vendors that provide products and services for our operations, could also be a source of security risk to us in the event of a failure of their own security systems and infrastructure. Our network of business application providers could also be a source of vulnerability to the extent their business applications interface with ours, whether unintentionally or through a malicious backdoor. We cannot, in all instances, review the software code included in third-party integrations. Although we vet and oversee such vendors, we cannot be sure such vetting and oversight will be sufficient. We also exercise limited control over these vendors, which increases our vulnerability to problems with services they provide. Any errors, failures, interruptions or delays experienced in connection with these vendor technologies and information services or our own systems could negatively impact our relationships with partners and adversely affect our business and could expose us to liabilities. Because the techniques used to obtain unauthorized access, or to sabotage systems, change frequently and generally are not recognized until launched against a target, and may be difficult to detect for long periods of time, we or these third parties may be unable to anticipate these techniques or to implement adequate preventative measures. With the increasing frequency of cyber-related frauds to obtain inappropriate payments, we need to ensure our internal controls related to authorizing the transfer of funds are adequate. We may also be required to expend resources to remediate cyber-related incidents or to enhance and strengthen our cyber security. Any of these occurrences could create liability for us, put our reputation in jeopardy, and adversely impact our business.
Our customers provide us with information that our solutions store, some of which is sensitive or confidential information about them or their financial transactions. In addition, we store personal information about our employees and, to a lesser extent, those who purchase products or services from our customers. We have security systems and information technology infrastructure designed to protect against unauthorized access to and disclosure of such information. The security systems and infrastructure we maintain may not be successful in protecting against all security breaches and cyber-attacks, including ransomware and phishing attacks, social-engineering attacks, computer
break-ins,
theft, fraud, misappropriation, misuse,
attacks and other improper activity. Threats to our information technology security can take various forms, including viruses, worms, and other malicious software programs that attempt to attack our solutions or platform or to gain access to the data of our customers or their customers.
Non-technical
means, for example, actions or omissions by an employee or trespasser, can also result in a security breach. Any significant violations of data privacy could result in the loss of business, litigation, regulatory fines or investigations, loss of customers, and penalties that could damage our reputation and adversely affect the growth of our business. In addition, we maintain liability insurance coverage, including coverage for cyber-liability. It is possible, however, that claims could be denied or exceed the amount of our applicable insurance coverage, if any, or that this coverage may not continue to be available on acceptable terms or in sufficient amounts. Even if these claims do not result in liability to us, investigating and defending against them could be expensive and time consuming and could divert management’s attention away from our operations. In addition, negative publicity caused by these events may negatively impact our customer relationships, market acceptance of our solutions, including unrelated solutions, or our reputation and business.
Real or perceived failures in our solutions, an inability to meet contractual service levels, or unsatisfactory performance of our products, could adversely affect our business, results of operations and financial condition.
Because we offer solutions that operate in complex environments, undetected errors or failures may exist or occur, especially when solutions are first introduced or when new versions are released, implemented or integrated into other systems. Our solutions are often used in large-scale computing environments with different operating systems, system management software and equipment and networking configurations, which may cause errors or failures in our solutions or may expose undetected errors, failures or bugs in our solutions. Despite testing by us, we may not identify all errors, failures or bugs in new solutions or releases until after commencement of commercial sales or installation. In the past, we have discovered errors, failures and bugs in some of our solutions after their introduction. We may not be able to fix errors, failures and bugs without incurring significant costs or an adverse impact to our business. The occurrence of errors in our solutions or the detection of bugs by our customers may damage our reputation in the market and our relationships with our
existing customers, and as a result, we may be unable to attract or retain customers. We believe that our reputation and name recognition are critical factors in our ability to compete and generate additional sales. Promotion and enhancement of our name will depend largely on our success in continuing to provide effective solutions and services. The failure to do so may result in the loss of, or delay in, market acceptance of our solutions and services, which could adversely impact our sales, results of operations and financial condition.
The license and support of our software creates the risk of significant liability claims against us. Our SaaS arrangements and licenses with our customers contain provisions designed to limit our exposure to potential liability claims. It is possible, however, that the limitation of liability provisions contained in such agreements may not be enforced as a result of international, federal, state and local laws or ordinances or unfavorable judicial decisions. Breach of warranty or damage liability, or injunctive relief resulting from such claims, could adversely impact our results of operations and financial condition.
Some of our services and technologies use “open source” software, which may restrict how we use or distribute our services or require that we release the source code of certain products subject to those licenses.
Some of our services and technologies incorporate software licensed under
so-called
“open source” licenses. In addition to risks related to license requirements, usage of open source software can lead to greater risks than use of third-party commercial software, as open source licensors generally do not provide warranties or controls on origin of the software. Additionally, some open source licenses require that source code subject to the license be made available to the public and that any modifications or derivative works to open source software continue to be licensed under open source licenses. These open source licenses typically mandate that proprietary software, when combined in specific ways with open source software, become subject to the open source license. If we combine our proprietary software with open source software, we could be required to release the source code of our proprietary software.
We take steps to ensure that our proprietary software is not combined with, and does not incorporate, open source software in ways that would require our proprietary software to be subject to many of the restrictions in an open source license. However, few courts have interpreted open source licenses, and the manner in which these licenses may be interpreted and enforced is therefore subject to some uncertainty. Additionally, we rely on hundreds of software programmers to design our proprietary technologies, and although we take steps to prevent our programmers from including objectionable open source software in the technologies and software code that they design, write and modify, we do not exercise complete control over the development efforts of our programmers and we cannot be certain that our programmers have not incorporated such open source software into our proprietary products and technologies or that they will not do so in the future. In the event that portions of our proprietary technology are determined to be subject to an open source license, we could be required to publicly release the affected portions of our source code,
re-engineer
all or a portion of our technologies, or otherwise be limited in the licensing of our technologies, each of which could reduce or eliminate the value of our services and technologies and materially and adversely affect our business, results of operations, and prospects.
In the past, companies that have incorporated open source software into their products have faced claims challenging the ownership of open source software or compliance with open source license terms. Accordingly, we could be subject to suits by parties claiming ownership of what we believe to be open source software or claiming noncompliance with open source licensing terms.
Any disruption of our, our third-party service providers’ or our customers’ Internet connections could affect the success of our SaaS solutions.
Any system failure, including network, software or hardware failure, that causes an interruption in our or our third-party service providers’ network or a decrease in the responsiveness of our website or our SaaS solutions could result in reduced user traffic, reduced revenue and potential breaches of our SaaS arrangements.
Continued growth in Internet usage could cause a decrease in the quality of Internet connection services. Websites have experienced service interruptions as a result of outages and other delays occurring throughout the worldwide Internet network infrastructure. In addition, there have been several incidents in which individuals have intentionally caused service disruptions of major
e-commerce
websites. If these outages, delays or service disruptions occur frequently in the future, usage of our
web-based
services could grow more slowly than anticipated or decline and we may lose customers and revenue. In addition, our users depend on Internet service providers, online service providers and other website operators for access to our website. These providers could experience outages, delays and other difficulties due to system failures unrelated to our systems. Any of these events could adversely impact our business, results of operations and financial condition.
There may be adverse tax and/or employment law consequences if the independent contractor status of our consultants or the exempt status of our employees is successfully challenged.
We rely on independent third parties to provide certain services to us. We structure our relationships with these outside service providers in a manner that we believe results in an independent contractor relationship, not an employee relationship. Although we believe that we have properly classified these outside service providers as independent contractors, there is nevertheless a risk that the Internal Revenue Service (“IRS”) or another federal, state, or foreign authority will take a different view. Furthermore, the tests governing the determination of whether an individual is considered to be an independent contractor or an employee are typically fact sensitive and vary from jurisdiction to jurisdiction. Laws and regulations that govern the status and misclassification of independent contractors are subject to change or interpretation by various authorities, and it is possible that additional federal or state legislation on worker classification may be passed in the future. If a federal, state or foreign authority or court enacts legislation or adopts regulations that change the manner in which employees and independent contractors are classified or makes any adverse determination with respect to some or all of our independent contractors, we could incur significant costs under such laws and regulations, including in respect of wages, tax withholding, social security taxes or payments, workers’ compensation and unemployment contributions, and recordkeeping for both prior and future periods, or we may be required to modify our business model, any of which could materially affect our business, financial condition and results of operations. There is also a risk that we may be subject to significant monetary liabilities arising from fines or judgments as a result of any actual or alleged
non-compliance
with federal, state or foreign laws. Further, if it were determined that any of our independent contractors should be treated as employees, we could incur additional liabilities under our applicable employee benefit plans. In addition, we have classified many of our U.S. employees as “exempt” under the Fair Labor Standards Act (“FLSA”) and corresponding state laws. If it were determined that any of our U.S. employees who we have classified as “exempt” should be classified as
“non-exempt”
under the FLSA or similar state law, we may incur costs and liabilities for back wages, unpaid overtime, fines or penalties and be subject to employee litigation. We have in the past, and may in the future, face claims alleging that employees and/or former employees are or were misclassified as exempt from the overtime pay requirements of the FLSA and therefore entitled to unpaid overtime pay for hours worked in excess of forty (40) hours per week.
We may acquire or invest in companies, or pursue business partnerships, which may divert our management’s attention or result in dilution to our stockholders, and we may be unable to integrate acquired businesses and technologies successfully or achieve the expected benefits of such acquisitions, investments or partnerships.
We expect to continue to grow, in part, by making targeted acquisitions in addition to our organic growth strategy. Our business strategy includes the potential acquisition of shares or assets of companies with software, technologies or businesses complementary to ours, both domestically and globally. Our strategy also includes alliances with such companies. Acquisitions and alliances may result in unforeseen operating difficulties and expenditures and may not result in the benefits anticipated by such corporate activity.
In particular, we may fail to assimilate or integrate the businesses, technologies, services, products, personnel or operations of the acquired companies, retain key personnel necessary to favorably execute the combined companies’ business plan, or retain existing customers or sell acquired products to new customers.
Additionally, the assumptions we use to evaluate acquisition opportunities may not prove to be accurate, and intended benefits may not be realized. Our due diligence investigations may fail to identify all of the problems, liabilities or other challenges associated with an acquired business which could result in increased risk of unanticipated or unknown issues or liabilities, including with respect to environmental, competition and other regulatory matters, and our mitigation strategies for such risks that are identified may not be effective. As a result, we may overpay for, or otherwise not achieve some or any of the benefits, including anticipated synergies or accretion to earnings, that we expect to achieve in connection with our acquisitions, we may not accurately anticipate the fixed and other costs associated with such acquisitions, or the business may not achieve the performance we anticipated, any of which may materially adversely affect our business, prospects, financial condition, results of operations, cash flows, as well as our stock price. Further, if we fail to achieve the expected synergies from our acquisitions and alliances, we may experience impairment charges with respect to goodwill, intangible assets or other items, particularly if business performance declines or expected growth is not realized. Any future impairment of our goodwill or other intangible assets could have an adverse effect on our financial condition and results of operations.
Acquisitions and alliances may also disrupt our ongoing business, divert our resources and require significant management attention that would otherwise be available for ongoing development of our current business. In addition, we may be required to make additional capital investments or undertake remediation efforts to ensure the success of our acquisitions, which may reduce the benefits of such acquisitions. We also may be required to use a substantial amount of our cash or issue debt or equity securities to complete an acquisition or realize the potential of an alliance, which could deplete our cash reserves and/or dilute our existing stockholders and newly-issued securities may have rights, preferences or privileges senior to those of existing stockholders. Following an acquisition or the establishment of an alliance offering new solutions, we may be required to defer the recognition of revenue that we receive from the sale of solutions that we acquired or that result from the alliance, or from the sale of a bundle of solutions that includes such new solutions. In addition, our ability to maintain favorable pricing of new solutions may be challenging if we bundle such solutions with sales of existing solutions. A delay in the recognition of revenue from sales of acquired or alliance solutions, or reduced pricing due to bundled sales, may cause fluctuations in our quarterly financial results, may adversely affect our operating margins and may reduce the benefits of such acquisitions or alliances.
Additionally, competition within the software industry for acquisitions of businesses, technologies and assets has been, and is expected to continue to be, intense. Acquisitions could become the target of regulatory reviews, which could lead to increased legal costs, or could potentially jeopardize the consummation of the acquisition. As such, even if we are able to identify an acquisition that we would like to pursue, the target may be acquired by another strategic buyer or financial buyer such as a private equity firm, or we may otherwise not be able to complete the acquisition on commercially reasonable terms, if at all.
Corporate responsibility, specifically related to environmental, social and governance matters, may impose additional costs and expose us to new risks.
Public ESG and sustainability reporting is becoming more broadly expected by investors, shareholders and other third parties. Certain organizations that provide corporate governance and other corporate risk information to investors and shareholders have developed, and others may in the future develop, scores and ratings to evaluate companies and investment funds based upon ESG or “sustainability” metrics. Many investment funds focus on positive ESG business practices and sustainability scores when making investments and may consider a company’s ESG or sustainability scores as a reputational or other factor in making an investment decision. In addition, investors, particularly institutional investors, use these scores to benchmark companies against their peers and if a company is perceived as lagging, these investors may engage with such company to improve ESG disclosure or performance and may also make voting decisions, or take other actions, to hold these corporations and their boards of directors accountable. Additionally, credit rating agencies may use these scores, or their own scores and ratings, as a consideration in their evaluation of our credit risk. If our credit rating is downgraded on the basis of ESG or “sustainability” metrics, we may face increased costs of capital. We may face reputational
damage in the event our corporate responsibility initiatives or objectives, including with respect to diversity and inclusion, do not meet the standards set by our investors, shareholders, lawmakers, listing exchanges, credit rating agencies or other constituencies, or if we are unable to achieve an acceptable ESG or sustainability rating from third-party rating services. A low ESG or sustainability rating by a third-party rating service could also result in the exclusion of our ordinary shares from consideration by certain investors who may elect to invest with our competition instead. Ongoing focus on corporate responsibility matters by investors and other parties as described above may impose additional costs or expose us to new risks.
We evaluate our capital structure from time to time and may seek to repurchase our securities, refinance our indebtedness or raise debt or equity to finance our operations. However, we may not be able to do so when desired on favorable terms, if at all, or without dilution to our stockholders and we may not realize the anticipated benefits of these transactions.
We may seek to repurchase our securities, refinance our indebtedness or may need to obtain additional financing to execute on our current or future business strategies, including to develop new or enhance existing solutions, acquire businesses and technologies or otherwise respond to competitive pressures. We may not be successful in managing our capital structure through these scenarios, or they may have an adverse impact on our financial position or the price of our Common Stock. Our ability to raise capital in the future may be limited, and if we fail to raise capital when needed, we could be prevented from growing and executing our business strategy.
If we raise additional funds through the issuance of equity or convertible debt securities, the percentage ownership of our stockholders could be significantly diluted. If we accumulate additional funds through debt financing, a substantial portion of our operating cash flow may be dedicated to the payment of principal and interest on such indebtedness, thus limiting funds available for our business activities. We cannot assure stockholders that additional financing will be available on terms favorable to us, or at all. If adequate funds are not available or are not available on acceptable terms, when we desire them, our ability to fund our operations, take advantage of unanticipated opportunities, develop or enhance our solutions, invest in future growth opportunities or otherwise respond to competitive pressures would be significantly limited. Any of these factors could adversely impact our results of operations.
We rely on information systems in managing our operations and any system failure or deficiencies of such systems may have an adverse impact on our business.
We rely on our financial, accounting, compliance and other data processing systems, and those of our third-party vendors or service providers who support these functions. Any failure or interruption of these systems, whether caused by fire, other natural disaster, power or telecommunications failure, act of terrorism or war, system modification or upgrade, or otherwise, could materially adversely affect our business. Although
back-up
systems are in place, our
back-up
procedures and capabilities in the event of a failure or interruption may not be adequate.
We are engaged in an implementation of a new billing system. Such an implementation is a major undertaking from a financial, management, and personnel perspective. The implementation of the billing system may prove to be more difficult, costly, or time consuming than expected, and there can be no assurance that this system will continue to be beneficial to the extent anticipated. Any disruptions, delays or deficiencies in the design and implementation of our new billing system could adversely affect our ability to process orders, send invoices, produce financial reports, or otherwise operate our business. If we are unable to implement the billing system smoothly or successfully, or we otherwise do not capture anticipated benefits, our business, results of operations and financial condition for future periods could be adversely impacted.
Failure to comply with the CCPA, CPRA, GDPR, FCRA or other data privacy legislation could subject us to fines, sanctions or litigation, and could potentially damage our brand and reputation and adversely impact our business, results of operations or financial condition.
Data privacy legislation, enforcement and policy activity are rapidly expanding around the world and creating a complex data privacy compliance environment that poses greater compliance risks and costs, as well as the potential for high profile negative publicity in the event of any data breach. The vast majority of our customers are subject to many privacy and data protection laws and regulations in the U.S. and around the world, and we have also agreed in our contracts with certain of our customers to additional data privacy compliance obligations related to data privacy laws and regulations that may be applicable to them. Some of these privacy and data protection laws and regulations place restrictions on our ability to process personal information across our business.
For example, the California Consumer Privacy Act (“CCPA”), which went into effect on January 1, 2020, imposes a number of privacy and security obligations on companies who collect, use, disclose, or otherwise process personal information of California residents. The CCPA created an expanded definition of personal information, established certain new data privacy rights for California residents and created a new and potentially severe statutory damages framework and private rights of action for violations of the CCPA, including for failing to implement reasonable security procedures and practices to prevent data breaches. In November 2020, California voters passed the California Privacy Rights Act (the “CPRA”). The CPRA, which is expected to take effect on January 1, 2023, will significantly expand the CCPA, including by introducing additional data protection obligations such as data minimization and storage limitations, granting additional rights to consumers such as correction of personal information and additional
opt-out
rights, and creating a new entity to implement and enforce the CPRA. While we do not yet know the extent of the impact the CPRA will have on our business or operations, such laws will require us to modify our data processing practices and policies in certain respects. The uncertainty and evolving legal requirements in California and other jurisdictions may increase the cost of compliance, restrict our ability to offer services in certain locations or subject us to sanctions by federal, regional, state, local and international data protection regulators, all of which could adversely impact our business, results of operations or financial condition.
In addition, the GDPR took direct effect across the EU member states on May 25, 2018. The GDPR seeks to harmonize national data protection laws across the EU, while at the same time, modernizing the law to address new technological developments. Compared to the previous EU data protection laws, the GDPR notably has a greater extra-territorial reach and has a significant impact on data controllers and data processors which either have an establishment in the EU, or offer goods or services to EU data subjects or monitor EU data subjects’ behavior within the EU. The regime imposes more stringent operational requirements on both data controllers and data processors, and introduces significant penalties for
non-compliance
with fines of up to 4% of total annual worldwide turnover or €20 million (whichever is higher), depending on the type and severity of the breach. Although our presence in Europe is currently in the early stages of expansion, and we have taken and will continue to take steps to comply with the EU data privacy legislation, there are a significant number of obligations under the GDPR, many of which are operational, and compliance is an ongoing exercise which is never complete. We are aware that we need to monitor the latest legal and regulatory developments, which may involve compliance costs to address any changes required. We may also experience hesitancy, reluctance, refusal or other challenges engaging with European or multi-national customers due to the potential risk exposure, cost, or difficulty in demonstrating to our customers that the Company is in compliance with various regulatory requirements.
Furthermore, the Fair Credit Reporting Act (“FCRA”) may one day limit how we use consumer information. The federal law was passed in 1970 to provide consumers with protections relating to the consumer information held by credit reporting agencies. Although we do not believe we are currently subject to the FCRA, we may be in the future, depending on changes to our products and services or on additional legislative or regulatory efforts
that could further regulate credit reporting agencies and the collection, use, communication, access, accuracy, obsolescence, sharing, correction and security of such personal information. Similar initiatives are underway in other countries.
Although we take reasonable efforts to comply with all applicable laws and regulations and have invested and continue to invest human and technology resources into data privacy compliance efforts, there can be no assurance that we will not be subject to regulatory action, including fines, audits or investigations by government agencies relating to our compliance with these laws and regulations. An adverse outcome under any such investigation or audit could result in fines, penalties, other liability, adverse publicity, or a loss of reputation, and could adversely affect our business. Moreover, we or our third-party service providers could be adversely affected if legislation or regulations are expanded to require changes in our or our third-party service providers’ business practices or if governing jurisdictions interpret or implement their legislation or regulations in a manner that is adverse to our business, such as by expanding data privacy-related liability into areas to which we and our third-party service providers currently do not and previously did not have exposure, consequently increasing the compliance-related costs borne by us and our third-party service providers.
The current data protection landscape may subject us and our third-party service providers to greater risk of potential inquiries and/or enforcement actions. For example, we may find it necessary to establish alternative systems to collect, use, share, retain and safeguard personal information originating from the European Economic Area and caught by the extra-territorial reach of the GDPR, which may involve substantial expense and may cause us to divert resources from other aspects of our business, all of which may adversely affect our results from operations. Further, any inability to adequately address privacy concerns in connection with our SaaS solutions, or comply with applicable privacy or data protection laws, regulations and policies, could result in additional cost and liability to us, and adversely affect our ability to offer SaaS solutions.
Further changes to data privacy legislation may substantially increase the penalties to which we could be subject in the event of any
non-compliance.
We may incur substantial expense in complying with the new obligations to be imposed by new regulations and we may be required to make significant changes to our solutions and expanding business operations, all of which may adversely affect our business, results of operations or financial condition.
The enactment of new data privacy legislation and evolution of current privacy legislation could cause us to incur incremental cost and liability, adversely affecting our business operations and ability to deliver our
As we continue to focus on our SaaS solutions, the amount of personal information we or our third-party cloud providers collect, use, disclose, or otherwise process will likely continue to increase significantly. In addition, a limited number of our solutions collect, use, disclose, or otherwise process transaction-level data aggregated across our customers. We anticipate that over time we will expand our use and collection of personal information as greater amounts of such personal information may be transferred from our customers to us. We recognize that personal privacy has become a significant issue in the U.S., and other jurisdictions where we operate. Many federal, regional, state, local and international legislatures and government agencies have imposed or are considering imposing restrictions and requirements regarding the collection, use, disclosure, and processing of personal data, including the CPRA.
Changes to laws or regulations affecting privacy could impose additional costs and liabilities, including fines, sanctions or other penalties on us and our third-party service providers, which could materially and adversely affect results of operations, business and reputation and could limit our ability to use such information to add value for customers. If we are required to change our business activities or revise or eliminate services, or to implement burdensome compliance measures, our business and results of operations could be adversely impacted. Such changes are a possibility, especially given that consumer advocates, media and elected officials, among others, have increasingly publicly criticized data-focused companies and industries regarding their
collection, storage and use of personal data. Additionally, in the case of information from our websites and
web-based
services that is stored with third-party cloud providers that we do not control, our third-party cloud providers may not adequately implement compliance measures concerning the privacy and/or security of any stored personal information. We may be subject to fines, penalties and potential litigation if we or our third-party cloud providers fail to comply with applicable privacy and/or data security laws, regulations, standards and other requirements and the costs of compliance with and other burdens imposed by privacy-related laws, regulations and standards may limit the use and adoption of our solutions and reduce their overall demand for our solutions. Furthermore, any determination by a court or agency that our data practices, products or services violate, or cause our customers to violate, applicable laws, regulations or other requirements could subject us or our customers to civil or criminal penalties. Such a determination also could require us to modify or terminate portions of our business, disqualify us from serving certain customers or cause us to refund some or all of our fees or otherwise compensate our customers, or alter our business practices, potentially at great expense.
Furthermore, concerns regarding data privacy and/or security may cause our customers and
end-users
to resist providing the data and information necessary to use our solutions effectively. Even the perception that the privacy and/or security of personal information is not satisfactorily managed, or does not meet applicable legal, regulatory and other requirements, could inhibit sales or adoption of our solutions, or could give rise to private class action, or claims by regulators, in each case potentially resulting in a negative impact on our sales and results from operations.
Changes in tax laws or adverse outcomes resulting from examination of our income tax returns could adversely affect our results of operations.
We are subject to federal, state and local income taxes in the U.S. and in foreign jurisdictions. Our future effective tax rates and the value of our deferred tax assets could be adversely affected by changes in tax laws, including impacts of the Tax Cuts and Jobs Act (the “Tax Act”) enacted in December 2017, and the Coronavirus Aid, Relief, and Economic Security Act (also known as the “CARES Act”), the consequences of which have not yet been fully determined. The U.S. Treasury Department and the Internal Revenue Service are expected to continue to interpret or issue guidance on how provisions of the Tax Act, will be applied or otherwise administered. As guidance is issued, we may make adjustments to amounts that we have previously recorded that may materially impact our financial statements in the period in which the adjustments are made, and the amount of taxes that we may be required to pay could significantly increase.
Further, we are subject to the examination of our income tax returns by the Internal Revenue Service and other tax authorities. We regularly assess the likelihood of adverse outcomes resulting from such examinations to determine the adequacy of our provision for income taxes. Although we believe we have made appropriate provisions for taxes in the jurisdictions in which we operate, changes in the tax laws or challenges from tax authorities under existing tax laws could adversely affect our business, financial condition and results of operations.
Future government regulation of the Internet could create incremental costs or business disruption, harming our results of operations.
The future success of our business depends upon the continued use of the Internet as a primary medium for commerce, communication and business services. Because of the Internet’s popularity and increasing use, federal, state or foreign government bodies or agencies have adopted, and may in the future adopt, laws or regulations affecting the use of the Internet as a commercial medium. These laws and regulations cover issues such as the collection and use of data from website visitors and related privacy issues; pricing; taxation; telecommunications over the Internet; content; copyrights; distribution; and domain name piracy. The enactment of any additional laws or regulations of the Internet, including international laws and regulations, could impede the growth of subscription revenue and place additional financial burdens on our business.
Changes to financial accounting standards may affect our results of operations and could cause us to change our business practices. The nature of our business requires the application of accounting guidance that requires management to make estimates and assumptions. Additionally, changes in accounting guidance may cause us to experience greater volatility in our quarterly and annual results. If we are unsuccessful in adapting to the requirements of new guidance, or in clearly explaining to stockholders how new guidance affects reporting of our results of operations, our stock price may decline.
We prepare our consolidated financial statements to conform to U.S. Generally Accepted Accounting Principles (“GAAP”). These accounting principles are subject to interpretation by the SEC, FASB, and various bodies formed to interpret and create accounting rules and regulations. Recent accounting standards, such as Accounting Standards Codification (“ASC”) 842, Leases (“ASC 842”), which we adopted in fiscal year 2021, or the guidance relating to interpretation and adoption of standards could have a significant effect on our financial results and could affect our business. Additionally, the FASB and the SEC are focused on the integrity of financial reporting, and our accounting policies are subject to scrutiny by regulators and the public.
We cannot predict the impact of future changes to accounting principles or our accounting policies on our financial statements going forward. If we are not able to successfully adopt to new accounting requirements, or if changes to our
strategy create new risks, then we may experience greater volatility in our quarterly and annual results, which may cause our stock price to decline.
In addition, GAAP requires management to make estimates and assumptions that affect the amounts reported in the consolidated financial statements. We base our estimates on historical experience and on various other assumptions that we believe to be reasonable under the circumstances, the results of which form the basis for making judgments about the carrying values of assets, liabilities, equity, revenue, and expenses that are not readily apparent from other sources.
Further, some accounting standards require significant judgment and estimates that impact our results of operations. The use of judgment and estimates can potentially result in differences between forecast figures and subsequently reported actual amounts, which may cause volatility in our stock price.
We are currently, and have been in the past, a party to litigation, which could result in damage to our reputation and harm our future results of operations.
From time to time, we may become involved in legal proceedings or be subject to claims arising in the ordinary course of our business. Litigation might result in substantial costs and may divert management’s attention and resources, which might harm our business, financial condition, and results of operations. For example, we have been named as
co-defendants
or as the primary defendant in several putative class action lawsuits, which generally allege that the total loss vehicle valuation generated by the Company’s total loss valuation solution undervalues the actual total loss incurred by the insured and improper adjustment of claims by insurance carriers. While we believe that we can partially mitigate the risk and severity of exposure from these lawsuits through contractual provisions in certain of our agreements with insurance carriers, and carrying our own insurance that we believe is adequate to cover adverse claims arising from these lawsuits or similar lawsuits that may be brought against us, we may not have adequate contractual protection in all of our contracts and defending these and similar litigation is costly, diverts management from
operations, and could harm our brand and reputation. As a result, we may ultimately be subject to a damages judgment, which could be significant and exceed our insurance policy limits or otherwise be excluded from coverage.
Regardless of the outcome of any existing or future litigation, litigation can have an adverse impact on us because of defense and settlement costs, diversion of management resources, harm to our reputation, and other factors. See “Business—Legal Proceedings.”
Reliance on Third Parties and Key Personnel Risk Factors
If we are unable to retain our personnel and hire and integrate additional skilled personnel, we may be unable to achieve our goals and our business may suffer.
Our future success depends upon our ability to continue to attract, train, integrate and retain highly skilled employees, particularly those on our management team, and our sales and marketing personnel, SaaS operations personnel, professional services personnel and software engineers. Additionally, our stakeholders increasingly expect us to have a culture that embraces diversity and inclusion in the workplace. Our inability to attract and retain diverse and qualified personnel, or delays in hiring required personnel, including attrition, retention and delay issues due to
COVID-19
and other macroeconomic factors, may adversely impact our business, results of operations and financial condition. If U.S. immigration policy related to skilled foreign workers were materially adjusted, such a change could hamper our efforts to hire highly skilled foreign employees, including highly specialized engineers, which would adversely impact our business.
Our executive officers and other key employees are generally employed on an
at-will
basis, which means that these personnel could terminate their relationship with us at any time. The loss of any member of our senior management team could significantly delay or prevent us from achieving our business and/or development objectives and could materially impact our business.
We face competition for qualified individuals from numerous software and other technology companies. Further, significant amounts of time and resources are required to train technical, sales, services and other personnel. We may incur significant costs to attract, train and retain such personnel, and we may lose new employees to our competitors or other technology companies before we realize the benefit of our investment after recruiting and training them.
To the extent that we hire personnel from competitors, we may be subject to allegations that such personnel are restricted from working for us because of their
non-competition
or
non-solicitation
obligations to these competitors, have been improperly solicited or have divulged proprietary or other confidential information. In addition, we have a limited number of sales people and the loss of several sales people within a short period of time could have a negative impact on our sales efforts. We may be unable to attract and retain suitably qualified individuals who are capable of meeting our growing technical, operational and managerial requirements, or we may be required to pay increased compensation in order to do so.
Our ability to expand geographically depends, in large part, on our ability to attract, retain and integrate managers to lead the local business and employees with the appropriate skills. Similarly, our profitability depends on our ability to effectively utilize personnel with the right mix of skills and experience to perform services for our customers, including our ability to transition employees to new assignments on a timely basis. If we are unable to effectively deploy our employees on a timely basis to fulfill the needs of our customers, our reputation could suffer and our ability to attract new customers may be adversely impacted.
Because of the technical nature of our solutions and the dynamic market in which we compete, any failure to attract, integrate and retain qualified sales and product development personnel, as well as our contract workers, could adversely impact our ability to generate sales or successfully develop new solutions and enhancements of existing solutions.
We rely on third-party service providers, including third-party cloud providers, to host and deliver our websites,
web-based
solutions, and other information technology systems and any interruptions or delays in these services could negatively impact our business.
We currently serve our customers from third-party data center and cloud hosting facilities. Our operations depend in part on these third-party providers’ ability to protect these facilities against damage or interruption from natural disasters, power or telecommunications failures, criminal acts, and similar events. In the event that our arrangements with these third-party providers are terminated, or if there are any lapses of service or damage