Rafael Holdings (RFL) Risk Analysis

Our, the Pharmaceutical Companies' and Rafael Medical Devices' relationships with customers, physicians, and third-party payors may be subject, directly or indirectly, to federal and state healthcare fraud and abuse laws, false claims laws, health information privacy and security laws, and other healthcare laws and regulations. These laws may impact, among other things, their clinical research program, as well as their proposed and future sales, marketing, and education programs. In particular, the promotion, sales, and marketing of healthcare items and services is subject to extensive laws and regulations designed to prevent fraud, kickbacks, self-dealing, and other abusive practices. These laws and regulations may restrict or prohibit a wide range of pricing, discounting, marketing and promotion, sales commission, customer incentive, and other business arrangements. The Portfolio Companies may also be subject to federal, state, and foreign laws governing the privacy and security of identifiable patient information. The U.S. healthcare laws and regulations that may affect their ability to operate include, but are not limited to: - the federal Anti-Kickback Statute, which prohibits, among other things, any person or entity from knowingly and willfully, offering, paying, soliciting or receiving any remuneration, directly or indirectly, overtly or covertly, in cash or in kind, to induce, or in return for, the purchasing, leasing, ordering or arranging for the purchase, lease, or order of any item or service reimbursable under Medicare, Medicaid or other federal healthcare programs. The term "remuneration" has been broadly interpreted to include anything of value. Although there are a number of statutory exceptions and regulatory safe harbors protecting some common activities from prosecution, the exceptions and safe harbors are drawn narrowly. Practices that may be alleged to be intended to induce prescribing, purchases or recommendations, include any payments of more than fair market value, and may be subject to scrutiny if they do not qualify for an exception or safe harbor. In addition, a person or entity does not need to have actual knowledge of this statute or specific intent to violate it in order to have committed a violation;- federal civil and criminal false claims laws, including the federal civil False Claims Act, and civil monetary penalty laws, which prohibit, among other things, individuals or entities from knowingly presenting, or causing to be presented, claims for payment or approval from Medicare, Medicaid, or other federal government programs that are false or fraudulent or knowingly making a false statement to improperly avoid, decrease or conceal an obligation to pay money to the federal government, including federal healthcare programs. In addition, the government may assert that a claim including items or services resulting from a violation of the federal Anti-Kickback Statute constitutes a false or fraudulent claim for purposes of the federal civil False Claims Act and the civil monetary penalties statute;- the federal Health Insurance Portability and Accountability Act of 1996, or HIPAA, which created new federal civil and criminal statutes that prohibit knowingly and willfully executing, or attempting to execute, a scheme to defraud any healthcare benefit program or obtain, by means of false or fraudulent pretenses, representations, or promises, any of the money or property owned by, or under the custody or control of, any healthcare benefit program, including private third-party payors, and knowingly and willfully falsifying, concealing or covering up by any trick, scheme or device, a material fact or making any materially false, fictitious or fraudulent statements in connection with the delivery of, or payment for, healthcare benefits, items or services. Similar to the federal Anti-Kickback Statute, a person or entity does not need to have actual knowledge of the statute or specific intent to violate it in order to have committed a violation;- HIPAA, as amended by the Health Information Technology for Economic and Clinical Health Act, and their respective implementing regulations, which impose requirements on certain healthcare providers, health plans, and healthcare clearinghouses, known as covered entities, and their respective business associates that perform services for them that involve the use or disclosure of individually identifiable protected health information, as well as their covered subcontractors, including breach notification regulations;- new regulations adopted by the Securities and Exchange Commission, or SEC, effective December 18, 2023, that require greater disclosure regarding cybersecurity risk management, strategy and governance, as well as disclosure of material cybersecurity incidents, which may require reporting of a cybersecurity incident before its impact has been fully assessed or the underlying issue has been remediated, which could divert management's attention from incident response and could potentially reveal system vulnerabilities to threat actors, and for which failure to timely report such incidents under these or other similar rules could also result in monetary fines, sanctions or other forms of liability;- analogous state data privacy and security laws and regulations that govern the collection, use, disclosure, transfer, storage, disposal, and protection of personal information, such as social security numbers, medical and financial information, and other information, including data breach laws that require timely notification to individuals, and at times regulators, the media or credit reporting agencies, if a company has experienced the unauthorized access or acquisition of personal information, as well as state laws such as the California Consumer Privacy Act or CCPA, which, among other things, contains new disclosure obligations for businesses that collect personal information about California residents and affords those individuals numerous rights relating to their personal information that may affect companies' ability to use personal information or share it with business partners, and the California Privacy Rights Act, or CPRA, which expands the scope of the CCPA, imposes new restrictions on behavioral advertising, and establishes a new California Privacy Protection Agency that will enforce the law and issue regulations, and became "operative" on January 1, 2023, with a 12-month "lookback provision" applicable to personal data collected on or after January 1, 2022, and the various state laws and regulations may be more restrictive than and not preempted by United States federal laws;- analogous foreign data protection laws, including among others the EU General Data Protection Regulation, or the GDPR, EU member states' implementing legislation, and the UK GDPR, which imposes data protection requirements that include strict obligations and restrictions on the ability to collect, analyze, and transfer EEA or UK personal data, a requirement for prompt notice of data breaches to data subjects and supervisory authorities in certain circumstances, and possible substantial fines for any violations (including possible fines for certain violations of up to the greater of 20 million Euros or 4% of total worldwide annual turnover of the preceding financial year), with legal requirements in foreign countries relating to the collection, storage, processing, and transfer of personal data continuing to evolve and varying widely across jurisdictions; and - the federal Physician Payments Sunshine Act, which requires certain manufacturers of drugs, devices, biologicals and medical supplies for which payment is available under Medicare, Medicaid or the Children's Health Insurance Program (with certain exceptions) to report annually to CMS information related to payments or other transfers of value made to physicians (defined to include doctors, dentists, optometrists, podiatrists, and chiropractors) and teaching hospitals, as well as ownership and investment interests held by physicians and their immediate family members. Beginning in 2022, such reporting obligations include payments and other transfers of value provided during the previous year to physician assistants, nurse practitioners, clinical nurse specialists, anesthesiologist assistants, certified registered nurse anesthetists, and certified nurse-midwives. We and the Portfolio Companies may also be subject to state and foreign equivalents of each of the healthcare laws described above, among others, some of which may be broader in scope and vary significantly from the federal laws. For example, they may be subject to the following: state anti-kickback and false claims laws that may apply to sales or marketing arrangements and claims involving healthcare items or services reimbursed by non-governmental third party payors, including private insurers, or that apply regardless of payor; state laws that require pharmaceutical companies to comply with the pharmaceutical industry's and medical device industry's voluntary compliance guidelines and the relevant compliance guidance promulgated by the federal government; state laws that require drug and device manufacturers to report information related to payments and other transfers of value to physicians and other healthcare providers, marketing expenditures, or drug pricing; state and local laws requiring the registration of pharmaceutical and device sales and medical representatives; and state and foreign laws, such as the GDPR governing the privacy and security of health information in some circumstances, many of which differ from each other in significant ways and often are not preempted by HIPAA, thus complicating compliance efforts. Additionally, they may be subject to federal consumer protection and unfair competition laws, which broadly regulate marketplace activities and activities that potentially harm consumers. Because of the breadth of these laws and the narrowness of the statutory exceptions and regulatory safe harbors available, it is possible that some of the Portfolio Companies' business activities, or their arrangements with physicians, could be subject to challenge under one or more of such laws. It is not always possible to identify and deter employee misconduct or business noncompliance, and the precautions we and the Portfolio Companies take to detect and prevent inappropriate conduct may not be effective in controlling unknown or unmanaged risks or losses or in protecting us or them from governmental investigations or other actions or lawsuits stemming from a failure to be in compliance with such laws or regulations. Efforts to ensure that our and their business arrangements will comply with applicable healthcare laws may involve substantial costs. It is possible that governmental and enforcement authorities will conclude that our or their business practices may not comply with current or future statutes, regulations or case law interpreting applicable fraud and abuse or other healthcare laws and regulations. If we, the Pharmaceutical Companies or Rafael Medical Devices or their respective employees, independent contractors, consultants, commercial partners, and vendors violate these laws, they and we may be subject to investigations, enforcement actions and/or significant penalties, including the imposition of significant civil, criminal, and administrative penalties, damages, disgorgement, monetary fines, imprisonment, possible exclusion from participation in Medicare, Medicaid and other federal healthcare programs, contractual damages, reputational harm, diminished profits and future earnings, additional reporting requirements and/or oversight if they or we become subject to a corporate integrity agreement or similar agreement to resolve allegations of non-compliance with these laws, and curtailment of our, the Pharmaceutical Companies' and Rafael Medical Devices' operations, any of which could adversely affect their ability to operate their business and their and our results of operations. In addition, the approval or clearance, if any, and commercialization of any of our or the Pharmaceutical Companies' product candidates or Rafael Medical Devices' device candidates outside the United States will also likely subject them and us to foreign equivalents of the healthcare laws mentioned above, among other foreign laws.

The market price of our common stock may be volatile and, in the past, companies that have experienced volatility in the market price of their stock have been subject to securities class action litigation. We may be the target of this type of litigation in the future. Securities litigation against us could result in substantial costs and divert our management's attention from other business concerns, which could seriously harm our business.

Rafael Medical Devices is subject to numerous environmental, health, and safety laws and regulations, including those governing laboratory procedures and the handling, use, storage, treatment and disposal of hazardous materials and wastes. Rafael Medical Devices' operations involve the use of hazardous materials, including chemical materials. Rafael Medical Devices' operations also produce hazardous waste products. Rafael Medical Devices generally contracts with third parties for the disposal of these materials and wastes. Rafael Medical Devices cannot eliminate the risk of contamination or injury from these materials. In the event of contamination or injury resulting from their use of hazardous materials, Rafael Medical Devices could be held liable for any resulting damages, and any liability could exceed their resources. Rafael Medical Devices also could incur significant costs associated with civil or criminal fines and penalties. Although Rafael Medical Devices maintains workers' compensation insurance to cover them for costs and expenses they may incur due to injuries to their employees resulting from the use of hazardous materials, this insurance may not provide adequate coverage against potential liabilities. Rafael Medical Devices may not maintain adequate insurance for environmental liability or toxic tort claims that may be asserted against them in connection with their storage or disposal of hazardous materials. In addition, Rafael Medical Devices may incur substantial costs in order to comply with current or future environmental, health and safety laws and regulations. These current or future laws and regulations may impair Rafael Medical Devices' research, development or production efforts. Failure to comply with these laws and regulations also may result in substantial fines, penalties or other sanctions.

Howard S. Jonas, Chairman of our Board of Directors, Chief Executive Officer, and Executive Chairman, is also the chairman of IDT Corporation and Genie Energy Ltd. and serves in other capacities with other companies. These relationships may cause a conflict of interest with our stockholders.

We have never declared or paid any cash dividends on our equity securities. We currently anticipate that we will retain future earnings for the development, operation and expansion of our business and do not anticipate declaring or paying any cash dividends for the foreseeable future. Any return to stockholders will therefore be limited to any appreciation in the value of our common stock, which is not certain.

As of July 31, 2025, we held approximately $52.8 million in cash and cash equivalents, $1.2 million in other receivables, and $0.6 million in third-party and related party receivables. Our passive interests in other entities are not currently liquid, and we cannot assure that we will be able to liquidate them when we desire, or ever. As a result of these different market risks, our holdings of cash, cash equivalents, and investments could be materially and adversely affected.

From time to time, we may evaluate various acquisition opportunities and strategic collaborations, including licensing or acquiring complementary products, intellectual property rights, technologies or businesses. Any potential acquisition or strategic partnership may entail numerous risks, including: - increased operating expenses and cash requirements;- the assumption of additional indebtedness or contingent liabilities;- the issuance of our equity securities;- assimilation of operations, intellectual property and products of an acquired company, including difficulties associated with integrating new personnel;- the diversion of our management's attention from our existing programs and initiatives in pursuing such a strategic merger or acquisition;- retention of key employees, the loss of key personnel and uncertainties in our ability to maintain key business relationships;- risks and uncertainties associated with the other party to such a transaction, including the prospects of that party and their existing products or product candidates, devices or device candidates, and any regulatory approvals or clearances;- assumption of the regulatory risks, costs, and responsibilities associated with the other party's existing products or product candidates, devices or device candidates, and any regulatory approvals or clearances; and - our inability to generate revenue from acquired technology and/or products sufficient to meet our objectives in undertaking the acquisition or even to offset the associated acquisition and maintenance costs. In addition, if we undertake acquisitions or pursue collaborations in the future, we may issue dilutive securities, assume or incur debt obligations, incur large one-time expenses and acquire intangible assets that could result in significant future amortization expense. Moreover, we may not be able to locate suitable acquisition opportunities, and this inability could impair our ability to grow or obtain access to technology or products that may be important to the development of our business.

To succeed, we must recruit, retain, manage, and motivate qualified clinical, scientific, technical, and management personnel, and we face significant competition for experienced personnel. We are highly dependent on the principal members of our management and scientific and medical staff, including Cyclo management team, and our ability to advance the development, clinical testing, regulatory approval of our lead candidate, Trappsol Cyclo™ may be materially and adversely affected if we lose them. If we do not succeed in attracting and retaining qualified personnel, particularly at the management level, it could adversely affect our ability to execute our business plan and harm our operating results. In particular, the loss of one or more of our executive officers could be detrimental to us if we cannot recruit suitable replacements in a timely manner. The competition for qualified personnel in the biopharmaceutical field is intense and, as a result, we may be unable to continue to attract and retain qualified personnel necessary for the future success of our business. We could in the future have difficulty attracting experienced personnel to our company and may be required to expend significant financial resources in our employee recruitment and retention efforts. Many of the other biopharmaceutical companies that we compete against for qualified personnel have greater financial and other resources, different risk profiles, and a longer history in the industry than we do. They also may provide more diverse opportunities and better prospects for career advancement. Some of these characteristics may be more appealing to high-quality candidates than what we have to offer. If we are unable to continue to attract and retain high-quality personnel, the rate and success at which we can discover, develop, and commercialize our product candidates and device candidates will be limited, and the potential for successfully growing our business will be harmed.

We and the Portfolio Companies do not currently own any facility that may be used as a clinical-scale manufacturing and processing facility and must currently rely on outside vendors to manufacture our, the Pharmaceutical Companies' product candidates and Rafael Medical Devices' device candidates. We and the Portfolio Companies have not yet caused their product candidates or device candidates to be manufactured on a commercial scale and may not be able to do so. We expect that we and the Portfolio Companies will need to negotiate and maintain contractual arrangements with these outside vendors for the supply of their product candidates and device candidates, and they may not be able to do so on favorable terms. The facilities used by contract manufacturers to manufacture product candidates or approved products must also be approved by the FDA or other comparable foreign regulatory authorities following inspections for any such approved products that generally will be conducted after we, the Pharmaceutical Companies or Rafael Medical Devices submit an application to the FDA or other comparable foreign regulatory authorities. Such inspections also could occur, for other products being manufactured by contract manufacturers, before we, the Pharmaceutical Companies or Rafael Medical Devices submit an application to the FDA or other comparable foreign regulatory authorities, and any adverse regulatory findings from such inspections could adversely impact a contract manufacturer's ability to be a contract manufacturer for us or the Portfolio Companies. We or the Portfolio Companies may not directly control the manufacturing process of, and may be completely dependent on, contract manufacturing partners for compliance with cGMP requirements and any other regulatory requirements of the FDA or other regulatory authorities for the manufacture of product candidates and device candidates and of any products that receive regulatory approval or clearance. Beyond periodic audits, we and the Portfolio Companies have no direct control over the ability of their contract manufacturers to maintain adequate quality control, quality assurance, and qualified personnel. Nevertheless, we and the Portfolio Companies are responsible for ensuring that all manufacturing is conducted in accordance with the applicable cGMP or QSR and other legal and regulatory requirements and scientific standards, and our and the Portfolio Companies' reliance on third parties does not relieve them of their regulatory responsibilities. If the FDA or a comparable foreign regulatory authority does not approve these facilities for the manufacture of any approved or cleared products or if they withdraw any approval in the future, we or the Portfolio Companies may need to find alternative manufacturing facilities, which would require the incurrence of significant additional time and costs and materially adversely affect the ability to develop, obtain regulatory approval or clearance for or market any product candidates or device candidates, if approved or cleared. Similarly, if any third-party manufacturers on which we, the Pharmaceutical Companies or Rafael Medical Devices rely fail to manufacture quantities of their product candidates or device candidates at quality levels necessary to meet regulatory requirements and at a scale sufficient to meet anticipated demand at a cost that allows them to achieve profitability, their and our business, financial condition, and prospects could be materially and adversely affected. The anticipated reliance on a limited number of third-party manufacturers exposes the Portfolio Companies and us to a number of risks, including the following: - we, the Pharmaceutical Companies and Rafael Medical Devices may be unable to identify manufacturers on acceptable terms or at all because the number of potential manufacturers is limited, and the FDA must inspect any manufacturers for applicable cGMP and QSR compliance as part of our, the Pharmaceutical Companies' and Rafael Medical Devices' marketing applications;- a new manufacturer would have to be educated in, or develop substantially equivalent processes for, the production of our, the Pharmaceutical Companies' product candidates and Rafael Medical Devices' device candidates;- third-party manufacturers might be unable to timely manufacture our, Pharmaceutical Companies' product candidates and Rafael Medical Devices' device candidates or produce the quantity and quality required to meet their clinical and commercial needs, if any;- contract manufacturers may not be able to execute the Pharmaceutical Companies' and Rafael Medical Devices' manufacturing procedures and other logistical support requirements appropriately;- future contract manufacturers may not perform as agreed, may not devote sufficient resources to our, the Pharmaceutical Companies' product candidates or Rafael Medical Devices' device candidates, or may not remain in the contract manufacturing business for the time required to supply clinical trials or to successfully produce, store, and distribute approved or cleared products, if any;- manufacturers are subject to ongoing periodic unannounced inspection by the FDA and corresponding state agencies and foreign regulatory authorities to ensure strict compliance with cGMP and QSR and other government regulations and corresponding foreign standards, and we and the Portfolio Companies have no direct control over third-party manufacturers' compliance with these regulations and standards, although our and the Portfolio Companies' reliance on third parties does not relieve them of their regulatory responsibilities;- we or the Portfolio Companies may not own, or may have to share, the intellectual property rights to any improvements made by any third-party manufacturers in the manufacturing process for our, the Pharmaceutical Companies' product candidates and Rafael Medical Devices' device candidates;- third-party manufacturers could breach or terminate their agreements with us, the Pharmaceutical Companies or Rafael Medical Devices;- raw materials and components used in the manufacturing process, particularly those for which we or the Portfolio Companies have no other source or supplier, may not be available or may not be suitable or acceptable for use due to material or component defects;- contract manufacturers and critical reagent suppliers may be subject to public health emergencies, inclement weather, as well as natural or man-made disasters; and - contract manufacturers may have unacceptable or inconsistent product quality success rates and yields, and we, the Pharmaceutical Companies and Rafael Medical Devices will have no direct control over contract manufacturers' ability to maintain adequate quality control, quality assurance, and qualified personnel, although our, the Pharmaceutical Companies' and Rafael Medical Devices' reliance on third parties does not relieve them of their regulatory responsibilities. Our and the Portfolio Companies' business could be materially adversely affected by business disruptions caused by third-party providers that could materially adversely affect their and our potential future revenue and financial condition and increase their and our costs and expenses. Each of these risks could delay or prevent the completion of our, the Pharmaceutical Companies' and Rafael Medical Devices' clinical trials or the approval of any of our, the Pharmaceutical Companies' product candidates or Rafael Medical Devices' device candidates by the FDA or comparable foreign regulatory authorities, result in higher costs, or adversely impact commercialization of any product candidates in the event that they were to receive regulatory approval or clearance.

If tenants decide not to renew their leases upon expiration, we may not be able to relet the space. Even if tenants do renew or we can relet the space, the terms of a renewal or new lease, taking into account among other things, the cost of improvements to the property and leasing commissions, may be less favorable than the terms in the expired leases. In addition, changes in space utilization by tenants may impact our ability to renew or relet space without the need to incur substantial costs in renovating or redesigning the internal configuration of the relevant property. If we are unable to promptly renew the leases or relet the space at similar rates or if we incur substantial costs in renewing or reletting the space, our cash flow and ability to service debt obligations and pay dividends and distributions to security holders could be adversely affected.

The leasing of real estate is highly competitive. The principal competitive factors are rent, location, services provided and the nature and condition of the property to be leased. We directly compete with all owners, developers and operators of similar space in the areas in which our properties are located. There are number of competitive office properties the areas in which our property is located, which may be newer or better located than our property and could have a material adverse effect on our ability to lease office space at our property, and on the effective rents we are able to charge.

Our Product revenues and cash flows are influenced by currency fluctuations due to the geographic diversity of our suppliers, which may have a significant impact on our financial results. As we buy inventory from foreign suppliers, the change in the value of the U.S. dollar in relation to the Euro, Yen and Yuan has an effect on our cost of inventory, and will continue to do so. We buy most of our products from outside the U.S. using U.S. dollars. Our main supplier of specialty cyclodextrins and complexes, Cyclodextrin Research & Development Laboratory, is located in Hungary and its prices are set in Euros. The cost of our bulk inventory often changes due to fluctuations in the U.S. dollar. These products currently represent a significant portion of our revenues. When we experience short-term increases in currency fluctuation or supplier price increases, we are often not able to raise our prices sufficiently to maintain our historical margins and therefore, our margins on these sales may decline. If the U.S. dollar weakens against foreign currencies, the translation of these foreign currency denominated transactions may adversely affect our results of operations and financial condition.