I3 Verticals (IIIV) Risk Analysis

Other software providers of payment processing services have established a sizable market share in our public sector markets and service more customers than we do. Our growth will largely depend on our ability to increase our market share. Our competitors in the enterprise software industry include, among others, Tyler Technologies, Inc., Constellation Software, Inc., Verra Mobility Corp, EverCommerce Inc., Roper Technologies, Inc., Axon Enterprise, Inc., Paymentus Holdings, Inc., Flywire Corporation and Cellebrite DI Ltd. Many of our competitors may have substantially greater financial, technological, and marketing resources than we have. Accordingly, if these competitors specifically target our business model, they may be able to offer more attractive solutions to our customers. They also may be able to offer and provide products and services that we do not offer. Additionally, larger financial institutions may decide to perform in-house some or all of the services we provide or could provide, which may give them a competitive advantage in the market. There are also a large number of small providers of software services or payment processing services that provide various ranges of services to our customers and our potential customers. This competition may effectively limit the prices we can charge and requires us to control costs aggressively in order to maintain acceptable profit margins. Competition could also result in a loss of customers and greater difficulty attracting new customers. One or more of these factors could have a material adverse effect on our business, financial condition and results of operations. In addition, we are also subject to risks as a result of changes in business habits of our vendors and customers as they adjust to the competitive marketplace. Because our standing arrangements and agreements with our vendors and customers typically contain no purchase or sale obligations and are terminable by either party upon no or relatively short notice, we are subject to significant risks associated with the loss or change at any time in the business habits and financial condition of key vendors as they adapt to changes in the market. The development of next-generation solutions that utilize advanced features, including AI and machine learning, may require us to make predictions about the willingness of the markets we serve to adopt such offerings. In connection therewith, we may be required to commit significant resources to maintain the competitiveness of our offerings by investing in such technologies before knowing whether we have correctly predicted market responsiveness to them.

The enterprise software market is subject to constant and significant changes. This market is characterized by rapid technological evolution, new product and service introductions, evolving industry standards, changing customer needs and the entrance of non-traditional competitors. To remain competitive, we continually pursue initiatives to develop new products and services to compete in an effective manner. These projects carry risks,such as cost overruns, delays in delivery, performance problems and lack of customer acceptance. In addition, new products and offerings may not perform as intended or generate the business or revenue growth expected. Additionally, we look for acquisition opportunities, investments and alliance relationships with other businesses that will increase our market penetration and enhance our technological capabilities, product offerings and distribution capabilities. Any delay in the delivery of new products and services or the failure to differentiate our products and services or to accurately predict and address market demand could render our products and services less desirable, or even obsolete. Any of the foregoing could have a material and adverse effect on our operating results and financial condition. The continued growth and development of our software and related services will depend on our ability to anticipate and adapt to changes in consumer behavior. For example, our failure to timely integrate emerging payment methods into our software could cause us to lose traction among our customers, resulting in a corresponding loss of revenue. Our payment processing technology offerings in connection with our software must also integrate with a variety of network, hardware, mobile and software platforms and technologies. Any failure to deliver an effective, reliable and secure service or any performance issue that arises could result in significant processing or reporting errors or other losses. Our future success will depend in part on our ability to develop or adapt to technological changes and evolving industry standards. If we are unable to develop, adapt to or access technological changes or evolving industry standards on a timely and cost-effective basis, our business, financial condition and results of operations would be materially adversely affected.

We are responsible both for our own business and to a significant degree for acts and omissions by certain of our partners under the rules and regulations established by the payment networks, such as Visa and Mastercard, Discover and American Express, and the debit networks. We and other third parties collect, process, store and transmit sensitive data, such as names, addresses, social security numbers, credit or debit card numbers and expiration dates, drivers' license numbers and bank account numbers, and we have ultimate liability to the payment networks and member financial institutions that register us with the payment networks for our failure, or the failure of certain third parties with whom we contract, to protect this data in accordance with payment network requirements. The loss, destruction or unauthorized modification of customer or cardholder data could result in significant fines, sanctions and proceedings or actions against us by the payment networks, governmental bodies, consumers or others, which could have a material adverse effect on our business, financial condition and results of operations. Any such sanction, fine, proceeding or action could damage our reputation, force us to incur significant expenses in defense of these proceedings, disrupt our operations, distract our management, increase our costs of doing business and may result in the imposition of monetary liability. We are subject to risk associated with information technology and cybersecurity matters. For example, on June 2, 2021, the State of Louisiana, Division of Administration and a putative class of Louisiana law enforcement districts filed a petition in the 19th Judicial District Court for the Parish of East Baton Rouge against i3-Software & Services, LLC ("S&S"), a subsidiary of the Company located in Shreveport, Louisiana, seeking monetary damages related to a third-party remote access software product used in connection with services provided by S&S to certain Louisiana Parish law enforcement districts and alleged inadequacies in the Company's cybersecurity practices. For additional information about this litigation, see Note 17 to our consolidated financial statements. The current cyber threat environment presents increased risk for all companies, in our industry and otherwise, including as a result of cyberattacks as well as ransomware attacks (through which an attacker renders an organization's computer files inaccessible and demands a payment to return them or reinstate access), malicious software, advanced persistent threats, phishing and other attempts by malicious threat actors, including nation-state actors, ransomware groups and others to access, acquire, use disclose, shut down or manipulate information, systems, databases, processes and people. Like other companies in our industry, our systems are subject to recurring attempts by third parties to access information, manipulate data or disrupt our operations. Although we proactively employ multiple measures to defend our systems against intrusions and attacks and to protect the data we collect, our measures may not prevent unauthorized access or use of sensitive data. In addition, the cybersecurity-related threats that we face may remain undetected for an extended period of time. In addition, the rapid evolution and increased adoption of AI and other emerging technologies also may heighten our cybersecurity risks by making cyberattacks and social engineering more difficult to detect, contain and mitigate. While we have experienced cyber threats and incidents, we have not (whether directly or indirectly, including through our third-party vendors, customers or other business relations) been subject to a cybersecurity event of which we are aware that has had a material impact on us, including our business strategy, financial condition or results of operations. However, despite our security measures, there is no assurance that we, or the third parties with which we interact, will not experience a cybersecurity incident in the future that materially impacts us. If such an event were to occur it could materially disrupt our operations, expose us to liability under data breach laws, adversely impact our reputation, impact our customer relationships or subject us to other material losses or liability. In addition, a breach of our system or a third-party system upon which we rely may subject us to material losses or liability, including payment network fines, assessments and claims for unauthorized purchases with misappropriated credit, debit or card information, impersonation or other similar fraud claims. A misuse of such data or a cybersecurity breach could harm our reputation and deter our customers and potential customers from using electronic payments generally and our products and services specifically, thus reducing our revenue. In addition, any such misuse or breach could cause us to incur costs to correct the breaches or failures, increase our risk of regulatory scrutiny, subject us to lawsuits and result in the imposition of material penalties and fines under state and federal laws or by the payment networks. These risks may be heightened in connection with employees working from remote work environments, as our dependency on certain service providers, such as video conferencing and web conferencing services, has significantly increased. In addition, to access our network, products and services, customers and other third parties may use personal mobile devices or computing devices that are outside of our network environment and subject to their own security risks. While we maintain insurance coverage that may, subject to policy terms and conditions, cover certain aspects of cyber risks, such insurance coverage may exclude certain types of claims and otherwise be insufficient to cover all losses. A significant cybersecurity breach could also result in payment networks prohibiting us from processing transactions on their networks or the loss of our financial institution sponsorship that facilitates our participation in the payment networks, either of which could materially impede our ability to conduct business. In addition, as cybersecurity threats continue to evolve, we have expended, and expect to continue to expend, significant resources to continue to modify or enhance our protective measures or to investigate and remediate any information security vulnerabilities, but we still might be unable to successfully prevent certain cyberattacks. Although we generally require that our agreements with third parties who have access to customer data include confidentiality obligations that restrict these parties from using or disclosing any customer data except as necessary to perform their services under the applicable agreements, there can be no assurance that these contractual measures will prevent the unauthorized disclosure of business or customer data, nor can we be sure that such third parties would be willing or able to satisfy liabilities arising from their breach of these agreements. Any failure by such third parties to adequately take these protective measures could result in protracted or costly litigation. In addition, our agreement with our bank sponsor and applicable payment network requirements require us to take certain protective measures to ensure the confidentiality of business and consumer data. Any failure to adequately comply with these protective measures could result in fees, penalties, litigation or termination of our bank sponsor agreement. Any significant unauthorized disclosure of sensitive data entrusted to us would cause significant damage to our reputation, impair our ability to attract new integrated technology and may cause parties with whom we already have such agreements to terminate them.

Some of our solutions require or benefit from the use of third-party hardware products that we sell to our customers, such as kiosks, payment terminals and point of sale equipment. A number of such products come from limited number of suppliers. Due to our reliance on the products produced by a limited number of suppliers, we are subject to the risk of shortages and long lead times in the supply of certain products. Additionally, various sources of supply-chain risk, including strikes or shutdowns at delivery ports or loss of or damage to our products while they are in transit or storage, intellectual property theft, losses due to tampering, issues with quality or sourcing control, failure by our suppliers to comply with applicable laws and regulation, tariffs or other trade restrictions, or other similar problems could limit or delay the supply of our products or harm our reputation. In the event of a shortage or supply interruption from suppliers, we may not be able to develop alternate sources quickly, cost-effectively, or at all. Any interruption or delay in manufacturing supply, any increases in costs, or the inability to obtain these products from alternate sources at acceptable prices and within a reasonable amount of time, could harm our ability to provide products to our customers.

We are exposed to general economic and geopolitical conditions that affect consumer confidence, consumer spending, consumer discretionary income and changes in consumer purchasing habits. In connection therewith, U.S. and international markets have been experiencing uncertain and volatile economic and geopolitical conditions, including from the impacts of military conflict in the Middle East, Russian aggression in Ukraine, tariff and trade-related developments, budgetary and political pressures to reduce government spending, inflationary pressures, elevated interest rate levels, possible recession concerns, and supply chain disruptions. For example, the U.S. government has imposed tariffs on certain foreign products and has raised the possibility of imposing significant, additional tariff increases, which has resulted in a deterioration of trade relations of the United States with various countries, including Canada. In connection therewith, we have business operations in Canada, and the determination of Canadian governmental authorities or businesses to cancel or not renew contracts, or otherwise reduce business, with U.S. companies as a result of current trade tensions with the United States, as has been advocated by certain Canadian governmental authorities, could adversely impact our financial results. Additionally, we have a significant number of employees in India who assist us in various respects, primarily in connection with the development of intellectual property. In the event that tensions between India and Pakistan increase, this could limit the ability of these employees to assist us for a significant period of time, disrupt our operations, and otherwise adversely impact our business and financial results. Further, there is ongoing uncertainty regarding government budget and spending levels as a result of political developments and other factors. In this regard, the current presidential administration has been focused on restructuring and streamlining government agencies and reducing or eliminating regulations and federal government programs and other expenditures, which has also given rise to separate efforts at the state level to reduce government spending. As a result of the fact that a significant portion of our revenue is received from state and local governmental authorities, reductions in government spending at the state and local level could adversely impact our financial results and business. These conditions make it extremely difficult for us to accurately forecast and plan future business activities. Moreover, if these business, macroeconomic or political conditions continue or worsen, our business, financial condition and results of operations could be materially adversely affected. In addition, our business, financial condition and results of operations could be materially adversely affected by outbreaks of illnesses, epidemics or pandemics, climate-related events, including extreme weather events and natural disasters, riots, strikes, civil insurrection or social unrest, terrorist or criminal activities, or other catastrophic events or other political and economic instability.

We employ resources in India, to support our onshore operations. Countries outside of the United States may be subject to relatively higher degrees of political and social instability and may lack the infrastructure to withstand political unrest or natural disasters. The occurrence of natural disasters, pandemics, or political or economic instability in these countries could interfere with work performed by these labor sources or could result in our having to replace or reduce these labor sources. If countries in which we operate experience civil or political unrest or acts of terrorism, our operations in such countries could be materially impaired. For example, India has experienced civil unrest and terrorism and has experienced historical and recent tensions with Pakistan. The occurrence of any of these circumstances could result in disruptions to our resources in India. Our vendors in other countries could potentially shut down suddenly for any reason, including financial problems or personnel issues. Such disruptions could decrease efficiency, increase our costs and have an adverse effect on our business or results of operations. Further, many foreign data privacy regulations (including India's Digital Personal Data Protection Act) can be more stringent than those in the United States. These laws and regulations are rapidly evolving and changing and could have an adverse effect on our operations. Our obligations and requirements under these laws and regulations are subject to uncertainty in how they may be interpreted by government authorities and regulators. The costs of compliance with, and the other burdens imposed by, these and other laws or regulatory actions may increase our operational costs, affect our customers' willingness to permit us to use and store personal data, prevent us from selling our products or services, and/or affect our ability to invest in or jointly develop products. Failure to comply with these laws may result in governmental enforcement actions, private claims, including class action lawsuits, and damage to our reputation. We may also face audits or investigations by one or more foreign government agencies relating to our compliance with these regulations.

Our contracts are primarily denominated in U.S. dollars, and therefore, substantially all of our revenue is not subject to foreign currency risk. However, there has been, and may continue to be, significant volatility in global stock markets and foreign currency exchange rates that result in the strengthening of the U.S. dollar against foreign currencies in which we conduct business. The strengthening of the U.S. dollar increases the real cost of our products to our end-customers outside of the United States and may lead to reduced demand for our services. If the U.S. dollar continues to strengthen, this could adversely affect our financial condition and operating results. Our operating expenses incurred outside the United States and denominated in foreign currencies are increasing and are subject to fluctuations due to changes in foreign currency exchange rates. If we are not able to successfully hedge against the risks associated with foreign currency fluctuations, our financial condition and operating results could be adversely affected.