Risk Factors Dashboard
Once a year, publicly traded companies issue a comprehensive report of their business, called a 10-K. A component mandated in the 10-K is the ‘Risk Factors’ section, where companies disclose any major potential risks that they may face. This dashboard highlights all major changes and additions in new 10K reports, allowing investors to quickly identify new potential risks and opportunities.
View risk factors by ticker
Search filings by term
Risk Factors - MCK
-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing
Item 1A. Risk Factors.
As a diversified healthcare services leader that is dedicated to advancing health outcomes for patients everywhere, cybersecurity risk management is integral to our enterprise risk management strategy. Our management, with involvement and input from external consultants and oversight from our Board of Directors (“Board”), performs an annual enterprise-wide risk assessment (“ERA”) to identify key existing and emerging risks. One of the principal risks identified and assessed through this process is cybersecurity, which remains a key focus for the Company, management, and our Board.
We also engage internal and external assessors, consultants, auditors, and other third parties, to assess our RM Program .We also engage internal and external assessors, consultants, auditors, and other third parties, to identify opportunities for improvements to our cybersecurity program. We manage cybersecurity risks associated with third parties, including vendors, service providers, and external users of our systems. This includes conducting due diligence on the third parties we use, as well as the systems of third parties that could adversely impact our business in the event of a cybersecurity incident affecting those third-party systems, and by using contracts to reinforce their cybersecurity obligations. Both intentional and unintentional occurrences have caused, and could cause in the future, a variety of adverse business impacts to our information systems and data. For a discussion of whether and how any risks from cybersecurity threats have affected or, if realized, are reasonably likely to materially affect the Company, see “Risk Factors” in Item 1A of Part I above for additional information on risks related to our business, including for example, risks related to privacy and data protection, cybersecurity incidents, third-party relationships, and continuity of our information systems and networks, operational technology, and technology products or services.Our CIO/CTO leads management’s assessment and management of cybersecurity risk with the assistance of the Company’s CISO who reports to the CIO/CTO. The CIO/CTO reports to our CFO, is a member of the Executive Operating Team, and provides updates to that group about cybersecurity matters. Our CIO/CTO has more than 29 years of experience managing technology and risks, and advising on cybersecurity issues and our CISO has more than 21 years of relevant experience, is a Certified Information System Security Professional (CISSP), and a Certified Information Systems Auditor (CISA). 
INDEX TO RISK FACTORS
The discussion below identifies certain representative risks that might cause our actual business results to materially differ from our estimates. It is not practical to identify or describe all risks and uncertainties that might materially impact our business operations, reputation, financial position, or results of operations. Our business could be materially affected by risks that we have not yet identified or that we currently consider to be immaterial. This is not a complete discussion of all potential risks and uncertainties.
Litigation and Regulatory Risks
We experience costly and disruptive legal disputes.
We are routinely named as a defendant in litigation or regulatory proceedings and other legal disputes, which may include asserted class action litigation, such as those described in Financial Note 17, “Commitments and Contingent Liabilities,” to the consolidated financial statements included in this Annual Report. Regulatory proceedings involve allegations such as false claims, healthcare fraud and abuse, and antitrust violations. Civil litigation proceedings involve commercial, employment, environmental, intellectual property, tort, and other claims. Despite valid defenses that we assert, legal disputes are often costly, time-consuming, distracting to management, and disruptive to normal business operations. The uncertainty and expense associated with unresolved legal disputes might harm our business and reputation even if the matter ultimately is favorably resolved. The outcome of legal disputes is difficult to predict, and outcomes may occur that we believe are not justified by the evidence or existing law. Outcomes include monetary damages, penalties and fines, and injunctive or other relief that requires us to change our business operations and incur significant expense. Accordingly, legal disputes might have a materially adverse impact on our reputation, our business operations, and our financial position or results of operations.
13
McKESSON CORPORATION
We experience losses not covered by insurance or indemnification.
Our business exposes us to risks that are inherent in the distribution, manufacturing, dispensing, and administration of pharmaceuticals and medical-surgical supplies, the provision of ancillary services, the conduct of our payer businesses, practice support services, and the provision of products that assist clinical decision-making and relate to patient medical histories and treatment plans. For example, pharmacy operations are exposed to risks such as improper filling of prescriptions, mislabeling of prescriptions, inadequacy of warnings, unintentional distribution of counterfeit drugs, and expiration of drugs. Although we seek to maintain adequate insurance coverage, such as property insurance for inventory and professional and general liability insurance, coverages on acceptable terms might be unavailable, or coverages might not cover our losses. We generally seek to limit our contractual exposure, but limitations of liability or indemnity provisions in our contracts may not be enforceable or adequately protect us from liability. Uninsured or non-indemnified losses might have a materially adverse impact on our business operations and our financial position or results of operations.
We experience costly legal disputes, government actions, and adverse publicity regarding our role in distributing controlled substances such as opioids.
The Company is a defendant in many litigation matters alleging claims related to the distribution of controlled substances (opioids), as described in Financial Note 17, “Commitments and Contingent Liabilities,” to the consolidated financial statements in this Annual Report. We are sometimes named as a defendant in similar, new cases. The plaintiffs in those cases include governmental entities (such as states, provinces, counties, and municipalities) as well as businesses, groups, and individuals. The cases allege violations of controlled substance laws and other laws, and they make common law claims such as negligence and public nuisance. Many of these cases raise novel theories of liability and can have unexpected outcomes that we believe are not justified by evidence or existing law. Legal proceedings such as these often involve significant expense, management time and distraction, and risk of loss that can be difficult to predict or quantify. It is not uncommon for claims to be resolved over many years. Outcomes include monetary damages, penalties and fines, and injunctive or other relief that requires us to change our business operations and incur significant expense. Although the Company has valid defenses and is vigorously defending itself, some proceedings have been, and others may be, resolved by negotiated outcome. For example, we are subject to consent decrees issued by state courts that govern our distribution of controlled substances. Not all proceedings, however, are resolved by settlement. Our reputation has been and may continue to be impacted by publicity regarding opioids litigation and related allegations. An adverse outcome of any such legal proceedings might have a materially adverse impact on our business operations and our financial position or results of operations.
We experience increased costs to distribute controlled substances such as opioids.
Legislative, regulatory, or industry measures related to the distribution of controlled substances such as prescription opioids could affect our business in ways that we may not be able to predict. For example, some states have passed legislation that could require us to pay taxes or assessments on the distribution of opioid medications in those states and other states have considered similar legislation. Liabilities for taxes or assessments or other costs of compliance under any such laws might have a materially adverse impact on our reputation, our business operations, and our financial position or results of operations.
We are subject to extensive, complex, and challenging healthcare, environmental, and other laws.
As described in “Government Regulation” in Item 1 of Part I above, our industry is highly regulated, and further regulation of our distribution businesses, technology products, and services could impose increased costs, negatively impact our profit margins and the profit margins of our customers, delay the introduction or implementation of our new products, or otherwise negatively impact our business and expose the Company to litigation and regulatory investigations. We incur cleanup costs under environmental laws and may incur additional costs under environmental laws. Additionally, we are subject to various routine and ad hoc inspections and requests for information by governmental agencies to determine compliance with various statutes and regulations. Any noncompliance by us with applicable laws, or the failure to maintain, renew, or obtain necessary permits and licenses, could lead to enforcement actions or litigation and might have a materially adverse impact on our business operations and our financial position or results of operations.
14
McKESSON CORPORATION
We are subject to extensive and frequently changing laws relating to healthcare fraud, waste, and abuse.
As described in “Government Regulation” in Item 1 of Part I above, federal, state, and local governmental entities in the U.S. and elsewhere continue to strengthen their position on, and scrutiny of, practices that may indicate fraud, waste, and abuse affecting government healthcare programs such as Medicare and Medicaid. Those laws may be interpreted or applied in a manner that could require us to make changes in our operations at added expense. Alleged failures to comply with those laws, including the federal Anti-Kickback Statute, expose us to federal or state government investigations or qui tam actions, and to liability for damages and civil and criminal penalties. Failures to comply with those laws, including the federal Anti-Kickback Statute, might expose us to federal or state government investigations or qui tam actions, and to liability for damages and civil and criminal penalties. Such failures might result in the loss of licenses or our ability to participate in Medicare, Medicaid, or other federal and state healthcare programs, or pursue government contracts. These sanctions might have a materially adverse impact on our business operations and our financial position or results of operations.
We might lose our ability to purchase, store, or distribute pharmaceuticals, including controlled substances, and medical products.
As described in “Government Regulation” in Item 1 of Part I above, we are subject to the operating, quality, regulatory, and security requirements of the DEA, the FDA, various state boards of pharmacy, state health departments, CMS, and other agencies. Noncompliance with these requirements can result in inspectional observations, warning letters, product recalls, withdrawals or other market action, fines, seizures, injunctions, and other administrative, civil, and criminal enforcement actions. Noncompliance with these requirements can result in inspectional observations, warning letters, product recalls, seizures, injunctions, and other administrative, civil, and criminal enforcement actions. Noncompliance, enforcement actions or adverse decisions by regulators, or the inability to obtain, maintain, or renew permits, licenses, or other regulatory approvals needed for the operation of our businesses might have a materially adverse impact on our reputation, our business operations and our financial position or results of operations. Noncompliance, enforcement actions, or adverse decisions by regulators, or the inability to obtain, maintain, or renew permits, licenses, or other regulatory approvals needed for the operation of our businesses might have a materially adverse impact on our business operations and our financial position or results of operations.
Privacy, cybersecurity, data protection, and AI laws increase our compliance burden.Privacy, data protection, and cybersecurity laws increase our compliance burden.
As described in “Government Regulation” in Item 1 of Part I above, we are subject to a variety of privacy, cybersecurity, data protection, and AI laws that change frequently and have requirements that vary from jurisdiction to jurisdiction. Failure to comply with these laws subjects us to potential regulatory enforcement activity, fines, private litigation including class actions, reputational impacts, and other costs. We also have contractual obligations that might be breached if we fail to comply with privacy and data security laws. The use of AI solutions by our employees or third parties on which we rely could also lead to the misuse of data or public disclosure of confidential information (including personal data or proprietary information) in contravention of our internal policies, applicable laws, contractual requirements, or third-party intellectual property rights. The effects could impair, for example, the availability and cost of certain products, commodities, transportation, and energy (including utilities), which in turn may impact our ability to procure goods or services, and transport those goods, required for the operation of our business at the quantities and levels we require. Our efforts to comply with privacy, data security, and AI laws complicate our operations and add to our costs. Our efforts to comply with privacy and data security laws complicate our operations and add to our costs. A significant cybersecurity and/or privacy breach or failure to comply with privacy and data security laws, by us or by external service providers, vendors, or other third parties with which we do business, might have a materially adverse impact on our reputation, our business operations, and our financial position or results of operations. A significant privacy breach or failure to comply with privacy and data security laws, by us or by external service providers, vendors, or other third parties with which we do business, might have a materially adverse impact on our reputation, our business operations, and our financial position or results of operations.
Anti-bribery and anti-corruption laws increase our compliance burden.
We are subject to laws prohibiting improper payments and bribery, including the U.S. Foreign Corrupt Practices Act, the U.K. Bribery Act, and similar regulations in other jurisdictions. Our failure to comply with these laws might subject us to civil and criminal penalties that might have a materially adverse impact on our reputation, our business operations, and our financial position or results of operations.
15
McKESSON CORPORATION
Company and Operational Risks
We might record significant charges from impairment to goodwill, intangibles, and other long-lived assets.
We are required under U.S. Generally Accepted Accounting Principles (“GAAP”) to test our goodwill for impairment annually or more frequently if indicators for potential impairment exist. Indicators that are considered include significant changes in performance relative to expected operating results, significant changes in the use of the assets, significant negative industry or economic trends, or a significant decline in the Company’s stock price and/or market capitalization for a sustained period of time. In addition, we periodically review our intangible and other long-lived assets for impairment when events or changes in circumstances indicate the carrying value may not be recoverable. In addition, we periodically review our intangible and other long-lived assets for impairment when events or changes in circumstances, such as a divestiture, indicate the carrying value may not be recoverable. Factors that may be considered a change in circumstances indicating that the carrying value of our intangible and other long-lived assets may not be recoverable include slower growth rates, the loss of a significant customer, burdensome new laws or other adverse legal developments, or divestiture of a business or asset for less than its carrying value. There are inherent uncertainties in management’s estimates, judgments, and assumptions used in assessing recoverability of goodwill, intangibles, and other long-lived assets. Any material changes in key assumptions, including failure to meet business plans, negative changes in government reimbursement rates, a deterioration in the U.S. and global financial markets, an increase in interest rates, an increase in inflation, or an increase in the cost of equity financing by market participants within the industry, or other unanticipated events and circumstances, may decrease the projected cash flows or increase the discount rates and could potentially result in an impairment charge. We have in the past recorded, and may be required to record, a significant charge to earnings in our consolidated financial statements during the period in which any impairment of our goodwill or intangible and other long-lived assets is determined, which might have a materially adverse impact on our business operations and our financial position or results of operations. We may be required to record a significant charge to earnings in our consolidated financial statements during the period in which any impairment of our goodwill or intangible and other long-lived assets is determined, which might have a materially adverse impact on our business operations and our financial position or results of operations. See Financial Note 10, “Goodwill and Intangible Assets,” for descriptions of impairments of goodwill or intangible or other long-lived assets in recent periods.
We experience cybersecurity incidents that might significantly compromise our technology systems or might result in material data breaches.
We, our external service providers, vendors, and other third parties with which we do business, use technology and systems to perform our business operations, such as the secure electronic transmission, processing, storage, and hosting of sensitive information, including protected health information and other types of personal information, confidential financial information, proprietary information, and other sensitive information relating to our customers, company, and workforce. Despite our physical, technical, and administrative security measures as well as third party risk management processes as discussed in “Cybersecurity” in Item 1C of Part I below, technology systems and operations of the Company and third parties, including our external service providers and vendors, with which we do business, have experienced cybersecurity incidents and are subject to future cyberattacks and cybersecurity incidents. Despite conducting our own physical, technical, and administrative security measures as well as third party risk management processes as discussed in “Cybersecurity” in Item 1C of Part I below, technology systems and operations of the Company and third parties, including our external service providers and vendors, with which we do business have experienced cybersecurity incidents and are subject to future cyberattacks and cybersecurity incidents. Companies in the healthcare industry are increasingly targeted for cyberattacks. Cybersecurity incidents include unauthorized occurrences on or conducted through our or our third parties’ information systems, such as tampering, malware insertion, ransomware attacks, or other system integrity events. The risk and efficacy of cyberattacks increases from time to time due to a variety of internal and external factors, including, but not limited to, the adoption of sophisticated and rapidly evolving techniques, such as adversarial AI, and during political or military unrest. The risk and efficacy of cyberattacks increases from time to time due to a variety of internal and external factors, including the adoption of sophisticated and rapidly evolving techniques, such as adversarial AI, and during political tensions, military conflicts, or civil unrest. Our adoption of AI also may create new attack surfaces or methods and generally increase cybersecurity and data protection risks and costs. A cybersecurity incident might involve a material data breach or other material impact to the confidentiality, integrity, availability, and operations of our technology systems or data, which might result in harm to patients, consumers, or employees; litigation or regulatory action; disruption of our business operations; loss of customers or revenue; cash flow impacts; and increased expense. Additionally, it may take considerable time for us to investigate and evaluate the full impact of incidents, particularly for sophisticated attacks. These factors may inhibit our ability to provide prompt, full, and reliable information about the incident to our customers, regulators, and the public. Any cybersecurity incident might have a materially adverse impact on our business, our operations, our reputation, and our financial position or results of operations. Accordingly, legal disputes might have a materially adverse impact on our reputation, our business operations, and our financial position or results of operations.
We experience significant problems with information systems or networks.
We rely on sophisticated information systems and networks to perform our business operations, such as to obtain, rapidly process, analyze, and manage data that facilitate the purchase and distribution of thousands of inventory items from distribution centers. We provide remote services that involve hosting customer data and operating software on our own or third-party systems. Our customers rely on their ability to access and use these systems, and their data, as needed, and our ability to compete effectively is increasingly dependent on access to, and interpretation of, data. Our customers rely on their ability to access and use these systems and their data as needed. Data quality impacts customer ordering, order fulfillment and higher order processing. If we fail to effectively implement and maintain data governance structures across our businesses, to effectively interpret and utilize such data, or protect the integrity of such data, including systems
16
McKESSON CORPORATION
powered by or incorporating AI and machine learning, our operations could be impacted, and we may be at a competitive disadvantage. Our networks and hosting systems are also vulnerable to interruption or damage from sources beyond our control. When those information systems or networks are disrupted, or if the timely delivery of medical care or other customer business requirements are impaired, we experience injury to patients or consumers, litigation or regulatory action, disruption of our business operations, loss of customers or revenue, cash flow impacts, and increased expense. In addition, hardware, software, and other applications and updates procured from third parties may contain defects that have, or may in the future, unexpectedly restrict access to or interfere with the proper operations of our information systems and hardware. Any such problems might have a materially adverse impact on our business, our reputation, and our financial position or results of operations.
Our technology products or services might not conform to specifications or perform as we intend.
We sell and provide services involving complex software and technology that may contain errors, especially when first introduced to market. Healthcare professionals delivering patient care tend to have heightened sensitivity to system and software errors. If our software and technology services are alleged to have contributed to faulty clinical decisions, compromised continuity of patient care, or injury to patients, we might be subject to regulatory scrutiny or, claims by users of our software or services and/or their patients. Errors or failures might damage our reputation and negatively affect future sales. A failure of a system or software to conform to specifications might constitute a breach of warranty that could result in repair costs, contract termination, refunds, or claims for damages. These risks can be heightened upon the adoption of new technologies, including AI, and may introduce new or expanded risks, such as data inaccuracy, unreliability, or bias. These risks can be heightened upon the adoption of rapid evolution or new technologies, including AI, and may introduce new or expanded risks, such as data inaccuracy, unreliability, or bias. Any of these types of errors or failures might have a materially adverse impact on our reputation, our business operations, and our financial position or results of operations.
Pharmaceutical and medical products that we distribute might not conform to specifications or perform as intended.
We distribute pharmaceutical, medical, and other FDA-regulated products manufactured by third parties and by our private label businesses, including medications that may be temperature sensitive or have limited shelf lives. Our systems and procedures are designed to maintain the safety and efficacy of the products throughout the sourcing and distribution process. Issues affecting product safety or efficacy can arise from manufacturing, storing, distributing, dispensing or using products, and can result in adverse consequences such as safety alerts, seizures, bans, recalls, withdrawals or other market action, suspensions, and other regulatory actions and sanctions, civil lawsuits, increased costs, disruptions, delays, and reputational damage. Issues affecting product efficacy or safety can arise from manufacturing, storing, distributing, dispensing or using products, and can result in safety alerts, recalls, regulatory action, civil lawsuits, fines or other sanctions, and reputational damage. Any of these types of issues or results might have a materially adverse impact on our reputation, our business operations, and our financial position or results of operations.
We might not realize expected benefits from business process initiatives.
From time to time, we implement restructuring, cost reduction, or other business process initiatives that result in significant charges and expenses. These initiatives might fail to achieve our desired objectives or have unintended consequences such as distraction of our management and employees, business disruption, attrition beyond any planned reduction in workforce, inability to attract or retain key personnel and reduced employee productivity. Any of these risks might have a materially adverse impact on our business operations and our financial position or results of operations.
We might be unable to successfully complete or integrate acquisitions or other strategic transactions.We might be unable to successfully complete or integrate acquisitions or other business combinations.
Our growth strategy includes consummating acquisitions or other strategic transactions that either expand or complement our business.Our growth strategy includes consummating acquisitions or other business combinations that either expand or complement our business. To fund these strategic transactions, we may require financing that may not be available on acceptable terms. To fund acquisitions, we may require financing that may not be available on acceptable terms. We may not receive governmental approvals needed to complete proposed transactions, or such approvals may be subject to delays or conditions that reduce transaction benefits. We may not receive regulatory approvals needed to complete proposed transactions, or such approvals may be subject to delays or conditions that reduce transaction benefits. Achieving the desired outcomes of these strategic transactions involves significant risks including: diverting management’s attention from other business operations; challenges with assimilating the acquired businesses, such as integration of operations, systems, and technologies; failure or delay in realizing operating synergies; difficulty retaining key acquired company personnel; unanticipated accounting or financial systems issues with the acquired business, which might affect our internal controls over financial reporting; disputes with the sellers of acquired businesses; unanticipated compliance issues in the acquired business; unknown or unanticipated cybersecurity issues; challenges retaining customers of the acquired business; unanticipated expenses or charges to earnings, including depreciation and amortization or potential impairment charges; and risks of known and unknown assumed liabilities in the acquired business. Achieving the desired outcomes of business combinations involves significant risks including: diverting management’s attention from other business operations; challenges with assimilating the acquired businesses, such as integration of operations, systems, and technologies; failure or delay in realizing operating synergies; difficulty retaining key acquired company personnel; unanticipated accounting or financial systems issues with the acquired business, which might affect our internal controls over financial reporting; unanticipated compliance issues in the acquired business; unknown or unanticipated cybersecurity issues; challenges retaining customers of the acquired business; unanticipated expenses or charges to earnings, including depreciation and amortization or potential impairment charges; and risks of known and unknown assumed liabilities in the acquired business. These risks at times have adversely affected, and could in the future adversely affect, our ability to achieve the anticipated benefits of an acquisition, and might have a materially adverse impact on our business operations and our financial position or results of operations.
17
McKESSON CORPORATION
From time to time we are adversely impacted by delays or other difficulties with divestitures.
When we decide to sell or otherwise divest assets or a business, we may encounter difficulty in finding buyers or exit strategies on acceptable terms or in a timely manner, which could delay the achievement of our strategic objectives.When we decide to sell assets or a business, we may encounter difficulty in finding buyers or exit strategies on acceptable terms or in a timely manner, which could delay the achievement of our strategic objectives. After the disposition, we might experience greater dissynergies than expected, and the impact of the divestiture on our revenue or profit might be larger than we expected. We might have difficulties with pre-closing conditions such as governmental approvals, which could delay or prevent the divestiture. We might have difficulties with pre-closing conditions such as regulatory and governmental approvals, which could delay or prevent the divestiture. We might have financial exposure in a divested business, such as through minority equity ownership, financial or performance guarantees, indemnities, or other obligations, such that conditions outside of our control might negate the expected benefits of the disposition. Any of these risks could adversely affect our ability to achieve the anticipated benefits of a divestiture and might have a materially adverse impact on our business operations and our financial position or results of operations.
We might not realize the expected tax treatment from our split-off of Change Healthcare.
On March 10, 2020, the Company completed a separation of its interest in Change Healthcare LLC (“Change Healthcare JV”). The divestiture was effected through the split-off of PF2 SpinCo, Inc. (“SpinCo”), a wholly owned subsidiary of the Company that held all of the Company’s interest in the Change Healthcare JV, to certain of the Company’s stockholders through an exchange offer (the “Exchange Offer”), followed by a merger of SpinCo with and into Change Healthcare Inc. (“Change”), with Change surviving the merger (the “Merger” and, together with the Exchange Offer, the “Transactions”). The Company received an opinion from outside legal counsel to the effect that the Transactions qualified as generally tax-free transactions to the Company and its shareholders for U.S. federal income tax purposes. An opinion of legal counsel is not binding on the Internal Revenue Service (the “IRS”) or the courts, and the IRS or the courts may not agree with the intended tax-free treatment of the Transactions. In addition, the opinion could not be relied upon if certain assumptions, representations, and undertakings upon which the opinion was based are materially inaccurate or incomplete, or are violated in any material respect. If the intended tax-free treatment of the Transactions is not sustained, the Company and its stockholders who participated in the Transactions may be required to pay substantial U.S. federal income taxes. In connection with the Transactions, the Company, SpinCo, Change, and the Change Healthcare JV entered into the Tax Matters Agreement, which governs their respective rights, responsibilities, and obligations with respect to tax liabilities and benefits, tax attributes, tax contests, and other tax sharing regarding U.S. federal, state, and local, and non-U.S. taxes, other tax matters, and related tax returns. Under the Tax Matters Agreement, Change is required to indemnify the Company if the Transactions become taxable as a result of certain actions by Change or SpinCo, or as a result of certain changes in ownership of the stock of Change after the Merger. If Change does not honor its obligations to indemnify the Company, or if the Transactions fail to qualify for the intended tax-free treatment for reasons not related to a disqualifying action by Change or SpinCo, the resulting tax to the Company could have a significant adverse effect on our financial position or results of operations.
18
McKESSON CORPORATION
We might be adversely impacted by outsourcing or similar third-party relationships.
We rely on third parties to perform certain business and administrative functions for us. We might not adequately develop, implement, and monitor these outsourced service providers, and we might not realize expected cost savings or other benefits. Third-party service providers experience cybersecurity incidents and other disruptions and can fail to perform their obligations due to various causes, which might cause us to incur operational difficulties, additional compliance requirements, or increased costs related to outsourced services. Third-party services providers experience cybersecurity incidents and can fail to perform their obligations due to various causes, which might cause us to incur operational difficulties, additional compliance requirements, or increased costs related to outsourced services. For example, our ability to use outsourcing resources in certain jurisdictions might be limited by legislative action or customer contracts, with the result that the work must be performed at greater expense or we may be subject to sanctions for non-compliance. Any of these risks might have a materially adverse impact on our reputation, our business operations, and our financial position or results of operations. Any of these risks might have a materially adverse impact on our business operations and our financial position or results of operations.
We may be unsuccessful in achieving our strategic growth objectives.
Our business strategy as a diversified healthcare services company includes investing to build an integrated oncology and specialty care platform and expand our biopharma services business.Our business strategy as a diversified healthcare services company includes investing to build an integrated oncology service business and expand our biopharma services business. Our ability to grow those businesses will depend on our: hiring and retaining talented individuals with necessary knowledge and skills; acquiring, developing, and implementing new technologies and capabilities, including AI; forming and expanding business relationships; and successfully competing against providers of similar services. New technologies, such as AI, may not result in the benefits we anticipate, may not enable us to maintain a competitive advantage, and may require us to expend significant resources. We have increased, and expect to continue to increase, our use of AI technology. The AI technologies we employ may become obsolete earlier than planned or we may be unsuccessful at realizing the benefits of these investments. Additionally, some of our historical competitors and a growing number of new competitive entrants have more experience than we do in enabling technologies such as data analytics, machine learning, or AI. Additionally, some historical competitors and a growing number of new competitive entrants have more experience than we do in enabling technologies such as data analytics, machine learning, or AI. We may not achieve our desired return on our investments through our growth strategies. If we fail to achieve acceptable sales and profitability in our strategic growth areas, it might have a materially adverse impact on our business prospects and our financial position or results of operations.
We are impacted by customer purchase reductions, contract non-renewals, payment defaults, and bankruptcies.
Some of our customers from time to time reduce the amounts they purchase from us, do not renew their purchase contracts with us, renew their purchase contracts at less favorable terms, delay or default on their payments to us, or avoid payments to us through bankruptcy proceedings.Some of our customers from time to time reduce the amounts they purchase from us, do not renew their purchase contracts with us, delay or default on their payments to us, or avoid payments to us through bankruptcy proceedings. At March 31, 2025, sales to our largest customer represented approximately 24% of our total consolidated revenues and approximately 23% of our total trade receivables, and those of our ten largest customers combined accounted for approximately 72% of our consolidated revenues and approximately 48% of our trade receivables. Refer to “Other Information about the Business” in Item 1 of Part I above for additional details on our customers. One or more customer purchase reductions, contract non-renewals, renewals at less favorable terms, payment defaults, or bankruptcies might have a materially adverse impact on our business operations and our financial position or results of operations. One or more customer purchase reductions, contract non-renewals, payment defaults, or bankruptcies might have a materially adverse impact on our business operations and our financial position or results of operations.
Our contracts with governmental entities involve future funding and compliance risks.Our contracts with government entities involve future funding and compliance risks.
Our contracts with governmental entities are subject to risks such as lack of funding and compliance with unique requirements.Our contracts with government entities are subject to risks such as lack of funding and compliance with unique requirements. For example, government contract purchase obligations are typically subject to the availability of funding, which may be eliminated or reduced. In addition, the future volume of products or services purchased by a government customer is often uncertain. Our government contracts might not be renewed or might be terminated for convenience with little prior notice. They might be modified with less favorable terms. Government contracts typically expose us to higher potential liability than do other types of contracts. In addition, government contracts typically are subject to procurement laws that include socio-economic, employment practices, environmental protection, recordkeeping and accounting, and other requirements. For example, our contracts with the U.S. government generally require us to comply with the Federal Acquisition Regulation, Procurement Integrity Act, Buy American Act, Trade Agreements Act, and other laws and requirements. New or revised laws, requirements, and policies, or changes in the interpretation of existing laws, requirements, and policies, could adversely affect our business and competitiveness and increase our compliance costs. We are subject to government audits, investigations, and oversight proceedings. Governmental agencies routinely review and audit government contractors to determine whether they are complying with contractual and legal requirements. Government agencies routinely review and audit government contractors to determine whether they are complying with contractual and legal requirements. If we fail to comply with these requirements, or we fail an audit, we may be subject to various sanctions such as monetary damages, criminal and civil penalties, termination of contracts, and suspension or debarment from government contract work. These requirements complicate our business and increase our compliance burden. The occurrence of any of these risks could harm our reputation and might have a materially adverse impact on our business operations and our financial position or results of operations.
19
McKESSON CORPORATION
We might be harmed by changes in our relationships or contracts with suppliers.
We attempt to structure our distribution agreements with manufacturers to ensure that we are appropriately and predictably compensated for the services we provide.We attempt to structure our pharmaceutical distribution agreements with manufacturers to ensure that we are appropriately and predictably compensated for the services we provide. Certain distribution agreements with manufacturers include product price inflation as a component of our consideration, and we cannot control the frequency or magnitude of price changes. Certain distribution agreements with manufacturers include pharmaceutical price inflation as a component of our consideration, and we cannot control the frequency or magnitude of pharmaceutical price changes. Laws limiting or reducing product prices, and changes to manufacturers’ pricing policies or practices as a result of changing laws, impact our distribution agreements. Laws limiting or reducing pharmaceutical prices, and changes to manufacturers’ pricing policies or practices as a result of changing laws, impact our distribution agreements. We might be unable to renew distribution agreements with manufacturers in a timely and favorable manner. We might be unable to renew pharmaceutical distribution agreements with manufacturers in a timely and favorable manner. Any of these risks might have a materially adverse impact on our business operations and our financial position or results of operations.
We might infringe intellectual property rights or our intellectual property protections might be inadequate.
We believe that our products and services do not infringe the proprietary rights of third parties, but third parties have asserted infringement claims against us and may do so in the future. If a court were to hold that we infringed other’s rights, we might be required to pay substantial damages, develop non-infringing products or services, obtain a license, stop selling or using the infringing products or services, or incur other sanctions. We rely on trade secret, patent, copyright, and trademark laws, nondisclosure obligations, and other contractual provisions and technical measures to protect our proprietary rights in our products and solutions. We might initiate costly and time-consuming litigation to protect our trade secrets, to enforce our patent, copyright, and trademark rights, and to determine the scope and validity of the proprietary rights of others. Our intellectual property protection efforts might be inadequate to protect our rights. Our competitors might develop non-infringing products or services equivalent or superior to ours. Any of these risks might have a materially adverse impact on our business operations and our financial position or results of operations.
Our use of third-party data is subject to risks and limitations that could impede the growth of our data services business.Our use of third-party data is subject to limitations that could impede the growth of our data services business.
We attempt to structure our processes to satisfy contractual and other operative data usage rights and limitations associated with customers, industry partners, and other third-party data flowing through our businesses.We attempt to structure our diligence processes to satisfy contractual and other operative data usage rights and limitations associated with customer, industry partners, and other third-party data flowing through our businesses. These rights and limitations can apply to confidential commercial data and personal data provided to us. Failure to satisfy these data usage rights and limitations can lead to legal claims such as contractual breaches or data protection and privacy law violations. If a court were to hold that our use of data is not consistent with our rights and limitations, we might be required to pay substantial damages; we might need to stop using, sharing, and/or selling certain products and services; or we might incur other financial, legal, and/or reputational consequences. In addition, we might be unable to negotiate and/or obtain at an acceptable cost the data usage rights needed to advance our data strategy growth and AI objectives. In addition, in order to reach our data strategy growth and AI objectives, we might be unable to negotiate and/or obtain at an acceptable cost the data usage rights needed to advance such goals. Any of these risks might have a materially adverse impact on our business operations and our financial position or results of operations.
We might be unable to successfully recruit and retain qualified employees.
Our ability to attract, engage, develop, and retain qualified and experienced employees, including key executives and other talent, is essential for us to meet our objectives. We compete with many other businesses to attract and retain employees. Competition among potential employers results in increased salaries, benefits, or other employee-related costs, or in our failure to recruit and retain employees. We may experience sudden loss of key personnel due to a variety of causes, such as illness; and although we must adequately plan for timely succession of key management roles, our succession plans might not be effective, and employees might not successfully transition into new roles. Any of these risks might have a materially adverse impact on our business operations and our financial position or results of operations.
Industry and Economic Risks
We might be adversely impacted by healthcare reform such as changes in pricing and reimbursement models.
Many of our products and services are designed to function within the structure of current healthcare financing and reimbursement systems.Many of our products and services are designed and intended to function within the structure of current healthcare financing and reimbursement systems. The healthcare industry and related government programs are changing. Some of these changes increase our risks and create uncertainties for our business.
For example, some changes in reimbursement methodologies (including government rates) for pharmaceuticals, medical treatments, and related services reduce profit margins for us and our customers and impose new legal requirements on healthcare providers. Those changes have included cuts in Medicare and Medicaid reimbursement levels, changes in the bases for payments, shifts from fee-for-service pricing towards value-based payments and risk-sharing models, and increases in the use of managed care.
20
McKESSON CORPORATION
In the U.S., the ACA significantly expanded health insurance coverage to uninsured Americans and changed the way healthcare is financed by both governmental and private payors. Enactment of the IRA and its implementation over the next several years is anticipated to bring meaningful changes in how Medicare pays for drugs and various benefit design changes, which are all intended to reduce the price of drugs. Three central features of the IRA authorize the government to negotiate drug prices for certain Parts B and D drugs over time, establish an inflationary rebate program, and cap patient cost sharing under Medicare Part D. Three central features of the IRA would authorize the government to negotiate drug prices for certain Parts B and D drugs over time, establish an inflationary rebate program, and cap patient cost sharing under Medicare Part D. The implementation of these and other features of the IRA may result in significant changes to the pharmaceutical value chain as manufacturers, pharmacy benefit managers, managed care organizations, and other industry stakeholders look to implement new transactional flows and adapt their business models. Any such changes to arrangements involving our business as a result of this legislation, such as changes to our distribution agreements with manufacturers impacted by the IRA, may materially affect our business. The extent of the effects of the IRA remains uncertain due to a number of factors, including the potential for future regulations and guidance promulgated by HHS to implement provisions of the IRA. We continue to evaluate the impact of this law on our business.
Private challenges to government healthcare policy may also have significant impacts on our business. For example, many pharmaceutical manufacturers have unilaterally restricted sales under the Public Health Service’s 340B Drug Pricing Program (the “340B program”) to contract pharmacies. For example, many pharmaceutical manufacturers have unilaterally restricted sales under the 340B drug pricing program to contract pharmacies. The 340B program requires manufacturers to offer discounts on certain drugs purchased by “covered entities,” which include safety-net providers. The 340B drug pricing program requires manufacturers to offer discounts on certain drugs purchased by “covered entities,” which include safety-net providers. The Health Resources and Services Administration (“HRSA”) has taken the position that a covered entity may dispense such discounted drugs through multiple contract pharmacies. The Health Resources and Services Administration has taken the position that a covered entity may dispense such discounted drugs through multiple contract pharmacies. Starting in 2020, some manufacturers began to restrict such practices. Certain manufacturers and HHS continue to litigate these issues. Some manufacturers and HHS continue to litigate these issues. The U.S. Courts of Appeal for the Third and D.C. Circuits have ruled that Section 340B of the Public Health Service Act does not require manufacturers to provide discounted drugs to an unlimited number of contract pharmacies. The US Court of Appeals for the Third Circuit has ruled that Section 340B does not require manufacturers to provide discounted drugs to an unlimited number of contract pharmacies. The U.S. Court of Appeals for the Seventh Circuit also is addressing this issue but has not yet ruled. Separately, several entities have filed lawsuits against HHS and HRSA related to the proposed implementation of rebate models to effectuate 340B pricing. Any changes to our arrangements that result from the rulings in these cases might have an adverse impact on our business.
Provincial governments in Canada that provide partial funding for the purchase of pharmaceuticals and independently regulate the sale and reimbursement of drugs have sought to reduce the costs of publicly funded health programs. For example, provincial governments have taken steps to reduce consumer prices for generic pharmaceuticals and, in some provinces, change professional allowances paid to pharmacists by generic manufacturers.
Although there is substantial uncertainty about the likelihood, timing, and results of these health reform efforts and challenges, their implementation or outcome might have a materially adverse impact on our business operations and our financial position or results of operations.Although there is substantial uncertainty about the likelihood, timing, and results of these health reform efforts, their implementation might have a materially adverse impact on our business operations and our financial position or results of operations.
We are adversely impacted by competition and industry consolidation.
Our businesses face a highly competitive global environment with strong competition from international, national, regional, and local full-line, short-line, and specialty distributors, service merchandisers, self-warehousing chain drug stores, manufacturers engaged in direct distribution, third-party logistics companies, and large payer organizations. In addition, our businesses face competition from various other service providers and from pharmaceutical and other healthcare manufacturers as well as other potential customers, which may from time to time decide to develop, for their own internal needs, supply management capabilities that might otherwise be provided by our businesses. We also may face competition from companies that move faster to adopt emerging technologies. Due to consolidation, a few large suppliers control a significant share of the pharmaceuticals market. This concentration reduces our ability to negotiate favorable terms with suppliers and causes us to depend on a smaller number of suppliers. Many of our customers, including healthcare organizations, have consolidated or joined group purchasing organizations and have greater power to negotiate favorable prices. Consolidation by our customers, suppliers, and competitors might reduce the number of market participants and give the remaining enterprises greater bargaining power, which might lead to erosion in our profit margin. Consolidation might increase counterparty credit risk because credit purchases increase for fewer market participants. Consolidation also might affect our ability to achieve our growth objectives through acquisitions and other strategic transactions. These competitive pressures and industry consolidation might have a materially adverse impact on our business operations and our financial position or results of operations.
From time to time we have difficulties in sourcing or selling products due to a variety of causes and are adversely impacted by disruptions or changes in product supply.
We rely on third parties for the supply of pharmaceutical and other products, and our operations are subject to our suppliers’ continued ability to supply the products that we require. From time to time, we experience difficulties and delays in
21
McKESSON CORPORATION
sourcing and selling products due to a variety of causes that result in suppliers’ failure to satisfy production demand. Among these causes are suppliers’ challenges in complying with legal requirements (including product and production quality standards), access to raw materials, inputs, and finished goods, manufacturing shutdowns, and operational and systems difficulties. Supply disruptions also arise from other factors beyond our control, such as product rationalization; government actions or policies (including trade sanctions, tariffs and other trade restrictions, as well as the requisition, diversion, or allocation of inventory); shifts in customer or societal demand for products; labor disputes or shortages; ethical sourcing issues; supplier financial distress; natural disasters and weather-related events; civil unrest; military conflicts; and epidemics or pandemics. In these types of situations, our alternative sourcing efforts are not always fully successful. We might experience extended delays or incur higher sourcing costs or suffer harm to our customer relationships and reputation. Furthermore, changes in the healthcare industry’s or our suppliers’ pricing, selling, inventory, distribution, or supply policies or practices could significantly reduce our revenues and net income. Changes in the healthcare industry’s or our suppliers’ pricing, selling, inventory, distribution, or supply policies or practices could significantly reduce our revenues and net income. Any of these disruptions or changes might have a materially adverse impact on our business operations and our financial position or results of operations.
We are adversely impacted as a result of our distribution of generic pharmaceuticals.We might be adversely impacted as a result of our distribution of generic pharmaceuticals.
Our generic pharmaceuticals distribution business is subject to both product availability and pricing risks. We might experience disruptions in our supply of generic pharmaceuticals. We might experience disruptions in our supply of higher margin pharmaceuticals, including generic pharmaceuticals. We have been impacted when, due to regulatory and supply chain challenges, our supplier partners are not able to deliver products that we have committed to source from them. Input cost increases, product discontinuations, and market shortages could result in ClarusONE, our joint venture with Walmart Inc. Input cost increases and market shortages could result in ClarusONE, our joint venture with Walmart Inc. , being unsuccessful in sourcing product to meet the needs of our customers, or could negatively impact our margin. Generic drug manufacturers offer a generic version of branded pharmaceuticals and routinely challenge the validity or enforceability of branded pharmaceutical patents in order to launch the drug pre- or post-loss of exclusivity. Patent holders have asserted infringement claims against us for distributing those generic versions they believed to have infringed a patent, and the generic drug manufacturers may not fully indemnify us against such claims. These risks and outcomes, as well as changes in the nature, frequency, or magnitude of generic pharmaceutical launches, might have a materially adverse impact on our business operations and our financial position or results of operations. These risks and outcomes, as well as changes in the availability, pricing volatility, regulatory, or significant changes in the nature, frequency, or magnitude of generic pharmaceutical launches, might have a materially adverse impact on our business operations and our financial position or results of operations.
We are adversely impacted by changes in the economic environments in which we operate, including from inflation, an economic slowdown, a recession, or fluctuations in foreign currency exchange rates.
Inflationary conditions result in increased costs associated with our normal business operations and decreased levels of consumer commercial spending and, to the extent we are not able to offset such cost increases from our suppliers, increase the costs which we incur to purchase inventories and services. Inflationary pressure is increased by factors such as supply chain disruptions, labor market tightness, actual or announced tariffs, government policies, interest rate changes, and foreign exchange rate changes. Inflationary pressure is increased by factors such as supply chain disruptions, including the reduced availability of key commodities, labor market tightness, and government policies that lower interest rates or do not raise them sufficiently to counteract inflation. An economic slowdown or a recession could also reduce the prices our customers are able or willing to pay for our products and services and reduce the volume of their purchases. An economic slowdown or a recession could reduce the prices our customers are able or willing to pay for our products and services and reduce the volume of their purchases. In addition to rising inflation, rising interest rates, the impact of banking failures or perceived failures and related contagion, consumer sentiment, political circumstances, military conflicts, and civil unrest may contribute to recessionary pressure. In addition to rising inflation, rising interest rates, the impact of banking failures or perceived failures and related contagion, political tensions, military conflicts, and civil unrest may contribute to recessionary pressure. Our non-U.S. operations, import and export of products sold in non-U.S. dollar (USD) denominations, non-USD intercompany loans, and our substantial international net assets also expose us to foreign currency exchange rate risk. Changes in the economic environments in which we operate might have a materially adverse impact on our business operations and our financial position or results of operations.
Changes affecting capital and credit markets might impede access to credit, increase borrowing costs, and disrupt banking services for us and our customers and suppliers and might impair the financial soundness of our customers and suppliers.
Volatility and disruption in global capital and credit markets, including the bankruptcy or restructuring of certain financial institutions, reduced lending activity by financial institutions, reduced creditworthiness of our customers or suppliers, or decreased liquidity and increased costs in the commercial paper market, might adversely affect the borrowing ability and cost of borrowing for us and our customers and suppliers. Credit rating agencies regularly review our credit and rate our outstanding debt; and any downgrades in our credit ratings might limit our access to public debt markets, decrease financial institutions willingness to lend to us, lead to more restrictive debt covenants, increase our borrowing costs, and adversely affect our earnings. We generally sell our products and services under short-term unsecured credit arrangements. An adverse change in general or entity-specific economic conditions or access to capital might cause our customers to reduce their purchases from us, or delay payments, or fail to pay amounts, owed to us. Suppliers might increase their prices, reduce their output, or change their terms of sale due to limited availability of credit. Suppliers might be unable to make payments due to us for fees, returned products, or incentives. Interest rate increases or changes in capital market conditions, including as a result of macroeconomic
22
McKESSON CORPORATION
events, might impede our or our customers’ or suppliers’ ability or cost to obtain credit. Any of these risks might have a materially adverse impact on our business operations and our financial position or results of operations.
We might be adversely impacted by tax legislation or challenges to our tax positions.
We are subject to the tax laws in the U.S. at the federal, state, and local government levels and to the tax laws of other jurisdictions in which we operate or sell products or services. Tax laws might change in ways that adversely affect our tax positions, effective tax rate, and cash flow. The tax laws are extremely complex and subject to varying interpretations. For example, the European Union and other countries (including countries in which we operate) have committed to enacting changes to numerous long-standing tax principles impacting how large multinational enterprises are taxed. In particular, the Organization for Economic Co-operation and Development’s Pillar Two initiative introduces a 15% global minimum tax applied on a country-by-country basis which many jurisdictions have enacted or committed to enact. In particular, the Organization for Economic Cooperation and Development’s Pillar Two initiative introduces a 15% global minimum tax applied on a country-by-country basis which many jurisdictions have now committed to enact. The impact of these new and potential regulations as well as any other changes in domestic and international tax regulations could have a material effect on our effective tax rate. The impact of these potential new regulations as well as any other changes in domestic and international tax regulations could have a material effect on our effective tax rate. We are subject to tax examinations in various jurisdictions that might assess additional tax liabilities against us. Our tax reporting positions are sometimes challenged by relevant tax authorities, we might incur significant expense in our efforts to defend those challenges, and we might be unsuccessful in those efforts. Developments in examinations and challenges might materially change our provision for taxes in the affected periods and might differ materially from our historical tax accruals. Any of these risks might have a materially adverse impact on our business operations, our cash flows, and our financial position or results of operations.
General Risks
Conditions and events outside of our control, such as widespread public health issues, natural disasters, and geopolitical factors adversely impact our business operations and our financial position or results of operations.
From time to time we are adversely affected by conditions and events outside of our control, including: widespread public health issues such as epidemic or pandemic infectious diseases; natural disasters and other catastrophic events such as earthquakes, floods, or severe weather; and geopolitical factors such as terrorism, military conflicts, civil unrest, political circumstances (including changes in international relations), changes or uncertainty in government policies (including with respect to U.S. or international trade), actual or announced tariffs or other trade restrictions, or changes in laws or their interpretation. These conditions and events can disrupt operations for us, our suppliers, our vendors, and our customers, as well as impair product manufacturing, supply, and transport availability and cost in unpredictable ways that depend on highly uncertain future developments. These events can disrupt operations for us, our suppliers, our vendors, and our customers, as well as impair product manufacturing, supply, and transport availability and cost in unpredictable ways that depend on highly uncertain future developments. They might affect consumer confidence levels and spending or the availability of certain goods, commodities, raw materials, and other inputs. They might affect consumer confidence levels and spending or the availability of certain goods or commodities. In response to these types of conditions and events, we might seek alternate sources for product supply, incur additional sourcing or distribution costs, suspend operations, implement extraordinary procedures, or suffer consequences that are unexpected and difficult to mitigate. In response to these types of events, we might suspend operations, implement extraordinary procedures, seek alternate sources for product supply, or suffer consequences that are unexpected and difficult to mitigate. For example, recently imposed or announced U.S. tariffs, as well as any retaliatory tariffs or other trade restrictions imposed by other countries, might require us to incur substantial additional sourcing costs, raise prices on certain products, or seek alternate supply sources. If we are unable to effectively manage or offset the impact of new tariffs or other trade restrictions, or find alternate sources of supply, we might be competitively disadvantaged or experience reduced profit margins or supply disruptions. Further, we might suffer harm to our customer relationships. Any of the foregoing risks might have a materially adverse impact on our business operations and our financial position or results of operations. Any of these scenarios might have a materially adverse impact on our business, our reputation, and our financial position or results of operations.
We may be adversely affected by global climate change or by regulatory or market responses to such change.We may be adversely affected by global climate change or by legal, regulatory, or market responses to such change.
The long-term effects of climate change are difficult to predict and may be widespread. The impacts may include physical risks (such as rising sea levels or frequency and severity of extreme weather conditions), social and human effects (such as population dislocations or harm to health and well-being), compliance costs and transition risks (such as regulatory or technology changes), costs for critical services (such as transportation costs), and other adverse effects. The effects could impair, for example, the availability and cost of certain products, commodities, transportation, and energy (including utilities), which in turn may impact our ability to procure goods or services, and transport those goods, required for the operation of our business at the quantities and levels we require. We bear losses incurred as a result of, for example, physical damage to or destruction of our facilities (such as distribution or fulfillment centers), loss or spoilage of inventory due to unusual ambient temperatures, and business interruption due to weather events that may be attributable to climate change. These risks might have a materially adverse impact on our business operations and our financial position or results of operation. These sanctions might have a materially adverse impact on our business operations and our financial position or results of operations.
23
McKESSON CORPORATION
Evolving expectations and regulatory requirements related to governance and sustainability matters may damage our reputation and have an adverse effect on our business, financial condition, and results of operations.
Investors, regulators, employees, customers, and other stakeholders continue to focus on companies’ governance and sustainability (“G&S”) practices and policies, including those related to human capital management, climate change, environmental responsibility, and social impact. Given the varied and at times divergent views of different stakeholder groups, any action or inaction by us with respect to G&S matters may be perceived negatively by some stakeholders. Furthermore, the G&S regulatory landscape is evolving and uncertain. New or revised laws and policies, or changes in the interpretation of existing laws and policies, could increase our compliance costs and expose us to legal risks. From time to time, we make statements regarding our sustainability goals. Although we intend to meet these goals, we may be required to expend significant resources to do so, which could impose costs on us. In addition, we could be criticized for the scope or nature of these goals, or for any revisions to our goals. Moreover, we may determine that it is in the best interests of the Company and our stockholders to prioritize other business investments over the achievement of our sustainability goals based on various factors such as our business strategy, technological and regulatory developments, industry standards, and input or pressure from stakeholders. Moreover, we may determine that it is in the best interest of our Company and our stockholders to prioritize other business, social, governance, or sustainable investments over the achievement of our current goals based on economic, technological developments, regulatory and social factors, business strategy, or pressure from investors, activist groups, or other stakeholders. If our G&S practices or outcomes do not align with stakeholder expectations or evolving regulatory requirements, our reputation, stock price, ability to access capital markets, and employee recruitment and retention efforts might be negatively affected. We also could face litigation or government action. Any of the foregoing risks might have a materially adverse impact on our business, financial condition, and results of operations. Any of these scenarios might have a materially adverse impact on our business, our reputation, and our financial position or results of operations.
Exclusive forum provisions in our Bylaws could limit our stockholders’ ability to choose their preferred judicial forum for disputes with us or our directors, officers, or employees.
Our amended and restated bylaws provide that, unless the Corporation consents in writing to the selection of an alternative forum, the sole and exclusive forum for specified legal actions is the Court of Chancery of the State of Delaware or the United States District Court for the District of Delaware if the Court of Chancery does not have or declines to accept jurisdiction (collectively, “Delaware Courts”). Current and former stockholders are deemed to have consented to the personal jurisdiction of the Delaware Courts in connection with any action to enforce that exclusive forum provision and to service of process in any such action. These provisions of the bylaws are not a waiver of, and do not relieve anyone of duties to comply with, federal securities laws including those specifying the exclusive jurisdiction of federal courts under the Exchange Act and concurrent jurisdiction of federal and state courts under the Securities Act. To the extent that these provisions of the bylaws limit a current or former stockholder’s ability to select a judicial forum other than the Delaware Courts, they might discourage the specified legal actions, might cause current or former stockholders to incur additional litigation-related expenses, and might result in outcomes unfavorable to current or former stockholders. A court might determine that these provisions of the bylaws are inapplicable or unenforceable in any particular action, in which case we may incur additional litigation related expenses in such action, and the action may result in outcomes unfavorable to us, which could have a materially adverse impact on our reputation, our business operations, and our financial position or results of operations.
Item 1B. Unresolved Staff Comments.
None.
Item 1C. Cybersecurity.
Risk Management and Security
Our Cybersecurity Risk Management Program (“RM Program”) is aligned with the National Institute of Standards and Technology Cybersecurity Framework and other industry best practices. The RM Program is designed to identify, assess and mitigate material cybersecurity risks.
24
McKESSON CORPORATION
We have implemented cybersecurity controls designed to protect our systems, data and operations from cybersecurity risks. Enterprise-wide cybersecurity and privacy training continue to serve an important role in risk reduction and protection of the Company and our stakeholders. We require periodic access-based and role-based privacy and cybersecurity training, which is updated to reflect changes in the threat environment, audit findings, laws, and regulations. We also engage and educate employees through cybersecurity and privacy awareness programs and communication campaigns. Our Cybersecurity Incident Response Plan (“Response Plan”) provides a framework for responding to cybersecurity incidents. The Response Plan governs activities such as preparation, detection, coordination, eradication, recovery, and appropriate escalations to the Company’s senior management, disclosure committee, Board, and relevant Board committees. The Response Plan is routinely tested, reviewed and updated as appropriate under the leadership of our Chief Information Officer and Chief Technology Officer (“CIO/CTO”) with the assistance of the Company’s Chief Information Security Officer (“CISO”).
Although we believe that we maintain reasonable cybersecurity measures, we recognize that cyber threats continue to evolve, and no system is immune to risk.
Governance
Cybersecurity is among the risks identified by our ERA for Board-level oversight. The Audit Committee of the Board has oversight of information technology controls related to financial reporting, while the Compliance Committee of the Board has oversight of technology-related risk, including privacy and cybersecurity . The Audit Committee and Compliance Committee meet jointly at least annually to review cybersecurity risks and programs, and they are updated as needed on cybersecurity threats, incidents, or new developments in our cybersecurity risk profile. The chairs of the Audit Committee and Compliance Committee provide updates to the Board after each committee meeting . The CIO/CTO and CISO provide regular updates to the Board, Audit Committee, or Compliance Committee about material risks from cybersecurity threats. The CIO/CTO or CISO also provide regular updates to the Board, Audit Committee or Compliance Committee about cybersecurity trends and regulatory updates, data governance and usage, technology infrastructure, our training and compliance efforts, and implications for our business strategy. In addition to the information provided in these meetings, members of our Board have access to continuing education, which includes topics relating to cybersecurity risks.
Recently Filed
Click on a ticker to see risk factors
| Ticker * | File Date |
|---|---|
| PBH | 7 hours ago |
| MCK | 20 hours ago |
| CELU | 20 hours ago |
| MINR | 23 hours ago |
| TBH | 1 day, 20 hours ago |
| NVEC | 1 day, 21 hours ago |
| SAR | 1 day, 21 hours ago |
| AIXN | 2 days, 4 hours ago |
| SUAC | 2 days, 17 hours ago |
| NCRA | 2 days, 20 hours ago |
| HIGR | 2 days, 21 hours ago |
| LVPA | 3 days, 2 hours ago |
| CVLT | 3 days, 22 hours ago |
| JOCM | 4 days, 7 hours ago |
| OAKU | 6 days, 18 hours ago |
| LGSP | 6 days, 18 hours ago |
| DGLY | 6 days, 20 hours ago |
| VNCE | 6 days, 21 hours ago |
| WBSR | 6 days, 21 hours ago |
| KIRK | 6 days, 21 hours ago |
| STRM | 1 week ago |
| MRKY | 1 week, 1 day ago |
| CSLR | 1 week, 1 day ago |
| CHMX | 1 week, 1 day ago |
| KORE | 1 week, 1 day ago |
| SCPX | 1 week, 1 day ago |
| FORL | 1 week, 1 day ago |
| KATX | 1 week, 1 day ago |
| ITOX | 1 week, 2 days ago |
| PWDY | 1 week, 2 days ago |
| VHAI | 1 week, 2 days ago |
| NAYA | 1 week, 2 days ago |
| GLST | 1 week, 2 days ago |
| GITS | 1 week, 2 days ago |
| FRST | 1 week, 2 days ago |
| ETWO | 1 week, 2 days ago |
| KIDZ | 1 week, 2 days ago |
| CRWE | 1 week, 2 days ago |
| KAYS | 1 week, 2 days ago |
| SRRE | 1 week, 3 days ago |
| STRG | 1 week, 3 days ago |
| JMTM | 1 week, 3 days ago |
| NTRB | 1 week, 3 days ago |
| EVLV | 1 week, 3 days ago |
| QIND | 1 week, 4 days ago |
| CASK | 1 week, 4 days ago |
| GDLG | 1 week, 6 days ago |
| TRMB | 1 week, 6 days ago |
| MIND | 1 week, 6 days ago |
| MVNC | 2 weeks ago |
