Risk Factors Dashboard

In the future, we may experience issues with our computing and communications infrastructure or data centers caused by the following factors:

If our network infrastructure or our clients’ ability to access our solution is interrupted, client and employee data from recent transactions may be permanently lost, and we could be exposed to significant claims by clients, particularly if the access interruption is associated with problems in the timely delivery of funds payable to employees or tax authorities. If our SaaS network infrastructure or our clients’ ability to access our solution is interrupted, client and employee data from recent transactions may be permanently lost, and we could be exposed to significant claims by clients, particularly if the access interruption is associated with problems in the timely delivery of funds payable to employees or tax authorities. Further, any adverse changes in service levels at our data centers resulting from damage to or failure of our data centers could result in disruptions in our services. Any significant instances of system downtime or performance problems at our data centers could negatively affect our reputation and ability to attract new clients, prevent us from gaining new or additional business from our current clients, or cause our current clients to terminate their use of our solution, any of which would adversely impact our revenues. In addition, if our network infrastructure and data centers fail to support increased capacity due to growth in our business, our clients may experience interruptions in the availability of our solution. Such interruptions may reduce our revenues, cause us to issue refunds to clients or adversely affect our retention of existing clients, any of which could have a negative impact on our business, operating results or financial condition.

If we are not able to develop enhancements and new applications, keep pace with technological developments or respond to future disruptive technologies, we might not remain competitive and our business could be adversely affected. If we are not able to develop enhancements and new applications, keep pace with technological developments or respond to future disruptive technologies, we might not remain competitive and our business could be adversely affected.

Our continued success will depend on our ability to adapt and innovate. Our continued success will depend on our ability to adapt and innovate. In order to attract new clients and increase revenues from existing clients, we need to enhance, add new features to and improve our existing applications and introduce new applications. The success of any enhancements or new features and applications depends on several factors, including timely completion and introduction and market acceptance. We may expend significant time and resources developing and pursuing sales of a particular enhancement or application that may not result in revenues in the anticipated time frame or at all, or may not result in revenue growth sufficient to offset increased expenses. Further, changing legal and regulatory requirements may delay the development or introduction of enhancements or new applications or render certain of our applications obsolete. If we are unable to successfully develop enhancements, new features or new applications to meet client needs, our business and operating results could be adversely affected.

In addition, because our applications are designed to operate on a variety of network, hardware and software platforms using internet tools and protocols, we must continuously modify and enhance our applications to keep pace with changes in internet-related hardware, software, communication, browser and database technologies. In addition, because our applications are designed to operate on a variety of network, hardware and software platforms using internet tools and protocols, we must continuously modify and enhance our applications to keep pace with changes in internet-related hardware, software, communication, browser and database technologies. If we are unable to respond in a timely and cost-effective manner to these rapid technological developments, our current and future applications may become less marketable and less competitive or even obsolete.

Our success is also subject to the risk of future disruptive technologies, such as AI and machine learning. Our success is also subject to the risk of future disruptive technologies, such as AI and machine learning. The failure to develop enhancements to our applications for, or that incorporate, technologies such as natural language processing, AI, and machine learning may impact our ability to increase the efficiency of and reduce costs associated with our clients’ operations. The failure to develop enhancements to our applications for, or that incorporate, technologies such as natural language processing, AI, machine learning, and blockchain may impact our ability to increase the efficiency of and reduce costs associated with our clients’ operations. If new technologies emerge that are able to deliver HCM solutions at lower prices, more efficiently or more conveniently, such technologies could adversely impact our ability to compete. If new technologies emerge that are able to deliver HCM solutions at lower prices, more efficiently or more conveniently, including but not limited to those that incorporate AI or machine learning or are created using AI or machine learning, such technologies could adversely impact our ability to compete. We have made significant investments in developing, testing, deploying and supporting AI-powered tools in our solution. Continuing to develop, test, deploy and support resource-intensive AI-powered tools will require additional investment and may increase our costs. To the extent that we do not effectively address server capacity constraints or otherwise upgrade our systems and data centers to accommodate actual and anticipated changes in technology and our client base, we may experience service interruptions and performance issues, which could result in negative publicity, harm to our reputation and decreased demand for our solution, require us to pay significant penalties or fines or subject us to litigation, claims or other disputes, any of which could have an adverse effect on our business, results of operations and financial condition. Although prior cybersecurity incidents have not had a material adverse effect on our business strategy, results of operations, or financial condition to date, any actual or perceived breach of our security could damage our reputation, cause existing clients to discontinue the use of our solution, prevent us from attracting new clients, or subject us to third-party lawsuits, regulatory investigations and fines or other actions or liabilities, any of which could materially adversely affect our business strategy, results of operations, or financial condition.

The market in which we participate is highly competitive, and if we do not compete effectively, our business, operating results or financial condition could be adversely affected. The market in which we participate is highly competitive, and if we do not compete effectively, our business, operating results or financial condition could be adversely affected.

The market for HCM software is highly competitive, rapidly evolving and fragmented. The market for HCM software is highly competitive, rapidly evolving and fragmented. If we are unable to compete effectively, our business, operating results or financial condition could be adversely affected. We expect competition to

continue to remain intense as new technologies and new market entrants emerge and aggressive pricing and client retention strategies persist. Competition in the HCM solutions market is primarily based on service responsiveness, application quality and reputation, breadth of service and product offering, and price. Certain competitors have access to larger clients and major distribution agreements with consultants, software vendors and distributors and a more established global presence than we do. Certain of our competitors have in the past or may in the future:

Our competitors offer HCM solutions that may overlap with one, several or all categories of the applications we offer. Our competitors offer HCM solutions that may overlap with one, several or all categories of the applications we offer. We compete with companies such as Automatic Data Processing, Inc., Dayforce, Inc., Intuit, Inc., Oracle Corporation, Paychex, Inc., Paylocity Holding Corporation, SAP SE, ServiceNow, Inc., Paylocity Holding Corporation, Paycor HCM, Inc. , Ultimate Kronos Group, Workday, Inc., and other international, national, regional, and local providers. Our competitors provide HCM solutions by various means. Although certain providers continue to deliver legacy enterprise software, most now offer cloud-based solutions, resulting in increased competition for clients seeking the greater flexibility and access to information provided by cloud-based offerings. Furthermore, the HCM industry has experienced an emergence of white label and embedded payroll offerings. The proliferation of white label offerings and products and technologies utilizing embedded payroll systems may adversely affect our competitive position.

In addition, some of our principal competitors offer their products or services at a lower price, which has resulted in pricing pressures. In addition, some of our principal competitors offer their products or services at a lower price, which has resulted in pricing pressures. If we are unable to maintain our pricing levels, our operating results would be negatively impacted. If we are unable to maintain our pricing levels and our billing terms, our operating results would be negatively impacted. In addition, pricing pressures and increased competition generally could hinder our ability to attract and retain clients and could result in reduced sales, reduced margins, losses or the failure of our solution to maintain widespread market acceptance, any of which could adversely affect our business, operating results or financial condition.

Our business depends on our clients’ continued use of our applications, their purchases of additional applications from us and our ability to add new clients. Our business depends on our clients’ continued use of our applications, their purchases of additional applications from us and our ability to add new clients. Any decline in our clients’ continued use of our applications or purchases of additional applications could adversely affect our business, operating results or financial condition.

In order for us to maintain or improve our operating results, it is important that our current clients continue to use our applications and purchase additional applications from us, and that we add new clients. In order for us to maintain or improve our operating results, it is important that our current clients continue to use our applications and purchase additional applications from us, and that we add new clients. Our annual revenue retention rate fluctuates as a result of a number of factors, including but not limited to the level of client satisfaction with our applications, pricing, the prices of competing products or services, mergers and acquisitions affecting our client base, reduced hiring by our clients or reductions in our clients’ spending levels. Many of our clients have the right to cancel their agreements with us for any or no reason by providing 30 days’ prior written notice. Moreover, from time to time, clients choose not to continue to use our applications at the same or higher level of service, if at all. Because we charge our clients on a per employee basis for certain services we provide, the performance of certain of our offerings is sensitive to changes in the labor market. Any increase or decrease in the number of employees of our clients will have a positive or negative impact, respectively, on our results of operations. As technology continues to evolve, more tasks historically performed by people have been and may continue to be replaced by automation, robotics, AI and other technological advances outside of our control, which may reduce our clients’ need for existing or future employees who are or would be potential users of our solution. If our clients reduce headcount, do not continue to use our applications, renew on less favorable terms or fail to purchase additional applications, or if we fail to add new clients, our annual revenue retention rate may decline and our business, operating results or financial condition could be adversely affected. If our clients do not continue to use our applications, renew on less favorable terms or fail to purchase additional applications, or if we fail to add new clients, our annual revenue retention rate may decline and our business, operating results or financial condition could be adversely affected.

Our business, operating results or financial condition could be adversely affected if our solution fails to perform properly or our clients are not satisfied with our services.

Our solution is inherently complex and may in the future contain, or develop, undetected defects or errors. 21 Further, our solution is inherently complex and may in the future contain, or develop, undetected defects or errors. Any defects in our applications could adversely affect our reputation, impair our ability to sell our applications in the future and result in significant costs to us. The costs incurred to correct any application defects may be substantial and could adversely affect our business, operating results or financial condition. The costs incurred in correcting any application defects may be substantial and could adversely affect our business, operating results or financial condition. Any defects in functionality or defects that cause interruptions in the availability of our applications could result in:

Because of the large amount of data that we collect and manage, it is possible that hardware failures or errors in our applications could result in data loss or corruption or cause the information that we collect to be incomplete or contain inaccuracies that our clients regard as significant. From time to time, our clients assert claims against us alleging that they suffered damages due to a defect, error, or other failure of our solution. Our clients might assert claims against us in the future alleging that they suffered damages due to a defect, error, or other failure of our solution. We also face potential liability from our clients, and possibly third parties, in the event we fail to report information, particularly wage and earnings information, criminal records or other potentially negative information, or wrongly report such information. We also face potential liability from our clients, and possibly third parties, in the event we fail to report information, particularly criminal records or other potentially negative information, or wrongly report such information. From time to time, we have been subject to claims and lawsuits by current and potential employees of our clients, alleging that we provided to our clients inaccurate or improper information that negatively affected the clients. Although the resolutions of these lawsuits have not had a material adverse effect on us to date, the costs of such claims, including settlement amounts or punitive damages, could be material in the future, could cause adverse publicity and reputational damage, could divert the attention of our management, could subject us to equitable remedies relating to the operation of our business and provision of services and result in significant legal expenses, all of which could have a material adverse effect on our business, financial condition and results of operations and adverse publicity, and could result in the loss of existing clients and make it difficult to attract new clients. Our errors and omissions insurance may be inadequate or may not be available in the future on acceptable terms, or at all. In addition, our policy may not cover all claims made against us, and defending a suit, regardless of its merit, could be costly and divert management’s attention. Any failures in the performance of our solution could harm our reputation and our ability to retain existing clients and attract new clients, which would have an adverse impact on our business, operating results or financial condition.

Furthermore, our business depends on our ability to satisfy our clients, both with respect to our applications and the technical support provided to help our clients use the applications that address the needs of their businesses. We use our in-house deployment personnel to implement and configure our solution and provide support to our clients. If a client is not satisfied with the quality of our solution, the applications delivered or the support provided, we could incur additional costs to address the situation, our profitability might be negatively affected, and the client’s dissatisfaction with our deployment or support service could harm our ability to sell additional applications to that client. In addition, our sales process is highly dependent on the reputation of our solution and applications and on positive recommendations from our existing clients. Any failure to maintain high-quality technical support, or a market perception that we do not maintain high-quality technical support, could adversely affect client retention, our reputation, our ability to sell our applications to existing and prospective clients, and, as a result, our business, operating results or financial condition.

We face challenges related to attracting and retaining larger clients, including demand for customized features, longer sales cycles and less predictability in completing sales. We face challenges related to attracting and retaining larger clients, including demand for customized features, longer sales cycles and less predictability in completing sales.

In some cases, prospective clients, especially larger companies, expect customized features and functions unique to their business processes, or are seeking to integrate our solutions with other products. In some cases, prospective clients, especially larger companies, expect customized features and functions unique to their business processes, or are seeking to integrate our solutions with other products. If we do not meet the demands of such prospective clients, the market for our solution will be more limited and our business could be adversely affected. Furthermore, pursing larger clients may result in a longer sales cycle and, in some cases, we may devote a significant amount of support and service resources to attract and acquire larger prospective clients with no guarantee that these prospective clients will adopt our solution.

We are dependent on the leadership of our key executives and, if we fail to retain such key executives, our business could be adversely affected. We are dependent on the continued service of our key executives and, if we fail to retain such key executives, our business could be adversely affected.

We believe the success of our business and execution of our strategy depend, in part, on the leadership of Chad Richison, our founder, Chief Executive Officer and Chairman of the Board of Directors, and that of our other key executive officers and

employees. The loss of their leadership, expertise and experience could adversely impact our operations. Effective succession planning is also important to our long-term success. Changes in our management team may be disruptive to our business, and any failure to ensure effective transfer of knowledge or successfully integrate key new hires or promoted employees could adversely affect our business and results of operations. The loss of the services of any of our executive officers or other key employees, or our inability to attract highly qualified senior management and other key personnel, could harm our business. In addition, legal and regulatory developments may affect our ability to enforce post-termination obligations of certain employees with respect to non-competition, non-solicitation and protection of confidential information. Our business could be adversely affected if a key executive leaves Paycom and interferes with our client, employee and/or other business relationships. We do not maintain key man life insurance on any of our executive officers.

If we are unable to attract and retain qualified personnel, including software developers, product managers and skilled IT, sales, marketing and operational personnel, our ability to develop and market new and existing products and, in turn, increase our revenue and profitability could be adversely affected. If we are unable to attract and retain qualified personnel, including software developers, product managers and skilled IT, sales, marketing and operational personnel, our ability to develop and market new and existing products and, in turn, increase our revenue and profitability could be adversely affected.

Our future success is dependent on our ability to continue to enhance and introduce new applications. Our future success is dependent on our ability to continue to enhance and introduce new applications. As a result, we are heavily dependent on our ability to attract and retain qualified software developers, product managers and IT personnel with the requisite education, background and industry experience. In addition, to continue to execute our growth strategy, we must also attract and retain qualified sales, marketing and operational personnel capable of supporting a larger and more diverse client base. The technology industry is characterized by a high level of employee mobility and aggressive recruiting among competitors, and competition is particularly intense for qualified software developers, product managers and IT personnel. In addition, the nature of the office environment is changing as employers continue to offer various remote or hybrid work arrangements, which can be an important factor in a candidate’s decision on employment. We maintain an office-centric operational model. Certain companies with which we compete for talent offer work arrangements more flexible than ours, which may impact our ability to attract and retain qualified personnel if potential or current employees prefer such policies.

The competition for qualified personnel has been amplified by new immigration laws and policies that limit software companies’ ability to recruit internationally. The competition for qualified personnel also may be amplified by new immigration laws or policies that could limit software companies’ ability to recruit internationally. Although such changes in immigration laws and policies have not had a significant direct impact on our workforce to date, the ensuing increase in demand for software developers and IT personnel could impair our ability to attract or retain skilled employees and/or significantly increase our costs to do so. Although we would not expect such changes in immigration laws or policies to have a significant direct impact on our workforce, the ensuing increase in demand for software developers and IT personnel could impair our ability to attract or retain skilled employees and/or significantly increase our costs to do so. Furthermore, identifying and recruiting qualified personnel and training them in the use of our applications requires significant time, expense and attention, and it can take a substantial amount of time before our employees are fully trained and productive. The unplanned loss of the services of a significant number of skilled employees could be disruptive to our development efforts, which may adversely affect our business by causing us to lose clients, increase operating expenses or divert management’s attention to recruit replacements for the departed employees. The loss of the services of a significant number of employees could be disruptive to our development efforts, which may adversely affect our business by causing us to lose clients, increase operating expenses or divert management’s attention to recruit replacements for the departed employees.

Our business and operations have experienced significant growth and organizational change. Our business and operations are experiencing rapid growth and organizational change. If we fail to manage such growth and change effectively, we may be unable to execute our business plan, maintain high levels of service or adequately address competitive challenges.

We have experienced, and may continue to experience, significant growth in our operations, which has placed, and may continue to place, significant demands on our management, operational and financial resources. We have experienced, and may continue to experience, rapid growth in our headcount and operations, which has placed, and may continue to place, significant demands on our management, operational and financial resources. We have also experienced significant growth in the number of clients and transactions and the amount of client and employee data that our infrastructure supports. As a result, our organizational structure and recording systems and procedures are becoming more complex as we improve our operational, financial and management controls. Our success depends, in part, on our ability to manage this growth and organizational change effectively. Moreover, our international expansion efforts are exacerbating many of these challenges. To manage the effects of our growth, we must continue to improve our operational, financial and management controls and our reporting systems and procedures. To manage the expected growth of our headcount and operations, we must continue to improve our operational, financial and management controls and our reporting systems and procedures. The failure to effectively manage growth could result in (i) declines in the quality of, or client satisfaction with, our applications or service delivery, (ii) increases in costs, (iii) difficulties or delays in introducing new applications or (iv) other operational difficulties, any of which could adversely affect our business by impairing our ability to retain and attract clients or sell additional applications to our existing clients. In addition, our ability to expand our sales force may be constrained by the willingness and availability of qualified personnel to staff and manage new offices and our success in recruiting and training sales personnel. Our ability to expand our sales force may be constrained by the willingness and availability of qualified personnel to staff and manage new offices and our success in recruiting and training sales personnel. If our expansion efforts are unsuccessful, our business, operating results or financial condition could be adversely affected.

The failure to develop and maintain our brand cost-effectively could have an adverse effect on our business. The failure to develop and maintain our brand cost-effectively could have an adverse effect on our business.

We believe that developing and maintaining widespread awareness of our brand in a cost-effective manner is critical to achieving widespread acceptance of our solution and is an important element in attracting new clients and retaining existing clients. We believe that developing and maintaining widespread awareness of our brand in a cost-effective manner is critical to achieving widespread acceptance of our solution and is an important element in attracting new clients and retaining existing clients. Successful promotion of our brand depends largely on the effectiveness of our marketing efforts and on our ability to provide reliable and useful applications at competitive prices. Brand promotion activities, including increased spending on our national media campaigns, may not yield increased revenues, and even if they do, any increased revenues may not offset the expenses incurred in building our brand. If we fail to successfully promote and maintain our brand, or incur substantial expenses in an unsuccessful attempt to promote and maintain our brand, we may fail to attract enough new clients or retain our existing

clients to the extent necessary to realize a sufficient return on our brand-building efforts, which could have an adverse effect on our business.

As we continue to enhance our solution to serve clients located outside of the United States, our business is subject to risks associated with international operations. As we continue to enhance our solution to serve clients located outside of the United States, our business is subject to risks associated with international operations.

An element of our growth strategy is to expand our operations and client base, including in markets outside of the United States. Launching into international markets and doing business internationally involves a number of risks, including but not limited to:

Our expansion into international markets requires significant resources and management attention and subjects us to regulatory, economic and political risks that differ from those in the United States. Our expansion into international markets requires significant resources and management attention and subjects us to regulatory, economic and political risks that differ from those in the United States. Because of our inexperience with international operations, we cannot ensure that our expansion into international markets will be successful, and the impact of such expansion may adversely affect our business, operating results or financial condition. Because of our inexperience with international operations, we 23 cannot ensure that our expansion into international markets will be successful, and the impact of such expansion may adversely affect our business, operating results or financial condition.

Our business depends in part on the success of our relationships with third parties. Our business depends in part on the success of our relationships with third parties.

We rely on third-party couriers to deliver payroll checks and tax forms and on financial and accounting processing systems and various financial institutions to perform financial services in connection with our applications, such as providing automated clearing house (“ACH”) and wire transfers as part of our payroll and payroll tax payment services and facilitating our Vault Visa® Payroll Card. We also rely on third parties to provide technology and content support, manufacture time clocks and process background checks. We anticipate that we will continue to depend on various third-party relationships in order to provide these and other services. Identifying, negotiating and documenting relationships with these third parties and integrating third-party content and technology requires significant time and resources. Our agreements with third parties typically are non-exclusive and do not prohibit them from working with our competitors. In addition, these third parties may not perform as expected under our agreements, which could hinder our ability to deliver certain services to our clients and negatively affect our brand and reputation. A global economic slowdown could also adversely affect the businesses of our third-party providers, hindering their ability to provide the services on which we rely. If we are unsuccessful in establishing or maintaining our relationships with these third parties, or the services provided by third parties fail to meet our clients’ or client employees’ expectations, our ability to compete in the marketplace or to grow our revenues could be impaired and our business, operating results or financial condition could be adversely affected. If we are unsuccessful in establishing or maintaining our relationships with these third parties, our ability to compete in the marketplace or to grow our revenues could be impaired and our business, operating results or financial condition could be adversely affected. Furthermore, due to our dependence on financial institutions for certain services, a systemic shutdown of the banking industry or a disruption of the Federal Reserve Bank’s services, including ACH processing, would impede our ability to provide our payroll and expense reimbursement services by delaying direct deposits and other financial transactions across the United States and could have an adverse impact on our financial results and liquidity.

We employ third-party licensed software for use in our applications and the inability to maintain these licenses or errors in the software we license could result in increased costs or reduced service levels, which could adversely affect our business. We employ third-party licensed software for use in our applications and the inability to maintain these licenses or errors in the software we license could result in increased costs or reduced service levels, which could adversely affect our business.

Our applications incorporate certain third-party software obtained under licenses from other companies. Our applications incorporate certain third-party software obtained under licenses from other companies. For example, we rely on third-party software to support our background checks application. We anticipate that we will continue to rely on third-party software and development tools from third parties in the future. If the third-party software we currently license becomes unavailable, we may be unable to identify commercially reasonable alternatives without significant cost or difficulty, or

available alternatives may not meet our internal cybersecurity requirements. In addition, incorporating the software used in our applications with new third-party software may require significant work and substantial investment of our time and resources. Also, to the extent that our applications depend upon the successful operation of third-party software in conjunction with our software, any undetected errors or defects in this third-party software could prevent the deployment or impair the functionality of our applications, delay new application introductions, or result in a failure of our applications and harm our reputation.

We have licensed and deployed a third-party large language model (“LLM”) on our own internal network and AI-powered tools. This LLM processes a large amount of employee and customer data, including potentially sensitive information. Unauthorized access to or a breach of this LLM software could lead to significant legal and financial repercussions for us. Also, failure to comply with continually evolving privacy, cybersecurity, and AI regulations during our use of this LLM could lead to substantial fines and damage to our reputation. Rapid advancements in technology could quickly render our existing LLM-powered tools obsolete, requiring the licensing and training of a replacement LLM at significant cost to us. The third-party LLM we license was trained on large datasets that may contain biases, and these biases can be reflected in the output of our LLM, leading to potential harm to our employees and/or customers. The third-party LLM may also produce incorrect or inaccurate outcomes, also known as “hallucinations”. The ongoing accuracy of the output of our LLM is critical for its effectiveness, and inaccurate or unreliable outputs could lead to customer dissatisfaction and potential legal liabilities. It is also possible that, notwithstanding the forum selection clause included in our certificate of incorporation, a court could rule that such a provision is inapplicable or unenforceable.

The use of open-source software in our applications may expose us to additional risks and harm our intellectual property rights. The use of open source software in our applications may expose us to additional risks and harm our intellectual property rights.

Some of our applications use software and models covered by open-source licenses. Some of our applications use software covered by open source licenses. Usage of open-source software can lead to greater risks than use of third-party commercial software, as open-source licensors generally do not provide warranties, maintenance and support, other contractual protections or controls on the origin of the software. Furthermore, the license terms for certain open-source software or AI models may change, requiring us to pay for a commercial license or re-engineer all or a portion of certain applications or tools, resulting in significant additional costs for us. Open-source software may also present a heightened risk of security vulnerabilities, including due to the intentional acts of malicious actors who inject such vulnerabilities into the code, or to older versions of the software not remaining current with applicable updates and patches to address vulnerabilities or other bugs. Our potential exposure to lawsuits or government investigations may increase depending in part on our clients’ compliance with these laws and regulations and applicable employment laws in their procurement and use of our background checks as part of their hiring process, which is generally outside of our control. From time to time, there have been claims challenging the ownership or use of certain types of open-source software against companies that incorporate such software into their products or applications. From time to time, there have been claims challenging the ownership or use of certain types of open source software against companies that incorporate such software into their products or applications. As a result, we could be subject to suits by parties claiming ownership of what we believe to be open-source software. Similarly, open-source AI models may be trained on data of unknown or uncertain provenance, which could include copyrighted or otherwise proprietary, confidential, or private information. If our applications incorporate such models, we could face claims for copyright infringement and other violations. Litigation could be costly for us to defend, have a negative effect on our operating results and financial condition or require us to devote additional development resources to change our applications. In addition, if we were to combine our applications with open-source software in a certain manner, we could, under certain types of open-source licenses, be required to release the source code of our applications. In addition, if we were to combine our applications with open source software in a certain manner, we could, under certain types of open source licenses, be required to release the source code of our applications. If we inappropriately use open-source software, we may be required to redesign our applications or software, discontinue the sale of our applications or software or take other remedial actions, which could adversely impact our business, operating results or financial condition. If we inappropriately use open source software, we may be required to redesign our applications, discontinue the sale of our applications or take other remedial actions, which could adversely impact our business, operating results or financial condition.

Our increasing focus on, and investments in, automation expose us to a number of risks.

A key part of our strategy is our focus on automation. We currently utilize automation and machine learning in certain of our products and services to deliver a better experience for our clients and their employees or customers, and we expect to automate more functions within our solution in the future. We also leverage AI internally to make certain business processes more efficient. While we believe the use of these emerging technologies can present significant benefits, it also creates risks and challenges.

The development and implementation of such advanced technologies is complex. We have invested, and intend to continue to invest, significant time and resources in our automation initiatives, some or all of which may not result in new products or enhancements to our solution or services or, even if deployed, may not materially improve client or client employee experience. Furthermore, existing and prospective clients may be hesitant to adopt products that rely on automation, particularly those that utilize AI. Data sourcing, technology, integration and process issues, programmed bias in decision-making algorithms, concerns over intellectual property, concerns over incorrect or inaccurate outputs, security concerns, and the protection of privacy could impair the adoption and acceptance of our automated solutions. There also may be real or perceived social harm, unfairness, or other outcomes that undermine public confidence in the use and deployment of AI. If our investments in automation initiatives do not result in marketable products or services, or the resulting solutions do not gain market acceptance or we otherwise do not fully realize the intended benefits of these significant investments, our operating results and financial condition may suffer.

In addition, we may incur additional compliance costs to the extent our automation initiatives utilize tools and technologies that are the subject of increasing regulatory and legal scrutiny, such as our AI-powered tools. These laws and regulations are developing and vary from one jurisdiction to another. Future legislative and regulatory action, court decisions or other governmental action may adversely impact our ability to pursue our automation strategy and, in turn, may adversely impact our operations and financial results.

If we fail to adequately protect our proprietary rights, our competitive advantage could be impaired and we may lose valuable assets, generate reduced revenues or incur costly litigation to protect our rights.

Our success is dependent in part upon our intellectual property. Our success is dependent in part upon our intellectual property. We rely on a combination of copyrights, trademarks, service marks, trade secret laws and contractual restrictions to establish and to protect our intellectual property rights in the United States and in foreign jurisdictions. However, the steps we take to protect our intellectual property may be inadequate. We will not be able to protect our intellectual property if we are unable to enforce our rights or if we do not detect unauthorized use of our intellectual property. Despite our precautions, it may be possible for unauthorized third parties to copy our applications and use information that we regard as proprietary to create products or services that compete with ours.

We may be required to spend significant resources to monitor and protect our intellectual property. We may be required to spend significant resources to monitor and protect our intellectual property. We have been involved in litigation in the past and litigation may be necessary in the future to protect and enforce our intellectual property rights and to protect our trade secrets. Such litigation could be costly, time-consuming and distracting to management and could result in the impairment or loss of portions of our intellectual property. Furthermore, our efforts to enforce our intellectual property rights may be met with defenses, counterclaims and countersuits attacking the validity and enforceability of our intellectual property rights. We may not be able to secure, protect and enforce our intellectual property rights or control access to, and the distribution of, our solution and proprietary information, which could adversely affect our business.

We may be sued by third parties for alleged infringement of their proprietary rights. We may be sued by third parties for alleged infringement of their proprietary rights.

Considerable intellectual property development activity exists in our industry, and we expect that companies will increasingly be subject to infringement claims as the number of applications and competitors grows and the functionality of applications in different industry segments overlaps. Considerable intellectual property development activity exists in our industry, and we expect that companies will increasingly be subject to infringement claims as the number of applications and competitors grows and the functionality of applications in different industry segments overlaps. Our competitors, as well as a number of other entities and individuals, may own or claim to own intellectual property in technology areas relating to our solution or applications. In addition, we may increasingly be subject to trademark infringement claims as our presence grows in the marketplace. From time to time, third parties have asserted and may in the future assert that we are infringing on their intellectual property rights, and we may be found to be infringing upon such rights. A claim of infringement may also be made relating to technology that we acquire or license from third parties. However, we may be unaware of the intellectual property rights of others that may cover, or may be alleged to cover, some or all of our solution, applications or brands. However, we may be 24 unaware of the intellectual property rights of others that may cover, or may be alleged to cover, some or all of our solution, applications or brands.

The outcome of litigation is inherently unpredictable and, as a result, any future litigation or claim of infringement could (i) cause us to enter into an unfavorable royalty or license agreement, pay ongoing royalties or require that we comply with other unfavorable terms, (ii) require us to discontinue the sale of our solution or applications, (iii) require us to indemnify our clients or third-party service providers or (iv) require us to expend additional development resources to redesign our solution or applications. The outcome of litigation is inherently unpredictable and, as a result, any future litigation or claim of infringement could (i) cause us to enter into an unfavorable royalty or license agreement, pay ongoing royalties or require that we comply with other unfavorable terms, (ii) require us to discontinue the sale of our solution or applications, (iii) require us to indemnify our clients or third-party service providers or (iv) require us to expend additional development resources to redesign our solution or applications. Any of these outcomes could harm our business. Even if we were to prevail, any litigation regarding our intellectual property could be costly and time consuming and divert the attention of our management and key personnel from our business and operations.

We may acquire other businesses, applications or technologies, which could divert our management’s attention, result in additional dilution to our stockholders and otherwise disrupt our operations and harm our operating results. We may acquire other businesses, applications or technologies, which could divert our management’s attention, result in additional dilution to our stockholders and otherwise disrupt our operations and harm our operating results.

In the future, we may seek to acquire or invest in businesses, applications or technologies that we believe complement or expand our applications, enhance our technical capabilities or otherwise offer growth opportunities. In the future, we may seek to acquire or invest in businesses, applications or technologies that we believe complement or expand our applications, enhance our technical capabilities or otherwise offer growth opportunities. The pursuit of potential acquisitions may divert the attention of management and cause us to incur expenses in identifying, investigating and pursuing suitable acquisitions, whether or not they are ultimately consummated.

We do not have any experience in acquiring other businesses. We do not have any experience in acquiring other businesses. If we acquire additional businesses, we may not be able to integrate the acquired personnel, operations and technologies successfully or to effectively manage the combined business following the acquisition. We also may not achieve the anticipated benefits from the acquired business due to a number of factors, including:

In addition, a significant portion of the purchase price of any companies we acquire may be allocated to acquired goodwill and other intangible assets, which must be assessed for impairment at least annually. In addition, a significant portion of the purchase price of any companies we acquire may be allocated to acquired goodwill and other intangible assets, which must be assessed for impairment at least annually. In the future, if our acquisitions do not yield expected returns, we may be required to take charges to our operating results based on this impairment assessment process, which could harm our results of operations. Acquisitions could also result in the incurrence of debt or issuances of equity securities, which would result in dilution to our stockholders.

Legal and Regulatory Risks

Changes in laws, government regulations and policies could have a material adverse effect on our business and results of operations.

Many of our applications are designed to assist our clients in complying with government regulations that continually change. Many of our applications are designed to assist our clients in complying with government regulations that continually change. The introduction of new regulatory requirements, or new interpretations of existing laws or regulations, could increase our cost of doing business, decrease our revenues and net income or require us to make changes to our applications. Moreover, changing regulatory requirements may make the introduction of new applications and enhancements more costly or more time-consuming than we currently anticipate or could prevent the introduction of new applications and enhancements by us altogether.

For example, a change in tax laws and regulations resulting in a decrease in the amount of taxes required to be withheld or accelerating the deadline to remit taxes to appropriate tax agencies would adversely impact our average balance of funds held for clients and, as a result, adversely impact the interest income we earn on such funds during the period between receipt and disbursement. Changes in laws, regulations or policies could also affect the extent and type of benefits employers are required, or may choose, to provide employees or the amount and type of taxes employers and employees are required to pay. Such changes could reduce or eliminate the need for certain of our existing applications or services, which would result in decreased revenues.

Further, we may spend time and money developing new applications and enhancements that, due to regulatory changes, become unnecessary prior to being released. In addition, any failure to educate and assist our clients with respect to new or revised legislation that impacts them could have an adverse effect on our reputation, and any failure to modify our applications or develop new applications in a timely fashion in response to regulatory changes could have an adverse effect on our business and results of operations. Additionally, new regulations or changes to existing regulations could be unclear, difficult to interpret or conflict with other applicable regulations. Our or our clients’ failure to comply with new or modified laws or regulations could result in financial penalties, legal proceedings or reputational harm. Finally, a negative audit or other investigations by the U.S. Government could adversely affect our ability to receive U.S. Government contracts and could result in financial or reputational harm.

In addition, federal, state and foreign government bodies or agencies have in the past adopted, and may in the future adopt, laws or regulations affecting the use of the internet as a commercial medium. In addition, federal, state and foreign government bodies or agencies have in the past adopted, and may in the future adopt, laws or regulations affecting the use of the internet as a commercial medium. Changes in these laws or regulations could require us to modify our applications. Further, government agencies or private organizations may impose taxes, fees or other charges for accessing the internet or commerce conducted via the internet. These laws or charges could limit the growth of internet-related commerce or communications generally or could result in reductions in the demand for internet-based applications such as ours.

Failure to comply with privacy, data protection and cybersecurity laws and regulations could have a materially adverse effect on our reputation, results of operations or financial condition, or have other adverse consequences. Failure to comply with privacy, data protection and cybersecurity laws and regulations could have a materially adverse effect on our reputation, results of operations or financial condition, or have other adverse consequences.

Our applications and services are subject to various complex laws and regulations on the federal, state, local, and foreign levels, including those governing data security, privacy, and AI which have become significant compliance issues globally. Our applications and services are subject to various complex laws and regulations on the federal, state, local, and foreign levels, including those governing data security and privacy, which have become significant issues globally. The regulatory framework for privacy of personal data is rapidly evolving and is likely to remain uncertain for the foreseeable future. The regulatory framework for privacy issues is rapidly evolving and is likely to remain uncertain for the foreseeable future. Many federal, state and foreign government bodies and agencies have adopted or are considering adopting laws and regulations regarding the collection, use and disclosure of personal information. In the United States, these include numerous state-level consumer privacy laws, such as California’s CCPA, Texas’ Data Privacy and Security Act, Illinois’ IBIPA, rules and regulations promulgated under the authority of the Federal Trade Commission, the Health Insurance Portability and Accountability Act of 1996, the Family Medical Leave Act of 1993, the ACA, the Financial Services Modernization Act of 1999 (the “GLBA”), the Fair Credit Reporting Act (“FCRA”), federal and state labor and employment laws, state data breach notification laws, and state cybersecurity laws such as the New York Stop Hacks and Improve Electronic Data Security (SHIELD) Act. In the United States, these include numerous state-level consumer privacy laws, beginning with California’s CCPA, the IBIPA, rules and regulations promulgated under the authority of the Federal Trade Commission, the Health Insurance Portability and Accountability Act of 1996, the Family Medical Leave Act of 1993, the ACA, the Financial Services Modernization Act of 1999 (the “GLBA”), federal and state labor and employment laws, state data breach notification laws, and state cybersecurity laws, such as the New York Stop Hacks and Improve Electronic Data Security (SHIELD) Act. As we continue to expand our operations outside the United States, our applications and services are or will be subject to additional laws governing data security and privacy in relevant jurisdictions, such as Canada’s PIPEDA and Mexico’s Federal Law on the Protection of Personal Data held by Private Parties, as well as the EU GDPR and United Kingdom’s

General Data Protection Regulation, which are applicable in the European Economic Area and the United Kingdom, respectively.

Many of these newer state-level consumer privacy laws give consumers located in those states certain rights, including the right to be informed of, opt-out of, and request deletion of the personal information that we hold, similar to those rights provided by the EU GDPR. The CCPA and other state-level consumer privacy laws give consumers located in those states certain rights to be informed of, opt-out of, and request deletion of the personal information that we hold, similar to those rights provided by the European Union’s GDPR. Notably, the GLBA is enforced under the authority of the Federal Trade Commission and requires our payment card services to adhere to a privacy notice and take certain measures to protect related personal information from unauthorized use and threats to data security. The GLBA is enforced under the authority of the Federal Trade Commission and requires our payment card services to adhere to a privacy notice and take certain measures to protect related personal information from unauthorized use and threats to data security. The FCRA places certain requirements and duties on our business as a furnisher of information to certain consumer reporting agencies with which we share limited amounts of data. Because some of our clients are located in Mexico and other clients have establishments internationally, Canada’s PIPEDA, Mexico’s Federal Law on the Protection of Personal Data, and other foreign data privacy laws, such as the EU GDPR, may impact our processing of certain client and employee information. Failure to comply with data protection and privacy laws and regulations could result in regulatory scrutiny and increased exposure to the risk of litigation or the imposition of consent orders, injunctions against data processing or data exporting, or civil and criminal penalties, including fines, which could have an adverse effect on our results of operations or financial condition. Failure to comply with data protection and privacy laws and regulations could result in regulatory scrutiny and increased exposure to the risk of litigation or the imposition of consent orders or civil and criminal penalties, including fines, which could have an adverse effect on our results of operations or financial condition. Moreover, allegations of non-compliance with privacy laws, whether or not true, could be costly, time consuming, distracting to management, and cause reputational harm. Moreover, allegations of non-compliance, whether or not true, could be costly, time consuming, distracting to management, and cause reputational harm. The landscape of privacy laws applicable to our various products and services is evolving quickly. 26 The landscape of privacy laws applicable to our various products and services is evolving quickly. The CPRA, which expands upon the CCPA, went into effect in 2023. Numerous other states have now enacted their own consumer data privacy statutes, many of which are modeled on the CCPA, including states like Colorado, Connecticut, Delaware, Oregon, Montana, Nebraska, New Hampshire, New Jersey, Utah, Virginia, Iowa, and Tennessee. In addition, there are a number of other legislative proposals in jurisdictions across the world for comprehensive privacy laws affecting consumer and employee personal information, which could impose additional and potentially conflicting obligations in areas affecting our business. In addition, there are a number of other legislative proposals worldwide, including in the United States at both the federal and state level, that could impose additional and potentially conflicting obligations in areas affecting our business. Newly-passed legislative and regulatory initiatives may adversely affect the ability of our clients to process, handle, store, use and transmit demographic and personal information from their employees, which could reduce demand for our services.

On May 21, 2024, the European Union legislators approved the EU AI Act, which establishes a comprehensive, risk-based governance framework for AI in the EU market. The EU AI Act went into effect on August 2, 2024, and the majority of the substantive requirements will go into effect on August 2, 2026. The EU AI Act, and developing interpretation and application of the EU GDPR in respect of automated decision making, together with developing guidance and/or decisions in this area, may affect our use of AI technologies and our ability to provide, improve or commercialize our business, require additional compliance measures and changes to our operations and processes, result in increased compliance costs and potential increases in civil claims against us, and could adversely affect our business, operations and financial condition.

In addition to government regulation, privacy advocates and industry groups may propose and adopt new and different self-regulatory standards. In addition to government regulation, privacy advocates and industry groups may propose and adopt new and different self-regulatory standards. Because the interpretation and application of many privacy and data protection laws are still uncertain, it is possible that these laws may be interpreted and applied in a manner that is inconsistent with our existing data management practices or the features of our solution. Any failure to comply with government regulations that apply to our applications, including privacy and data protection laws, could subject us to liability. In addition to the possibility of fines, lawsuits and other claims, we could be required to fundamentally change our business activities and practices or modify our solution, which could have an adverse effect on our business, operating results or financial condition. Any inability to adequately address privacy concerns and claims, even if unfounded, or inability to comply with applicable privacy or data protection laws, regulations and policies, could result in additional cost and liability to us, damage to our reputation, reductions in our sales and other adverse effects on our business, operating results or financial condition.

Furthermore, privacy concerns may cause our clients’ employees to resist providing the personal data necessary to allow our clients and their employees to use our applications and services effectively. Furthermore, privacy concerns may cause our clients’ employees to resist providing the personal data necessary to allow our clients and their employees to use our applications and services effectively. Even the perception of privacy concerns, whether or not valid, may inhibit market adoption of our applications and services in certain industries.

Certain of our products and services use data-driven insights to help our clients manage their businesses more efficiently. Certain of our products and services use data-driven insights to help our clients manage their businesses more efficiently. Our business increasingly relies on AI and machine learning to model and create these insights. Use of these methods has recently come under increased regulatory scrutiny. New laws, guidance and court decisions in this area may limit our ability to use AI tools, or require us to make changes to our application or services that may decrease our operational efficiency, result in an increase to operating costs and hinder our ability to improve our services. Although we would not expect such changes in immigration laws or policies to have a significant direct impact on our workforce, the ensuing increase in demand for software developers and IT personnel could impair our ability to attract or retain skilled employees and/or significantly increase our costs to do so. For example, rules on the use of automated decision-making under enacted and proposed data protection laws may require us to disclose the existence of automated decision-making to the data subject with an explanation of the logic used in such decision-making, and may require us to implement certain safeguards, including the right to obtain human intervention and to contest any decision. Regulatory and legislative authorities in the United States and other countries have proposed similar types of legislation that imposes or would impose restrictions on the development of generative AI and machine learning. Regulatory and legislative authorities in the United States and the European Union have enacted or proposed legislation that imposes or would impose restrictions on the development of generative AI and machine learning. Our ability to provide data-driven insights using generative AI or machine learning may be constrained by current or future regulatory requirements, statutes or ethical considerations that could restrict or impose burdensome and costly requirements on our ability to leverage data in innovative ways. As we continue to pursue such new technologies, our failure to adequately address legal risks relating to the use of generative AI and machine learning in our applications could result in litigation or private action that could result in liability for the Company. As we continue to pursue such new technologies, our failure to adequately address legal risks relating to the use of generative AI and machine learning in our applications could result in litigation regarding, among other things, intellectual property, privacy, employment, civil rights and other claims that could result in liability for the Company. Any actual or alleged noncompliance with these new laws and regulations, or failure to meet client expectations

with respect to the use of generative AI and machine learning, could also result in negative publicity or harm to our reputation, subject us to investigations and expose us to significant fines, penalties and other damages.

The adoption of new, or adverse interpretations of existing U.S. state, U.S. federal, or foreign money transmitter, money services business, or payment services statutes or regulations could subject us to additional regulation and related expenses and require changes to our business.

The adoption of new money transmitter, money services business, or payment services statutes or regulations in jurisdictions, changes in regulators’ interpretation of existing U.S. state, U.S. federal, or foreign money transmitter, money services business, or payments services statutes or regulations, or disagreements by regulatory authorities with our interpretation of such statutes or regulations, have subjected us to registration or licensing and could limit business activities until we are appropriately licensed. These occurrences could also require changes to the manner in which we conduct certain aspects of our business or invest client funds, which could adversely impact the amount of interest income we receive from investing client funds before such funds are remitted to the appropriate taxing authorities and accounts designated by our clients.

As the Paycom National Trust Bank now manages U.S. client money movement activity, these transmissions are federally exempt from state money transmitter regulation, and we have surrendered all historically maintained state money transmitter licenses. Outside of the United States, we maintain certain “money services business” registrations and intend to apply for, where necessary, money services business, money transmitter, payment services provider, or similarly named applicable licenses.

Should other U.S. state, U.S. federal, or foreign regulators make a determination that we have operated as an unlicensed money services business, money transmitter, or payment services provider, we could be subject to civil and criminal fines, penalties, costs of registration, legal fees, reputational damage or other negative consequences, any of which may have an adverse effect on our business operating results or financial condition.

While we maintain we are not a money services business or money transmitter in the United States and other jurisdictions, our operations in certain jurisdictions in and outside of the U.S. are subject to AML laws and regulations, including, for example, the BSA. Among other things, the BSA requires certain financial institutions, including banks and money services businesses, to develop and implement risk-based AML programs, report large cash transactions and suspicious activity, and maintain transaction records. We have adopted an AML compliance program to mitigate the risk of our application being used for illegal or illicit activity and to help detect and prevent fraud. We have adopted an anti-money laundering compliance program to mitigate the risk of our application being used for illegal or illicit activity and to help detect and prevent fraud. Our AML compliance program is designed to foster trust in our application and services. However, there can be no assurance that our employees, consultants, or agents will not take actions in violation of our policies for which we may be ultimately responsible, or that our policies and procedures will be adequate or will be determined to be adequate by regulators. Any violation of applicable AML laws or regulations could limit certain of our business activities until they are satisfactorily remediated and could result in civil and criminal penalties, including fines, which could damage our reputation and have a materially adverse effect on our results of operations and financial condition.

Further, bank regulators continue to impose additional and stricter requirements on banks to ensure they are meeting their BSA obligations, and banks are increasingly viewing money services businesses and third-party senders to be higher risk customers for money laundering. Further, bank regulators continue to impose additional and stricter requirements on banks to ensure they are meeting their Bank Secrecy Act/USA PATRIOT Act obligations, and banks are increasingly viewing money services businesses and third-party senders to be higher risk customers for money laundering. Thus, our banking partners that assist in processing our money movement transactions may limit the scope of services they provide to us or may impose additional material requirements on us. These regulatory restrictions on banks and changes to banks’ internal risk-based policies and procedures may result in a decrease in the number of banks willing to do business with us, may require us to materially change the manner in which we conduct some aspects of our business, may decrease our revenues and earnings and could have a material adverse effect on our results of operations or financial condition.

Adverse tax laws or regulations could be enacted or existing laws could be applied to us or our clients, which could increase the costs of our solution and applications and could adversely affect our business, operating results or financial condition. Adverse tax laws or regulations could be enacted or existing laws could be applied to us or our clients, which could increase the costs of our solution and applications and could adversely affect our business, operating results or financial condition.

As a vendor of services, we are ordinarily held responsible by taxing authorities for collecting and paying any applicable sales or other similar taxes. As a vendor of services, we are ordinarily held responsible by taxing authorities for collecting and paying any applicable sales or other similar taxes. Additionally, the application of tax laws to services provided electronically like ours is evolving. Additionally, the application of federal, state and local tax laws to services provided electronically like ours is evolving. New income, sales, use or other tax laws, statutes, rules, regulations or ordinances could be enacted at any time (possibly with retroactive effect), and could be applied solely or disproportionately to services and applications provided over the internet. These enactments could adversely affect our sales activity, due to the inherent cost increase the taxes would represent, and ultimately could adversely affect our business, operating results or financial condition.

Each jurisdiction has different rules and regulations governing sales and use taxes, and these rules and regulations are subject to varying interpretations that change over time. Each state has different rules and regulations governing sales and use taxes, and these rules and regulations are subject to varying interpretations that change over time. We review these rules and regulations periodically and, when we believe we are subject to sales and use taxes in a particular jurisdiction, we may voluntarily engage the applicable tax authorities in order to determine how to comply with that jurisdiction’s rules and regulations. We review these rules and regulations periodically and, when we believe we are subject to sales and use taxes in a particular state, we may voluntarily engage state tax authorities in order to determine how to comply with that state’s rules and regulations. We cannot ensure that we will not be subject to sales and use taxes or related penalties for past sales in jurisdictions where we currently believe no such taxes are required. We cannot ensure that we will not be subject to sales and use taxes or related penalties for past sales in states where we currently believe no such taxes are required.

In addition, existing tax laws, statutes, rules, regulations or ordinances could be interpreted, changed, modified or applied adversely to us (possibly with retroactive effect), which could require us or our clients to pay additional tax amounts, as well as require us or our clients to pay fines or penalties and substantial interest for past amounts. If we are unsuccessful in collecting such taxes from our clients, we could be held liable for such costs, thereby adversely affecting our business, operating results or financial condition. Additionally, the imposition of such taxes on us would effectively increase the cost of our software and services we provide to clients and would likely have a negative impact on our ability to retain existing clients or to gain new clients in the jurisdictions in which such taxes are imposed.

Compliance with employment-related laws and regulations could increase our cost of doing business and violations of such laws and regulations could subject us to fines and lawsuits. Compliance with employment-related laws and regulations could increase our cost of doing business and violations of such laws and regulations could subject us to fines and lawsuits.

Our operations are subject to a variety of federal, state, local and international employment-related laws and regulations, including, but not limited to, the U.S. Fair Labor Standards Act, which governs such matters as minimum wages, the Family Medical Leave Act, overtime pay, compensable time, recordkeeping and other working conditions, Title VII of the Civil Rights Act, the Employee Retirement Income Security Act, the Americans with Disabilities Act, the National Labor Relations Act, regulations of the Equal Employment Opportunity Commission, regulations of the Office of Civil Rights, regulations of the Department of Labor, regulations of state attorneys general, federal and state wage and hour laws, and a variety of similar laws enacted by the federal and state governments that govern these and other employment-related matters. As our employees are located in a number of states and countries, compliance with evolving laws and regulations could substantially increase our cost of doing business. As our employees are located in a number of states and we are beginning to hire internationally, compliance with evolving laws and regulations could substantially increase our cost of doing business. In recent years, we have been subject to threatened and filed lawsuits, including class action lawsuits, alleging violations of federal and state law regarding workplace and employment matters, overtime wage policies, discrimination and similar matters. We may incur damages and expenses resulting from lawsuits of this type, which could have a material adverse effect on our business, financial condition or results of operations. We are currently subject to employee-related legal proceedings in the ordinary course of business. While we believe that we have adequate reserves for those losses that we believe are probable and can be reasonably estimated, the ultimate results of legal proceedings and claims cannot be predicted with certainty.

While none of our employees are currently represented by a union, our employees have the right under the National Labor Relations Act to form or affiliate with a union. While none of our employees are currently represented by a union, our employees have the right under the National Labor Relations Act to form or affiliate with a union. If a significant portion of our employees were to become unionized, our labor costs could increase and our business could be negatively affected by other requirements and expectations that could increase our costs, change our employee culture, impact corporate flexibility and disrupt our business. Additionally, our responses to any union organizing efforts could negatively impact perception of our brand and have adverse effects on our business, including on our financial results. Additionally, our responses to any union 28 organizing efforts could negatively impact perception of our brand and have adverse effects on our business, including on our financial results. These responses could also expose us to legal risk, causing us to incur costs related to defending legal and regulatory actions, potential penalties and restrictions or reputational harm.

Our background check business is subject to significant governmental regulation, and changes in law or regulation, or a failure to correctly identify, interpret, comply with and reconcile the laws and regulations to which it is subject, could materially adversely affect our revenue or profitability. Our background check business is subject to significant governmental regulation, and changes in law or regulation, or a failure to correctly identify, interpret, comply with and reconcile the laws and regulations to which it is subject, could materially adversely affect our revenue or profitability.

We offer a background screening application called Enhanced Background Checks. We offer a background screening application called Enhanced Background Checks. In the course of providing background checks, we search and report public and non-public consumer information and records, including criminal records, employment and education history, credit history, driving records and drug screening results. Consequently, we are subject to extensive, evolving and often complex laws and governmental regulations, such as the FCRA, the Drivers’ Privacy Protection Act, state consumer reporting agency laws, state licensing and registration requirements, and various other foreign, federal, state and local laws and regulations. Consequently, we are subject to extensive, evolving and often complex laws and governmental regulations, such as the Fair Credit Reporting Act (the “FCRA”), the Drivers’ Privacy Protection Act, state consumer reporting agency laws, state licensing and registration requirements, and various other foreign, federal, state and local laws and regulations. These laws and regulations set forth restrictions and process requirements concerning what may be reported about an individual, when, to whom, and for what purposes, and how the subjects of background checks are to be treated. Compliance with these laws and regulations requires significant expense and resources, which could increase significantly as these laws and regulations evolve. Such increase in restrictions and compliance costs could negatively affect our ability to provide other services expected by our clients and adversely affect our offerings and revenue.

Changes in law, regulation, or administrative enforcement and interpretations or other limitations and prohibitions related to the provision of consumer information and records could materially adversely affect our revenue and profitability. Changes in law, regulation, or administrative enforcement and interpretations or other limitations and prohibitions related to the provision of consumer information and records could materially adversely affect our revenue and profitability. For example, numerous state and local authorities have implemented “ban the box” and “fair chance” hiring laws that limit or prohibit employers from inquiring or using a candidate’s criminal history to make employment decisions, and many of these authorities have in recent years amended these laws to increase the restrictions on the use of such information. In addition, redaction of personal identifying information in criminal records (such as date of birth), and court rules or lawsuits that limit or restrict access to identifiers in criminal records, may negatively impact our ability to perform complete criminal background checks. The enactment of new restrictive legislation and the requirements, restrictions, and limitations imposed by changing interpretations and court decisions on such laws and regulations could prevent our customers from using the full functionality of our background screening application, which may reduce demand for such solution.

Furthermore, we face potential liability from individuals, classes of individuals, clients or regulatory bodies for claims based on the nature, content or accuracy of our background check services and the information we use and report. We face potential liability from individuals, classes of individuals, clients or regulatory bodies for claims based on the nature, content or accuracy of our background check services and the information we use and report. Our potential exposure to lawsuits or government investigations may increase depending in part on our clients’ compliance with these laws

and regulations and applicable employment laws in their procurement and use of our background checks as part of their hiring process, which is generally outside of our control. Our potential liability includes claims of non-compliance with the FCRA, U.S. state consumer reporting agency laws or regulations, foreign regulations or applicable employment laws, as well as other claims of defamation, invasion of privacy, negligence, copyright, patent or trademark infringement. In some cases, we may be subject to strict liability.

Industry and Financial Risks

Our financial results may fluctuate due to many factors, some of which may be beyond our control.

Our results of operations, including our revenues, costs of revenues, administrative expenses, operating income, cash flow and deferred revenue, may vary significantly in the future, and the results of any one period should not be relied upon as an indication of future performance. Our results of operations, including our revenues, costs of revenues, administrative expenses, operating income, cash flow and deferred revenue, may vary significantly in the future, and the results of any one period should not be relied upon as an indication of 29 future performance. Fluctuations in our financial results may negatively impact the value of our common stock. Our financial results may fluctuate as a result of a variety of factors, many of which are outside of our control, and as a result, may not fully reflect the underlying performance of our business. Factors that may cause our financial results to fluctuate from period to period include, without limitation:

Certain of our operating results and financial metrics may be difficult to predict as a result of seasonality. Certain of our operating results and financial metrics may be difficult to predict as a result of seasonality.

We have historically experienced seasonality in our revenues. We have historically experienced seasonality in our revenues. A significant portion of our recurring revenues relate to the annual processing of payroll tax filing forms such as Form W-2 and Form 1099 and the annual processing and filing of ACA-related forms. These forms are typically processed in the first quarter of the year and, as a result, positively impact first quarter recurring revenues. In addition, unscheduled payroll runs at the end of the year (such as bonuses) have a positive impact on our recurring revenues in the fourth quarter. Although we expect the magnitude of seasonal fluctuations in our revenues to decrease in the future to the extent clients utilize more of our non-payroll applications, seasonal fluctuations in certain of our operating results and financial metrics may make such results and metrics difficult to predict.

We are subject to certain operating and financial covenants that may restrict our business and financing activities and may adversely affect our cash flow and our ability to operate our business.

We maintain a Revolving Credit Facility, which can be accessed as needed to supplement our operating cash flow and cash balances. Although we do not currently have any outstanding indebtedness, pursuant to the Credit Agreement (as defined herein) that governs the Revolving Credit Facility, we may not, subject to certain exceptions:

In addition, we are required to maintain as of the end of each fiscal quarter a consolidated interest coverage ratio of not less than 3.0 to 1.0 and a consolidated leverage ratio of not greater than 3.0 to 1.0. The operating and financial covenants in the Credit Agreement, as well as any future financing agreements that we may enter into, may restrict our ability to finance our operations, engage in business activities or expand or fully pursue our business strategies. If we borrow in the future, we may be required to use a substantial portion of our cash flows to pay principal and interest on our debt, which would reduce the amount of money available for operations, working capital, expansion, or other general corporate purposes.

Our ability to meet our expenses and debt obligations and comply with the operating and financial covenants may be affected by financial, business, economic, regulatory and other factors beyond our control. Our ability to meet our expenses and debt obligations and comply with the operating and financial covenants may be affected by financial, business, economic, regulatory and other factors beyond our control. We may be unable to control many of these factors and comply with these covenants. A breach of any of the covenants under our Credit Agreement could result in an event of default, which could result in the acceleration of any outstanding indebtedness or foreclosure on our assets pledged to secure the indebtedness.

If we are unable to maintain effective internal control over financial reporting, investors may lose confidence in the accuracy and completeness of our financial reports and the market price of our common stock may be negatively affected. If we are unable to maintain effective internal control over financial reporting, investors may lose confidence in the accuracy and completeness of our financial reports and the market price of our common stock may be negatively affected.

As a public company, we are required to maintain internal control over financial reporting to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements. As a public company, we are required to maintain internal control over financial reporting to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements. Management must evaluate and furnish a report on the effectiveness of our internal control over financial reporting as of the end of each fiscal year, and our auditors must attest to the effectiveness of our internal control over financial reporting.

If we have a material weakness in our internal control over financial reporting, we may not detect errors on a timely basis and our financial statements may be materially misstated. If we have a material weakness in our internal control over financial reporting, we may not detect errors on a timely basis and our financial statements may be materially misstated. If we identify material weaknesses in our internal control over financial reporting or if our independent registered public accounting firm is unable to express an opinion as to the effectiveness of our internal control over financial reporting, investors may lose confidence in the accuracy and completeness of our financial reports and/or we could become subject to investigations by the New York Stock Exchange (the “NYSE”), the SEC, or other regulatory authorities, and the market price of our common stock could be negatively affected.

Our actual operating results may differ significantly from our guidance. Our actual operating results may differ significantly from our guidance.

We have released, and may continue to release, guidance in our earnings conference calls, earnings releases, or otherwise, regarding our future performance, which represents our estimates as of the date of release. We have released, and may continue to release, guidance in our earnings conference calls, earnings releases, or otherwise, regarding our future performance, which represents our estimates as of the date of release. This guidance, which includes forward-looking statements, has been and will be based on projections prepared by our management. These projections are not prepared with a view toward compliance with published guidelines of the American Institute of Certified Public Accountants, and neither our registered public accountants nor any other independent expert or outside party compiles or examines the projections. Accordingly, no such person expresses any opinion or any other form of assurance with respect to the projections.

Projections are based upon a number of assumptions and estimates that, while presented with numerical specificity, are inherently subject to significant business, economic, and competitive uncertainties and contingencies, many of which are beyond our control. Projections are based upon a number of assumptions and estimates that, while presented with numerical specificity, are inherently subject to significant business, economic, and competitive uncertainties and contingencies, many of which are beyond our control. Projections are also based upon specific assumptions with respect to future business decisions, some of which will change. The principal reason that we release guidance is to provide a basis for our management to discuss our

business outlook with analysts and investors. We do not accept any responsibility for any projections or reports published by any third parties.

Guidance is necessarily speculative in nature, and it can be expected that some or all of the assumptions underlying the guidance furnished by us will vary significantly from actual results. Guidance is necessarily speculative in nature, and it can be expected that some or all of the assumptions underlying the guidance furnished by us will vary significantly from actual results. Accordingly, our guidance is only an estimate of what management believes is realizable as of the date of release. Actual results have in the past, and may in the future, vary from our guidance, and the variations may be material. In light of the foregoing, investors are urged not to rely upon our guidance in making an investment decision regarding our common stock.

Any failure to successfully implement our operating strategy or the occurrence of any of the events or circumstances set forth in this “Risk Factors” section in this Form 10-K could result in the actual operating results being different from our guidance, and the differences may be adverse and material. Any failure to successfully implement our operating strategy or the occurrence of any of the events or circumstances set forth in this “Risk Factors” section in this Form 10-K could result in the actual operating results being different from our guidance, and the differences may be adverse and material.

Risks Related to Ownership of Our Securities

The issuance of additional stock in connection with acquisitions, our stock incentive plans, warrants or otherwise will dilute all other stockholders.

Our certificate of incorporation authorizes us to issue up to 100 million shares of common stock and up to 10 million shares of preferred stock with such rights and preferences as may be determined by our board of directors. Our certificate of incorporation authorizes us to issue up to one hundred million shares of common stock and up to ten million shares of preferred stock with such rights and preferences as may be determined by our board of directors. Subject to compliance with applicable rules and regulations, we may issue all of these shares that are not already outstanding without any action or approval by our stockholders. We intend to continue to evaluate strategic acquisitions in the future. We may pay for such acquisitions, in part or in full, through the issuance of additional equity securities.

Any issuance of shares in connection with an acquisition, the exercise of stock options or warrants, the award of shares of restricted stock or otherwise would dilute the percentage ownership held by our existing stockholders. Any issuance of shares in connection with an acquisition, the exercise of stock options or warrants, the award of shares of restricted stock or otherwise would dilute the percentage ownership held by our existing stockholders.

Anti-takeover provisions in our charter documents and Delaware law may delay or prevent an acquisition of our company. Anti-takeover provisions in our charter documents and Delaware law may delay or prevent an acquisition of our company.

Our certificate of incorporation, bylaws and Delaware law contain provisions that may have the effect of delaying or preventing a change in control of us or changes in our management. Our certificate of incorporation, bylaws and Delaware law contain provisions that may have the effect of delaying or preventing a change in control of us or changes in our management. These provisions, alone or together, could delay or prevent hostile takeovers and changes in control or changes in our management.

Any provision of our certificate of incorporation, bylaws or Delaware law that has the effect of delaying or deterring a change in control could limit the opportunity for our stockholders to receive a premium for their shares of our common stock, and could affect the price that some investors are willing to pay for our common stock. Any provision of our certificate of incorporation, bylaws or Delaware law that has the effect of delaying or deterring a change in control could limit the opportunity for our stockholders to receive a premium for their shares of our common stock, and could affect the price that some investors are willing to pay for our common stock.

Our certificate of incorporation contains an exclusive forum provision that may discourage lawsuits against us and our directors and officers. Our certificate of incorporation contains an exclusive forum provision that may discourage lawsuits against us and our directors and officers.

Our certificate of incorporation provides that, unless we consent in writing to the selection of an alternative forum, the Court of Chancery of the State of Delaware (or if no Court of Chancery located within the State of Delaware has jurisdiction, the Federal District Court for the District of Delaware) will be the sole and exclusive forum for any derivative action or proceeding brought on our behalf, any action asserting a claim of breach of fiduciary duty owed by any of our directors, officers or other employees to us or our stockholders, any action asserting a claim against us or any of our directors, officers or other employees arising pursuant to any provision of Delaware law or our certificate of incorporation or our bylaws (as either may be amended from time to time) or any action asserting a claim against us or any of our directors, officers or other employees governed by the internal affairs doctrine. Our certificate of incorporation provides that, unless we consent in writing to the selection of an alternative forum, the Court of Chancery of the State of Delaware (or if no Court of Chancery located within the State of Delaware has jurisdiction, the Federal District Court for the District of Delaware) will be the sole and exclusive forum for any derivative action or proceeding brought on our behalf, any action asserting a claim of breach of fiduciary duty owed by any of our directors, officers or other employees to us or our stockholders, any action asserting a claim against us or any of our directors, officers or other employees arising pursuant to any provision of Delaware law or our certificate of incorporation or our bylaws (as either may be amended from time to time) or any action asserting a claim against us or any of our directors, officers or other employees governed by the internal affairs doctrine. This exclusive forum provision applies to state and federal law claims, although our stockholders will not be deemed to have waived our compliance with the federal securities laws and the rules and regulations thereunder. In addition, this exclusive forum selection provision will not apply to claims under the Exchange Act. Moreover, Section 22 of the Securities Act creates concurrent jurisdiction for federal and state courts over all suits brought to enforce any duty or liability created by the Securities Act or the rules and regulations thereunder. Accordingly, there is uncertainty as to whether a court would enforce our forum selection provision as written in connection with claims arising under the Securities Act. This forum selection provision may limit our stockholders’ ability to obtain a favorable judicial forum for disputes with us. It is also possible that, notwithstanding the forum selection clause included in our certificate of incorporation, a court could rule that such a provision is inapplicable or unenforceable.

We may not continue to pay dividends at the same rate or at all.

Our payment of dividends, as well as the rate at which we pay dividends, are solely at the discretion of our Board of Directors. Further, dividend payments, if any, are subject to our financial results and the availability of statutory surplus. These factors could result in a change to our dividend policy. These factors could result in a change to our recently adopted dividend policy.

General Risks

Adverse economic and market conditions could affect our business, operating results or financial condition.

Our business depends on the overall demand for HCM applications and on the economic health of our current and prospective clients. Our business depends on the overall demand for HCM applications and on the economic health of our current and prospective clients. If economic conditions in the United States or in global markets deteriorate, clients may cease their operations, eliminate or reduce unscheduled payroll runs (such as bonuses), reduce headcount, delay or reduce their spending on HCM and other outsourcing services or attempt to renegotiate their contracts with us. In addition, global and regional macroeconomic developments, such as changes in global trade policies and tariffs, increased unemployment, decreased income, uncertainty related to future economic activity, reduced access to credit, increased interest rates, inflation, volatility in capital markets, and decreased liquidity, among other possible factors, could negatively affect our ability to conduct business. In addition, global and regional macroeconomic developments, such as 32 increased unemployment, decreased income, uncertainty related to future economic activity, reduced access to credit, increased interest rates, inflation, volatility in capital markets, and decreased liquidity, among other possible factors, could negatively affect our ability to conduct business. Furthermore, the impact of such macroeconomic developments may be exacerbated by geopolitical events and ongoing military conflicts throughout the world. Furthermore, the impact of such macroeconomic developments may be exacerbated by the COVID-19 pandemic or geopolitical events such as the ongoing military conflict in Ukraine and the ongoing conflict between Israel and Hamas. An economic decline could result in reductions in sales of our applications, decreased revenue from unscheduled payroll runs and fees charged on a per-employee basis, longer sales cycles, slower adoption of new technologies and increased price competition, any of which could adversely affect our business, operating results or financial condition. In addition, HCM spending levels may not increase following any recovery.

Further, as part of our payroll and payroll tax filing services, we collect and then remit client funds to taxing authorities and accounts designated by our clients. Further, as part of our payroll and tax filing application, we collect and then remit client funds to taxing authorities and accounts designated by our clients. During the interval between receipt and disbursement, we typically invest such funds in money market funds, demand deposit accounts, certificates of deposit, U.S. treasury securities and commercial paper. These investments are subject to general market, interest rate, credit and liquidity risks, and such risks may be exacerbated during periods of unusual financial market volatility. Any loss of or inability to access such funds could have an adverse impact on our cash position and results of operations and could require us to obtain additional sources of liquidity, which may not be available on terms that are acceptable to us, if at all. Furthermore, although increased interest rates may have a negative impact on certain clients, increased interest rates have resulted in increased interest earned on funds held for clients and additional income earned on our corporate funds. Changes in interest rates will impact potential earnings of future investments. A stable or rising interest rate environment would sustain the additional interest earned on funds held for clients and interest earned on our corporate funds, whereas a decreasing interest rate environment would compress the additional interest earnings and potentially adversely affect our operating results.

In recent years, there have been several instances when there has been uncertainty regarding the ability of Congress and the President collectively to reach agreement on federal budgetary and spending matters. In recent years, there have been several instances when there has been uncertainty regarding the ability of Congress and the President collectively to reach agreement on federal budgetary and spending matters. A period of failure to reach agreement on these matters, particularly if accompanied by an actual or threatened government shutdown, may have an adverse impact on the U.S. economy. Additionally, because certain of our clients rely on government resources to fund their operations, a prolonged government shutdown may affect such clients’ ability to make timely payments to us, which could adversely affect our operations results or financial condition.

Item 1B. Unresolved Staff Comments

None.