Conduent (CNDT) Risk Analysis

As a leader in business process solutions, we leverage cloud computing, AI, machine learning and advanced analytics. We act as a trusted business partner in both front-office and back-office platforms, providing interactions on a substantial scale with our customers and other third-parties. Our customers include global commercial clients and government clients who depend upon our operational efficiency, non-interruption of service, and accuracy and security of information. We also use third-party providers such as subcontractors, software vendors, utility providers and network providers, upon whom we rely to support our business process solutions, to deliver uninterrupted, secure service. As part of our business process solutions, we also develop system software platforms necessary to support our customers' needs, with significant ongoing investment in developing and operating customer-appropriate operating systems, databases and system software solutions. We also receive, process, transmit and store substantial volumes of information relating to identifiable individuals, both in our role as a solution provider and as an employer, and we are subject to numerous laws, rules and regulations in the United States (both federal and state) and foreign jurisdictions designed to protect both individually identifiable information as well as personal health information. We also receive, process and implement financial transactions, and disburse funds, on behalf of both commercial and government customers, which activity includes receiving debit and credit card information to process payments due to our customers as well as disbursing funds to payees of our customers. As a result of these and other business process solutions, the integrity, security, accuracy and non-interruption of our systems and information technology and that of our third-party providers and our interfaces with our customers are extremely important to our business, operating results, growth, prospects and reputation. We have in the past been, and remain, susceptible to breach of security systems which may result and has resulted in unauthorized access to our facilities and those of our customers and/or the information we and our customers are trying to protect. Cybersecurity failure might be caused by computer hacking, compromised credentials, malware, computer viruses, worms, trojans, ransomware and other destructive software, "cyber-attacks" and other malicious activity, as well as natural disasters, power outages, terrorist attacks and similar events. Operational or business delays may also result from the disruption of network or information systems and subsequent remediation activities. Because the techniques used to obtain unauthorized access are constantly changing and becoming increasingly more sophisticated and often are not recognized until launched against a target, we or our third-party service providers may be unable to anticipate these techniques or implement sufficient preventative measures. Unauthorized access, hacking, malware, phishing, viruses, worms, trojans, ransomware and other "cyber-attacks" have become more prevalent, have occurred in our systems in the past, and may occur in our systems in the future. Our cyber practices and cybersecurity systems may prove to be inadequate and result in the disruption, failure, misappropriation or corruption of our network and information systems and it may not be possible for us to fully or timely know if or when such incidents arise, or the full business impact of any cybersecurity breach. Additionally, with advances in computer capabilities and data protection requirements to address ongoing threats, we may be required to expend significant capital and other resources to protect against potential security breaches or to alleviate problems caused by security breaches. Moreover, employee error or malfeasance, faulty password management or other irregularities may result in a defeat of our or our third-party service providers' security measures and a breach of our or our third-party service providers' information systems (whether digital, cloud-based or otherwise). In addition, the increased use of employee-owned devices for communications as well as work-from-home arrangements, present additional operational risks to our information technology systems, including, but not limited to, increased risks of cyber-attacks. We have in the past experienced, and in the future could experience, an unauthorized party gaining physical access to one of our or one of our third-party service providers' facilities or gain electronic access to our or one of our third-party service providers' information systems. Such access could result in, among other things, unfavorable publicity and significant damage to our brand, governmental inquiry, oversight and possible regulatory action, difficulty in marketing our services, loss of existing and potential customers, allegations by our customers that we have not performed our contractual obligations, litigation by affected parties and possible financial obligations for substantial damages related to the theft or misuse of such information, any of which could materially adversely affect our results of operations and financial condition. Similar consequences may arise if sensitive or confidential information is misdirected, lost or stolen during transmission or transport, or is stolen or misused. Moreover, security breaches have and could require us to devote significant management resources to address the problems created by the security breach and to expend significant additional resources to upgrade further the security measures that we employ to guard such personal information against "cyber-attacks" and to maintain various systems and data centers for our customers. Often these systems and data centers must be maintained worldwide and on a 24/7 basis. We have in the past experienced and in the future could experience service interruptions that could result in curtailed operations and loss of existing and potential customers, which could significantly reduce our revenues and profits in addition to significantly impairing our reputation. If our information systems and our back-up systems are damaged, breached or cease to function properly, we may have to make a significant investment to repair or replace them, and we may suffer interruptions in our operations in the interim, each of which could materially adversely affect our results of operations and financial condition. In addition, our and our customers' systems and networks are subject to continued threats of terrorism, which could disrupt our operations as well as disrupt the utilities and telecommunications infrastructure on which our business depends. To the extent any such disruptions were to occur, our business, operating results and financial condition could be materially adversely affected. In addition, our liability insurance, which includes cyber insurance, might not be sufficient in type or amount to cover us, or the carrier may decline to cover us, against claims related to security incidents, cyberattacks and other related incidents.

We have experienced certain disruptions in our operations and service delivery performance issues because of some of our information technology infrastructure that is outdated and that needs to be enhanced and updated, which disruptions have adversely impacted client and delivery performance. As a result, we embarked on a long-term project to modernize a significant portion of our information technology infrastructure with new systems and processes and to consolidate our data centers. There is a risk, however, that our modernization efforts and data center consolidations could materially and adversely disrupt our operations and our service delivery to customers, could result in contractual penalties or damage claims from customers, could occur over a period longer than planned, and could require greater than expected investment and other internal and external resources. It may also take longer to realize the intended favorable benefits from an enhanced technology infrastructure than we expected, or disruptions may continue to occur while we enhance this infrastructure. Future service disruptions could hinder our ability to attract new customers, cause us to incur legal liability, contractual penalties or issue service credits to our customers and cause us to lose current customers, each of which could have a material adverse effect on our business, results of operations and financial condition.

We process, support and execute financial transactions, and disburse funds, on behalf of both government and commercial customers, often in partnership with financial institutions. This activity includes receiving debit and credit card information, processing payments for and due to our customers and disbursing funds on payment or debit cards to payees of our customers. As a result, we are subject to numerous laws and regulations in the United States (both federal and state) and in foreign jurisdictions, including the Electronic Fund Transfer Act, as amended, the Currency and Foreign Transactions Reporting Act of 1970 (commonly known as the "Bank Secrecy Act"), as amended, the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (including the so-called Durbin Amendment), as amended, the Gramm-Leach-Bliley Act (also known as the "Financial Modernization Act of 1999"), as amended, and the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 ("USA PATRIOT ACT"), as amended. Other United States (both federal and state) and foreign jurisdiction laws apply to our processing of certain financial transactions and related support services. These laws are subject to frequent changes, and new statutes and regulations in this area may be enacted at any time. Changes to existing laws, the introduction of new laws in this area or our failure to comply with existing laws that are applicable to us may subject us to, among other things, additional costs or changes to our business practices, liability for monetary damages, fines and civil and/or criminal prosecution, unfavorable publicity, restrictions on our ability to process and support financial transactions and allegations by our customers, partners and clients that we have not performed our contractual obligations. Any of these could materially adversely affect our results of operations and financial condition.

We monitor U.S. and non-U.S. tax law changes that may adversely impact our overall tax costs. From time to time, proposals have been made and/or legislation has been introduced to change tax rates, as well as related tax laws, regulations or interpretations thereof, by various jurisdictions, or to limit tax treaty benefits which, if enacted or implemented, could materially increase our tax costs and/or our effective tax rate and could have a material adverse impact on our financial condition and results of operations. In addition, we are subject to the examination of our income tax returns by the United States Internal Revenue Service and other tax authorities around the world. We regularly assess the likelihood of adverse outcomes resulting from these examinations to determine the adequacy of its provision for income taxes. There can be no assurance that the outcomes from these examinations will not have an adverse effect on our provision for income taxes and cash tax liability.

Although there has been a recent shift in U.S. federal policy under the new presidential administration, many governments, regulators, investors, associates, clients and other stakeholders have been and/or remain focused on environmental, social and governance considerations relating to businesses, including climate change and greenhouse gas emissions, human rights, and diversity, equity and inclusion. In addition, the Company makes statements about its environmental, social and governance goals and initiatives through its corporate social responsibility report, its other non-financial reports, information provided on its website, press releases and other communications. Responding to these environmental, social and governance considerations and implementation of these goals and initiatives involves risks and uncertainties, requires capital and operating investments, and depends in part on third-party performance, or data and changing regulatory schemes that are outside the Company's control. The Company cannot guarantee that it will achieve its announced environmental, social and governance goals and initiatives. In addition, some stakeholders may disagree with the Company's goals and initiatives. Any failure, or perceived failure, by the Company to achieve its goals, further its initiatives, adhere to its public statements, comply with federal, state or international environmental, social and governance laws and regulations, or meet evolving and varied stakeholder expectations and standards could result in legal and regulatory proceedings against the Company and could materially adversely affect the Company's business, ability to recruit and retain associates, reputation, results of operations, financial condition and stock price.

Our ability to service our customers and clients and deliver and implement solutions depends to a large extent on third-party providers such as subcontractors, a relatively small number of primary software vendors, software application developers, utility providers and network providers meeting their obligations to us and our expectations in a timely, quality manner. Our results of operations and financial condition have been and in the future may be materially adversely affected and we might incur significant additional liabilities if any of our third-party providers (i) do not meet their service level obligations, (ii) do not meet our or our clients' expectations, (iii) terminate or refuse to renew their relationships with us, or (iv) offer their products to us with less advantageous prices and other terms than previously offered.

To stay competitive in our industry, we must keep pace with changing technologies and customer preferences. Many of our contracts require us to design, develop and implement new technological and operating systems for our customers. Many of these systems involve detailed and complex computer source code which must be created and integrated into a working system that meets contract specifications. The accounting for these contracts requires judgment relative to assessing risks, estimating costs to fulfill the contract and making assumptions for schedule and technical issues. To varying degrees, each contract type involves some risk that we could underestimate the costs and resources necessary to fulfill the contract. In each case, our failure to accurately estimate costs or the resources and technology needed to perform our contracts or to effectively manage and control our costs during the performance of our work could result, and in some instances has resulted, in reduced profits or in losses. In addition, many of our contracts contain complicated performance obligations, including, without limitation, designing and building new integrated computer systems. These contracts carry potential financial penalties or could result in financial damages or exposures if we fail to properly perform those obligations and have in the past resulted in and in the future could result in our results of operations and financial condition being materially adversely affected.

Our success depends on our ability to obtain adequate pricing for our services that will provide a reasonable return to our shareholders. Depending on competitive market factors, future prices we obtain for our services may decline from previous levels. If we are unable to obtain adequate pricing for our services, it could materially adversely affect our results of operations and financial condition. In addition, our contracts are increasingly requiring tighter timelines for implementation as well as more stringent service level metrics. This makes the bidding process for new contracts much more difficult and requires us to adequately consider these requirements in the pricing of our services. To meet the service requirements of our customers, which often includes 24/7 service, and to optimize our employee cost base, including our back-office support, we often locate our delivery service and back-office support centers in lower-cost locations, including several developing countries. Concentrating our centers in these locations presents several operational risks, many of which are beyond our control, including the risks of political instability, natural disasters, safety and security risks, labor disruptions, excessive employee turnover and rising labor rates. Additionally, a change in the political environment in the United States or the adoption and enforcement of legislation and regulations curbing the use of such centers outside of the United States could materially adversely affect our results of operations and financial condition. These risks could impair our ability to effectively provide services to our customers and keep our costs aligned to our associated revenues and market requirements. Our ability to sustain and improve profit margins is dependent on a number of factors, including our ability to continue to improve the cost efficiency of our operations through such programs as robotic process automation, to absorb the level of pricing pressures on our services through cost improvements, our ability to hire and retain employees in the current global labor markets and to successfully complete information technology initiatives. If any of these factors adversely materialize or if we are unable to achieve and maintain productivity improvements through restructuring actions or information technology initiatives, our ability to offset labor cost inflation and competitive price pressures would be impaired, each of which could materially adversely affect our results of operations and financial condition.