SailPoint, Inc. (SAIL) Risk Analysis

68 Followers

Public companies are required to disclose risks that can affect the business and impact the stock. These disclosures are known as “Risk Factors”. Companies disclose these risks in their yearly (Form 10-K), quarterly earnings (Form 10-Q), or “foreign private issuer” reports (Form 20-F). Risk factors show the challenges a company faces. Investors can consider the worst-case scenarios before making an investment. TipRanks’ Risk Analysis categorizes risks based on proprietary classification algorithms and machine learning.

SailPoint, Inc. disclosed 36 risk factors in its most recent earnings report. SailPoint, Inc. reported the most risks in the “Finance & Corporate” category.

Risk Overview Q2, 2022

Risk Distribution

39% Finance & Corporate

22% Tech & Innovation

19% Ability to Sell

8% Legal & Regulatory

6% Production

6% Macro & Political

Finance & Corporate - Financial and accounting risks. Risks related to the execution of corporate activity and strategy

This chart displays the stock's most recent risk distribution according to category. TipRanks has identified 6 major categories: Finance & corporate, legal & regulatory, macro & political, production, tech & innovation, and ability to sell.

Risk Change Over Time

S&P500 Average

Sector Average

Risks removed

Risks added

Risks changed

SailPoint, Inc. Risk Factors

New Risk (0)

Risk Changed (0)

Risk Removed (0)

No changes from previous report

The chart shows the number of risks a company has disclosed. You can compare this to the sector average or S&P 500 average.

The quarters shown in the chart are according to the calendar year (January to December). Businesses set their own financial calendar, known as a fiscal year. For example, Walmart ends their financial year at the end of January to accommodate the holiday season.

Risk Highlights Q2, 2022

Main Risk Category

Finance & Corporate

With 14 Risks

Finance & Corporate

With 14 Risks

Number of Disclosed Risks

No changes from last report

S&P 500 Average: 32

No changes from last report

S&P 500 Average: 32

Recent Changes

1Risks added

0Risks removed

0Risks changed

Since Jun 2022

1Risks added

0Risks removed

0Risks changed

Since Jun 2022

Number of Risk Changed

No changes from last report

S&P 500 Average: 4

No changes from last report

S&P 500 Average: 4

See the risk highlights of SailPoint, Inc. in the last period.

Risk Word Cloud

The most common phrases about risk factors from the most recent report. Larger texts indicate more widely used phrases.

Risk Factors Full Breakdown - Total Risks 36

Finance & Corporate

Total Risks: 14/36 (39%)Above Sector Average

Share Price & Shareholder Rights2 | 5.6%

Share Price & Shareholder Rights - Risk 1

Our charter and bylaws contain anti-takeover provisions that could delay or discourage takeover attempts that stockholders may consider favorable.

Our charter and bylaws contain provisions that could delay or prevent a change in control of our company. These provisions could also make it difficult for stockholders to elect directors who are not nominated by the current members of our board of directors or take other corporate actions, including effecting changes in our management. These provisions include: (i) a classified board of directors with three-year staggered terms; (ii) removal of directors only for cause; (iii) the ability of our board of directors to issue shares of preferred stock and to determine the price and other terms of those shares, including preferences and voting rights, without stockholder approval; (iv) allowing only our directors to fill vacancies on our board of directors; (v) a prohibition on stockholder action by written consent; (vi) the requirement that a special meeting of stockholders may be called only by or at the direction of our board of directors; (vii) the requirement for the affirmative vote of holders of at least 66 2/3% of the voting power of all of the then outstanding shares of the voting stock, voting together as a single class, to amend the provisions of our charter relating to the management of our business (including our classified board structure) or certain provisions of our bylaws; (viii) the ability of our board of directors to amend the bylaws; (ix) advance notice procedures with which stockholders must comply to nominate candidates to our board of directors or to propose matters to be acted upon at a stockholders' meeting; and (x) a prohibition of cumulative voting in the election of our board of directors. Our charter also contains a provision that provides us with protections similar to Section 203 of the Delaware General Corporation Law (the "DGCL"), and prevents us from engaging in a business combination, such as a merger, with an interested stockholder (i.e., a person or group who acquires at least 15% of our voting stock) for a period of three years from the date such person became an interested stockholder, unless (with certain exceptions) the business combination or the transaction in which the person became an interested stockholder is approved in a prescribed manner.

Share Price & Shareholder Rights - Risk 2

Our charter designates the Court of Chancery of the State of Delaware as the sole and exclusive forum for certain types of actions and proceedings by our stockholders, which could limit their ability to obtain a favorable judicial forum for disputes with us or our directors, officers, employees or agents.

Our charter provides that, unless we consent in writing to the selection of an alternative forum, the Court of Chancery of the State of Delaware will, to the fullest extent permitted by applicable law, be the sole and exclusive forum for (i) any derivative action or proceeding brought on our behalf, (ii) any action asserting a claim of breach of a fiduciary duty owed by any of our directors, officers, employees or agents to us or our stockholders, (iii) any action asserting a claim arising pursuant to any provision of the DGCL, our charter or bylaws, or (iv) any action asserting a claim against us that is governed by the internal affairs doctrine, in each such case subject to such Court of Chancery of the State of Delaware having personal jurisdiction over the indispensable parties named as defendants therein. Any person or entity purchasing or otherwise acquiring any interest in shares of our capital stock will be deemed to have notice of, and consented to, the provisions of our charter described in the preceding sentence. This choice of forum provision may limit a stockholder's ability to bring a claim in a judicial forum that it finds favorable for disputes with us or our directors, officers, employees or agents, which may discourage such lawsuits against us and such persons. The enforceability of similar exclusive forum provisions in other companies' charters has been challenged in legal proceedings, and it is possible that, in connection with one or more actions or proceedings described above, a court could rule that this provision in our charter is inapplicable or unenforceable. For example, the choice of forum provisions summarized above are not intended to, and would not, apply to suits brought to enforce any liability or duty created by the Exchange Act, or other claim for which the federal courts have exclusive jurisdiction. Additionally, there is uncertainty as to whether our choice of forum provisions would be enforceable with respect to suits brought to enforce any liability or duty created by the Securities Act of 1933, as amended (the "Securities Act"), or other claims for which the federal courts have concurrent jurisdiction, and in any event stockholders will not be deemed to have waived the Company's compliance with federal securities laws and rules and regulations thereunder. If a court were to find these provisions of our charter inapplicable to, or unenforceable in respect of, one or more of the specified types of actions or proceedings, we may incur additional costs associated with resolving such matters in other jurisdictions, which could adversely affect our business, financial condition or operating results.

Accounting & Financial Operations4 | 11.1%

Accounting & Financial Operations - Risk 1

If our estimates or judgments relating to our critical accounting policies prove to be incorrect, our operating results could be adversely affected.

The preparation of financial statements in conformity with accounting principles generally accepted in the United States of America requires management to make estimates and assumptions that affect the amounts reported in our consolidated financial statements and accompanying notes. We base our estimates on historical experience and on various other assumptions that we believe to be reasonable under the circumstances, as provided in Part II, Item 7. "Management's Discussion and Analysis of Financial Condition and Results of Operations-Critical Accounting Estimates." The results of these estimates form the basis for making judgments about the carrying values of assets, liabilities and equity, and the amount of revenue and expenses that are not readily apparent from other sources. Significant assumptions and estimates used in preparing our consolidated financial statements include those related to revenue recognition, including the determination of stand-alone selling price, the expected period of benefit for our deferred contract acquisition costs, income taxes, the carrying value of accounts receivable, and the valuation, estimated useful lives and impairment of intangible assets and goodwill arising from business combinations. Our operating results may be adversely affected if our assumptions change or if actual circumstances differ from those in our assumptions, which could cause our operating results to fall below the expectations of securities analysts and investors, resulting in a decline in the trading price of our common stock.

Accounting & Financial Operations - Risk 2

Since our inception, except for the year ended December 31, 2018, we have incurred net losses and we may not be able to generate sufficient revenue to achieve and sustain profitability.

Since our inception, except for the year ended December 31, 2018, we have incurred net losses, including a net loss of $61.6 million for the year ended December 31, 2021. We cannot assure you that we will achieve profitability in the future or that we would be able to sustain profitability. We expect our operating expenses to continue to increase as we continue to expand our sales and marketing efforts, invest in research and development, particularly for our cloud-based solutions, and expand our operations in existing and new geographies and vertical markets. Further, we expect our revenue growth rate to continue to be materially adversely impacted by our shift to subscription-based arrangements. As a result, we do not know when we will achieve profitability, and it is possible that we continue to sustain net losses for a period.

Accounting & Financial Operations - Risk 3

We recognize some of our revenue ratably over the term of our agreements with customers and, as a result, downturns or upturns in sales may not be immediately reflected in our operating results.

We recognize revenue from our subscription offerings ratably over the terms of our agreements with customers. As a result, a portion of the revenue that we report in each period will be derived from the recognition of deferred revenue relating to agreements entered into during previous periods. Consequently, a decline in new subscription sales or renewals in any one period may not be immediately reflected in our revenue results for that period. This decline, however, will negatively affect our revenue in future periods. Accordingly, the effect of significant downturns in sales and market acceptance of our products and potential changes in our rate of renewals may not be fully reflected in our operating results until future periods. We expect to continue to invest in research and development, sales and marketing, and general and administrative functions and other areas to grow our subscription-related business. These subscription-related costs are generally expensed as incurred (with the exception of sales commissions), as compared to the corresponding revenue, substantially all of which is recognized ratably in future periods. We are likely to recognize the costs associated with these investments earlier than some of the anticipated benefits and the return on these investments may develop more slowly, or may be lower, than we expect, which could adversely affect our operating results.

Accounting & Financial Operations - Risk 4

Our quarterly results fluctuate significantly and may not fully reflect the underlying performance of our business.

Our quarterly revenue and operating results tend to fluctuate from period-to-period, and we believe that our quarterly results may vary significantly in the future. These results may fluctuate as a result of a variety of factors, including the mix of revenue and associated costs attributable to licenses, subscription and professional services, the mix of revenue attributable to larger transactions as opposed to smaller transactions, and others discussed throughout this "Risk Factors" section, many of which are outside of our control. Consequently, you should not rely on the results of any one quarter as an indication of future performance. Period-to-period comparisons of our revenue and operating results may not be meaningful and, as a result, may not fully reflect the underlying performance of our business.

Debt & Financing3 | 8.3%

Debt & Financing - Risk 1

Our failure to raise additional capital or generate cash flows necessary to expand our operations and invest in new technologies in the future could reduce our ability to compete successfully and harm our operating results.

We may need to raise additional funds, and we may not be able to obtain additional debt or equity financing on favorable terms, if at all. If we raise additional equity financing, our security holders may experience significant dilution of their ownership interests. If we engage in additional debt financing, we may be required to accept terms that restrict our ability to incur additional indebtedness, force us to maintain specified liquidity or other ratios or restrict our ability to pay dividends or make acquisitions. If we need additional capital and cannot raise it on acceptable terms, or at all, we may not be able to, among other things: (i) develop and enhance our products; (ii) continue to expand our product development, sales and marketing organizations; (iii) hire, train and retain employees; (iv) respond to competitive pressures or unanticipated working capital requirements; or (v) pursue acquisition opportunities.

Debt & Financing - Risk 2

Servicing our debt may require a significant amount of cash, and we may not have sufficient cash flow from our business to do so.

We have historically relied on the availability of some amount of debt financing. Our ability to make scheduled payments of the principal of, to pay interest on or to refinance our indebtedness, including the $389.8 million aggregate principal amount of 0.125% convertible senior notes due 2024 (the "Notes") and any future borrowings under our credit facility, depends on our future performance, which is subject to economic, financial, competitive and other factors beyond our control, including the factors described in this "Risk Factors" section. Our business may not continue to generate cash flow from operations in the future sufficient to service our debt and make necessary capital expenditures. If we are unable to generate such cash flow, we may be required to adopt one or more alternatives, such as selling assets, restructuring debt or obtaining additional equity capital on terms that may be onerous or highly dilutive. Our ability to refinance our indebtedness will depend on the capital markets and our financial condition at such time. We may not be able to engage in any of these activities or engage in these activities on desirable terms. In addition, our credit facility and any of our future debt agreements may contain restrictive covenants that prohibit us from adopting any of these alternatives.

Debt & Financing - Risk 3

The terms, conditions and restrictions contained in our credit agreement and our convertible notes and related capped call transactions (the "Capped Call Transactions") could expose us to risks that could adversely affect our liquidity and financial condition or otherwise adversely affect our operating results.

Our credit agreement contains various covenants that, among other things, limit our and certain of our subsidiaries' abilities to: (i) incur additional indebtedness or guarantee indebtedness of others; (ii) create additional liens on our assets; (iii) merge, consolidate or dissolve; (iv) make loans or investments, including acquisitions; (v) sell assets; (vi) engage in sale and leaseback transactions; (vii) pay dividends and make other distributions on our capital stock, and redeem and repurchase our capital stock; or (viii) enter into transactions with affiliates. Our credit agreement also contains numerous affirmative covenants and a financial covenant. Our failure to comply with these covenants could result in an event of default, which, if not cured or waived, could result in the acceleration of our debt. Any additional debt that we incur in the future could subject us to similar or additional covenants. Holders of the Notes have the right to require us to repurchase their Notes upon the occurrence of a fundamental change (as defined in the indenture governing the Notes) at a repurchase price equal to 100% of the principal amount of the Notes to be repurchased, plus accrued and unpaid interest, if any. In such event, we may not have enough available cash or be able to obtain financing at the time to make repurchases of the Notes surrendered therefor. In addition, our ability to repurchase the Notes may be limited by our existing credit agreement or agreements governing our future indebtedness. Our failure to repurchase the Notes at a time when the repurchase is required by the indenture governing the Notes would constitute a default under such indenture. A default under the indenture or the fundamental change itself could also lead to a default under agreements governing our existing credit facility or future indebtedness. The conditional conversion feature of the Notes has been triggered during certain quarters and may be triggered in future quarters, entitling holders of the Notes to convert the Notes at any time during specified periods at their option. We have received, and we may in the future receive, requests from holders to convert all or a portion of their Notes (for more information, see Part II, Item 7. "Management's Discussion and Analysis of Financial Condition and Results of Operations-Liquidity and Capital Resources"). To the extent that we elect to settle a portion or all of our conversion obligation through the payment of cash, this could adversely affect our liquidity. The conversion of some or all of the Notes will also dilute the ownership interests of existing stockholders to the extent we satisfy our conversion obligation by delivering shares of our common stock upon any conversion of such Notes. In addition, even if holders do not elect to convert their Notes, we could be required under applicable accounting rules to reclassify all or a portion of the outstanding principal of the Notes as a current rather than long-term liability, which would result in a material reduction of our net working capital. The Notes were classified as current liabilities on the consolidated balance sheet as of December 31, 2021. In connection with the pricing of the Notes, we entered into the privately negotiated Capped Call Transactions that are intended to reduce the potential dilution to our common stock upon any conversion of the Notes and/or offset any potential cash payments we are required to make in excess of the principal amount of converted Notes. The unwinding of such Capped Call Transactions in connection with a conversion of some or all of the Notes could adversely affect the value of our common stock. Additionally, it is possible that the accounting standards relating to the Notes and/or the Capped Call Transactions could in the future change, and compliance with any new or updated standards could have a material adverse effect on our results, including with respect to earnings per share.

Corporate Activity and Growth5 | 13.9%

Corporate Activity and Growth - Risk 1

We anticipate that our operations will continue to increase in complexity as we grow, which will add additional challenges to the management of our business in the future.

Our business has experienced significant growth and is becoming increasingly complex. We increased the number of our employees from 1,168 at December 31, 2019 to 1,676 at December 31, 2021. We have also experienced growth in the number of customers of our solutions from 1,469 at December 31, 2019 to 2,259 at December 31, 2021. We expect this growth to continue and for our operations to become increasingly complex. To effectively manage this growth, we have made and plan to continue to make substantial investments to improve our operational, financial and management controls as well as our reporting systems and procedures. Our success will depend in part on our ability to manage this complexity effectively without undermining our corporate culture, which we believe has been central to our success. If we are unable to manage this complexity, our business, operations, operating results and financial condition may suffer. As our customer base continues to grow, we likely will need to expand our professional services and other personnel, and maintain and enhance our existing partner network, to provide a high level of customer service. We also will need to effectively manage our direct and indirect sales processes as the number and type of our sales personnel and partner network continues to grow and become more complex and as we continue to expand into new geographies and vertical markets. This complexity is further driven by the various ways in which we sell our solutions, including on a per identity and per module basis through perpetual and term licenses, SaaS and other subscription services. If we do not effectively manage the increasing complexity of our business and operations, the quality of our solutions and customer service could suffer, and we may not be able to adequately address competitive challenges. These factors could impair our ability, and our channel partners' ability, to attract new customers, retain existing customers, expand our customers' use of existing solutions and adoption of more of our solutions and continue to provide high levels of customer service, all of which would adversely affect our reputation, overall business, operations, operating results and financial condition.

Corporate Activity and Growth - Risk 2

We may acquire or invest in companies, which may divert our management's attention and result in additional dilution to our stockholders. We may be unable to integrate acquired businesses and technologies successfully or achieve the expected benefits of such acquisitions, and acquisitions, particularly of development stage companies, may adversely affect our operating results and liquidity as well as our ability to meet expectations.

Our success will depend, in part, on our ability to expand our solutions and services and grow our business in response to changing technologies, customer demands and competitive pressures. In some circumstances, we may choose to do so through the acquisition of, or investment in, new or complementary businesses and technologies rather than through internal development. As a function of the industry in which we operate, we may acquire development stage companies that are not yet profitable, and that require continued investment, which could adversely affect our results of operations and liquidity as well as our ability to meet expectations, particularly if they were formulated prior to such acquisitions. Development stage companies generally involve a higher degree of risk and have not been proven, require additional capital to develop, and typically do not generate enough revenue to offset increased expenses associated therewith. The identification of suitable acquisition or investment candidates can be difficult, time-consuming and costly, and we may not be able to successfully complete identified acquisitions or investments. The risks we face in connection with acquisitions and/or investments include difficulties integrating the new businesses, technologies, or personnel, distractions to management, adverse tax consequences, claims and disputes by stockholders, and the assumption of debt or other liabilities, among other things. The occurrence of any of these or other risks could prevent us from realizing the anticipated benefits of an acquisition and could adversely affect our business, operating results and financial condition.

Corporate Activity and Growth - Risk 3

We have experienced rapid growth in recent periods, and our recent growth rates may not be indicative of our future growth.

We have experienced rapid growth in recent years. Our revenue grew from $288.5 million to $439.0 million from the year ended December 31, 2019 to the year ended December 31, 2021. In future periods, we may not be able to sustain revenue growth consistent with recent history, or at all. We believe our revenue growth depends on a number of factors, including (i) our ability to attract new customers and retain and increase sales to existing customers; (ii) our ability to, and the ability of our channel partners to, successfully deploy and implement our solutions, increase our existing customers' use of our solutions and provide our customers with excellent customer support; (iii) our ability to develop our existing solutions and introduce new solutions; (iv) our ability to hire and retain substantial numbers of new sales and marketing, research and development and general and administrative personnel, and expand our global operations; and (v) our ability to increase the number of our technology partners. If we are unable to achieve any of these requirements, our revenue growth will be adversely affected. In addition, as discussed below, our revenue growth may be materially and adversely affected during any period of significant shifts to subscription-based arrangements.

Corporate Activity and Growth - Risk 4

Added

The Merger, the pendency of the Merger or our failure to complete the Merger could have a material adverse effect on our business, results of operations, financial condition and stock price.

On April 10, 2022, we entered into the Merger Agreement with Parent and Merger Sub, providing for our acquisition by affiliates of a fund advised by private equity investment firm Thoma Bravo. Completion of the Merger is subject to the satisfaction of various conditions, including (1) regulatory approvals, (2) the absence of any order, injunction or law prohibiting the Merger, (3) the accuracy of the other party's representations and warranties, subject to certain materiality standards set forth in the Merger Agreement, (4) compliance in all material respects with the other party's obligations under the Merger Agreement, and (5) no Company Material Adverse Effect (as defined in the Merger Agreement) having occurred since the date of the Merger Agreement. There is no assurance that all of the various conditions will be satisfied, or that the Merger will be completed on the proposed terms, within the expected timeframe, or at all. Furthermore, there are additional inherent risks in the Merger, including the risks detailed below. During the period prior to the closing of the Merger, our business is exposed to certain inherent risks due to the effect of the announcement or pendency of the Merger on our business relationships, financial condition, operating results and business, including: - potential uncertainty in the marketplace, which could lead current and prospective customers to purchase offerings from other providers or delay purchasing from us;- the possibility of disruption to our business and operations, including diversion of management attention and resources;- increased difficulty in attracting and retaining key personnel due to uncertainty regarding the Merger;- the inability to pursue alternative business opportunities or make changes to our business pending the completion of the Merger, and other restrictions on our ability to conduct our business;- the amount of the costs, fees, expenses and charges related to the Merger Agreement and the Merger; and - other developments beyond our control. The Merger may be delayed, and may ultimately not be completed, due to a number of factors, including: - the failure to obtain regulatory approvals from governmental entities (or the imposition of any conditions, limitations or restrictions on such approvals);- potential future stockholder litigation and other legal and regulatory proceedings, which could delay or prevent the Merger;- the failure to satisfy the other conditions to the completion of the Merger, including the possibility that a material adverse effect on our business would permit Parent not to close the Merger; and - changes in domestic or global economic conditions that may affect the timing or success of the Merger. If the Merger does not close, our business and stockholders would be exposed to additional risks, including: - to the extent that the current market price of our common stock reflects an assumption that the Merger will be completed, the price of our common stock could decrease if the Merger is not completed;- investor confidence could decline, stockholder litigation could be brought against us, relationships with existing and prospective customers, service providers, investors, lenders and other business partners may be adversely impacted, we may be unable to retain key personnel, and profitability may be adversely impacted due to costs incurred in connection with the pending Merger; and - the requirement that we pay a termination fee of $212.5 million if the Merger Agreement is terminated in certain circumstances, including by the Company to enter into a superior proposal or by Parent because the Board withdraws its recommendation in favor of the Merger. Even if successfully completed, there are certain risks to our stockholders from the Merger, including: - the amount of cash to be paid under the Merger Agreement is fixed and will not be adjusted for changes in our business, assets, liabilities, prospects, outlook, financial condition or operating results or in the event of any change in the market price of, analyst estimates of, or projections relating to, our common stock;- the fact that receipt of the all-cash per share merger consideration under the Merger Agreement is taxable to stockholders that are treated as U.S. holders for U.S. federal income tax purposes; and - the fact that, if the Merger is completed, our stockholders will forego the opportunity to realize the potential long-term value of the successful execution of our current strategy as an independent company.

Corporate Activity and Growth - Risk 5

A shift in our business from selling perpetual licenses to selling SaaS and term licenses could materially and adversely affect our financial condition, operating results and liquidity, and our business, financial condition, operating results and prospects could be materially and adversely affected if we fail to successfully manage this shift.

We believe enterprises are increasingly embracing the cloud to house their critical security infrastructure. As a result, a growing number of enterprises are changing their approach to identity security and now prefer SaaS in place of purchasing software via a license and independently operating their identity infrastructure. Our current product strategy reflects our belief in this industry shift. In connection with this transition, as we sell more subscription-based arrangements, our license revenue has been and will likely continue to be negatively impacted. In a subscription-based arrangement with a customer, we typically: - recognize revenue (i) ratably over the term of the applicable agreement if the software is delivered as a service, whereas we typically recognize revenue from perpetual licenses upfront upon delivering the applicable license, or (ii) upfront if the software is purchased as a term license, but for an amount less than we would charge for a perpetual license given the finite term of the term license; meaning in each case that for a given customer, we will initially recognize less revenue if our software is delivered via a subscription-based arrangement rather than as a perpetual license; and - invoice the customer for subscription fees annually, and at an amount less than we would charge initially for a perpetual license, meaning that for a given customer, initially our billings and our cash flows will decrease. As a result, during any period of significant shifts to subscription-based arrangements, our revenue and cash flows, financial condition, operating results and liquidity may be materially and adversely affected. Additionally, if a greater percentage of our customers purchase our solutions through subscription-based arrangements than we expect in any period, our revenue and earnings will likely fall below expectations for that period and our cash flows may be lower than expected. Furthermore, our business, financial condition, operating results and prospects could be materially and adversely affected if we fail to successfully manage this industry shift, which depends upon our ability to, among other things, properly price our subscription-based arrangements, deliver SaaS, retain our customers, and further develop or acquire related technologies and infrastructure. If the industry shift occurs differently than we anticipate, our business, financial condition, operating results and prospects could be materially and adversely affected.

Tech & Innovation

Total Risks: 8/36 (22%)Above Sector Average

Innovation / R&D1 | 2.8%

Innovation / R&D - Risk 1

If we fail to adapt and respond effectively to rapidly changing technology, evolving industry standards, changing regulations and changing customer needs, requirements or preferences, our platform and solutions may become less competitive.

The market in which we compete is relatively new and subject to rapid technological change, evolving industry standards and changing regulations, as well as changing customer needs, requirements and preferences. The success of our business will depend, in part, on our ability to adapt and respond effectively to these changes on a timely basis. In addition, as our customers' technologies and business plans grow more complex, we expect them to face new and increasing challenges. Our customers require that our solution effectively identifies and responds to these challenges without disrupting the performance of our customers' IT systems. As a result, we must continually modify and improve our products and introduce or acquire new products in response to changes in our customers' IT infrastructures. We may be unable to anticipate future market needs and opportunities or be unable to develop enhancements to our platform or existing solutions or new solutions to meet such needs or opportunities in a timely manner, if at all. Even if we are able to anticipate, develop and commercially introduce enhancements to our platform and existing solutions and new solutions, those enhancements and new solutions may not achieve widespread market acceptance. Our enhancements or new solutions could fail to attain sufficient market acceptance for many reasons.

Trade Secrets2 | 5.6%

Trade Secrets - Risk 1

If we fail to adequately protect our proprietary rights, our competitive position could be impaired, and we may lose valuable assets, generate reduced revenue and incur costly litigation to protect our rights.

We rely on copyrights, trade secret laws, confidentiality procedures, employment proprietary information and inventions assignment agreements, trademarks and patents to protect our intellectual property rights. To protect our trade secrets and proprietary information, we rely in significant part on confidentiality arrangements with our employees, licensees, independent contractors, advisers, channel partners, resellers and customers. These arrangements and other steps we take may not be effective to prevent disclosure of confidential information, including trade secrets, and may not provide an adequate remedy in the event of unauthorized disclosure of confidential information. We may be required to spend significant resources to obtain, monitor and enforce our intellectual property rights. Litigation brought to enforce our intellectual property could be costly, time-consuming and distracting to management and could be met with defenses, counterclaims and countersuits attacking the validity and enforceability of our intellectual property, which may result in the impairment or loss of portions of our intellectual property. The laws of some foreign countries do not protect our intellectual property to the same extent as the laws of the United States, and effective intellectual property protection and mechanisms may not be available in those jurisdictions. We may need to expend additional resources to defend our intellectual property in these countries, and our inability to do so could impair our business or adversely affect our international expansion.

Trade Secrets - Risk 2

We may be subject to intellectual property rights claims by third parties or contractual counterparties, which may be costly to defend, could require us to pay significant damages and could limit our ability to use certain technologies.

Companies in the software and technology industries, including some of our current and potential competitors, own large numbers of patents, copyrights, trademarks and trade secrets and frequently enter into litigation based on allegations of infringement, misappropriation or other violations of intellectual property rights. We have in the past and may in the future be subject to notices that claim we have infringed, misappropriated or misused the intellectual property of our competitors or other third parties, many of which have significantly larger and more mature patent holdings than we do or are patent holding companies whose sole business is to assert such claims. To the extent we increase our visibility in the market, we face a higher risk of being the subject of intellectual property claims. Additionally, we could in the future be subject to claims that we, our employees or our contractors have inadvertently or otherwise used or disclosed trade secrets or other proprietary information of our competitors or other parties. Our agreements with customers and other third parties may include indemnification provisions under which we agree to indemnify them or otherwise be liable for losses suffered or incurred as a result of claims of intellectual property infringement or misappropriation, damages caused by us to property or persons, or other liabilities relating to or arising from our platform, solutions, services or other contractual obligations. Some of these indemnity agreements provide for significant or uncapped liability for which we would be responsible, and some indemnity provisions survive termination or expiration of the applicable agreement. Any dispute with a customer with respect to such obligations could have adverse effects on our relationship with that customer and other existing customers and new customers and adversely affect our business and operating results. Any intellectual property, indemnification or wrongful use or disclosure claims, with or without merit, could be time-consuming and expensive, could require litigation and could divert our management's attention and other resources. These claims could also subject us to significant liability for damages, potentially including treble damages if we are found to have willfully infringed patents or copyrights. These claims could also result in our having to stop using technology found to be in violation of a third party's rights. We might be required to seek a license for the intellectual property, which may not be available on reasonable terms or at all. Even if a license is available, we could be required to pay significant royalties, which would increase our operating expenses. As a result, we may be required to develop alternative non-infringing technology, which could require significant effort and expense. If we cannot license or develop technology for any aspect of our business that may ultimately be determined to infringe on or misappropriate the intellectual property rights of another party, we could be forced to limit or stop sales of licenses to our platform and solutions and may be unable to compete effectively. We could also lose valuable intellectual property rights or key personnel as a result of a wrongful disclosure dispute. Furthermore, we may be subject to indemnification obligations with respect to third-party intellectual property pursuant to our agreements with our channel partners or customers. Any of these results would adversely affect our business, operating results and financial condition.

Cyber Security1 | 2.8%

Cyber Security - Risk 1

Breaches in our security, cyber-attacks or other cyber-risks could expose us to significant liabilities and cause our business and reputation to suffer.

Our operations involve transmission and processing of our customers' and their employees' confidential, proprietary and sensitive information including, in some cases, personally identifiable information. We have legal and contractual obligations to protect the confidentiality and appropriate use of customer data. Despite our security measures, our and our third-party service providers' information technology and infrastructure may be vulnerable to security risks, including unauthorized access to, use or disclosure of customer data, theft of proprietary information, employee error or misconduct, denial of service attacks, loss or corruption of customer data, and computer hacking attacks or other cyber-attacks subsequently originated from our infrastructure. Such events could expose us to substantial litigation expenses and damages, indemnity and other contractual obligations, government fines and penalties, mitigation expenses and other liabilities. Because techniques used to obtain unauthorized access or to sabotage systems change frequently and generally are not recognized until successfully launched against a target, we and our third-party service providers may be unable to anticipate these techniques or reasonably implement adequate preventative measures. For example, we may not be able to stop a complex and sophisticated cyberattack of the type described in the risk factor above. If an actual or perceived breach of our or our third-party service providers' security occurs, the market perception of the effectiveness of our security measures could be harmed, our brand and reputation could be impacted, we could lose potential sales and existing customers, our ability to operate our business could be impaired, and we may incur significant liabilities. Moreover, failure to maintain effective internal accounting controls related to data security breaches and cybersecurity in general could impact our ability to produce timely and accurate financial statements and could subject us to regulatory scrutiny.

Technology4 | 11.1%

Technology - Risk 1

If our platform and solutions do not effectively interoperate with our customers' existing or future IT infrastructures, installations could be delayed or cancelled, which would harm our business.

Our success depends on the interoperability of our platform and solutions with third-party operating systems, applications, data and devices that we have not developed and do not control. Any changes in such operating systems, applications, data or devices that degrade the functionality of our platform or solutions or give preferential treatment to competitive software could adversely affect the adoption and usage of our platform. We may not be successful in adapting our platform or solutions to operate effectively with these applications, data or devices. If it is difficult for our customers to access and use our platform or solutions, or if our platform or solutions cannot connect to a broadening range of applications, data and devices, then our customer growth and retention may be harmed, and our business and operating results could be adversely affected.

Technology - Risk 2

Real or perceived errors, failures, or disruptions, including those caused by cyber-attacks, in our platform and solutions could adversely affect our customers' satisfaction with our solutions and harm our business and industry reputation.

Our platform and solutions are very complex and have contained and may contain undetected defects, vulnerabilities or errors, especially when solutions are first introduced or enhanced. Our platform and solutions are often used in connection with large-scale computing environments with different operating systems, system management software, equipment and networking configurations, which may cause errors or failures of products, or other aspects of the computing environment into which our products are deployed. If our platform and solutions are not implemented or used correctly or as intended, inadequate performance and disruption in service may result. In addition, deployment of our platform and solutions into complicated, large-scale computing environments may expose errors, failures or vulnerabilities in our products. Any such errors, failures, or vulnerabilities may not be found until after they are deployed to our customers. Some of our software and features are powered by ML and AI, which depend on datasets and algorithms that could be flawed, including through inaccurate, insufficient, outdated or biased data. From time to time, we have experienced errors, failures and bugs in our platform that have resulted in customer downtime, and we cannot assure you that we will be able to mitigate future errors, failures, vulnerabilities or bugs in a quick or cost-effective manner. We and our third-party service providers have in the past experienced, and may in the future experience, performance issues due to a variety of factors, including infrastructure changes, human or software errors, website or third-party hosting disruptions or capacity constraints due to a number of potential causes including technical failures, cyber-attacks, security incidents, natural disasters or fraud. We have also been the target of distributed denial-of-service attacks and other cybersecurity attacks that attempt to disrupt our services. If our or our third-party service providers' products or solutions or corporate security are compromised, our website, professional services, customer support or SaaS solutions are unavailable, or there are flaws in our ML and AI processes, our business could be negatively affected. Moreover, if our security measures, products, services or third-party service providers are subject to cyber-attacks that degrade or deny the ability of users to access our website or other products or services, our products or services may be perceived as insecure, and we may incur significant legal and financial exposure. In particular, our cloud-based products may be especially vulnerable to interruptions, performance problems or cyber-attacks. Furthermore, our solutions may not help detect situations in which a valid user identity has been compromised, for example as part of a highly sophisticated cyberattack of the type described below. If we, our third-party service providers, our partners or one or more customers were to suffer a highly publicized breach, even if our platform and solutions perform effectively, such a breach could cause our customers or potential customers to lose trust in our identity governance platform in general, which could cause us to suffer reputational harm, lose existing commercial relationships and customers or deter them from purchasing additional solutions and prevent new customers from purchasing our solutions. Highly publicized cybersecurity events have heightened consumer, legislative and regulatory awareness of these kinds of cybersecurity risks, while further emboldening individuals or groups to target IT systems more aggressively, highlighting the vulnerability of IT supply chains. We continue to invest in the personnel, infrastructure and third-party best practice software solutions and services necessary to mitigate these risks. However, if we are unable to attract and retain personnel with the necessary cybersecurity expertise, or fail to implement sufficient safeguarding measures, we may not be able to prevent, detect, and mitigate potentially disruptive events which could occur in the future. In some instances, we may not be able to identify the cause or causes of these events within an acceptable period of time. Even with these investments, we may not be able to stop a complex and sophisticated cyberattack. Such attacks can be particularly difficult to prevent or fully mitigate when they occur in the supply chain. If we are or become a target of such an attack, we may not be able to prevent, detect and mitigate such an attack, which could cause disruptions in service or other performance problems, hurt our reputation and our ability to attract new customers and retain existing customers, and damage our customers' businesses. Since our customers use our platform and solutions for important aspects of their security environment and operational business, any real or perceived errors, failures or vulnerabilities in our products, or disruptions in service or other performance problems, could hurt our reputation and may damage our customers' businesses. Furthermore, defects, errors, vulnerabilities or failures in our platform or solutions may require us to implement design changes or software updates. Any defects, vulnerabilities or errors in our platform or solutions, or the perception of such defects, vulnerabilities or errors, could result in: (i) expenditure of significant financial and product development resources in efforts to analyze, correct, eliminate or work around errors or defects; (ii) loss of existing or potential customers or channel partners; (iii) delayed or lost revenue; (iv) delay or failure to attain market acceptance; (v) delay in the development or release of new solutions or services; (vi) negative publicity, which will harm our reputation; (vii) an increase in collection cycles for accounts receivable or the expense and risk of litigation; and (viii) harm to our operating results. The contractual protections we have in our standard terms and conditions of sale, such as warranty disclaimers and limitation of liability provisions, may not fully or effectively protect us from claims by customers, commercial relationships or other third parties. Any insurance coverage we may have may not adequately cover all claims asserted against us or cover only a portion of such claims. In addition, even claims that ultimately are unsuccessful could result in our expenditure of funds in litigation and the diverting of management's time and other resources.

Technology - Risk 3

Interruptions with the delivery of our SaaS solutions, or third-party cloud-based systems that we use in our operations, may adversely affect our business, operating results and financial condition.

Our continued growth depends in part on the ability of our existing customers and new customers to access our platform and solutions at any time and within an acceptable amount of time. In addition, our ability to access certain third-party SaaS solutions is important to our operations and the delivery of our customer support and professional services. We have experienced, and may in the future experience, service disruptions, outages and other performance problems both in the delivery of our SaaS solutions and in third-party SaaS solutions we use due to a variety of factors, including infrastructure changes, malicious actors, human or software errors or capacity constraints. In some instances, we may not be able to identify the cause or causes of these performance problems within an acceptable period of time. If our SaaS solutions or the third-party SaaS solutions we depend on are unavailable or if our customers are unable to access features of our SaaS solutions within a reasonable amount of time or at all, our business would be negatively affected. We host our SaaS and other subscription services solutions primarily using AWS data centers. Our related operations depend on protecting the virtual cloud infrastructure hosted in AWS by maintaining its configuration, architecture, features and interconnection specifications, as well as the information stored in these virtual data centers and which third-party internet service providers transmit. Although we have disaster recovery plans that utilize multiple AWS locations, any incident affecting their infrastructure that may be caused by fire, flood, severe storm, earthquake or other natural disasters, cyber-attacks, terrorist or other attacks, public health issues or other similar events beyond our control could negatively affect our SaaS platform. A prolonged AWS service disruption affecting our SaaS platform for any of the foregoing or other reasons would negatively impact our ability to serve our customers and could damage our reputation with current and potential customers, expose us to liability, cause us to lose customers or otherwise harm our business. We may also incur significant costs for using alternative equipment or taking other actions in preparation for, or in reaction to, events that damage the AWS services we use, which would also likely require significant investments of time. In addition, AWS may terminate the agreement by providing 30 days' prior written notice and may, in some cases, terminate the agreement immediately for cause upon notice. In the event that our AWS service agreements are terminated, or there is a lapse of service, elimination of AWS services or features that we utilize, interruption of internet service provider connectivity or damage to such facilities, we could experience interruptions in access to our platform as well as significant delays and additional expense in arranging or creating new facilities and services and/or re-architecting our SaaS solutions for deployment on a different cloud infrastructure service provider, which may adversely affect our business, operating results and financial condition.

Technology - Risk 4

Our use of "open source" software could negatively affect our ability to sell our solutions and subject us to possible litigation.

Some aspects of our platform and solutions are built using open source software, and we intend to continue to use open source software in the future. From time to time, we contribute software source code to open source projects under open source licenses or release internal software projects under open source software licenses and anticipate doing so in the future. The terms of certain open source licenses to which we are subject have not been interpreted by U.S. or foreign courts, and there is a risk that open source software licenses could be construed in a manner that imposes unanticipated conditions or restrictions on our ability to monetize our products. Additionally, we may from time to time face claims from third parties claiming ownership of, or demanding release of, the open source software or derivative works that we developed using such software, which could include our proprietary source code, or otherwise seeking to enforce the terms of the applicable open source software license. These claims could result in litigation and could require us to make our software source code freely available, purchase a costly license or cease offering the implicated services unless and until we can re-engineer them to avoid infringement or violation. This re-engineering process could require significant additional research and development resources, and we may not be able to complete it successfully. In addition to risks related to license requirements, use of certain open source software can lead to greater risks than use of third-party commercial software, as open source licensors generally do not provide warranties or controls on the origin of software and, thus, may contain security vulnerabilities or broken code. Any of these risks could be difficult to eliminate or manage, and if not addressed, could have a negative effect on our business, operating results and financial condition.

Ability to Sell

Total Risks: 7/36 (19%)Above Sector Average

Competition1 | 2.8%

Competition - Risk 1

We face intense competition in our market, both from larger, well established companies and from emerging companies, and we may lack sufficient financial and other resources to maintain and improve our competitive position.

The market for identity and data governance solutions is intensely competitive and is characterized by constant change and innovation. We face competition from large, well-known enterprise software vendors that offer identity solutions within their product portfolios, pure play identity vendors (including new market entrants) and vendors with whom we have not traditionally competed but who may either introduce new products or incorporate features into existing products that compete with our solutions. Many of our competitors are larger, have greater resources and existing customer relationships, and may be able to compete and respond more effectively than we can to new or changing opportunities, technologies, standards or customer requirements. Our competitors may also seek to extend or supplement their existing offerings to provide identity and data governance solutions that more closely compete with our offerings. Potential customers may also prefer to purchase, or incrementally add solutions, from their existing suppliers rather than a new or additional supplier regardless of product performance or features. In addition, merger and acquisition transactions in the technology industry continue to occur, particularly transactions involving cloud-based technologies. Accordingly, there is a greater likelihood that we will compete with other large technology companies in the future. Continued industry consolidation may adversely impact customers' perceptions of the viability of small and medium-sized technology companies and consequently their willingness to purchase from those companies. New start-up companies that innovate and competitors that are making significant investments in research and development may invent similar or superior products and technologies that compete with our products, and our business could be materially and adversely affected if such technologies or products are widely adopted. These competitive pressures in our market or our failure to compete effectively may result in price reductions, fewer orders, reduced revenue and gross margins, increased net losses, and loss of market share. Any failure to meet and address these factors could adversely affect our business, financial condition and operating results.

Demand1 | 2.8%

Demand - Risk 1

Our business depends, in part, on sales to the public sector, and significant changes in the contracting or fiscal policies of the public sector could have an adverse effect on our business.

We derive a portion of our revenue from sales of our solutions to federal, state, local and foreign governments, and we believe that the success and growth of our business will continue to depend in part on our successful procurement of government contracts. Factors that could impede our ability to maintain or increase the amount of revenue derived from government contracts include: (i) changes in fiscal or contracting policies; (ii) decreases in available government funding; (iii) changes in government programs or applicable requirements; (iv) the adoption of new laws or regulations or changes to existing laws or regulations; and (v) potential delays or changes in the government appropriations or other funding authorization processes. The occurrence of any of the foregoing could cause governments and governmental agencies to delay or refrain from purchasing our solutions or otherwise have an adverse effect on our business, operating results and financial condition.

Sales & Marketing4 | 11.1%

Sales & Marketing - Risk 1

If we fail to meet contractual commitments related to response time, service level commitments or quality of professional services, we could be obligated to provide credits for future service, or face contract termination, which could adversely affect our business, operating results and financial condition.

Depending on the products purchased, our customer agreements contain service level agreements, under which we guarantee specified availability of our platform and solutions. If we are unable to meet the stated service level commitments to our customers or suffer extended periods of unavailability of our SaaS solutions or other subscription services, we may be contractually obligated to provide affected customers with service credits or customers could elect to terminate and receive refunds for prepaid amounts. In addition, if the quality of our professional services does not meet contractual requirements, we may be required to re-perform the services at our expense or refund amounts paid for the services. Any failure to meet these contractual commitments could adversely affect our revenue, operating results and financial condition and any failure to meet service level commitments or extended service outages of our SaaS solutions or other subscription services could adversely affect our business and reputation as customers may elect not to renew and we could lose future sales.

Sales & Marketing - Risk 2

If we are unable to maintain successful relationships with our channel partners, our ability to market, sell and distribute our solutions will be limited and our business, financial condition and operating results could be adversely affected.

We derive a significant portion of our revenue from sales influenced or made through our channel partner network and expect these sales to continue to grow for the foreseeable future. Our channel partners provide implementation and other services to our customers in exchange for fees paid by those customers. We may not achieve anticipated revenue growth from our channel partners if we are unable to retain our existing channel partners and expand their sales or add additional motivated channel partners. Our arrangements with our channel partners are generally non-exclusive, meaning they may offer customers the products of several different companies, including products that compete with our platform and solutions. If our channel partners do not effectively market and sell our solutions, choose to use greater efforts to market and sell our competitors' products or services, fail to meet the needs of our customers, or cease marketing our products or providing services to us, our ability to grow our business and sell our solutions may be adversely affected. If we are unable to maintain our relationships with these channel partners, our business, financial condition and operating results could be adversely affected. We also collaborate with adjacent technology vendors to offer comprehensive solutions to our customers. If we do not effectively collaborate with them, or if they elect to terminate their relationship with us or develop and market solutions that compete with our solutions, our growth may be adversely affected.

Sales & Marketing - Risk 3

Our future revenues and operating results will be harmed if we are unable to acquire new customers, if our customers do not renew their arrangements with us, or if we are unable to expand sales to our existing customers or develop new solutions that achieve market acceptance.

To continue to grow our business, it is important that we continue to acquire new customers to purchase and use our solutions. Our success in adding new customers depends on numerous factors, including our ability to (i) offer a compelling identity security platform and solutions, (ii) execute an effective sales and marketing strategy, (iii) attract, effectively train and retain new sales, marketing, professional services and support personnel in the markets we pursue, (iv) develop or expand relationships with channel partners, including systems integrators, resellers and technology partners, (v) expand into new geographies and vertical markets, (vi) deploy our platform and solutions for new customers and (vii) provide quality customer support once deployed. As a result of the COVID-19 pandemic, we shifted all customer events to virtual-only experiences in 2020. In 2021, we resumed certain in-person and hybrid events, but we expect that for the foreseeable future some of our customer events will be virtual-only or hybrid experiences. Although the level of attendance at our virtual-only and hybrid events has been generally consistent with or greater than our in-person events, it is possible that the level of prospective customer engagement, and thus conversion into sales, is lower at such events. It is important to our continued growth that our customers renew their arrangements when existing contract terms expire. Our customers have no obligation to renew their maintenance and support, SaaS, and/or term-license agreements, and our customers may decide not to renew these agreements with a similar contract period, at the same prices and terms or with the same or a greater number of identities. Our customer retention and expansion is difficult to accurately predict and may decline or fluctuate as a result of a number of factors. Our ability to increase revenue also depends in part on our ability to increase the number of identities governed with our solutions and sell more modules and solutions to our existing and new customers. If we are unable to successfully acquire new customers, retain our existing customers, expand sales to existing customers or introduce new solutions, our business, financial condition and operating results could be adversely affected. The adverse effect on our financial results may be particularly acute because of the significant research, development, marketing, sales and other expenses we will have incurred in connection with the new solutions.

Sales & Marketing - Risk 4

Our sales cycle is long and unpredictable, and our sales efforts require considerable time and expense.

The length and unpredictability of the sales cycle for our offerings makes it difficult to identify a regular cadence to our sales and the related revenue recognition. We and our channel partners are often required to spend significant time and resources to better educate and familiarize potential customers with the value proposition of our platform and solutions. Customers often view the purchase of our solutions as a strategic decision and significant investment and, as a result, frequently require considerable time to evaluate, test and qualify our platform and solutions prior to purchasing our solutions. During the sales cycle, we expend significant time and money on sales and marketing and contract negotiation activities, which ultimately may not result in a sale. Additional factors that may influence the length and variability of our sales cycle include: (i) the discretionary nature of purchasing and budget cycles and decisions; (ii) lengthy purchasing approval processes; (iii) the evaluation of competing products during the purchasing process; (iv) time, complexity and expense involved in replacing existing solutions; (v) announcements or planned introductions of new products features or functionality by our competitors or of new solutions or modules by us; (vi) the practice of large enterprises often driving their purchasing cycles based on internal factors rather than marketing cycles; and (viii) evolving functionality demands. If our efforts in pursuing sales and customers are unsuccessful, or if our sales cycles lengthen, our revenue could be lower than expected, which would have an adverse effect on our business, operating results and financial condition.

Brand / Reputation1 | 2.8%

Brand / Reputation - Risk 1

If we are not able to maintain and enhance our brand or reputation as an industry leader and innovator, our business and operating results may be adversely affected.

We believe that maintaining and enhancing our reputation as a leader and innovator in the market for identity and data governance solutions is critical to our relationship with our existing customers and our ability to attract new customers. The successful promotion of our brand attributes will depend on a number of factors, including our marketing efforts, our ability to continue to develop high-quality features and solutions for our platform and our ability to successfully differentiate our platform and solutions from competitive products and services. Our brand promotion activities may not be successful or yield increased revenue. In addition, independent industry analysts often provide reports of our platform and solutions, as well as products and services of our competitors, and perception of our platform and solutions in the marketplace may be significantly influenced by these reports. If these reports are negative, or less positive as compared to those of our competitors' products and services, our reputation may be adversely affected. If we do not successfully maintain and enhance our brand and reputation, our business and operating results may be adversely affected.

Legal & Regulatory

Total Risks: 3/36 (8%)Below Sector Average

Regulation1 | 2.8%

Regulation - Risk 1

If our products fail to help our customers achieve and maintain compliance with certain government regulations and industry standards, our business and operating results could be materially and adversely affected.

We believe we generate a portion of our revenues from our products and services because our customers use our products and services as part of their efforts to achieve and maintain compliance with certain government regulations and industry standards, and we expect that will continue for the foreseeable future. Examples of industry standards and government regulations include the Payment Card Industry Data Security Standard; the Federal Information Security Management Act and associated National Institute for Standards and Testing Network Security Standards; the Sarbanes-Oxley Act of 2002; Title 21 of the U.S. Code of Federal Regulations, which governs food and drugs industries; the North American Electric Reliability Corporation Critical Infrastructure Protection Plan; the GDPR; the German Federal Financial Supervisory Authority Minimum Requirements for Risk Management; and the Monetary Authority of Singapore's Technology Risk Management Notices. These industry standards may change with little or no notice, including changes that could make them more or less onerous for businesses. In addition, governments may also adopt new laws or regulations, or make changes to existing laws or regulations, that could affect whether our customers believe our solution assists them in maintaining compliance with such laws or regulations. If our solutions fail to expedite our customers' compliance initiatives, our customers may lose confidence in our products and could switch to products offered by our competitors. In addition, if government regulations and industry standards related to IT security are changed in a manner that makes them less onerous, our customers may view compliance as less critical to their businesses, and our customers may be less willing to purchase our products and services. In either case, our sales and financial results would suffer.

Taxation & Government Incentives1 | 2.8%

Taxation & Government Incentives - Risk 1

The impact of various tax laws and regulations, including our failure to comply therewith, could have a negative impact on our operating results and financial condition.

We are subject to tax laws and regulations, both in the United States and internationally, which are complex and may change over time. Compliance with such laws and regulations may have negative impacts on our operating results and financial condition, and our efforts to comply in a timely manner may prove inadequate. For example, (i) comprehensive U.S. federal tax reform legislation could adversely affect our business and financial condition; (ii) changes in existing financial accounting standards or practices, or taxation rules or practices, may harm our operating results; (iii) our business may be subject to additional obligations to collect and remit sales tax, value-added and other taxes, and we may be subject to tax liability for past sales; (iv) our corporate structure and intercompany arrangements are subject to the tax laws of various jurisdictions, and we could be obligated to pay additional taxes, which would harm our operating results; and (v) our ability to use net operating losses and other tax attributes to offset future taxable income may be subject to certain limitations. Additionally, forecasting our estimated annual effective tax rate for financial accounting purposes is complex and subject to uncertainty, and there may be material differences between our forecasted and actual tax rates. Any of these circumstances could have a material impact on our results of business, financial condition and results of operations.

Environmental / Social1 | 2.8%

Environmental / Social - Risk 1

Any actual or perceived failure by us to comply with our privacy commitments or legal or regulatory data protection requirements in one or multiple jurisdictions could result in proceedings, actions or penalties against us, as well as a loss of goodwill.

Our customers' storage and use of data concerning, among others, their employees, contractors, customers and partners is essential to their use of our platform and solutions. We have implemented various features intended to enable our customers to better secure their information and comply with applicable privacy and security requirements in their collection and use of data, but these features do not ensure their compliance and may not be effective against all potential privacy and data security concerns. A wide variety of domestic and foreign laws and regulations apply to the collection, use, retention, protection, disclosure, transfer, disposal and other processing of personal data. In particular, we function as a HIPAA "business associate" for certain of our customers and, as such, are subject to strict privacy and data security requirements. We are also subject to the GDPR. These and other applicable data protection and privacy-related laws and regulations are evolving and may result in regulatory and public scrutiny and escalating levels of enforcement and sanctions. See Part I, Item 1. "Business-Government Regulations" for more information. Our failure to comply with contractual obligations or applicable laws and regulations, or to protect any personal or other customer data, could result in enforcement actions against us, including regulatory fines or other civil or criminal liability, as well as claims for damages, contractual or otherwise, by customers and other affected individuals, damage to our reputation and loss of goodwill (both in relation to existing customers and prospective customers), any of which could adversely affect our business, operating results, financial performance and prospects. In addition, we are subject to certain contractual obligations and have made privacy commitments, including in privacy policies, regarding our collection, use, storage, transfer, disclosure, disposal or processing of personal data. As a company that supports customer privacy and security objectives, even the perception of a failure by us to comply with our privacy commitments, whether or not valid, may harm our reputation, inhibit adoption of our solutions by current and future customers or adversely impact our ability to attract and retain workforce talent. Additionally, a failure or perceived failure to comply with privacy commitments could lead to regulator or civil claims if our commitments are found to be deceptive or otherwise misrepresentative of our actual policies and practices. Loss, retention or misuse of certain information and alleged violations of laws and regulations relating to privacy and data security, and any relevant claims, may expose us to potential liability and may require us to expend significant resources on data security and in responding to and defending such allegations and claims. In addition, future laws, regulations, standards and other obligations, and changes in the interpretation of existing laws, regulations, standards and other obligations could impair our customers' ability to collect, use or disclose data relating to individuals, which could decrease demand for our platform and solutions, increase our costs and impair our ability to maintain and grow our customer base and increase our revenue. This includes evolutions in definitions of what constitutes "Personal Information" and "Personal Data" subject to privacy laws, especially relating to classification of IP addresses, machine or device identification numbers, location data and other information. Changes in the law may limit or inhibit our ability to offer certain products or features, limit the growth of features and/or development of new products and services supported by AI or machine learning, or limit our ability to operate or expand our business and develop technology alliance relationships that may involve the sharing of data. Around the world, there are numerous lawsuits in process against various technology companies that process personal data. If those lawsuits are successful, it could increase the likelihood that our company may be exposed to liability for our own policies and practices concerning the processing of personal data and could hurt our business. Furthermore, the costs of compliance with, and other burdens imposed by laws, regulations and policies concerning privacy and data security that are applicable to the businesses of our customers may limit the use and adoption of our platform or solutions and reduce overall demand for them. Privacy concerns, whether or not valid, may inhibit market adoption of our platform. Additionally, concerns about security or privacy may result in the adoption of new legislation that restricts the implementation of technologies like ours or requires us to make modifications to our platform, which could significantly limit the adoption and deployment of our technologies or result in significant expense to modify our platform.

Production

Total Risks: 2/36 (6%)Below Sector Average

Employment / Personnel1 | 2.8%

Employment / Personnel - Risk 1

Our success depends on the experience and expertise of our senior management team and key employees. If we are unable to hire, retain, train and motivate our personnel, our business, operating results and prospects may be harmed.

Our success has depended, and continues to depend, on the efforts and talents of our senior management team and key employees, including our engineers, product managers, sales and marketing personnel and professional services personnel. Our future success will also depend upon our continued ability to identify, hire and retain additional skilled and highly-qualified personnel, which will require significant time, expense and attention. Competition for such highly-skilled personnel is intense, and we may need to invest significant amounts of cash and equity to attract and retain new employees. If we do not succeed in attracting well-qualified employees or retaining and motivating existing employees, or if we lose one or more members of our senior management team, our business, operating results and prospects could be adversely affected.

Supply Chain1 | 2.8%

Supply Chain - Risk 1

We use third-party licensed software in or with our solutions, and the inability to maintain these licenses or issues with the software we license could result in increased costs or reduced service levels, which would adversely affect our business.

Our solutions include software or other intellectual property licensed from third parties, and we otherwise use software and other intellectual property licensed from third parties in our business. We anticipate that we will continue to rely on such third-party software and intellectual property in the future. This exposes us to risks over which we may have little or no control. The third-party software we currently license may not always be available, and we may not have access to alternative third-party software on commercially reasonable terms. In addition, a third party may assert that we or our customers are in breach of the terms of a license, which could, among other things, give such third party the right to terminate a license or seek damages from us, or both. Our inability to obtain or maintain certain licenses or other rights or to obtain or maintain such licenses or rights on favorable terms, or the need to engage in litigation regarding these matters, could result in delays in releases of new solutions, and could otherwise disrupt our business, until equivalent technology can be identified, licensed or developed, if at all. Also, to the extent that our platform and solutions depend upon the successful operation of third-party software in conjunction with our software, any undetected errors, vulnerabilities, compromises or defects in such third-party software could prevent the deployment or impair the functionality of our platform, delay new feature introductions, result in a failure of our platform and injure our reputation.

Macro & Political

Total Risks: 2/36 (6%)Below Sector Average

International Operations1 | 2.8%

International Operations - Risk 1

Because our long-term success depends, in part, on our ability to expand the sales and marketing of our platform and solutions to customers located outside of the United States, and we perform a significant portion of our development outside of the United States, our business will be susceptible to risks associated with international operations.

At December 31, 2021, we had customers in 65 countries and personnel in 18 countries, and we intend to continue expanding our international sales and marketing operations. Conducting international operations requires significant management attention and financial resources and subjects us to risks that we do not generally face in the United States. These risks include: (i) heightened risks of unethical, unfair or corrupt business practices, actual or claimed, in certain geographies and of improper or fraudulent sales arrangements; (ii) political instability, war, armed conflict or terrorist activities; (iii) public health issues, including outbreaks of contagious diseases or illnesses; (iv) currency fluctuations; (v) laws imposing heightened restrictions on data usage and increased penalties for failure to comply with applicable laws, particularly in the EU; (vi) risks associated with trade restrictions and foreign import requirements; (vii) potentially different pricing environments, longer sales cycles and longer accounts receivable payment cycles and collections issues; (viii) management communication and integration problems resulting from cultural differences and geographic dispersion; (ix) increased turnover of international personnel as compared to our domestic operations; (x) potentially adverse tax consequences, including multiple and possibly overlapping tax structures, the complexities of foreign value added tax systems, restrictions on the repatriation of earnings and changes in tax rates; (xi) changes in global trade policies, such as the United Kingdom's exit from the EU, trade disputes and increased tariffs between the United States and China, or other political, cultural or economic developments; (xii) greater difficulty in enforcing contracts, accounts receivable collection and longer collection periods; (xiii) the uncertainty and limitation of protection for intellectual property rights in some countries; and (xiv) increased financial accounting and reporting burdens and complexities. We have employees and contractors in locations throughout Europe and Asia. If the global effect of Russia's recent invasion of Ukraine and the ensuing armed conflict escalates or expands, our ability to conduct business in these regions could be adversely impacted, potentially resulting in delays to product development, sales and marketing, and other key business functions. Additionally, in light of reports of an increase in Russian cyber-attacks in connection with the current armed conflict, we may face a heightened risk of state-sponsored cyber-attacks in the near term.

Natural and Human Disruptions1 | 2.8%

Natural and Human Disruptions - Risk 1

The COVID-19 pandemic continues to affect populations and businesses worldwide and may materially affect how we and our customers operate, and the duration and extent to which these effects may impact our future results of operations and overall financial performance remains uncertain.

The emergence of the novel coronavirus as a global pandemic in late 2019 and the devastating effects of COVID-19 throughout 2020 and 2021 and into 2022 have caused substantial disruption to populations, including markets and economies, worldwide. Governments and public health officials continue to recommend and impose significant regulations and restrictions designed to protect human life, but which have simultaneously had (and are expected to continue to have) serious adverse impacts on domestic and foreign economies. As new variants of the coronavirus continue to emerge with varying effects around the world, it remains difficult to predict the scope and duration of the effects of the coronavirus. While we believe that the pandemic has not had an immediate material adverse impact on our financial performance, our business may yet be negatively impacted by the COVID-19 pandemic as the duration of the pandemic and the scope of its effects ultimately remain unknown. The conditions caused by the COVID-19 pandemic have in some cases affected, and may continue to affect, the rate of IT spending by our current and prospective customers, impacting some of our customers' ability and willingness to purchase our offerings, in some instances delaying prospective customers' purchasing decisions, delaying the provisioning of our offerings and causing some customers to fail to make timely payments. We have seen an immaterial number of customer requests, and may continue to see similar requests, to lengthen payment terms or reduce the value or duration of subscription contracts, and for those customers that prefer we provide on-site consulting services, we have generally been unable to do so during the pandemic due to local and regional restrictions, instead providing those services virtually. Given the nature and significance of the circumstances created by the coronavirus, we are not able to enumerate all potential risks to our business; however, we believe that in addition to the impacts described above, other potential impacts of the global pandemic include: (i) an increased likelihood of interruptions with the delivery of our SaaS solutions, other subscription services or third-party cloud-based systems that we use in our operations; (ii) a decrease in the volume of sales through our channel partners due to changes to their business models as a result of COVID-19; (iii) cybersecurity issues, as digital technologies may become more vulnerable and experience a higher rate of cyberattacks in the current environment of remote connectivity; (iv) risk of stockholder lawsuits arising from volatility in the trading price of our common stock and other securities-related claims; (v) litigation risk and possible loss contingencies related to COVID-19 and its impact, including with respect to commercial contracts, employee matters and insurance arrangements; (vi) changes to our culture and workforce to adjust to market conditions and as a result of increased remote connectivity; (vii) potentially higher borrowing costs or we may not be able to raise capital on terms acceptable to us or at all in the future; (viii) impairments and other accounting charges if demand for our services and products decreases; and (ix) infections and quarantining of our employees and the personnel of our customers, suppliers and other third parties in areas in which we operate. The duration and extent of the impact from the COVID-19 pandemic depends on future developments, including the effectiveness and acceptance of vaccinations and therapeutics as they are developed and distributed and the nature and number of variants of the coronavirus that emerge, that cannot be accurately predicted at this time. If we are not able to respond to and manage the impact of such events effectively, our business will be harmed. To the extent the COVID-19 pandemic adversely affects our business and financial results, it may also have the effect of heightening many of the other risks set forth in these "Risk Factors," such as those relating to our financial performance and debt obligations.

See a full breakdown of risk according to category and subcategory. The list starts with the category with the most risk. Click on subcategories to read relevant extracts from the most recent report.

FAQ

What are “Risk Factors”?

Risk factors are any situations or occurrences that could make investing in a company risky.

The Securities and Exchange Commission (SEC) requires that publicly traded companies disclose their most significant risk factors. This is so that potential investors can consider any risks before they make an investment.

They also offer companies protection, as a company can use risk factors as liability protection. This could happen if a company underperforms and investors take legal action as a result.

It is worth noting that smaller companies, that is those with a public float of under $75 million on the last business day, do not have to include risk factors in their 10-K and 10-Q forms, although some may choose to do so.

How do companies disclose their risk factors?

Publicly traded companies initially disclose their risk factors to the SEC through their S-1 filings as part of the IPO process.

Additionally, companies must provide a complete list of risk factors in their Annual Reports (Form 10-K) or (Form 20-F) for “foreign private issuers”.

Quarterly Reports also include a section on risk factors (Form 10-Q) where companies are only required to update any changes since the previous report.

According to the SEC, risk factors should be reported concisely, logically and in “plain English” so investors can understand them.

How can I use TipRanks risk factors in my stock research?

Use the Risk Factors tab to get data about the risk factors of any company in which you are considering investing.

You can easily see the most significant risks a company is facing. Additionally, you can find out which risk factors a company has added, removed or adjusted since its previous disclosure. You can also see how a company’s risk factors compare to others in its sector.

Without reading company reports or participating in conference calls, you would most likely not have access to this sort of information, which is usually not included in press releases or other public announcements.

A simplified analysis of risk factors is unique to TipRanks.

What are all the risk factor categories?

TipRanks has identified 6 major categories of risk factors and a number of subcategories for each. You can see how these categories are broken down in the list below.

1. Financial & Corporate

Accounting & Financial Operations - risks related to accounting loss, value of intangible assets, financial statements, value of intangible assets, financial reporting, estimates, guidance, company profitability, dividends, fluctuating results.
Share Price & Shareholder Rights – risks related to things that impact share prices and the rights of shareholders, including analyst ratings, major shareholder activity, trade volatility, liquidity of shares, anti-takeover provisions, international listing, dual listing.
Debt & Financing – risks related to debt, funding, financing and interest rates, financial investments.
Corporate Activity and Growth – risks related to restructuring, M&As, joint ventures, execution of corporate strategy, strategic alliances.

2. Legal & Regulatory

Litigation and Legal Liabilities – risks related to litigation/ lawsuits against the company.
Regulation – risks related to compliance, GDPR, and new legislation.
Environmental / Social – risks related to environmental regulation and to data privacy.
Taxation & Government Incentives – risks related to taxation and changes in government incentives.

3. Production

Costs – risks related to costs of production including commodity prices, future contracts, inventory.
Supply Chain – risks related to the company’s suppliers.
Manufacturing – risks related to the company’s manufacturing process including product quality and product recalls.
Human Capital – risks related to recruitment, training and retention of key employees, employee relationships & unions labor disputes, pension, and post retirement benefits, medical, health and welfare benefits, employee misconduct, employee litigation.

4. Technology & Innovation

Innovation / R&D – risks related to innovation and new product development.
Technology – risks related to the company’s reliance on technology.
Cyber Security – risks related to securing the company’s digital assets and from cyber attacks.
Trade Secrets & Patents – risks related to the company’s ability to protect its intellectual property and to infringement claims against the company as well as piracy and unlicensed copying.

5. Ability to Sell

Demand – risks related to the demand of the company’s goods and services including seasonality, reliance on key customers.
Competition – risks related to the company’s competition including substitutes.
Sales & Marketing – risks related to sales, marketing, and distribution channels, pricing, and market penetration.
Brand & Reputation – risks related to the company’s brand and reputation.

6. Macro & Political

Economy & Political Environment – risks related to changes in economic and political conditions.
Natural and Human Disruptions – risks related to catastrophes, floods, storms, terror, earthquakes, coronavirus pandemic/COVID-19.
International Operations – risks related to the global nature of the company.
Capital Markets – risks related to exchange rates and trade, cryptocurrency.

Become an Expert with TipRanks Premium

What am I Missing?

Make informed decisions based on Top Analysts' activity

Know what industry insiders are buying

Get actionable alerts from top Wall Street Analysts

Find out before anyone else which stock is going to shoot up

Get powerful stock screeners & detailed portfolio analysis

Subscribe Now See Plans & Pricing