Sezzle Inc. (SEZL) Risk Factors

We operate in a highly competitive and dynamic industry with a low barrier to entry, which makes increased competition more likely. Our technology platform faces competition from a variety of existing businesses and new market entrants, including competitors with BNPL products and those who enable transactions and commerce via digital payments. Despite any competitive advantage we may have, there is always a risk of new entrants in the market, which may disrupt our business and decrease our market share. We expect competition to intensify in the future, both as emerging technologies continue to enter the marketplace and as large financial institutions increasingly seek to innovate their offered services. Technological advances and the continued growth of e-commerce activities have increased consumers' accessibility to products and services and led to the expansion of competition in digital payment options such as pay-over-time solutions. We face competition in areas such as: flexibility on payment options; duration, simplicity, and transparency of payment terms; reliability and speed in processing applications; underwriting effectiveness; compliance and security; promotional offerings; fees; approval rates; ease-of-use; marketing expertise; service levels; products and services; technological capabilities and integration; customer service; brand and reputation; and consumer and merchant satisfaction. In addition, it may be become more difficult to distinguish our platform, and products and services, from those of our competitors. Some of our competitors are substantially larger than we are, which gives those competitors advantages we do not have, such as a more diversified product, a broader consumer and merchant base, the ability to reach more consumers, the ability to cross-sell their products, operational efficiencies, the ability to cross-subsidize their offerings through their other business lines, more versatile technology platforms, the ability to acquire competitors, broad-based local distribution capabilities, and lower-cost funding. Our competitors may also have longer operating histories, more extensive and broader consumer and merchant relationships, and greater brand recognition and brand loyalty than we have. For example, more established companies that possess large, existing consumer and merchant bases, substantial financial resources, and established distribution channels could enter the market. Further, consumers' increased usage of BNPL platforms in recent years may encourage more of such competitors that may be in a better position, due to financial and other resources, to attract merchants and customers to their platforms. Increased competition, particularly for large, well-known merchants, has in the past resulted and will result in the need for us to alter the pricing we offer to merchants. If we are unable to successfully compete, the demand for our platform and products could stagnate or substantially decline, and we could fail to retain or grow the number of consumers or merchants using our platform. This would likely reduce the attractiveness of our platform to other consumers and merchants, and materially and adversely affect our business, results of operations, financial condition, and prospects.

We are subject to a variety of laws, rules, directives, and regulations, as well as contractual obligations, relating to the processing of personal information, including personally identifiable information. The legal and regulatory environment relating to privacy and data protection laws continues to develop and evolve in ways we cannot predict, including with respect to technologies such as cloud computing, artificial intelligence, and machine learning. Any failure or alleged failure by us to comply with our privacy policies as communicated to customers or with privacy and data protection laws could result in proceedings or actions against us by data protection authorities, other government agencies, or others, which could subject us to significant fines, penalties, judgments, and negative publicity, require us to change our business practices, increase the costs and complexity of compliance, result in reputational harm, and materially harm our business. Compliance with inconsistent privacy and data protection laws may also restrict or limit our ability to provide products and services to our customers, or alternatively increase our costs in ways that could materially and adversely affect our financial position. We also use artificial intelligence and machine learning ("AI/ML"), including for fraud detection and credit risk analysis. If the AI/ML models are incorrectly designed, the data we use to train them is incomplete, inadequate, or biased in some way, or we do not have sufficient rights to use the data on which our AI/ML models rely, the performance of our products, services, and business, as well as our reputation, could suffer or we could incur liability through the violation of laws, third-party privacy, or other rights, or contracts to which we are a party. In addition, future privacy and data protection laws, rules, directives, and regulations may complicate or limit efforts to use data in connection with AI/ML. We publicly post policies and documentation regarding our practices concerning the processing of personal information. This publication of our privacy policy and other documentation that provide information about our privacy and security practices is required by applicable law and can subject us to proceedings and actions brought by data protection authorities, government entities, or others (including, potentially, in class action proceedings brought by individuals) if our policies are alleged to be deceptive, unfair, or misrepresentative of our actual practices. Although we endeavor to comply with our published policies and documentation consistent with applicable law, we may at times fail to do so or be alleged to have failed to do so. Furthermore, many jurisdictions in which we operate (and have operated in the past) globally have enacted, or are in the process of enacting, data privacy legislation or regulations aimed at creating and enhancing individual privacy rights. Numerous U.S. states have enacted or are in the process of enacting state level data privacy laws and regulations governing the collection, use, and retention of their residents' personal information, including the California Consumer Privacy Act, California Privacy Rights Act, Virginia Consumer Data Protection Act, Colorado Privacy Act, Utah Consumer Privacy Act, and Connecticut Data Privacy Act. Internationally, we are currently or have in the past been subject to the Canadian Personal Information Protection and Electronic Documents Act in Canada, and the General Data Protection Regulation in the EU. The continued proliferation of privacy laws in the jurisdictions in which we operate is likely to result in a disparate array of privacy rules with unaligned or conflicting provisions, accountability requirements, individual rights, and national or local enforcement powers, which could lead to increased regulatory scrutiny and business costs, or unintended consumer confusion. It may also increase our potential liability and may inhibit our operations to the extent that such requirements do not allow international transfers of personal information or otherwise restrict our processing of personal information or the availability of personal information to us. Our failure, or the failure of any third party with whom we conduct business, to comply with privacy and data protection laws could result in potentially significant regulatory investigations and government actions, litigation, fines, or sanctions, consumer, funding source, bank partner, or merchant actions, and damage to our reputation and brand, all of which could have a material adverse effect on our business. Complying with privacy and data protection laws and regulations may cause us to incur substantial operational costs or require us to change our business or privacy and security practices. We may not be successful in our efforts to achieve compliance either due to internal or external factors, such as resource allocation limitations or a lack of cooperation from third parties. We have in the past, and may in the future, receive complaints or notifications from third parties, including individuals, alleging that we have violated applicable privacy and data protection laws and regulations. Non-compliance could result in proceedings against us by governmental entities, consumers, data subjects, or others. We may also experience difficulty retaining or obtaining new consumers in these jurisdictions due to the legal requirements, compliance cost, potential risk exposure, and uncertainty for these entities, and we may experience significantly increased liability with respect to these consumers pursuant to the terms set forth in our agreements with them. Any claims regarding our inability to adequately address privacy and data protection concerns, even if unfounded, or to comply with applicable privacy and data protection laws, regulations, contractual requirements, and policies, could result in additional cost and liability to us, damage our reputation, and adversely affect our business. Privacy and data protection concerns, whether valid or not, may inhibit market adoption of our products and services, particularly in certain industries and jurisdictions. If we are not able to quickly adjust to changing laws, regulations, and standards related to the internet, our business may be harmed.

We maintain insurance we consider appropriate for our business needs. However, we may not be insured against all risks, either because appropriate coverage is not available or because we consider the applicable premiums and deductibles to be excessive in relation to the perceived benefits that would accrue. Accordingly, we may not be fully insured or insured at all against losses and liabilities that could unintentionally arise from our operations. The incurrence of uninsured or partially insured losses or liabilities could have a material adverse effect on our business, results of operations and financial condition.

Through the ordinary course of business, we collect, store, process, transfer, and use (collectively, "process") a wide range of confidential information, including personally identifiable information, for various purposes, including to follow government regulations and to provide services to our consumers and merchants. The information we collect may be sensitive in nature and subject to a variety of privacy, data protection, cybersecurity, and other laws and regulations. Due to the sensitivity and nature of the information we process, we and our third-party service providers may be the targets of, defend against and must regularly respond to cyberattacks, including from malware, phishing or ransomware, physical security breaches, or similar attacks or disruptions. Cyberattacks and similar disruptions may compromise or breach the Sezzle Platform and the protections we use to try to protect confidential information in our possession or control. Breaches of the Sezzle Platform or other Sezzle systems could result in the criminal or unauthorized use of confidential information and could disrupt our platform, result in the failure of our systems to operate as expected, negatively affect our users and merchants and, because the techniques for conducting cyberattacks are constantly evolving and may be supported by significant financial and technological resources (e.g., state-sponsored actors), we may be unable to anticipate these techniques, react in a timely manner, or implement adequate preventative or remedial measures. These risks also reside with third party service providers and partners with whom we conduct business. Our business could be materially and adversely impacted by security breaches of our systems and the data and information of merchants' and consumers' data and information. These events may cause significant disruption to our business and operations, cause our systems to fail to operate as expected, or expose us to reputational damage, loss of consumer confidence, legal claims, civil and criminal liability, constraints on our ability to continue operation, reduced demand for our products and services, termination of our contracts with merchants or third party service providers, and regulatory scrutiny and fines, any of which could materially adversely impact our financial performance and prospects. Any security or data issues experienced by other software companies or third-party service providers with whom we conduct business could diminish our customers' trust in providing us access to their personal data generally. Merchants and consumers that lose confidence in our security measures may be less willing to make payments on their loans or participate in the Sezzle Platform. In addition, our partners include credit bureaus, collection agencies and banking parties, each of whom operate in a highly regulated environment, and many laws and regulations that apply directly to them may apply directly or indirectly to us through our contractual arrangements with these partners. Federal, state and international laws or regulators, as well as our contractual partners, may require notice in event of a security breach that involves personally identifiable information, and these disclosures may result in negative publicity, loss of confidence in our security measures, regulatory or other investigations, the triggering of indemnification and other contractual obligations, and other adverse effects to our partner ecosystem and operations. We may also incur significant costs and loss of operational resources in connection with remediating, investigating, mitigating, or eliminating the causes of security breaches, cyberattacks, or similar disruptions after they have occurred, and particularly given the evolving nature of these risks, our incident response, disaster recovery, and business continuity planning may not sufficiently address all of these eventualities. The retention and coverage limits in our insurance policies may not be sufficient to reimburse the full cost of responding to and remediating the effects of a security breach, cyberattack, or similar disruption, and we may not be able to collect fully, if at all, under these insurance policies or to ensure that the insurer will not deny coverage as to any future claim.

Our business depends primarily on individual consumers transacting with our merchants through our Sezzle Platform, and the ability of those individual consumers to fully repay to us the resulting loans. These events can be affected by changes in general economic conditions. For example, the retail sector is affected by economic conditions such as unemployment, consumer confidence, actual or anticipated economic recessions, consumer debt, the availability of consumer credit, inflation and deflation, currency exchange rates, taxation, fuel and energy prices and interest rates, downturns or extended periods of uncertainty or volatility, all of which may influence consumer spending. In weaker economic environments, consumers may have less disposable income to spend and so may be less likely to purchase merchandise by utilizing our services. Alternatively, consumers may purchase merchandise but become unable or unwilling to repay loans, which would result in an increase of loans that will not be paid on time or at all.

We primarily operate in the United States and Canada, and are currently winding down and exiting operations in India, Brazil, and certain countries in Europe. The primary risks to our remaining international operations (including during the wind downs) will be affected by a number of factors, including: - currency controls, new currency adoptions and repatriation issues;- possible fraud or theft losses, and lack of compliance by international representatives in foreign legal jurisdictions where collection and legal enforcement may be difficult or costly;- reduced or no protection of our intellectual property rights;- unfavorable tax rules or trade barriers;- inability to secure, train or monitor international agents;- conformity of our platform with applicable business customs, including translation into foreign languages and associated expenses;- potential changes to our established business model;- the need to support and integrate with local vendors and service providers;- protection of our platform from cybersecurity threats and data privacy breaches;- competition with vendors and service providers that have greater experience in the local markets than we do or that have pre-existing relationships with potential consumers, merchants and investors in those markets; and - difficulties in staffing and managing foreign operations in an environment of diverse culture, laws, and consumers and merchants, and the increased travel, infrastructure, and legal and compliance costs associated with international operations. Given the limited ongoing scope of our international operations, the impacts and risks to our business arising from the Russian military activities in Ukraine were not material in 2022 or 2023, and are not anticipated to be material in the future. In addition, international operations may continue to expose us to numerous regulatory risks. We are subject to regulations relating to our corporate conduct and the conduct of our business, including securities laws, consumer protection laws, trade regulations, advertising regulations, privacy and cybersecurity laws, wage and hour regulations, anti-money laundering ("AML") laws and anti-corruption legislation. Certain jurisdictions have taken aggressive stances with respect to such matters and have implemented new initiatives and reforms, including more stringent regulations, disclosure and compliance requirements. Any violations of these regulations and requirements would likely have a material and adverse impact on our business and results of operations.

Our systems and operations are vulnerable to damage or interruption from fires, floods, power losses, telecommunications failures, strikes, health pandemics, and similar events. A significant natural disaster in locations in which we have employees, offices or other facilities could have a material adverse effect on our business, results of operations, financial condition, and prospects, and our insurance coverage may be insufficient to compensate us for losses that may occur. In addition, strikes, wars, terrorism, and other geopolitical unrest could cause disruptions in our business and lead to interruptions, delays, or loss of critical data. We may not have sufficient protection or an effective recovery plan in certain circumstances, and our business interruption insurance may be insufficient or inadequate to recoup losses that we incur from these occurrences.

There are instances in which our costs and revenues related to international operations are not able to be exactly matched with respect to currency denomination. Currency fluctuations cause the U.S. dollar value of our international results of operations and net assets to vary with exchange rate fluctuations. A decrease in the value of any of these currencies relative to the U.S. dollar could have a negative impact on our business, results of operations and financial condition. We may experience economic loss and a negative impact on earnings or net assets solely as a result of foreign currency exchange rate fluctuations. In the future, we may utilize derivative instruments to manage the risk of fluctuations in foreign currency exchange rates that could potentially impact our future earnings and forecasted cash flows. However, the markets in which we operate could restrict the removal or conversion of the local or foreign currency, resulting in our inability to hedge against some or all of these risks and/or increase our cost of conversion of local currency to U.S. dollar.