Risk Factors Dashboard

Once a year, publicly traded companies issue a comprehensive report of their business, called a 10-K. A component mandated in the 10-K is the ‘Risk Factors’ section, where companies disclose any major potential risks that they may face. This dashboard highlights all major changes and additions in new 10K reports, allowing investors to quickly identify new potential risks and opportunities.

Risk Factors - IDEX

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

ITEM 1A. RISK FACTORS

12

The business, financial condition and operating results of the Company may be affected by a number of factors, whether currently known or unknown, including but not limited to those described below. Any one or more of such factors could directly or indirectly cause the Company’s actual results of operations and financial condition to vary materially from past or anticipated future results of operations and financial condition. Any of these factors, in whole or in part, could materially and adversely affect the Company’s business, financial condition, results of operations and stock price. The following information should be read in conjunction with Part II—Item 7—“Management’s Discussion and Analysis of Financial Condition and Results of Operations” and the consolidated financial statements and related notes in Part II—Item 8—“Financial Statements and Supplementary Data” of this Annual Report.

Risk Factors Summary

We are an operating company that conducts a substantial majority of our operations through our operating subsidiaries established in various jurisdictions. Accordingly, we are subject to the risk factors affecting particular industries, businesses, and geographical locations of our subsidiaries. Further, our structure involves certain risks with regard to our international operations.

As a result of the foregoing, our business is subject to numerous risks and uncertainties, including those described in “Part I, Item 1A, Risk Factors” of this Annual Report. These risks are arranged by groups and include, but are not limited to, the following:

Risks Related to Industries in Which We Operate

In connection with the operations of Ideanomics' EV and charging businesses, the Company:
faces extreme competitive pressure associated with its lack of experience in participation in the relatively new global commercial EV market;
is challenged by a wide array of intellectual property-related risks;
may become subject to the product liability risks that are particularly high in the automotive industry;
in collaboration with financial institutions, needs to introduce and promote new financial models allowing the market participants to cost effectively transition their commercial vehicle fleets to EVs;
relies on the current governmental initiatives promoting and prioritizing fuel efficiency and alternative energy in various jurisdictions; and
may experience the consequences of the supply-chain crisis and chip shortage.
Risks Related to Our Business and Strategy
In connection with its strategy and development risks, the Company:
requires additional financing necessary for its development;
faces significant financial, managerial, and administrative burdens in connection with its strategic approach of acquiring new businesses and business segments;
is dependent on its ability to hire and retain key employees with the specialists' skills in various areas;
may be negatively affected by current and potential litigation, or regulatory proceedings; and
presents a doubt about its financial viability and as to whether it will be able to continue as a going concern.
In connection with its information technology systems and cyber-security the Company:
must keep pace with the latest technological changes in order to remain competitive;
13

may have defect or disruptions in its technological products;
was and will remain subject to malicious cyber-attacks and other security incidents; and
is subject to complex and evolving U.S. and foreign privacy, data use and data protection content, consumer competition and other similar laws and regulations.

In connection with its internal controls and compliance with applicable securities laws, the Company:
faces the consequences of restatements of its Quarterly Reports for the periods ended March 31, 2021, June 30, 2021 and September 30, 2021;
identified material weaknesses in its internal control over financial reporting and concluded that its disclosure controls and procedures were not effective;
lost its Form S-3 eligibility; and
may have inadvertently violated Section 402 of the Sarbanes-Oxley Act and Section 13(k) of the Exchange Act.
Risks Related to Ownership of our Securities
In connection with ownership of securities risks:
certain provisions of our charter documents and applicable law may have an anti-takeover effect;
we do not intend to pay dividends for the foreseeable future; and
our common stock may be delisted.

Financial Market and Economic Risks

A disruption in our funding sources and access to the capital markets would have an adverse effect on our liquidity.
Risks Related to all of our International Operations
The Company is subject to general geopolitical and economic risks in connection with our global operations.
Though previously, a significant portion of our operations is conducted in mainland China and a material portion of our revenues was sourced from mainland China, that is no longer the case, however, until such time as the wind-down of our PRC business is complete, it is subject to numerous risks that are severely exacerbated by the recent actions and statements of the Chinese government including but not limited to:
the ability of the Chinese government to exercise its discretionary powers with regard to any business on its territory at any time;
uncertainties in connection with the tensions between the United States and China;
the inability of the U.S.-triggered investigations on the territory of China and limited law-enforcement opportunities against our Chinese subsidiaries;
restrictions on currency exchange and limitations in transferring money from our subsidiaries domiciled in China in the form of dividends;
restrictions under PRC law on our PRC subsidiaries’ ability to make dividends; PRC government’s significant oversight over the conduct of our business in PRC and may intervene or influence our operations at any time which could result in a material adverse change in our operation and/or the value of our Common Stock;
14

PRC government’s significant oversight over the conduct of our business in PRC and may intervene or influence our operations at any time which could result in a material adverse change in our operation and/or the value of our Common Stock;
No guarantee that our PRC subsidiaries will always obtain and maintain the requisite licenses and approvals required for their business in China;
Our decision to discontinue our operations in China may impact the value of our securities and render them worthless.
no guarantee that future audit reports in connection with Chinese operations will be prepared by auditors that are subject to inspections by the PCAOB; and
China-specific economic and regulatory processes transforming the Chinese labor market and renewable energy sectors.

Risks Related to Industries in Which We Operate

Risks Related to the EV and Charging Industry

We experience significant competitive pressure in the Ideanomics EV and charging businesses, which may negatively impact our business, financial condition, and results of operations.

The Company operates in the commercial EV market globally. The commercial EV market is still in its development stage and the rate at which the operators of fleets of commercial vehicles replace their ICE vehicles with EV is very dependent upon (i) environmental and clean air regulations that mandate conversion to EV, (ii) the subsidies that government bodies make available to cover the cost of conversion, (iii) the availability of financing to cover some or all of the cost of conversion, (iv) regulations governing the amount of locally manufactured content required in vehicles sold in a particular market, (v) the availability of charging and battery swap infrastructure, and (vi) the rate at which EV technologies evolve.

Environmental and clean air regulations drive the timing and rate at which fleet operators convert to EV and by extension the size of the market and the type of vehicles that are in demand at any time. The Company’s revenues and profits may be adversely impacted if demand for EVs is lower than expected due to a change in regulation or regulations favor the conversion of vehicle types that have lower profit margins.

Converting fleets to EV is very capital intensive and most operators require substantial amounts of funding in the form of government and municipal subsidies and bank financing. The amount and form of subsidies are subject to change from time to time as government bodies adjust subsidies to influence consumer behavior. The mechanisms for financing of EVs are still being developed and large-scale conversion from ICE engines to EV is highly dependent upon the amount and terms of financing available for the conversion to EV.

We currently have limited intellectual property rights related to some of our EV and charging businesses, and those businesses primarily rely on third parties through agreements with them to conduct research and development activities and protect proprietary information.We currently have limited intellectual property rights related to our Ideanomics Mobility business unit, and primarily rely on third parties through agreements with them to conduct research and development activities and protect proprietary information.

Although we believe our success will depend in part on our ability to acquire, invest in or develop proprietary technology to effectively compete with our competitors, we currently have limited direct intellectual property rights related to certain of our EV businesses.Although we believe our success will depend in part on our ability to acquire, invest in or develop proprietary technology to effectively compete with our competitors, we currently have, and for the foreseeable future will have, limited direct intellectual property rights related to our new Ideanomics Mobility business unit. The intellectual property relevant to those businesses is held primarily by third parties, including our strategic partners. The intellectual property relevant to the products and services we plan to provide is held primarily by third parties, including our strategic partners. Accordingly, we will rely on these third parties for research and development activities, which will present certain risks. For example, we will have limited control over the research and development activities of the business of our partners, and may require licenses from these third parties if we wish to develop products directly. If these businesses are unable to effectively maintain a competitive edge relative to the market with their technologies and intellectual property, it may adversely affect our business and financial position.

Our reliance on third parties also presents risks related to ownership, use, and protection of proprietary information. We are required to rely on the terms of the related agreements, including the partnership agreements to protect our interests, as well as our investments and partners’ trade secret protections, non-disclosure agreements, and invention assignment agreements to protect confidential and proprietary information. If the intellectual property and other confidential information of our
15

investments and strategic partners are not adequately protected, competitors may be able to use their proprietary technologies and information, thereby eroding any competitive advantages that intellectual property provides to us.

We may become subject to product liability claims, which could harm our financial condition and liquidity if we are not able to successfully defend against such claims.

If we become liable for product liability claims, our business, operating results, and financial condition may be harmed. The automotive industry experiences significant product liability claims, and we face an inherent risk of exposure to claims in the event the electric vehicles that we sell do not meet applicable standards or requirements, resulting in property damage, personal injury, or death. Our risks in this area are particularly pronounced given we have limited experience of selling electric vehicles. Although we ensured that we have thorough quality protection and testing measures, we cannot assure you that our quality protection and testing measures will be as effective as we expect. Any failure in any of our quality assurance steps or contractual clauses with our partners would cause a defect in electric vehicles sold by us, and in turn, could harm our customers. A successful product liability claim against us could require us to pay a substantial monetary award as we may undertake joint and several liability with the manufacturer. Moreover, a product liability claim could generate substantial negative publicity about our business, which would have a material adverse effect on our brand, business, prospects, financial condition, and results of operations.

The success of the Company’s efforts to develop its EV and charging businesses is highly dependent upon suitable financing structures being developed.The success of the Company’s efforts to develop its Ideanomics Mobility business unit is highly dependent upon suitable financing structures being developed.

The market for commercial fleets of EVs is in the early stage of development and provides distinct challenges to fleet owners trying to finance the purchase of fleets of EVs and the related charging, storage, and battery infrastructure.20Table of ContentsThe market for commercial fleets of EVs is in the early stage of development and provides unique challenges to fleet owners trying to finance the purchase of fleets of EVs and the related charging, storage, and battery infrastructure. Unlike vehicles powered by ICEs, the power source in an EV, the battery, can be separated from the vehicle which creates its own separate and distinct challenges for lenders in valuing the collateral for any loan. Unlike vehicles powered by ICEs, the power source in an EV, the battery, can be separated from the vehicle which creates unique challenges for lenders in valuing the collateral for any loan. Additionally, the market for commercial EVs is very new and consequently, there is no reliable history of resale values to support lending decisions. Large-scale adoption of EVs will require a range of borrowing options and loan types to be available to fund purchases and leasing of EVs similar to those that currently exist to finance the purchasing and leasing of traditional ICE vehicles. Additionally, in some of the Company’s target markets, there is no well-developed market for lending to private enterprises and this may further slow down the adoption of EVs. The Company is working with banks and insurance companies to create lending structures and pools of capital that can be used to finance fleet purchases of commercial EVs. Even if the Company can create the necessary pools of capital and lending structures there is no guarantee that any regulatory approvals required for these new structures will be obtained. If the Company is not able to develop a solution for the funding of fleet purchases of EVs and related charging and battery infrastructure, then the Company’s EV and Charging businesses may not be successful and generate minimal revenues, and incur substantial losses. If the Company is not able to develop a solution for the funding of fleet purchases of EVs and related charging and battery infrastructure, then the Company’s Ideanomics Mobility business may not be successful and generate minimal revenues, and incur substantial losses.

We may be affected by the supply chain issues of the automotive industry.

We are aware that some domestic and foreign EV manufacturers have their operations negatively affected as a result of general economic conditions. In recent years, many car manufacturers including EV manufacturers were required to temporarily shut down their manufacturing facilities or operate at a reduced capacity, and supply chain issues in sourcing computer chips necessary for manufacturing new vehicles and certain automotive products have resulted in a global chip shortage, which could further delay or stall new vehicle production. Recently, as a result of the COVID-19 pandemic, many car manufacturers including EV manufacturers were required to temporarily shut down their manufacturing facilities or operate at a reduced capacity, and supply chain issues in sourcing computer chips necessary for manufacturing new vehicles and certain automotive products have resulted in a global chip shortage, which could further delay or stall new vehicle production. There is no guarantee that our business will not face the same problems in the future, which could have a material adverse effect on our EV business.

The success of our business depends in large part on our ability to protect our proprietary information and technology and enforce our intellectual property rights against third parties.

We rely on a combination of patent, copyright, service mark, trademark, and trade secret laws, as well as confidentiality procedures and contractual restrictions, to establish and protect our proprietary rights, all of which provide only limited protection. We cannot assure you that any patents will be issued with respect to our currently pending patent applications, in a manner that gives us the protection that we seek, if at all, or that any future patents issued to us will not be challenged, invalidated, or circumvented. Our currently issued patents and any patents that may be issued in the future with respect to pending or future patent applications may not provide sufficiently broad protection, or they may not prove to be enforceable in actions against alleged infringers. Also, we cannot assure you that any future service mark registrations will be issued with respect to pending or future applications or that any registered service marks will be enforceable or provide adequate protection of our proprietary rights.

16

We endeavor to enter into agreements with our employees and contractors and agreements with parties with whom we do business to limit access to and disclosure of our proprietary information. We cannot be certain that the steps we have taken will prevent unauthorized use of our technology or the reverse engineering of our technology. Moreover, others may independently develop technologies that are competitive to ours or infringe our intellectual property. The enforcement of our intellectual property also depends on our legal actions against these infringers being successful, but we cannot be sure these actions will be successful, even when our rights have been infringed.

Further, effective patent, trademark, service mark, copyright, and trade secret protection may not be available in every country in which our services are available over the internet. In addition, the legal standards relating to the validity, enforceability, and scope of protection of intellectual property rights in EV-related industries are uncertain and still evolving.

Changes to existing federal, state, or international laws or regulations applicable to us could cause an erosion of our current competitive strengths.

Our business is subject to a variety of federal, state, and international laws and regulations, including those with respect to government incentives promoting fuel efficiency and alternate forms of energy, electric vehicles, and others. These laws and regulations, and the interpretation or application of these laws and regulations, could change. Any reduction, elimination, or discriminatory application of government subsidies and economic incentives because of policy changes, fiscal tightening, or other reasons may result in diminished revenues from government sources and diminished demand for our products. In addition, new laws or regulations affecting our business could be enacted. These laws and regulations are frequently costly to comply with and may divert a significant portion of management’s attention. If we fail to comply with these applicable laws or regulations, we could be subject to significant liabilities which could adversely affect our business.

There are many federal, state, and international laws that may affect our business, including measures to regulate EVs and charging systems. If we fail to comply with these applicable laws or regulations, we could be subject to significant liabilities which could adversely affect our business.

There are a number of significant matters under review and discussion with respect to government regulations that may affect business and/or harm our customers, and thereby adversely affect our business, financial condition, and results of operations.
Risks Related to Our Business and Strategy
Strategy and Development Risks
We expect to require additional financing in the future to meet our business requirements. Such capital raising may be costly, difficult, or not possible to obtain and, if obtained, could significantly dilute current stockholders’ equity interests.

We must continue to rely on proceeds from debt and equity issuances to pay for ongoing operating expenses and repay existing debt in order to execute our business plan. Our EV and Charging businesses are capital intensive. Although we may attempt to raise funds by issuing debt or equity instruments, additional financing may not be available to us on terms acceptable to us or at all, or such resources may not be received in a timely manner. If we are unable to raise additional capital when required or on acceptable terms, we may be required to scale back or to discontinue certain operations, scale back or discontinue the development of new business lines, reduce headcount, sell assets, file for bankruptcy, reorganize, merge with another entity, or cease operations. If the combined company issues additional capital stock in the future in connection with financing activities, stockholders will experience dilution of their ownership interests and the per share value of the combined company’s common stock may decline.
As we acquire, dispose of, or restructure our businesses, product lines, and technologies, we may encounter unforeseen costs and difficulties that could impair our financial performance.
An element of our management strategy may be to review acquisition prospects that would complement our existing products, augment our market coverage and distribution ability, or enhance our capabilities.An important element of our management strategy is to review acquisition prospects that would complement our existing products, augment our market coverage and distribution ability, or enhance our capabilities. As a result, we may seek to make acquisitions of companies, products, or technologies, or we may reduce or dispose of certain product lines or technologies that no longer fit our business strategies. For regulatory or other reasons, we may not be successful in our attempts to acquire or dispose of businesses, products, or technologies, resulting in significant financial costs, reduced or lost opportunities, and diversion of management’s attention. For regulatory or other reasons, we may not be successful in our attempts to acquire or 23Table of Contentsdispose of businesses, products, or technologies, resulting in significant financial costs, reduced or lost opportunities, and diversion of management’s attention. Managing an acquired business, disposing of product technologies, or reducing personnel entails numerous operational and financial risks, including, among other things, (i) difficulties in assimilating acquired operations and new personnel or separating existing business or product groups, (ii) diversion of management’s attention away from other business concerns, (iii) amortization of acquired intangible assets, (iv) adverse customer reaction to our decision to
17

cease support for a product, and (v) potential loss of key employees or customers of acquired or disposed operations. There can be no assurance that we will be able to achieve and manage successfully any such integration of potential acquisitions, disposition of product lines or technologies, or reduction in personnel or that our management, personnel, or systems will be adequate to support continued operations. Any such inabilities or inadequacies could have a material adverse effect on our business, operating results, financial condition, and/or cash flows.
In addition, any acquisition could result in changes, such as potentially dilutive issuances of equity securities, the incurrence of debt and contingent liabilities, the amortization of related intangible assets, and goodwill impairment charges, any of which could materially adversely affect our business, financial condition, results of operations, cash flows, and/or the price of our common stock.
The success of our business is dependent on our ability to hire and retain our senior management team and key employees with the specialists’ skills that we need for our business.The success of our business is dependent on our ability to hire and retain key employees with the specialists’ skills that we need for our business.
We depend on the services of our key employees. Our success will largely depend on our ability to hire and retain these key employees and to attract and retain qualified senior and middle-level managers to our management team.
We have recruited executives and management both in the United States and in our operations outside of the United States to assist in our ability to manage the business and to recruit and oversee employees. While we believe we offer compensation packages that are consistent with market practice, we cannot be certain that we will be able to hire and retain sufficient personnel to support our business. The loss of any of our key employees, or failure to find a suitable successor, would significantly harm our business. Our future success will also depend on our ability to identify, hire, develop and retain skilled key employees. We do not maintain key person life insurance on any of our employees. Future sales or acquisitions by us may also cause uncertainty among our current employees and employees of an acquired entity, which could lead to the departure of key employees. Such departures could have an adverse impact on our business and the anticipated benefits of a sale or acquisition.
Intellectual-property litigation could cause us to spend substantial resources and could distract our personnel from their normal responsibilities.
Even if resolved in our favor, litigation or other legal proceedings relating to intellectual property claims may cause us to incur significant expenses, and could distract our technical and management personnel from their normal responsibilities. In addition, there could be public announcements of the results of hearings, motions, or other interim proceedings or developments. If securities analysts or investors perceive these results to be negative, it could have a substantial adverse effect on the price of our common stock. Such litigation or proceedings could substantially increase our operating losses and reduce the resources available for development, sales, marketing, or distribution activities. We may not have sufficient financial or other resources to adequately conduct such litigation or proceedings. Some of our competitors may be able to sustain the costs of such litigation or proceedings more effectively than we can because of their greater financial resources. Uncertainties resulting from the initiation and continuation of intellectual property litigation or other proceedings could have a material adverse effect on our ability to compete in the marketplace.
We are currently, and may in the future be, subject to substantial litigation, investigations, and proceedings that could cause us to incur significant legal expenses and result in harm to our business.
We are actively involved in a variety of litigations and other legal matters and may be subject to additional litigations, investigations, arbitration proceedings, audits, regulatory inquiries, and similar actions, including matters related to commercial disputes, intellectual property, employment, securities laws, disclosures, environmental, tax, accounting, class action, and product liability, as well as trade, regulatory and other claims related to our business and our industry, which we refer to collectively as legal proceedings. For example, we are subject to an ongoing securities class action and shareholder derivative actions as well as an SEC investigation. Refer to Note 20 to our Consolidated Financial Statements of this Annual Report for additional information regarding these specific matters.
As reported previously, the Company is subject to an investigation by the SEC and has responded to various information requests and subpoenas from the SEC.24Table of ContentsAs reported previously, the Company is subject to an investigation by the SEC and has responded to various information requests and subpoenas from the SEC. The Company is fully cooperating with the SEC’s requests, and cannot predict the outcome of this investigation.
We are unable to predict the outcome, duration, scope, result, or related costs of the investigations and related litigation and, therefore, any of these risks could impact us significantly beyond expectations. Moreover, we are unable to predict the potential for any additional investigations or litigation, any of which could exacerbate these risks or expose us to potential criminal or
18

civil liabilities, sanctions, or other remedial measures, and could have a material adverse effect on our reputation, business, financial condition, results of operations, liquidity or cash flows. Regardless of the merits of the claims and the outcome, legal proceedings have resulted in, and may continue to result in, significant legal fees and expenses, diversion of management’s time and other resources, and adverse publicity. Such proceedings could also adversely affect our business, results of operations, and financial condition.

We may have inadvertently violated Section 13(k) of the Exchange Act (implementing Section 402 of the Sarbanes-Oxley Act of 2002) and may be subject to sanctions as a result.

Section 13(k) of the Exchange Act provides that it is unlawful for a company that has a class of securities registered under Section 12 of the Exchange Act to, directly or indirectly, including through any subsidiary, extend or maintain credit in the form of a personal loan to or for any director or executive officer of the Company. As of July 31, 2021, there was a loan (in the form of a personal travel expense paid by the Company) from the Company to Shane McMahon, the Company’s Executive Chairman of the Board, which could be considered to be a personal loan made by the Company to a director or officer of the Company and may have violated Section 13(k) of the Exchange Act. The amount was repaid to us in December 2021. Issuers that are found to have violated Section 13(k) of the Exchange Act may be subject to civil sanctions, including injunctive remedies and monetary penalties, as well as criminal sanctions. The imposition of any of such sanctions on us could have a material adverse effect on our business, financial position, results of operations or cash flows.

We have incurred significant losses since our inception and anticipate that we will continue to incur losses for the foreseeable future, which together with our limited working capital raises substantial doubt about our financial viability and as to whether we will be able to continue as a going concern.

Our auditor’s report on our financial statements for the years ended December 31, 2023 and 2022, includes an explanatory paragraph related to the existence of substantial doubt about our ability to continue as a going concern. We are an operating company with a limited operating history that encompasses a large number of industries and businesses.

We are not profitable and have incurred losses in each year since our inception in October 2004. For the years ended December 31, 2023, 2022, and 2021, we had net losses of approximately $204.9 million, $213.6 million, and $111.6 million, respectively.We are not profitable and have incurred losses in each year since our inception in October 2004. For the years ended December 31, 2021, 2020, and 2019, we had net losses of approximately $256.7 million, $111.6 million, and $96.8 million, respectively. As of December 31, 2023, we had an accumulated deficit of $1,090.6 million.

The EV and charging industry is highly speculative, involves a high degree of risk, and requires substantial capital investment. We continue to incur significant research and development and other expenses related to our ongoing operations. We have limited working capital and cannot guarantee that we will achieve market acceptance and be commercially successful in the long term.

Although we generate revenues from product sales, these revenues have not been sufficient, and may never be sufficient, to support our operations. We may continue to incur losses and negative cash flows for the foreseeable future. We expect to continue to incur losses and negative cash flows for the foreseeable future. We require significant cash resources to execute our business plans and we will need to raise additional cash to continue to fund our operating plan. We expect to finance our operating plan through a combination of public or private equity or debt offerings, collaborations, strategic alliances, and other similar licensing arrangements in both the short term and the long term. We cannot be certain that additional funding will be available on acceptable terms, or at all, for a number of reasons, including market conditions, our ability to generate positive data from our clinical studies, and the need for our stockholders to approve an amendment to our certificate of incorporation to increase the number of shares of common stock that we are authorized to issue.

The aforementioned factors, which are largely outside of our control, raise substantial doubt about our ability to continue as a going concern within one year from the date of filing of this Annual Report. The accompanying financial statements have been prepared on a going concern basis, which contemplates the realization of assets and the satisfaction of liabilities in the normal course of business. The financial statements do not include any adjustments relating to the recoverability and classification of asset amounts or the classification of liabilities that might be necessary should we be unable to continue as a going concern within one year after the date of filing of this annual report. If we are forced to scale down, restructure, limit or cease operations, our stockholders could lose all of their investment in our Company.
Risks Related to Our Information Technology Systems and Cyber-Security
Our business depends upon our ability to keep pace with the latest technological changes, and our failure to do so could make us less competitive in our industry.
19

The market for our products and services is characterized by rapid change and technological change, frequent new product innovations, changes in customer requirements and expectations, and evolving industry standards. Products using new technologies or emerging industry standards could make our products and services less attractive. Failure to respond in a timely and cost-effective way to these technological developments may result in serious harm to our business and operating results. As a result, our success will depend, in part, on our ability to develop and market product and service offerings that respond in a timely manner to the technological advances available to our customers, evolving industry standards, and changing preferences.
Defects or disruptions in our technology or services could diminish demand for our products and services and subject us to liability.
Because our technology, products, and services are complex and use or incorporate a variety of computer hardware, software, and databases, both developed in-house and acquired from third-party vendors, our technology, products, and services may have errors or defects. Errors and defects could result in unanticipated downtime or failure and could cause financial loss and harm to our reputation and our business. We have from time to time found defects and errors in our technology, products, and services, and defects and errors in our technology, products, or services may be detected in the future. In addition, our customers may use our technology, products, and services in unanticipated ways that may cause a disruption for other customers. As we acquire companies, we may encounter difficulty in incorporating the acquired technologies, products, and services, and maintaining the quality standards that are consistent with our technology, products, and services. Since our customers use our technology, products, and services for important aspects of their businesses, any errors, defects, or disruptions in such technology, products, and services or other performance problems with our technology, products, and services could subject our customers to financial loss and hurt our reputation. Since our customers use our technology, products, and services for important aspects of their businesses and for financial transactions, any errors, defects, or disruptions in such technology, products, and services or other performance problems with our technology, products, and services could subject our customers to financial loss and hurt our reputation. As we deploy more product lines and provide a wider array of services, such risks will exponentially increase.
We expect to continue to make significant investments to maintain and improve the availability of our existing software platform and new platforms as needed, and to enable rapid releases of new features and products. To the extent that we do not effectively address capacity constraints, upgrade our systems as needed, and continually develop our technology and network architecture to accommodate actual and anticipated changes in technology, our business, and operating results may be harmed.
We have previously experienced, and may in the future experience, service disruptions, outages, and other performance problems due to a variety of factors, including infrastructure changes, third-party service providers, human or software errors, and capacity constraints. If our application is unavailable when customers attempt to access it or it does not load as quickly as they expect, customers may seek other services.
Malicious cyber-attacks and other adverse events affecting our operational systems or infrastructure, or those of third parties, could disrupt our businesses, result in the disclosure of confidential information, damage our reputation, and cause losses or regulatory penalties.
Developing and maintaining our operational systems and infrastructure are challenging, particularly as a result of us and our clients entering into new businesses, jurisdictions, and regulatory regimes, rapidly evolving legal and regulatory requirements, and technological shifts. Our financial, accounting, data processing, or other operating and compliance systems and facilities may fail to operate properly or become disabled as a result of events that are wholly or partially beyond our control, including malicious cyber-attack or other adverse events, which may adversely affect our ability to process these transactions or provide services or products.
In addition, our operations rely on the secure processing, storage, and transmission of confidential and other information on our computer systems and networks. Although we take protective measures, such as software programs, firewalls, and similar technology, to maintain the confidentiality, integrity, and availability of our and our customers’ information, and endeavor to modify these protective measures as circumstances warrant, the nature of cyber threats continues to evolve. As a result, our computer systems, software, and networks may be vulnerable to unauthorized access, loss, or destruction of data (including confidential customer information), account takeovers, unavailability or disruption of service, computer viruses, acts of vandalism, or other malicious code, ransomware, hacking, phishing, and other cyber-attacks and other adverse events that could have an adverse security impact. Despite the defensive measures we have taken, these threats may come from external forces, such as governments, nation-state actors, organized crime, hackers, and other third parties, including outsource or infrastructure-support providers and application developers, or may originate internally from within us. Given the high volume of transactions, certain errors may be repeated or compounded before they are discovered and rectified.
We also face the risk of operational disruption, failure, termination, or capacity constraints of any of the third parties that facilitate our business activities, including vendors, customers, counterparties, exchanges, clearing agents, clearinghouses, or
20

other financial intermediaries. Such parties could also be the source of a cyber-attack on our breach of our operational systems, network, data, or infrastructure.
There have been an increasing number of ransomware, hacking, phishing, and other cyber-attacks in recent years in various industries, including ours, and cyber-security risk management has been the subject of increasing focus by our regulators. Like other companies, we have on occasion experienced, and may continue to experience, threats to our systems, including viruses, phishing, and other cyber-attacks. The number and complexity of these threats continue to increase over time. The techniques used in these attacks are increasingly sophisticated, change frequently, and are often not recognized until launched. If one or more cyber-attacks occur, it could potentially jeopardize the confidential, proprietary, and other information processed and stored in, and transmitted through, our computer systems and networks, or otherwise cause interruptions or malfunctions in our, as well as our customers’ or other third parties’ operations, which could result in reputational damage, financial losses, customer dissatisfaction and/or regulatory penalties, which may not in all cases by covered by insurance. If an actual, threatened, or perceived cyber-attack or breach of our security occurs, our clients could lose confidence in our platforms and solutions, security measures, and reliability, which would materially harm our ability to retain existing clients and gain new clients. As a result of any such attack or breach, we may be required to expend significant resources to repair system, network, or infrastructure damage and to protect against the threat of future cyber-attacks or security breaches. We could also face litigation or other claims from impacted individuals as well as substantial regulatory sanctions or fines.
The extent of a particular cyber-attack and the steps that we may need to take to investigate the attack may not be immediately clear, and it may take a significant amount of time before such an investigation can be completed and full and reliable information about the attack is known. The extent of a particular cyber-attack and the steps that we may need to take to investigate the attack may not be immediately clear, and it may take a significant amount of time before such an investigation can be completed and full and reliable information about the attack is known. While such an investigation is ongoing, we may not necessarily know the full extent of the harm caused by the cyber-attack, and any resulting damage may continue to spread. Furthermore, it may not be clear how best to contain and remediate the harm caused by the cyber-attack, and certain errors or actions could be repeated or compounded before they are discovered and remediated. Any or all of these factors could further increase the costs and consequences of a cyber-attack.
Our regulators in recent years have increased their examination and enforcement focus on all matters of our businesses, especially matters relating to cyber-security threats, including the assessment of firms’ vulnerability to cyber-attacks. In particular, regulatory concerns have been raised about firms establishing effective cyber-security governance and risk management policies, practices, and procedures that enable the identification of risks, testing and monitoring of the effectiveness of such procedures and adaptation to address any weaknesses; protecting firm networks and information; data loss prevention, identifying and addressing the risk associated with remote access to client information; identifying and addressing risks associated with customers business partners, counterparties, vendors, and other third parties; preventing and detecting unauthorized access or activities; adopting effective mitigation and business continuity plans to timely and effectively address the impact of cyber-security breaches; and establishing protocols for reporting cyber-security incidents. In particular, regulatory concerns have been raised about firms establishing effective cyber-security governance and risk management policies, practices, and procedures that enable the identification of risks, testing and monitoring of the effectiveness of such procedures and adaptation to address any weaknesses; protecting firm networks and information; data loss prevention, identifying and addressing the risk associated with remote access to client information and fund transfer requests; identifying and addressing risks associated with customers business partners, counterparties, vendors, and other third parties, including exchanges and clearing organizations; preventing and detecting unauthorized access or activities; adopting effective mitigation and business continuity plans to timely and effectively address the impact of cyber-security breaches; and establishing protocols for reporting cyber-security incidents. As we enter new jurisdictions or different product area verticals, we may be subject to new areas of risk or to cyber-attacks in areas in which we have less familiarity and tools. A technological breakdown could also interfere with our ability to comply with financial reporting requirements. The SEC has issued guidance stating that, as a public company, we are expected to have controls and procedures that relate to cybersecurity disclosure, and are required to disclose information relating to certain cyber-attacks or other information security breaches in disclosures required to be made under the federal securities laws. While any insurance that we may have that covers a specific cyber-security incident may help to prevent our realizing a significant loss from the incident, it would not protect us from the effects of adverse regulatory actions that may result from the incident or a finding that we had inadequate cyber-security controls, including the reputational harm that could result from such regulatory actions.

We are subject to stringent and changing privacy laws, regulations and standards, information security policies and contractual obligations related to data privacy and security. Our actual or perceived failure to comply with such obligations could harm its business.

We are subject to or affected by a number of federal, state, local and international laws and regulations, as well as contractual obligations and industry standards, that impose certain obligations and restrictions with respect to data privacy and security. The regulatory framework for privacy and security issues worldwide is rapidly evolving and, as a result, implementation standards and enforcement practices are likely to remain uncertain for the foreseeable future. We may not be able to monitor and react to all developments in a timely manner as laws in this area are also complex and developing rapidly. For example, the European Union adopted the GDPR, which became effective on May 25, 2018, and California adopted the CCPA, which became effective in January 2020. Both the GDPR and the CCPA impose additional obligations on companies regarding the handling of personal data and provides certain individual privacy rights to persons whose data is collected. Other states have begun to propose similar laws. These laws, regulations and standards may be interpreted and applied differently over time and from jurisdiction to jurisdiction, and it is possible that they will be interpreted and applied in ways that are inconsistent without
21

existing data management practices or the features of its products and product capabilities, and may have a material and adverse impact on our business, financial condition and results of operations.

Compliance with applicable privacy and data security laws and regulations is a rigorous and time-intensive process, and we may be required to put in place additional mechanisms to comply with such laws and regulations, which could cause it to incur substantial costs or require it to change its business practices, including its data prac