Risk Factors Dashboard
Once a year, publicly traded companies issue a comprehensive report of their business, called a 10-K. A component mandated in the 10-K is the ‘Risk Factors’ section, where companies disclose any major potential risks that they may face. This dashboard highlights all major changes and additions in new 10K reports, allowing investors to quickly identify new potential risks and opportunities.
View risk factors by ticker
Search filings by term
Risk Factors - IIIV
-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing
Item 1A. Risk Factors
Our business faces significant risks and uncertainties. If any of the following risks are realized, our business, financial condition and results of operations could be materially and adversely affected. The following risk factors, some of which contain statements that constitute forward-looking statements, should be read in conjunction with “Management’s Discussion and Analysis of Financial Condition and Results of Operations” and our consolidated financial statements and related notes.
21
Risks Related to Our Business and Industry
Unauthorized disclosure, destruction or modification of data or disruption of our services or other cybersecurity or technological risks, including as a result of a cybersecurity incident, could expose us to liability, protracted and costly litigation and damage our reputation.
We are responsible both for our own business and to a significant degree for acts and omissions by certain of our partners under the rules and regulations established by the payment networks, such as Visa and Mastercard, Discover and American Express, and the debit networks.We are responsible both for our own business and to a significant degree for acts and omissions by certain of our distribution partners and third-party vendors under the rules and regulations established by the payment networks, such as Visa and Mastercard, Discover and American Express, and the debit networks. We and other third parties collect, process, store and transmit sensitive data, such as names, addresses, social security numbers, credit or debit card numbers and expiration dates, drivers’ license numbers and bank account numbers, and we have ultimate liability to the payment networks and member financial institutions that register us with the payment networks for our failure, or the failure of certain third parties with whom we contract, to protect this data in accordance with payment network requirements. The loss, destruction or unauthorized modification of customer or cardholder data could result in significant fines, sanctions and proceedings or actions against us by the payment networks, governmental bodies, consumers or others, which could have a material adverse effect on our business, financial condition and results of operations. Any such sanction, fine, proceeding or action could damage our reputation, force us to incur significant expenses in defense of these proceedings, disrupt our operations, distract our management, increase our costs of doing business and may result in the imposition of monetary liability.
We are subject to risk associated with information technology and cybersecurity matters. For example, on June 2, 2021, the State of Louisiana, Division of Administration and a putative class of Louisiana law enforcement districts filed a petition in the 19th Judicial District Court for the Parish of East Baton Rouge against i3-Software & Services, LLC (“S&S”), a subsidiary of the Company located in Shreveport, Louisiana, seeking monetary damages related to a third-party remote access software product used in connection with services provided by S&S to certain Louisiana Parish law enforcement districts and alleged inadequacies in the Company’s cybersecurity practices. For additional information about this litigation, see Note 16 to our consolidated financial statements.
The current cyber threat environment presents increased risk for all companies, in our industry and otherwise, including as a result of cyberattacks as well as ransomware attacks (through which an attacker renders an organization’s computer files inaccessible and demands a payment to return them or reinstate access), malicious software, advanced persistent threats, phishing and other attempts by malicious threat actors, including nation-state actors, ransomware groups and others to access, acquire, use disclose, shut down or manipulate information, systems, databases, processes and people.The current cyber threat environment presents increased risk for all companies, in our industry and otherwise, including as a result of cyberattacks, and in some cases, ransomware attacks, through which an attacker gains access to the organization’s computer files, renders them temporarily inaccessible and threatens to permanently delete them if a cash ransom is not paid by a specified deadline. Like other companies in our industry, our systems are subject to recurring attempts by third parties to access information, manipulate data or disrupt our operations. Although we proactively employ multiple measures to defend our systems against intrusions and attacks and to protect the data we collect, our measures may not prevent unauthorized access or use of sensitive data. In addition, the cybersecurity-related threats that we face may remain undetected for an extended period of time. In addition, the rapid evolution and increased adoption of artificial intelligence (“AI”) and other emerging technologies also may heighten our cybersecurity risks by making cyberattacks and social engineering more difficult to detect, contain and mitigate.
While we have experienced cyber threats and incidents, we have not (whether directly or indirectly, including through our third-party vendors, customers or other business relations) been subject to a cybersecurity event of which we are aware that has had a material impact on us, including our business strategy, financial condition or results of operations. However, despite our security measures, there is no assurance that we, or the third parties with which we interact, will not experience a cybersecurity incident in the future that materially impacts us. If such an event were to occur it could materially disrupt our operations, expose us to liability under data breach laws, adversely impact our reputation, impact our customer relationships or subject us to other material losses or liability. If such an event were to occur it could significantly disrupt our operations, expose us to liability under HIPAA and/or state data breach laws, adversely impact our reputation, impact our customer relationships or subject us to other material losses or liability. In addition, a breach of our system or a third-party system upon which we rely may subject us to material losses or liability, including payment network fines, assessments and claims for unauthorized purchases with misappropriated credit, debit or card information, impersonation or other similar fraud claims. A misuse of such data or a cybersecurity breach could harm our reputation and deter our customers and potential customers from using electronic payments generally and our products and services specifically, thus reducing our revenue. In addition, any such misuse or breach could cause us to incur costs to correct the breaches or failures, increase our risk of regulatory scrutiny, subject us to lawsuits and result in the imposition of material penalties and fines under
22