IDT (IDT) Risk Factors

Certain states take the position that offerings by VoIP providers may include intrastate communications and should therefore be subject to state regulation including state taxes or surcharges. We have registered as an interconnected VoIP provider in those states where registration is required; however, our rates are not regulated in the same manner as traditional telephone service providers. We believe that the FCC has pre-empted states from regulating VoIP providers in the same manner as providers of traditional telecommunications services. We cannot predict how this issue will be resolved or its impact on our business at this time.

The United States and Canada have applied some traditional telephone company regulations to VoIP and continue to evaluate how VoIP should be regulated, as are other countries as we expand globally. The effects of future regulatory developments are uncertain. At the federal level in the United States, the FCC has imposed certain telecommunications regulations on VoIP services including, but not limited to: ¦Requirements to provide E-911 service; ¦Communications Assistance for Law Enforcement Act obligations; ¦Obligation to support Universal Service; ¦Customer Proprietary Network Information, or CPNI, requirements; ¦Disability access obligations; ¦Local Number Portability requirements; and ¦Consumer protection, including protection from unwanted telemarketing and other calls. In Canada, the CRTC regulates VoIP Service. These regulated services are similar to those regulated in the United States discussed above. We are subject to a variety of other federal, state and international laws and regulations as well as oversight from a variety of governmental agencies and public service commissions. The laws governing our business may change in ways that harm our business. Federal, state, or international governmental agencies administering and enforcing such laws may also choose to interpret and apply them in ways that harm our business. These interpretations are also subject to change. Regulatory action could materially impair or force us to change our business model and may adversely affect our revenue, increase our compliance costs, and reduce our profitability. In addition, governmental agencies such as the Securities and Exchange Commission, Internal Revenue Service, FTC, FCC, and state taxing authorities may conclude that we have violated federal laws, state laws or other rules and regulations, and we could be subject to fines, penalties or other actions that could adversely impact our financial results or our ability to conduct business.

Regulatory treatment outside the United States varies from country to country. We distribute our products and services through resellers that may be subject to telecommunications regulations in their home countries. The failure of these resellers to comply with these laws and regulations could reduce our revenue and profitability or expose us to audits and other regulatory proceedings. Regulatory developments such as these could have a material adverse effect on our operating results. In many countries in which we operate, or our services are sold, the status of the laws that may relate to our services is unclear. We cannot be certain that our customers, resellers, or other affiliates are currently in compliance with regulatory or other legal requirements in their respective countries, that they or we will be able to comply with existing or future requirements, and/or that they or we will continue in compliance with any requirements. Our failure or the failure of those with whom we transact business to comply with these requirements could materially adversely affect our business, financial condition, and results of operations. While we expect additional regulation of our industry in some or all of these areas, and we expect continuing changes in the regulatory environment as new and proposed regulations are reviewed, revised and amended, we cannot predict with certainty what impact new laws in these areas will have on us, if any.

Our ability to provide VoIP communications services at attractive rates arises in large part from the fact that VoIP services are not currently subject to the same level of regulation as traditional, switch-based telephony. The use of the Internet and private IP networks to provide voice communications services is largely unregulated within the United States, although several foreign governments have adopted laws and/or regulations that could restrict or prohibit the provision of voice communications services over the Internet or private IP networks. In the United States, the California PUC has initiated a proceeding under which we believe the PUC will expand its authority to regulate interconnected VOIP. Other states are expected to follow the California PUC's lead. If interconnected VoIP services become subject to state regulation and/or additional regulation by the FCC, such regulation will likely lead to higher costs and reduce or eliminate the competitive advantage interconnected VoIP holds over traditional telecommunications services by virtue of its lesser regulatory oversight. More aggressive regulation of the Internet in general, and Internet telephony providers and services specifically, may materially and adversely affect our business, financial condition, and results of operations.

In the Telephone Robocall Abuse Criminal Enforcement and Deterrence, or TRACED, Act, Congress gave the FCC new tools to fight unwanted, and often illegal, robocalls, the top consumer complaint reported to the FCC annually. The TRACED Act required the FCC to mandate the STIR/SHAKEN caller identification framework. STIR/SHAKEN enables phone companies to verify that the caller ID information transmitted with a call matches the caller's real phone number. The FCC has issued a series of Orders and adopted several rules to implement the TRACED Act. For example, by June 30, 2021, many domestic and foreign carriers were required to register with the FCC specifically for TRACED Act compliance. Initially, the FCC concluded that by September 28, 2021, we and other similarly situated carriers would not be able to accept certain IP-based telecommunications traffic from foreign and domestic carrier partners unless those carriers were registered with the FCC. However, the FCC temporarily suspended this obligation while it reconsiders its impact. We believe the FCC will eventually reinstate the rule or implement a new rule that will have a comparable impact upon us and the industry as a whole. We also believe the FCC will continue to address and refine its rules in this area. Of equal importance, carriers such as us have the right to "sign" their traffic, effectively attesting that the traffic they are transmitting is not illegal robocalls. The FCC's rules present several concerns to all carriers. Notably, the rules extend to many foreign carriers, and it is unclear whether foreign carriers will be sufficiently educated and experienced to implement U.S. rules and regulations. Foreign carrier compliance, or the lack thereof, could impact U.S. carriers as they seek to meet their own regulatory obligations. There may also be changes in the marketplace as foreign carriers may look to limit U.S. carrier partners to whom they transmit calls for termination in the U.S. that are subject to the STIR/SHAKEN rules. In Canada, the Canadian Radio-Television and Telecommunications Commission, or CRTC is implementing near-identical STIR/SHAKEN rules as the FCC is implementing in the U.S. although it is not apparent whether the CRTC will punish service providers who fail to meet their obligations with the zealousness of the FCC. We expect that additional national communications regulators will implement similar, if not identical, STIR/SHAKEN legislation. We anticipate meeting our regulatory obligations under the STIR/SHAKEN rules and we are undertaking efforts to prevent us from being harmed by potential changes in the marketplace. Nevertheless, the FCC's rules allow for the possibility that well-prepared carriers with anti-robocalling procedures in place may fail and be punished for their failure, despite their best efforts. Moreover, because the STIR/SHAKEN rules may have a significant impact on the telecommunications marketplace, it is difficult to predict their outcome. We are prepared for the implementation of STIR/SHAKEN but are concerned about its impact on the market as a whole and on us specifically.

Money transfers are regulated by state, federal and foreign governments. Many of our disbursement partners are banks that are heavily regulated by their home jurisdictions. Our non-bank disbursement partners are also subject to money transfer regulations. We require regulatory compliance as a condition to our continued relationship, perform due diligence on our disbursement partners, and monitor them periodically with the goal of meeting regulatory expectations. However, there are limits to the extent to which we can monitor their regulatory compliance. Any determination that our disbursement partners or their sub-disbursement partners have violated laws and regulations could seriously damage our reputation, resulting in diminished revenue and profit and increased operating costs. While our services are not directly regulated by governments outside the United States, except with respect to IDT Financial Services Limited, or IDTFS, our Gibraltar-based bank as discussed below, it is possible that in some cases we could be liable for the failure of our disbursement partners or their sub-disbursement partners to comply with laws, which also could harm our business, financial condition, and results of operations. IDTFS is regulated by the Gibraltar Financial Services Commission, or FSC, and, as such, is subject to Gibraltarian and EU laws relating to financial institutions. As an issuer of prepaid debit cards for programs operated by other entities, commonly known as program managers, IDTFS is responsible, inter alia, for anti-money laundering laws oversight and compliance. If we were to fail to implement the requisite controls or follow the rules and procedures mandated by the FSC and applicable law, we could be subject to regulatory fines, and even the loss of our banking license.

A number of states and territories have enacted legislation regulating money transmitters, with 49 states requiring a license as of July 31, 2024. At July 31, 2024, we had obtained licenses to operate as a money transmitter in 48 U.S. states and Washington, D.C. We are also registered as money services businesses with the Financial Crimes Enforcement Network of the U.S. Department of the Treasury, or FinCEN. As a licensed money transmitter, we are subject to bonding requirements, liquidity requirements, restrictions on our investment of customer funds, reporting requirements, and inspection by state and foreign regulatory agencies. If we were found to be subject to and in violation of any banking or money services laws or regulations, we could be subject to liability or additional restrictions, such as increased liquidity requirements. In addition, our licenses could be revoked, or we could be forced to cease doing business or change our practices in certain states or jurisdictions or be required to obtain additional licenses or regulatory approvals that could impose a substantial cost on us. Regulators could also impose other regulatory orders and sanctions on us. Any change to our business practices that makes our service less attractive to customers or prohibits use of our services by residents of a particular jurisdiction could decrease our transaction volume and harm our business, financial condition, and operating results.

The Dodd-Frank Act, which became law in the United States on July 21, 2010, enacted significant structural reforms and substantive regulation across the financial services industry. In addition, the Dodd-Frank Act created the Consumer Financial Protection Bureau, or CFPB, whose purpose is to issue and enforce consumer protection initiatives governing financial products and services, including money transfer services. We may be subject to examination by the CFPB, which has broad authority to enforce consumer financial laws. The CFPB has a large budget and staff and has broad authority with respect to our money transfer service and related business. It is authorized to collect fines and provide consumer restitution in the event of violations, engage in consumer financial education, track consumer complaints, request data, and promote the availability of financial services to underserved consumers and communities. In addition, the CFPB may adopt other regulations governing consumer financial services, including regulations defining unfair, deceptive, or abusive acts or practices, and new model disclosures. The CFPB's authority to change regulations adopted in the past by other regulators, or to rescind or alter past regulatory guidance, could increase our compliance costs and litigation exposure. The Dodd-Frank Act established a Financial Stability Oversight Council that is authorized to designate as "systemically important" non-bank financial companies and payment systems. Companies designated under either standard will become subject to new regulation and regulatory supervision. If we were designated under either standard, the additional regulatory and supervisory requirements could result in costly new compliance burdens or may require changes in the way we conduct business that could harm our business, financial condition, and operating results.

Our BOSS Money and network branded prepaid card services are subject to a strict set of legal and regulatory requirements intended to help detect and prevent money laundering, terrorist financing, fraud, and other illicit activity. The interpretation of those requirements by judges, regulatory bodies and enforcement agencies is changing, often quickly and with little notice. Economic and trade sanctions programs that are administered by the U.S. Treasury Department's Office of Foreign Assets Control prohibit or restrict transactions to or from or dealings with specified countries, their governments, and in certain circumstances, with individuals and entities that are specially designated nationals of those countries, narcotics traffickers and terrorists or terrorist organizations. As federal, state, and foreign legislative regulatory scrutiny and enforcement action in these areas increase, we expect our costs to comply with these requirements will increase, perhaps substantially. Failure to comply with any of these requirements by us, our regulated retailers or our disbursement partners could result in the suspension or revocation of a money transmitter license, the limitation, suspension or termination of our services, the seizure and/or forfeiture of our assets and/or the imposition of civil and criminal penalties, including fines. Furthermore, failure by us or our agents to comply with applicable laws and regulations could also result in termination of contracts with our banks and/or merchant payment processors. Termination of services by one of our retail banks would seriously diminish our ability to collect funds from our BOSS Revolution agents. Likewise, termination of services by our merchant processor would negatively impact our ability to process payments in our digital channels. The foregoing laws and regulations are constantly evolving, unclear, and inconsistent across various jurisdictions, making compliance challenging. If we fail to update our compliance system to reflect legislative or regulatory developments, we could incur penalties. New legislation, changes in laws or regulations, implementing rules and regulations, litigation, court rulings, changes in industry practices or standards, changes in systems rules or requirements or other similar events could expose us to increased compliance costs, liability, reputational damage, and could reduce the market value of our BOSS Money and network branded prepaid card services or render them less profitable or obsolete.

Provisions of the USA PATRIOT Act, the Bank Secrecy Act and other federal laws impose substantial regulations on financial institutions that are designed to prevent money laundering and the financing of terrorist organizations. Increasing regulatory scrutiny of our industry with respect to money laundering and terrorist financing matters could result in more aggressive enforcement of these laws or the enactment of more onerous regulation, which could have a material adverse impact on our business. In addition, abuse of our money transfer services or prepaid card programs for purposes of money laundering or terrorist financing, notwithstanding our efforts to prevent such abuse through our regulatory compliance and risk management programs, could cause reputational or other harm that would have a material adverse impact on our business, financial condition, and operating results.

As a provider of communications and payment services to consumers, such as BOSS Revolution and BOSS Money, we are subject to various federal and state laws and regulations relating to the manner in which we advertise our services, describe and present the terms of our services, and communicate with our customers and consumers in general. Compliance with these laws requires us to be constantly vigilant as they often vary from state to state. Failure to comply with these laws could result in action being taken by federal and state agencies or offices responsible for consumer protection, like the Federal Trade Commission, or FTC, which could have a material adverse effect on our results of operations, financial condition, revenues, and profits.

The acceptance of telecommunications services is dependent upon our meeting certain industry standards. We are required to comply with certain rules and regulations of the FCC regarding safety standards. Standards are continuously being modified and replaced. As standards evolve, we may be required to modify our existing products or develop and support new versions of our products. We must comply with certain federal, state, and local requirements regarding how we interact with our customers, including marketing practices, consumer protection, privacy, and billing issues, the provision of emergency 911 service, and the quality of service we provide to our customers. The failure of our products and services to comply, or delays in compliance with various existing and evolving standards could delay future offerings and impact our revenues and profitability. Changes to the Universal Service Fund by the FCC or various state Universal Service Funds may require us to increase our costs which could negatively affect revenue and profitability. We are subject to Federal laws and FCC regulations that require us to protect customer information. While we have protections in place to protect customer information there is no assurance that our systems will not be subject to failure or intentional fraudulent attack. The failure to protect required information could subject us to penalties and diminish the confidence our customers have in our systems, which could negatively affect results. While we try to comply with all applicable data protection laws, regulations, standards, and codes of conduct, as well as our own posted privacy policies and contractual commitments to the extent possible, any failure by us to protect our customers' privacy and data, including as a result of our systems being compromised by hacking or other malicious or surreptitious activity, could result in a loss of customer confidence in our services and ultimately in a loss of customers, which could materially and adversely affect our business as well as subject us to law suits, civil fines and criminal penalties. Governmental entities, class action lawyers, and consumer advocates are reviewing the data collection and use by companies that must maintain such data. Our own requirements as well as regulatory codes of conduct, enforcement actions by regulatory agencies, and lawsuits by other parties could impose additional compliance costs on us as well as subject us to unknown potential liabilities. These evolving laws, rules, and practices may also curtail our current business activities, which may delay or affect our ability to become profitable as well as affect customers and other business opportunities. In addition, several foreign countries and governmental bodies, including the EU, Brazil, and Canada, have laws and regulations concerning the collection and use of personally identifiable information obtained from their residents, including payment card information, which are often more restrictive than those in the U.S. Laws and regulations in these jurisdictions apply broadly to the collection, use, storage, disclosure, and security of personally identifiable information, including payment card information identifying, or which may be used to identify, an individual, such as names, email addresses, and, in some jurisdictions, IP addresses, device identifiers, and other data. As we conduct business or become deemed to conduct business in foreign jurisdictions, including through websites that we host that may be available in these locations, we may become subject to those laws and regulations. We are also subject to privacy and data protection-related obligations in our contracts with our customers and other third parties. Any failure, or perceived failure, to comply with federal, state, or international laws, or to comply with our contractual obligations related to privacy, could result in proceedings or actions against us which could result in significant liability to us as well as harm to our reputation. Additionally, third parties with whom we contract may violate or appear to violate laws or regulations which could subject us to the same risks. Any new laws, regulations, other legal obligations or industry standards, or any changed interpretation of existing laws, regulations or other standards may require us to incur additional costs and restrict our business operations.