Hamilton Insurance Group, Ltd. Class B (HG) Risk Factors

The regulatory environment for investment managers is evolving, and changes in the regulation of managers could adversely affect the ability of Two Sigma to effect transactions in the TS Hamilton Fund's investment portfolio that utilize leverage or to pursue its trading strategies in managing the TS Hamilton Fund's investments. Two Sigma is regularly involved in trading activities that involve a number of U.S. and foreign securities law regimes. Violations of any such law (or allegations of such violations) could directly or indirectly result in severe restrictions on Two Sigma's activities and, indirectly, do damage to the TS Hamilton Fund's investment portfolio or the reputation of Two Sigma and, indirectly, the Company. In addition, the securities and futures markets are subject to comprehensive statutes, regulations and margin requirements. The SEC, other regulators and self-regulatory organizations and exchanges are authorized to take extraordinary actions in the event of market emergencies. The regulation of derivatives transactions and funds that engage in such transactions is an evolving area of law and is subject to modification by government and judicial action. Any future regulatory change could have a significant negative impact on our financial condition and results of operations. For example, Two Sigma routinely engages in short selling for the TS Hamilton Fund's account in managing its investments. Short sale transactions have been subject to increased regulatory scrutiny, including the imposition of restrictions on short selling certain securities and reporting requirements. Two Sigma's ability to execute a short selling strategy in managing the TS Hamilton Fund's investment portfolio may be materially and adversely impacted by temporary or new permanent rules, interpretations, prohibitions, and restrictions adopted in response to these adverse market events. Temporary restrictions or prohibitions on short selling activity may be imposed by regulatory authorities with little or no advance notice and may impact prior and future trading activities of the TS Hamilton Fund's investment portfolio. Additionally, the SEC, its non-U.S. counterparts, other governmental authorities or self-regulatory organizations may at any time promulgate permanent rules or interpretations consistent with such temporary restrictions or that impose additional or different permanent or temporary limitations or prohibitions. The SEC might impose different limitations or prohibitions on short selling from those imposed by various non-U.S. regulatory authorities. These different regulations, rules or interpretations might have different effective periods. Regulatory authorities could, from time to time, impose restrictions that adversely affect the TS Hamilton Fund's ability to borrow certain securities in connection with short sale transactions. In addition, traditional lenders of securities are often less likely to lend securities under certain market conditions. As a result, Two Sigma may not be able to effectively pursue a short selling strategy due to a limited supply of securities available for borrowing. The TS Hamilton Fund may also incur additional costs in connection with short sale transactions effected in its investment portfolio, including in the event that Two Sigma is required to enter into a borrowing arrangement for the TS Hamilton Fund's account in advance of any short sales. Moreover, the ability to continue to borrow a security is not guaranteed and our account will be subject to strict delivery requirements. The inability to deliver securities within the required time frame may subject us to mandatory close out by the executing broker-dealer. A mandatory close out may subject us to unintended costs and losses. Certain action or inaction by third parties, such as executing broker-dealers or clearing broker-dealers, may materially impact our ability to effect short sale transactions in the TS Hamilton Fund's investment portfolio.

The Government of Bermuda has recently passed the Corporate Income Tax Act 2023, conforming to the OECD BEPS Pillar 2 framework, which will impose corporate income tax on certain Bermuda-based entities for fiscal years beginning on or after January 1, 2025. The Corporate Income Tax Act 2023 will apply to any entity incorporated or formed in Bermuda, or that has a permanent place of business in Bermuda, if that entity is a member of an "In Scope MNE Group" (i.e. a group of entities related through ownership and control that has an annual revenue of 750 million euros or more in a fiscal year, pursuant to the consolidated financial statements of the ultimate parent entity, in at least two of the four fiscal years immediately preceding the fiscal year beginning on or after January 1, 2025, and such group includes at least one entity located in a jurisdiction that is not the parent entity's jurisdiction). The Corporate Income Tax Act 2023 could, if applicable to the Company, have a material adverse effect on the Company's financial condition and results of operations. The Corporate Income Tax Act 2023 provides an exemption (for up to five years) from the tax charging provisions of the legislation for "MNE Groups" with a limited international footprint. This exemption is only available to an "MNE Group" (i) that has constituent entities located in five or fewer jurisdictions outside the "reference jurisdiction" (ii) that has, with respect to all constituent entities in all jurisdictions except the "reference jurisdiction," less than EUR 50 million in tangible assets, and (iii) no parent entity is required to apply an income inclusion rule ("IIR") with respect to a constituent entity of the "MNE Group" located in Bermuda. The Company intends to operate in a way that will satisfy these requirements with a view to qualifying for the exemption until January 1, 2030. If the Company does not continually qualify for the exemption described above during the five-year period, the Company could, prior to January 1, 2030, become subject to the tax charging provisions of the Corporate Income Tax Act 2023 which could have a material adverse effect on the Company's financial condition and results of operations. Prior to the enactment of Bermuda's corporate income tax legislation, the Company obtained from the Bermuda Minister of Finance under the Exempted Undertaking Tax Protection Act 1966, as amended, an assurance that, in the event that Bermuda enacts legislation imposing tax computed on profits, income, any capital asset, gain or appreciation, or any tax in the nature of estate duty or inheritance, the imposition of any such tax shall not be applicable to the Company or any of its operations or its shares, debentures or other obligations, until March 31, 2035. This assurance is subject to the proviso that it is not to be construed so as to prevent the application of any tax or duty to such persons as are ordinarily resident in Bermuda or to prevent the application of any tax payable in accordance with the provisions of the Bermuda Land Tax Act 1967, as amended, or otherwise payable in relation to any property leased to the Company. Given the limited duration of the Bermuda Minister's assurance, it cannot be certain that the Company (or any of its Bermuda incorporated subsidiaries) will not be subject to any Bermuda tax after March 31, 2035. Notwithstanding the Exempted Undertakings Tax Protection Act 1966 or the assurance to the Company issued thereunder, beginning January 1, 2025, with respect to Bermuda entities in scope of Bermuda's corporate income tax legislation, liability for tax pursuant to such corporate income tax legislation shall apply notwithstanding any assurance given pursuant to the Exempted Undertakings Tax Protection Act 1966. Any assurance issued prior to January 1, 2024, will be subject to the application of the Corporate Income Tax Act 2023 and the imposition of any tax pursuant thereto. Any assurance issued after January 1, 2024 shall not apply to the imposition of any tax pursuant to the Corporate Income Tax Act 2023. The Company pays annual Bermuda government fees. In addition, all entities employing individuals in Bermuda are required to pay a payroll tax and there are other sundry taxes payable, directly or indirectly, to the Bermuda government.

We are subject to complex and evolving cybersecurity, privacy and data protection laws, regulations, rules, standards and contractual obligations in the United States and other jurisdictions in which we operate, and legislators and regulators are increasingly focused on these issues. Ensuring that our collection, use, transfer, storage and other processing of personal information complies with such requirements can increase operating costs, impact the development of new products or services, and reduce operational efficiency. In the United States, there are numerous federal, state and local cybersecurity, privacy and data protection laws, regulations and rules governing the collection, sharing, use, retention, disclosure, security, transfer, storage and other processing of personal information, including federal and state cybersecurity, privacy and data protection laws, data breach notification laws, and data disposal laws. For example, at the federal level, we are subject to, among other laws and regulations, the rules and regulations promulgated under the authority of the Federal Trade Commission (which has the authority to regulate and enforce against unfair or deceptive acts or practices in or affecting commerce, including acts and practices with respect to cybersecurity, privacy and data protection). In addition, in July 2023, the SEC adopted new cybersecurity rules for public companies that are subject to the reporting requirements of the Exchange Act. Under these new rules, registered companies must disclose a material cybersecurity incident within four days of management's determination that the incident is material. Companies also must include enhanced cybersecurity risk assessment and management, strategy and governance disclosures, including disclosures regarding management's role in overseeing the registered company's cybersecurity risk management and compliance program, in their annual reports. Further, the United States Congress has recently considered, and is currently considering, various proposals for comprehensive federal cybersecurity, privacy and data protection legislation, to which we may become subject if passed. Cybersecurity, privacy and data protection and disclosure are also areas of increasing state legislative focus in the United States and we are, or may in the future become, subject to various state laws and regulations regarding cybersecurity, privacy and data protection. For instance, the New York Department of Financial Services ("NYDFS") has adopted a cybersecurity regulation which requires entities subject to the jurisdiction of the NYDFS, among other things, to implement and maintain a cybersecurity program designed to identify and address cybersecurity risks that may threaten the security or integrity of personal information stored on the covered entity's information systems. In July and November 2022, the NYDFS proposed amendments to the cybersecurity regulation, which, if adopted, would require new reporting, governance and oversight measures and enhanced cybersecurity safeguards, and would mandate notification to NYDFS in the event that a covered entity makes an extortion payment in connection with a cybersecurity event involving the covered entity. We cannot predict whether the amendments will be adopted, what form they will take, or what effect they would have on our business or compliance costs. In addition, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the "CCPA"), to which a portion of our business may be subject, provides California residents with enhanced privacy protections and rights with respect to the processing of their data, such as affording them the right to access and request deletion of their information and to opt out of certain sharing and sales of personal information. The CCPA also prohibits covered businesses from discriminating against California residents for exercising any of their CCPA rights. The CCPA provides for severe civil penalties and statutory damages for violations and a private right of action for certain data breaches that result in the loss of unencrypted personal information. This private right of action is expected to increase the likelihood of, and risks associated with, data breach litigation. Numerous other U.S. states also have enacted or are considering comprehensive privacy and data protection legislation that may apply to our operations. Moreover, laws in all 50 U.S. states require businesses to provide notice under certain circumstances to consumers whose personal information has been disclosed as a result of a data breach. These state statutes, and other similar state or federal laws that may be enacted in the future, may require us to modify our data processing practices and policies, incur substantial compliance-related costs and expenses, and otherwise suffer adverse impacts on our business. It is anticipated that our operations in Bermuda will also become subject to data protection laws in the near future. The Personal Information Protection Act 2016 of Bermuda ("PIPA") regulates how any individual, entity or public authority may use personal information. Although PIPA was passed on July 27, 2016, the sections that are currently in effect are limited to those that relate to the establishment and appointment of the PIPA commissioner (the "Privacy Commissioner"), the hiring of the Privacy Commissioner's staff, and the general authority of the Privacy Commissioner to inform the public about PIPA. Following the Privacy Commissioner's appointment, effective January 20, 2020, the Privacy Commissioner's office has begun communications with the public and stakeholders regarding full implementation of PIPA. On October 30, 2020, the Privacy Commissioner issued guidance regarding privacy safeguarding of personal information by public companies; however, PIPA's remaining provisions have not been fully implemented and regulations under PIPA have not yet been provided. The Privacy Commissioner has recommended that organizations in Bermuda start to conduct data due diligence across their existing business lines as a first stage towards PIPA compliance and, whilst the effective date has not yet been announced, it is currently anticipated to be announced this year and the Privacy Commissioner has recommended to the Bermuda Government that a period of six to nine months between announcement and the effective date of PIPA be granted to allow adequate time to prepare. In addition, the BMA has recognized that cyber incidents can cause significant financial losses and/or reputational impacts across the insurance industry and has implemented the Insurance Sector Operation Cyber Risk Management Code of Conduct (the "Cyber Risk Code") to ensure that those operating in the Bermuda insurance sector can mitigate such risks. The Cyber Risk Code prescribes the duties, requirements, standards, procedures and principles which all insurers, insurance managers and insurance intermediaries (agents, brokers and insurance market place providers) registered under the Insurance Act must comply. The Cyber Risk Code is designed to promote the stable and secure management of information technology systems of regulated entities and requires that all registrants implement their own technology risk programs, determine what their top risks are and develop an appropriate risk response. This requires all registrants to develop a cyber risk policy which is to be delivered pursuant to an operation cyber risk management program and appoint an appropriately qualified member of staff or outsourced resource to the role of Chief Information Security Officer. The role of the Chief Information Security Officer is to deliver the operational cyber risk management program. It is expected that the cyber risk policy will be approved by the registrant's board of directors at least annually. The BMA will assess a registrant's compliance with the Cyber Risk Code in a proportionate manner relative to the nature, scale and complexity of its business. While it is acknowledged that some registrants will use a third party to provide technology services and that they may outsource their IT resources (for example, to an insurance manager where applicable), when so outsourced, the overall responsibility for the outsourced functions will remain with the registrant's board of directors. Failure to comply with the requirements of the Cyber Risk Code will be taken into account by the BMA in determining whether a registrant is conducting its business in a sound and prudent manner as prescribed by the Insurance Act and may result in the BMA exercising its powers of intervention and investigation. Further, our operations in foreign jurisdictions also may be subject to robust data protection laws. In the European Union and in the United Kingdom ("U.K."), we are subject to the European Union General Data Protection Regulation ("GDPR") and member state laws implementing the GDPR and the U.K. General Data Protection Regulation ("U.K. GDPR"), respectively, which impose stringent obligations regarding the collection, control, use, sharing, disclosure and other processing of personal data. While the GDPR and U.K. GDPR remain substantially similar for the time being, the U.K. government has announced that it would seek to chart its own path on data protection and reform its relevant laws, including in ways that may differ from the GDPR. While these developments increase uncertainty with regard to data protection regulation in the U.K., even in their current, substantially similar form, the GDPR and U.K. GDPR can expose businesses to divergent parallel regimes that may be subject to potentially different interpretations and enforcement actions for certain violations and related uncertainty. Failure to comply with the GDPR or the U.K. GDPR can result in significant fines and other liability, including, under the GDPR, fines of up to EUR 20 million (or GBP 17.5 million under the U.K. GDPR) or four percent (4%) of annual global revenue, whichever is greater. The cost of compliance, and the potential for fines and penalties for non-compliance, with GDPR and U.K. GDPR may have a significant adverse effect on our business and operations. Legal developments in the European Economic Area ("EEA") regarding the transfer of personal data from the EEA to third countries, including the United States, have created complexity and uncertainty regarding such processing, and similar complexities and uncertainties also apply to transfers from the U.K. to third countries. While we have taken steps to mitigate the impact on us, such as implementing lawful data transfer mechanisms (e.g., the European Commission's standard contractual clauses ("SCCs")), the efficacy and longevity of these mechanisms remains uncertain. Moreover, in 2021, the European Commission adopted new SCCs, which impose on companies additional obligations relating to personal data transfers out of the EEA, including the obligation to update internal privacy practices, conduct transfer impact assessments and, as required, implement additional security measures. The new SCCs may increase the legal risks and liabilities under E.U. laws associated with cross-border data transfers, and result in material increased compliance and operational costs. In July 2023, the European Commission adopted an adequacy decision concluding the new E.U.-U.S. data privacy framework (the "E.U.-U.S. DPF") constitutes a lawful data transfer mechanism under E.U. law for participating U.S. entities; however, the E.U.-U.S. DPF may be in flux as such adequacy decision has been challenged, and is likely to face additional challenges at the Court of Justice of the European Union. Moreover, although the U.K. currently has an adequacy decision from the European Commission, such that SCCs are not required for the transfer of personal data from the EEA to the U.K., that decision will sunset in June 2025 unless extended and it may be revoked in the future by the European Commission if the U.K. data protection regime is reformed in ways that deviate substantially from the GDPR. Adding further complexity for international data flows, in March 2022, the U.K. adopted its own International Data Transfer Agreement for transfers of personal data out of the U.K. to so-called third countries, as well as an international data transfer addendum that can be used with the SCCs for the same purpose. In addition, in June 2023, the U.S. and U.K. announced a commitment in principle to establish a "data bridge" to extend the E.U.-U.S. DPF to the flow of U.K. personal data under the U.K. GDPR to participating entities in the U.S. Such data bridge could not only be challenged but also may be affected by any challenges to the E.U.-U.S. DPF. The E.U. has also proposed legislation that would regulate non-personal data and establish new cybersecurity standards, and other countries, including the U.K., may similarly do so in the future. If we are otherwise unable to transfer data, including personal data, between and among countries and regions in which we operate, it could affect the manner in which we provide our products and services, the geographical location or segregation of our relevant systems and operations, and could adversely affect our financial results. While we have implemented new controls and procedures designed to comply with the requirements of the GDPR, U.K. GDPR and the cybersecurity, privacy and data protection laws of other jurisdictions in which we operate, such procedures and controls may not be effective in ensuring compliance or preventing unauthorized transfers of personal data. Moreover, while we strive to publish and prominently display privacy policies that are accurate, comprehensive, and compliant with applicable laws, regulations, rules and standards, we cannot ensure that our privacy policies and other statements regarding our practices will be sufficient to protect us from claims, proceedings, liability or adverse publicity relating to cybersecurity, privacy or data protection. The publication of our privacy policies and other documentation that provide promises and assurances about cybersecurity, privacy and data protection can subject us to potential government or legal investigation or action if they are found to be deceptive, unfair, or misrepresentative of our actual practices. Our compliance efforts are further complicated by the fact that cybersecurity, privacy and data protection laws, regulations, rules and standards around the world are rapidly evolving, may be subject to uncertain or inconsistent interpretations and enforcement, and may conflict among various jurisdictions. Such cybersecurity, privacy and data protection requirements, and new or modified requirements that may be adopted in the future, may increase our compliance costs. Any failure or perceived failure to comply with our privacy policies, or applicable cybersecurity, privacy and data protection laws, regulations, rules, standards or contractual obligations, or any compromise of security that results in unauthorized access to, or unauthorized loss, destruction, use, modification, acquisition, disclosure, release or transfer of personal information, may lead to significant fines, judgments, awards, penalties, sanctions, reputational harm, increased regulatory scrutiny, litigation, requirements to modify or cease certain operations or practices, the expenditure of substantial costs, time and other resources, proceedings or actions against us, governmental investigations, enforcement actions, or other liability. Any of the foregoing could distract our management and technical personnel, increase our costs of doing business, adversely affect the demand for our products and services, and ultimately result in the imposition of liability, any of which could have a material adverse effect on our business, financial condition and results of operations.

An economic recession or slowdown in economic activity may result from a new surge in the COVID-19 pandemic, from international events involving war or civil, political, or social unrest, or from other factors outside of our control. For example, we have experienced losses related to the conflict between Russia and Ukraine, and the conflict may expand, which could increase our potential exposures or have far-reaching impacts on the global economy. Additionally, governmental, business and societal responses to such events, such as restrictions on public gatherings, sanctions, trade restrictions, increased unemployment, and supply chain disruptions could worsen the impact of such events and could have an impact on our business and on our customers' businesses. Any such events could increase our probability of losses. These events could also reduce the demand for insurance and reinsurance, which would reduce our premium volume and could have a material adverse effect on our business and results of operations.

We write reinsurance contracts and insurance policies that cover unpredictable catastrophic events. These include natural catastrophes and other disasters, such as hurricanes, earthquakes, windstorms, floods, wildfires, and severe winter weather. We have exposure to major earthquakes and windstorms mainly in the United States, Europe, Japan, Australia and New Zealand. Catastrophes can also include man-made disasters, such as terrorist attacks and other destructive acts, war, political unrest, explosions, cyber-attacks, nuclear, biological, chemical or radiological events and infrastructure failures. We are also exposed to losses caused by these types of catastrophic events in lines of business beyond property, such as in marine and energy, aviation, crisis management, satellite, trade credit, political violence, political risk, accident and health as well as other specialty and casualty classes, including from pandemic risk. The extent of catastrophe losses is a function of both the severity of the event and total amount of insured exposure affected by the event. We expect that increases in the value and concentration of insured property or insured employees, the effects of inflation, changes in weather patterns, such as climate change, and increased terrorism could increase the future frequency and/or severity of claims from catastrophic events. Claims from catastrophic events could materially adversely affect our cash flows and results of operations and financial condition. Our ability to write new reinsurance contracts and insurance policies could also be impacted as a result of corresponding reductions in our capital levels. Although we attempt to manage our exposure to such events through a multitude of approaches, including geographic diversification, geographic limits, individual policy limits, exclusions or limitations from coverage, purchase of reinsurance and expansion of supportive collateralized capacity, the availability of these management tools may be dependent on market factors and, to the extent available, may not respond in the way that we expect. Our most material natural catastrophe accumulation risks are from Atlantic Hurricanes and U.S Mainland Earthquakes. As at January 1, 2024, our modeled 100-Year Occurrence Exceedance Probability for Atlantic Hurricanes in Florida was $180.6 million and our modeled 250-Year Occurrence Exceedance Probability for U.S. Mainland Earthquakes in California was $272.4 million. Our biggest concentration of exposure to U.S. Mainland Earthquakes is in California, while our exposure to Atlantic Hurricanes is material in many regions, including Florida, other Gulf Coast states, as well as the Mid-Atlantic and Northeastern regions of the U.S. The current and ongoing conflict in Israel is an unpredictable man-made disaster, which has the potential to escalate into an event that could impact our cash flows and results of operations as well as those for the industry.

Through our multinational insurance and reinsurance exposures, we conduct business in a variety of foreign (non-U.S.) currencies, the principal exposures being the British pound sterling, the Euro and the Japanese yen. As a result, a portion of our assets, liabilities, revenues and expenses are denominated in currencies other than the U.S. dollar and are therefore subject to foreign currency risks. Significant changes in foreign exchange rates may adversely affect our results of operations and financial condition. Our foreign exposures are also subject to legal, political and operational risks that may be greater than those present in the United States. As a result, our exposures to these foreign risks could fluctuate.

The TS Hamilton Fund is exposed to operational risks from Two Sigma and its employees and service providers, including from potential non-compliance with policies and regulations, employee misconduct, negligence and fraud, each of which could result in material losses to the TS Hamilton Fund. In recent years, a number of investment managers and other financial institutions have suffered material losses due to, for example, the actions of traders executing unauthorized trades or other employee misconduct. It is not always possible to deter or fully prevent employee misconduct and the precautions Two Sigma takes to prevent and detect this activity may not always be effective. Any impact from the incident described above or other similar operational risks may result in material losses to the TS Hamilton Fund and, by extension, the Company.

As an insurance holding company with no business operations of our own, our ability to pay dividends to shareholders and meet our debt payment obligations largely depends on dividends, other distributions, and other permitted payments from our subsidiaries, Hamilton Re, Hamilton UK Holdings Limited and Hamilton UK Holdings II (collectively with HMA, "Hamilton U.K."), HIDAC and Hamilton Select. The payment of dividends, other distributions or other permitted payments by these subsidiaries is subject to local corporate and regulatory restrictions. The payment of dividends to the holding company by Hamilton Re is subject to Bermuda corporate and insurance regulatory restrictions; the payment of dividends to the holding company by Hamilton U.K. is subject to United Kingdom insurance regulatory restrictions; the payment of dividends to the holding company by HIDAC is subject to Irish corporate and insurance regulatory restrictions; and the payment of dividends to the holding company by Hamilton Select is subject to Delaware insurance regulatory restrictions. These regulatory bodies in each jurisdiction require insurance companies to maintain specified levels of capital and surplus. Dividend payments are further limited to that part of available policyholder surplus that is derived from net profits on our business. The insurance regulators have broad powers to prevent the reduction of capital and surplus to inadequate levels, and there is no assurance that dividends up to the maximum amounts calculated under any applicable formula would be permitted. Moreover, insurance regulators that have jurisdiction over the payment of dividends by our insurance subsidiaries may in the future adopt provisions more restrictive than those currently in effect. Management expects that, absent extraordinary catastrophe losses, such restrictions should not affect the ability to declare and pay dividends sufficient to support the holding company's general corporate needs. The continued operation and growth of our business will require substantial capital. Accordingly, we do not intend to declare and pay cash dividends on our Class B common shares in the foreseeable future. Any decision to declare and pay dividends in the future will be made at the sole discretion of our Board of Directors and will depend on, among others, our results of operations, financial condition, cash requirements, contractual restrictions pursuant to our debt agreements, our indebtedness, restrictions imposed by applicable law and other factors that our Board of Directors may deem relevant, including applicable law. In addition, our ability to pay dividends may be limited by covenants of any existing and future outstanding indebtedness we or our subsidiaries incur. As a result, investors may not receive any return on an investment in our Class B common shares unless they sell our Class B common shares for a price greater than that which they paid for such shares as the only way to realize any future gains on their investment, which may never occur. Investors seeking immediate cash dividends should not purchase our Class B common shares.

We license from third parties certain intellectual property, technology and data that are important to our business and, in the future, we may enter into additional agreements that provide us with licenses to valuable intellectual property, technology or data. If we fail to comply with any of our obligations under our license or technology agreements with third parties, we may be required to pay damages and the licensor may have the right to terminate the license. Termination by the licensor (or other applicable counterparty) may cause us to lose valuable rights, and could disrupt our operations and harm our reputation. Our business may suffer if any current or future licenses or other grants of rights to us terminate, if the licensors (or other applicable counterparties) fail to abide by the terms of the license or other applicable agreement, if the licensors fail to enforce the licensed intellectual property against infringing third parties or if the licensed intellectual property rights are found to be invalid or unenforceable. In the future, we may identify additional third-party intellectual property, technology and data we need, including to develop and offer new products and services. However, such licenses may not be available on acceptable terms or at all. Further, third parties from whom we currently license intellectual property, technology and data could refuse to renew our agreements upon their expiration or could impose additional terms and fees that we otherwise would not deem acceptable requiring us to obtain the intellectual property or technology from another third party, if any is available, or to pay increased licensing fees or be subject to additional restrictions on our use of such third party intellectual property or technology. Defense of any lawsuit or failure to obtain any of these licenses on favorable terms could prevent us from commercializing products or services, which could have a material adverse effect on our competitive position, business, financial condition and results of operations.

Operational risks and losses can result from many sources, including fraud, errors by employees or third-party service providers, failure to document transactions properly or to obtain proper internal authorization, failure to comply with regulatory requirements or failures with respect to our or our service providers' information technology systems. We believe our modeling, underwriting and information technology and application systems are critical to our business and reputation. Moreover, our technology and applications have been an important part of our underwriting process and our ability to compete successfully. Such technology is and will continue to be a very important part of our underwriting process. We also have licensed certain systems, data and technology from third parties. We cannot be certain that we will continue to have access to such systems, data and technology, or that of comparable service providers. Further, we cannot guarantee that our technology or applications, or the systems or technology we have licensed from third parties, will continue to operate as intended. In addition, we cannot be certain that we would be able to replace our current service providers without slowing our underwriting response time. As our operations evolve, we will need to continue to make investments in new and enhanced systems and technology, and we may encounter difficulties in integrating these new technologies into our business. A major defect or failure in our internal controls or information technology and application systems could result in interruption to our underwriting processes, management distraction, harm to our reputation, a loss or delay of revenues, increased regulatory scrutiny or risk of litigation, or increased expense.

We authorize MGAs, general agents, coverholders and other producers to write business on our behalf from time to time within the underwriting authorities that we prescribe. We rely on the underwriting controls of these agents, coverholders and producers to write business within the underwriting authorities we provide. Although we monitor our underwriting on an ongoing basis, our monitoring efforts may not be adequate and our agents, coverholders and producers may exceed their underwriting authorities or otherwise breach obligations owed to us. There is also the risk that we may be held responsible for obligations that arise from the acts or omissions of third parties if they are deemed to have acted on our behalf. In addition, our agents, coverholders, producers, insureds or other third parties may commit fraud or otherwise breach their obligation to us. To the extent that our agents, coverholders, producers, insureds or other third parties exceed their authorities, commit fraud or otherwise breach obligations owed to us, our operating results and financial condition may be materially adversely affected. Our reliance on third-party assessment and pricing of individual risk extends to our reinsurance treaty business. Similar to other reinsurers, we do not separately evaluate each of the individual risks assumed under most reinsurance treaties. We are therefore largely dependent on the original underwriting decisions made by ceding companies. We are subject to the risk that the ceding companies may not have adequately evaluated the risks to be reinsured and that the premiums ceded to us may not adequately compensate us for the risks we assume and the losses we may incur. As a result of this reliance on ceding companies, our operating results and financial condition may be materially adversely affected.