Morningstar (MORN) Risk Analysis

The expansion of our business over time, including through acquisitions, has resulted in greater exposure to governmental regulation across our product lines. In some cases, such as with our credit ratings business, interactions with regulators are extensive and continuous, which is increasingly costly and resource intensive to manage. To the extent any of those interactions result in a finding of noncompliance, they could pose a significant reputational risk to us, expose us to fines, sanction and penalties and negatively impact our business. Regardless of source, allegations of improper conduct, whether the ultimate outcome is favorable or unfavorable to us, as well as negative publicity or media reports about Morningstar and its relationships with third parties, whether valid or not, may harm our brand and reputation and damage our business. Morningstar DBRS, our credit ratings business, operates in a highly regulated environment in Canada, the US, the UK, and the EU, requiring substantial ongoing compliance obligations with laws and regulations that govern credit ratings. At times, the scope, interpretation, and administration of these laws and regulations may also be uncertain, inconsistent across geographies and difficult to fully reconcile in a cost-efficient manner. Further, many aspects of credit ratings agency policies and practices and their compliance with applicable law, regulations, contracts and license arrangements are not the subject of definitive regulatory guidance or case law. Maintaining compliance with any expanded requirements that may be imposed by these laws and regulations can be time consuming and require significant resources. Morningstar DBRS is also subject to regular regulatory examinations and occasional investigations, which are time consuming and can impact day-to-day operations. Three of our subsidiaries, Morningstar Investment Management LLC (MIM), Morningstar Investment Services LLC, and Morningstar Research Services LLC, are registered as investment advisers with the SEC under the Advisers Act, which subjects them to requirements related to record-keeping, reporting and standards of care, in addition to fiduciary obligations owed to their clients. Morningstar Investment Services is also a broker/dealer registered under the Exchange Act and is subject to the rules of FINRA. The Morningstar Funds Trust is a registered open-end mutual fund for which MIM acts as the investment advisor under an investment management agreement, and, as a result, also subjects MIM to regulation under the Investment Company Act of 1940 and the Commodity Exchange Act. As registered investment advisers, these subsidiaries are subject to on-site examination by the SEC. In addition, in cases where these subsidiaries provide investment advisory services to retirement plans and their participants, they may be acting as fiduciaries under ERISA, which requires them to meet and uphold various fiduciary obligations. We may face liabilities for actual or claimed breaches of our fiduciary duties, particularly in areas where we provide retirement or investment advice and managed retirement accounts. In some of our retirement contracts, we act as an ERISA fiduciary by, for example, selecting and monitoring a broad range of diversified plan options. We also provide a managed account service for retirement plan participants who elect to have their accounts managed by our programs. Such activities are, and in the future may again be, the subject of class action litigation, including one such proceeding in which we have been named. Many of our asset management and financial advisor clients are similarly regulated. If our license products and services fail to satisfy the regulatory requirements applicable to these clients, we may lose their business. Our regulated investment services operations are subject to regulation in markets outside the US. Post Brexit, we made a strategic decision to restrict the provision of regulated investment management activity to EU domiciled clients in part to reduce regulatory risk. The UK-based Morningstar Wealth Platform (Platform) has regulatory compliance obligations related to, among other things, the safeguarding and administration of client monies and assets, due to the offering of regulated products and services in the UK. The Platform business has offices in Jersey, South Africa, and the United Arab Emirates, all of which are or have been subject to the Financial Action Task Force (FATF) grey list. Increased regulatory scrutiny in Jersey, which was recently removed from the FATF grey list, and South Africa, which is currently on the FATF grey list, increase compliance costs and exposes us to potential reputational harm. Our index business, Morningstar Indexes, is subject to regulations related to the oversight of the provision of benchmark administration services in the UK and EU. Specifically, the EU Benchmarks Regulation seeks to improve governance and controls over the benchmark process, in order to ensure that administrators effectively manage conflicts of interest. Furthermore, the regulations require administrators to improve the quality of input data and methodologies and ensure that contributors to benchmarks and the data they provide are subject to adequate controls. In addition, Morningstar Indexes has continued to monitor previously identified developments whereby the SEC sought comment on whether index providers, model portfolio providers and pricing services should be regulated as investment advisers or outsourced service providers in the US. These potential developments could increase regulatory exposure and compliance costs if and when adopted. Our Morningstar Sustainalytics business could be negatively affected by enhanced regulation of its research, ratings and data activities and other reporting requirements. The EU regulation for registering and supervising companies acting as external reviewers for green bonds aligned with the European Green Bond Standards (EuGBS) framework,and the EU legislation for registering and supervising companies that provide ESG ratings both require significant investments to build, implement and maintain appropriate operational and governance structures, internal controls and compliance processes. As legislation is evolving in the EU, other jurisdictions are also running consultation processes to put in place regulatory frameworks for these ratings, data and/or SPO providers, which contemplate governance policies, quality assurance and other internal control program requirements that may not be consistent with the EU. The final form of any of these regulations or other measures is still uncertain. Such regulatory regimes could impose significant compliance burdens and costs on Morningstar Sustainalytics and, as with all new regulation, could be subject to ambiguous interpretation that could result in inadvertent noncompliance. Furthermore, as our Morningstar Sustainalytics business operates globally we may be subject to additional future regulation in multiple jurisdictions, which may be inconsistent. Conversely, deregulation could lead to reduced demand for our Morningstar Sustainalytics products, which could impact our operating results and financial condition. Compliance failures by any of these highly regulated businesses could lead to negative publicity, fines, settlements, and/or temporary or permanent operating restrictions, which could have a material adverse impact on our operating results or financial condition. New and changing laws, regulations and regulatory implementation guidance may also affect the day-to-day operation of these businesses and our customers, including by imposing new or expanded requirements. Any failure to timely or adequately address these changes could have a material adverse impact on our business, operations and financial results.

In response to market demand we offer products, including those offered by Morningstar Sustainalytics, that could expose us to potential liability and increased regulatory costs. We are subject to laws, regulations, and other measures that govern a wide range of topics, including those related to matters beyond our core business. New laws, regulations, policies, and international agreements relating to environmental, social and governance matters are being developed, formalized and amended or revoked in the EU, the US, and elsewhere globally, which requires us to comply with specific, target-driven frameworks, disclosure and other requirements in jurisdictions. For instance, the European Union Corporate Sustainability Reporting Directive (CSRD), in its current form, applies to both EU and non-EU in-scope entities and requires such entities to provide expansive disclosures on various sustainability topics including climate change, biodiversity, workforce, supply chain, and business ethics. We expect CSRD will apply to our operations in the future. As such, we have assessed our obligations under CSRD, and we expect that compliance with CSRD will require significant effort in future years. In contrast, the future of any US regulation of sustainability matters is uncertain and if adopted may not align with the disclosures required by CSRD or other legal and regulatory requirements. Similarly, a number of US states have passed, or are in the process of adopting, broad climate change disclosure requirements. We believe we have implemented reporting frameworks and principles that we are currently subject to. We have also announced a number of goals and initiatives with the advice from external consultants, including on our decarbonization efforts, in accordance with standards, including, but not limited to, Task Force on Climate-Related Financial Disclosure (TCFD), Sustainability Accounting Standards Board (SASB), and Global Reporting Initiative (GRI). Morningstar has committed to decarbonize 50% of our scope 1 and scope 2 greenhouse gas emissions by 2030 and to publicly disclose our emissions annually. The practical implementation of initiatives, as well as compliance with emerging or amended mandatory regulations may require the expenditure of unanticipated or significant resources, management time and expense. Any failure, or perceived failure, by us to comply fully with mandatory ESG laws and regulations could harm our business, operating results, and financial condition.

We use, and may continue to expand our use of, machine learning and AI technologies into certain of our products and processes. If we fail to keep pace with rapidly evolving AI technological developments or if other firms implement AI technologies more effectively than we do, our competitive position and business results may suffer. As AI technology is highly complex and rapidly evolving, and our ability to foresee all the legal, operational or technological risks that may arise from our use of AI is limited. Use of AI is also the subject to an evolving governmental and regulatory landscape, which may subject the company to additional scrutiny. The introduction of AI technologies, particularly generative AI, into new or existing offerings may result in errors and new or expanded risks and liabilities, including enhanced compliance obligations and regulatory scrutiny, litigation, ethical concerns, confidentiality or security risks, that could adversely affect our business, reputation, and financial results. For example, AI technologies can lead to unintended consequences and errors, including generating content that appears correct but is factually inaccurate, misleading or otherwise flawed, or that results in unintended biases and discriminatory outcomes, which could harm our reputation and expose us to liability. Laws, regulations or industry standards that develop in response to the use of AI may be burdensome or may significantly restrict the deployment of AI, particularly generative AI technologies, in our products or processes. We have taken steps designed to manage risks related to our adoption of AI; however, these steps may not sufficiently mitigate these risks, which include but are not limited to risks related to employee error or malfeasance, the loss of intellectual property, claims of bias or discrimination, or product liability claims. We may be subject to specific obligations relating to the use of AI technologies in our operations or the incorporation of AI technologies in our products and services, including the EU Artificial Intelligence Act (EU AI Act). We expect that regulators in the various global locations we do business in will pursue new rules governing AI, whether through regulations specific to AI or through updating existing laws to incorporate new AI-specific provisions. This evolving regulatory environment may cause us to incur substantial costs or require us to change our business practices, which may impact our financial results. Any failure to timely or adequately address these regulations, or any future changes to or expanded regulations, may expose us to significant compliance costs, potential liabilities or fines. AI technologies may use or incorporate data from third-party sources, which may expose us to risks associated with data rights and protection and may also lead to the unintended consequences of using AI discussed above. Current laws and court decisions governing intellectual property ownership and license rights may not address new questions relating to AI technologies, which may negatively affect our ability to safeguard our intellectual property, as well as increase the compliance costs associated with navigating an uncertain legal and regulatory environment. The use or adoption of AI technologies into our products may expose us to claims of copyright infringement or other intellectual property misappropriation by third parties, which may require us to pay compensation or license fees. In addition to the implementation of AI in our tools and products, there is risk associated with the implementation of AI technologies by competitors or disruptors. The value of our products and services may be negatively affected by the increasing amount of information and external tools that are available for free, or at low cost, through Internet sources that use AI to scrape data – including our own content – from the Internet. These technologies integrate machine learning abilities and other AI systems to process and organize large data sets aggregated from products that previously were paid for, posing an external risk to our product suite. The rapidly evolving regulatory environment for AI technologies may also impact our ability to protect our own data and intellectual property against infringement through these AI external tools.

Our business results are partly driven by factors outside of our control including, but not limited to, general economic and financial market trends which may be impacted by availability of credit, changes in laws, trade barriers, currency exchange rates and controls, and national and international geopolitical circumstances and uncertainties. Prolonged economic and financial downturns, sustained volatility in the financial markets, interest and inflation rate fluctuations and periods of stagflation, among other conditions impacting investor sentiment can reduce investor interest and investment activity and have, and may in the future, decrease demand for our software, data, analyst ratings, research products, and decrease net flows of funds into our investment management products. We cannot predict the occurrence, timing or duration of any economic cycle generally or in the markets in which our businesses operate. Fluctuations in interest rates and rate uncertainty brought on by central bank decisions that have reduced credit issuance in prior periods may in the future put negative pressure on our credit ratings business. Our credit ratings business, as well as our SPO business, have been, and may again be, impacted by volatility in US and international financial markets due to their dependence on the number and dollar volume of debt securities issued in the capital markets. Market disruptions, rising interest rates, widening credit spreads, and economic slowdowns historically have impacted and may in the future impact the volume of debt securities issued in global capital markets and the demand for credit ratings. Demand for credit ratings can also be negatively affected by negative publicity about the credit ratings business, regulatory and political developments, growth in the use of alternative sources of credit, and defaults by significant issuers. Our ability to reduce costs in the event of such adverse developments can be negatively impacted by, among other things, our obligations to monitor and maintain outstanding ratings. Declines or other changes in the markets for debt securities may materially and adversely affect our business, operating results, and financial condition. For our license-based businesses, many of our customers are asset management and financial advisory firms and other financial-services companies, who are also subject to global market trends. The ascendance of passive investment strategies may affect both the profitability of asset managers that focus on actively managed strategies, on whose success we in part depend, and the perceived value of our research regarding actively managed such strategies. A sustained global recession or other financial downturn or crisis would likely lead to material spending cutbacks among certain of our clients, and create longer sales cycles. Consolidation in the financial services sector reduces the number of potential clients for our products and services. Further, clients may discontinue their use of our products and services should they fail and/or merge with or become acquired by other entities that are not our clients or that use fewer of our products and services. These trends could impact demand for our products and services or change the financial services landscape in which we operate, resulting in lower revenue and operating income. Our PitchBook business is also subject to cyclical trends specific to the private capital markets. Many of PitchBook's clients are investment banks and other participants in the capital and M&A markets, which are subject to periodic business downturns driven by changes in such markets. During these downturns, they often seek to reduce spending on third-party services, as well as the number of employees, which would directly and adversely affect the number of prospective users for the PitchBook platform. The amount of asset-based revenue we earn primarily depends on the value of assets on which we provide advisory services, and the size of our asset base can increase or decrease based on market performance. Our revenue from asset-based fees has been, and may in the future be, adversely affected by market declines. Asset levels can also be affected if inflows into the portfolios for which we provide investment advisory services drop or if these portfolios experience redemptions. A drop in inflows or an increase in redemptions can result from a variety of factors, including overall market conditions or uncompetitive investment performance. If the level of assets on which we provide investment advisory or investment management services declines, we would expect our fee-based revenue to show a corresponding decline. The industrywide trend toward lower asset-based fees may also impact our fee-based revenue. A shift by investors to non-traditional asset classes such as cryptocurrencies, private debt, real estate, structured products, and collectibles may affect our assets under management if we are unable to incorporate them into our investment strategies or if they fail to perform in the manner that our research anticipates.