Genpact (G) Risk Analysis

We depend in large part on our relationships with clients and our reputation for high-quality services to generate revenue and secure future engagements. Most of our service contracts with clients contain service level and performance requirements, including requirements relating to the quality of our services. Failure to consistently meet service requirements of a client, whether due to: (a) natural or other disasters, telecommunications failures, power or water shortages, extreme weather conditions (whether as a result of climate change or otherwise), medical epidemics, pandemics or other contagious diseases, or other natural or manmade disasters or catastrophic events; (b) breach of or incursion into our computer systems (for example, through a ransomware attack); (c) other systems failure, including due to aged IT systems or infrastructure; or (d) errors made by our employees in the course of delivering services to our clients have in the past and could in the future disrupt a client's business and result in a reduction in our revenues, clients terminating their business relationships with us and/or a claim for damages against us. Additionally, we could incur liability if a process we manage for a client were to result in internal control failures or impair our client's ability to comply with its own internal control requirements. We are also subject to actual and potential claims, lawsuits, investigations and proceedings outside of errors and omissions claims. For example, we engage in trust and safety services on behalf of clients, including content moderation, which could have a negative impact on our employees performing such services due to the nature of the materials they review. These types of services have been the subject of negative media coverage as well as litigation, and we may face adverse judgments or settlements or damage to our brand or reputation as a result of our provision of these services. Under our MSAs with our clients, our liability for breach of our obligations is generally limited to actual damages suffered by the client and is typically capped at an agreed amount. These limitations and caps on liability may be unenforceable or otherwise may not protect us from liability for damages. In addition, certain liabilities, such as claims of third parties for which we may be required to indemnify our clients or liability for breaches of confidentiality, are generally not limited under those agreements. Our MSAs are governed by laws of multiple jurisdictions, therefore the interpretation of such provisions, and the availability of defenses to us, may vary, which may contribute to the uncertainty as to the scope of our potential liability. Although we have commercial general liability insurance coverage, the coverage may not continue to be available on acceptable terms or in sufficient amounts to cover one or more large claims and our insurers may disclaim coverage as to any future claims. The successful assertion of one or more large claims against us that exceed available insurance coverage, or changes in our insurance policies (including premium increases or the imposition of large deductible or co-insurance requirements), could have a material adverse effect on our reputation, business, results of operations and financial condition. It is also possible that future results of operations or cash flows for any particular quarterly or annual period could be materially adversely affected by an unfavorable resolution of these matters. In addition, these matters divert management and personnel resources away from operating our business. Even if we do not experience significant monetary costs, there may be adverse publicity or social media attention associated with these matters that could result in reputational harm, either to us directly or to the industries or geographies we operate in, that may materially adversely affect our business, client or employee relationships. Further, defending against these claims can involve potentially significant costs, including legal defense costs.

Our industry is increasingly competitive, highly fragmented and subject to rapid change. We compete for business with a variety of companies, including large multinational firms that provide consulting, technology and/or managed services, offshore business process service providers in low-cost locations like India, in-house captives of potential clients, software services companies that also provide managed services or advanced technology solutions, smaller, niche companies that compete with us in a specific geographic market, industry or service area, and accounting firms that also provide consulting or other business process services. Some of our competitors have greater financial, marketing, technological or other resources and larger client bases than we do, and may expand their service offerings more quickly or at a lower cost and compete more effectively for clients and employees than we do. Some of our competitors have more established reputations and client relationships in our markets than we do. In addition, some of our competitors who do not have global delivery capabilities may expand their delivery centers to the countries in which we are located, which could result in increased competition for employees and could reduce our competitive advantage. Consolidation activity may also result in new competitors with greater scale, a broader footprint or vertical integration that makes them more attractive to clients as a single provider of integrated products and services. In addition, concurrent use by many clients of multiple professional service providers requires us to be continuously competitive on the quality, scope and pricing of our offerings or face a reduction or elimination of our business. Competitors have also in the past and will likely in the future be willing to take on more risk or price contracts lower than us in an effort to enter the market or increase market share. If we are not able to supply clients with services or solutions that they deem superior and successfully apply our business models with market level pricing while managing discounts, we may lose business to competitors and face downward pressure on gross margins and profitability. Any inability to compete effectively would materially adversely affect our business, results of operations and financial condition Our competitiveness also depends on our ability to continue to develop and implement services and solutions that anticipate and respond to rapid and continuing changes in technology to serve the evolving needs of our clients. See the Risk Factor titled "Our business depends on generating and maintaining ongoing, profitable client demand for our services and solutions, and a significant reduction in such demand or an inability to respond to or compete in the rapidly evolving technological environment could materially affect our results of operations" for additional information. New services or technologies offered by our competitors, partners or new market participants, including technology start-ups and other companies that can scale rapidly to focus on or disrupt certain markets and provide new or alternative services, solutions or delivery models, may make our offerings less differentiated or less competitive by comparison, which may adversely affect our results of operations. Certain technology companies, including some of our partners, are increasingly able to offer services related to their software, platform, cloud migration and other solutions, or are developing software, platform, cloud migration and other solutions that require integration services to a lesser extent or replace them in their entirety. These more integrated services and solutions may represent more attractive alternatives to clients than some of our services and solutions, which may materially adversely affect our competitive position and our results of operations. Our relationships with our third-party alliance partners, who supply us with necessary components to the services and solutions we offer our clients, are also critical to our ability to provide many of our services and solutions that address client demands. Some of our third-party alliance partners are also clients or suppliers for our internal operations. There can be no assurance that we will be able to maintain such relationships or that such components will be available on the expected timelines or for anticipated prices. Among other things, such alliance partners may in the future decide to compete with us, form exclusive or more favorable arrangements with our competitors or otherwise reduce our access to their products, thereby impairing our ability to provide the services and solutions demanded by clients. Any performance failure on the part of our alliance partners, or the discontinuance by such alliance partners of services that we have relied on them to perform for our clients, could delay our performance or require us to engage alternative third parties to perform the services at our cost or to perform them ourselves, any of which could deprive us of potential revenue or adversely impact our profitability. Increased competition may result in lower prices and volumes, higher costs, and lower profitability. Any inability to compete effectively, including as a result of any of the factors described above, would adversely affect our business, results of operations and financial condition.

Global macroeconomic conditions affect our business, our clients' businesses and the markets we serve. Volatile, negative or uncertain economic conditions in our significant markets have in the past and could in the future undermine business confidence and cause our clients to reduce, postpone or cancel their spending on projects with us, which has negatively affected our business and may continue to do so in the future, including by making it more difficult for us to accurately forecast client demand and effectively build revenue and resource plans. Clients may reduce demand for services suddenly or with limited warning, which may cause us to incur extra costs where we have employed more personnel than client demand supports. Differing economic conditions and patterns of economic growth and contraction in the geographical regions in which we operate and the industries we serve have affected and may in the future affect demand for our services. Changing demand patterns from economic volatility and uncertainty could also have a significant negative impact on our results of operations. Our business is particularly susceptible to economic and political conditions in the markets where our clients or operations are concentrated. A material portion of our revenues is derived from our clients in North America - in particular the United States - and Europe, and weak demand, or any other adverse economic, political or legal uncertainties or developments, in these markets could have a material adverse effect on our results of operations. The election of a new U.S. President, coupled with a consolidation of party control of both chambers of the U.S. Congress, has led to new legislative and regulatory initiatives in the United States and the roll-back of many initiatives of the previous presidential administration, which may impact our business and our clients' businesses in unpredictable ways. Market uncertainty and volatility have been magnified and may intensify due to the statements and actions of the new U.S. presidential administration and resulting uncertainties regarding actual and potential shifts in U.S. and foreign, trade, economic and other policies, including with respect to treaties and tariffs. In addition, broader global geopolitical tensions, including actual or anticipated military or political conflicts (such as the ongoing conflict between Russia and Ukraine, tensions across the Taiwan Strait, the Israel-Hamas conflict and other actions in the Middle East), and actions that governments take in response may adversely impact us. For instance, in response to the ongoing conflict between Russia and Ukraine, the United States and other countries in which we operate have imposed broad sanctions and may impose additional sanctions or other restrictive actions against governmental and other entities in Russia. We do not have employees or operations in Russia or Ukraine, but we have operations in surrounding countries, and we have clients that do business in Russia and Ukraine. Such clients may be adversely affected by the ongoing conflict and related sanctions and other governmental actions, which in turn could have an adverse impact on our revenues from such clients. Additionally, given the global nature of our operations, the broader macroeconomic impact of sanctions imposed on Russia and other macroeconomic impacts of the protracted conflict could have an adverse impact on our business, profitability, results of operations and financial condition. We also have limited employees and operations in Israel, and while we have not experienced any material impacts to our operations in Israel to date, there can be no assurance that our operations there will not be materially adversely affected in the future. The impact of geopolitical conflicts, including those identified above, any further escalation or expansion and the broader geopolitical, economic, and other effects of such conflicts could also heighten the other risks identified in this Annual Report on Form 10-K. Additionally, increased operating costs resulting from ongoing inflationary pressures have adversely affected our profitability and could continue to do so. Broad-based inflation will also continue to increase the costs of operating our delivery centers. We have not been able to, and may in the future be unable to, fully offset these cost increases by raising prices for our services, particularly because our client agreements generally fix our pricing for periods of time. This has resulted in and is expected to continue to result in downward pressure on our gross margins and operating income. Further, our clients may choose to reduce their business with us or cancel, defer or delay projects if we increase our pricing. If we are unable to successfully adjust pricing, reduce costs or implement other countermeasures, our profitability could be materially adversely affected.

Most of our revenues are denominated in U.S. dollars, with the remaining amounts largely in euros, UK pounds sterling, the Australian dollar, the Indian rupee and the Japanese yen. Most of our expenses are incurred and paid in U.S. dollars, with the remaining amounts largely in Indian rupees, Romanian lei, Chinese renminbi, UK pounds sterling, Philippine pesos, Polish zloty, euros, Mexican pesos, Costa Rican colón, Japanese yen, Australian dollars, Canadian dollars, Guatemalan quetzals, South African rand, Malaysian ringgit and Hungarian forint. As we expand our operations to new countries, we will incur expenses in other currencies. We report our financial results in U.S. dollars. The exchange rates between the Indian rupee, the euro and other currencies in which we incur costs or receive revenues, on the one hand, and the U.S. dollar, on the other hand, have changed substantially in recent years and may fluctuate substantially in the future. See Item 7A-"Quantitative and Qualitative Disclosures about Market Risk." Our results of operations have been adversely affected and could be further adversely affected by certain movements in exchange rates, particularly if the Indian rupee or other currencies in which we incur expenses appreciate against the U.S. dollar or if, as has occurred over the past year, the currencies in which we receive revenues, such as the euro,depreciate against the U.S. dollar. Although we take steps to hedge a substantial portion of our foreign currency exposures, there is no assurance that our hedging strategy will be successful or that the hedging markets will have sufficient liquidity or depth for us to implement our strategy in a cost-effective manner. In addition, in some countries, such as China, India, Malaysia, the Philippines and Romania, we are subject to legal restrictions on hedging activities, as well as convertibility of currencies, which limits our ability to use cash generated in one country in another country and could limit our ability to hedge our exposures. Finally, our hedging policies only provide near term protection from exchange rate fluctuations. If the Indian rupee or other currencies in which we incur expenses appreciate against the U.S. dollar, we may have to consider additional means of maintaining profitability, including by increasing pricing, which may or may not be achievable. See also Item 7-"Management's Discussion and Analysis of Financial Condition and Results of Operations-Overview-Net Revenues-Foreign exchange gains (losses), net."

Our partnerships and alliances and our relationships with a variety of third parties, including suppliers, contractors and others, expose us to a variety of risks that could have a material adverse effect on our business, and we may not be successful in mitigating such risks. Our operations depend on our ability to anticipate our and our clients' needs for products and services, as well as our suppliers' ability to deliver sufficient quantities and quality of products and services at reasonable prices and in time for us to meet commitments for the delivery of our own services. In addition, we must adequately address quality issues associated with our services, including with respect to any third-party components to our services. Any performance failure on the part of our partners or the third parties with whom we do business, or the discontinuance by such third parties or partners of services that we have relied on them to perform for our clients, could delay our performance or require us to engage alternative third parties to perform the services at our cost or to perform them ourselves, any of which could deprive us of potential revenue or adversely impact our profitability. Additionally, our partners, third-party suppliers and contractors and other third parties with whom we do business may not be able to comply with current good business practices or applicable laws or regulatory requirements. Our failure, or the failure of such third parties, to comply with applicable laws and regulations could result in sanctions being imposed on us, including fines, injunctions, civil penalties and criminal prosecutions, any of which could significantly and adversely affect our business. We may have limited control over the amount and timing of resources that our partners and third parties with whom we do business dedicate to their arrangements with us. Our ability to generate revenue from these arrangements will depend on our partners' or other third parties' desire and ability to successfully perform the functions assigned to them in these arrangements. Further, certain of our suppliers, partners and other contractors may decide to discontinue conducting business with us. In addition, we are a party to a number of license agreements with third parties and expect to enter into additional licenses in the future. Our existing licenses impose, and we expect that future licenses will impose, various obligations and restrictions on us. If we fail to comply with these obligations and restrictions, the licensor may have the right to terminate the license, in which event we might not be able to market any product or service that is covered by these agreements, which could materially adversely affect our business. Termination of these license agreements or reduction or elimination of our licensed rights may result in our having to negotiate new or reinstated licenses with less favorable terms, or cause us to lose rights in important intellectual property or technology. Any of the foregoing may prevent us from working with our partners or third parties with whom we do business and could subject us to losses, affect our ability to bring products and services to market, cause us to fail to satisfy our client obligations and harm our reputation.

Our profitability is largely a function of how efficiently we utilize our assets and the pricing that we are able to obtain for our services and solutions. Our utilization rates are affected by a number of factors, including our ability to transition employees from completed projects to new assignments, hire and assimilate new employees, forecast demand for our services, match our employees' skills with client demand, manage attrition as well as our need to devote time and resources to training, professional development and other typically non-chargeable activities. The prices we are able to charge for our services are affected by a number of factors, including our clients' perceptions of our ability to add value through our services, competition, introduction of new services, technologies (including generative and agentic AI) or products by us or our competitors, our ability to accurately estimate, attain and sustain revenues from client engagements, margins and cash flows over long contract periods and general economic and political conditions. Therefore, if we are unable to price appropriately or manage our asset utilization levels, there could be a material adverse effect on our business, results of operations and financial condition. Our profitability is also a function of our ability to control our costs and improve our efficiency. As we increase the number of our employees and grow our business, we may not be able to manage the significantly larger and more geographically diverse workforce that may result and our profitability may decrease or may not improve. New taxes may also be imposed on our services such as sales taxes or service taxes which could affect our competitiveness as well as our profitability. Additionally, we may fail to appropriately estimate our costs in agreeing to provide new or novel services with unique pricing arrangements or service delivery requirements.

AI and other advanced technologies are having, and are expected to continue to have, a significant impact on client preferences and market dynamics in our industry, and our ability to effectively compete in this space will be critical to our financial performance. We are increasingly applying AI and other advanced technologies, including generative AI and autonomous agentic AI, to our services and solutions, to how we deliver services to our clients and to our own internal operations. We are also creating new offerings to implement AI and other advanced technology solutions for our clients. We have made significant investments in our AI and other advanced technology capabilities and will continue to incur significant development and operational costs to support these efforts. The market for AI and other advanced technology and services is highly competitive and rapidly evolving. We face significant competition from our traditional competitors as well as other third parties, including those that are new to the market or our industry, as well as our own clients, who may develop their own AI-related capabilities. We may also be unable to bring AI-enabled products and solutions to market as effectively, or with the same speed or in the same volumes, as our competitors, which may harm our competitive position. In addition, as these technologies evolve, we expect that some services that we currently perform for our clients will be replaced, in whole or in part, by AI, including generative AI and agentic solutions, or other forms of automation. Each of the foregoing may lead to reduced demand for our services, adversely affect our employee utilization rate or harm our ability to obtain favorable pricing or other terms for our services, any of which could have a material adverse effect on our business, results of operations and financial condition. Leveraging AI and other advanced technology capabilities for our internal functions and operations also presents additional risks, costs, and challenges, including those discussed in these risk factors. The development, adoption, and use of AI and other advanced technologies are still in their early stages. AI algorithms may be flawed, and datasets may be insufficient or contain biased information, which could result in unexpected, low quality or otherwise inadequate outputs. Ineffective or inadequate AI development, monitoring or deployment practices by us, our clients, or third parties with whom we do business could result in unintended consequences, such as disclosure of sensitive information, infringement of third-party intellectual property rights or other incidents that impair the acceptance of AI solutions or cause harm to individuals or society. These deficiencies and other failures of AI systems could subject us to competitive harm, regulatory action, legal liability, and brand or reputational harm. Some AI capabilities present ethical issues, and we may be unsuccessful in identifying or resolving issues before they arise. If we enable or offer AI products or solutions or implement AI capabilities in our internal operations that are controversial because of their impact on human rights, privacy, employment, or other social, economic, or political issues, we may experience brand or reputational harm, financial or legal liability or increased employee attrition. Additionally, the use of AI and other advanced technology by us or our partners may create new cybersecurity vulnerabilities, including vulnerabilities not currently known. The uncertainty around the safety and security of new and emerging AI applications requires significant investment to test for security, accuracy, bias, and other variables. These efforts can be complex, costly, and potentially impact our profitability, and may cause decreased demand for our services or harm to our business, results of operations, financial condition, or reputation. Addressing the possible consequences of the use of AI technologies may require significant operational costs to implement, manage, and maintain processes governing the AI lifecycle that align with industry standards and meet customer expectations. AI technology and services require access to high-quality datasets, foundation models, and other AI system components. We currently rely, in part, on third parties to provide these components. In the future, we may face difficulties acquiring the necessary rights from third parties due to market competition and other factors. This challenge could hinder our ability to develop, implement or maintain AI technologies. To overcome this, we may need to invest in alternative strategies, such as forming alliances or developing our own resources. In addition, the legal and regulatory landscape surrounding AI technologies is rapidly evolving and uncertain, including in the areas of intellectual property, cybersecurity, and privacy and data protection. Several jurisdictions where we operate are applying, or considering applying, laws and regulations related to intellectual property, cybersecurity, export controls, privacy, data security, and data protection to AI and automated decision-making, or general legal frameworks on AI, such as the EU AI Act, which entered into force in 2024 and parts of which apply beginning in 2025. Compliance with new or changing laws, regulations, industry standards or ethical requirements and expectations relating to AI, the eventual scope and extent of which are currently unknown and which may vary across jurisdictions, may impose significant operational costs requiring us to change our service offerings or business practices, or may limit or prevent our ability to develop, deploy, or use AI technologies in our own operations or our client offerings. Failure to keep pace with this evolving landscape may result in legal liability, regulatory action, or brand and reputational harm.

Our success depends in part on certain methodologies, practices, tools and technical expertise we utilize in designing, developing, implementing and maintaining applications and other proprietary intellectual property rights. In order to protect our rights in these various intellectual properties, we rely upon a combination of nondisclosure and other contractual arrangements as well as patent, trade secret, copyright and trademark laws. We also generally enter into confidentiality agreements with our employees, consultants, vendors, clients and potential clients and limit access to and distribution of our proprietary information. India is a member of the Berne Convention, an international intellectual property treaty, and has agreed to recognize protections on intellectual property rights conferred under the laws of other foreign countries, including the laws of the United States. There can be no assurance that the laws, rules, regulations and treaties in effect in the United States, India and the other jurisdictions in which we operate and the contractual and other protective measures we take, are adequate to protect us from misappropriation or unauthorized use of our intellectual property, or that such laws will not change. We may not be able to detect unauthorized use and take appropriate steps to enforce our rights, and any such steps may not be successful. Infringement by others of our intellectual property, including the costs of enforcing our intellectual property rights, may have a material adverse effect on our business, results of operations and financial condition. In addition, we may not be able to prevent others from using our data and proprietary information to compete with us. Existing trade secret, copyright and trademark laws offer only limited protection. Further, the laws of some foreign countries may not protect our data and proprietary information at all. If we have to resort to legal proceedings to enforce our rights, the proceedings could be burdensome, protracted, distracting to management and expensive and could involve a high degree of risk and be unsuccessful. Although we believe that we are not infringing the intellectual property rights of others, claims may nonetheless be successfully asserted against us in the future. The costs of defending any such claims could be significant, and any successful claim may require us to modify, discontinue or rename any of our services. Any such changes may have a material adverse effect on our business, results of operations and financial condition.

In providing our services and solutions to clients, we often collect, process and store proprietary, personally identifying or other sensitive or confidential client and other third-party data. In addition, we collect, process and store data regarding our employees and contractors. As a result, we are subject to numerous data protection and privacy laws and regulations designed to protect this information in the countries in which we operate as well as the countries of residence of the persons whose data we process. We have established security measures and internal controls designed to prevent the inadvertent or intentional exposure or loss of personally identifiable information and other sensitive or confidential data. We regularly assess the adequacy of and make improvements to such security measures and controls. However, if any person, including any of our current or former employees or contractors, negligently disregards or intentionally breaches our or our clients' established security policies, measures and controls with respect to client, third-party or Genpact protected data or if we do not adapt to changes in data protection legislation, we could be subject to significant litigation, monetary damages, regulatory enforcement actions, fines and/or criminal prosecution in one or more jurisdictions. Our employees and contractors have in the past engaged, and may in the future engage, in fraudulent conduct or other conduct that violates our client contracts or our internal controls or policies, whether intentionally or inadvertently. We have experienced security incidents due to the actions of our employees or contractors, though none of these incidents has had a material impact on our operations or financial results. The threat of incursions into our information systems and technology infrastructure has increased in recent years as the sophistication of threat actors who have hacked, attacked, held for ransom or otherwise disrupted information systems of other companies and misappropriated or disclosed data has increased. Threat actors are also increasingly focused on gaining access to a target's systems though supply chain channels and taking advantage of the proliferation of technology platform vulnerabilities disclosed by software companies to exploit the vulnerabilities before patches are applied. Additionally, threat actors are increasingly using AI and generative AI capabilities to enhance their attack techniques, including by creating deepfakes or exploitation code. We could also be impacted by cyberattacks by nation states or other organizations arising out of geopolitical tensions or conflicts, including, for instance, by Russia or Russian-affiliated actors in connection with the Russia/Ukraine conflict. We may be unable to anticipate the techniques used by threat actors to infiltrate our systems and may fail to detect or timely detect when an incursion has occurred or to implement adequate preventative and responsive measures. Additionally, in the event of a ransomware or other attack involving data theft and encryption, we could face delays in the recovery of data, or a partial or total loss of data, in the event of a lack of adequate backups or recovery processes or a compromise of our backups or backup systems. The steps we have taken to protect our information systems and data security may be inadequate. Actual or perceived breaches of our security, whether through breach of our computer systems, systems failure (including due to aged IT systems or infrastructure or system misconfigurations) or otherwise, could influence the market perception of the effectiveness of our security measures and, as a result, our reputation could be harmed and we could lose existing or potential clients. Media or other reports of perceived breaches or weaknesses in our systems, products or networks could also adversely impact our brand and reputation and materially affect our business. Our clients, suppliers, subcontractors, and other third parties with whom we do business, including in particular cloud service providers and software vendors, generally face similar cybersecurity threats, and we must rely on the safeguards adopted by these third parties. If these third parties do not have adequate safeguards or their safeguards fail, it might result in breaches of our systems or applications and unauthorized access to or disclosure of our and our clients' confidential data. In addition, the products, services and software that we use and provide to our clients, or the third-party components of such products, services and software, sometimes contain or introduce cybersecurity threats or vulnerabilities to our and our clients' information technology networks, intentionally or unintentionally. We are regularly alerted to vulnerabilities in third-party technology components we use in our business that create risks in our environments. We typically are not aware of such vulnerabilities until we receive notice from the third parties who have discovered the exposure, and our responses to such vulnerabilities may not be adequate or prompt enough to prevent their exploitation. Our clients' proprietary, sensitive, or confidential information could also be compromised by a cybersecurity attack affecting us, or their systems could be disabled or disrupted as a result of such an attack. Our clients, regulators, or other third parties may attempt to hold us liable, through contractual indemnification clauses or directly, for any such losses or damages resulting from such an attack. We may also be liable to our clients or others for damages caused by disclosure of confidential information or system failures. Many of our contracts do not limit our potential liability for breaches of confidentiality. We may also be subject to civil actions and criminal prosecution by governments or government agencies for breaches relating to such data. Our insurance coverage or indemnification protections for breaches or mismanagement of such data may not be adequate to cover all costs related to data loss, cybersecurity attacks, or disruptions resulting from such events, or they may not continue to be available on reasonable terms or in sufficient amounts to cover one or more large claims against us and our insurers may disclaim coverage as to any future claims. The impact of these cybersecurity attacks, data losses, and other security breaches cannot be predicted, but any such attack, loss or breach could disrupt our operations, or the operations of our clients, suppliers, subcontractors, or other third parties. Incidents of this type have in the past and may in the future require significant management attention and resources and have in the past and may in the future result in the loss of revenues from clients. These incidents could also result in regulatory fines and penalties, financial liability, and reputational harm among our clients and the public, any of which could have a material adverse impact on our financial condition, results of operations, or liquidity. While we have developed and implemented security measures and internal controls designed to prevent, detect and respond to cyber and other security threats and incidents and to recover data compromised in such incidents, such measures cannot guarantee security and may not be successful in preventing security breaches, in detecting or effectively responding to such breaches or in recovering data compromised or lost. In the ordinary course of business, we are subject to regular incursion attempts from a variety of sources, and we have experienced security incidents, including from cyber threat actors, as a result of attack techniques such as phishing, social engineering, vulnerability exploitation and malware. To date such incidents have not had a material impact on our operations or financial results. However, there is no assurance that such impacts will not be material in the future. Additionally, our hybrid working model, which includes a high number of employees working remotely, has reduced our ability to enforce physical security controls and monitor employee conduct and has increased the risk that our employees will engage in impermissible or careless conduct, which could give rise to reputational harm and legal liability. Our inability to enforce physical security controls and monitor our employees working remotely also increases the risk of security incidents. Measures we have taken in the remote work environment to implement suitable additional controls and educate our employees on the importance of cybersecurity, data loss prevention and related best practices may not prevent data breaches, the occurrence of which could have a material adverse impact on our business, reputation, financial condition, and results of operations.

We are in the midst of a multi-year process of implementing a complex new enterprise resource planning system ("ERP"), which is a major undertaking that will replace most of our existing operating and financial systems. An ERP system is used to maintain financial records, enhance data security and operational functionality and resiliency, and provide timely information to management related to the operation of a business. The ERP implementation will require the integration of the new ERP with existing information systems and business processes. Our ERP planning has required, and the ongoing planning and future implementation of the new ERP will continue to require, investment of significant capital and human resources, requiring the attention of members of our management team. Any deficiencies in the design, or delays or issues encountered in the implementation, of the new ERP could result in significantly greater capital expenditures and employee time and attention than currently contemplated, and could adversely affect our ability to operate our business, including effective management of our invoicing and accounts receivable and collections processes, file timely reports with the SEC or otherwise affect the proper and efficient operation of our controls. If the system as implemented, or after necessary investments, does not result in our ability to maintain accurate books and records, our financial condition, results of operations, and cash flows could be materially adversely impacted. Additionally, conversion from our old system to the new ERP may also cause inefficiencies until the ERP is stabilized and mature. The implementation of our new ERP will require new procedures and many new controls over financial reporting. If we are unable to adequately plan, implement and maintain procedures and controls relating to our ERP, our ability to produce timely and accurate financial statements or comply with applicable regulations could be impaired and impact the effectiveness of our internal controls over financial reporting. All of the above could result in harm to our reputation or our clients, as well as expose us to regulatory actions or claims, any of which could materially impact our business, results of operations, financial condition and stock price.