Ryan Specialty Group (RYAN) Risk Factors

Our businesses are subject to legal and regulatory oversight throughout the world, including by U.S. state regulators, under the U.K. Companies Act and the rules and regulations promulgated by the FCA, the Foreign Corrupt Practices Act (the "FCPA"), the Bribery Act of 2010 in the U.K. (the "U.K. Bribery Act"), and a variety of other laws, rules and regulations addressing, among other things, licensing, data privacy and protection, anti-money laundering, wage and hour standards, employment and labor relations, anti-competition, and anticorruption. This legal and regulatory oversight could reduce our profitability or limit our growth by: increasing the costs of legal and regulatory compliance; limiting or restricting the products or services we sell, the markets we serve or enter, the methods by which we sell our products and services, the prices we can charge for our services, or the form of compensation we can accept from our clients, insurance carriers and third parties; or by subjecting our businesses to the possibility of legal and regulatory actions or proceedings. Changes in the regulatory scheme, or even changes in how existing regulations are interpreted, could have an adverse impact on our results of operations by limiting revenue streams or increasing costs of compliance. For instance, The European Union's General Data Protection Regulation (the "EU GDPR") imposes a range of compliance obligations, increased financial penalties for noncompliance, and extended the scope of the EU data protection law to all companies processing data of EU residents, wherever the company's location. Accordingly, we may experience significant fines and penalties if we fail to comply with the EU GDPR. Following the implementation of the EU GDPR, other jurisdictions have sought to amend, or propose legislation to amend, their existing data protection laws to align with the requirements of the EU GDPR with the aim of obtaining an adequate level of data protection to facilitate the transfer of personal data to most jurisdictions from the EU. Additionally, some countries have also proposed sweeping new data protection laws. For example, Canada is proposing significant changes to its federal privacy law. Accordingly, the challenges we face in the EU also apply to other jurisdictions that adopt laws similar to the EU GDPR or regulatory frameworks of equivalent complexity. The U.K. has implemented legislation similar to the EU GDPR (the "U.K. GDPR"), including the U.K. Data Protection Act, which provides for fines of up to the greater of 17.5 million British Pounds or 4% of a company's worldwide turnover, whichever is higher. Additionally, the relationship between the U.K. and the EU in relation to certain aspects of data protection law remains unclear, including with respect to regulation of data transfers between EU Member States and the U.K. On June 28, 2021, the European Commission announced a decision of "adequacy" concluding that the U.K. ensures an equivalent level of data protection to the EU GDPR, which provides some relief regarding the legality of continued personal data flows from the European Economic Area (the "EEA") to the U.K. Some uncertainty remains, however, as this adequacy determination must be renewed after four years and may be modified or revoked in the interim. We cannot fully predict how the Data Protection Act, the U.K. GDPR, and other U.K. data protection laws or regulations may develop in the medium to longer term nor the effects of divergent laws and guidance regarding how data transfers to and from the U.K. will be regulated. In the United States, the California Consumer Privacy Act (the "CCPA") came into effect in January 2020 and has been amended several times. The CCPA, as amended by the California Privacy Rights Act, requires increased transparency and data subject rights such as access and deletion, an ability to opt out of the "sale" or "sharing" of personal information, and the ability to limit the disclosure of "sensitive" personal information. Following the expiration of the CCPA's previous business to business and employment exemptions, personal information relating to employees and business representatives is now in scope. The CCPA also created the California Privacy Protection Agency, which is proposing extensive new regulations concerning such matters as risk assessments, cybersecurity audits, and artificial intelligence. Following the passage of the CCPA, multiple other U.S. states have passed their own privacy laws, although to date most of these do not apply to the financial services industry. This, along with a growing number of other U.S. states that are proposing new privacy laws, has created the need for multi-state compliance. We continue to monitor and adapt to this evolving privacy landscape. There also remains the possibility that a federal privacy law will be implemented. In addition, the National Association of Insurance Commissioners is working on a revised model privacy law that, if adopted by the states, would further expand consumer privacy rights and regulatory requirements applicable to the insurance industry. In addition to data protection laws, certain countries and U.S. states are enacting cybersecurity laws and regulations. For example, in 2017 the New York State Department of Financial Services issued cybersecurity regulations which imposed an array of detailed security measures on covered entities. These regulations have now been amended to add additional data security requirements on entities licensed to conduct financial services business in New York, including, among other requirement, independent audits, annual risk assessments, reporting of all ransomware attacks, and management's allocation of appropriate resources to cybersecurity programs. Many other states have also adopted laws covering data collected by insurance licensees that include security and breach notification requirements. All of these evolving compliance and operational requirements impose significant costs that are likely to increase over time, may divert resources from other initiatives and projects, and could restrict the way services involving data are offered, all of which may adversely affect our results of operations. In addition, the risk of noncompliance poses significant regulatory risk, including the potential for fines and penalties. Certain jurisdictions have enacted data localization laws and cross-border personal data transfer laws, which could make it more difficult to transfer information across jurisdictions (such as transferring or receiving personal data that originates in the EU). Existing mechanisms that may facilitate cross-border personal data transfers may change or be invalidated. For example, absent appropriate safeguards or other circumstances, the EU GDPR generally restricts the transfer of personal data to countries outside of the EEA, such as the United States, which the European Commission does not consider to provide an adequate level of data privacy and security. On July 10, 2023, the European Commission adopted its adequacy decision for the EU-US Data Privacy Framework ("EU-US DPF"). The EU-US DPF imposes new requirements and obligations on private companies and governmental agencies. The legal landscape applicable to data privacy continues to remain in flux. We will need to continue to carefully monitor developments in this area to help facilitate compliance. The risk of noncompliance poses significant regulatory risk, including the potential for fines and penalties. Our acquisitions of new businesses and our continued operational changes and entry into new jurisdictions and new service offerings increase our legal and regulatory compliance complexity, as well as the type of governmental oversight to which we may be subject. With our entry into distributing employee benefits insurance products and services, compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) has become a more significant factor for our business. Our continuing ability to provide insurance broking and underwriting services in the jurisdictions in which we operate depends on our compliance with the rules and regulations promulgated from time to time by the regulatory authorities in each of these jurisdictions. Also, we can be affected indirectly by the governmental regulation and supervision of insurance companies. For instance, if we are providing our managing general underwriting services for an insurer, we may have to contend with regulations affecting our clients. It is expected that the insurance and financial services industries will face greater regulation regarding the use of artificial intelligence and automated decision-making that affects individual consumers. For example, the National Association of Insurance Commissioners has proposed a model bulletin for states to adopt that would guide the insurance industry towards assuring that the use of such technologies does not cause unfair discrimination. We will need to continue to carefully monitor developments in this area to help facilitate compliance. The risk of noncompliance poses significant regulatory risk, including the potential for fines and penalties.

We assist our clients with various matters, including placing insurance, advocating with respect to claims, handling related claims and facilitating premium financing. E&O claims against us may result in potential liability for damages arising from these services. E&O claims could include, for example, the failure of our employees or sub-agents, whether negligently or intentionally, to place coverage correctly or notify insurance carriers of claims on behalf of clients, provide insurance carriers with complete and accurate information relating to the risks being insured, or properly exercise our delegated authority to underwrite or bind coverage, issue policies or other documents or provide proper notices to insureds. In addition, we are subject to other types of claims, litigation and proceedings in the ordinary course of business, which along with E&O claimants may seek damages, including punitive damages, in amounts that could, if awarded, have a material adverse impact on our financial position, earnings and cash flows. In addition to potential liability for monetary damages, such claims or outcomes could harm our reputation or divert management resources away from operating our business. We have historically purchased, and continue to purchase, insurance to cover E&O claims to provide protection against certain losses that arise in such matters. As of December 31, 2023, our E&O insurance policy tower has a $100.0 million limit per occurrence and in the aggregate, and we are responsible for paying a self-insured retention of up to $2.5 million per claim. If we exhaust or materially deplete our coverage under our E&O policy, it could have a significant adverse financial impact. Accruals for these exposures, when applicable, have been recorded to the extent that losses are deemed probable and are reasonably estimable. These accruals are adjusted from time to time as developments warrant and may also be adversely affected by disputes we may have with our insurers over coverage.

We are subject to taxation at the federal, state and local levels in the United States and various other countries and jurisdictions. Our future effective tax rate and cash flows could be affected by changes in the composition of earnings in jurisdictions with differing tax rates, changes in statutory rates and other legislative changes, changes in the valuation of our deferred tax assets and liabilities, changes in determinations regarding the jurisdictions in which we are subject to tax, and our ability to repatriate earnings from foreign jurisdictions. From time to time, U.S. federal, state and local and foreign governments make substantive changes to tax rules and their application, which could result in materially higher corporate taxes than would be incurred under existing tax law and could adversely affect our financial condition or results of operations. We are subject to ongoing and periodic tax audits and disputes in U.S. federal and various state, local and foreign jurisdictions. An unfavorable outcome from any tax audit could result in higher tax costs, penalties and interest, thereby adversely affecting our financial condition or results of operations. In addition, we are directly and indirectly affected by new tax legislation and regulation and the interpretation of tax laws and regulations worldwide. Changes in such legislation, regulation or interpretation could increase our taxes and have an adverse effect on our operating results and financial condition. This includes potential changes in tax laws or the interpretation of tax laws arising out of the Base Erosion Profit Shifting project ("BEPS") initiated by the Organization for Economic Co-operation and Development ("OECD"). In July and October of 2021, the OECD/G-20 Inclusive Framework on BEPS released statements outlining a political agreement on the general rules to be adopted for taxing the digital economy, specifically with respect to nexus and profit allocation (Pillar One) and rules for a global minimum tax (Pillar Two). Further details regarding implementation of these rules are expected to be finalized in the near future. These rules, should they implemented via domestic legislation of countries or via international treaties, could have a material impact on our effective tax rate or result in higher cash tax liabilities. There can be no assurance that our tax payments, tax credits, or incentives will not be adversely affected by these or other initiatives.

Our operations are conducted in numerous countries including the United States, the United Kingdom, Canada, Europe, and Singapore. Accordingly, we are subject to regulatory, legal, economic and market risks associated with operating in, and sourcing from, foreign countries, including the potential for: - difficulties in staffing and managing our foreign offices, including due to unexpected wage inflation or job turnover, and the increased travel, infrastructure, and legal and compliance costs and risks associated with multiple international locations;- hyperinflation in certain foreign countries;- extensive and conflicting regulations in the countries in which we do business;- imposition of investment requirements or other restrictions by foreign governments;- longer payment cycles;- greater difficulties in collecting accounts receivable;- insufficient demand for our services in foreign jurisdictions;- our ability to execute effective and efficient cross-border sourcing of services on behalf of our clients;- the reliance on or use of third parties to perform services on our behalf;- disparate tax regimes;- restrictions on the import and export of technologies; and - trade barriers. Our performance can be affected by global economic conditions as well as geopolitical tensions and other circumstances with global reach. In recent years, concerns about the global economic outlook have adversely affected economic markets and business conditions in general. Geopolitical tensions, such as Russia's incursion into Ukraine, tension between the United States and China, conflict in the middle east, supply chain issues, economic sanctions, the volatility of oil prices, and heightened concerns about cyber attacks. Inflation and hyper-inflation have resulted in market volatility and rising interest rates, increasing global tensions and creating uncertainty for global commerce and instability in the global capital markets. Sustained or worsening of these and other global economic conditions and increasing geopolitical tensions may negatively impact our business, financial condition, and results of operations.

The global outbreak of the COVID-19 pandemic and measures to mitigate the spread of COVID-19 caused unprecedented disruptions to the global and U.S. economies and significantly impacted the global supply chain. Future pandemics and other outbreaks of contagious diseases could result in similar or worse impacts and significant business and operational disruptions, including business closures, supply chain disruptions, travel restrictions, stay-at-home orders and limitations on the availability of workforces. If significant portions of our workforce are unable to work effectively, including because of illness or quarantines or from the impacts of any potential future pandemics and other outbreaks of contagious diseases, our business could be materially adversely affected. It is possible that future pandemics and other outbreaks of contagious diseases could cause disruption in our customers' business; cause delay or limit the ability of our customers to perform, including in making timely payments. Future pandemics and other outbreaks of contagious diseases could impact capital markets, which may impact our and our customers' financial position. Future pandemics and other outbreaks of contagious diseases may also have the effect of exacerbating several of the other risk we face discussed in this Annual Report on Form 10-K.

Approximately three percent of our revenues for each of the years ended December 31, 2023 and 2022 were generated outside of the United States. We are exposed to currency risk from the potential changes between the exchange rates of the US Dollar, Canadian Dollar, British Pound, Euro, Swedish Krona, Danish Krone, and other currencies. Exchange rate movements may change over time, and they could have an adverse impact on our financial results and cash flows reported in U.S. dollars. Our U.S. operations earn revenue and incur expenses primarily in U.S. dollars. Due to fluctuations in foreign exchange rates, we are subject to economic exposure as well as currency translation exposure on the net operating results of our operations. Because our non-U.S. based revenue is exposed to foreign exchange fluctuations, exchange rate movement can have an impact on our business, financial condition, results of operations and cash flow. For additional discussion, see "Quantitative and Qualitative Disclosures about Market Risk" included elsewhere in this Annual Report.

Our business typically enters into contractual relationships with insurance carriers, retail brokers and other trading partners that are sometimes unique to us, but nonexclusive and terminable on short notice by either party for any reason. In many cases, insurance carriers also have the ability to amend the terms of our agreements unilaterally on short notice. Insurance carriers may be unwilling to allow us to sell their existing or new insurance products or may amend our agreements with them, for a variety of reasons, including for competitive or regulatory reasons or because of a reluctance to distribute their products through our platform. Insurance carriers may decide to rely on their own internal distribution channels, choose to exclude us from their most profitable or popular products, or decide not to distribute insurance products in individual markets in certain geographies or altogether. The termination or amendment of our relationship with an insurance carrier could reduce the variety of insurance products we offer or our ability to place coverage for certain risks for which we do not have alternative markets. We also could lose a source of, or be paid reduced commissions for, future sales and could lose renewal commissions for past sales. Our business could also be harmed if we fail to develop new insurance carrier relationships. Similarly, retail brokers and other trading partners could develop their own wholesale distribution channels or choose to work with wholesale distributors other than us. This could reduce the number of submissions we receive which could result in reduced commissions. Our business could also be harmed if we fail to develop relationships with new retail brokers or other sources of business. Historically, wholesale brokers and other wholesale distributors have been involved in a very high percentage of risks placed in the E&S market. In addition to the potential for retail brokers developing their own wholesale distribution channels or choosing to work with wholesale distributors other than us, retail brokers often might prefer to place business directly with insurance carriers, without the involvement of a wholesaler. There is a risk to our business that insurance carriers will accommodate the retail broker's preference to place business directly with the E&S insurer as opposed to through a wholesale broker or other wholesale distributor. In the future, we may have a reduced number of insurance carriers or retail brokers with which we trade or derive a greater portion of our commissions and fees from a more concentrated number of insurance carriers, retail brokers or other trading partners as our business and the insurance industry evolve. The three largest insurance carriers (excluding Lloyd's syndicates) with which we place business represented an aggregate of 15.3% and 15.4% of our revenues for the years ended December 31, 2023 and 2022, respectively. The three largest retail brokers with which we place business represented 19.4% and 19.6% of our revenues for the years ended December 31, 2023 and 2022, respectively. Should our dependence on a smaller number of insurance carriers, retail brokers or other trading partners increase, whether as a result of the termination of relationships, consolidation or otherwise, we may become more vulnerable to adverse changes in our relationships with these counterparties, particularly in states where we offer insurance products from a relatively small number of insurance carriers or where a small number of insurance companies or retail brokers dominate a geographic area, lines of business or market segment. The termination,amendment or consolidation of our relationships with our insurance carriers could harm our business, financial condition and results of operations. We depend, to a large extent, on our relationships with all of our trading partners and our reputation for high-quality advice and solutions. If a trading partner is not satisfied with our services, it could cause us to incur additional costs and impair profitability. Many of our clients are businesses that band together in industry groups or trade associations and actively share information among themselves about the quality of service they receive from their vendors. Accordingly, poor service to one client may negatively impact our relationships with multiple other clients or potential clients. Moreover, if we fail to meet our contractual obligations, we could be subject to legal liability or loss of client relationships.

Our results of operations depend on the continued capacity of insurance carriers to adequately and appropriately underwrite risk and provide coverage, which depends in turn on those insurance companies' ability to procure reinsurance. Capacity could also be reduced by insurance companies failing or withdrawing from writing certain coverages that we offer to our clients. We have no control over these matters. To the extent that reinsurance becomes less widely available or significantly more expensive, we may not be able to procure the amount or types of coverage that our clients desire and the coverage we are able to procure for our clients may be too expensive or more limited than is acceptable.

Wholesale brokerage, binding authority, underwriting management and other intermediary and underwriting and claims administration specialties are highly competitive. We believe that our ability to compete is dependent on the quality of our people, service, product features, price, commission structure, financial strength, and the ability to access certain insurance markets. We compete with a large number of national, regional, and local organizations. New or increased competition as a result of these or regulatory or other industry developments could harm our business, financial condition and results of operations. Underwriting Management and Binding Authority are dependent upon contracts between us and the insurance carriers. Those contracts can be terminated by the insurance carrier with very little advance notice. Moreover, upon expiration of the contract term, insurance carriers may choose to let those agreements lapse or request changes in the terms of the program, including the scope of our delegated authority or the amount of commission we receive, which could reduce our revenues from the program. Poor risk selection, failure to maintain robust pricing models, and failure to monitor claims activity could adversely affect our ability to renew contracts or have the opportunity to develop new products with new or existing insurance carriers. The termination of the services of our Specialties, or a change in the terms of any of these programs, could harm our business and operating results, including the opportunity to receive contingent commissions.

We derive a substantial portion of our business from our relationships with retail insurance brokerage firms. There has been considerable consolidation in the retail insurance brokerage industry, driven primarily by the acquisition of small and mid-size retail insurance brokerage firms by larger brokerage firms, financial institutions or other organizations. We expect this trend to continue. As a result, we may lose all or a substantial portion of the business we obtain from retail insurance brokerage firms that are acquired by other firms who have their own wholesale insurance brokerage operations or established relationships with other wholesale insurance brokerage firms. In addition, retail insurance brokerages may decide to create or expand their ability to provide specialty services. To date, our business has not been materially affected by consolidation among retail insurance brokers or by the specialty services currently provided directly by certain of the retail brokers with which we do business. However, we cannot be assured that we will not be affected by industry consolidation or specialty expansion at the retail level that occurs in the future, particularly if any of our significant retail insurance brokerage clients are acquired by retail insurance brokers with their own wholesale insurance brokerage operations or preferred relationships with wholesalers other than Ryan Specialty.

To protect our intellectual property rights, we rely on a combination of trademark laws, copyright laws, trade secret protection, confidentiality agreements and other contractual arrangements with our affiliates, employees, clients, strategic partners and others, as well as internal policies and procedures regarding our management of intellectual property. However, the protective steps that we take may be inadequate to deter misappropriation of our proprietary information. In addition, we may be unable to detect the unauthorized use of, or take appropriate steps to enforce, our intellectual property rights. Further, we operate in many foreign jurisdictions and effective trademark, copyright and trade secret protection may not be available in every country or jurisdiction in which we offer our services. Additionally, our competitors may develop products similar to our products that do not conflict with our related intellectual property rights. Failure to protect our intellectual property adequately could harm our reputation and affect our ability to compete effectively. In addition, to protect or enforce our intellectual property rights, we may initiate litigation against third parties, such as infringement suits or interference proceedings. Third parties may assert intellectual property rights claims against us, which may be costly to defend, could require the payment of damages, and could limit our ability to use or offer certain technologies, products or other intellectual property. Any intellectual property claims, with or without merit, could be expensive, take significant time and divert management's attention from other business concerns. Successful challenges against us could require us to modify or discontinue our use of technology or business processes where such use is found to infringe or violate the rights of others, or require us to purchase licenses from third parties, any of which could adversely affect our business, financial condition and operating results.

We use data, technology and intellectual property licensed from unaffiliated third parties in certain of our products, including insurance industry proprietary information that we license from third parties, and we may license additional third-party technology and intellectual property in the future. Any errors or defects in this third-party technology and intellectual property could result in errors that could harm our brand and business. In addition, licensed technology and intellectual property may not continue to be available on commercially reasonable terms, or at all. Also, should any third-party refuse to license its proprietary information to us on the same terms that it offers to our competitors, we could be placed at a significant competitive disadvantage. Further, although we believe that there are currently adequate replacements for the third-party technology and intellectual property we presently use, the loss of our right to use any of this technology and intellectual property could result in delays in producing or delivering affected products until equivalent technology or intellectual property is identified, licensed or otherwise procured, and integrated. Our business would be disrupted if any technology and intellectual property we license from others or functional equivalents of this software were either no longer available to us or no longer offered to us on commercially reasonable terms. In either case, we would be required either to attempt to redesign our products to function with technology and intellectual property available from other parties or to develop these components ourselves, which would result in increased costs and could result in delays in product sales and the release of new product offerings. Alternatively, we might be forced to limit the features available in affected products. Any of these results could harm our business, results of operations and financial condition.