Public companies are required to disclose risks that can affect the business and impact the stock. These disclosures are known as “Risk Factors”. Companies disclose these risks in their yearly (Form 10-K), quarterly earnings (Form 10-Q), or “foreign private issuer” reports (Form 20-F). Risk factors show the challenges a company faces. Investors can consider the worst-case scenarios before making an investment. TipRanks’ Risk Analysis categorizes risks based on proprietary classification algorithms and machine learning.

Molina Healthcare disclosed 40 risk factors in its most recent earnings report. Molina Healthcare reported the most risks in the “Legal & Regulatory” category.

Risk Overview Q3, 2024

Risk Distribution

30% Legal & Regulatory

28% Production

20% Finance & Corporate

10% Tech & Innovation

8% Macro & Political

5% Ability to Sell

Finance & Corporate - Financial and accounting risks. Risks related to the execution of corporate activity and strategy

This chart displays the stock's most recent risk distribution according to category. TipRanks has identified 6 major categories: Finance & corporate, legal & regulatory, macro & political, production, tech & innovation, and ability to sell.

Risk Change Over Time

2020

S&P500 Average

Sector Average

Risks removed

Risks added

Risks changed

Molina Healthcare Risk Factors

New Risk (0)

Risk Changed (0)

Risk Removed (0)

No changes from previous report

The chart shows the number of risks a company has disclosed. You can compare this to the sector average or S&P 500 average.

The quarters shown in the chart are according to the calendar year (January to December). Businesses set their own financial calendar, known as a fiscal year. For example, Walmart ends their financial year at the end of January to accommodate the holiday season.

Risk Highlights Q3, 2024

Main Risk Category

Legal & Regulatory

With 12 Risks

Legal & Regulatory

With 12 Risks

Number of Disclosed Risks

No changes from last report

S&P 500 Average: 31

No changes from last report

S&P 500 Average: 31

Recent Changes

0Risks added

0Risks removed

0Risks changed

Since Sep 2024

0Risks added

0Risks removed

0Risks changed

Since Sep 2024

Number of Risk Changed

No changes from last report

S&P 500 Average: 3

No changes from last report

S&P 500 Average: 3

See the risk highlights of Molina Healthcare in the last period.

Risk Word Cloud

The most common phrases about risk factors from the most recent report. Larger texts indicate more widely used phrases.

Risk Factors Full Breakdown - Total Risks 40

Legal & Regulatory

Total Risks: 12/40 (30%)Above Sector Average

Regulation7 | 17.5%

Regulation - Risk 1

If a state fails to renew its federal waiver application for mandated Medicaid enrollment into managed care or such application is denied, our membership in that state will likely decrease.

States may only mandate Medicaid enrollment into managed care under federal waivers or demonstrations. Waivers and programs under demonstrations are approved for two- to five-year periods and can be renewed on an ongoing basis if the state applies and the waiver request is approved or renewed by CMS. We have no control over this renewal process. If a state in which we operate does not renew its mandated program or the federal government denies the state's application for renewal, our business would suffer as a result of a likely decrease in membership.

Regulation - Risk 2

We rely on the accuracy of eligibility lists provided by state governments. Inaccuracies in those lists would negatively affect our results of operations.

Premium payments to our health plans are based upon eligibility lists produced by state governments. From time to time, states require us to reimburse them for premiums paid to us based on an eligibility list that a state later discovers contains individuals who are not in fact eligible for a government sponsored program or are eligible for a different premium category or a different program. Alternatively, a state could fail to pay us for members for whom we are entitled to payment. Our results of operations would be adversely affected as a result of such reimbursement to the state if we make or have made related payments to providers and are unable to recoup such payments from the providers. Further, when a state implements new programs to determine eligibility, establishes new processes to assign or enroll eligible members into health plans, or chooses new subcontractors, there is an increased potential for an unanticipated impact on the overall number of members assigned to managed care health plans. Whenever a state effects an eligibility redetermination for any reason, there is generally an associated reduction in Medicaid membership, which could have an adverse effect on our premium revenues and results of operations.

Regulation - Risk 3

Unforeseen changes in pharmaceutical regulations or market conditions may impact our revenues and adversely affect our results of operations.

Pharmaceutical products and services are a significant component of our healthcare costs. Evolving regulations and state and federal mandates regarding coverage may impact the ability of our health plans to continue to receive existing price discounts on pharmaceutical products for our members. Other factors affecting our pharmaceutical costs include, but are not limited to, the price of pharmaceuticals, geographic variation in utilization of new and existing pharmaceuticals, and changes in discounts. The unpredictable nature of these factors may have a material adverse effect on our business, financial condition, cash flows, or results of operations.

Regulation - Risk 4

If state regulators do not approve payments of dividends and distributions by our subsidiaries, it may negatively affect our ability to meet our debt service and other obligations.

We are a corporate parent holding company and hold most of our assets in, and conduct most of our operations through, our direct subsidiaries. As a holding company, our results of operations depend on the results of operations of our subsidiaries. Moreover, we are dependent on dividends or other intercompany transfers of funds from our subsidiaries to meet our debt service and other obligations. The ability of our subsidiaries to pay dividends or make other payments or advances to us depends on their operating results and is subject to applicable laws and restrictions contained in agreements governing the debt of such subsidiaries. In addition, our health plan subsidiaries are subject to laws and regulations that limit the amount of ordinary dividends and distributions that they can pay to us without prior approval of, or notification to, state regulators. In general, our health plans must give thirty days' advance notice and the opportunity to disapprove "extraordinary" dividends to the respective state departments of insurance for amounts that exceed either (a) ten percent of surplus or net worth at the prior year end or (b) the net income for the prior year, depending on the respective state statute. The discretion of the state regulators, if any, in approving or disapproving a dividend is not clearly defined. Our health plans generally must provide notice to the applicable state regulator prior to paying a dividend or other distribution to us. Our parent company received $705 million and $668 million in dividends from our regulated health plan subsidiaries during 2023 and 2022, respectively. If the regulators were to deny or significantly restrict our subsidiaries' requests to pay dividends to us, the funds available to our Company as a whole would be limited, which could have a material adverse effect on our business, financial condition, cash flows, or results of operations.

Regulation - Risk 5

We are subject to extensive fraud and abuse laws that may give rise to lawsuits and claims against us, the outcome of which may have a material adverse effect on our business, financial condition, cash flows, or results of operations.

Because we receive payments from federal and state governmental agencies, we are subject to various laws commonly referred to as "fraud and abuse" laws, including federal and state anti-kickback statutes, prohibited referrals, and the federal False Claims Act, which permit agencies and enforcement authorities to institute a suit against us for violations and, in some cases, to seek treble damages, criminal and civil fines, penalties, and assessments. Violations of these laws can also result in exclusion, debarment, temporary or permanent suspension from participation in government healthcare programs, or the institution of corporate integrity agreements. Liability under such federal and state statutes and regulations may arise if we know, or it is determined that we should have known, that information we provide to form the basis for a claim for government payment is false or fraudulent, and some courts have permitted False Claims Act suits to proceed if the claimant was out of compliance with program requirements. Fraud, waste and abuse prohibitions encompass a wide range of operating activities, including kickbacks or other inducements for referral of members or for the coverage of products (such as prescription drugs) by a plan, billing for unnecessary medical services by a provider, upcoding, payments made to excluded providers, improper marketing, and the violation of patient privacy rights. In particular, there has recently been increased scrutiny by the Department of Justice on health plans' risk adjustment practices, particularly in the Medicare program. Companies involved in government healthcare programs such as Medicaid and Medicare are required to maintain compliance programs to detect and deter fraud, waste and abuse, and are often the subject of fraud, waste and abuse investigations and audits. The federal government has taken the position that claims presented in violation of the federal anti-kickback statute may be considered a violation of the federal False Claims Act. In addition, under the federal civil monetary penalty statute, the U.S. Department of Health and Human Services' Office of Inspector General has the authority to impose civil penalties against any person who, among other things, knowingly presents, or causes to be presented, certain false or otherwise improper claims. Qui tam actions under federal and state law are brought by a private individual, known as a relator, on behalf of the government. A relator who brings a successful qui tam lawsuit can receive 15 to 30 percent of the damages the government recovers from the defendants, which damages are trebled under the False Claims Act. Because of these financial inducements offered to plaintiffs, qui tam actions have increased significantly in recent years, causing greater numbers of healthcare companies to incur the costs of having to defend false claims actions, many of which are spurious and without merit. In addition, meritorious false claims actions could result in fines, or debarment from the Medicare, Medicaid, or other state or federal healthcare programs. If we are subject to liability under a qui tam or other actions, our business, financial condition, cash flows, or results of operations could be adversely affected. Even if we are successful in defending qui tam actions against us, the fact that these actions were filed against us, even if ultimately determined to be without merit, could result in expensive defense costs, and also could have an adverse impact on our reputation and our ability to obtain regulatory approval for acquisitions that we may pursue.

Regulation - Risk 6

Any changes to the laws and regulations governing our business, or the interpretation and enforcement of those laws or regulations, could require us to modify our operations and could negatively impact our operating results.

Our business is extensively regulated by the federal government and the states in which we operate. The laws and regulations governing our operations are generally intended to benefit and protect health plan members and providers rather than managed care organizations. The government agencies administering these laws and regulations have broad latitude in interpreting and applying them. Changes in the interpretation or application of our contracts could reduce our profitability if we have detrimentally relied on a prior interpretation or application. These laws and regulations, along with the terms of our government contracts, regulate how we do business, what services we offer, and how we interact with our members and the public. For instance, some states mandate minimum medical expense levels as a percentage of premium revenues. These laws and regulations, and their interpretations, are subject to frequent change. The interpretation of certain contract provisions by our governmental regulators may also change. Changes in existing laws or regulations, or their interpretations, or the enactment of new laws or regulations, could reduce our profitability by imposing additional capital requirements, increasing our liability, increasing our administrative and other costs, increasing mandated benefits, forcing us to restructure our relationships with providers, requiring us to implement additional or different programs and systems, or making it more difficult to predict future results. Thus, any significant changes in existing health care laws or regulations could materially impact our business, financial condition, cash flows, or results of operations.

Regulation - Risk 7

Our health plans are subject to risk associated with various contractual provisions and regulations establishing medical cost expenditure floors, profit ceilings, risk corridors, and quality withholds.

A substantial portion of our premium revenue is subject to contract provisions pertaining to medical cost expenditure floors and corridors, administrative cost and profit ceilings, premium stabilization programs, and cost-plus and performance-based reimbursement programs. Many of these contract provisions are complex, or are poorly or ambiguously drafted, and thus are subject to differing interpretations by us and the relevant government agency with whom we contract. If the applicable government agency disagrees with our interpretation or implementation of a particular contract provision, we could be required to adjust the amount of our obligation under that provision. Any such adjustment could have a material adverse effect on our business, financial condition, cash flows, or results of operations. In addition, many of our contracts contain provisions pertaining to at-risk premiums that require us to meet certain quality performance measures to earn all of our contract revenues. If we are unsuccessful in achieving the stated performance measure, we will be unable to recognize the revenue associated with that measure, which could have a material adverse effect on our business, financial condition, cash flows, or results of operations.

Litigation & Legal Liabilities3 | 7.5%

Litigation & Legal Liabilities - Risk 1

Large-scale medical emergencies in one or more states in which we operate our health plans could significantly increase utilization rates and medical costs.

Large-scale medical emergencies can take many forms and be associated with widespread illness or medical conditions. For example, natural disasters, such as a major earthquake or wildfire in California, or a major hurricane affecting Florida, South Carolina or Texas, could have a significant impact on the health of a large number of our covered members. Other conditions that could impact our members include a virulent flu season or epidemic, such as a resurgence of COVID-19, or new viruses for which vaccines may not exist, are not effective, or have not been widely administered. In addition, federal and state law enforcement officials have issued warnings about potential terrorist activity involving biological or other weapons of mass destruction. All of these conditions, and others, could have a significant impact on the health of the population of wide-spread areas. If one of the states in which we operate were to experience a large-scale natural disaster, a significant terrorist attack, or some other large-scale event affecting the health of a large number of our members, our covered medical expenses in that state would rise, which could have a material adverse effect on our business, financial condition, cash flows, or results of operations.

Litigation & Legal Liabilities - Risk 2

We face risks related to litigation.

We are subject to a variety of legal actions that may affect our business, including but not limited to provider claims, employment related disputes and employee benefit claims, breach of contract actions, qui tam or False Claims Act actions, administrative matters before government agencies, tort claims, intellectual property-related litigation, and class actions of various kind. These actions or proceedings could result in substantial costs to us, require management to spend substantial time focused on litigation, result in negative media attention, and may adversely affect our business, reputation, financial condition, results of operations, or cash flows. If we incur liability materially in excess of the amount for which we have insurance coverage, our profitability would suffer.

Litigation & Legal Liabilities - Risk 3

The May 2020 contract award to our Kentucky Medicaid plan is the subject of a pending appeal before the Kentucky Supreme Court.

On September 4, 2020, Anthem Kentucky Managed Care Plan, Inc. brought an action in Franklin County Circuit Court against the Kentucky Finance and Administration Cabinet, the Kentucky Cabinet for Health and Family Services, and all of the five winning bidder health plans, including our Kentucky health plan. This matter is now pending before the Kentucky Supreme Court, and no assurances can be given regarding the ultimate outcome. In the event the contract award to our Kentucky health plan is overturned, the business and revenue of our Kentucky health plan may be materially and adversely affected.

Taxation & Government Incentives1 | 2.5%

Taxation & Government Incentives - Risk 1

Our Medicaid premium revenues could be adversely impacted by retroactive adjustments or states' delays in processing rate changes.

The complexity of some of our Medicaid contract provisions, imprecise language in those contracts, the desire of state Medicaid agencies in some circumstances to retroactively adjust for the acuity of the medical needs of our members, and state delays in processing rate changes, can create uncertainty around the amount of revenue we should recognize. Any circumstance such as those described above could have a material adverse effect on our business, financial condition, cash flows, or results of operations.

Environmental / Social1 | 2.5%

Environmental / Social - Risk 1

Our use and disclosure of personally identifiable information and other non-public information, including protected health information, is subject to federal and state privacy and security regulations, and our failure or the failure of our vendors to comply with those regulations or to adequately secure the information we hold could result in significant liability or reputational harm.

State and federal laws and regulations including, but not limited to, the Health Insurance Portability and Accountability Act, as amended by the Health Information Technology for Economic and Clinical Health Act, and all regulations promulgated thereunder (collectively, "HIPAA"), the California Consumer Privacy Act (the "CCPA"), the California Privacy Rights Act (the "CPRA"), and the Gramm-Leach-Bliley Act, govern the collection, dissemination, use, privacy, confidentiality, security, availability, and integrity of personally identifiable information ("PII"), including protected health information ("PHI"). HIPAA establishes basic national privacy and security standards for protection of PHI by covered entities and business associates, including health plans such as ours. HIPAA requires covered entities like us to develop and maintain policies and procedures regarding PHI, and to adopt administrative, physical, and technical safeguards to protect PHI. HIPAA violations may result in significant civil penalties. HIPAA authorizes state attorneys general to file suit under HIPAA on behalf of state residents. Courts can award damages, costs, and attorneys' fees related to violations of HIPAA in such cases. We have experienced HIPAA breaches in the past, including breaches affecting over 500 individuals. Even when HIPAA does not apply, according to the Federal Trade Commission (the "FTC"), failing to take appropriate steps to keep consumers' personal information secure constitutes unfair acts or practices in or affecting commerce in violation of Section 5(a) of the Federal Trade Commission Act, 15 U.S.C § 45(a). The FTC expects a company's data security measures to be reasonable and appropriate in light of the sensitivity and volume of consumer information it holds, the size and complexity of its business, and the cost of available tools to improve security and reduce vulnerabilities. Individually identifiable health information is considered sensitive data that merits stronger safeguards. The FTC's guidance for appropriately securing consumers' personal information is similar to what is required by the HIPAA security regulations. In addition, certain state laws govern the privacy and security of health information in certain circumstances, many of which differ from each other in significant ways, thus complicating compliance efforts. For example, California enacted the CCPA, which became effective on January 1, 2020. The CCPA, among other things, creates new data privacy obligations for covered companies and provides new privacy rights to California residents, including the right to opt out of certain disclosures of their information. The CCPA also creates a private right of action with statutory damages for certain data breaches, thereby potentially increasing risks associated with a data breach. On January 1, 2023, the CPRA, which is the successor legislation to the CCPA, became effective. The CPRA amends and expands the CCPA, creating new privacy obligations, consumer privacy rights and enforcement mechanisms. If we or one or more of our significant vendors do not comply with existing or new laws and regulations related to PHI, PII, or non-public information, we could be subject to criminal or civil sanctions. Any security breach involving the misappropriation, loss, or other unauthorized disclosure or use of confidential member information, whether by us or by our vendors, could subject us to civil and criminal penalties, divert management's time and energy, and have a material adverse effect on our business, financial condition, cash flows, or results of operations.

Production

Total Risks: 11/40 (28%)Above Sector Average

Manufacturing1 | 2.5%

Manufacturing - Risk 1

If we are unable to deliver quality care, and maintain good relations with the physicians, hospitals, and other providers with whom we contract, or if we are unable to enter into cost-effective contracts with such providers, our profitability could be adversely affected.

We contract with physicians, hospitals, and other providers as a means to ensure access to healthcare services for our members, to manage medical care costs and utilization, and to better monitor the quality of care being delivered. We compete with other health plans to contract with these providers. We believe providers select plans in which they participate based on criteria including reimbursement rates, timeliness and accuracy of claims payment, potential to deliver new patient volume and/or retain existing patients, effectiveness of resolution of calls and complaints, and other factors. There can be no assurance that we will be able to successfully attract and retain providers to maintain a competitive network in the geographic areas we serve. In addition, in any particular market, providers could refuse to contract with us, demand higher payments, or take other actions which could result in higher medical care costs, disruption to provider access for current members, a decline in our growth rate, or difficulty in meeting regulatory or accreditation requirements. The Medicaid program generally pays doctors and hospitals at levels well below those of Medicare and private insurance. Large numbers of doctors, therefore, do not accept Medicaid patients. In the face of fiscal pressures, some states may reduce rates paid to providers, which may further discourage participation in the Medicaid program. In some markets, certain providers, particularly hospitals and some specialists, may have significant market positions or even monopolies. If these providers refuse to contract with us or utilize their market position to negotiate favorable contracts which are disadvantageous to us, our profitability in those areas could be adversely affected. Some providers that render services to our members are not contracted with our health plans. In those cases, there is no pre-established understanding between the provider and our health plan about the amount of compensation that is due to the provider. If providers claim they are underpaid for their services, they may either litigate or arbitrate their dispute with our health plan. State and federal laws intended to prevent or limit "surprise billing," such as the No Surprises Act, define the compensation that must be paid to out-of-network providers in certain scenarios and require rate disputes between payors and out-of-network providers to be resolved through independent dispute resolution ("IDR"). There have been lawsuits challenging portions of the No Surprises Act in federal courts, particularly related to the use of the qualifying payment amount ("QPA") in the IDR process, which may result in an increase in rates we must pay to out-of-network providers. Federal agencies have continued to issue guidance regarding the implementation of the No Surprises Act, and we expect the agencies' interpretations of law's requirements will continue to evolve. The impact that federal and state surprise billing laws will have on our business is uncertain and could adversely affect our business, financial condition, cash flows, or results of operations.

Employment / Personnel2 | 5.0%

Employment / Personnel - Risk 1

Our Medicaid enrollees continue to be subject to eligibility redeterminations and potential disenrollments on a state by state basis, and the number and health acuity level of Medicaid enrollees we retain may be lower than our current estimates.

During the COVID-19 pandemic, Medicaid enrollment across the country, as well as our enrollment, grew substantially compared to before the pandemic. Beginning April 1, 2023, Medicaid eligibility redeterminations commenced, and are expected to be concluded by June 2024. The total number of Medicaid enrollees who may be disenrolled during the unwinding period is uncertain. In 2023, we estimate we lost approximately 500,000 members due to redeterminations (offset by new enrollment), and we expect to lose an additional 100,000 members in 2024. Based on our experience to date, we expect that we will retain approximately 40% of the new Medicaid enrollees who joined our health plans during the pendency of the PHE. However, this expectation is subject to a number of uncertain variables and assumptions. Moreover, actuarial assumptions related to the health acuity of the remaining members may become more difficult to predict or may be inaccurate, resulting in inaccurate rates to be paid to health plans. Errors in our estimates related to redeterminations and disenrollment, and actuarial errors related to the acuity of Medicaid members may materially impact our business, financial condition, cash flows, and results of operations.

Employment / Personnel - Risk 2

We are dependent on the leadership of our chief executive officer and other executive officers and key employees.

The success of our business and the ability to execute our strategy are highly dependent on the efforts of Mr. Zubretsky, our chief executive officer, and our other key executive officers and employees. The loss of their leadership, expertise, and experience could negatively impact our operations. Our ability to replace them or any other key employee may be difficult and may take an extended period of time because of the limited number of individuals in the healthcare industry who have the breadth and depth of skills and experience necessary to operate and lead a business such as ours. Competition to hire from this limited pool is intense, and we may be unable to hire, train, retain, or motivate these personnel. If we are unsuccessful in recruiting, retaining, managing, and motivating such personnel, our business, financial condition, cash flows, or results of operations could be adversely affected.

Supply Chain3 | 7.5%

Supply Chain - Risk 1

If, in the interest of long-term profitability, we decide to exit certain state contractual arrangements, make changes to our provider networks, or make changes to our administrative infrastructure, we may incur disruptions to our business that could in the short term materially reduce our premium revenues and our net income.

Decisions that we make with regard to retaining or exiting our portfolio of state or federal contracts, and changes to the manner in which we serve the members of those contracts, could generate substantial expenses associated with the run out of existing operations and the restructuring of those operations that remain. Such expenses could include, but would not be limited to, goodwill and intangible asset impairment charges, restructuring costs, additional medical costs incurred due to the inability to leverage long-term relationships with medical providers, and costs incurred to finish the run out of businesses that have ceased to generate revenue, all of which could materially reduce our premium revenues and net income. For example, following our exit from Puerto Rico in October 2020, significant accounts receivable under our Puerto Rico Medicaid contract remain uncollected, which we ultimately may never recover.

Supply Chain - Risk 2

The insolvency of a delegated provider could obligate us to pay its referral claims, which could have a material adverse effect on our business, financial condition, cash flows, or results of operations.

Many of our primary care physicians and a small portion of our specialists and hospitals are paid on a capitated basis. Under capitation arrangements, we pay a fixed amount per member per month to the provider without regard to the frequency, extent, or nature of the medical services actually furnished. Due to insolvency or other circumstances, such providers may be unable or unwilling to pay claims they have incurred with third parties in connection with referral services provided to our members. The inability or unwillingness of delegated providers to pay referral claims presents us with both immediate financial risk and potential disruption to member care, as well as potential loss of members. Depending on states' laws, we may be held liable for such unpaid referral claims even though the delegated provider has contractually assumed such risk. Additionally, competitive pressures or practical regulatory considerations may force us to pay such claims even when we have no legal obligation to do so; or we have already paid claims to a delegated provider and such payments cannot be recouped when the delegated provider becomes insolvent. Liabilities incurred or losses suffered as a result of provider insolvency or other circumstances could have a material adverse effect on our business, financial condition, cash flows, or results of operations.

Supply Chain - Risk 3

We are subject to risks associated with outsourcing services and functions to third parties.

We contract with third party vendors and service providers who provide services to us and our subsidiaries or to whom we delegate selected functions. Some of these third parties have direct access to our systems. Our arrangements with third party vendors and service providers may make our operations vulnerable if those third parties fail to satisfy their obligations to us, including their obligations to maintain and protect the security and confidentiality of our information and data or the information and data relating to our members or customers. We are also at risk of a data security incident involving a vendor or third party, which could result in a breakdown of such third party's data protection processes or cyber-attackers gaining access to our infrastructure through the third party. To the extent that a vendor or third party suffers a data security incident that compromises its operations, we could incur significant costs and possible service interruption. Any contractual remedies and/or indemnification obligations we may have for vendor or service provider failures or incidents may not be adequate to fully compensate us for any losses suffered as a result of any vendor's failure to satisfy its obligations to us or under applicable law. Violations of, or noncompliance with, laws and/or regulations governing our business or noncompliance with contract terms by third party vendors and service providers could increase our exposure to liability to our members, providers, or other third parties, or could result in sanctions and/or fines from the regulators that oversee our business. In turn, this could increase the costs associated with the operation of our business or have an adverse impact on our business and reputation. Moreover, if these vendor and service provider relationships were terminated for any reason, we may not be able to find alternative partners in a timely manner or on acceptable financial terms. We may incur significant costs and/or experience significant disruption to our operations in connection with any such vendor or service provider transition. As a result, we may not be able to meet the full demands of our members or customers and, in turn, our business, financial condition, and results of operations may be harmed.

Costs5 | 12.5%

Costs - Risk 1

If we fail to accurately predict and effectively manage our medical care costs, our operating results could be materially and adversely affected.

Our profitability depends to a significant degree on our ability to accurately predict and effectively manage our medical care costs. Historically, our medical care ratio, meaning our medical care costs as a percentage of our premium revenue, has fluctuated substantially, and has varied across our health plans. Because the premium payments we receive are generally fixed in advance and we operate with a narrow profit margin, relatively small changes in our medical care ratio can create significant changes in our overall financial results. For example, if our overall medical care ratio of 88.1% for the year ended December 31, 2023, had been one percentage point higher,or 89.1%, our net income per diluted share for the year ended December 31, 2023 would have been approximately $14.51 rather than our actual net income per diluted share of $18.77, a difference of $4.26. Many factors may affect our medical care costs, including: - the level of utilization of healthcare services;- changes in the underlying risk acuity of our membership;- unexpected patterns in the annual flu season;- increases in hospital costs;- increased incidences or acuity of high dollar claims related to catastrophic illnesses or medical conditions for which we do not have adequate reinsurance coverage;- increased maternity costs;- changes in state eligibility certification methodologies;- relatively low levels of hospital and specialty provider competition in certain geographic areas;- increases in the cost of pharmaceutical products and services;- changes in healthcare regulations and practices;- epidemics or pandemics, such as COVID-19;- new medical technologies; and - other various external factors. Many of these factors are beyond our control. The inability to forecast and manage our medical care costs or to establish and maintain a satisfactory medical care ratio, either with respect to a particular health plan or across the consolidated entity, could have a material adverse effect on our business, financial condition, cash flows, or results of operations.

Costs - Risk 2

A failure to accurately estimate incurred but not paid medical care costs may negatively impact our results of operations.

Because of the lag in time between when medical services are actually rendered by our providers and when we receive, process, and pay a claim for those medical services, we must continually estimate our medical claims liability at particular points in time and establish claims reserves related to such estimates. Our estimated reserves for such incurred but not paid, or IBNP, medical care costs are based on numerous assumptions. We estimate our medical claims liabilities using actuarial methods based on historical data adjusted for claims receipt and payment experience (and variations in that experience), changes in membership, provider billing practices, healthcare service utilization trends, cost trends, product mix, seasonality, prior authorization of medical services, benefit changes, known incidence of disease, including COVID-19, or increased incidence of illness such as the flu, provider contract changes, changes to Medicaid fee schedules, and the incidence of high dollar or catastrophic claims. Our ability to accurately estimate claims for our newer lines of business or populations is negatively impacted by the more limited experience we have had with those newer lines of business or populations. The IBNP estimation methods we use and the resulting reserves that we establish are reviewed and updated, and adjustments, if deemed necessary, are reflected in the current period. Given the numerous uncertainties inherent in such estimates, our actual claims liabilities for a particular quarter or other period could differ significantly from the amounts estimated and reserved for that quarter or period. Our actual claims liabilities have varied and will continue to vary from our estimates, particularly in times of significant changes in utilization, medical cost trends, and populations and markets served. If our actual liability for claims payments is higher than previously estimated, our earnings in any particular quarter or annual period could be negatively affected. Our estimates of IBNP may be inadequate in the future, which would negatively affect our results of operations for the relevant time period. Furthermore, if we are unable to accurately estimate IBNP, our ability to take timely corrective actions may be limited, further exacerbating the extent of the negative impact on our results.

Costs - Risk 3

Receipt of inadequate or significantly delayed premiums could negatively affect our business, financial condition, cash flows, or results of operations.

Our premium revenues consist of fixed monthly payments per member, and supplemental payments for other services such as maternity deliveries. These premiums are fixed by contract, and we are obligated during the contract periods to provide healthcare services as established by the state governments. We use a large portion of our revenues to pay the costs of healthcare services delivered to our members. If premiums do not increase when expenses related to healthcare services rise, our medical margins will be compressed, and our earnings will be negatively affected. A state could increase hospital or other provider rates without making a commensurate increase in the rates paid to us, could lower our rates without making a commensurate reduction in the rates paid to hospitals or other providers, or could delay the processing of rate changes. In addition, if the actuarial assumptions made by a state in implementing a rate or benefit change are incorrect or are at variance with the particular utilization patterns of the members of one or more of our health plans, our medical margins could be reduced. Any of these rate adjustments in one or more of the states in which we operate could have a material adverse effect on our business, financial condition, cash flows, or results of operations.

Costs - Risk 4

Increases in our pharmaceutical costs could have a material adverse effect on the level of our medical costs and our results of operations.

Introduction of new high cost specialty drugs and sudden cost spikes for existing drugs increase the risk that the pharmacy cost assumptions used to develop our capitation rates are not adequate to cover the actual pharmacy costs, which jeopardizes the overall actuarial soundness of our rates. Bearing the high costs of new specialty drugs or the high cost inflation of generic drugs without an appropriate rate adjustment or other reimbursement mechanism would have an adverse impact on our financial condition and results of operations. In addition, evolving regulations and state and federal mandates regarding coverage may impact the ability of our health plans to continue to receive existing price discounts on pharmaceutical products for our members. Other factors affecting our pharmaceutical costs include, but are not limited to, geographic variation in utilization of new and existing pharmaceuticals, changes in discounts, civil investigations, and litigation. Some of our competitors have been subject to substantial sanctions related to allegations of improper transfer pricing practices. Further, our principal pharmacy benefit manager, or PBM, CVS Caremark ("CVS"), is party to certain lawsuits and putative class actions regarding its drug pricing practices and its rebate arrangements with drug manufacturers. The ultimate outcome of these complaints may have an adverse impact on our pharmaceutical costs, or potentially could result in our becoming involved or impleaded into similar or related costly litigation. Although we will continue to work with state Medicaid agencies in an effort to ensure that we receive appropriate and actuarially sound reimbursement for all new drug therapies and pharmaceuticals trends, there can be no assurance that we will be successful in that regard.

Costs - Risk 5

If we lose contracts that constitute a significant amount of our premium revenue, we will lose the administrative cost efficiencies or cost leverage that is inherent in a larger revenue base. In such circumstances, we may not be able to reduce fixed costs proportionally with our lower revenue, and the financial impact of lost contracts may exceed the net income ascribed to those contracts.

We currently spread the cost of centralized services over a large revenue base. Many of our administrative costs are fixed in nature and will be incurred at the same level regardless of the size of our revenue base. If we lose contracts that constitute a significant amount of our revenue, we may not be able to reduce the expense of centralized services in a manner that is proportional to that loss of revenue. In such circumstances, not only will our total dollar margins decline, but our percentage margins, measured as a percentage of revenue, will also decline. This loss of cost efficiency or cost leverage, and the resulting stranded administrative costs, could have a material and adverse impact on our business, financial condition, cash flows, or results of operations.

Finance & Corporate

Total Risks: 8/40 (20%)Below Sector Average

Accounting & Financial Operations4 | 10.0%

Accounting & Financial Operations - Risk 1

Failure to maintain effective internal controls over financial reporting could have a material adverse effect on our business, operating results, and stock price, and could subject us to sanctions by regulatory authorities.

A material weakness is a deficiency, or a combination of deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of the annual or interim financial statements will not be prevented or detected on a timely basis. We have identified material weaknesses in our internal control over financial reporting in the past, which have subsequently been remediated. If additional material weaknesses in our internal control over financial reporting are discovered or occur in the future, the risk of material misstatements in our consolidated financial statements may increase and we could be required to restate our financial results.

Accounting & Financial Operations - Risk 2

Our health plans operate with very low profit margins, and small changes in operating performance or slight changes to our accounting estimates could have a disproportionate impact on our reported net income.

Although most of our health plans over the last several years have generally operated with profit margins higher than those of our direct competitors, nevertheless the profit margins in our industry are low (in the single digits) compared to the profit margins in most other industries. Given these low profit margins, small changes in operating performance or slight changes to our accounting estimates could have a disproportionate impact on our reported net income and adversely affect our business.

Accounting & Financial Operations - Risk 3

An impairment charge with respect to our recorded goodwill, or our finite-lived intangible assets, could have a material impact on our financial results.

As of December 31, 2023, the carrying amount of goodwill was $1,241 million, and intangible assets, net, were $208 million. Goodwill represents the excess of the purchase consideration over the fair value of net assets acquired in business combinations. Goodwill is not amortized but is tested for impairment on an annual basis and more frequently if impairment indicators are present. Impairment indicators may include experienced or expected operating cash-flow deterioration or losses, significant losses of membership, loss of state funding, loss of state contracts, and other factors. Goodwill is impaired if the carrying amount of a reporting unit exceeds its estimated fair value. This excess is recorded as an impairment loss and adjusted if necessary for the impact of tax-deductible goodwill. The loss recognized may not exceed the total goodwill allocated to the reporting unit. An event could occur that would cause us to revise our estimates and assumptions used in analyzing the value of our goodwill, and intangible assets, net. For example, if the responsive bid of one or more of our health plans is not successful, we will lose a contract in the applicable state or states and such loss may be an indicator of impairment. If an event or events occur that would cause us to revise our estimates and assumptions used in analyzing the value of our goodwill and other intangible assets, such revision could result in a non-cash impairment charge that could have a material impact on our results of operations in the period in which the impairment occurs.

Accounting & Financial Operations - Risk 4

Our Marketplace business has been volatile and has suffered significant losses in the past.

We offer Marketplace plans in many of the states where we offer Medicaid health plans. In 2024, we are participating in the Marketplace in all our markets except for Arizona, Iowa, Massachusetts, Nebraska, New York, and Virginia. Our Marketplace plans allow our Medicaid members to stay with their providers as they transition between Medicaid and the Marketplace. Additionally, our plans remove financial barriers to quality care and seek to minimize members' out-of-pocket expenses. We develop each state's Marketplace premium rates during the spring of each year for policies effective in the following calendar year. Premium rates are based on our estimates of utilization of services and unit costs, anticipated member risk acuity and related federal risk adjustment transfer amounts, and non-benefit expenses such as administrative costs, taxes, and fees. In the year ended December 31, 2023, Marketplace program PMPM premium rates ranged from $270 to $1,140. Marketplace plan selection by members is highly price sensitive, and the Marketplace markets in general are highly volatile and unpredictable from year to year. Any variation from our cost expectations regarding acuity, enrollment levels, adverse selection, or other assumptions utilized in setting premium rates, could have a material adverse effect on our results of operations, financial position, and cash flows.

Corporate Activity and Growth4 | 10.0%

Corporate Activity and Growth - Risk 1

Failure to attain profitability in any newly acquired health plans or new start-up operations could negatively affect our results of operations.

Start-up costs associated with a new business can be substantial. For example, to obtain a certificate of authority to operate as a health maintenance organization in most jurisdictions, we must first establish a provider network, develop and establish infrastructure and required systems, and demonstrate our ability to process claims. In 2023, we incurred substantial one-time contract implementation costs related to our expansions in Los Angeles County, Iowa, and Nebraska. Often, we are also required to contribute significant capital to fund mandated net worth requirements, performance bonds or escrows, or contingency guaranties. If we are unsuccessful in obtaining a certificate of authority, winning the bid to provide services, building out our provider network, or attracting and retaining members in sufficient numbers to cover our start-up costs, the new business could fail, or the losses we incur could impact our results of operations. The expenses associated with starting up a health plan in a new jurisdiction, expanding a health plan in an existing jurisdiction, or acquiring a new health plan, could have a material adverse effect on our business, financial condition, cash flows, or results of operations.

Corporate Activity and Growth - Risk 2

We may be unable to sustain our projected rate of growth due to a lack of merger and acquisition opportunities.

Over the last five years we have closed on eight merger and acquisition transactions generating approximately $11 billion in premium revenue. Many of the targets of such transaction have been non-profit entities. If the number of health care entities willing and able to enter into consolidation transactions with us declines in the future, we may be unable to fully achieve our growth strategy, which could have an adverse effect on our business, financial condition, or results of operations.

Corporate Activity and Growth - Risk 3

We may be unable to successfully integrate our acquisitions or realize the anticipated benefits of such acquisitions.

Our growth strategy includes the pursuit of targeted inorganic growth opportunities that we believe will provide a strategic fit, leverage operational synergies, and lead to incremental earnings accretion. For example, in September 2023 we closed on our acquisition of My Choice Wisconsin and in January 2024 we closed on the acquisition of Bright Health Medicare. The integration of acquired businesses with our existing business is a complex, costly and time-consuming process. The success of acquisitions we make will depend, in part, on our ability to successfully combine our existing business with such acquired businesses and realize the anticipated benefits, including synergies, cost savings, growth in earnings, innovation, and operational efficiencies, from the combinations. If we are unable to achieve these objectives within the anticipated time frame, or at all, the anticipated benefits may not be fully realized, or may take longer to realize than expected. Our acquisitions and the related integration activities involve a number of risks, including the following: - The transition services that a seller may have agreed to provide following the closing may not be provided in a timely or efficient manner, or certain necessary transition services may not be provided at all;- Unforeseen expenses or delays associated with the acquisition and/or integration;- The assumptions underlying our expectations regarding the integration process or the expected benefits to be achieved from an acquisition may prove to be incorrect;- Maintaining employee morale and retaining key management and other employees;- Difficulties retaining the business and operational relationships of the acquired business, and attracting new business and operational relationships;- Unanticipated attrition in the membership of the acquired business pending the completion of the proposed transaction or after the closing of the transaction;- Unanticipated difficulties or costs in integrating information technology, communications and other systems, consolidating corporate and administrative infrastructures, and eliminating duplicative operations;- Attention to integration activities may divert management's attention from ongoing business concerns, which could result in performance shortfalls;- Successfully addressing the challenges inherent in managing a larger company and coordinating geographically separate organizations; and - Delays in obtaining, or inability to obtain, necessary state or federal regulatory approvals, or such approvals may impose conditions that were not anticipated. Many of these factors are outside of our control, and any one of them could result in delays, increased costs, decreases in the amount of expected revenues, and diversion of management's time and energy, which could have a material adverse effect on our business, financial condition, cash flows, or results of operations. There can be no assurances that we will be successful in managing our expanded operations as a result of acquisitions or that we will realize the expected growth in earnings, operating efficiencies, cost savings, or other benefits.

Corporate Activity and Growth - Risk 4

CMS will end the current MMP program no later than December 2025, which could impact premium revenue.

To coordinate care for those who qualify to receive both Medicare and Medicaid services (the "dual eligibles"), under the direction of CMS some states implemented demonstration pilot programs to integrate Medicare and Medicaid services for the dual eligibles. The health plans participating in such demonstrations are referred to as MMPs. Pursuant to the 2023 CMS Medicare Final Rule, which requires MMP plans to end no later than December 2025, the five states in which we operate MMPs – Illinois, Michigan, Ohio, South Carolina, and Texas – have filed transition plans with CMS to move to D-SNPs by January 1, 2026. Illinois and Ohio have included plans to transition to Fully Integrated D-SNPs. Michigan, South Carolina, and Texas are electing to transition to Highly Integrated D-SNPs. We anticipate states to release procurements to contract with D-SNPs in 2024. The economic impact of such transitions to D-SNP on our premium revenue is uncertain at this point. Moreover, both states and CMS are requiring increasing integration of Medicare and Medicaid programmatic and compliance obligations. Medicare requirements developed by CMS, which were formerly entirely federal in nature, are now being extended to or incorporated into state-administered Medicaid programs. These new state-based requirements could impact our readiness status or eligibility under certain state Medicaid programs or contracts. Further, the Star Rating System utilized by CMS to evaluate Medicare plans may have a significant effect on our revenue, as higher-rated plans tend to experience increased enrollment and plans with a Star rating of 4.0 or higher are eligible for quality-based bonus payments. Beginning in 2016, those Medicare plans that achieve less than a 3.0 Star rating for three consecutive years will be issued a notice of non-renewal of their contract for the following year. If we do not maintain our Star ratings above 3.0 or continue to improve our Star ratings, fail to meet or exceed our competitors' Star ratings, or if quality-based bonus payments are reduced or eliminated, we may experience a negative impact on our revenues and the benefits that our plans can offer, which could materially and adversely affect the marketability of our plans, our membership levels, results of operations, financial condition, and cash flows. Similarly, if we fail to meet or exceed any performance standards imposed by state Medicaid programs in which we participate, we may not receive performance-based bonus payments, may incur penalties, or lose our Medicaid contract. We are periodically subject to government audits, including CMS RADV audits of our Medicare D-SNP plans to validate diagnostic data, patient claims, and financial reporting. These audits could result in significant adjustments in payments made to our health plans, which could adversely affect our financial condition and results of operations. If we fail to report and correct errors discovered through our own auditing procedures or during a RADV audit, or otherwise fail to comply with applicable laws and regulations, we could be subject to fines, civil penalties or other sanctions, which could have a material adverse effect on our ability to participate in these programs, and on our financial condition, cash flows and results of operations. In addition, if a D-SNP or MMP plan pays minimum MLR rebates for three consecutive years, such plan will become ineligible to enroll new members.

Tech & Innovation

Total Risks: 4/40 (10%)Below Sector Average

Cyber Security1 | 2.5%

Cyber Security - Risk 1

If we or one of our significant vendors sustain a cyber-attack or suffer data privacy or security breaches that disrupt our information systems or operations, or result in the dissemination of sensitive personal or confidential information, we could suffer increased costs, exposure to significant liability, reputational harm, loss of business, and other serious negative consequences.

As part of our normal operations, we routinely collect, process, store, and transmit large amounts of data, including sensitive personal information as well as proprietary or confidential information relating to our business or third parties. To ensure information security, we have implemented controls designed to protect the confidentiality, integrity and availability of this data and the systems that store and transmit such data. However, our information technology systems and safety control systems are subject to a growing number of threats from computer programmers, hackers, and other adversaries that may be able to penetrate our network security and misappropriate our confidential information, create system disruptions, or cause damage, security issues, or shutdowns. They also may be able to develop and deploy viruses, worms, and other malicious software programs that attack our systems or otherwise exploit security vulnerabilities. We may also face increased cybersecurity risks due to our reliance on internet technology and our fully remote working environment, which may create additional opportunities for cybercriminals to exploit vulnerabilities. All of these risks are also faced by our significant vendors who are also in possession of sensitive confidential information. Because the techniques used to circumvent, gain access to, or sabotage security systems can be highly sophisticated and change frequently, they often are not recognized until launched against a target, and may originate from less regulated and remote areas around the world. We may be unable to anticipate these techniques or implement adequate preventive measures, resulting in potential data loss and damage to our systems. Our systems are also subject to compromise from internal threats such as improper action by employees, including malicious insiders, or by vendors, counterparties, and other third parties with otherwise legitimate access to our systems. Our policies, employee training (including phishing prevention training), procedures and technical safeguards may not prevent all improper access to our network or proprietary or confidential information by employees, vendors, counterparties, or other third parties. Our facilities may also be vulnerable to security incidents or security attacks, acts of vandalism or theft, misplaced or lost data, human errors, or other similar events that could negatively affect our systems and our and our members' data. Moreover, we face the ongoing challenge of managing access controls in a complex environment. The process of enhancing our protective measures can itself create a risk of systems disruptions and security issues. Given the breadth of our operations and the increasing sophistication of cyberattacks, a particular incident could occur and persist for an extended period of time before being detected. The extent of a particular cyberattack and the steps that we may need to take to investigate the attack may take a significant amount of time before such an investigation could be completed and full and reliable information about the incident is known. During such time, the extent of any harm or how best to remediate it might not be known, which could further increase the risks, costs, and consequences of a data security incident. In addition, our systems must be routinely updated, patched, and upgraded to protect against known vulnerabilities. The volume of new software vulnerabilities has increased substantially, as has the importance of patches and other remedial measures. In addition to remediating newly identified vulnerabilities, previously identified vulnerabilities must also be updated. We are at risk that cyber attackers exploit these known vulnerabilities before they have been addressed. The complexity of our systems and platforms, the increased frequency at which vendors are issuing security patches to their products, our need to test patches and, in some instances, coordinate with third parties before they can be deployed, all could further increase our risks. Where doing so is necessary in order to conduct our business, we also provide sensitive personal member information, as well as proprietary or confidential information relating to our business, to our third-party service providers. Although we obtain assurances from those third parties that they have systems and processes in place to protect such data, and that they will take steps to assure the protection of such data by other third parties, those third-party service providers may also be subject to data intrusion or data breach. Any compromise of the confidential data of our members, employees, or business, or the failure to prevent or mitigate the loss of or damage to this data through breach, could result in operational, reputational, competitive, or other business harm, as well as financial costs and regulatory action. The Company maintains cybersecurity insurance in the event of an information security or cyber incident. However, the coverage may not be sufficient to cover all financial losses. In the future, we may be subject to litigation and governmental investigations related to cyber-attacks and security breaches. Any such future litigation or governmental investigation could divert the attention of management from the operation of our business, result in reputational damage, and have a material adverse impact on our business, cash flows, financial condition, and results of operations. Moreover, our programs to detect, contain, and respond to data security incidents as well as contingency plans and insurance coverage for potential liabilities of this nature may not be sufficient to cover all claims and liabilities. Noncompliance with any privacy, security or data protection laws and regulations, or any security breach, cyber-attack or cyber-security breach, and any incident involving the misappropriation, theft, loss or other unauthorized disclosure or use of, or access to, sensitive or confidential information, whether by us or by one of our third-party service providers, could require us to expend significant resources to continue to modify or enhance our protective measures and to remediate any damage. In addition, this could negatively affect our operations, cause system disruptions, damage our reputation, cause membership losses and contract breaches, and could also result in regulatory enforcement actions, material fines and penalties, litigation or other actions that could have a material adverse effect on our business, cash flows, financial condition, and results of operations.

Technology3 | 7.5%

Technology - Risk 1

We may not be successful in our artificial intelligence ("AI") administrative and operational initiatives, which could adversely affect our business, reputation, or financial results.

As part of our operating efficiencies, we are making appreciable investments in certain AI administrative tools and initiatives to enhance our operations and to save costs. There are risks associated with the development and deployment of AI, and there can be no assurance that the usage of AI will enhance our operations or reduce our operational costs. Our AI-related efforts may give rise to risks related to accuracy, bias, discrimination, intellectual property infringement, data privacy, and cybersecurity, among others. In addition, these risks include the possibility of new or enhanced governmental or regulatory scrutiny, litigation, or other legal liability, ethical concerns, negative consumer perceptions as to automation and AI, or other complications that could adversely affect our business, reputation, or financial results. The development and use of AI technologies is still in its early stages. Thus, it is not possible to predict all of the risks and potentially unintended consequences related to the use of AI by vendors, third-party developers, or the Company.

Technology - Risk 2

Our encounter data, or the encounter data of the health plans we acquire, may be inaccurate or incomplete, which could have a material adverse effect on our results of operations, financial condition, cash flows and ability to bid for, and continue to participate in, certain programs.

Our contracts require the submission of complete and correct encounter data. The accurate and timely reporting of encounter data is increasingly important to the success of our programs because more states are using encounter data to determine compliance with performance standards and to set premium rates. We have been, and continue to be, exposed to operating sanctions and financial fines and penalties for noncompliance. In some instances, our government clients have established retroactive requirements for the encounter data we must submit. There also may be periods of time in which we are unable to meet existing requirements. In either case, it may be prohibitively expensive or impossible for us to collect or reconstruct this historical data. Moreover, these same issues may also apply to the health plans we acquire, and we may be required to expend significant costs or pay fines to correct these deficiencies. In the past, we have experienced challenges in obtaining complete and accurate encounter data due to difficulties with providers and third-party vendors submitting claims in a timely fashion in the proper format, and with state agencies in coordinating such submissions. As states increase their reliance on encounter data, these difficulties could adversely affect the premium rates we receive and how membership is assigned to us and subject us to financial penalties, which could have a material adverse effect on our business, financial condition, cash flows, or results of operations, and on our ability to bid for, and continue to participate in, certain programs.

Technology - Risk 3

Our business depends on our information and medical management systems, and our inability to effectively integrate, manage, update, and keep secure our information and medical management systems could disrupt our operations.

Our business is dependent on effective and secure information systems that assist us in processing provider claims, monitoring utilization and other cost factors, supporting our medical management techniques, providing data to our regulators, and implementing our data security measures. Our members and providers also depend upon our information systems for enrollment, premium processing, primary care and specialist physician roster access, membership verifications, claims status, provider payments, and other information. If we experience a reduction in the performance, reliability, or availability of our information and medical management systems, our operations, ability to pay claims, ability to produce timely and accurate reports, and ability to maintain proper security measures could be adversely affected. We have partnered with third parties to support our information technology systems. This makes our operations vulnerable to adverse effects if such third parties fail to perform adequately. For example, in February 2019, we entered into a master services agreement with a third party vendor who manages certain of our information technology infrastructure services including, among other things, our information technology operations, end-user services, and data centers. If any licensor or vendor of any technology which is integral to our operations were to become insolvent or otherwise fail to support the technology sufficiently, our operations could be negatively affected. Additionally, our operations are vulnerable to adverse effects if such third parties are unable to perform due to forces outside of their control, such as a natural disaster or serious weather event. For example, in 2021, our third party call center, located in the province of Cebu in the Philippines, suffered significant disruptions as a result of the destruction caused by Super Typhoon Rai.

Macro & Political

Total Risks: 3/40 (8%)Above Sector Average

Economy & Political Environment1 | 2.5%

Economy & Political Environment - Risk 1

The value of our investments is influenced by varying economic and market conditions, and a decrease in value may result in a loss charged to income.

We maintain a significant investment portfolio of cash equivalents and short-term and long-term investments in a variety of securities, which are subject to general credit, liquidity, market and interest rate risks. As a result, we may experience a reduction in value or loss of our investments, which may have a negative adverse effect on our results of operations, liquidity and financial condition. Changes in the economic environment, including periods of increased volatility in the securities markets and recent increases in inflation and interest rates, can increase the difficulty of assessing investment impairment and increase the risk of potential impairment of these assets. There is continuing risk that declines in the fair value of our investments may occur and material impairments may be charged to income in future periods, resulting in recognized losses.

Natural and Human Disruptions1 | 2.5%

Natural and Human Disruptions - Risk 1

Because our corporate headquarters are located in Southern California, our business operations may be disrupted as a result of a major earthquake or wildfire.

Our corporate headquarters are located in Long Beach, California. In addition, some of our health plans' claims are processed in Long Beach, California. Southern California is exposed to a statistically greater risk of a major earthquake and wildfires than most other parts of the United States. If a major earthquake or wildfire were to strike Southern California, our corporate functions and claims processing could be impaired for an unforeseen period of time. If there is a major Southern California earthquake or wildfire, there can be no assurances that our disaster recovery plan will be successful or that the business operations of our health plans, including those that are remote from any such event, would not be impacted. Item 1C. CYBERSECURITY CYBERSECURITY RISK MANAGEMENT, GOVERNANCE AND RISK ASSESSMENT The Company is committed to protecting the confidentiality, integrity, and availability of its information systems and the data they contain from cybersecurity threats. The Company recognizes that cybersecurity is a dynamic and evolving area of risk that requires ongoing assessment, management, and oversight. The Company has established a cybersecurity program (the "Program") that is designed to assess, identify, manage, and mitigate material cybersecurity threats, as well as to respond to and recover from cybersecurity incidents. CYBERSECURITY RISK MANAGEMENT The Program is based on the National Institute of Standards and Technology ("NIST") Cybersecurity Framework ("CSF"), NIST Special Publication 800-53, and the Payment Card Industry standards, as applicable, and designed to comply with applicable laws and regulations, including HIPAA and the New York Department of Financial Services Cybersecurity Regulation, as applicable. This does not imply that we meet any particular technical standards, specifications, or requirements, only that we use the NIST CSF and Payment Card Industry standards as guides to help us identify, assess, and manage cybersecurity risks relevant to our business. The Program is aligned with the Company's overall enterprise risk management system and processes and shares common methodologies, reporting channels and governance processes that apply across the enterprise risk management program to other legal, compliance, strategic, operational, and financial risk areas. Control procedures are assessed regularly to confirm their effectiveness. The Company undergoes an annual Service Organization Controls ("SOC") Type 2 attestation report covering the performance of safeguards deployed to protect certain Company systems and applications. The Company maintains cybersecurity insurance providing coverage for certain costs related to security failures and specified cybersecurity-related incidents that interrupt our network or networks of our vendors, in all cases up to specified limits and subject to certain exclusions. The Company has a designated Chief Information Security Officer (the "CISO"). The Program is implemented and managed by the Company's executive management under the leadership of the CISO. The Company contracts with third-party service providers to support aspects of the Program implementation, operations, and review of information technology operations and cybersecurity technologies. Additionally, the Company has retained a number of well-established and reputable cybersecurity consultants, including forensics experts, auditors, as well as outside cybersecurity legal counsel to assist with cybersecurity matters as needed from time to time. The Company has a Computer Incident Response Team ("CIRT") which is responsible for monitoring, preventing, detecting, assisting with the investigation, and responding to cybersecurity threats. The Company has in place an Information Security Incident Response Plan ("IRP") Protocol which provides an operational framework to coordinate the response to any type of cybersecurity incident affecting the Company. The CIRT team informs the CISO of cybersecurity threats consistent with the IRP. The IRP also provides the process and oversight to manage cybersecurity incidents that may arise from a third-party service provider. In addition, the IRP addresses management responsibility with respect to disclosure determinations related to a cybersecurity incident and provides for Audit Committee and Board briefings as appropriate. The Company's cybersecurity policies and procedures are reviewed by the CISO and updated at least annually. In addition, under the IRP, following the resolution of a cybersecurity incident, the Company will generally consider the effectiveness of the Program and the IRP, make adjustments as appropriate, and report to senior management and the Audit Committee as appropriate on these matters. The cybersecurity policies and procedures are communicated and enforced throughout the Company, as well as with the third-party service providers that have access to the Company's information systems or nonpublic information. Cybersecurity policies and procedures are also subject to periodic review and audits by internal and external parties, such as the internal audit function, external auditors, regulators, or independent assessors. The Company requires employees to undergo cybersecurity-related training, including phishing prevention training, and employees are tested regularly through phishing exercises. GOVERNANCE The CISO is responsible for developing, maintaining, and enforcing the Program's policies and procedures, as well as reporting on the Program's performance and material cybersecurity risks to the Audit Committee. The CISO has the relevant expertise and authority to carry out the Program's objectives and to coordinate with other key stakeholders within and outside the Company. The CISO's expertise includes decades of information technology and cybersecurity as a subject matter expert, including more than a decade of executive management experience as a CISO for Fortune 500 companies. The Program is overseen by the Company's Board of Directors through its Audit Committee which, pursuant to its charter, assists the Board with oversight of Company privacy, data security, and cybersecurity matters and risks. The Audit Committee meets regularly with the Company's executive management, including the CISO and the Chief Information Officer, and receives updates on the status and overall effectiveness of the Program, changes to the Program, relevant information technology operations, any changes in material cybersecurity risks and any significant cybersecurity incidents consistent with the IRP. The Audit Committee also discusses with executive management the steps management has taken to monitor and mitigate privacy, data security, and cybersecurity risk exposures, the Company's information governance policies and programs, and major legislative and regulatory developments that could materially impact the Company's exposure regarding privacy, data security risk, and cybersecurity. The Audit Committee reports to the full Board regarding its activities, including those related to cybersecurity. The Audit Committee and the Board consider cybersecurity as part of the Company's business strategy, financial planning, and capital allocation. CYBERSECURITY RISK ASSESSMENT The CISO is responsible for assessing and managing the Company's material risks from cybersecurity threats. The Company conducts regular risk assessments to identify, evaluate, and prioritize material cybersecurity risks to the Company, including its health plans and state contracts, shared services and IT operations, or business strategy. The risk assessments are informed by various sources of information, such as internal and external audits, vulnerability scans, penetration tests, threat intelligence, incident reports, industry benchmarks, and accepted industry practices. The risk assessments consider the potential impact and likelihood of various cybersecurity threats, such as ransomware, malware, social engineering, third-party incidents, supply chain attacks and insider threats, and contemplates the adequacy of controls to detect, prevent, respond, and recover to reduce the possibility of an adverse material cybersecurity event. The Company has in place processes to identify material risks from cybersecurity threats associated with its use of third-party service providers and as such, conducts assessments of such third-party service providers with respect to their cybersecurity programs and risks and requires third-party service providers to notify the Company if they experienced a cybersecurity incident. The Company hires experienced security professionals to conduct advanced and realistic cybersecurity attack simulations to verify its Program, and conducts regular cybersecurity tabletop exercises with executive management, which are coordinated by a third-party. We have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected or are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition.

Capital Markets1 | 2.5%

Capital Markets - Risk 1

Adverse credit market conditions may have a material adverse effect on our liquidity or our ability to obtain credit on acceptable terms.

In the past, the securities and credit markets have experienced extreme volatility and disruption. The availability of credit, from virtually all types of lenders, has at times been restricted. In the event we need access to additional capital to pay our operating expenses, fund subsidiary surplus requirements, make payments on or refinance our indebtedness, pay capital expenditures, or fund acquisitions, our ability to obtain such capital may be limited and the cost of any such capital may be significant, particularly if we are unable to access our existing revolving credit facility. Our access to additional financing will depend on a variety of factors such as prevailing economic and credit market conditions, the general availability of credit, the overall availability of credit to our industry, our credit ratings and credit capacity, and perceptions of our financial prospects. Similarly, our access to funds may be impaired if regulatory authorities or rating agencies take negative actions against us. If one or any combination of these factors were to occur, our internal sources of liquidity may prove to be insufficient, and in such case, we may not be able to successfully obtain sufficient additional financing on favorable terms, within an acceptable time, or at all. We are party to a credit agreement (the "Credit Agreement") which includes a revolving credit facility ("Credit Facility") of $1.0 billion, among other provisions. Our Credit Agreement, and the indentures governing our notes, require us to comply with various covenants that impose restrictions on our operations, including our ability to incur additional indebtedness, create liens, pay dividends, make certain investments or other restricted payments, sell or otherwise dispose of substantially all of our assets and engage in other activities. Our Credit Agreement also requires us to comply with a maximum consolidated net leverage ratio and a minimum consolidated interest coverage ratio. These restrictive covenants could limit our ability to pursue our business strategies. In addition, any failure by us to comply with these restrictive covenants could result in an event of default under the Credit Agreement and, in some circumstances, under the indentures governing our notes, which, in any case, could have a material adverse effect on our financial condition. GENERAL RISK FACTORS

Ability to Sell

Total Risks: 2/40 (5%)Below Sector Average

Sales & Marketing2 | 5.0%

Sales & Marketing - Risk 1

If the responsive bids of our health plans for new or renewed Medicaid contracts are not successful, or if our government contracts are terminated or are not renewed on favorable terms, our premium revenues could be materially reduced and our operating results could be negatively impacted.

We currently derive our premium revenues from health plans that operate in 20 states. Our Medicaid premium revenue constituted 81% of our consolidated premium revenue in the year ended December 31, 2023. Measured by Medicaid premium revenue by health plan, our top four health plans were in California, New York, Texas, and Washington, with aggregate Medicaid premium revenue of $13.5 billion, or approximately 51% of total Medicaid premium revenue, in the year ended December 31, 2023. If we are unable to continue to operate in any of our existing jurisdictions, or if our current operations in those jurisdictions or any portions of those jurisdictions are significantly curtailed or terminated entirely, our revenues could decrease materially. Many of our government contracts are effective only for a fixed period of time and will only be extended for an additional period of time if the contracting entity elects to do so. When our government contracts expire, they may be opened for bidding by competing health plans, and there is no guarantee that the contracts will be renewed or extended. Even if our contracts are renewed or extended, there can be no assurance that they will be renewed or extended on the same terms or without a reduction in the applicable service areas. Even if our responsive bids are successful, the bids may be based upon assumptions regarding enrollment, utilization, medical costs, or other factors which could result in the contract being less profitable than we had expected or could result in a net loss. Furthermore, our contracts contain certain provisions regarding, among other things, eligibility, enrollment and dis-enrollment processes for covered services, eligible providers, periodic financial and information reporting, quality assurance and timeliness of claims payment, and are subject to cancellation if we fail to perform in accordance with the standards set by regulatory agencies.

Sales & Marketing - Risk 2

We face various risks inherent in the government contracting process that could materially and adversely affect our business and profitability, including periodic routine and non-routine reviews, audits, and investigations by government agencies.

We are subject to various risks inherent in the government contracting process. These risks include routine and non-routine governmental reviews, audits, and investigations, and compliance with government reporting requirements. Violation of the laws, regulations, or contract provisions governing our operations, or changes in interpretations of those laws and regulations, could result in the imposition of civil or criminal penalties, the cancellation of our government contracts, the suspension or revocation of our licenses, the exclusion from participation in government sponsored health programs, or the revision and recoupment of past payments made based on audit findings. If we are unable to correct any noted deficiencies, or become subject to material fines or other sanctions, we could suffer a substantial reduction in profitability, and could also lose one or more of our government contracts. In addition, government receivables are subject to government audit and negotiation, and government contracts are vulnerable to disagreements with the government. The final amounts we ultimately receive under government contracts may be different from the amounts we initially recognize in our financial statements.

See a full breakdown of risk according to category and subcategory. The list starts with the category with the most risk. Click on subcategories to read relevant extracts from the most recent report.

FAQ

What are “Risk Factors”?

Risk factors are any situations or occurrences that could make investing in a company risky.

The Securities and Exchange Commission (SEC) requires that publicly traded companies disclose their most significant risk factors. This is so that potential investors can consider any risks before they make an investment.

They also offer companies protection, as a company can use risk factors as liability protection. This could happen if a company underperforms and investors take legal action as a result.

It is worth noting that smaller companies, that is those with a public float of under $75 million on the last business day, do not have to include risk factors in their 10-K and 10-Q forms, although some may choose to do so.

How do companies disclose their risk factors?

Publicly traded companies initially disclose their risk factors to the SEC through their S-1 filings as part of the IPO process.

Additionally, companies must provide a complete list of risk factors in their Annual Reports (Form 10-K) or (Form 20-F) for “foreign private issuers”.

Quarterly Reports also include a section on risk factors (Form 10-Q) where companies are only required to update any changes since the previous report.

According to the SEC, risk factors should be reported concisely, logically and in “plain English” so investors can understand them.

How can I use TipRanks risk factors in my stock research?

Use the Risk Factors tab to get data about the risk factors of any company in which you are considering investing.

You can easily see the most significant risks a company is facing. Additionally, you can find out which risk factors a company has added, removed or adjusted since its previous disclosure. You can also see how a company’s risk factors compare to others in its sector.

Without reading company reports or participating in conference calls, you would most likely not have access to this sort of information, which is usually not included in press releases or other public announcements.

A simplified analysis of risk factors is unique to TipRanks.

What are all the risk factor categories?

TipRanks has identified 6 major categories of risk factors and a number of subcategories for each. You can see how these categories are broken down in the list below.

1. Financial & Corporate

Accounting & Financial Operations - risks related to accounting loss, value of intangible assets, financial statements, value of intangible assets, financial reporting, estimates, guidance, company profitability, dividends, fluctuating results.
Share Price & Shareholder Rights – risks related to things that impact share prices and the rights of shareholders, including analyst ratings, major shareholder activity, trade volatility, liquidity of shares, anti-takeover provisions, international listing, dual listing.
Debt & Financing – risks related to debt, funding, financing and interest rates, financial investments.
Corporate Activity and Growth – risks related to restructuring, M&As, joint ventures, execution of corporate strategy, strategic alliances.

2. Legal & Regulatory

Litigation and Legal Liabilities – risks related to litigation/ lawsuits against the company.
Regulation – risks related to compliance, GDPR, and new legislation.
Environmental / Social – risks related to environmental regulation and to data privacy.
Taxation & Government Incentives – risks related to taxation and changes in government incentives.

3. Production

Costs – risks related to costs of production including commodity prices, future contracts, inventory.
Supply Chain – risks related to the company’s suppliers.
Manufacturing – risks related to the company’s manufacturing process including product quality and product recalls.
Human Capital – risks related to recruitment, training and retention of key employees, employee relationships & unions labor disputes, pension, and post retirement benefits, medical, health and welfare benefits, employee misconduct, employee litigation.

4. Technology & Innovation

Innovation / R&D – risks related to innovation and new product development.
Technology – risks related to the company’s reliance on technology.
Cyber Security – risks related to securing the company’s digital assets and from cyber attacks.
Trade Secrets & Patents – risks related to the company’s ability to protect its intellectual property and to infringement claims against the company as well as piracy and unlicensed copying.

5. Ability to Sell

Demand – risks related to the demand of the company’s goods and services including seasonality, reliance on key customers.
Competition – risks related to the company’s competition including substitutes.
Sales & Marketing – risks related to sales, marketing, and distribution channels, pricing, and market penetration.
Brand & Reputation – risks related to the company’s brand and reputation.

6. Macro & Political

Economy & Political Environment – risks related to changes in economic and political conditions.
Natural and Human Disruptions – risks related to catastrophes, floods, storms, terror, earthquakes, coronavirus pandemic/COVID-19.
International Operations – risks related to the global nature of the company.
Capital Markets – risks related to exchange rates and trade, cryptocurrency.

Become an Expert with TipRanks Premium

What am I Missing?

Make informed decisions based on Top Analysts' activity

Know what industry insiders are buying

Get actionable alerts from top Wall Street Analysts

Find out before anyone else which stock is going to shoot up

Get powerful stock screeners & detailed portfolio analysis

Subscribe Now See Plans & Pricing