Arcus Biosciences (RCUS) Risk Analysis

The market price of our common stock has fluctuated and may fluctuate significantly in response to numerous factors, many of which are beyond our control, including: - overall performance of the equity markets;- our operating performance and the performance of other similar companies;- results from our ongoing clinical trials and future clinical trials with our current and future investigational products or of our competitors;- changes in our projected operating results that we provide to the public, our failure to meet these projections or changes in recommendations by securities analysts that elect to follow our common stock;- regulatory, trade or legal developments in the U.S. and other countries, including changes in tariffs or other trade restrictions and the changes in the structure of healthcare payment systems;- the level of expenses related to future investigational products or clinical development programs;- our failure to achieve product development goals in the timeframe we announce;- announcements of acquisitions, strategic alliances or significant agreements by us or by our competitors;- recruitment or departure of key personnel;- the economy as a whole and market conditions in our industry;- trading activity by a limited number of stockholders who together beneficially own a majority of our outstanding common stock;- the size of our market float; and - any other factors discussed in this report. In addition, the stock markets have experienced extreme price and volume fluctuations that have affected and continue to affect the market prices of equity securities of many immuno-oncology companies. Stock prices of many immuno-oncology companies have fluctuated in a manner unrelated or disproportionate to the operating performance of those companies. In the past, stockholders have filed securities class action litigation following periods of market volatility. If we were to become involved in securities litigation, it could subject us to substantial costs, divert resources and the attention of management from our business and adversely affect our business.

We are subject to the reporting requirements of the Exchange Act, the Sarbanes-Oxley Act and the rules and regulations of the New York Stock Exchange. The Sarbanes-Oxley Act requires, among other things, that we maintain effective disclosure controls and procedures and internal controls over financial reporting. Our internal control over financial reporting is a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements in accordance with U.S. GAAP. Our internal control over financial reporting will not prevent or detect all errors and all fraud. A control system, no matter how well designed and operated, can provide only reasonable, not absolute, assurance that the control system's objectives will be met. Because of the inherent limitations in all control systems, no evaluation of controls can provide absolute assurance that misstatements due to error or fraud will not occur or that all control issues and instances of fraud will be detected. Accordingly, we cannot assure you that we will not in the future identify one or more material weaknesses in our internal control over financial reporting, which may have a negative impact on our ability to timely and accurately produce financial statements, may result in a material misstatement of our Condensed Consolidated Financial Statements or may negatively impact the confidence level of our stockholders and other market participants with respect to our reported financial information. Ensuring that we have adequate internal controls over financial reporting is a costly and time-consuming effort that needs to be re-evaluated frequently. Recent trends in remote work arrangements have led to changes in work patterns that can make it more difficult to properly perform our controls and may create risks that result in deficiencies in the design of our controls. To the extent necessary, implementing any changes to our internal controls may distract our officers and employees, entail substantial costs to modify our existing processes and take significant time to complete. These changes may not, however, be effective in maintaining the adequacy of our internal controls, and any failure to maintain that adequacy, or consequent inability to produce accurate financial statements on a timely basis, could increase our operating costs and harm our business.

Our strategy for fully developing and commercializing our investigational products is dependent upon maintaining our current arrangements with Gilead and our other strategic partners. Our ability to leverage these arrangements to produce commercial success will depend, among other things, on our collaborators' cooperation and ability to successfully meet their responsibilities with regards to a clinical program. We cannot predict the success of any collaboration that we enter into. Our partnership with Gilead poses a number of risks that could materially impact our operations and financial condition including, but not limited to, the following: - conflicts may arise between us and Gilead, such as conflicts regarding the combinations or indications to pursue or concerning the interpretation of clinical data, the commercial potential of any optioned investigational products, the interpretation of financial provisions or the ownership of intellectual property developed during the collaboration;- if our joint development program does not result in the successful development and commercialization of products or if Gilead terminates the collaboration agreement with us, we may not receive any future research funding or milestone or royalty payments under the collaboration;- we will be heavily dependent on Gilead for its further development and commercialization of the investigational products from the programs that it opts in to;- we may not be successful in this collaboration due to various other factors, including our ability to demonstrate proof of concept in one or more clinical studies so that Gilead will exercise its option to these programs;- we have appointed three individuals that were designated by Gilead to our board of directors pursuant to the terms of the Investor Rights Agreement, and Gilead owns approximately 32.9% of our outstanding common stock as of September 30, 2024 and has the right (but not the obligation) to acquire additional shares from us up to an amount resulting in Gilead owning a total of 35% of our outstanding common stock and, as a result, may be able to exert significant influence over our company;- Gilead could independently develop, or develop with third parties, products that compete directly or indirectly with our investigational products if Gilead believes that competitive products are more likely to be successfully developed or can be commercialized under terms that are more economically attractive than ours; and - because Gilead has an option to all of our programs, it will be difficult for us to enter into new collaborations. Given the breadth of the collaboration with Gilead, our ability to form new collaborations in the future will be limited. If Gilead declines to exercise its option to a program, we may need to enter into new collaborations for such programs with companies that have more resources and experience than us. We may not be successful in these efforts because third parties may not view our investigational products as having the requisite potential to demonstrate safety and efficacy. If and when we collaborate with a third party for development and commercialization of an investigational product, we can expect to relinquish some or all of the control over the future success of that investigational product to the third party. Our ability to reach a definitive agreement for a collaboration will depend, among other things, upon our assessment of the collaborator's resources and expertise, the terms and conditions of the proposed collaboration and the proposed collaborator's evaluation of a number of factors.

In the U.S. and some foreign jurisdictions, there have been, and continue to be, several legislative and regulatory changes and proposed changes regarding the healthcare system that could prevent or delay marketing approval of investigational products, restrict or regulate post-approval activities, and affect the ability to profitably sell investigational products for which marketing approval is obtained. Among policy makers and payors in the U.S. and elsewhere, there is significant interest in promoting changes in healthcare systems with the stated goals of containing healthcare costs, improving quality and/or expanding access. In the U.S., the pharmaceutical industry has been a particular focus of these efforts and has been significantly affected by major legislative initiatives. For example, on August 16, 2022, President Biden signed into law the Inflation Reduction Act ("IRA"), which, among other things, (1) directs the U.S. Department of Health and Human Services ("HHS") to negotiate the price of certain single-source drugs and biologics covered under Medicare and (2) imposes rebates under Medicare Part B and Medicare Part D to penalize price increases that outpace inflation. The IRA also extends enhanced subsidies for individuals purchasing health insurance coverage in Affordable Care Act marketplaces through plan year 2025 and eliminates the "donut hole" under the Medicare Part D program by significantly lowering the beneficiary maximum out-of-pocket cost and through a newly established manufacturer discount program. These provisions take effect progressively starting in fiscal year 2023, although the Medicare drug price negotiation program is currently subject to legal challenges. The HHS has and will continue to issue and update guidance as these programs are implemented. It is currently unclear how the IRA will be implemented but is likely to have a significant impact on the pharmaceutical industry. We expect that other healthcare reform measures may be adopted in the future, and that any such health reform measures could have an adverse effect on our business and/or results of operation.

We face an inherent risk of product liability exposure related to the testing of our investigational products in human clinical trials and will face an even greater risk if we commercially sell any products that we may develop. If we cannot successfully defend ourselves against claims that our investigational products or products caused injuries, we could incur substantial liabilities. Regardless of merit or eventual outcome, product liability claims may result in: - delay or termination of clinical trials;- decreased demand for any investigational products or products that we may develop;- injury to our reputation and significant negative media attention;- withdrawal of clinical trial subjects;- initiation of investigations by regulators;- significant costs to defend the related litigation and diversion of management's time and our resources;- substantial monetary awards to study subjects or patients;- product recalls, withdrawals or labeling, marketing or promotional restrictions;- loss of revenue; and - the inability to commercialize any products that we may develop. Although we maintain product liability insurance coverage, it may not be adequate to cover all liabilities that we may incur. We anticipate that we will need to increase our insurance coverage as our investigational products advance through clinical trials and if we successfully commercialize any products. Insurance coverage is increasingly expensive. We may not be able to maintain insurance coverage at a reasonable cost or in an amount adequate to satisfy any liability that may arise.

We and third parties upon whom we rely may be subject to federal, state, and foreign data protection, privacy, and information security laws, regulations, guidance, industry standards, external and internal privacy and security policies, contractual requirements, and other obligations. In the U.S., numerous federal and state laws and regulations, including federal health information privacy laws, state data breach notification laws, state health information privacy laws, and federal and state consumer protection laws (e.g., Section 5 of the FTC Act), that govern the collection, use, disclosure, and protection of health-related and other personal information could apply to our operations or the operations of our collaborators. In addition, we may obtain health information from third parties (including research institutions from which we obtain clinical trial data) that are subject to privacy and security requirements under the federal Health Insurance Portability and Accountability Act of 1996 ("HIPAA") as amended by the Health Information Technology for Economic and Clinical Health Act of 2009. Depending on the facts and circumstances, we could be subject to significant penalties if we violate HIPAA. The legislative and regulatory landscape for privacy and data security continues to evolve, and we expect that there will continue to be new proposed laws, regulations and industry standards relating to privacy and data security in the U.S., the European Union (the "EU"), the United Kingdom (the "UK") and other jurisdictions. This increased focus on privacy and data security issues may negatively affect our operating results and our business. For example, the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, "CCPA") applies to personal information of consumers, business representatives, and employees who are California residents, and requires businesses to provide specific disclosures in privacy notices and honor requests of such individuals to exercise certain privacy rights. In addition, the CCPA provides for administrative noncompliance that may carry fines of up to $7,500 per violation and the CCPA authorizes private lawsuits to recover statutory damages for certain data breaches. Similar laws are being considered in several other states, as well as at the federal and local levels, and we expect more states to pass similar laws in the future. Foreign data protection laws also apply to health-related and other personal data obtained outside the United States. The EU General Data Protection Regulation (the "EU GDPR"), the UK General Data Protection Regulation (the "UK GDPR" and, together with the EU GDPR, the "GDPR") and Canada's Personal Information Protection and Electronic Documents Act ("PIPEDA"), or the applicable provincial alternatives, impose strict requirements, including the obligation to appoint data protection officers in certain circumstances, rights for individuals to be "forgotten" and to data portability, and the obligation to make public notification of significant data breaches. Under the GDPR, data protection authorities can impose temporary or definitive bans on data processing and other corrective actions or fines of up to 4% of our total worldwide turnover or up to €20 million under the EU GDPR/£17.5 million pounds sterling under the UK GDPR (in either case, whichever is higher), or private litigation related to processing of personal data brought by classes of data subjects or consumer protection organizations authorized at law to represent their interests. In Canada, PIPEDA and various related provincial laws, as well as Canada's Anti-Spam Legislation ("CASL"), may apply to our operations. We also target customers in Asia and may be subject to new and emerging data privacy regimes, including China's Personal Information Protection Law ("PIPL"). We may also be subject to new laws governing the privacy of consumer health data. For example, Washington's My Health My Data Act ("MHMD") broadly defines consumer health data, places restrictions on processing such data (including imposing stringent requirements for consent), provides consumers certain rights with respect to their health data, and creates a private right of action to allow individuals to sue for violations of the law. Other states are considering and may adopt similar laws. In the ordinary course of business, we may transfer personal data from Europe and other jurisdictions to the U.S. or other countries. Europe and other jurisdictions have enacted laws requiring data to be localized or limiting the transfer of personal data to other countries. In particular, the EEA and the UK have significantly restricted the transfer of personal data to the U.S. and other to countries whose privacy laws it generally believes are inadequate. Other jurisdictions may adopt similarly stringent interpretations of their data localization and cross-border data transfer laws. Although there are currently various mechanisms that may be used to transfer personal data from the EEA and UK to the U.S. in compliance with law, such as the EEA standard contractual clauses, the UK's International Data Transfer Agreement / Addendum, and the EU-U.S. Data Privacy Framework and the UK extension thereto (which allows for transfers to relevant organizations based in the U.S. who self-certify compliance and participate in the Framework), these mechanisms are subject to legal challenges, and there is no assurance that we can satisfy or rely on these measures to lawfully transfer personal data to the U.S. If there is no lawful manner for us to transfer personal data from the EEA, the UK or other jurisdictions to the U.S., or if the requirements for a legally-compliant transfer are too onerous, we could face significant adverse consequences, including the interruption or degradation of our operations, the need to relocate part of or all of our business or data processing activities to other jurisdictions at significant expense, increased exposure to regulatory actions, substantial fines and penalties, the inability to transfer data and work with partners, vendors and other third parties, and injunctions against our processing or transferring of personal data necessary to operate our business. Additionally, companies that transfer personal data out of the EEA and UK to other jurisdictions, particularly to the U.S., are subject to increased scrutiny from regulators, individual litigants, and activist groups. Some European regulators have ordered certain companies to suspend or permanently cease certain transfers out of Europe for allegedly violating the GDPR's cross-border data transfer limitations. We are also bound by other contractual obligations related to data privacy and security, and our efforts to comply with such obligations may not be successful. For example, clinical trial subjects about whom we or our potential collaborators obtain information, as well as the providers who share this information with us, may contractually limit our ability to use and disclose the information. We publish privacy policies, notices and other statements regarding data privacy and security. If these policies, notices or statements are found to be deficient, lacking in transparency, deceptive, unfair, or misrepresentative of our practices, we may be subject to investigation, enforcement actions by regulators or other adverse consequences. Obligations related to data privacy and security (and consumers' data privacy expectations) are quickly changing, becoming increasingly stringent, and creating uncertainty. Additionally, these obligations may be subject to differing applications and interpretations, which may be inconsistent or conflict among jurisdictions. Preparing for and complying with these obligations requires us to devote significant resources, which may necessitate changes to our services, information technologies, systems, and practices and to those of any third parties that process personal data on our behalf. In addition, these obligations may require us to change our business model. Our failure (or that of the third parties upon whom we rely) to comply with U.S. and foreign data protection laws and regulations could result in government enforcement actions (which could include civil or criminal penalties), private litigation, and/or adverse publicity and could negatively affect our operating results and business. Claims that we or the third parties upon whom we rely have violated individuals' privacy rights, failed to comply with data protection laws, or breached our contractual obligations, even if we are not found liable, could be expensive and time-consuming to defend and could result in adverse publicity that could harm our business. In particular, plaintiffs have become increasingly more active in bringing privacy-related claims against companies, including class claims and mass arbitration demands. Some of these claims allow for the recovery of statutory damages on a per violation basis; if viable, these claims carry the potential for monumental statutory damages, depending on the volume of data and the number of violations. Any of these events could have a material adverse effect on our reputation, business, or financial condition, including but not limited to: loss of customers; interruptions or stoppages in our business operations (including, as relevant, clinical trials); inability to process personal data or to operate in certain jurisdictions; limited ability to develop or commercialize our products; expenditure of time and resources to defend any claim or inquiry; adverse publicity; or substantial changes to our business model or operations.

We are exposed to the risk of fraud or other misconduct by our employees, clinical trial investigators, CROs, consultants, vendors, collaboration partners and any potential commercial partners. Misconduct by these parties could include intentional, reckless and/or negligent conduct or disclosure of unauthorized activities to us that violates: (i) FDA laws and regulations or those of comparable foreign regulatory authorities, including those laws that require the reporting of true, complete and accurate information, (ii) manufacturing standards, (iii) federal and state health and data privacy, security, fraud and abuse, government price reporting, transparency reporting requirements, and other healthcare laws and regulations in the U.S. and abroad, or (iv) laws that require the true, complete and accurate reporting of financial information or data. Such misconduct could also involve the improper use of information obtained in the course of clinical trials, which could result in regulatory sanctions and cause serious harm to our reputation. We have adopted a code of conduct applicable to all of our employees, as well as a disclosure program and other applicable policies and procedures, but it is not always possible to identify and deter employee misconduct, and the precautions we take to detect and prevent this activity may not be effective in controlling unknown or unmanaged risks or losses or in protecting us from governmental investigations or other actions or lawsuits stemming from a failure to comply with these laws or regulations. If any such actions are instituted against us, and we are not successful in defending ourselves or asserting our rights, those actions could have a significant impact on our business, including the imposition of significant fines or other sanctions.

We are and expect to remain dependent on third parties, such as Contract Research Organizations ("CROs"), clinical investigators and consultants, to conduct our ongoing clinical trials and any future clinical trials of our investigational products. The timing of the initiation and completion of these trials will therefore be partially controlled by such third parties and may result in delays to our development programs. There is no guarantee that any CROs, investigators or other third parties that help conduct or participate in our clinical trials will devote adequate time and resources to such trials or perform as contractually required. For example, many of these third parties have and continue to suffer from personnel constraints resulting from COVID-19 and other economic factors which may impact their ability to perform their contractual obligations. If any of these third parties fails to meet expected deadlines, fails to adhere to our clinical protocols, fails to meet regulatory requirements or guidelines (including any GCP enforced by the FDA or comparable foreign regulatory authorities), or otherwise performs in a substandard manner, our ability to use data generated from our clinical trials may be jeopardized the timelines for our clinical trials may be extended or delayed, or our development activities may be suspended or terminated. If any of our clinical trial sites terminates for any reason, we may experience the loss of follow-up information on subjects enrolled in our ongoing clinical trials unless we are able to transfer those subjects to another qualified clinical trial site. In addition, principal investigators for our clinical trials may serve as scientific advisors or consultants to us from time to time and may receive compensation in connection with such services. If these relationships and any related compensation result in perceived or actual conflicts of interest, the utility of certain data from the clinical trial may be questioned and the utility of the clinical trial itself may be jeopardized, which could result in the delay or rejection of any NDA or BLA we submit to the FDA, or equivalent marketing application to other regulatory authorities outside the U.S. Any such delay or rejection could prevent us from commercializing our products.

We compete in the segments of the pharmaceutical, biotechnology and other related markets that develop immunotherapies for the treatment of cancer, which is highly competitive with rapidly changing standards of care. As such, our commercial opportunity could be reduced or eliminated if our competitors develop and commercialize products that are safer, more effective, have fewer or less severe side effects, are more convenient, or are less expensive than any products that we may develop or that would render any products that we may develop obsolete or non-competitive. Our competitors also may obtain marketing approval for their products more rapidly than we may obtain approval for ours, which could result in our competitors establishing a strong market position before we are able to enter the market. We are aware of several pharmaceutical companies developing products in the same class as our investigational products, some of which are further along in development than our corresponding assets. See "Item 1. Business-Competition" in our Annual Report on Form 10-K for the year ended December 31, 2023 for additional information regarding our competitors. As more investigational products within a particular class of drugs proceed through clinical development to regulatory review and approval, the amount and type of clinical data that may be required by regulatory authorities may increase or change. Consequently, the results of our clinical trials for investigational products in that class will likely need to show a risk benefit profile that is competitive with or more favorable than those products and investigational products in order to obtain marketing approval or, if approved, a product label that is favorable for commercialization. If the risk benefit profile is not competitive with those products or investigational products, or if the approval of other agents for an indication or patient population significantly alters the standard of care with which we tested our investigational products, we may have developed a product that is not commercially viable, that we are not able to sell profitably or that is unable to achieve favorable pricing or reimbursement. In such circumstances, our future product revenue and financial condition would be materially and adversely affected.

We have no sales, marketing or distribution capabilities or experience. If any of our investigational products ultimately obtains regulatory approval, we, whether alone or in collaboration with Gilead for programs that we commercialize together, may not be able to effectively or successfully market the product due to a number of factors, including: - the imposition by regulatory authorities of significant restrictions on a product's indicated uses, marketing or distribution;- the imposition by regulatory authorities of costly and time-consuming post-approval studies, post-market surveillance or additional clinical trials;- our failure to establish sales and marketing capabilities;- the failure of our products to achieve the degree of market acceptance by physicians, patients, hospitals, cancer treatment centers, healthcare payors and others in the medical community necessary for commercial success;- unfavorable pricing regulations or third-party coverage and reimbursement policies; and - inaccuracies in our estimates of the addressable patient population resulting in a smaller market opportunity than we believed.