizing and automating components of the settlement process. The Company increasingly is employing advanced technologies to automate various processes, including various processes related to the building, maintaining and updating of title plants and other data assets, as well as searches, examinations, and other underwriting functions in connection with the issuance of title insurance policies. The Company believes these innovations will improve the customer experience by simplifying and reducing the time it takes to close a transaction, reducing risk and improving communication, and expects to continue expanding its use of these technologies. These efforts include streamlining the closing process by converting certain manual processes into automated ones, which the Company believes will improve the customer experience by simplifying and reducing the time it takes to close a transaction, reducing risk and improving communication. Risks from these and other innovative initiatives include those associated with potential defects in the design and development of the technologies used to automate processes; misapplication of technologies; the reliance on data, rules or assumptions that may prove inadequate; information security vulnerabilities; and failure to meet customer expectations, among others. As a result of these risks, the Company could experience increased claims, reputational damage or other adverse effects, which could be material to the Company.

In addition to the Company’s innovative activities, other participants in the real estate industry are seeking to innovate in ways that could adversely impact the Company’s businesses. These participants include certain of the Company’s sources of business, competitors, investments and ultimate customers. Innovations by these participants may change the demand for the Company’s products and services, the manner in which the Company’s products and services are ordered or fulfilled and the revenue or profitability derived from the Company’s products and services. The Company’s investments in some of these participants could also facilitate efforts that ultimately disrupt the Company’s business or enable competitors. Accordingly, the Company’s efforts to anticipate and participate in these transformations could require significant additional investment and management attention and may not succeed. These innovative efforts by third parties, and the manner in which the Company, its agents and other industry participants respond to them, could therefore have an adverse effect on the Company.

OPERATIONAL RISK FACTORS

Demand for a substantial portion of the Company’s products and services generally decreases as the number of real estate transactions in which its products and services are purchased decreases. The number of real estate transactions in which the Company’s products and services are purchased typically decreases in the following situations, among others:

---

Certain of these circumstances, particularly when combined with declining real estate values and the increase in foreclosures that often results therefrom, also tend to adversely impact the Company’s title claims experience. National inventory levels for residential homes for sale have been declining over the past several years and remain below historical average levels. Combined with the rapidly rising mortgage interest rates, beginning in 2022, that decreased demand, the number of residential purchase transactions declined year over year. Residential refinance activity is also strongly correlated with changes in mortgage interest rates and rising mortgage rates, beginning in 2022, expectedly, had an adverse impact on the Company’s refinance business that is expected to continue for so long as mortgage rates continue to rise or if they subsequently remain high relative to the interest rates of outstanding mortgages. Residential refinance activity is strongly correlated with changes in mortgage interest rates and rising mortgage rates during 2021 had an adverse impact on the Company’s refinance business that is expected to continue for so long as mortgage rates continue to rise or if they subsequently remain high relative to the interest rates of outstanding mortgages. Higher interest rates also negatively impacted commercial transactions beginning in the latter half of 2022 and will likely continue to impact our volumes.

Historically, uncertainty and negative trends in general economic conditions in the United States and abroad, including significant tightening of credit markets and a general decline in the value of real property, have created a difficult operating environment for the Company. These conditions also tend to negatively impact, and recently have impacted, the amount of funds the Company receives from third parties held in trust pending the closing of commercial and residential real estate transactions. These conditions also tend to negatively impact the amount of funds the Company receives from third parties to be held in trust pending the closing of commercial and residential real estate transactions. The Company deposits a substantial portion of these funds, as well as its own funds, with the federal savings bank it owns. The Company’s bank invests those funds and any realized and unrealized losses on those investments will be reflected in the Company’s consolidated financial statements. The Company’s bank invests those funds and any realized losses incurred on those investments will be reflected in the Company’s consolidated results. The likelihood of such losses, which generally would not occur if the Company were to deposit these funds in an unaffiliated entity, increases when economic conditions are unfavorable. Moreover, during periods of unfavorable economic conditions, the return on these funds deposited at the Company’s bank, as well as funds the Company deposits with third party financial institutions, tends to decline. In addition, the Company holds investments in entities, such as title agencies, settlement service providers and venture-stage companies, some of which have been negatively impacted by these conditions, as well as other securities in its investment portfolio, which also may be, and recently have been, negatively impacted by these conditions. In addition, the Company holds investments in entities, such as title agencies, settlement service providers and venture-stage companies, some of which have been negatively impacted by these conditions, as well as other securities in its investment portfolio, which also may be, and recently have been, negatively impacted by these conditions.

Depending upon the ultimate severity and duration of any economic downturn and other negative economic conditions, the resulting effects on the Company could be materially adverse, including a significant reduction in revenues, earnings and cash flows, higher claims, challenges to the Company’s ability to satisfy covenants or otherwise meet its obligations under debt facilities and other contracts, difficulties in obtaining access to capital, challenges to the Company’s ability to pay dividends at currently anticipated levels, deterioration in the value of or return on its investments and increased credit risk from customers and others with obligations to the Company.

The Company utilizes models to support decisions related to risk management, capital and liquidity planning, financial accounting, data extraction and other business purposes. Models are, by their nature, inherently limited due to their reliance on statistical, economic, financial or mathematical theories, techniques, including artificial intelligence, data and assumptions that may be erroneous or inappropriate for the intended or actual use. Models are, by their nature, inherently limited due to their reliance on statistical, economic, financial or mathematical theories, techniques, data and assumptions that may be erroneous or inappropriate for the intended or actual use. Flawed models or uses of models may result in, among other consequences, erroneous, biased or misleading outputs, inappropriate business decisions, inadequate risk management or enhanced regulatory supervision, which could have a material adverse effect on the Company’s results of operations, financial condition and reputation. Flawed models or uses of models may result in, among other consequences, erroneous or misleading outputs, inappropriate business decisions, inadequate risk management or enhanced regulatory supervision, which could have a material adverse effect on the Company’s results of operations, financial condition and reputation.

Climate change, global or extensive health crises, severe weather, terrorist attacks and other catastrophe events and responses to these events could adversely affect the Company. The extent to which these catastrophe events and responses to them impact the Company’s business, operations and financial results will depend on numerous factors that the Company may not be able to accurately predict, including: the duration and scope of the catastrophe event and restrictions and responses to it; the impact of the catastrophe event on economic activity and actions taken in response, including the efficacy of governmental and other relief efforts or countermeasures; the effect on participants in real estate transactions and the demand for the Company’s products and services.

---

The Company’s home warranty business has been and may be impacted by increases in the frequency and severity of weather events. Home warranty claims, including those pertaining to HVAC systems, tend to rise as temperatures become extreme, especially in geographies where extreme temperatures are infrequent.

In addition, the Company manages its financial exposure for losses in its title insurance business with third-party reinsurance. Catastrophe events could adversely affect the cost and availability of that reinsurance. Moreover, to the extent climate change, health crises, terrorist attacks, severe weather conditions and other catastrophe events impact companies or municipalities whose securities the Company invests in, the value of its investments may also decrease due to these factors. Moreover, to the extent climate change, health crises, severe weather conditions and other catastrophe events impact companies or municipalities whose securities the Company invests in, the value of its investments may also decrease due to these factors.

The frequency, severity, duration, and geographic location and scope of such health crises, catastrophe and severe weather events are inherently unpredictable, and, therefore, the Company is unable to predict the ultimate impact climate change, catastrophe events and responses to them will have on its businesses. The impacts of catastrophe events and responses to them may also exacerbate the risks discussed elsewhere in Part I, Item 1A of this Annual Report.

Certain data used and supplied by the Company are subject to regulation by various federal, state and local regulatory authorities. Compliance with existing federal, state and local laws and regulations with respect to such data has not had a material adverse effect on the Company’s results of operations to date. Nonetheless, federal, state and local laws and regulations in the United States designed to protect the public from the misuse of personal information in the marketplace and adverse publicity or potential litigation concerning the commercial use of such information may affect the Company’s operations and could result in substantial regulatory compliance expense, litigation expense and a loss of revenue. The suppliers of data to the Company face similar burdens. As a result of these and other factors, the Company may find it financially burdensome to acquire necessary data.

Large mortgage lenders and government-sponsored enterprises, because of their significant role in the mortgage process, have significant influence over the Company and other service providers. Changes in the Company’s relationship with any of these lenders or government-sponsored enterprises, the loss of all or a portion of the business the Company derives from these parties, any refusal of these parties to accept the Company’s products and services, the modification of the government-sponsored enterprises’ requirements for title insurance or mortgage servicing in connection with mortgages they purchase or the use of alternatives to the Company’s products and services, could have a material adverse effect on the Company.

Certain of the Company’s customers use measurements of the financial strength of the Company’s title insurance underwriters, including, among others, ratings provided by ratings agencies and levels of statutory capital and surplus maintained by those underwriters, in determining the amount of a policy they will accept and the amount of reinsurance required. Each of the major ratings agencies currently rates the Company’s title insurance operations. These ratings provide the agencies’ perspectives on the financial strength, operating performance and cash generating ability of those operations. These ratings provide the agencies’ perspectives on the financial strength, operating performance and cash generating ability of those operations. These agencies continually review these ratings and the ratings are subject to change. These agencies continually review these ratings and the ratings are subject to change. Statutory capital and surplus, or the amount by which statutory assets exceed statutory liabilities, is also a measure of financial strength. Accordingly, if the ratings or statutory capital and surplus of these title insurance underwriters are reduced from their current levels, or if there is a deterioration in other measures of financial strength, the Company’s results of operations, competitive position and liquidity could be adversely affected. In addition, a downgrade in the ratings or rankings for the Company’s federal savings bank subsidiary or its mortgage servicing business could have an adverse effect on that particular business.

---

The Company’s title insurance subsidiaries issue a significant portion of their policies through title agents that usually operate with substantial independence from the Company. There is no guarantee that these title agents will fulfill their contractual obligations to the Company, which contracts include limitations that are designed to limit the Company’s risk with respect to their activities. There is no guarantee that these title agents will fulfill their contractual obligations to the Company, which contracts include limitations that are designed to limit the Company’s risk with respect to their activities. In addition, regulators are increasingly seeking to hold the Company responsible for the actions of these title agents and, under certain circumstances, the Company may be held liable directly to third parties for actions (including defalcations) or omissions of these agents. Case law in certain states also suggests that the Company is liable for the actions or omissions of its agents in those states, regardless of contractual limitations. As a result, the Company’s use of title agents could result in increased claims on the Company’s policies issued through agents and an increase in other costs and expenses.

The Company uses computer software applications, systems and other technologies (collectively referred to as “systems”), some of which it owns and manages and some of which are owned and/or managed by third parties, including providers of distributed computing infrastructure platforms commonly known as the “cloud.” The Company and its agents, suppliers, service providers, and customers use systems to receive, process, store and transmit business information, including non-public personal information as well as data from suppliers and other information upon which the Company’s business relies. The Company also uses these systems to manage substantial cash, investment assets, bank deposits, trust assets, escrow account balances and custodial balances on behalf of itself and its customers, among other activities. The Company also uses these systems to manage substantial cash, investment assets, bank deposits, trust assets and escrow account balances on behalf of itself and its customers, among other activities. Many of the Company’s products, services and solutions involving the use of real property related data are fully reliant on these systems and are only available electronically. Accordingly, for a variety of reasons, the integrity of these systems and the protection of the information that resides thereon are critically important to the Company’s successful operation.

These systems have been subject to, and are likely to continue to be the target of, malware, cyberattacks and cyberterrorism, ransomware attacks, phishing attacks, unauthorized access, online and offline fraud and other malicious activity. These attacks are prevalent, continue to increase in frequency and sophistication, and are increasingly difficult to detect. These systems also have known and unknown vulnerabilities. Once identified, the Company’s information technology and information security personnel seek to remediate these vulnerabilities based on the level of risk presented. For a number of reasons, including the introduction of new vulnerabilities, resource constraints, competing business demands and dependence on third parties, a number of unremediated vulnerabilities will always exist. Remediation of some vulnerabilities are outside of the control of the Company and third-party remediation efforts may not be timely provided or implemented or otherwise adequate, even when the level of risk is critical or high. Remediation of some vulnerabilities are outside of the control of the Company and third-party remediation efforts may not be timely provided or implemented or otherwise adequate, even when the level of risk is critical or high. Further, certain other potential causes of system damage or other negative system-related events are wholly or partially beyond the Company’s control, such as natural disasters, vendor failures to satisfy service level requirements, third party negligence or intentional acts, and power or telecommunications failures. These circumstances could expose the Company to system-related damages, failures, interruptions, cyberattacks, as the Company experienced in December 2023 (as described further in Item 1C. Cybersecurity), and other negative events or could otherwise disrupt the Company’s business and could also result in the loss or unauthorized release, gathering, monitoring or destruction of confidential, proprietary and other information pertaining to the Company, its customers, employees, agents or suppliers.

In conducting its business and delivering its products and services, the Company also utilizes service providers. These service providers and the systems they utilize are typically subject to similar types of system- and information security-related risks that the Company faces. The Company provides certain of these service providers with data, including nonpublic personal information. There is no guarantee that the Company’s due diligence or ongoing vendor oversight will be sufficient to ensure the integrity and security of the systems utilized by these service providers or the protection of the information that resides thereon. There is no guarantee that the Company’s due diligence or ongoing vendor oversight will be sufficient to ensure the integrity and security of the systems utilized by these service providers or the protection of the information that resides thereon.

Certain laws and contracts the Company has entered into require it to comply with certain information security requirements and to notify various parties, including consumers or customers, in the event of certain actual or potential data breaches or systems failures, including those of the Company’s service providers. Further, the Company’s financial institution customers have obligations to safeguard their systems and sensitive information and the Company may be bound contractually and/or by regulation to comply with the same requirements. If the Company or its service providers fail to comply with applicable regulations and contractual requirements, the Company could be exposed to lawsuits, governmental proceedings or the imposition of fines, among other consequences.

---

Any inability of the Company or its service providers to prevent or adequately respond to the issues described above could disrupt the Company’s business, delay the delivery of its products and services, inhibit its ability to retain existing customers or attract new customers, divert management’s time and energy, otherwise harm its reputation and/or result in financial losses, litigation, regulatory inquiries, increased costs or other adverse consequences that could be material to the Company.

The Company relies on its systems, employees and domestic and international banks to transfer its own funds and the funds of third parties. In addition to relying on third-party banks to transfer these funds, the Company’s federal savings bank subsidiary transfers funds on behalf of the Company as well as title agents that are not affiliates of the Company. These transfers are susceptible to user input error, fraud, system interruptions, incorrect processing and similar errors that from time to time result in lost funds or delayed transactions. These transfers are susceptible to user input error, fraud, system interruptions, incorrect processing and similar errors that from time to time result in lost funds or delayed transactions. The Company’s email and computer systems and systems used by its agents, customers and other parties involved in a transaction have been subject to, and are likely to continue to be the target of, fraudulent attacks, including attempts to cause the Company or its agents to improperly transfer funds. The Company’s email and computer systems and systems used by its agents, customers and other parties involved in a transaction have been subject to, and are likely to continue to be the target of, fraudulent attacks, including attempts to cause the Company or its agents to improperly transfer funds. These attacks continue to increase in frequency and sophistication. These attacks have increased in frequency and sophistication. Funds transferred to a fraudulent recipient may not be recoverable. Funds transferred to a fraudulent recipient are often not recoverable. In certain instances the Company may be liable for those unrecovered funds. The controls and procedures used by the Company to prevent transfer errors and fraud may prove inadequate, resulting in financial losses, reputational harm, loss of customers or other adverse consequences which could be material to the Company.

The Company’s continued success depends, in large part, on its ability to hire and retain qualified people. Competition for highly qualified people is significant, and there is no assurance that the Company will be successful in attracting, training or retaining people. If the Company is unable to attract and retain qualified people, its business and operations may be impaired or disrupted.

The Company utilizes lower cost labor in countries such as India and the Philippines, among others. These countries are subject to relatively high degrees of political and social instability and may lack the infrastructure to withstand natural disasters, health crises and other catastrophe events. Such disruptions could decrease efficiency and increase the Company’s costs. Such disruptions could decrease efficiency and increase the Company’s costs, which the Company has experienced during the coronavirus pandemic. Weakness of the United States dollar in relation to the currencies used in these countries may also reduce the savings achievable through this strategy. Laws, regulations, business requirements or social or political pressures may require the Company to use labor based in the United States or may otherwise effectively increase the Company’s labor costs abroad. The Company may not be able to pass on these increased costs to its customers.

The Company has in the past acquired, and is expected to acquire in the future, other businesses. When businesses are acquired, the Company may not be able to integrate or manage these businesses in such a manner as to realize the anticipated synergies or otherwise produce returns that justify the investment. Acquired businesses may subject the Company to increased regulatory or compliance requirements. The Company’s acquisitions have involved, and are likely to continue to involve, the entry into businesses in which the Company’s management has limited prior experience, making the Company reliant on the management team of the acquired business. The Company may not be able to successfully retain employees of acquired businesses or integrate them, and could lose customers, suppliers or other partners as a result of the acquisitions. For these and other reasons, including changes in market conditions, the projections used to value the acquired businesses may prove inaccurate. In addition, the Company might incur unanticipated liabilities from acquisitions. In addition, the Company might incur unanticipated liabilities from acquisitions. These and other factors related to acquisitions could have a material adverse effect on the Company’s results of operations, financial condition and liquidity. The Company’s management also will continue to be required to dedicate substantial time and effort to the integration of its acquisitions. These efforts could divert management’s focus and resources from other strategic opportunities and operational matters.

---

LEGAL AND COMPLIANCE RISK FACTORS

Many of the Company’s businesses, including its title insurance, property and casualty insurance, home warranty, mortgage servicing and subservicing, banking, trust and wealth management businesses, are regulated by various federal, state, local and foreign governmental agencies. These and other of the Company’s businesses also operate within statutory guidelines, which can include requirements to maintain certain licenses at the federal, state and/or local levels. The industry in which the Company operates and the markets into which it sells its products are also regulated and subject to statutory guidelines. In general, in recent years, the Company experienced increasing regulatory oversight and became subject to increasingly complex statutory guidelines.

Regulatory oversight could require the Company to raise capital, and/or make it more difficult to deploy capital, including dividends to stockholders and repurchases of the Company’s shares. It is possible that the group capital calculations, particularly in an economic downturn, could have the effect of requiring the Company to raise capital and/or making it more difficult to otherwise deploy capital, including dividends to stockholders and repurchases of the Company’s shares.

An increasing number of federal, state, and international laws and regulations apply to the collection, use, retention, protection, disclosure, transfer, and other processing of personal data. The effects of these privacy and data protection laws, including the cost of compliance and required changes in the manner in which the Company conducts its business, are not fully known and are potentially significant, and the failure to comply could adversely affect the Company. The effects of these privacy and data protection laws, including the cost of compliance and required changes in the manner in which the Company conducts its business, are not fully known and are potentially significant, and the failure to comply could adversely affect the Company. The Company has incurred costs to comply with these laws and to respond to inquiries about its compliance with them. The Company has incurred costs to comply with these laws and to respond to inquiries about its compliance with them.

In addition, changes in the applicable regulatory environment, statutory guidelines or interpretations of existing regulations or statutes; reform of government-sponsored enterprises such as the Federal National Mortgage Association (Fannie Mae) and the Federal Home Loan Mortgage Corporation (Freddie Mac); enhanced governmental oversight or efforts by governmental agencies to cause customers to refrain from using the Company’s products or services could prohibit or limit its future operations or make it more costly or burdensome to conduct such operations or result in decreased demand for the Company’s products and services or a change in its competitive position. The impact of these changes would be more significant if they involve jurisdictions in which the Company generates a greater portion of its title premiums, such as the states of Arizona, California, Florida, New York, and Texas. These changes may compel the Company to reduce its prices, may restrict its ability to implement price increases or acquire assets or businesses, may limit the manner in which the Company conducts its business or otherwise may have a negative impact on its ability to generate revenues, earnings and cash flows.

The real estate settlement services industry, an industry in which the Company generates a substantial portion of its revenue and earnings, and the mortgage servicing and subservicing industry are subject to continuous scrutiny by regulators, legislators, the media and plaintiffs’ attorneys. Though often directed at these industries generally, these groups also focus their attention directly on the Company’s businesses from time to time. In either case, this scrutiny may result in changes which could adversely affect the Company’s operations and, therefore, its financial condition and liquidity.

Governmental entities have routinely inquired into certain practices in the real estate settlement services industry and the mortgage servicing and subservicing industry to determine whether certain of the Company’s businesses or its competitors have violated applicable laws, which include, among others, the insurance codes of the various jurisdictions, the Real Estate Settlement Procedures Act, the Truth in Lending Act and similar state, federal and foreign laws. The Consumer Financial Protection Bureau (“CFPB”), for example, has actively utilized its regulatory authority over the mortgage and real estate markets by bringing enforcement actions against various participants in the mortgage and settlement industries and we expect that such enforcement activity will intensify. Departments of insurance in the various states, the CFPB and other federal regulators and applicable regulators in international jurisdictions, either separately or together, also periodically conduct targeted inquiries into the practices of title insurance companies, other settlement services providers and mortgage servicers in their respective jurisdictions. Currently, the Company is the subject of regulatory inquiries.

---

Further, from time to time plaintiffs’ lawyers have targeted, and are expected to continue to target, the Company and other members of the Company’s industry with lawsuits claiming legal violations or other wrongful conduct. These lawsuits often involve large groups of plaintiffs and claims for substantial damages. These types of inquiries or proceedings have from time to time resulted, and may in the future result, in findings of a violation of the law or other wrongful conduct and the payment of fines or damages or the imposition of restrictions on the Company’s conduct. This could impact the Company’s operations and financial condition. Moreover, these laws and standards of conduct often are ambiguous and, thus, it may be difficult to ensure compliance. This ambiguity may force the Company to mitigate its risk by settling claims or by ending practices that generate revenues, earnings and cash flows. Currently the Company is a party to class action lawsuits.

Title insurance rates are subject to extensive regulation, which varies from state to state. In many states the approval of the applicable state insurance regulator is required prior to implementing a rate change. These regulations could hinder the Company’s ability to promptly adapt to changing market dynamics through price adjustments, which could adversely affect its results of operations, particularly in a rapidly declining market.

FINANCIAL RISK FACTORS

The Company deposits substantial funds in financial institutions. These funds include amounts owned by third parties, such as escrow deposits, like-kind exchange deposits and investor, mortgagor and subservicer deposits. Should one or more of the financial institutions at which deposits are maintained fail, there is no guarantee that the Company would recover the funds deposited, whether through Federal Deposit Insurance Corporation coverage or otherwise. Should one or more of the financial institutions at which deposits are maintained fail, there is no guarantee that the Company would recover the funds deposited, whether through Federal Deposit Insurance Corporation coverage or otherwise. In the event of any such failure, the Company also could be held liable for the funds owned by third parties. In the event of any such failure, the Company also could be held liable for the funds owned by third parties. Unfavorable economic conditions, like those experienced in 2023, may lead to a heightened risk of failures of financial institutions at which the Company maintains deposits. Such failures may be difficult to predict and the Company may not be able to react in a sufficiently timely manner to avoid adverse effects on the Company.

The Company performs an impairment test of the carrying value of goodwill and other indefinite-lived intangible assets annually in the fourth quarter, or sooner if circumstances indicate a possible impairment. Finite-lived intangible assets are subject to impairment tests on a periodic basis. Factors that may be considered in connection with this review include, without limitation, underperformance relative to historical or projected future operating results, reductions in the Company’s stock price and market capitalization, increased cost of capital and negative macroeconomic, industry and company-specific trends. Factors that may be considered in connection with this review include, without limitation, underperformance relative to historical or projected future operating results, reductions in the Company’s stock price and market capitalization, increased cost of capital and negative macroeconomic, industry and company-specific trends. These and other factors could lead to a conclusion that goodwill or other intangible assets are impaired, in which case the Company would be required to write off the portion believed to be impaired. Any substantial goodwill and other intangible asset impairments that may be required could have a material adverse effect on the Company’s results of operations and financial condition.

The Company maintains a substantial investment portfolio, primarily consisting of fixed income debt securities. The investment portfolio also includes adjustable-rate debt securities, common and preferred stock, as well as money-market and other short-term investments. Securities in the Company’s investment portfolio are subject to certain economic and financial market risks, such as credit risk, interest rate (including call, prepayment and extension) risk and/or liquidity risk. The risk of loss associated with the portfolio is increased during periods of instability in credit markets and economic conditions, such as during the current environment precipitated by rapidly rising interest rates. The risk of loss associated with the portfolio is increased during periods of instability in credit markets and economic conditions, such as during the coronavirus pandemic. Debt and equity securities are carried at fair value on the Company’s balance sheet. Changes in the fair values of debt securities are recorded as a component of accumulated other comprehensive income/loss on the balance sheet. Changes in the fair value of debt securities is recorded as a component of accumulated other comprehensive income/loss on the balance sheet. For debt securities in an unrealized loss position, where the loss is determined to be due to credit-related factors, the Company records the loss in earnings. For debt securities in an unrealized loss position, where the loss is determined to be due to credit-related factors, the Company records the loss in earnings. Changes in the fair values of marketable equity securities are recognized in earnings. Changes in the fair value of equity securities are recognized in earnings. Changes in the fair values of securities in the Company’s investment portfolio have had an adverse impact on the Company and could have a material adverse effect on the Company’s results of operations, statutory surplus, financial condition and cash flow.

---

The Company’s venture investment portfolio is primarily comprised of investments in the equity of private venture-stage companies that operate in the real-estate industry and related industries (many of which offer technology-enabled products and services), investments in funds that typically invest in these same types of companies, and a similar investment that is trading publicly. The venture investment portfolio is managed independent of the Company’s portfolio of debt securities and marketable equity securities, which is overseen by the Company’s investment department and an investment committee. The Company may continue to make similar venture investments. These positions are concentrated in a limited number of holdings and are high-risk, illiquid investments. These positions are concentrated in a small number of holdings and are high-risk, illiquid investments. In certain circumstances, such as when one of these companies raises capital, merges with another company or sells itself at a valuation that is less than the valuation at which the Company made its investment or when one of these companies fails and/or liquidates itself, the Company has been and could be required to impair all or part of its investment in that company or write down the value of an investment if future growth prospects deteriorate. In certain circumstances, such as when one of these companies raises capital, merges with another company or sells itself at a valuation that is less than the valuation at which the Company made its investment or when one of these companies fails and/or liquidates itself, the Company could be required to impair all or part of its investment in that company. The prospects of these companies depend on a number of factors, including the condition of the general economy, the general availability of capital, the performance of and volatility in the public markets, the regulatory and political environments, the condition of the real estate industry, the competitive environment for such companies and the operational and financial performance of such companies. Even if one of these companies is successful, the Company’s ability to realize the value of its investment may take a significant amount of time and may be dependent on the occurrence of a liquidity event, such as an initial public offering or the sale of the company. Even when a liquidity event occurs, the Company may be subject to restrictions on resale or may choose to continue to hold the investment for strategic or other reasons and, as a result, the Company may not monetize the value of its investment during periods in which it could be financially advantageous to sell the investment. These investments may cause material fluctuations in the Company’s quarterly results of operations due to the recognition of gains or losses in connection with observable price changes, such as from liquidity events, impairments, subsequent equity sales, or price changes in investments that begin trading publicly, which changes can be volatile. These investments are expected from time to time to cause material fluctuations in the Company’s quarterly results of operations due to the recognition of gains or losses in connection with observable price changes, such as from liquidity events, subsequent equity sales, or price changes in investments that begin trading publicly, which changes can be volatile.

The Company maintains a reserve for incurred but not reported (“IBNR”) claims pertaining to its title, escrow and other insurance and guarantee products. The majority of this reserve pertains to title insurance policies, which are long-duration contracts with the majority of the claims reported within the first few years following the issuance of the policy. The majority of this reserve pertains to title insurance policies, which are long-duration contracts with the majority of the claims reported within the first few years following the issuance of the policy. Generally, 65% to 75% of claim amounts become known in the first six years of the policy life, and the majority of IBNR reserves relate to the six most recent policy years. Changes in expected ultimate losses and corresponding loss rates for recent policy years are considered likely and could result in a material adjustment to the IBNR reserves. In uncertain economic times, an even larger change is more likely. A material change in expected ultimate losses and corresponding loss rates for older policy years is also possible, particularly for policy years with loss ratios exceeding historical norms. The estimates made by management in determining the appropriate level of IBNR reserves could ultimately prove to be materially different from actual claims experience.

Changes in laws or regulations impacting real estate, particularly when applied retroactively, may cause a material change in expected ultimate losses and corresponding loss rates for recent and/or older policy years. For example, the 2020 United States Supreme Court decision in McGirt v. Oklahoma calls into question the governing authority for certain real estate-related matters in Native American reservations once thought to have been disestablished. To the extent the Company, in those areas, underwrote title insurance policies or closed real estate transactions in conformity with authority that ultimately proves inapplicable, expected ultimate losses arising from those policies and transactions could change materially and could result in a material change to loss rates.

The Company is a holding company whose primary assets are investments in its operating subsidiaries. The Company’s ability to fulfill parent company obligations and/or declare and pay dividends is dependent on the ability of its subsidiaries to pay dividends or repay funds. If the Company’s operating subsidiaries are not able to pay dividends or repay funds, the Company may not be able to fulfill parent company obligations and/or declare and pay dividends. Moreover, pursuant to insurance and other regulations under which the Company’s insurance subsidiaries operate, the amount of dividends, loans and advances available is limited. Moreover, pursuant to insurance and other regulations under which the Company’s insurance subsidiaries operate, the amount of dividends, loans and advances available is limited. See Item 2 – MD&A – Liquidity and Capital Resources for details on dividend restrictions. The Company may also be required to invest capital in its subsidiaries which could further limit its ability to fulfill parent company obligations and/or declare and pay dividends.

---

The deposits of the Company’s federal savings bank subsidiary consist almost entirely of funds deposited by its affiliates, the majority of which are from third parties to be held in trust pending the closing of real estate transactions. When real estate transactions decline, aggregate deposits held in trust at the Company’s bank tend to decline. There is also a portion of the bank’s deposits that are custodial funds held on behalf of clients of the Company’s residential mortgage subservicer subsidiary. Such clients may cause their custodial funds to be moved out of the Company’s bank subsidiary in connection with the transfer of ownership of mortgage servicing rights or loans, termination of subservicing contracts or otherwise. The likelihood of these clients causing funds to be moved increases as interest rates rise, which could result in a marked decline in the bank’s deposits. When there is a reduction in the bank’s deposits, the Company could be required to borrow funds to maintain the bank’s liquidity.

GENERAL RISK FACTORS

The Company’s bylaws and certificate of incorporation contain provisions that could be considered “anti-takeover” provisions because they make it harder for a third-party to acquire the Company without the consent of the Company’s incumbent board of directors. Under these provisions:

While the Company believes that they are appropriate, these provisions may only be amended by the affirmative vote of the holders of approximately 67% of the Company’s issued voting shares. In addition, federal banking laws and regulations and state insurance laws and regulations require third parties to obtain prior approval to acquire control of the Company due to its status as a savings and loan holding company and an insurance holding company. These provisions and regulatory requirements could have the effect of discouraging an unsolicited acquisition proposal or delaying, deferring or preventing a change of control transaction that might involve a premium price or otherwise be considered favorably by the Company’s stockholders.

---

The Company relies on a combination of patents, trademarks, copyrights, trade secret laws, non-disclosure agreements, contractual provisions and systems of internal safeguards to protect its intellectual property. As the Company expands its utilization of innovative technologies, processes and techniques in the production and delivery of its products and services, the Company may increasingly have to litigate to enforce and protect its intellectual property rights, which may divert Company resources, cause reputational harm to the Company or result in other adverse consequences, including a loss of competitive advantage, and there is no guarantee that such protection and enforcement efforts would be successful. In addition, third parties may allege that the Company’s operations or activities infringe on their intellectual property rights, including through the Company’s use of software containing open source code, which may expose the Company to third-party claims of ownership of, or demands for the release of, the source code, the open source software and/or derivative works that were developed using such software, or otherwise seeking to enforce the terms of the applicable open source license. Many of the risks associated with usage of open source cannot be eliminated, and could, if not properly addressed, adversely affect the Company’s business. Infringement claims may give rise to litigation, which could result in damages, injunctions prohibiting the Company from providing certain products or services, entry into costly licensing arrangements or other adverse consequences.

Item 1B. Unresolved Staff Comments

Not applicable.

Item 1C. Cybersecurity

We recognize the critical importance of maintaining the safety and security of our systems and data and take a holistic approach to overseeing and managing cybersecurity, which is supported by both management and our Board of Directors. The Company’s Board, the Audit Committee of the Board and management devote significant resources to cybersecurity and risk management processes to adapt to the changing cybersecurity landscape and respond to emerging threats in a timely and effective manner. Our approach to cybersecurity risk management is multi-layered and includes governance and risk, monitoring and incidence response, data security, application security, endpoint security, network security and perimeter security.

The Company’s Chief Information Security Officer (“CISO”) is responsible for developing and implementing our information security program and manages a team of cybersecurity professionals with broad experience and expertise, including in cybersecurity threat assessments and detection, mitigation technologies, cybersecurity training, incident response, cyber forensics, insider threats and regulatory compliance. Our CISO has been with the Company for 13 years in various information security roles and has over 20 years of experience in the cybersecurity field.

The Company’s Board of Directors has delegated the primary responsibility to oversee cybersecurity matters to the Audit Committee of the Board. The Audit Committee receives quarterly reports from our CISO regarding cybersecurity matters. The CISO also briefs the full Board of Directors on cybersecurity matters semi-annually.

The Company maintains an extensive and structured enterprise risk management (ERM) program encompassing senior executive leaders from all facets of its business, including operations, human resources, finance, accounting, treasury, information security, information technology, legal/regulatory, internal audit, compliance, underwriting, and real estate. As part of our ERM program, the Company maintains an Information Security Oversight Committee (“ISO Committee”) that oversees the Company’s cybersecurity program from a management perspective. The ISO Committee meets quarterly and is chaired by the Company’s Chief Risk Officer and is comprised of the Company’s Chief Executive Officer, Chief Financial Officer, Chief Legal Officer, Chief Privacy Officer and top leaders of each of the Company’s operating units. The Company’s CISO, Chief Information Officer and Chief Technology Officer are also participants on the ISO Committee and the Chief Audit Executive, who reports to the Company’s Audit Committee, is an observer. The CISO provides regular reports to the ISO Committee which are shared with the Company’s Board of Directors.

---

As part of our risk management process, the Company maintains an overall risk management program that encompasses cybersecurity, conducts security audits, annual System and Organization Controls (SOC 2) testing, and ongoing risk assessments using a company-wide risk framework. We also require employees with access to information systems to undertake data protection and cybersecurity training and compliance programs. Compliance with cybersecurity training is tracked and reported to the Company’s Compliance Executive Steering Committee and the Audit Committee of the Board. In addition, the Company conducts quarterly employee phishing tests and our CISO provides those results to the Company’s executives. The Company has processes in place for assessing, identifying, and managing material risks from potential cybersecurity incidents, including vulnerability identification, intrusion prevention, encryption, endpoint protection, behavior analysis, mitigation and the processes and protocols set forth in the Company’s incident response plans. Certain of our subsidiaries manage their own cybersecurity functions and coordinate with the Company’s CISO. The Company also employs systems and processes designed to oversee and identify cybersecurity threats associated with third-party vendors, including a risk assessment and rigorous evaluation of each vendor that may access, process or store highly sensitive or proprietary data or that is systematically integrated with the Company’s systems or network. In addition to our in-house cybersecurity capabilities, we engage assessors, consultants, auditors, and other third parties to assist with assessing, identifying, mitigating and managing cybersecurity risks, including the maintenance of a Security Operations Center that is co-managed between the Company and a managed security service provider (MSSP), which continuously reviews the Company’s network using threat intelligence from a variety of sources and reports potential incidents from users.

While the Company has experienced cybersecurity threats to its data and systems, such threats have not materially affected the Company, including our business strategy, results of operations or financial condition, with the exception of an incident in the fourth quarter of 2023, as disclosed in a Current Report filed by the Company on Form 8-K on December 22, as amended on December 29, 2023 and January 12, 2024. Prior to the Company’s systems being taken offline in connection with this incident, we produced an internal forecast estimating our adjusted earnings per share to be $1.00. Our actual adjusted earnings per share was 69 cents, including a 5 cent tax benefit, implying a 36 cent shortfall relative to our internal estimate. Although the Company believes that most of this difference is related to the incident, the exact impact the incident had on our fourth quarter results is unknowable. Included in this 36 cent shortfall was $11 million of direct expenses related to the incident in our corporate segment including our $5 million insurance retention. We do not believe the incident will have a material impact on the Company’s overall financial condition or its ongoing results of operations. For additional information on cybersecurity risks we face, see Item 1A. Risk Factors of this Annual Report, which should be read in conjunction with the foregoing information.