Investing in our common stock involves a high degree of risk. You should carefully consider the risks and uncertainties described below, together with all of the other information contained in this prospectus, including our consolidated financial statements and the related notes thereto and Management’s Discussion and Analysis of Financial Condition and Results of Operations, before making investment decisions related to our common stock. The risks and uncertainties described below are not the only ones we face. The risks of investing in our common stock may change over time, and additional risks and uncertainties that we are unaware of, or that we currently believe are not material, may also become important factors that affect us. Accordingly, you are advised to consider additional sources of information and exercise your own judgment in addition to the information we provide. If any of the following or other risks occur, our business, financial condition, operating results, growth, ability to accomplish our strategic objectives, reputation and prospects could be materially and adversely affected. In that event, the price of our common stock could decline, and you could lose all or part of your investment. See “Forward-Looking Statements.”
Risks Related to Our Business Operations
We have no assurance of future business from any of our customers.
We estimate future revenue associated with customers and customer prospects for purposes of financial planning and measurement of our sales pipeline, but we have no contractual assurance of any revenue from any of our customers. Although our customers typically enter into multi-year contracts with us, they are not required to purchase any minimum amounts of services from us, and may stop doing business with us for any reason at any time without notice or penalty. Many of our larger customers maintain simultaneous relationships with our competitors, which makes it easy for them to shift their business away from us if they choose to do so.
There is no guarantee that we will be able to implement newly contracted customers successfully, retain or renew existing agreements, maintain relationships with any of our customers or business partners on acceptable terms or at all, or collect amounts owed to us from insolvent customers or business partners. The loss of any of our large customers could have a material adverse impact on our business.
We rely upon third parties for the data we need to deliver our services.
Our background screening reports are made up of information that we acquire about consumers from a wide variety of sources. We obtain information from public sources, including courts, law enforcement agencies, motor vehicle departments, and other governmental authorities, and from private sources including credit bureaus, other aggregators, and private suppliers that execute local courthouse searches.
Public data sources are subject to significant and growing social and political pressures to protect the data privacy rights of persons whose data they are providing, including by limiting the data that those public sources provide. For example, some courts are limiting or eliminating access to the date of birth information in their criminal records, which makes it more difficult to match criminal histories to the correct individuals. Private data sources may be subject to regulatory requirements over their use of data and typically have significant motivations to protect their proprietary data aggregation techniques. As a result, as a condition of providing their data to us, our suppliers impose significant requirements and restrictions on our use and handling of such data and routinely audit us to ensure our compliance. If, through error or oversight, or for any other reason, we fail to adhere to their requirements and restrictions, we could lose access to important data sources, which would compromise our competitive position and prevent us from delivering on all of the services our customers expect.
In general, the data we obtain and reflect in the reports we provide to customers is equally available to our competitors. Therefore, our competitive advantages derive from our decisions about which available data we obtain and how efficiently and effectively we ingest, process, and utilize that data to produce timely, accurate, compliant, and actionable information to our customers. We differentiate ourselves in the market with a number of proprietary databases we have built using data from public sources or commercial counterparties, including broad criminal records databases and sector-specific databases serving the transportation, retail, and gig economy markets. We do not own the data but we consider the databases to be proprietary to us because we have built the database structures
and the technology and processes by which the data elements are gathered and processed to produce reports for our customers. If we lose access to the information we use to populate these databases, or our uses of that information are restricted in ways that limit the utility of these databases, we may lose an important source of competitive differentiation.
Finally, we are responsible for the accuracy of the reports we prepare and could incur significant liability to our customers, consumers, and regulators, as well as reputational harm, if inaccuracies or omissions in information provided to us by third parties are reflected in the reports we deliver to our customers. We seek to secure contractual indemnities from our data sources, but public data sources generally do not accept liability for errors in their data and private data sources may have enough negotiating leverage to limit their liability to us for their own errors. Smaller providers may not have the resources to fund their indemnity obligations.
We rely upon third-party contractors to help us fulfill our service obligations to our customers.
In addition to relying on third-party sources for our data, we use third-party service providers to supplement our own staff and help us deliver our services. These service providers include business process outsourcing companies, court runners, and providers of additional assorted services, such as drug and health screening. These third parties enable us to adjust our staffing to changes in our order flow, and to access additional sources of information (such as local courthouses), and operate certain facilities (such as medical testing or fingerprinting sites) that we cannot access efficiently using our own personnel. While we impose various standards and requirements on these third parties, they are more difficult to monitor and control than our own personnel. Furthermore, these third parties can become unavailable to us for various reasons or increase their pricing, which can disrupt the processing of customer orders and increase our costs.
There is no assurance that these third-party service providers will maintain the standards that we require of our own personnel. We are responsible to our customers for the acts and omissions of our contractors and we could incur significant liability to our customers, consumers, and regulators, as well as reputational harm, as a result of errors by contractors engaged in helping us deliver our services. While we seek to secure contractual indemnities from our contractors, such indemnities may be limited or unavailable.
The COVID-19 pandemic further exacerbated the risks associated with our use of third-party service providers, as large portions of the staffing provided by our business process outsourcing providers were forced to temporarily suspend services or transition to work from home set-ups as a result of the stay-at-home orders and quarantines. The infrastructure and procedures that we needed to put in place to support a work from home set-up and to coordinate efficiently and effectively with our third-party contractors required significant costs and time. As a result, we suffered significant losses of processing capacity and prolonged turnaround times for orders. Further, our costs increased as we turned to higher-cost labor sources to compensate. There are no assurances that the procedures we developed during the COVID-19 pandemic will suffice for future calamitous events. Future global economic slowdown could also adversely affect the businesses of our third-party providers, hindering their ability to provide the services on which we rely. Additional costs and further losses as a result of the pandemic may continue; any escalation of the pandemic may result in reduced access to these third-party providers. Further, our efforts to manage these kinds of exigencies through business continuity and disaster recovery planning may not be effective.
Cost increases, failure, or termination by our third-party data and services providers could impair the effectiveness and competitiveness of our services.
Our agreements with many of our data suppliers may be terminated by the supplier for various reasons, including our failure to comply with stringent and evolving data protection requirements or changes in the supplier’s business model. Some data suppliers, as well as some service suppliers, such as the drug testing laboratories we use, are also owned, or may in the future be acquired, by our competitors, which may make us vulnerable to unpredictable price increases or delays and refusals to continue doing business with us. Because our contracts with our customers often contain restrictions on the amounts or types of costs that may be passed on to our customers, we may not be able to recover any or all of the costs of any increases in fees by our data and service suppliers. If our suppliers are no longer able or are unwilling to provide us with certain data or services, we may need to find alternative sources with comparable breadth and accuracy, which may not be available on acceptable terms, or at all,
or attempt to build our own networks at substantial cost. There are no alternatives to some of our critical data sources, so we are vulnerable to data price increases and the loss of individual data sources can significantly limit our competitiveness and ability to perform for our customers. If we are unable to identify and contract with suitable alternative data and service suppliers and integrate them into our solution offerings, we could experience service disruptions, increased costs and reduced quality of our services.
We rely upon commercial providers of applicant tracking and human capital management systems for integration with many of our customers.
We rely upon third-party information technology systems and the ability to integrate these systems with our own. We communicate with our customers, receive their orders, and deliver their services through integrations between our information technology systems and theirs. While we frequently integrate directly with customers, in many cases these integrations are made through third-party human capital management systems or applicant tracking systems (“ATS”) that our customers use to manage their workflows. We currently have over 70 integrated solutions with more than 50 HCM systems and ATS, and approximately 40 percent of our order volume flows through these third-party systems. Therefore, a significant portion of our business depends upon the willingness and ability of these HCM systems and ATS providers to maintain integrations with us and to keep their systems operating correctly. Furthermore, when an HCM system or ATS is interposed between us and our customer, we must sometimes rely upon the provider of that HCM system or ATS to work cooperatively with us to address technical issues. We have no assurances that these HCM system or ATS providers will cooperate with us or maintain their integrations; HCM system and ATS providers may not share our priorities and we may have little ability to secure the degree of cooperation we need from them. Any disruption to our ability to use these HCM system, ATS and other integrations can have an adverse effect on the flow of data between us and our customers, which could jeopardize customer relationships, reduce our revenue, and impair our ability to manage that data flow in compliance with applicable laws and regulations.
We intend to rely, in part, on acquisitions to help grow our business. Any acquisitions we undertake may not produce the benefits we expect, and may disrupt our business, adversely affect operations, dilute stockholders, and expose us to costs and liabilities.
Historically, we have relied, in part, on acquisitions to grow our business, and we may pursue future acquisitions in an effort to increase revenue, expand our market position, add to our service offering and technological capabilities, respond to dynamic market conditions, or for other strategic or financial purposes. However, there is no assurance that we will identify suitable acquisition candidates or complete any acquisitions on favorable terms, or at all. Further, any acquisitions we do complete would involve a number of risks, including the following:
•The identification, acquisition, and integration of acquired businesses require substantial attention from management. The diversion of management’s attention and any difficulties encountered in the transition process could hurt our business.
•The identification, acquisition, and integration of acquired businesses requires significant investment, including to determine which new service offerings we might wish to acquire, harmonize service offerings, expand management capabilities and market presence, and improve or increase development efforts and technology features and functions.
•The anticipated benefits from an acquisition may not be achieved, including as a result of loss of customers or personnel of the target, other difficulties in supporting and transitioning the target’s customers, the inability to realize expected synergies, or negative culture effects arising from the integration of new personnel.
•We may face difficulties in integrating the personnel, technologies, solutions, operations, and existing contracts of the acquired business.
•We may fail to identify all of the problems, liabilities or other shortcomings or challenges of an acquired company, technology, or solution, including issues related to intellectual property, solution quality or
architecture, income tax and other regulatory compliance practices, revenue recognition or other accounting practices, or employee or customer issues.
•To pay for future acquisitions, we could issue additional shares of our common stock or pay cash. Issuance of shares would dilute stockholders. Use of cash reserves could diminish our ability to respond to other opportunities or challenges. Borrowing to fund any cash purchase price would result in increased fixed obligations and could also include covenants or other restrictions that would impair our ability to manage our operations.
•Acquisitions expose us to the risk of assumed known and unknown liabilities including contract, tax, compliance, and other obligations incurred by the acquired business or fines or penalties, for which indemnities, escrow arrangements or insurance may not be available or may not be sufficient to provide coverage.
•New business acquisitions can generate significant intangible assets that result in substantial related amortization charges and possible impairments.
•The operations of acquired businesses, or our adaptation of those operations, may require that we apply revenue recognition or other accounting methodologies, assumptions, and estimates that are different from those we use in our current business. This could complicate our financial statements, expose us to additional accounting and audit costs, and increase the risk of accounting errors.
•Acquired businesses may have insufficient internal controls that we must remediate, and the integration of acquired businesses may require us to modify or enhance our own internal controls, in each case resulting in increased administrative expense and risk that we fail to comply with the requirements of Section 404 of the Sarbanes-Oxley Act of 2002 or that our independent registered public accounting firm is unable to express an opinion as to the effectiveness of our internal control over financial reporting, resulting in late filing of our periodic reports, loss of investor confidence, regulatory investigations, and litigation.
•Acquisition of businesses based outside the United States would require us to operate in languages other than English, manage non-U.S. currency, billing, and contracting needs, and comply with non-U.S. laws and regulations, including labor laws and privacy laws that in some cases may be more restrictive on our operations than laws applicable to our business in the United States.
•Acquisitions can sometimes lead to disputes with the former owners of the acquired company, which can result in increased legal expenses, management distraction and the risk that we may suffer an adverse judgment if we are not the prevailing party in the dispute.
We must attract, motivate, train, and retain the management, technical, market-facing, and operational personnel we need to enable the success and growth of our business.
Our business is largely dependent on the personal efforts and abilities of key personnel, including our senior management team, who have significant industry expertise and specialized knowledge that is essential to our operational capabilities. Although we have employment contracts with some of our senior executives, they can terminate their employment relationship with us at any time. We currently do not maintain key person insurance on any officer or employee. Our performance also depends on our ability to identify, attract, retain and motivate highly skilled development and marketing personnel. Competition for such personnel is intense, and we may not be successful in attracting and retaining such personnel.
We are a technology-driven company and it is imperative that we have highly skilled technical personnel to innovate and deliver our systems. Increasing our customer base depends to a significant extent on our ability to expand our sales and marketing operations and activities, and our services require a sophisticated sales force with specific sales skills and specialized technical knowledge that takes time to develop.
In international markets, we encounter staffing challenges that are unique to particular countries or regions, such as language skills, knowledge of local regulations and business practices and customs, and experience in foreign
markets where background screening is less established. It can be difficult to recruit and retain qualified personnel in foreign countries and difficult to manage such personnel and integrate them into our culture.
We have a large operations fulfillment workforce that works on an hourly basis. These personnel require significant training and perform work that is detail-oriented and demanding. In general, these persons have many employment alternatives and retention in these roles is often a challenge.
It can be difficult, time-consuming, and expensive to recruit personnel with the combination of skills and attributes required to execute our business strategy, and we may be unable to hire or retain sufficient numbers of qualified individuals in the markets where we do business or plan to do business. Our personnel require significant training and it may take several months before they achieve full productivity. As a result, we may incur significant costs to attract and retain employees, and we may lose new employees to our competitors or other companies before we realize the benefit of our investment in recruiting and training, and we may have difficulty rapidly increasing our processing capacity in response to sudden increases in order volume. Moreover, new employees may not be or become as productive as we expect, and we may face challenges in adequately or appropriately integrating them into our workforce and culture. At times we have experienced elevated levels of unwanted turnover, and as our organization grows and changes and competition for talent increases, this type of attrition may increase.
COVID-19 has had, and may continue to have, a materially adverse effect on our business.
The global spread of COVID-19 created significant volatility, uncertainty and economic disruption. In the United States and globally, governmental authorities instituted certain preventative measures, including border closures, travel restrictions, operational restrictions on certain businesses, shelter-in-place orders, quarantines and recommendations to practice social distancing. These restrictions disrupted and may continue to disrupt economic activity, resulting in reduced commercial and consumer confidence and spending, lower levels of business formation, lower levels of labor mobility, increased unemployment, closure or restricted operating conditions for businesses, volatility in the global capital markets, instability in the credit and financial markets, labor shortages, regulatory recommendations to provide relief for impacted consumers, disruption in supply chains, and restrictions on many hospitality and travel industry operations. As a result of these factors and the resulting effects on our customers, our revenue in 2020 decreased by approximately 16.6% year-over-year.
The extent to which the coronavirus pandemic continues to affect our business, operations, and financial results is uncertain and will depend on future developments, including the duration or recurrence of the pandemic, the related length and severity of its impact on the U.S. and global economy, and the continued governmental, business and individual actions taken in response to the pandemic and economic disruption. For example, vaccine mandates may have an adverse effect on employment, which could decrease demand for our services. Impacts related to the COVID-19 pandemic are expected to continue to pose risks to our business for the foreseeable future, heighten many of the risks and uncertainties identified below, and could have a materially adverse impact on our business, financial condition, and results of operations.
Our business is substantially dependent on our customers’ continued use of our services, and our results of operations will decline if our customers reduce use of our services or are no longer willing or able to use them. Our customers are sensitive to negative changes in economic conditions. If they cease operations or file for bankruptcy protection, we may not be paid for services we already provided, and our customer base will shrink, which will lower our revenue.
There have been and there may continue to be a significant number of new laws and regulations promulgated by federal, state, local, and foreign governments as a result of the COVID-19 pandemic. We have expended additional resources and incurred additional costs in addressing regulatory requirements applicable to us and our customers. These regulations may be unclear, difficult to interpret or in conflict with other applicable regulations. The failure to comply with these new laws and regulations could result in financial penalties, legal proceedings, and reputational harm.
Forecasts of market growth may prove to be inaccurate, and even if the market in which we compete achieves the forecasted growth, our business may not grow at similar rates, if at all.
We may provide or rely upon forecasts related to growth of and conditions in our market. Forecasts are subject to significant uncertainty and are based on assumptions and estimates that may prove to be inaccurate. Further, even if our market grows, we may not. Our strategic plans may not succeed for various reasons, including possible shortfall or misallocation of resources or superior technology development or marketing by competitors.
As a result of various factors, our operating results may fluctuate significantly, be difficult to predict, and fall below analysts’ and investors’ expectations.
Our operating results may be difficult to predict, particularly because our customers are not required to continue purchasing our services and our business is vulnerable to economic downturns. We have experienced significant variations in revenue and operating results from period to period -- and operating results may continue to fluctuate and be difficult to predict -- due to a number of factors, including:
•changes in pricing of our services in response to competitive pressure, changes in revenue mix, and other factors;
•diversification of our revenue mix to include new services, some of which may have lower pricing than our prior services or may cannibalize existing business;
•the addition or loss of significant customers;
•changes in the business or financial condition of customers;
•the cost, timeliness, and quality of our services;
•changes and uncertainty in the regulatory environment for us or our customers;
•the introduction of new technologies or service offerings by our competitors and market acceptance of such technologies or services;
•our level of expenses, including investment required to support our innovation and scale our technology infrastructure and business expansion efforts;
•the effectiveness of our financial and information technology infrastructure and controls;
•foreign exchange rate fluctuations; and
•changes in accounting policies and principles and the significant judgments and estimates made by management in the application of these policies and principles.
Because significant portions of our expenses are relatively fixed, variation in our quarterly revenue could cause significant variations in operating results and resulting stock price volatility from period to period. Period-to-period comparisons of our historical results of operations are not necessarily meaningful, and historical operating results may not be indicative of future performance. If our revenue or operating results fall below the expectations of investors or securities analysts, or below any guidance we may provide to the market, the price of our common stock could decline substantially.
Our balance sheet includes significant amounts of goodwill and intangible assets. An impairment charge on our goodwill and other intangible assets could negatively affect our financial condition or results of operations.
Goodwill and intangible assets represented approximately 87% and 86% of our consolidated assets at December 31, 2020 and June 30, 2021, respectively. Future events, such as declines in our cash flow projections or customer demand, may cause impairments of our goodwill or long-lived assets, including intangible assets, based on factors such as the price of our common stock, projected cash flows, assumptions used, control premiums or other variables. If our market capitalization drops significantly below the amount of net equity recorded on our balance sheet, that
might indicate a decline in our fair value and would require us to further evaluate whether our goodwill has been impaired. The amount of any impairment could be significant and any write-down of goodwill or intangible assets resulting from future periodic evaluations would, as applicable, either decrease our net income or increase our net loss and could have a material adverse effect on our business, results of operations and financial condition.
Legal and Regulatory Risks
Litigation, inquiries, investigations, examinations or other legal proceedings in which we are involved, in which we may become involved, or in which our customers or competitors are involved could subject us to significant monetary damages or restrictions on our ability to do business.
In the ordinary course of our business activities, we are subject to frequent legal proceedings. These are typically claims by private plaintiffs, including subjects of our background reports and third parties with which we do business, but can also include regulatory investigations and enforcement proceedings. Most of these matters arise in the U.S. under the FCRA and other laws of U.S. states focused on privacy and the conduct and content of background reports, and relate to actual or alleged process errors, inclusion of erroneous or impermissible information, or failure to include appropriate information in background reports that we prepare. Investigations, enforcement actions, claims or proceedings may also arise under other laws addressing privacy and the use of background information such as criminal and credit histories around the world.
A consumer reporting agency that negligently fails to comply with any requirement under the FCRA is liable for actual damages sustained by the consumer as a result of the failure plus the legal fees and costs incurred by the consumer in enforcing the claim. If the consumer reporting agency’s failure to comply is “willful,” in lieu of actual damages the consumer may recover statutory damages of not less than $100 or more than $1,000 per violation plus any punitive damages allowed by the court. For these purposes, “willful” can extend beyond intentional acts to include errors or omissions that are difficult to avoid without the ability to predict problems in advance but that appear in hindsight to have been reckless, or to business decisions not to focus resources on technological developments or process improvements that are not deemed to be priorities but that, with the benefit of hindsight, prove to be more important than previously foreseen. Claimants need not show any actual harm in order to be entitled to statutory damages, which the FCRA does not cap. The ICRAA follows a similar approach, but imposes statutory damages of $10,000 for individual claims, without any requirement of negligence or willfulness.
The right of a consumer to recover legal fees and costs for any successful claim is a powerful motivator for plaintiffs’ attorneys to bring claims under the FCRA, and attorneys’ fee awards in FCRA cases often exceed the actual damages. This creates settlement value and therefore imposes significant costs upon us for minor claims and even technical violations that result in no real harm.
The availability of attorneys’ fees and statutory damages also make class actions under the FCRA potentially lucrative for plaintiffs’ attorneys. Even minimal error rates produce a number of actionable claims against us when multiplied across the millions of reports we prepare, and an error in the design or execution of a process can affect large numbers of consumer reports to which that process applies, thereby creating class exposure to statutory damages of $1,000 per violation. This allows plaintiffs’ attorneys who seek the largest class possible, even if liability to the class is unlikely, to threaten aggregate statutory damages that might be excluded from or exceed the limits of our insurance, potentially by significant amounts.
Commonly asserted mistakes include matching a person who has no criminal history with the criminal records of another person having the same or almost the same identifying information; reporting arrests, civil suits or judgments, or other adverse information that is more than seven years old; reporting criminal records inaccurately, such as failure to identify amendments to the original charges or expungements of convictions; and failing to follow regulatory process requirements, such as providing appropriate disclosure to, and receiving required authorization from, the subjects of our background reports (which is legally the customer’s responsibility but which we often facilitate), receiving required certifications from our customers that they have complied with their disclosure and authorization obligations, reinvestigating and correcting erroneous information reported about a consumer in response to the consumer’s demand that we do so, and upon demand by a consumer, disclosing all information that we record and retain about that consumer.
Many factors contribute to these and other kinds of errors. Criminal record information is sourced from a large number of federal, state, county, and local government agencies, including court systems in approximately 3,000 counties across the U.S. There are significant disparities in how these data sources keep records and describe the nature and disposition of criminal charges and convictions. This contributes to errors in extracting information requested by our customers from those records and correctly describing that information in our background reports.
Associating the correct records to a consumer involves matching the identifying information we receive from our customer or the consumer to the identifying information in our data source. This can be challenging because the various sources of the information we gather do not always include common or complete identifying information. We look for identifying information beyond simply first and last names, but additional identifiers such as middle name (if the subject has a middle name), date of birth, address, and government-issued identification number may or may not be present in any particular data source. We must also overcome differences in names arising from the use of nicknames, previous names (e.g. maiden names), and aliases. In some instances, there are errors in the recorded identifying information for an individual. In addition, many courts do not include date of birth information in their criminal records for privacy reasons, and some courts that do include date of birth information in their criminal records are limiting or eliminating public access to that information. Inability to obtain date of birth information associated with criminal records may require us to depend upon other identifiers that are more difficult to use, potentially increasing the cost of criminal record searches and the chances of mismatch. In some cases, inability to access date of birth information or other identifiers may prevent us from meeting legal requirements for accuracy, which would prevent us from reporting otherwise relevant and reportable criminal records, potentially making our services less useful and depriving us of important revenue streams.
Evolving regulatory priorities and interpretations and judicial decisions can expose industry participants, including us, to potential liability for compliance practices that were widely accepted in the past.
At any given time, we have a number of demands pending against us by consumers claiming that we made a mistake in their consumer report. Some of these are articulated as class actions. Damages claimed can include loss of employment opportunities, defamation, invasion of privacy, and emotional distress, among other things. Such claims have on occasion resulted in significant liability for us and other industry participants and future claims could be material, divert management’s attention, cause reputational harm, and subject us to regulatory scrutiny and equitable remedies that could limit the scope and increase the costs of our operations. In particular, class action or other multi-plaintiff claims have the potential to have a material adverse effect on our financial condition and results of operations. While we do not believe that the outcome of any pending or threatened legal proceeding, investigation, examination or supervisory activity will have a material adverse effect on our financial position, new claims or regulatory actions could emerge at any time. Such events are inherently uncertain and adverse outcomes could result in significant monetary damages, penalties or injunctive relief against us.
In addition to these direct risks to our business, consumer-reporting laws have indirect effects on our business. Some of our suppliers are themselves consumer reporting agencies that impose requirements and restrictions upon us and require us to indemnify them as part of their own compliance efforts.
The FCRA, the ICRAA and other laws that regulate our business impose significant operational requirements and liability risks.
We are subject to U.S. federal, state, and local laws and regulations related to background reporting. These laws and regulations are complex, stringent, and subject to evolving and often uncertain administrative and judicial application in ways that can be difficult to predict and can harm our business. For example, we are subject to the FCRA, the ICRAA, and other similar laws that impose many restrictions and process requirements upon “consumer reporting agencies” (like us) that provide those reports and customers that use them. The restrictions and process requirements largely relate to what may be reported about an individual, when, to whom, and for what purposes, and how the subjects of consumer reports are to be treated. For example, under the FCRA, the consumer reporting agency providing a consumer report must follow reasonable procedures to assure the accuracy of the information reported, and may not report certain things, including adverse information (other than criminal convictions) that is more than seven years old, even if this information is otherwise available to our customer. A consumer report may not be furnished for employment purposes unless the subject of the report has authorized procurement of the report
after receiving disclosure, in a document that consists solely of the disclosure, that such a consumer report may be obtained for that purpose. Before taking any adverse action based upon a consumer report prepared for employment purposes, the user of the report must provide the subject of the report with a copy of the report and certain required disclosures. If the subject of a consumer report disputes its accuracy, the consumer reporting agency must reinvestigate. Violations of FCRA can result in civil and criminal penalties. Regulatory enforcement of FCRA is under the purview of the Federal Trade Commission (the “FTC”), the Consumer Financial Protection Bureau (the “CFPB”) and state attorneys general, acting alone or in concert with one another.
Some employment-related background reporting practices may be allowed, or even required, in some jurisdictions or circumstances yet prohibited in others. For example, in the U.S., applicable regulations require employers in some industries, such as finance, health care, or transportation, to inquire into elements that are or may be prohibited by the FCRA, state consumer reporting laws, or restrictions around the use of criminal history. Where such laws and regulations conflict or may conflict we may be required to restrict the information we provide our customers. Other countries and localities around the world regulate background reporting in their own ways, including by prohibiting reporting of certain kinds of information, such as criminal or credit histories, and imposing unique process requirements. These requirements are constantly evolving and can change quickly. This requires us to maintain wide-ranging compliance expertise and adapt our operations appropriately to divergent local requirements or face liability and reputational harm for failure to do so.
Any failure by us to comply with, or remedy any violations of, applicable laws and regulations, could result in substantial fines and restitution obligations and court-ordered injunctions or administrative cease-and-desist orders or settlements that require us to modify our business practices in ways that are costly to implement or that reduce our efficiency or the utility of our services, or may prohibit conduct that would otherwise be legal and in which our competitors may engage. In addition, there may also be adverse publicity and uncertainty associated with investigations, litigation and orders (whether pertaining to us, our suppliers, our customers, or our competitors) that could decrease customer acceptance of our services.
For example, in 2012 the U.S. Federal Trade Commission assessed civil penalties of $2.6 million and other measures against HireRight for various process failures including failing to follow reasonable procedures to (i) assure that the information contained in its consumer reports reflected the current public record status of the consumers’ information (such as expungement of a criminal record); (ii) prevent the inclusion of multiple entries for the same criminal offense in a single report; and (iii) prevent the inclusion of obviously erroneous information in reports. In 2015, the U.S. Consumer Financial Protection Bureau issued a Consent Order against GIS assessing consumer redress payments of $10.5 million civil monetary penalties of $1.25 million payable to the Bureau for (i) reporting of mismatched criminal record information; (ii) failure to notify consumers at the time of reporting adverse information or maintaining strict procedures to ensure adverse information is complete and up-to-date; (iii) reporting adverse non-conviction information, such as civil suits and judgments, that antedated the report by more than seven years; and (iv) and failing to maintain adequate processes to prevent such errors. Similar enforcement actions have affected our competitors and it appears that the current political climate may result in increased regulatory enforcement activity. Additionally, our customers might face similar proceedings, actions or inquiries, which could result in indemnity claims against us and could affect their business and, in turn, our ability to do business with those customers.
Along with laws and regulations related to background reporting, other laws and regulations governing employment relationships and practices around the world also expose us to compliance requirements and enforcement risk. For example, laws prohibiting inquiry into a job applicant’s criminal history until after a conditional offer of employment is made require us to adapt our operational procedures. Identity and right-to-work verification requirements, such as U.S. I-9 compliance procedures and drug and health screening requirements applicable to employment in certain industries, can expose us to significant liability and regulatory penalties for errors we make in assisting our customers with these processes.
In the future, we expect to be subject to significant additional compliance expense and liability risk as a result of increased governmental and private enforcement activity and implementation of new laws and regulations restricting access to and use of personal information in response to social trends and growing worldwide concern that:
•inaccuracies in background reports harm the individuals who are the subjects of those reports;
•background reporting has a disparate adverse impact on some populations;
•background reports can impair the ability of persons with criminal records to reintegrate with society;
•use of algorithms and automated processing, including artificial intelligence and machine learning, fail to take individual circumstances into account and may reinforce inaccurate or unjust biases; and
•privacy must be protected as a fundamental right, resulting in significant limitations on collection and use of personal background information.
Increased enforcement and new laws and regulations related to background reporting may limit our ability to pursue business opportunities we might otherwise consider, prevent full utilization of our services and reduce the availability or effectiveness of our services or the supply of data available to our customers. Further, any perception that our practices or services are inaccurate, are an invasion of privacy or have disparate impacts, whether or not consistent with current or future regulations and industry practices, may subject us to public criticism, private class actions, reputational harm, or claims by regulators, which could disrupt our business and expose us to increased liability. We cannot predict the ultimate impact on our business of new or proposed rules, supervisory examinations or government investigations or enforcement actions.
We are subject to rapidly changing and increasingly stringent laws and industry standards relating to privacy, data security, and data protection. The requirements and costs imposed by these laws, or our actual or perceived failure to comply with them, could subject us to liabilities that adversely affect our business.
We collect, process, transmit and store sensitive data, including personally identifiable information of applicants and employees of our customers about whom we prepare background reports. We and our data suppliers are subject to numerous laws regarding privacy and the storage, sharing, use, transfer, disclosure, protection and other processing of this kind of information. In the U.S., these laws include the Driver’s Privacy Protection Act (the “DPPA”) (regulating driving records), the Gramm-Leach-Bliley Act (the “GLBA”) (regulating financial data), the Health Insurance Portability and Accountability Act (“HIPPA”) (regulating health information), the Federal Motor Carrier Safety Administration’s rules (regulating truck-driver drug testing and other qualifications), and the death Master File rule (regulating death notices related to Social Security Numbers).
In addition, multiple legislative proposals concerning privacy and the protection of user information are being considered by the U.S. Congress. Various U.S. state legislatures have announced intentions to consider additional privacy legislation, and U.S. state legislatures have already passed and enacted comprehensive privacy legislation. For example, the California Consumer Protection Act (“CCPA”) imposes obligations and restrictions on businesses regarding their collection, use, processing, retaining and sharing of personal information and provides new and enhanced data privacy rights to California residents, such as affording them the right to access and delete their personal information and to opt out of certain sharing of personal information. The CCPA exempts much of the data that is covered by FCRA, GLBA, and DPPA and, therefore, much of our data is not subject to the CCPA. However, information we hold about individual residents of California that is not subject to FCRA, GLBA, and DPPA would be subject to the CCPA. Because the CCPA is relatively new, there is still some uncertainty about how such exceptions may be applied under the CCPA. In addition, new laws and regulations proposed or enacted in a number of states impose, or have the potential to impose additional obligations on companies that collect, store, use, retain, disclose, transfer and otherwise process confidential, sensitive and personal information, and will continue to shape the data privacy environment nationally. State laws are changing rapidly and there is discussion in Congress of a new federal data protection and privacy law to which we would become subject if it is enacted.
In the European Economic Area (“EEA”), we are subject to the General Data Protection Regulation (the “GDPR”) and in the United Kingdom, we are subject to the United Kingdom data protection regime consisting
primarily of the UK General Data Protection Regulation (“UK GDPR”) and the UK Data Protection Act 2018. The GDPR and UK GDPR are extremely broad and sweeping privacy laws that establish multiple privacy and data protection requirements, including with respect to criminal convictions data, that are in some respects more comprehensive than those of the U.S. and other countries where we operate. These requirements include providing detailed disclosures about how personal data is collected and processed (in a concise, intelligible and easily accessible form); demonstrating that an appropriate legal basis is in place or otherwise exists to justify data processing activities; rights for data subjects in regard to their personal data (including the right to be “forgotten” and the right to data access); notifying data protection regulators or supervisory authorities (and in certain cases, affected individuals) of significant data breaches; imposing limitations on retention of personal data; maintaining a record of data processing; and complying with the principle of accountability and the obligation to demonstrate compliance through policies, procedures, training and audit. Fines for certain breaches of the GDPR and the UK data protection regime are significant e.g., fines for certain breaches of the GDPR or the UK GDPR are up to the greater of €20 million / £17.5 million or 4 % of total global annual turnover. Other countries outside of the EEA and the United Kingdom have also enacted comprehensive data protection legislation similar to the GDPR to which we are or may become subject in the future.
These privacy laws and regulations also regulate many of our data suppliers, which in turn impose their restrictions and requirements upon us. If we violate those restrictions and requirements, we risk both liability and interruptions in our ability to obtain information that we need to deliver our services.
Compliance with multiple federal, state and international laws and regulations imposing varying and increasingly rigorous requirements is complicated and costly, and we must devote substantial resources to strive for adherence with applicable laws, regulations, and related requirements. The scope of such laws is constantly changing, and in some cases, inconsistent and conflicting and subject to differing interpretations, and new laws of this nature are regularly proposed and adopted. Consequently, we currently, and from time to time, may not be in compliance with all such laws. Such laws also are becoming increasingly rigorous and could be interpreted and applied in ways that may have a material adverse effect on our business, financial condition, results of operations and prospects. Therefore, enforcement practices are likely to remain uncertain for the foreseeable future. There is no assurance that we will not be subject to claims that we have violated applicable laws or codes of conduct, that we will be able to successfully defend against such claims or that we will not be subject to significant fines and penalties in the event of non-compliance. Additionally, to the extent multiple state-level laws are introduced with inconsistent or conflicting standards and there is no federal law to preempt such laws, compliance with such laws could be difficult and costly to achieve and we could be subject to fines and penalties in the event of non-compliance.
Furthermore, enforcement actions and investigations by regulatory authorities related to data security incidents and privacy violations continue to increase. As discussed above, we have in the past received, and may continue to receive inquiries from regulators regarding our data privacy practices. Any failure or perceived failure by us to comply with applicable privacy and security laws, or any compromise of security that results in unauthorized access, use or transmission of, personal user information, could result in a variety of claims against us, including governmental enforcement actions and investigations, and class action privacy litigation. We could further be subject to significant fines, other litigation, claims of breach of contract and indemnity by third parties, and adverse publicity. When such events occur, our reputation may be harmed, we may lose current and potential users and the competitive positions of our various brands might be diminished. In addition, if our practices are not consistent or viewed as not consistent with legal and regulatory requirements, including changes in laws, regulations and standards or new interpretations or applications of existing laws, regulations and standards, we may become subject to audits, inquiries, whistleblower complaints, adverse media coverage, investigations, loss of export privileges or severe criminal or civil sanctions.
In addition to the above, we have been, and could be in the future, the victim of fraudulent requests for background screening reports as a result of fraudsters “spoofing” or impersonating our customers. The internal controls or procedures we put into place to combat such attacks may not be enough to stop them. Any transfer or loss of personal data to fraudsters as a result of such attacks may cause us to violate our contractual commitments, compromise our ability to receive information from our data suppliers, harm our reputation, give rise to unwanted media attention, and result in litigation and regulatory action.
We can incur significant liability for omitting adverse information in a background report if the subject of that report causes harm that could have been foreseen and avoided if we had reported the omitted information.
One of the reasons our customers use our services is to protect against negligent hiring claims that are likely to result if they hire an individual who causes harm that could have been foreseen and avoided through a careful review of the individual’s background. If we fail to report potentially negative information, such as criminal records, a history of dangerous driving, or illegal drug use about an individual who later commits a crime or causes other harm in the course of employment by our customer, we may face potential direct liability to damaged third parties, as well as an obligation to indemnify and defend our customer against its own negligent hiring liability exposure. We have in the past experienced such claims for crimes such as assaults and thefts allegedly committed, as well as automobile accidents allegedly caused, by persons on whom we prepared background reports that did not include records of similar past conduct. These kinds of situations tend to attract adverse publicity, which together with the liability to which we may be subject, could be extremely damaging and might be excluded from, or exceed the limits of, our insurance coverage. Even in situations in which we have no legal responsibility, such as for prior records that we allegedly “missed” but did not discover because they were outside the scope of the search we were hired to perform, merely being associated with a negligent hiring claim could be extremely damaging to our reputation, and we may choose to indemnify customers or otherwise contribute to legal settlements in the interests of customer relations.
We may be subject to and in violation of state private investigator licensing laws and regulations, which could adversely affect our ability to do business in certain states and subject us to liability.
Although our work is distinct from the activities normally associated with private investigators, we fit within the definitional scope of many state laws that regulate private investigators because of our information gathering and reporting activities. These laws and related licensing requirements and regulations vary among the states and are subject to differing interpretations. Failure to correctly interpret and comply with these laws, requirements and regulations may result in the imposition of penalties or restrictions on our ability to continue our operations in certain states.
We are subject to government regulations concerning our employees, including wage-hour laws and taxes.
We are subject to applicable rules and regulations relating to our relationship with our employees, including health benefits, sick days, unemployment and similar taxes, overtime and working conditions, equal pay, immigration status, and classification of employee benefits for tax purposes. Legislated increases in labor-cost components, such as employee benefit costs, workers’ compensation insurance rates, and compliance costs, as well as the cost of litigation and fines in connection with these regulations, would increase our labor costs. Many employers nationally have been subject to actions brought by governmental agencies and private individuals under wage-hour laws on a variety of claims, such as improper classification of workers as exempt from overtime pay requirements, failure to pay overtime wages properly, and failure to provide meal and rest breaks or pay for missed breaks, with such actions sometimes brought as class or collective actions. These actions can result in material liabilities and expenses. Federal and state standards for classifying employees under wage-and-hour laws differ and are often unclear or require application of judgment, and classifications may need to change as employment duties evolve over time. We may misclassify employees and be subject to liability as a result. If we become subject to employment litigation, such as actions involving wage-and-hour, overtime, breaks and working time rules, it may distract our management from business matters and result in increased labor costs.
We may be subject to intellectual property claims by third parties, which are costly to defend, could require us to pay significant damages and could limit our ability to use certain technologies and intellectual property.
Third parties may assert claims of infringement or misappropriation of intellectual property rights against us, or against our customers for use of our systems or services. We cannot be certain that we are not infringing any third-party intellectual property rights, and we may have liability or indemnification obligations as a result of such claims. As a result of the information disclosure in required public company filings our business and financial condition are visible, which may result in threatened or actual litigation, including by competitors and other third parties.
Regardless of whether claims that we are infringing patents or infringing or misappropriating other intellectual property rights have any merit, these claims are time-consuming and costly to evaluate and defend, and can impose a
significant burden on management and employees. The outcome of any claim is inherently uncertain, and we may receive unfavorable interim or preliminary rulings in the course of litigation. There can be no assurances that favorable final outcomes will be obtained in all cases. We may decide to settle lawsuits and disputes on terms that are unfavorable to us. Some parties that could make claims of infringement against us have substantially greater resources (including in-house expertise on the disputed technology) than we do and are able to sustain the costs of complex intellectual property litigation to a greater degree and for longer periods of time than we could.
Although third parties may offer a license to their technology or intellectual property, the terms of any offered license may not be acceptable and the failure to obtain a license or the costs associated with any license could cause our business to be materially and adversely affected. In addition, some licenses may be non-exclusive, and therefore our competitors may have access to the same technology or intellectual property licensed to us. Alternatively, we may be required to develop non-infringing technology or to make other changes that could require significant effort and expense and ultimately may not be successful. Furthermore, a successful claimant could secure a judgment or we may agree to a settlement that prevents us from performing certain services, limits the way we may provide certain services, or requires us to pay substantial damages, including treble damages if we are found to have willfully infringed the claimant’s patents or copyrights. Claims of intellectual property infringement or misappropriation also could result in injunctive relief against us, or otherwise result in delays or stoppages in providing all or certain aspects of our solution.
If we are unable to protect our proprietary technology and other intellectual property rights, it may reduce our ability to compete for business and we may experience reduced revenue and incur costly litigation to protect our rights.
Our business depends on our brands as well as our internally-developed and licensed technology and content, including software, databases, confidential information and know-how, the protection of which is crucial to the success of our business. We rely on a combination of trademark, trade secret and copyright laws, confidentiality procedures, and contractual provisions to protect our rights in our internally-developed technology, brands and other intellectual property. These measures may not be sufficient to offer us meaningful protection, particularly in jurisdictions that do not protect intellectual property rights to the same extent as do the laws of the United States. If we are unable to protect our intellectual property, our competitive position and our business could be harmed, as third parties may be able to commercialize and use technologies that are substantially similar to ours without incurring the development and licensing costs that we have incurred. Any of our owned or licensed intellectual property rights could be challenged, invalidated, circumvented, infringed, misappropriated or otherwise violated, our trade secrets and other confidential information could be disclosed in an unauthorized manner to third parties, or our intellectual property rights may not be sufficient to permit us to take advantage of current market trends or otherwise to provide us with competitive advantages, each of which could result in costly redesign efforts, discontinuance of certain offerings or other competitive harm.
Monitoring unauthorized use of our intellectual property is difficult and costly, and the steps we have taken to protect our intellectual property rights may not be adequate to prevent infringement, misappropriation, dilution or other violations. Litigation brought to protect and enforce our intellectual property rights can be costly, time consuming and distracting to management, and could be ineffective or result in the impairment or loss of portions of our intellectual property. As a result, we may be aware of infringement or other violations by competitors but may choose not to bring litigation to enforce our intellectual property rights. Furthermore, even if we decide to bring litigation, our efforts to enforce our intellectual property rights may be met with defenses, counterclaims and countersuits challenging or opposing our right to use and otherwise exploit particular intellectual property, services and technology or the enforceability of our intellectual property rights. As a result, despite efforts by us to protect our intellectual property rights, unauthorized third parties may attempt to use, copy or otherwise obtain and market or distribute our intellectual property or technology or otherwise develop solutions with the same or similar functionality as our solutions. If competitors infringe, misappropriate or otherwise violate our intellectual property rights and we are not adequately protected or elect not to litigate, our competitive position, business, financial condition and results of operations could be harmed.
In general, any inability to meaningfully protect our intellectual property rights could impair our ability to compete and reduce demand for our services. Moreover, our failure to develop and properly manage new intellectual
property could adversely affect our market positions and business opportunities. Also, some of our services rely on technologies and software developed by or licensed from third parties, and we may not be able to maintain our relationships with such third parties or enter into similar relationships in the future on reasonable terms or at all.
Uncertainty may result from changes to intellectual property legislation and from interpretations of intellectual property laws by applicable courts and agencies. Accordingly, despite our efforts, we may be unable to obtain, maintain, protect and enforce the intellectual property rights necessary to provide us with a competitive advantage. Our failure to obtain, maintain, protect and enforce our intellectual property rights could therefore have a material adverse effect on our business, financial condition and results of operations.
Our business relationships expose us to risk of substantial liability for contract breach, violation of laws and regulations, intellectual property infringement and other acts and omissions by us and others, and our contractual indemnities, limitations of liability, and insurance may not protect us adequately.
Our agreements with our customers and suppliers typically obligate us to provide indemnity and defense for violation of applicable laws and regulations, damages to property or persons, misappropriation of confidential or personally identifiable information in our custody or control, intellectual property infringement, business losses, and other liabilities. Generally, these indemnity and defense obligations relate to our own business operations, and acts or omissions. However, under some circumstances, we agree to indemnify and defend contract counterparties against losses resulting from their own business operations and acts or omissions, or the business operations and acts or omissions of third parties. For example, our customers also typically require us to indemnify them against acts and omissions of our subcontractors and suppliers, such as business process outsourcing providers and data sources. At the same time, these subcontractors and suppliers often require us to indemnify them against acts and omissions of our customers, including indemnifying our data sources for our customers’ misuse of that data.
Even in the absence of a clear contractual obligation to provide indemnity, customers regularly seek indemnification from us in respect of claims made against them due to alleged errors in our services, or alleged errors they make in complying with laws and regulations applicable to their procurement and use of our services. Some of these indemnity claims are supportable and result in costs to us, and we may sometimes fund even invalid claims for relationship reasons.
Our agreements with customers and suppliers typically include provisions limiting our liability to the counterparty and the counterparty’s liability to us, although these limits sometimes do not apply to certain liabilities, including indemnity obligations, and certain customers and suppliers, including government entities, may require indemnity from us without any limit on our liability, and provide us with little or no reciprocal indemnity support.
We have limited ability to control acts and omissions of our customers, suppliers, or other third parties that could trigger our indemnity obligations, and our insurance policies may not cover us for acts and omissions of others. Because we contract with many customers and suppliers and those contracts are individually negotiated with different scopes of indemnity and different limits of liability, it is possible that in any case our obligation to provide indemnity for the acts or omissions of a third party such as a customer or supplier may exceed what we are able to recover from that third party. Further, contractual limits on our liability may not apply to our indemnity obligations, contractual limits on our counterparties’ liability may limit what we can recover from them, and contract counterparties may be unable to meet their obligations to indemnify and defend us as a result of insolvency or other factors. Large indemnity obligations, or obligations to third parties not adequately covered by the indemnity obligations of our contract counterparties, could expose us to significant costs.
In addition to the effects on indemnity described above, the limitation of liability provisions in our contracts may, depending upon the circumstances, be too high to protect us from significant liability for our own acts or omissions, or so low as to prevent us from recovering fully for the acts or omissions of our counterparties.
Liabilities we incur in the course of our business may be uninsurable, or insurance may be very expensive and limited in scope.
Insurance companies view consumer reporting as a risky business.
•The FCRA, the California Investigative Consumer Reporting Agencies Act, and similar laws that regulate our business are ambiguous in many respects, resulting in a constant succession of new liability theories conceived by plaintiffs’ attorneys and tested through claims against background reporting companies like us.
•There are significant uncertainties and inconsistencies in how courts interpret those laws.
•The availability under those laws of substantial statutory damages and attorneys’ fees awards can result in enormous class action claims.
•Background reporting companies may incur significant liability to their customers and members of the public for failure to report potentially negative information, such as criminal records, about an individual who later commits a crime or causes other harm that might have been foreseen and avoided if the prior record had been reported.
•Governmental agencies charged with enforcing these laws, such as the CFPB and FTC, have a history of imposing large fines and their enforcement approaches and intensity may vary with changes in partisan political control.
Due to these and similar factors, and the resulting frequency and potential severity of legal claims, some insurance companies will not underwrite errors & omissions policies for background reporting companies. Insurance companies that will underwrite such policies often impose very high retention requirements and various coverage limitations and exclusions, including for regulatory investigations, fines, and punitive damages. Consequently, while we do have errors & omissions coverage, we are effectively self-insured for most liabilities that arise as a result of errors and omissions in delivery of our services. Further, significant claims under our policies, or negative claims experience in the industry in general, could result in carriers refusing to provide liability insurance to us, or charging prohibitive premiums and imposing co-insurance requirements in addition to high retentions. Finally, the terms of any regulatory enforcement order against us may prohibit us from recovering under insurance for any fines, penalties, or restitution assessed.
Technology and Data Security Risks
Breaches or misuse of our networks or systems, our customers’ networks or systems that are integrated with ours, or networks or systems of third parties upon which we rely, or any improper access to our information or platform may negatively impact our business and harm our reputation.
In the ordinary course of business, we access, collect, process, transmit and store sensitive data, including intellectual property and proprietary business information of our customers and suppliers and personally identifiable information of applicants and employees of our customers about whom we prepare background reports. The secure operation of our IT networks and systems and secure processing and maintenance of this information is critical to our business operations and strategy.
Because we access, store and transmit personally identifiable information, we could be the target of cyber attacks, fraudulent schemes and other security threats by third parties, including technically-sophisticated and well-resourced hackers, hostile state intelligence services and other bad actors attempting to access or steal the data we store or to disrupt our operations or to misappropriate such information by direct theft or subterfuge, such as by posing as customers. Furthermore, insider or employee cyber and security threats are also a significant concern for all companies, including ours, and have become a greater risk as a result of the greater adoption of remote work as a response to the COVID-19 pandemic. Despite our investments in physical and technological security measures, employee training and other precautions, we are vulnerable to exploitation of our IT networks and infrastructure to gain unauthorized access to data from us or from our customers, our and their suppliers, and other service providers
whose systems can be accessed through ours, resulting in breaches of confidential and personal information, computer malware, ransomware, and transmission of computer viruses.
Current security measures undertaken by us, our customers, suppliers, vendors or service providers may be ineffective as a result of various factors including employee error; failure to implement appropriate processes and procedures; malfeasance, acts of vandalism, computer viruses and interruption or loss of valuable business data, breaches, cyber-attacks or other tactics to obtain illicit system access. Moreover, the risk of unauthorized circumvention of our security measures or those of our customers, suppliers, vendors, and service providers has been heightened by advances in computer and software capabilities and the increasing sophistication of hackers who employ complex techniques, including without limitation, “phishing” or social engineering incidents, spoofing, ransomware, extortion, account takeover attacks, denial or degradation of service attacks, and malware. We and our customers and vendors have been in the past, and could be in the future, the victim of fraud schemes, including as a result of fraudsters “spoofing” or impersonating our customers, including by using stolen identities and credit cards and misappropriated customer credentials to order background reports as a way of compiling additional information about consumers.
While we have put in place internal controls and procedures designed to prevent or identify such fraudulent attacks and continue to review and upgrade our internal controls and procedures in response to the heightened risk and occurrence of such fraudulent attacks (some of which were successful), there can be no assurance that we will not fall victim to such attacks. Fraudulent transfer of funds can cause direct financial loss to us or our customers or vendors. Use of stolen credit cards to order our background reports subjects us to risk of refunding the fees we collected for providing those reports and bearing the unreimbursed costs of third-party data and services we purchased to fulfill those fraudulent orders. Transfer or loss of financial or personal data to fraudsters as a result of such spoofing or impersonation may cause us to violate our contractual commitments, compromise our ability to receive information from our data suppliers, including driver licensing and motor vehicle operating information that we receive from state motor vehicle departments, harm our reputation, give rise to unwanted media attention and result in litigation and regulatory action. Because techniques used to obtain unauthorized access or sabotage systems change frequently and generally are not identified until they are launched against a target, and because we typically are not able to control the efficacy of security measures implemented by our customers and suppliers, we may be unable to anticipate these techniques, implement adequate preventative measures or remediate any intrusion on a timely or effective basis even if our security measures are appropriate, reasonable, and comply with applicable legal requirements. Although we have developed and strive to improve systems and processes designed to prevent security breaches and data loss, these security measures cannot provide absolute security, and the protection of our systems and information against exploitation and misappropriation is partially dependent on our customers’ security practices, such as measures to safeguard credentials.
Though it is difficult to determine what harm may directly result from any specific interruption or breach, any security incident could disrupt computer systems or networks, interfere with services to our customers or their applicants and employees, and result in unauthorized access to personally identifiable information, intellectual property, and other confidential business and personal information. As a result, we could be exposed to unwanted media attention, legal claims and litigation, indemnity obligations, legal and contractual reporting obligations, regulatory fines and penalties, contractual obligations, other liabilities, significant costs for remediation and re-engineering to prevent future occurrences, such as increased investment in technology, the costs of compliance with consumer protection laws and costs resulting from consumer fraud, significant distraction to our business, and damage to our reputation, our relationships with customers and suppliers, and our ability to retain and attract new customers and suppliers. If personally identifiable information is compromised, we may be required to undertake notification and remediation procedures, provide indemnity, and undergo regulatory investigations and penalties, all of which can be extremely costly and result in adverse publicity. While we maintain cyber liability insurance, we cannot ensure that our insurance policies will be sufficient to cover all losses that we may incur if we suffer significant or multiple attacks. We also cannot be certain that our existing insurance coverage will continue to be available on acceptable terms or in amounts sufficient to cover the potentially significant losses that may result from a security incident or breach or that the insurer will not deny coverage of any future claim.
We rely significantly on the use of information technology. System failures, including failures due to natural disasters or other catastrophic events, could delay and disrupt our services, cause harm to our business and reputation and result in a loss of customers.
We depend heavily upon computer systems to provide reliable, uninterrupted service to our customers. We have experienced brief system interruptions in the past, often relating to specific customers or groups of customers, and we believe that interruptions will continue to occur from time to time in the future. Our platform operates on our data processing equipment that is housed in third-party commercial data centers that we do not control. In addition, our systems interact with the systems of our customers, their HCM systems and ATS providers, and our suppliers. All of these facilities and systems are vulnerable to interruption and/or damage from a number of sources, many of which are beyond our control, including natural disasters or other catastrophic events such as earthquakes, fires, floods, terrorist attacks, power loss and telecommunications failures, as well as computer viruses, physical and electronic break-ins, software issues, technology glitches, and other similar events, any of which can temporarily or permanently interrupt services to customers. In particular, as described above, intentional cyber-attacks present a serious issue because they are difficult to prevent and remediate and can be used to steal data or disrupt operations.
Although we maintain redundant data center capabilities for business continuity and disaster recovery, any substantial disruption of this sort could cause interruptions or delays in our business and loss of data or render us unable to deliver our services in a timely manner, or at all. These interruptions may also interfere with our suppliers’ ability to provide us information and our employees’ ability to perform their responsibilities. In addition, a significant portion of the work required to deliver our services is conducted by outsourced suppliers that work from other countries, including India, the Philippines, and the Caribbean, that are vulnerable to natural disasters and infrastructure failures. Any disruption in the ability of our outsourced suppliers to perform such functions may result in service interruptions and delays for our customers.
The steps we take to mitigate these risks may not protect against all problems, and our ability to mitigate risks to third-party systems is limited. In addition, we rely to a significant degree upon security and business continuity measures of our data center operators, telecommunications providers, and other third parties, and if those suppliers fail us, we could be unable to meet the needs of our customers. Any steps we take to increase the reliability and redundancy of our systems may be expensive and may not be successful in preventing system failures.
Any failures or delays with our systems or other systems that interact with our systems, or inaccessibility or corruption of data, could be time-consuming and costly to repair or replace, divert our employees’ attention, expose us to liability, and harm our reputation, resulting in customers seeking to avoid payment, demanding future credits for disruptions or failures, and diverting their business to competitors. The financial harm from such circumstances could exceed any applicable business interruption insurance we may have.
If we fail to enhance and expand our technology and services to meet customer needs and preferences, the demand for our services may materially diminish.
Technology is critical to our ability to provide market-leading services that meet the diverse and complex needs of our global customers. In order to remain competitive and responsive to customer demands, we must continually innovate new services and upgrade, enhance, and expand our technology and services. In addition, some of our older technology needs to be updated or replaced to keep pace with our growth, evolving compliance requirements, and the increasing complexity of our business. This will require significant and increasing investments in our technology for the foreseeable future.
Our services are complex and can require a significant investment of time and resources to develop, test, introduce into use, and enhance. These activities can take longer than we expect. We schedule and prioritize our development efforts according to a variety of factors, including our perceptions of market trends, customer requirements, and resource availability. We may encounter unanticipated difficulties that require us to re-direct or scale back our efforts and we may need to modify our plans in response to changes in customer requirements, market demands, resource availability, regulatory requirements, or other factors. These factors place significant demands upon our engineering organization, require complex planning and decision making, and can result in
acceleration of some initiatives and delay of others. As a result of such factors, we may not execute successfully on our technology and services development strategy.
In addition, investment in development of new services often involves a long return-on-investment cycle. We must continue to dedicate a significant amount of resources to our development efforts before knowing to what extent our investments will result in services that meet evolving market conditions.
If we do not manage our development efforts efficiently and effectively, we may fail to produce, or to timely produce, services that respond appropriately to the needs of our customers, and competitors may develop offerings that more successfully anticipate market demand. If our services are not responsive and competitive, customers can be expected to shift their business to our competitors. Customers may also resist adopting our new services for various reasons, including reluctance to disrupt existing relationships and business practices or to invest in necessary technological integration.
Real or perceived errors, failures, or bugs in our platform could adversely affect our business.
The technology that forms the basis of our platforms is complex. Additionally, our platforms interact with a variety of systems in addition to our internal systems, including customer and ATS systems as well as those of third-party data providers. The complexity of the technology we employ as well as the variety of networking configurations we run and applications to which our platforms connect increases the likelihood of real or perceived errors, bugs or failures in those business environments. We test our software and products and material changes made to our platforms, but errors, bugs or failures could exist and may not be found until after our products are deployed to our customers or until they disrupt operations. Any error, bug or failure could degrade the quality of service on our platform and adversely affect our customers’ business, which could in turn result in our loss of revenue, damage to our reputation and brand, and weakening of our competitive position. Additionally, we could face legal claims for breach of contract due to service level failures or statutory liability for process errors due to errors or bugs. Defending a lawsuit, regardless of its merit, is costly and may divert management’s attention away from the business and cause additional harm to our reputation and operating results.
The use of open source software may expose us to additional risks and compromise our intellectual property.
We have incorporated, and may continue to incorporate certain open source software into our proprietary technology. Open source software is software that is generally licensed by its authors or other third parties and made available to the general public on an “as is” basis under the terms of non-negotiable licenses. From time to time, companies that use open source software have faced claims challenging their use and requesting compliance with the open source software license terms. Some open source software licenses purport to require users that distribute or make available software that is derived from or incorporates open source software to make publicly available such user’s source code (which could include valuable proprietary code) which, if such requirements are imposed on us, may put our intellectual property rights at risk. Other open source software licenses purport to require a user that incorporates the open source software into its own proprietary intellectual property to grant a license to use the combined intellectual property under the terms of such open source software license, sometimes for no or minimal charge. Because the terms of various open source licenses have not been fully interpreted by courts, there is a risk that such licenses could be construed in a manner that imposes unanticipated conditions or restrictions on our use of open source software that might require us to redesign our applications, discontinue the use of our solutions, or take other costly remedial actions, which could adversely impact our business. In addition, open source software could be riskier to use than third-party commercial software because open source licensors generally do not provide warranties or controls on the functionality of the software. While we test the use of open source software before incorporating it into our proprietary platforms, we cannot be certain that we have identified and eliminated all functionality risk of the open source software. For all of these reasons, we cannot guarantee that our use of open source software will not subject us to liability or create circumstances that could harm our business.
Our technology development operations are centered in Estonia, exposing us to risks that may be difficult to manage.
Our software development and related technology operations are conducted primarily in our office in Estonia. Unless we are able to diversify these operations across other locations, our ability to maintain our platform and adapt
it to meet customer needs and market opportunities is vulnerable to constraint or disruption as a result of various factors including unavailability of sufficient engineering talent, power loss, local pandemic conditions, weather, and regional political unrest.
If our ability to use data to train our proprietary machine learning models is lost or limited, our business could be adversely affected.
We employ proprietary machine-learning models, which are models built using a variety of data sets, some of which may be licensed from third-party providers or subject to other obligations to the provider or some other third party. These licenses, other obligations, or new or changing laws or regulations, may impose restrictions on the use of those data sets, including restrictions on use for any purpose inconsistent with the purpose for which the data was provided or to which the subject of the data has consented. Such restrictions may significantly limit our ability to utilize automation to improve the speed and accuracy of our services.
In addition, if third-party data used to train and improve our machine-learning models is limited or becomes unavailable to us, our ability to continue to use and improve our machine learning models would be adversely affected. There may not be commercially reasonable alternatives to the third-party data we currently use, or it may be difficult or costly to migrate to other third-party data. Our use of additional or alternative third-party data could require us to enter into license agreements with third parties and integrate the data used in our machine-learning models with new third-party data, which may require significant work and substantial investment of our time and resources.
If the data we use to train our proprietary machine-learning models is significantly inaccurate, our business could be adversely affected.
If the data we use to train and improve our machine-learning models is inaccurate, our ability to continue to use and improve our machine-learning models would be adversely affected. There may not be commercially reasonable alternatives to the third-party data we currently license, or it may be difficult or costly to migrate to other third-party data. Our use of additional or alternative third-party data would require us to enter into license agreements with third parties and integrate the data used in our machine-learning models with such new third-party data, which may require significant work and substantial investment of our time and resources.
Our machine learning models may not operate properly or as we expect them to, which could cause us to inaccurately evaluate applicant information.
We utilize data gathered from various sources in our services to train our machine-learning models. The continuous development, maintenance and operation of our machine learning models is expensive and complex, and may involve unforeseen difficulties including material performance problems, and undetected defects or errors with new machine learning or other artificial intelligence capabilities. Some of those difficulties could arise from undetected or uncorrected inaccuracies or unrepresentative tendencies in the data. We may encounter technical obstacles, and it is possible that we may discover additional problems that prevent our machine learning models from operating properly. If our machine learning models do not function reliably, we may incorrectly process background checks or suffer extended processing times and other failures of our services, which could result in customer dissatisfaction.
Our machine-learning models could lead to unintentional discrimination.
Generally, machine-learning models use data about past decisions in a particular situation to create algorithms that make a new decision in a similar situation. If the past decisions on which our machine-learning models are based were affected by a disparate impact based on any legally prohibited classification (such as race or sex), our machine-learning models could make similarly disparate decisions. Consistently making decisions that result in disparate impact could subject us or our customers to legal or regulatory liability.
Industry and Financial Risks
Changes to the availability and permissible uses of consumer data may reduce the demand for our services.
Public and commercial sources of free or relatively inexpensive information of the type our customers typically demand have become increasingly available, particularly through the internet. We expect this trend to continue, and the easier availability of this information may reduce demand for our services.
While various factors, including safety concerns, continue to drive the increased adoption of background reporting services worldwide, there are countervailing forces that could have the opposite effect. For example, certain privacy regulations restrict the collection and use of the kind of information included in our background reports (e.g. in some countries, as a general matter criminal background or credit histories must not be used as disqualifications to employment). In addition, social justice and criminal rehabilitation concerns have resulted in legal limits on the use of some background information. The continued proliferation of these limitations could reduce the scope and value of our services.
In addition, access to and use of consumer data are the subjects of intense public scrutiny and as a result subject to significant legislation and regulatory restrictions in jurisdictions around the world. Privacy and social justice considerations may result in reduced or lost access to information we need, which could reduce the utility and value of our services.
Technological changes in how personal data is managed could have the same effect. For example, the convergence of privacy concerns and new technologies such as blockchain and the increased mobility of data has led to emergence of technologies that allow consumers to manage their own background data and provide their own background reports directly to employers. While such developments present us with opportunities, such as acting as a validator of consumers’ self-managed background reporting, these kinds of market evolutions will require us to innovate aggressively to maintain our market position and relevance to our customers.
We operate in an intensely competitive market and we may not be able to develop and maintain competitive advantages necessary to support our growth and profitability.
We face significant competition in our industry. Although we believe we are the largest participant in the market for background reporting and related services, our market share is relatively small due to the large number of competitors in the industry. We compete with companies close to our size that have capabilities similar to ours and could surpass us in capabilities and scale through their own organic growth or strategic acquisitions, as well as many smaller companies that may gain competitive advantages by focusing on particular geographies, market sectors, or discrete services. Barriers to entry are low in our business and, in general, all competitors have access to the same core sources of information that form the basis of background reports. Therefore, we must compete based upon our effectiveness at gathering and using that information more effectively than others to produce value-added insights, as well as our speed, accuracy and ability to service a large customer base at scale and across diverse geographies and industries. This requires us to develop and maintain broad expertise, innovate new service offerings, and use technology effectively to improve our processes. If we are not able to outpace our competitors or keep up with their technological advances, we may lose a significant amount of business to those competitors.
Some of our competitors may have already developed, or may soon develop, a lower cost structure, more aggressive pricing, or better services than we offer or develop. Large and well-capitalized competitors may emerge, particularly through industry consolidation, that may be able to innovate faster, compete for talent more effectively, and price their services more aggressively than we can. Price reductions by our competitors could negatively affect our revenue and operating margins and results of operations and could also harm our ability to obtain new customers on favorable terms.
Many customers stage regular request for proposal processes as a matter of procurement policy, which enables competitors to bid aggressively to try to capture their business. This puts pressure on our margins if we are not able to compete effectively without reducing our pricing.
Growth will require us to improve our operating capabilities.
Our growth has resulted in significant increases in the number of transactions and the amount of customer, applicant and employee data that our infrastructure supports, straining our resources and adding to the complexity of our organizational structure and procedures. Our success depends, in part, on our ability to improve our organizational effectiveness, including our operational, financial and management controls and our operating and reporting systems and procedures. The failure to effectively manage growth could result in declines in the quality of, or customer satisfaction with, our services, increases in costs or other operational difficulties.
Our business is vulnerable to economic downturns and seasonality.
Demand for our services is highly correlated to general levels of economic activity and the job market. Our customers are sensitive to changes in general economic conditions, the availability of affordable credit and capital, the level and volatility of interest rates, inflation and consumer confidence, in all of the markets in which we operate worldwide. When economic and market conditions turn adverse, our customers can be expected to curtail hiring, which presents considerable risks to our business and revenue.
Different customer segments have seasonal hiring needs that affect our order volumes. Depending upon business mix and market dynamics, our revenue may reflect underlying customer seasonality. Historically, we have experienced seasonal peaks during the first half of the year and during the peak hiring periods in the summer and over the winter holidays, but there can be no assurances that such seasonal trends will consistently repeat each year. Although we have not experienced seasonality to date in 2021, and we believe the micro and macro-economic changes in the traditional workforce landscape caused by the COVID-19 pandemic have shown that traditional seasonality or periodic fluctuation may be changing, it is becoming more difficult to predict these trends and they remain outside of our control. Any seasonality we experience might affect our operating results and financial condition and may cause projections based on previous operating results not to be a reliable measure of future operating results or our financial condition.
If we do not introduce successful new products, services and analytical capabilities in a timely manner, or if the market does not adopt our new services, our competitiveness and operating results will suffer.
Our industry has historically been impacted by technological changes and changing industry standards. Without the timely introduction of new services and enhancements, our services may become technologically or commercially obsolete over time, in which case our revenue and operating results would suffer. The success of our new services will depend on several factors, including our ability to properly identify customer needs; innovate and develop new technologies, services and applications; successfully commercialize new services in a timely manner; produce and deliver our services in sufficient volumes on time; differentiate our services from competitor services; price our services competitively; and anticipate our competitors’ development of new services or technological innovations. Our resources have to be committed to any new services before knowing whether the market will adopt the new offerings.
Inflation may reduce our profitability.
Recent growth in inflation that has accompanied the COVID-19 recovery is increasing our operating costs. Among other things, competition for labor is becoming more acute and we expect our labor costs to increase as a result. We may not be able to raise our pricing sufficiently to offset our increased costs. Some of our customer agreements fix the prices we may charge for some period of time and/or limit permissible price increases. Even if we are contractually permitted to increase prices, doing so could cause some customers to reduce their business with us in favor of lower-cost alternatives. Some competitors may have different business models or lower costs than we do, enabling them to absorb inflation and compete aggressively with less adverse effect to their profitability.
Risks Related to Our Indebtedness and Finances
Our existing indebtedness and other future payment obligations could adversely affect our business and growth prospects.
As of June 30, 2021, we had an aggregate of $1.0 billion in principal amount outstanding under our First Lien Credit Agreement, dated July 12, 2018 (the “First Lien Credit Agreement”) and our Second Lien Credit Agreement, dated July 12, 2018 (the “Second Lien Credit Agreement” and, together with the First Lien Credit Agreement, the “Credit Agreements”). We expect to use a portion of the proceeds of this offering to repay in full the Second Lien Credit Agreement and a portion of the First Lien Credit Agreement. Pro forma for the completion of this offering and the use of proceeds thereof, as of June 30, 2021 we would have had an aggregate of $626.3 million (including current portion of $8.4 million) in principal outstanding under the First Lien Credit Agreements. In addition, we estimate our total obligations under the TRA to be approximately $209.9 million.
Our indebtedness, any additional indebtedness we may incur or other obligations, including the TRA, could require us to divert funds identified for other purposes for debt service and to satisfy these obligations and impair our liquidity position. If we cannot generate sufficient cash flow from operations to service our debt and other obligations , we may need to refinance our debt, dispose of assets or issue equity to obtain necessary funds. We do not know whether we will be able to take any of these actions on a timely basis, on terms satisfactory to us or at all.
Our indebtedness and other obligations and the cash flow needed to satisfy our debt have important consequences, including:
•limiting funds otherwise available for financing our capital expenditures by requiring us to dedicate a portion of our cash flows from operations to the repayment of debt and other obligations and any interest payments;
•making us more vulnerable to rising interest rates; and
•making us more vulnerable in the event of a downturn in our business.
Our level of indebtedness may place us at a competitive disadvantage to our competitors that are not as highly leveraged. Fluctuations in interest rates can increase borrowing costs. Increases in interest rates may directly impact the amount of interest we are required to pay and reduce earnings accordingly. In addition, developments in tax policy, such as the disallowance of tax deductions for interest paid on outstanding indebtedness, could have an adverse effect on our liquidity and our business, financial conditions and results of operations.
We expect to use cash flow from operations to meet current and future financial obligations, including funding our operations, debt service requirements and other obligations and capital expenditures. The ability to make these payments depends on our financial and operating performance, which is subject to prevailing economic, industry and competitive conditions and to certain financial, business, economic and other factors beyond our control.
The terms and conditions of the Credit Agreements restrict our current and future operations, particularly our ability to respond to changes or to take certain actions.
The Credit Agreements contain a number of restrictive covenants that impose significant operating and financial restrictions on us and may limit our ability to engage in acts that may be in our long-term best interests, including restrictions on our ability to:
•incur additional indebtedness or other contingent obligations;
•make investments, acquisitions, loans and advances;
•consolidate, merge, liquidate or dissolve;
•sell, transfer or otherwise dispose of our assets;
•pay dividends on our equity interests or make other payments in respect of capital stock; and
•materially alter the business we conduct.
Our first lien credit agreement includes a financial maintenance covenant for the benefit of the revolving lenders thereunder, which requires us to maintain a maximum first lien leverage ratio as of the last day of any fiscal quarter on which greater than 35% of the revolving commitments are drawn (excluding for this purpose up to $15.0 million of undrawn letters of credit). Our ability to satisfy this covenant can be affected by events beyond our control. As of June 30, 2021, we were in compliance with this financial covenant.
A breach of the covenants or restrictions under the Credit Agreements could result in an event of default under such documents. Such a default may allow the creditors to accelerate the related debt. In the event the holders of our indebtedness accelerate the repayment of that indebtedness, we may not have sufficient assets to repay that indebtedness or be able to borrow sufficient funds to refinance it. Even if we are able to obtain new financing, it may not be on commercially reasonable terms or on terms acceptable to us. As a result of these restrictions, we may be:
•limited in how we conduct our business;
•unable to raise additional debt or equity financing to operate during general economic or business downturns; or
•unable to compete effectively or to take advantage of new business opportunities.
These restrictions, along with restrictions that may be contained in agreements evidencing or governing other future indebtedness, may limit our ability to grow.
We may not be able to generate sufficient cash flow to service all of our indebtedness, and may be forced to take other actions to satisfy our obligations under such indebtedness, including refinancing such indebtedness, which may not be successful.
Our ability to make scheduled payments or to refinance outstanding debt obligations depends on our financial and operating performance, which will be affected by prevailing economic, industry and competitive conditions and by financial, business and other factors beyond our control. We may not be able to maintain a sufficient level of cash flow from operating activities to permit us to pay the principal, premium, if any, and interest on our indebtedness. Any failure to make payments of interest and principal on our outstanding indebtedness on a timely basis would likely result in penalties or defaults, which would also harm our ability to incur additional indebtedness.
If our cash flows and capital resources are insufficient to fund our debt service obligations, we may be forced to reduce or delay capital expenditures, sell assets, seek additional capital, or seek to restructure or refinance our indebtedness. Any refinancing of our indebtedness could be at higher interest rates and may require us to comply with more onerous covenants. These alternative measures may not be successful and may not permit us to meet our scheduled debt service obligations. In the absence of such cash flows and resources, we could face substantial liquidity problems and might be required to sell material assets or operations to attempt to meet our debt service obligations. If we cannot meet our debt service obligations, the holders of our indebtedness may accelerate such indebtedness and, to the extent such indebtedness is secured, foreclose on our assets. In such an event, we may not have sufficient assets to repay all of our indebtedness.
We may need to refinance all or a portion of our indebtedness before maturity. We cannot assure you that we will be able to refinance any of our indebtedness on commercially reasonable terms or at all. We may not be able to obtain sufficient funds to enable us to repay or refinance our debt obligations on commercially reasonable terms, or at all.
We may require additional capital to support our business, and such capital might not be available on terms acceptable to us, if at all. Inability to obtain financing could limit our ability to conduct necessary operating activities and make strategic investments.
Various business challenges and opportunities may require additional funds, including the need to respond to competitive threats or market evolution by developing new services and improving our operating infrastructure through additional hiring or acquisition of complementary businesses or technologies, or both. In addition, we could incur significant expenses or shortfalls in anticipated cash generated as a result of unanticipated events in our business or competitive, regulatory, or other changes in our market, or longer payment cycles required or imposed by our customers.
Our available cash and cash equivalents, any cash we may generate from operations, and our available line of credit under the Credit Agreements may not be adequate to meet our capital needs, and therefore we may need to engage in equity or debt financings to secure additional funds. We may not be able to obtain additional financing on terms favorable to us, if at all. If we are unable to obtain adequate financing on terms satisfactory to us when we require it, our ability to continue to support our business growth and respond to business challenges could be significantly impaired, and our business may be adversely affected.
If we do raise additional funds through future issuances of equity or convertible debt securities, our existing stockholders could suffer significant dilution and any new equity securities we issue could have rights, preferences and privileges superior to those of holders of our common stock. Any debt financing that we secure in the future could involve restrictive covenants relating to our capital raising activities and other financial and operational matters. This may make it more difficult for us to obtain additional capital and to pursue business opportunities, including potential acquisitions. In addition, if we issue debt, the holders of that debt would have prior claims on the Company’s assets, and in case of insolvency, the claims of creditors would be satisfied before distribution of value to equity holders, which would result in significant reduction or total loss of the value of our equity.
Risks Related to Our International Business Strategy
Our international operations require increased expenditures and impose additional risks and compliance imperatives, and failure to successfully execute our international plans will adversely affect our growth and operating results.
We serve customers around the world and have operations in Europe, Asia (including India, Japan and Singapore), Australia, Canada, and Mexico. We plan to continue to expand internationally. Achieving our international objectives will require a significant amount of attention from our management, finance, legal, operations, compliance, sales, and engineering teams, as well as significant investment in developing the technology infrastructure necessary to deliver our services and maintain sales, delivery, support, and administrative capabilities in the countries where we operate. Attracting new customers outside the United States may require more time and expense than in the United States, in part due to language barriers and the need to educate such customers about our services, and we may not be successful in establishing and maintaining these relationships. The data center and telecommunications infrastructure in some overseas markets may not be as reliable as in North America and Europe, which could disrupt our operations. In addition, our international operations will require us to develop and administer our internal controls and legal and compliance practices in countries with different cultural norms, languages, currencies, legal requirements, and business practices than the United States. Expanding internationally and building our overseas operations requires a significant amount of management and other employees’ time and focus as well as significant resources, which may divert attention and resources from operating activities and growing our business.
International operations impose their own risks and challenges, in addition to those faced in the United States, including management of a distributed workforce; the need to adapt our offering to satisfy local requirements and standards (including differing privacy policies and labor laws that are sometimes more stringent); laws and business practices that may favor local competitors; legal requirements or business expectations that agreements be drafted and negotiated in the local language and disputes be resolved in local courts according to local laws; the need to enable transactions in local currencies; longer accounts receivable payment cycles and other collection difficulties;
the effect of global and regional recessions and economic and political instability; potentially adverse tax consequences in the United States and abroad; staffing challenges, including difficulty in recruiting and retaining qualified personnel as well as managing such a diversity in personnel; reduced or ineffective protection of our intellectual property rights in some countries; and costs and restrictions affecting the repatriation of funds to the United States.
One or more of these requirements and risks may make our international operations more difficult and expensive or less successful than we expect, and may preclude us from operating in some markets. There is no assurance that our international expansion efforts will be successful, and we may not generate sufficient revenue or margins from our international business to cover our expenses or contribute to our growth.
Operating in multiple countries requires us to comply with different legal and regulatory requirements.
Our international operations subject us to laws and regulations of multiple jurisdictions, as well as U.S. laws governing international operations, which are often evolving and sometimes conflict. For example, the Foreign Corrupt Practices Act (the “FCPA”) and comparable foreign laws and regulations (including the UK Bribery Act) prohibit improper payments or offers of payments to foreign governments and their officials and political parties by U.S. and other business entities for the purpose of obtaining or retaining business. Other laws and regulations prohibit bribery of private parties and other forms of corruption. As we expand our international operations, there is some risk of unauthorized payment or offers of payment or other inappropriate conduct by one of our employees, consultants, agents, or other contractors, including by persons engaged or employed by a business we acquire, which could result in violation by us of various laws, including the FCPA. Safeguards we implement to discourage these practices may prove to be ineffective and violations of the FCPA and other laws may result in severe criminal or civil sanctions, or other liabilities or proceedings against us, including class action lawsuits and enforcement actions from the Securities and Exchange Commission (the “SEC”), Department of Justice, and foreign regulators. Other laws applicable to our international business include local employment, tax, privacy, data security, and intellectual property protection laws and regulations, including restrictions on movement of information about individuals beyond national borders. In some cases, customers operating in non-U.S. markets may impose additional requirements on our non-U.S. business in efforts to comply with their interpretation of their own or our legal obligations. Finally, these laws may overlap in specific cases; this problem is compounded by the fact that many of these laws (especially in the U.S.) do not explicitly state the basis of any extra-territorial application.
These compliance requirements may differ significantly from the requirements applicable to our business in the United States and may require engineering, infrastructure and other costly resources to accommodate, and may result in decreased operational efficiencies and performance. As these laws continue to evolve and we expand to more jurisdictions or acquire new businesses, compliance will become more complex and expensive, and the risk of non-compliance will increase.
Compliance with complex foreign and U.S. laws and regulations that apply to our international operations increases our cost of doing business abroad, and violation of these laws or regulations may interfere with our ability to offer our services competitively in one or more countries, expose us or our employees to fines and penalties, and result in the limitation or prohibition of our conduct of business.
We are subject to governmental export and import controls that could subject us to liability or impair our ability to compete in international markets.
Our operations are subject to U.S. export controls, specifically the Export Administration Regulations and economic sanctions enforced by the Office of Foreign Assets Control. These regulations limit and control export of encryption technology. Furthermore, U.S. export control laws and economic sanctions prohibit the shipment of certain products and services to countries, governments, and persons targeted by U.S. sanctions. We incorporate encryption technology into the servers that operate our systems. As a result of locating some servers in data centers outside of the United States, we must comply with these export control laws.
In addition, various countries regulate the import of certain encryption technology and have enacted laws that could limit our ability to deploy our technology or our customers’ ability to use our services in those countries. Changes in our technology or changes in export and import regulations may delay introduction of our services or the
deployment of our technology in international markets, prevent our customers with international operations from using our services globally or, in some cases, prevent the export or import of our technology to certain countries, governments or persons altogether. Any change in export or import regulations, economic sanctions or related legislation, shift in the enforcement or scope of existing regulations, or change in the countries, governments, persons, or technologies targeted by such regulations, could result in decreased use of our services by, or in our decreased ability to export our technology to, international markets.
Fluctuations in the exchange rates of foreign currencies could result in currency transaction losses.
We currently have transactions denominated in various non-U.S. currencies, and may, in the future, have sales denominated in the currencies of additional countries. In addition, we incur a portion of our expenses in non-U.S. currencies, and to the extent we need to convert currency to pay expenses, we are exposed to potentially unfavorable changes in exchange rates and added transaction costs. We expect international transactions to become an increasingly important part of our business, and such transactions may be subject to unexpected regulatory requirements and other barriers. Any fluctuation in relevant currency exchange rates may negatively impact our business, financial condition and results of operations. We have not previously engaged in foreign currency hedging, and any effort to hedge our foreign currency exposure may not be effective due to lack of experience, unreasonable costs or illiquid markets. In addition, hedging may not protect against all foreign currency fluctuations and can result in losses.
Risks Related to Our Common Stock and this Offering
The Principal Stockholders control us, and their interests may conflict with ours or yours in the future.
Immediately following this offering, the Principal Stockholders will beneficially own approximately 58.2% of our common stock, or 55.9% if the underwriters exercise in full their option to purchase additional shares, which means that, based on their combined percentage voting power held after the offering, the Principal Stockholders together will control the vote of all matters submitted to a vote of our stockholders, which will enable them to control the election of the members of the Board and all other corporate decisions. Therefore, we will be permitted to elect not to comply with certain corporate governance requirements, including (1) those that would otherwise require our Board to have a majority of “independent directors” as such term is defined by applicable stock exchange rules, (2) those that would require that we establish a compensation committee composed entirely of “independent directors” and with a written charter addressing the committee's purpose and responsibilities and (3) those that would require we have a nominating and governance committee comprised entirely of “independent directors” with a written charter addressing the committee's purpose and responsibilities, or otherwise ensure that the nominees for directors are determined or recommended to our Board by the independent members of our Board pursuant to a formal resolution addressing the nominations process and such related matters as may be required under the federal securities laws. Even when the Principal Stockholders cease to own shares of our stock representing a majority of the total voting power, for so long as the Principal Stockholders continue to own a significant percentage of our stock, the Principal Stockholders will still be able to significantly influence the composition of our Board and the approval of actions requiring stockholder approval. Accordingly, for such period of time, the Principal Stockholders will have significant influence with respect to our management, business plans and policies, including the appointment and removal of our officers, decisions on whether to raise future capital and amending our charter and bylaws, which govern the rights attached to our common stock. In particular, for so long as the Principal Stockholders continue to own a significant percentage of our stock, the Principal Stockholders will be able to cause or prevent a change of control of us or a change in the composition of our Board and could preclude any unsolicited acquisition of us. The concentration of ownership could deprive you of an opportunity to receive a premium for your shares of common stock as part of a sale of us and ultimately might affect the market price of our common stock. Although we do not currently intend to rely on these exceptions, in the future, while we are still a controlled company, we may elect not to comply with certain of these corporate governance rules.
In addition, in connection with this offering, we will enter into a Stockholders Agreement with the Principal Stockholders that provides (x) the investment funds managed by General Atlantic the right to designate: (i) a majority of the nominees for election to our Board for so long as such funds beneficially own over 40% of our common stock then outstanding; (ii) three of the nominees for election to our Board for so long as such funds
beneficially own less than or equal to 40% but at least 30% of our common stock then outstanding; (iii) two of the nominees for election to our Board for so long as such funds beneficially own less than or equal to 30% but at least 20% of our common stock then outstanding; and (iv) one of the nominees for election to our Board for so long as such funds beneficially own less than or equal to 20% but at least 10% of our common stock then outstanding and (y) the investment funds managed by Stone Point the right to designate (i) two of the nominees for election to our Board for so long as such investment funds and their affiliates beneficially own at least 20% of our common stock then outstanding; and (ii) one of the nominees for election to our Board for so long as such investment funds and their affiliates beneficially own less than or equal to 20% but at least 10% of our common stock then outstanding. The Principal Stockholders may also assign such rights to their affiliates. See “Certain Relationships and Related Party Transactions—Stockholders Agreement” for more details with respect to the Stockholders Agreement.
Each of the Principal Stockholders and their affiliates engage in a broad spectrum of activities, including investments in the human resources and technology industries generally. In the ordinary course of their business activities, each of the Principal Stockholders and their affiliates may engage in activities where their interests conflict with our interests or those of our other stockholders, such as investing in or advising businesses that directly or indirectly compete with certain portions of our business or are suppliers or customers of ours. Our certificate of incorporation to be effective in connection with the closing of this offering will provide that none of the Principal Stockholders, any of their affiliates or any director who is not employed by us (including any non-employee director who serves as one of our officers in both his director and officer capacities) or its affiliates will have any duty to refrain from engaging, directly or indirectly, in the same business activities or similar business activities or lines of business in which we operate.
The Principal Stockholders also may pursue acquisition opportunities that may be complementary to our business and, as a result, those acquisition opportunities may not be available to us. In addition, the Principal Stockholders may have an interest in pursuing acquisitions, divestitures and other transactions that, in its judgment, could enhance its investment in our common stock, even though such transactions might involve risks to you.
We are an “emerging growth company,” and we expect to elect to comply with reduced public company reporting requirements, which could make our common stock less attractive to investors.
We are an “emerging growth company,” as defined in the JOBS Act. For as long as we continue to be an emerging growth company, we are eligible for certain exemptions from various public company reporting requirements. These exemptions include, but are not limited to, (i) not being required to comply with the auditor attestation requirements of Section 404 of the Sarbanes-Oxley Act, (ii) reduced disclosure obligations regarding executive compensation in our periodic reports, proxy statements and registration statements, (iii) exemptions from the requirements of holding a nonbinding advisory vote on executive compensation and stockholder approval of any golden parachute payments not previously approved, (iv) not being required to provide audited financial statements for the year ended December 31, 2018, and (v) an extended transition period to comply with new or revised accounting standards applicable to public companies. We could be an emerging growth company for up to five years after the first sale of our common stock pursuant to an effective registration statement under the Securities Act of 1933, as amended (the “Securities Act”), which fifth anniversary will occur in 2026. If, however, certain events occur prior to the end of such five-year period, including if we become a “large accelerated filer,” our annual gross revenue exceeds $1.07 billion, or we issue more than $1.0 billion of non-convertible debt in any three-year period, we would cease to be an emerging growth company prior to the end of such five-year period. We have made certain elections with regard to the reduced disclosure obligations regarding executive compensation in this prospectus and may elect to take advantage of other reduced disclosure obligations in future filings. In addition, we will choose to take advantage of the extended transition period to comply with new or revised accounting standards applicable to public companies. As a result, we might provide less information to holders of our common stock than you might receive from other public reporting companies in which you hold equity interests. We cannot predict if investors will find our common stock less attractive as a result of reliance on these exemptions. If some investors find our common stock less attractive as a result of any choice we make to reduce disclosure, there may be a less active trading market for our common stock and the market price for our common stock may be more volatile.
The requirements of being a public company may strain our resources, which could make it difficult to manage our business, particularly after we are no longer an “emerging growth company.”
As a public company, we will incur legal, accounting and other expenses that we did not previously incur. We will become subject to the reporting requirements of the Securities Exchange Act of 1934, as amended (the “Exchange Act”) and the Sarbanes-Oxley Act, the listing requirements of the New York Stock Exchange, and other applicable securities rules and regulations. Compliance with these rules and regulations will increase our legal and financial compliance costs, make some activities more difficult, time-consuming or costly and increase demand on our systems and resources, particularly after we are no longer an “emerging growth company.” The Exchange Act requires that we file annual, quarterly and current reports with respect to our business, financial condition and results of operations. The Sarbanes-Oxley Act requires, among other things, that we establish and maintain internal control over financial reporting and disclosure controls and procedures, as discussed elsewhere in these Risk Factors. Furthermore, the need to establish the corporate infrastructure demanded of a public company may divert our management’s attention from implementing our growth strategy, which could prevent us from improving our business, financial condition and results of operations. We have made, and will continue to make, changes to our internal control over financial reporting and accounting systems to meet our reporting obligations as a public company. However, the measures we take may not be sufficient to satisfy our obligations as a public company. In addition, these rules and regulations will increase our legal and financial compliance costs and will make some activities more time-consuming and costly. For example, we expect these rules and regulations to make it more difficult and more expensive for us to obtain director and officer liability insurance, and we may be required to incur substantial costs to maintain the same or similar coverage. These additional obligations could have a material adverse effect on our business, financial condition and results of operations.
In addition, changing laws, regulations and standards relating to corporate governance and public disclosure are creating uncertainty for public companies, increasing legal and financial compliance costs and making some activities more time consuming. These laws, regulations and standards are subject to varying interpretations, in many cases due to their lack of specificity and, as a result, their application in practice may evolve over time as new guidance is provided by regulatory and governing bodies. This could result in continuing uncertainty regarding compliance matters and higher costs necessitated by ongoing revisions to disclosure and governance practices. We intend to invest resources to comply with evolving laws, regulations and standards, and this investment may result in increased general and administrative expenses and a diversion of our management’s time and attention from revenue-generating activities to compliance activities. If our efforts to comply with new laws, regulations and standards differ from the activities intended by regulatory or governing bodies due to ambiguities related to their application and practice, regulatory authorities may initiate legal proceedings against us and there could be a material adverse effect on our business, financial condition and results of operations.
Failure to maintain effective internal control over financial reporting could cause our investors to lose confidence in us and adversely affect the market price of our common stock. If our internal control over financial reporting is not effective, we may not be able to accurately report our financial results or prevent fraud.
As a result of becoming a public company, we will be obligated to develop and maintain adequate internal control over financial reporting in order to comply with Section 404 of the Sarbanes-Oxley Act. We may not complete our analysis of our internal control over financial reporting in a timely manner, or these internal controls may not be determined to be effective, which may adversely affect investor confidence in us and, as a result, the value of our common stock.
We may be unable to implement and maintain effective design or operation of our controls, and all internal control systems, no matter how well designed and operated, can provide only reasonable assurance that the objectives of the control system are met. Because there are inherent limitations in all control systems, there can be no absolute assurance that all control issues have been or will be detected. Completion of remediation of any control issues does not provide assurance that our remediated controls will continue to operate properly or that our financial statements will be free from error. There may be undetected material weaknesses in our internal control over financial reporting, as a result of which we may not detect financial statement errors on a timely basis. Moreover, in the future we may implement new offerings and engage in business transactions, such as acquisitions,
reorganizations, or implementation of new information systems that could require us to develop and implement new controls and could negatively affect our internal control over financial reporting and result in material weaknesses.
As a public company following this initial public offering, we will be required by Section 404 of the Sarbanes-Oxley Act to furnish a report by management on, among other things, the effectiveness of our internal control over financial reporting in our second annual report following the completion of this offering. The process of designing and implementing internal control over financial reporting required to comply with this requirement will be time-consuming, costly and complicated. If during the evaluation and testing process we identify one or more material weaknesses in our internal control over financial reporting, our management may be unable to assert that our internal control over financial reporting is effective. In addition, if we fail to achieve and maintain the adequacy of our internal controls, as such controls are modified, supplemented or amended from time to time, we may not be able to ensure that we can conclude on an ongoing basis that we have effective internal control over financial reporting.
However, our independent registered public accounting firm will not be required to attest formally to the effectiveness of our internal control over financial reporting pursuant to Section 404 of the Sarbanes-Oxley Act until the later of the filing of our second annual report following the completion of this offering or the date we are no longer an “emerging growth company,” as defined in the JOBS Act.
We cannot be certain as to the timing of completion of our evaluation, testing and any remediation actions or the impact of the same on our operations. If we identify new material weaknesses in our internal control over financial reporting, if we are unable to comply with the requirements of Section 404 in a timely manner, or, once required, if our independent registered public accounting firm is unable to express an opinion as to the effectiveness of our internal control over financial reporting or issues an adverse opinion, we may be subject to sanctions or investigation by regulatory authorities, such as the SEC, we may be unable, or be perceived as unable, to produce timely and reliable financial reports, investors may lose confidence in the accuracy and completeness of our financial reports, and the market price of our common stock could be negatively affected. As a result of such failures, we could also become subject to investigations by the stock exchange on which our securities are listed, the SEC, or other regulatory authorities, and become subject to litigation from investors and stockholders, which could harm our reputation, financial condition, or divert financial and management resources from our core business. In addition, we may be required to incur costs in improving our internal control system and the hiring of additional personnel.
We have identified material weaknesses in our internal control over financial reporting and may identify additional material weaknesses in the future or otherwise fail to maintain effective internal control over financial reporting, which may result in material misstatements of our consolidated financial statements or cause us to fail to meet our periodic reporting obligations.
In preparing our financial statements, management of the Company identified material weaknesses in our internal control over financial reporting as of December 31, 2020. A material weakness is a deficiency, or a combination of deficiencies, in internal control over financial reporting such that there is a reasonable possibility that a material misstatement of our annual or interim financial statements will not be prevented or detected on a timely basis. The material weaknesses we identified were as follows:
•We did not design and maintain an effective control environment commensurate with our financial reporting requirements. Specifically, we lacked a sufficient number of professionals with an appropriate level of accounting knowledge, training and experience to appropriately analyze, record and disclose accounting matters timely and accurately. This material weakness further contributed to the material weaknesses described below.
•We did not design and maintain sufficient formal accounting policies, procedures and controls to achieve complete, accurate and timely financial accounting, reporting and disclosures, including controls over the preparation and review of journal entries and account reconciliations. Additionally, the Company did not design and maintain sufficient controls to assess the reliability of reports and spreadsheets used in controls.
These material weaknesses did not result in a material misstatement to the consolidated financial statements included herein, however, they did result in adjustments to substantially all accounts and disclosures. Additionally, these material weaknesses could result in a misstatement of substantially all of the financial statement accounts and
disclosures that would result in a material misstatement to the annual or interim consolidated financial statements that would not be prevented or detected.
•We did not design and maintain effective controls over certain information technology (“IT”) general controls for information systems that are relevant to the preparation of the financial statements. Specifically, we did not design and maintain: (i) program change management controls for certain financial systems to ensure that information technology program and data changes affecting financial IT applications and underlying accounting records are identified, tested, authorized and implemented appropriately, (ii) user access controls to ensure appropriate segregation of duties and that adequately restrict user and privileged access to financial applications, programs, and data to appropriate Company personnel and (iii) computer operations controls to ensure that data backups are authorized and monitored. These IT deficiencies did not result in a material misstatement to the financial statements, however, the deficiencies, when aggregated, could impact maintaining effective segregation of duties, as well as the effectiveness of IT-dependent controls (such as automated controls that address the risk of material misstatement to one or more assertions, along with the IT controls and underlying data that support the effectiveness of system-generated data and reports) that could result in misstatements potentially impacting all financial statement accounts and disclosures that would not be prevented or detected. Accordingly, management has determined these deficiencies in the aggregate constitute a material weakness.
We have implemented or are in the process of implementing measures designed to improve our internal control over financial reporting and remediate the control deficiencies that led to the material weaknesses. Specifically, we have undertaken the following remedial actions:
•We have hired several additional accounting and finance personnel with the appropriate level of public accounting knowledge and experience.
•We have engaged a nationally recognized public accounting firm to assist us in creating comprehensive process narratives and Company policies and procedures.
•Our Internal Audit team, along with a third party consultant, are assisting us to evaluate our current internal control over financial reporting (ICFRs) and make recommendations for findings noted. We have been enhancing our controls and documentation support as issues are identified.
•We are in the process of implementing several new systems that should assist us to process transactions more efficiently and effectively, ensuring better control and documentation support.
•We are working with our information security and technology and accounting systems teams to develop enhanced procedures around user provisioning and maintenance to ensure access is restricted to appropriate personnel.
Provisions of our corporate governance documents could make an acquisition of us more difficult and may prevent attempts by our stockholders to replace or remove our current management, even if beneficial to our stockholders.
In addition to the Principal Stockholders’ beneficial ownership of a combined 58.2% of our common stock after this offering (or 55.9% if the underwriters exercise in full their option to purchase additional shares), our certificate of incorporation and bylaws to be effective in connection with the closing of this offering and the Delaware General Corporation Law (the “DGCL”), contain provisions that could make it more difficult for a third party to acquire us, even if doing so might be beneficial to our stockholders. Among other things, these provisions:
•allow us to authorize the issuance of undesignated preferred stock, the terms of which may be established and the shares of which may be issued without stockholder approval, and which may include supermajority voting, special approval, dividend, or other rights or preferences superior to the rights of stockholders;
•provide for a classified board of directors with staggered three-year terms;
•prohibit stockholder action by written consent from and after the date on which the Principal Stockholders beneficially own, in the aggregate, less than 40% of the voting power of then outstanding shares of capital stock entitled to vote generally in the election of directors;
•provide that any amendment, alteration, rescission or repeal of our bylaws by our stockholders will require the affirmative vote of the holders of at least 66 2/3% in voting power of all the then-outstanding shares of our stock entitled to vote thereon, voting together as a single class; and
•establish advance notice requirements for nominations for elections to our Board or for proposing matters that can be acted upon by stockholders at stockholder meetings, except that if a Principal Stockholder beneficially owns, in the aggregate, at least 40% of the voting power of then outstanding shares of capital stock entitled to vote generally in the election of directors, they will be subject to a shorter advance notice period.
Our certificate of incorporation contains provisions that provide us with protections similar to Section 203 of the DGCL. These provisions will prevent us from engaging in a business combination with a person who acquires at least 15% of our common stock for a period of three years from the date when that person (excluding the Principal Stockholders, any of their direct or indirect transferees, and any group of which any of the foregoing are a part) acquired that common stock, unless Board or stockholder approval is obtained prior to the acquisition. See “Description of Capital Stock—Anti-Takeover Effects of Our Certificate of Incorporation and Our Bylaws.” These provisions could discourage, delay or prevent a transaction involving a change in control of our company. These provisions could also discourage proxy contests, make it more difficult for you and other stockholders to elect directors of your choosing and cause us to take other corporate actions you desire (including actions that you may deem advantageous), or negatively affect the trading price of our common stock. In addition, because our Board is responsible for appointing the members of our management team, these provisions could in turn affect any attempt by our stockholders to replace current members of our management team.
These and other provisions in our certificate of incorporation, bylaws and Delaware law could make it more difficult for stockholders or potential acquirers to obtain control of our Board or initiate actions that are opposed by our then-current Board, including by delaying or impeding a merger, tender offer or proxy contest involving our company. The existence of these provisions could negatively affect the price of our common stock and limit opportunities for you to realize value in a corporate transaction.
For information regarding these and other provisions, see “Description of Capital Stock.”
Our certificate of incorporation will provide that certain courts in the State of Delaware or the federal district courts of the United States for certain types of lawsuits will be the sole and exclusive forum for substantially all disputes between us and our stockholders, which could limit our stockholders’ ability to obtain a favorable judicial forum for disputes with us or our directors, officers or employees.
Our certificate of incorporation will provide that, unless we consent in writing to the selection of an alternative forum, the Court of Chancery of the State of Delaware is the sole and exclusive forum for (i) any derivative action or proceeding brought on our behalf, (ii) any action asserting a claim of breach of a fiduciary duty owed by any of our directors or officers to us or our stockholders, creditors, or other constituents (iii) any action asserting a claim arising pursuant to any provision of the DGCL or of our certificate of incorporation or our bylaws, or (iv) any action asserting a claim related to or involving the Company that is governed by the internal affairs doctrine. The exclusive forum provision provides that it will not apply to claims arising under the Securities Act, the Exchange Act or other federal securities laws for which there is exclusive federal or concurrent federal and state jurisdiction. Unless we consent in writing to the selection of an alternative forum, the federal district courts of the United States of America shall be the exclusive forum for the resolution of any complaint asserting a cause of action arising under the Securities Act.
Any person or entity purchasing or otherwise acquiring any interest in shares of our capital stock will be deemed to have notice of and, to the fullest extent permitted by law, to have consented to the provisions of our certificate of incorporation described above. Although we believe this exclusive forum provision benefits us by providing increased consistency in the application of Delaware law and federal securities laws in the types of
lawsuits to which each applies, the choice of forum provision may limit a stockholder’s ability to bring a claim in a judicial forum that it finds favorable for disputes with us or our directors, officers, other employees or stockholders, which may discourage such lawsuits against us and our directors, officers, other employees or stockholders. However, the enforceability of similar forum provisions in other companies’ certificates of incorporation has been challenged in legal proceedings. If a court were to find the exclusive choice of forum provision contained in our certificate of incorporation to be inapplicable or unenforceable in an action, we may incur additional costs associated with resolving such action in other jurisdictions, which could materially adversely affect our business, financial condition and results of operations.
We will be required to pay our existing owners or their transferees for certain tax benefits, which amounts are expected to be material.
We will enter into an income tax receivable agreement (the “TRA”) which will provide for the payment by us to existing equityholders or their permitted transferees of 85% of the benefits, if any, that we and our subsidiaries realize, or are deemed to realize (calculated using certain assumptions) in U.S. federal, state, and local income tax savings as a result of the utilization (or deemed utilization) of certain existing tax attributes. These include tax benefits arising as a result of: (i) all depreciation and amortization deductions, and any offset to taxable income and gain or increase to taxable loss, resulting from the tax basis that we have in our and our subsidiaries’ intangible assets as of this offering, and (ii) the utilization of our and our subsidiaries’ U.S. federal, state and local net operating losses and disallowed interest expense carryforwards, if any, attributable to periods prior to this offering (collectively, the “Pre-IPO Tax Benefits”). Actual tax benefits realized by us may differ from tax benefits calculated under the TRA as a result of the use of certain assumptions in the TRA, including assumptions relating to state and local income taxes, to calculate tax benefits.
These payment obligations are our obligations and not obligations of any of our subsidiaries. The actual utilization of the Pre-IPO Tax Benefits as well as the timing of any payments under the TRA will vary depending upon a number of factors, including the amount, character and timing of our and our subsidiaries’ taxable income in the future.
We have a significant existing tax basis in our assets as well as material net operating losses and disallowed interest expense carryforwards. We expect that the payments we make under the TRA will be material. Although estimating the amount and timing of payments that may become due under the TRA is by its nature imprecise, we expect, assuming no material changes in the relevant tax law, and that we and our subsidiaries earn sufficient income to realize the full Pre-IPO Tax Benefits subject to the TRA, that future payments under the TRA will aggregate to approximately $209.9 million, ranging from approximately $1.3 million and $34.4 million per year over the next 12 years. Based on our current taxable income estimates, we expect to repay the majority of this obligation by the end of our 2025 fiscal year. Payments in accordance with the terms of the TRA could have an adverse effect on our liquidity, financial condition and results of operations. Any future changes in the realizability of the Pre-IPO Tax Benefits will impact the amount of the liability under the TRA. The payments under the TRA are not conditioned upon our existing equityholders’ continued ownership of us.
Because we are a holding company with no operations of our own, our ability to make payments under the TRA is dependent on the ability of our subsidiaries to make distributions to us. Although the Credit Agreement generally restricts distributions from our subsidiaries to us, it contains provisions which allow certain distributions which we believe will be sufficient to cover our payment obligations under the TRA. However, we may choose to utilize certain permitted distribution flexibility contained in our Credit Agreement for other purposes, in which case our subsidiaries may be restricted from making distributions to us, which could affect our ability to make payments under the TRA. In addition, we may, in the future, refinance the Credit Agreement, incur additional debt obligations or enter into other financing transactions on terms that may not be as favorable as our current Credit Agreement. We currently expect to fund these payments from cash flow from operations generated by our subsidiaries. There can be no assurance that we will be able to fund or finance our obligations under the TRA. We may need to incur debt to finance payments under the TRA to the extent our cash resources are insufficient to meet our obligations under the TRA as a result of timing discrepancies or otherwise. To the extent we are unable to make payments under the agreement for any reason (including because our debt obligations restrict the ability of our subsidiaries to make distributions to us), under the terms of the TRA such payments will be deferred and accrue interest until paid. If we
are unable to make payments under the TRA for any reason, such payments may be deferred indefinitely while accruing interest at a per annum rate of LIBOR plus 100 basis points (in the case of the deferral of such payments as a result of restrictions imposed under our debt obligations) or LIBOR plus 500 basis points (in the case of the deferral) of such payments for any other reason. These deferred payments could negatively impact our results of operations and could also affect our liquidity in future periods in which such deferred payments are made.
If we did not enter into the TRA, we would be entitled to realize the full economic benefit of the Pre-IPO Tax Benefits. Stockholders purchasing shares in this offering will not be entitled, indirectly by holding such shares, to the economic benefit of the Pre-IPO Tax Benefits that would have been available if the TRA were not in effect (except to the extent of our continuing 15% interest in the Pre-IPO Tax Benefits).
For additional information related to the TRA, see “Certain Relationships and Related Party Transactions—Income Tax Receivable Agreement.”
We will not be reimbursed for any payments made to our existing owners (or their transferees or assignees) under the TRA in the event that any tax benefits are disallowed.
Payments under the TRA will be based on the tax reporting positions that we determine, and the Internal Revenue Service (the “IRS”), or another tax authority, may challenge all or part of our net operating losses, existing tax basis or other tax attributes or benefits we claim, as well as other related tax positions we take, and a court could sustain such challenge. Although we are not aware of any issue that would cause the IRS to challenge our net operating losses, existing tax basis or other tax attributes or benefits for which payments are made under the TRA, if the outcome of any such challenge would reasonably be expected to materially affect a recipient’s payments under the TRA, then we will not be permitted to settle that challenge without the consent (not to be unreasonably withheld or delayed) of our existing equityholders (or their transferees or assignees) that are party to the TRA. The interests of our existing equityholders (or their transferees or assignees) in any such challenge may differ from or conflict with our interests and the interests of our then-current stockholders, and our existing equityholders (or their transferees or assignees) may exercise their consent rights relating to any such challenge in a manner adverse to our interests and the interests of our then-current stockholders. We will not be reimbursed for any cash payments previously made to our existing equityholders (or their transferees or assignees) under the TRA in the event that any tax benefits initially claimed by us and for which payment has been made to our existing equityholders (or their transferees or assignees) are subsequently challenged by a taxing authority and are ultimately disallowed. Instead, any excess cash payments made by us to our existing equityholders (or their transferees or assignees) will be netted against any future cash payments that we might otherwise be required to make to our existing equityholders (or their transferees or assignees) under the terms of the TRA. However, we might not determine that we have effectively made an excess cash payment to our existing equityholders (or their transferees or assignees) for a number of years following the initial time of such payment and, if any of our tax reporting positions are challenged by a taxing authority, we will not be permitted to reduce any future cash payments under the TRA until any such challenge is finally settled or determined. Moreover, the excess cash payments we previously made under the TRA could be greater than the amount of future cash payments against which we would otherwise be permitted to net such excess. The applicable U.S. federal, state and local income tax rules for determining applicable tax benefits we may claim are complex and factual in nature, and there can be no assurance that the IRS, any other taxing authority or a court will not disagree with our tax reporting positions. As a result, payments could be made under the TRA significantly in excess of any tax savings that we realize in respect of the tax attributes that are the subject of the TRA.
In certain cases, payments under the TRA to our existing equityholders (or their transferees or assignees) may be accelerated or significantly exceed any actual benefits we realize in respect of the tax attributes subject to the TRA.
The TRA will provide that in the case of a certain mergers, asset sales and other transactions constituting a “change of control” under the TRA, the material breach of our obligations under the TRA, certain proceedings seeking liquidation, reorganization or other relief under bankruptcy, insolvency or similar law, or certain dispositions of assets not constituting a change of control, we will be required to make a payment to our existing equityholders (or their transferees or assignees) in an amount equal to the present value of future payments under the TRA (calculated based on certain assumptions, including those relating to our and our subsidiaries’ future taxable
income, using a discount rate equal to the lesser of (i) 650 basis points and (ii) LIBOR plus 100 basis points, which may differ from our, or a potential acquirer’s, then-current cost of capital). In these situations, our obligations under the TRA could have a substantial negative impact on our, or a potential acquirer’s, liquidity and could have the effect of delaying, deferring, modifying the terms or structure of, or preventing potential mergers, asset sales, other forms of business combinations or other change of control transactions. As a result, the obligation to make payments under the TRA, including the acceleration of our obligation to make payments in the event of a “change of control,” could make us a less attractive target for a future acquisition. In addition, we could be required to make payments under the TRA that are substantial and in excess of our, or a potential acquirer’s, actual cash savings in income tax.
These provisions of the TRA may also result in situations in which our existing equityholders (or their transferees or assignees) have interests that differ from or are in addition to those of our other stockholders. Similarly, decisions we make in the course of running our business, such as with respect to mergers, asset sales, other forms of business combinations or other changes in control, may influence the timing and amount of payments made under the TRA. For example, an earlier disposition of assets resulting in an accelerated use of existing basis or available net operating losses may accelerate payments under the TRA and increase the present value of such payments.
We may have exposure to greater than anticipated tax liabilities and may be affected by changes in tax laws or interpretations, any of which could adversely impact our results of operations.
We are subject to income taxes in the United States and various jurisdictions outside of the United States. Our effective tax rate could fluctuate due to changes in the mix of earnings and losses in countries with differing statutory tax rates. Our tax expense could also be impacted by changes in non-deductible expenses, changes in excess tax benefits of equity-based compensation, changes in the valuation of deferred tax assets and liabilities and our ability to utilize them, the applicability of withholding taxes, effects from acquisitions, and the evaluation of new information that results in a change to a tax position taken in a prior period. A successful assertion by a country, state, or other jurisdiction that we have an income tax filing obligation could result in substantial tax liabilities for prior tax years.
Our tax position could also be impacted by changes in accounting principles, changes in U.S. federal, state, or international tax laws applicable to corporate multinationals, other fundamental law changes currently being considered by many countries, including the United States, and changes in taxing jurisdictions’ administrative interpretations, decisions, policies, and positions. Any of the foregoing changes could have a material adverse impact on our results of operations, cash flows, and financial condition. For example, the Biden administration recently proposed to increase the U.S. corporate income tax rate from 21% to 28%, increase U.S. taxation of international business operations, and impose a global minimum tax. Any of these developments or changes in federal, state, or international tax laws or tax rulings could adversely affect our effective tax rate and our operating results.
Additionally, the Organization for Economic Co-Operation and Development has released guidance covering various topics, including transfer pricing, country-by-country reporting, and definitional changes to permanent establishment that could ultimately impact our tax liabilities as that guidance is implemented in various jurisdictions.
The multinational nature of our business can expose us to unexpected tax consequences, which may be adverse.
We are subject to income taxes as well as non-income-based taxes, such as payroll, sales, use, value-added, property, and goods and services taxes, in both the United States and various foreign jurisdictions. Our domestic and international tax liabilities are subject to various jurisdictional rules regarding the timing and allocation of revenue and expenses. Additionally, the amount of taxes paid is subject to our interpretation of applicable tax laws in the jurisdictions in which we file and to changes in tax laws. Significant judgment is required in determining our worldwide provision for income taxes and other tax liabilities.
Our future effective tax rate may be affected by such factors as changes in tax laws, regulations, or rates, changing interpretation of existing laws or regulations, the impact of accounting for equity-based compensation, the impact of accounting for business combinations, changes in our international organization, and changes in overall levels of income before tax. In addition, in the ordinary course of our global business, there are many intercompany
transactions and calculations where the ultimate tax determination is uncertain. Although we believe that our tax estimates are reasonable, we cannot ensure that the final determination of tax audits or tax disputes will not be different from what is reflected in our historical income tax provisions and accruals.
We may be subject to examinations of our tax returns by the IRS or other tax authorities. An adverse outcome of any such audit or examination by the IRS or other tax authority could have a material adverse effect on our results of operations, financial condition, and liquidity.
The U.S. and non-U.S. tax laws applicable to our business activities are complex and subject to interpretation. We are subject to audit by the IRS and by taxing authorities of the state, local, and foreign jurisdictions in which we operate. Taxing authorities may in the future challenge our tax positions and methodologies on various matters, which could expose us to additional taxes. Any adverse outcomes of such challenges to our tax positions could result in additional taxes for prior periods, interest, and penalties, as well as higher future taxes. In addition, our future tax expense could increase as a result of changes in tax laws, regulations, or accounting principles, or as a result of earning income in jurisdictions that have higher tax rates. An increase in our tax expense could have a negative effect on our financial position and results of operations. Moreover, determining our provision (benefit) for income taxes and other tax liabilities requires significant estimates and judgment by management, and the tax treatment of certain transactions is uncertain. Although we believe we will make reasonable estimates and judgments, the ultimate outcome of any particular issue may differ from the amounts previously recorded in our financial statements and any such occurrence could materially affect our financial position and results of operations.
We may be subject to state and local tax on certain of our services which could subject us to material liability and increase the cost our customers would have to pay for our services.
An increasing number of states and localities have considered or adopted laws that attempt to impose tax collection obligations on out-of-state companies providing services to customers in the relevant jurisdiction. States or local governments may adopt, or begin to enforce, laws requiring us to calculate, collect, and remit taxes on sales of services in their jurisdictions, or they may seek to recharacterize the services we provide in a manner that subjects such services to a higher rate, or different form, of tax. A change in tax laws in, or new administrative guidance issued by, such jurisdictions, or the successful assertion by one or more states or localities, in each case, with the effect that we are required to collect taxes where we presently do not do so, or to collect additional taxes in a jurisdiction in which we currently do collect some taxes, could result in substantial tax liability, including by imposing tax on historical sales, as well as penalties and interest. New or additional sales tax obligations could also create incremental administrative burdens for us, increase our costs of operation, put us at a competitive disadvantage to competitors who may not be subject to such laws, and decrease our future sales to the extent the ultimate burden of the tax is borne by our customers.
General Risk Factors
If you purchase shares of common stock in this offering, you will suffer immediate and substantial dilution of your investment.
The initial public offering price of our common stock is substantially higher than the net tangible book value per share of our common stock. Therefore, if you purchase shares of our common stock in this offering, you will pay a price per share that substantially exceeds our net tangible book value per share after this offering. You will experience immediate dilution of $29.03 per share, representing the difference between our pro forma net tangible book value per share after giving effect to this offering and the initial public offering price. In addition, purchasers of common stock in this offering will have contributed 45.8% of the aggregate price paid by all purchasers of our common stock but will own only approximately 28.0% of our common stock outstanding after this offering. See “Dilution” for more detail.
An active, liquid trading market for our common stock may not develop, which may constrain the market price of our common stock and limit your ability to sell your shares.
Prior to this offering, there was no public market for our common stock. Although we have applied to list our common stock on the New York Stock Exchange under the symbol “HRT,” an active trading market for our shares
may never develop or be sustained following this offering. The initial public offering price has been determined by negotiations between us, the selling stockholders and the underwriters and may not be indicative of market prices of our common stock that will prevail in the open market after the offering. A public trading market having the desirable characteristics of depth, liquidity and orderliness depends upon the existence of willing buyers and sellers at any given time, with that existence being dependent upon the individual decisions of buyers and sellers over which neither we nor any market maker has control. The failure of an active and liquid trading market to develop and continue would likely have a material adverse effect on the value of our common stock. The market price of our common stock may decline below the initial public offering price, and you may not be able to sell your shares of our common stock at or above the price you paid in this offering, or at all. An inactive market may also impair our ability to raise capital to continue to fund operations by issuing shares and may impair our ability to acquire other companies or technologies by using our shares as consideration.
Our operating results and stock price may be volatile, and the market price of our common stock after this offering may drop below the price you pay.
Our quarterly operating results are likely to fluctuate in the future. In addition, securities markets worldwide have experienced, and are likely to continue to experience, significant price and volume fluctuations. This market volatility, as well as general economic, market or political conditions, could subject the market price of our shares to wide price fluctuations regardless of our operating performance. Our operating results and the trading price of our shares may fluctuate in response to various factors, including:
•market conditions in our industry or the broader stock market;
•actual or anticipated fluctuations in our quarterly financial and operating results due to seasonality or other reasons;
•introduction of new services by us or our competitors;
•issuance of new or changed securities analysts’ reports or recommendations;
•sales, or anticipated sales, of large blocks of our stock;
•additions or departures of key personnel;
•regulatory or political developments;
•litigation and governmental investigations;
•changing economic conditions;
•investors’ perception of us;
•events beyond our control such as weather, war, and pandemic; and
•any default on our indebtedness.
These and other factors, many of which are beyond our control, may cause our operating results and the market price and demand for our shares to fluctuate substantially. Fluctuations in our quarterly operating results could limit or prevent investors from readily selling their shares and may otherwise negatively affect the market price and liquidity of our shares. In addition, in the past, when the market price of a stock has been volatile, holders of that stock have sometimes instituted securities class action litigation against the company that issued the stock. If any of our stockholders brought a lawsuit against us, we could incur substantial costs defending the lawsuit and be exposed to potentially significant damages. Such a lawsuit could also divert the time and attention of our management from our business, which could significantly harm our profitability and reputation.
A significant portion of our total outstanding shares are restricted from immediate resale but may be sold into the market in the near future. Future sales of substantial amounts of our common stock, or the possibility that such sales could occur, could adversely affect the market price of our common stock, even if our business is doing well.
After this offering, we will have 79,390,513 outstanding shares of common stock based on the number of shares outstanding as of September 30, 2021. This includes shares that we are selling in this offering, which may be resold in the public market immediately. Following the consummation of this offering, shares that are not being sold in this offering will be subject to a 180-day lock-up period provided under lock-up agreements executed in connection with this offering described in “Underwriting (Conflicts of Interest)” and restricted from immediate resale under the federal securities laws as described in “Shares Eligible for Future Sale.” All of these shares will, however, be able to be resold after the expiration of the lock-up period, as well as pursuant to customary exceptions thereto or upon the waiver of the lock-up agreement by the representatives on behalf of the underwriters. Approximately 58.2 percent of our outstanding stock will be owned by our Principal Stockholders, which can be expected to begin liquidating their investments through public market sales in the not-too-distant future.
Open trading windows under our Insider Trading Policy may concentrate insider sales at certain times, and shares we issue as consideration for acquisitions may be subject to lock-up arrangements that expire in large numbers on certain dates. This concentration of relatively heavy selling into certain periods or the perception that such concentration may occur can cause the trading price of our common stock to decline at those times. In addition, our common stock may be thinly traded because the range of investors willing to invest in our shares may be limited by our relatively small float, the fact that we are new to the public markets and we are not well known to many analysts, investors, and others who could influence demand for our shares, and the absence of other publicly traded companies that are directly comparable to us. Consequently, future public market sales of substantial amounts of our common stock, or the perception by the market that these sales could occur, could lower the market price of our common stock or make it difficult for us to raise additional capital.
Because we have no current plans to pay regular cash dividends on our common stock following this offering, you may not receive any return on investment unless you sell your common stock for a price greater than that which you paid for it.
We do not anticipate paying any regular cash dividends on our common stock following this offering. Any decision to declare and pay dividends in the future will be made at the discretion of our Board and will depend on, among other things, our results of operations, financial condition, cash requirements, contractual restrictions and other factors that our Board may deem relevant. In addition, our ability to pay dividends is, and will likely continue to be, limited by covenants of existing and any future outstanding indebtedness that we or our subsidiaries incur. Therefore, any return on investment in our common stock is solely dependent upon the appreciation of the price of our common stock on the open market, which may not occur. See “Dividend Policy” for more detail.
If securities or industry analysts do not publish research or reports about our business, if they adversely change their recommendations regarding our shares, or if our results of operations do not meet their expectations, our stock price and trading volume could decline.
The trading market for our shares will be influenced by the research and reports that industry or securities analysts publish about us and our business. We do not have any control over these analysts. If any of these analysts ceases coverage of us or fails to publish reports on us regularly, we could lose visibility in the financial markets, which in turn could cause our stock price or trading volume to decline. Moreover, any of the analysts who cover us downgrades our stock, or if our results of operations do not meet their expectations, our stock price could decline.
Our equity-based compensation and acquisition practices expose our stockholders to dilution.
We have relied and plan to continue to rely upon equity-based compensation, and consequently our outstanding unvested equity awards may represent substantial dilution to our stockholders. In addition, we may use our common stock as consideration for acquisitions of other companies, and we may use shares of our common stock or securities convertible into our common stock from time to time in connection with financings, acquisitions, investments, or other transactions. Any such issuance could result in substantial dilution to our existing stockholders and cause the trading price of our common stock to decline.
As of the completion of this offering, we will have 79,390,513 shares of common stock outstanding, excluding 603,400 shares underlying restricted stock units and options to purchase 1,590,286 shares of common stock under our Omnibus Incentive Plan (all of which are unvested) and excluding outstanding options to purchase an aggregate of 3,852,316 shares of our common stock previously granted under the EIP. All of these outstanding stock awards, together with an additional 5,745,365 shares of our common stock reserved for issuance under our Omnibus Incentive Plan and 1,587,810 shares of common stock reserved under the ESPP, and any increase in the shares available pursuant to the plans’ evergreen provisions, are registered for offer and sale on Form S-8 under the Securities Act of 1933. We also intend to register the offer and sale of all other shares of common stock that may be authorized under our current or future equity-based compensation plans, issued under equity plans we may assume in acquisitions, or issued as inducement awards under NYSE rules. Shares registered under these registration statements on Form S-8 will be available for sale in the public market subject to vesting arrangements and exercise of options, our Insider Trading Policy trading blackouts, and the restrictions of Rule 144 in the case of our affiliates.
We could be negatively affected by actions of activist stockholders.
Campaigns by stockholders to effect changes at publicly traded companies are sometimes led by investors seeking to increase short-term stockholder value through actions such as financial restructuring, increased debt, special dividends, stock repurchases or sales of assets or the entire company. If we are targeted by an activist stockholder in the future, the process could be costly and time-consuming, disrupt our operations and divert the attention of management and our employees from executing our strategic plan. Additionally, perceived uncertainties as to our future direction as a result of stockholder activism or changes to the composition of our Board may lead to the perception of a change in the direction of our business, instability or lack of continuity, which may be exploited by our competitors, cause concern to current or potential customers, who may choose to transact with our competitors instead of us, and make it more difficult to attract and retain qualified personnel.
We may issue shares of preferred stock in the future, which could make it difficult for another company to acquire us or could otherwise adversely affect holders of our common stock, which could depress the price of our common stock.
Our certificate of incorporation will authorize us to issue one or more series of preferred stock. Our Board will have the authority to determine the preferences, limitations and relative rights of the shares of preferred stock and to fix the number of shares constituting any series and the designation of such series, without any further vote or action by our stockholders. Our preferred stock could be issued with voting, liquidation, dividend and other rights superior to the rights of our common stock. The potential issuance of preferred stock may delay or prevent a change in control of us, discouraging bids for our common stock at a premium to the market price, and materially adversely affect the market price and the voting and other rights of the holders of our common stock.