Dayforce Inc (DAY) Risk Analysis

We face risk of litigation, regulatory investigations, and similar actions in the ordinary course of our business, including the risk of lawsuits and other legal actions relating to breaches of contractual obligations, tortious claims, employment and labor law matters, including matters that may arise related to our Dayforce Flex Work employees, securities law claims, or claims related to erroneous transactions or breach of other laws or regulations from customers, stockholders, vendors, employees or other third parties which could result in fines, penalties, interest, loss of revenue, increased expense, or other damages. In particular, our clients have sought to pursue indemnification claims against us where they have been subject to wage compliance, payroll fraud, and data privacy claims, and as we expand our Dayforce Flex Work service, we may face litigation related to the "shifts" employees we employ as part of that service. Litigation might result in substantial costs and may divert management's attention and resources, which might materially harm our business, overall financial condition, and operating results. We may also be subject to various regulatory inquiries, such as information requests, subpoenas, and book and records examinations, from regulators and other authorities in the geographic markets in which we operate. A substantial liability arising from a lawsuit judgment or settlement or a significant regulatory action against us or a disruption in our business arising from adverse adjudications in proceedings against our directors, officers, or employees could have a material adverse effect on our business, financial condition, and results or operations. Further, insurance might not cover such claims, might not provide sufficient payments to cover all the costs to resolve one or more such claims and might not continue to be available on terms acceptable to us. A claim brought against us that is uninsured or underinsured could result in unanticipated costs, thereby harming our operating results and leading analysts or potential investors to lower their expectations of our performance, which could reduce the trading price of our stock or potentially result in a lawsuit related to the reduced trading price of our stock. Additionally, we are subject to claims and investigations as a result of our predecessor, Control Data Corporation ("CDC"), Ceridian Corporation, and other former entities for whom we are successor-in-interest with respect to assumed liabilities. For example, in September 1989, CDC became party to an environmental matters agreement with Seagate Technology plc ("Seagate") related to groundwater contamination on a parcel of real estate in Omaha, Nebraska sold by CDC to Seagate. In February 1988, CDC entered into an arrangement with Northern Engraving Corporation and the Minnesota Pollution Control Agency in relation to groundwater contamination at a site in Spring Grove, Minnesota. We have also been subject to asbestos related claims for former CDC employees. Although we are fully reserved for these groundwater contamination liabilities, and partially insured for the asbestos claims, we cannot be certain if additional claims, investigations, or liabilities related to such predecessor companies will surface.

We are subject to income and non-income taxes in multiple jurisdictions. Income tax accounting often involves complex issues, and significant judgment is often required in determining our worldwide provision for income taxes. We are regularly subject to tax examinations in these jurisdictions during which the tax authorities may challenge our tax positions. We regularly assess the likely outcomes of these examinations to determine the appropriateness of our tax reserves as well as our future tax liabilities. In addition, the application of withholding tax, value added tax, goods and services tax, sales tax, and other non-income taxes is not always certain, and we may be subject to examinations relating to such withholding or non-income taxes. We believe that our tax positions are reasonable and our tax reserves are adequate to cover any potential liability. However, if any of these tax authorities successfully challenge our positions, we may be liable for additional tax, penalties, and interest in excess of any reserves established, which may have a significant impact on our results and operations and future cash flow.

We publicly share certain information about our company's ambitions, programs, and goals on sustainability matters. These disclosures, the goals we have set, or a failure to meet these goals from time to time may generate increased scrutiny of our business that could harm our brand and our reputation. Our ability to achieve our goals related to sustainability matters is subject to numerous risks. We may rely on data and calculations provided by third parties to measure and report our sustainability metrics and if the data input or calculations are incorrect or incomplete, our brand, reputation, and financial performance may be adversely affected. Further, standards for tracking and reporting sustainability matters continue to evolve, and our processes and controls may not always comply with those evolving standards, or may require us to revise our current goals or reported progress in achieving such goals. There has also been a recent notable increase in current and proposed regulations at the state and federal level on publicly traded companies related to sustainability matters, and such expansion of regulation could result in higher associated compliance costs. A failure to fully comply with these new regulatory requirements, or a failure to do so in a timely matter, could have an adverse effect on our business, financial condition, and our perception by key stakeholders.

Our products and services systems and our internal corporate information technology ("IT") systems (our products, services and internal corporate IT systems collectively referred to as our "IT Systems") have in the past been, and will in the future be, subject to numerous and evolving cybersecurity risks that threaten the confidentiality, integrity, and availability of our IT Systems and the data stored therein. These actual and potential risks include diverse threat actors, such as state-sponsored organizations and opportunistic hackers and hacktivists, as well as diverse attack vectors, such as social engineering/phishing, malware (including ransomware), malfeasance by insiders, human, or technological error, and as a result of malicious code embedded in open-source software, or misconfigurations, "bugs" or other vulnerabilities in our IT Systems, or the commercial software that is integrated into our (or our suppliers' or service providers') IT Systems, products, or services. Cyberattacks are expected to accelerate on a global basis in frequency and magnitude as threat actors are becoming increasingly sophisticated in using techniques and tools-including AI-that circumvent security controls, evade detection, and remove forensic evidence. As a result, we may be unable to detect, investigate, remediate, or recover from future attacks or incidents, or to avoid a material adverse impact to our IT Systems or our business. Moreover, the continued integration of AI into our products and business processes, as well as the use of AI by our third party providers, may bring about unknown and currently unmanaged risks that could cause a material adverse impact to our IT Systems, business operations and data security, including risks associated with the consequences of inadvertent or unauthorized access to, or use of, customer information. We rely on our IT Systems, which are maintained both internally and externally by third parties, to operate our business, including to process, on a daily and time sensitive basis, a large number of complicated transactions. Any information security breach in our IT Systems has the potential to impact our customer information and sensitive company information, including our financial reporting capabilities, which could result in the potential loss of business and our ability to accurately report financial results. If any of the IT Systems fail to operate properly or become disabled even for a brief period, we could miss a critical filing period or lose control of customer data, either of which could result in financial loss, a disruption of our business, liability to customers, or regulatory intervention. Remote and hybrid working arrangements at our company (and at many third-party providers) increase the risks associated with our IT Systems due to the challenges associated with managing remote computing assets and security vulnerabilities that are present in many non-corporate and home networks. Like other software providers, we operate with our customers on a shared responsibility model. In most instances, our customers administer access to the data of their employees. While we provide certain security and data management capabilities and encourage customers and their employees to implement certain security controls in connection with use of our products and services, they may not implement controls sufficient to protect their confidential information. To the extent they do not take advantage of those capabilities and implement sufficient security controls, customers and their employees may suffer a cybersecurity attack on their own systems and allow a malicious actor access to confidential information held in our IT Systems. Even if such a breach is unrelated to our security programs or practices, it could cause us reputational harm and require us to incur significant costs to adequately assess and respond. We have acquired and continue to acquire companies with cybersecurity vulnerabilities and/or unsophisticated security measures built into their products and services, which exposes us to additional cybersecurity, operational, and financial risks, and have and will continue to demand significant resources to attempt to mitigate those risks. As we retire our legacy products like our bureau payroll services or sunset certain acquired products, we decrease investments in maintaining those systems, which creates the potential for a security breach of those systems. For example, in 2009, an alleged criminal hack into a discontinued U.S. payroll application led to us becoming subject to a 20-year consent order with the U.S. Federal Trade Commission ("FTC") that became final in June 2011. In connection with the order, we are required to have portions of our security program, which apply to certain segments of our U.S. business,reviewed by an independent third party on a biennial basis. Maintaining, updating, monitoring, and revising an information security program in an effort to ensure that it remains reasonable and appropriate in light of changes in security threats, changes in technology, and security vulnerabilities that arise from legacy systems is time-consuming and complex, and is an ongoing effort. While we have taken and continue to take steps to ensure compliance with the consent order, if we are determined to be out of compliance with the consent order, or if any new breaches of security occur, the FTC may take enforcement actions or other parties may initiate a lawsuit. Any such resulting fines and penalties could have a material adverse effect on our liquidity and financial results, and any reputational damage therefrom could adversely affect our relationships with our existing customers and our ability to attain new customers. Because we make extensive use of third party suppliers and service providers in our IT Systems, such as cloud services that support our internal and customer-facing operations, successful cyberattacks that disrupt or result in unauthorized access to third party IT systems can materially impact our operations and financial results. We and certain of our third-party providers regularly experience cyberattacks and other incidents, and we expect such attacks and incidents to continue in varying degrees. For example, in July 2024, a software update by CrowdStrike Holdings, Inc., a cybersecurity technology company, caused widespread crashes of Windows systems into which it was integrated, including certain Windows systems that may have been used by our third-party service providers, vendors, and customers. As of the date of this report, we have not experienced any material impacts as a result of the CrowdStrike software update. Though we rely on a third-party service to monitor suppliers and service providers for potential cybersecurity incidents, such monitoring itself cannot prevent such incidents and we could, in the future, experience similar third-party software-induced interruptions to our operations. Any adverse impact to the availability, integrity or confidentiality of our IT Systems could result in legal claims or proceedings (such as class actions), regulatory investigations and enforcement actions, fines and penalties, negative reputational impacts that cause us to lose existing or future customers, and/or significant incident response, system restoration or remediation and future compliance costs. Any or all of the foregoing could materially adversely affect our business, results of operations, and financial condition. Finally, we cannot guarantee that any costs and liabilities incurred in relation to an attack or incident will be covered by our existing insurance policies or that applicable insurance will be available to us in the future on economically reasonable terms or at all.

The markets in which we participate are highly competitive, and competition could intensify in the future. We believe the principal competitive factors in our market include: breadth and depth of product functionality, scalability and reliability of applications, robust workforce management, comprehensive tax services, modern and innovative Cloud technology platforms combined with an intuitive user experience, rapid technological change such as the rise of large language models, multi-country and jurisdiction domain expertise in payroll and HCM, quality of implementation and customer service, integration with a wide variety of third party applications and systems, total cost of ownership and return on investment, brand awareness, and reputation, pricing and distribution. We face a variety of competitors, some of which are long-established providers of HCM solutions. Many of our current and potential competitors are larger, have greater name recognition, longer operating histories, larger marketing budgets, and significantly greater resources than we do, and are able to devote greater resources to the development, promotion, and sale of their products and services. Some of our competitors do or could offer HCM solutions bundled as part of a larger product offering. Furthermore, our current or potential competitors may be acquired by third parties with greater available resources and the ability to initiate or to withstand substantial price competition. In addition, many of our competitors have established marketing relationships, access to larger customer bases, and major distribution agreements with consultants,system integrators, and resellers. Our competitors have and may continue to establish cooperative relationships among themselves or with third parties that may further enhance their product offerings or resources. Although we have a global partnership strategy, additional investment and efforts will be necessary to fully implement and scale such a strategy. If our competitors' products, services, or technologies become more accepted than our applications are today, if they are successful in bringing their products or services to market earlier than ours, or if their products or services are more technologically capable than ours, it could have a material adverse effect on our business, financial condition, and results of operations. In addition, some of our competitors may offer their products and services at a lower price compared to our products or their current pricing impacting our ability to achieve our target pricing. If we are unable to achieve our target pricing levels or if we experience significant pricing pressures, it could have a material adverse effect on our business, financial condition, and results of operations.

Our business depends on the ability to implement our solutions in a timely, accurate, and cost-efficient basis and to provide services at the high level demanded by our customers. Implementation and other professional services may be performed by our own staff, by a third party, or by a combination of the two. If a customer is not satisfied with the timely access or the quality of work performed, then we could incur loss of revenue or additional costs to address the situation, the customer's dissatisfaction with such services could damage our ability to expand the number of applications subscribed to by that customer or we could be liable for loss or damage suffered as a result, any of which could have a material adverse effect on our business, financial condition, and results of operations. If a new customer is dissatisfied with implementation, the customer could decide not to?go-live, which could result in a delay in our collection of fees or could result in a customer seeking repayment of its implementation fees?suing us for damages or could oblige us to enforce the termination provisions in our customer contracts in order to collect revenue. In addition, negative publicity related to our customer relationships, regardless of its accuracy, may affect our ability to compete for new business with current and prospective customers, which could also have a material adverse effect on our business, financial condition, and results of operations.

Our business depends on the overall demand for HCM applications and on the economic health of our current and prospective clients. If economic conditions in the U.S., Canada, or in global markets deteriorate, clients may cease their operations, reduce headcount, delay or reduce their spending on HCM and other outsourcing services or attempt to renegotiate their contracts with us. In addition, global and regional macroeconomic developments, such as increased unemployment, decreased income, uncertainty related to future economic activity, reduced access to credit, increased interest rates, inflation, volatility in capital markets, and decreased liquidity, among other possible factors, could negatively affect our ability to conduct business. An economic decline could result in reductions in sales of our applications, decreased revenue, longer sales cycles, slower adoption of new technologies, and increased price competition, any of which could adversely affect our business, operating results, or financial condition. In addition, HCM spending levels may not increase following any recovery. The application of tariffs on goods to countries in which we operate, including, for example, Canada, China, Mexico, and the U.S., has and will impact our business operations and ability to export goods, such as our time clocks. Any expansion of tariffs to cover services like Dayforce would have a significant impact on how we develop, distribute and monetize Dayforce, and therefore could adversely affect our operations results or financial condition. Moreover, the expansion of export controls generally could have an impact on our ability to export our software and mobile applications. In recent years, there have been several instances when there has been uncertainty regarding the ability of the U.S. Congress and the U.S. President collectively to reach agreement on federal budgetary and spending matters. A period of failure to reach agreement on these matters, particularly if accompanied by an actual or threatened government shutdown, may have an adverse impact on the U.S. economy. Additionally, because certain of our clients rely on government resources to fund their operations, a prolonged government shutdown may affect such clients' ability to make timely payments to us, which could adversely affect our operations results or financial condition. Further, as part of our payroll and tax filing application, we collect and then remit client funds to taxing authorities and accounts designated by our clients. During the interval between receipt and disbursement, we may invest such funds in money market funds, demand deposit accounts, certificates of deposit, U.S. treasury securities and commercial paper. These investments are subject to general market, interest rate, credit and liquidity risks, and such risks may be exacerbated during periods of unusual financial market volatility. Any loss of or inability to access such funds could have an adverse impact on our cash position and results of operations and could require us to obtain additional sources of liquidity, which may not be available on terms that are acceptable to us, if at all.

We have and will continue to expand our operations and sales into new international markets. Our international operations are subject to risks that could adversely affect those operations or our business as a whole, including but not limited to the costs of establishing a market presence, localizing product and service offerings for foreign customers, difficulties in managing and staffing international operations, and increased expenses related to introducing corporate policies and controls in our international operations and increased reliance on partners to provide services in additional geographies. Further, the expansion of our product offering into new international markets has and will continue to result in an expansion of our monitoring of local laws and regulations, which increases our costs as well as the risk of the product not incorporating in a timely fashion or at all the necessary changes to enable a customer to be compliant with such laws, or in manual workarounds that are prone to errors. Moreover, as part of our international strategy, we work with partners to perform services in certain geographies where we do not currently have international operations or the particular service required by our customers. As a result, we may experience business impact if our partners do not carry out the services as committed, or at a quality level that our customers demand, including potential for reduced margin from additional expense or impact to customer relationships. Our international growth strategy has and may continue to include growth via acquisition. Our growth following an acquisition may also be dependent on our ability to transition acquired customers from current and legacy products to Dayforce, migrate and integrate acquired technologies or to increase sales by addressing broader HCM needs with additional modules of Dayforce. If we are unable to provide the required services on a multinational basis, or if we are unable to effectively manage our international expansion, we could be subject to negative customer experiences, harm to our reputation or loss of customers, claims for any fines, penalties or other damages suffered by our customer, and other financial harm, including fines, penalties, or other damages suffered by us directly, which would negatively impact revenue and earnings. Although we have a multinational strategy, additional investment and efforts may be necessary to implement such strategy. Some of our business partners also have international operations and are subject to the risks described above.

Our business, financial condition, results of operations, access to capital markets and borrowing costs may be adversely affected by a major natural disaster or catastrophic event, including civil unrest, economic recession, geopolitical instability, war, terrorist attack, the effects of climate change, or pandemics or other public health emergencies, and measures taken in response thereto. In the event of a major disaster or event impacting any of our locations or locations where our employees work virtually, we may be unable to continue our operations and may endure system interruptions, reputational harm, delays in our application development, lengthy interruptions in our services, breaches of data security and loss of critical data. These catastrophic events have the potential to disrupt the business of our third-party suppliers, partners, or customers, which could have a material adverse effect on our business, financial condition, and results of operations. For instance, the COVID-19 pandemic created significant global volatility, uncertainty, and economic disruption. Moving forward, the extent to which other similarly disrupting events will adversely affect our business, operations, and financial results will depend on numerous evolving factors, including developments which are highly uncertain and cannot be predicted, such as the duration and scope of the event, and that affect our ability to sell and to provide our services to our current and future customers, and the ability of our customers to pay for our services or to make us whole for advances of earned net wages and associated tax amounts made on their behalf by us.

Disruptions in the financial markets can also adversely affect our lenders, insurers, customers, and other counterparties. During periods of volatile credit markets, there is risk that financial institutions, even those with strong balance sheets and sound lending practices, could fail, no longer participate in financial offerings, or refuse to honor their existing legal commitments and obligations to us, including but not limited to, extending credit up to the maximum amount permitted by the 2024 Revolving Credit Facility or purchasing eligible receivables under our Receivables Purchase Agreement. If our financial counterparties are unable to fund borrowings under their revolving credit commitments or investments under their Receivables Purchase Agreement, or we are unable to borrow or refinance our debt in the financial markets, it could substantially increase our cost of borrowing or be difficult to obtain sufficient funding to execute our business strategy or to meet our liquidity needs, which could have a material adverse effect on our business, financial condition, and results of operations.