Morningstar (MORN) Risk Analysis

The expansion of our business over time, including through acquisitions, has resulted in greater exposure to governmental regulation across our product lines. In some cases, such as with our credit ratings business, interactions with regulators are extensive and continuous, which is increasingly costly and resource intensive to manage. To the extent any of those interactions result in a finding of noncompliance, they could pose a significant reputational risk to us, expose us to fines, sanction and penalties and negatively impact our business. Regardless of source, allegations of improper conduct, whether the ultimate outcome is favorable or unfavorable to us, as well as negative publicity or media reports about Morningstar and its relationships with third parties, whether valid or not, may harm our brand and reputation and damage our business. Morningstar DBRS, our credit ratings business, operates in a highly regulated environment in Canada, the US, the UK, and the EU, requiring substantial ongoing compliance obligations with laws and regulations that govern credit ratings. At times, the scope, interpretation, and administration of these laws and regulations may also be uncertain, inconsistent across geographies and difficult to fully reconcile in a cost-efficient manner. Further, many aspects of credit ratings agency policies and practices and their compliance with applicable law, regulations, contracts and license arrangements are not the subject of definitive regulatory guidance or case law. Maintaining compliance with any expanded requirements that may be imposed by these laws and regulations can be time consuming and require significant resources. Morningstar DBRS is also subject to regular regulatory examinations and occasional investigations, which are time consuming and can impact day-to-day operations. Three of our subsidiaries, Morningstar Investment Management LLC (MIM), Morningstar Investment Services LLC, and Morningstar Research Services LLC, are registered as investment advisers with the SEC under the Advisers Act, which subjects them to requirements related to record-keeping, reporting and standards of care, in addition to fiduciary obligations owed to their clients. Morningstar Investment Services is also a broker/dealer registered under the Exchange Act and is subject to the rules of FINRA. The Morningstar Funds Trust is a registered open-end mutual fund for which MIM acts as the investment advisor under an investment management agreement, and, as a result, also subjects MIM to regulation under the Investment Company Act of 1940 and the Commodity Exchange Act. As registered investment advisers, these subsidiaries are subject to on-site examination by the SEC. In addition, in cases where these subsidiaries provide investment advisory services to retirement plans and their participants, they may be acting as fiduciaries under ERISA, which requires them to meet and uphold various fiduciary obligations. We may face liabilities for actual or claimed breaches of our fiduciary duties, particularly in areas where we provide retirement or investment advice and managed retirement accounts. In some of our retirement contracts, we act as an ERISA fiduciary by, for example, selecting and monitoring a broad range of diversified plan options. We also provide a managed account service for retirement plan participants who elect to have their accounts managed by our programs. Such activities are, and in the future may again be, the subject of class action litigation, including one such proceeding in which we have been named. Many of our asset management and financial advisor clients are similarly regulated. If our license products and services fail to satisfy the regulatory requirements applicable to these clients, we may lose their business. Our regulated investment services operations are subject to regulation in markets outside the US. Post Brexit, we made a strategic decision to restrict the provision of regulated investment management activity to EU domiciled clients in part to reduce regulatory risk. The UK-based Morningstar Wealth Platform (Platform) has regulatory compliance obligations related to, among other things, the safeguarding and administration of client monies and assets, due to the offering of regulated products and services in the UK. The Platform business has offices in Jersey, South Africa, and the United Arab Emirates, all of which are or have been subject to the Financial Action Task Force (FATF) grey list. Increased regulatory scrutiny in Jersey, which was recently removed from the FATF grey list, and South Africa, which is currently on the FATF grey list, increase compliance costs and exposes us to potential reputational harm. Our index business, Morningstar Indexes, is subject to regulations related to the oversight of the provision of benchmark administration services in the UK and EU. Specifically, the EU Benchmarks Regulation seeks to improve governance and controls over the benchmark process, in order to ensure that administrators effectively manage conflicts of interest. Furthermore, the regulations require administrators to improve the quality of input data and methodologies and ensure that contributors to benchmarks and the data they provide are subject to adequate controls. In addition, Morningstar Indexes has continued to monitor previously identified developments whereby the SEC sought comment on whether index providers, model portfolio providers and pricing services should be regulated as investment advisers or outsourced service providers in the US. These potential developments could increase regulatory exposure and compliance costs if and when adopted. Our Morningstar Sustainalytics business could be negatively affected by enhanced regulation of its research, ratings and data activities and other reporting requirements. The EU regulation for registering and supervising companies acting as external reviewers for green bonds aligned with the European Green Bond Standards (EuGBS) framework,and the EU legislation for registering and supervising companies that provide ESG ratings both require significant investments to build, implement and maintain appropriate operational and governance structures, internal controls and compliance processes. As legislation is evolving in the EU, other jurisdictions are also running consultation processes to put in place regulatory frameworks for these ratings, data and/or SPO providers, which contemplate governance policies, quality assurance and other internal control program requirements that may not be consistent with the EU. The final form of any of these regulations or other measures is still uncertain. Such regulatory regimes could impose significant compliance burdens and costs on Morningstar Sustainalytics and, as with all new regulation, could be subject to ambiguous interpretation that could result in inadvertent noncompliance. Furthermore, as our Morningstar Sustainalytics business operates globally we may be subject to additional future regulation in multiple jurisdictions, which may be inconsistent. Conversely, deregulation could lead to reduced demand for our Morningstar Sustainalytics products, which could impact our operating results and financial condition. Compliance failures by any of these highly regulated businesses could lead to negative publicity, fines, settlements, and/or temporary or permanent operating restrictions, which could have a material adverse impact on our operating results or financial condition. New and changing laws, regulations and regulatory implementation guidance may also affect the day-to-day operation of these businesses and our customers, including by imposing new or expanded requirements. Any failure to timely or adequately address these changes could have a material adverse impact on our business, operations and financial results.