ITEM 1. BUSINESS
Company Overview
HireRight Holdings Corporation (collectively “HireRight”, the “Company”, “we,” “us,” “our,” and similar references) is a leading global provider of technology-driven workforce risk management and compliance solutions. We provide comprehensive background screening, verification, identification, monitoring, and drug and health screening services for more than 40,000 customers across the globe. We offer our services via a unified global software and data platform that tightly integrates into our customers’ human capital management (“HCM”) systems enabling highly effective and efficient workflows for workforce hiring, onboarding, and monitoring. In 2021, we screened over 29 million job applicants, employees and contractors for our customers.
We believe that workforce risk management and compliance is a mission-critical function for all types of organizations. The rapidly changing dynamics of the global workforce are creating increased complexity and regulatory scrutiny for employers, bolstering the importance of the solutions we deliver. Our customers are a diverse set of organizations, from large-scale multinational businesses to small and medium-sized businesses (“SMB”), across a broad range of industries, including transportation, healthcare, technology, business and consumer services, financial services, manufacturing, education, retail and not-for-profit. Hiring requirements and regulatory considerations can vary significantly across the different types of customers, geographies and industry sectors we serve, creating demand for the extensive institutional knowledge we have developed from our decades of experience. Our value proposition is evident in the long-standing customer relationships that we have developed, with an average customer tenure of nine years.
Our technology platform comprises a versatile set of software-based systems and databases that work together in support of the specific risk management and compliance objectives of any organization, regardless of size. Our customers and their applicants access our global platform through HireRight Screening Manager and HireRight Applicant Center, respectively. Our platform also seamlessly integrates through the HireRight Connect API (as defined below) with nearly all third-party Human Capital Management (“HCM”) systems, including Workday, Service Now, Oracle, and SAP, providing convenience and flexibility for our customers. Additionally, backgroundchecks.com serves as our system for customers that prefer a self-service solution, including many of our SMB customers. All of these systems leverage our extensive access and connectivity to employee and job applicant data. We further differentiate ourselves in the market with a number of proprietary databases, including broad criminal records databases and sector-specific databases serving the transportation, retail, and gig economy markets. We also possess one of the industry’s largest criminal conviction databases. We are committed to continuing to invest in our software and data platform to provide additional insights for our customers, support the innovation of new services, and enable further automation of our service delivery.
Since our founding in 1990, we have evolved through investments in technology and process automation, the launch of new services, the development of proprietary, industry-specific databases and the expansion of our global market presence.
In 2018 we combined with General Information Services (“GIS”), an integrated background screening services provider. The combination of HireRight and GIS produced a company with enhanced size and scale, customer and end market diversification, and differentiated capabilities, including backgroundchecks.com. While combining the businesses, we continued to invest in our software, data, and technology infrastructure, establishing a unified global platform that we believe is competitively differentiated in our marketplace today. We believe that differentiation in the market resulted in our highest annual new bookings in 2020 providing significant momentum towards increasing our revenues in 2021. Bookings represent the estimated annual revenue from newly signed contracts. New customer contracts generally take between 30 and 45 days to implement and begin transacting and generating revenue. However, large enterprise customers can take significantly longer, in some cases, up to a year, after signing a contract to begin transacting and generating revenue in-line with anticipated volumes.
Our Market
We operate in a large, fragmented and growing global market focused on workforce risk management and compliance solutions. Employment background screening is a critical, highly complex employer need and is a core component of this overall market.
We intend to continue to evolve our service offering to address the dynamic and changing needs of our customers. The growth in our addressable market could be driven by services we currently provide, such as ongoing monitoring, or by services adjacent to our current offering, such as employee assessment, credentialing or biometrics. We believe our market leadership in background screening as well as our scale, global presence, and differentiated technology platform will continue to enable us to penetrate additional facets of the vast workforce risk management and compliance market.
We believe our long-term growth expectations for our market are supported by a number of key secular demand drivers:
•The rapidly evolving global workforce: Multiple shifts in social norms and labor force dynamics are currently underway, including increasingly mobile and globalized workforces and growing demand for remote working arrangements. The growth of the gig economy has also been a major force driving increasing contributions from temporary, flexible and on-demand labor. Recently, the COVID-19 pandemic has accelerated many of these workforce trends already underway. For example, according to a 2021 U.S. Bureau of Labor Statistics survey, as a result of the pandemic, 34.5% of establishments increased telework for some or all of their employees. These developments create new challenges for employers and require new approaches to background screening, monitoring, and overall workforce risk management and compliance.
•Secular trend towards greater job change velocity: Employees are changing jobs at an increasing rate with over 47.8 million Americans quitting their jobs in 2021 according to the U.S. Bureau of Labor Statistics. A key driver of this trend are younger “Millennial” employees, who have a median tenure at a single organization of less than 3 years. Increased velocity of job changes drives greater need for our services.
•Increased regulatory scrutiny of hiring processes: A changing regulatory and legal landscape has led to increased costs of non-compliance for employers and has forced companies to adapt their approaches to employee hiring and workforce management. Specifically, privacy laws, consumer data protection regulations and other regulations pertaining to screening processes have increased the complexity and potential legal liabilities for organizations in the process of assessing applicants. Other key developments in the regulatory environment include “ban-the-box” laws limiting an employer’s ability to inquire about applicants’ criminal histories, the ongoing evolution in the interpretation of the FCRA (as defined below), and new legislation regulating background screening processes and content.
•Increased organizational focus on compliance: Employers are placing greater emphasis on corporate compliance functions and recognizing the benefits of outsourcing their background screening and broader workforce risk management needs. As workforce dynamics continue to evolve, we believe workforce management will increasingly involve integration and collaboration between the HR, risk, legal, and compliance departments across all types of organizations. Furthermore, the increased prioritization and authority accorded to compliance functions is expected to drive additional demand for ongoing monitoring solutions to supplement pre-hire screening.
As a result of these trends, we anticipate the following key factors will positively impact our business:
•Increasing penetration of outsourced background screening services: The use of outsourced background screening services has become more prevalent among companies across all our geographic markets, which is a trend we believe will continue. North America is the largest market for background screening services according to Allied Market Research, although higher growth rates are expected in Europe and Asia-Pacific as outsourcing accelerates in those markets in the years to come. In particular, emerging market economies have traditionally been underpenetrated by background screening services but offer significant opportunity for growth due to increased use of employee background reporting, high population densities and attractive prospects for labor force growth. Additionally, as organizations across the globe invest in technology to support their hiring and compliance functions, we believe they will increasingly look to technology-driven providers, such as HireRight, that seamlessly integrate with broader HCM systems.
•Expanding scope of screens: The proliferation of available data combined with the increasing focus on risk management and compliance is driving demand for further evolution in the breadth and depth of background screening services. Employers are continually seeking to reduce hiring risk and are pushing outsourced service providers to deliver more comprehensive screens. In addition to services such as criminal records checks and employment and education verification, providers are increasingly being asked to screen social media and adverse publicity. As the digital footprint of individuals grows, we believe the scope of background screening and monitoring services will also continue to expand. Additionally, due to the proliferation of data, organizations will increasingly require new analytics and reporting tools to synthesize data inputs and provide insights to inform decision-making, and we believe we are well-positioned to address these needs.
•Increasing adoption of ongoing monitoring services: The increasing focus on compliance is leading organizations to adopt ongoing monitoring services to enforce compliance with applicable regulatory requirements and adherence to the values of the organization beyond the date of hire. Employers today are not solely focused on screening applicants prior to hiring; they are increasingly also focused on any material changes to an employee’s public profile, such as changes to a criminal record during the course of employment. Given the potential impact of adverse employee actions on an organization’s reputation, ongoing monitoring services provide employers with an important tool for risk mitigation. Ongoing monitoring services are also further enabled by the utilization of technology to automate service delivery and enhance the connectivity of data sources.
Our Services
Customers generally will place an order through one of our technology platforms to begin the background reporting process for a specific applicant. Orders consist of various different types and scopes of criminal record checks, verification services, driving background services, drug and health screening services, identity services, due diligence background services, credit records background services, compliance services and business services as determined by each individual customer to meet their specific needs for a particular position, region and/or circumstance. Our services are supported by our strong data access capabilities and can be efficiently implemented directly into our customers’ workflows by using our advanced HCM system integration capabilities.
Criminal record checks
Criminal record checks constitute the screening and ongoing monitoring of an individual’s criminal histories and arrest records through our proprietary databases, direct integrations with public records databases and an expansive network of in-house and on-the-ground researchers with broad reach across jurisdictions. Our capabilities in criminal record checks are enhanced through various proprietary service components, such as Widescreen Plus, which enable us to uncover information beyond typical criteria like address history. Activities that comprise the criminal records check service include:
•Registry Search: Determination of whether an individual appears on a sanctions/exclusions type database such as sex offender registries, abuse registries, and government watch lists.
•Criminal Search: Determination of whether criminal court records exist for an individual based on government, court, and police information.
•Criminal Monitoring: Ongoing monitoring of an employee’s criminal records, sex offender records, sanction lists, Department of Corrections, and Bureau of Prison records.
•Media Search: Determination of whether an applicant appears in media and newspaper publications or social media sites that look for adverse information.
•Questionnaire: Facilitation of self-disclosed applicant criminal record information.
Verification services
Verification services substantiate applicant claims regarding education, professional credentials, and employment history through established relationships with key data sources. Our verification services include certain industry specific adaptations such as United States Department of Transportation compliance and verification, United States Federal Aviation Administration pilot accident and incident reports, and healthcare sanctions. Activities that comprise verification services include:
•Registry Search: Verification of whether the applicant appears on a sanctions/exclusions type database such as International Financial Regulatory Body Search or has a history of fraud, abuse, or other negative patterns of behavior while previously employed.
•Employment: Verification of whether an individual’s employment history within set parameters meets customers’ compliance requirements.
•Professional: Verification of an individual’s professional skills and licenses held.
•Gap Analysis: Cross reference of activities declared by applicant and activities confirmed by sources to highlight discrepancies or periods needing clarification.
•Financial Services: Verification of whether an individual’s credentials and history adhere to financial market regulatory requirements.
•Transportation: Verification of whether an individual’s profile complies with Federal Department of Transportation regulations.
•Education: Verification of whether an individual’s education history within set parameters meets customers’ compliance requirements.
•Healthcare: Verification of the validity of an individual’s healthcare licenses and certifications.
Driving background services
Driving background services provide initial reporting and ongoing monitoring of motor vehicle operating records and licensing status, supported by direct connections to BMV/DMV records in all 50 states. Our services help employers comply with various Federal Motor Carrier Safety Administration (“FMCSA”) regulations, including requirements for employers to obtain and review motor vehicle records for licensed commercial vehicle operators. Activities that comprise driving background services include:
•MVR: Provides driving record from the state in which the driver is licensed. It is retrieved using our direct integration with state motor vehicle administrations or through vendor relationships.
•MVR International: Verifies driving license validity and/or provides driving record from foreign country in which the driver is licensed.
•Commercial Driver Check: Provides current and historical driver license data as well as driver violations, inspections and crash data.
•Driver Monitoring: Ongoing driver monitoring services that check for any new violations, convictions, medical certification expirations.
Drug and health screening services
Utilizing a network of over 20,000 clinics and collection sites and integrations with multiple accredited/certified laboratories, we administer screening to comply with regulatory requirements and employer standards related to drug and alcohol use and occupational health. We are a member of all leading drug and alcohol testing associations including the Drug and Alcohol Testing Industry Association, National Drug & Alcohol Screening Association, and Substance Abuse Program Administrators Association. Our licensed and board-certified Medical Review Officers act as independent and impartial advocates for the accuracy and integrity of the drug testing process by reviewing laboratory results generated by an employer’s drug testing program to evaluate if the donor has a legitimate medical explanation for certain drug test results. Activities that comprise drug and health screening services include:
•Health Screening: A full range of occupational health services to meet policy and contract obligations, including vaccinations, titers, audiograms, vision tests, the Occupational Safety and Health Administration Respirator Questionnaires, Pulmonary Function Tests, and Chest X-Rays, among others.
•Alcohol Testing: Testing for the presence of alcohol to help determine potential alcohol use.
•Drug Testing: Testing for the presence of illicit drug use in hair, urine and oral fluid as well as blood, available for both instant and lab-based test types.
•Testing Coordination: Scheduling and coordination services for the assignment of a clinic, available in applicant driven or fully coordinated variants.
•Onsite Events: Testing and screening for drug and health considerations performed on customer premises, including staff deployed to manage the collection and testing process.
Identity services
Identity services provide customers with information to verify who they are hiring, using Social Security Trace and global passport verifications to obtain supplemental information to be leveraged in additional searches. Identity Services are often included as a foundational element of a customer order, and often yield key inputs for other services included in the report. Activities that comprise identity services include:
•Document Check: Confirming the type and validity of a document and matching it to the applicant’s details.
•Identity History: Retrieval of an applicant’s name and address history for a more robust public records search.
Due diligence background services
Services to provide initial background reporting and ongoing monitoring for due diligence procedures including civil court record checks, sex offender registries and other exclusion databases, entity screening and health care and other regulated industry credentialing and sanctions checks, among others. Activities that comprise due diligence services include:
•Registry Search: Verification of whether an individual or entity appears on a sanctions/exclusions type database such as General Services Administration (“GSA”), Office of Inspector General (“OIG”), other government watch lists, and business and industry registries, among others.
•Criminal Search: Determination of whether criminal court records exist for a subject based on governments, court, and police information.
•Media Search: Determination of whether an individual or entity appears in media and newspaper publications or social media sites that look for adverse information.
•Entity Screening: Determination of whether an incorporated entity exists and is accurately represented based on registry information, and to confirm whether the entity appears on a sanctions/exclusions database or Government watch list.
•Civil Search: Identification of any civil suits filed by or against individuals or corporations that can be conducted at a county/federal or country level, including suits, liens, and judgments.
•Court Records: Products that utilize a court as a primary source to obtain records such as criminal or civil court cases, recorded judgements or state tax liens.
•Financial Services: Questionnaire processing based on U.K. Financial Conduct Authority’s Form A.
•Healthcare: Determination of whether an individual appears on a sanctions/exclusions type database such as GSA/OIG and other government watch lists.
•Executive Intelligence: Comprehensive, research focused background checks for high-risk/high-profile positions.
Credit records background services
Credit records background services provide financial responsibility verification supported by integrations with all three major credit rating agencies to improve confidence in hiring decisions. These services uncover records of bankruptcy, debt history, and financial litigation. Activities that comprise credit records background services include:
•Bankruptcy: Determination of the existence of official bankruptcy records for an applicant based on residence history and provision copies of official certificates when provided by source.
•Entity Screening: Retrieval and aggregation of the credit history of an incorporated entity.
•Credit: Retrieval and aggregation of an individual’s credit history by searching multiple different sources at locations corresponding to applicants’ past addresses.
Compliance services
Compliance services include our suite of managed and self-service adjudication and adverse action notification services that help customers streamline decision making and communication processes. HireRight’s adjudication and adverse action capabilities help to streamline hiring decisions, facilitate compliance and improve visibility and control for customers. Activities that comprise compliance services include:
•Adjudication: Determination of adjudication status by HireRight or using self-service functionality based on the completed background report results.
•Adverse Action Notices: Processing of letters informing an applicant of a potentially adverse decision on employment for the applicant.
Business services
Business services represent our comprehensive business setup, reporting and analytics tools to improve the management of onboarding workflows for our customers. Our data visualization tools provide easy to use, self-service dashboards to help organizations identify, view, analyze and understand how their workforce risk management and compliance programs are performing. Activities that comprise business services include:
•Reports: Provision of standard and custom management reports customers utilize to retrieve and understand details on their background check program.
•Court Records: Obtainment of primary court records such as criminal or civil court cases, recorded judgements and state tax liens.
•Business Setup: Onboarding and verification services completed by HireRight upon new customer service initiation.
•Questionnaire: Establishment of customer configurable set applicant questions.
Our Platform
We deliver workforce risk management and compliance solutions by way of our unified global platform, which drives the request submission, communication, data aggregation, workflow orchestration, and delivery processes required by our services. Our technology platform powers our organization’s ability to deliver our services at scale to customers across the globe. Our platform is supported by proprietary, cloud-enabled systems that connect directly with our customers and their global workforce as well as an industry-leading API (as defined below). Our platform provides significant value to our customers with:
•Deep interconnectivity between international instances to enable truly global, but also regional and local, customer provisioning.
•Redundant hosting centers with extensive backup capabilities to protect customer data from loss and provide dependable business resiliency.
•Horizontal scalability to enable rapid capacity expansion to handle even the most demanding enterprise customer loads.
•Highly flexible adaptability and extensibility to allow rapid integrations of partners’ data and services.
The platform is composed of several key systems which play specific roles in the procurement and delivery process. When our customers require delivery of services, requests can be submitted through multiple points of interaction with our platform, including HireRight’s Screening Manager or backgroundchecks.com interfaces or via a direct integration with their HCM system of choice. Any required information submission from or communication with an applicant or worker is processed by way of the HireRight Applicant Center. Requests and applicant submissions are collected via the HireRight Connect API, which assesses the scope of the customer request and performs subsequent workflow generation, data aggregation and processing algorithms required for fulfilment of the requested services, leveraging our internal databases and external databases sources. Completed reports containing the details of the services performed are then delivered back to our customers via the same systems from which they initiated their request. A more detailed description of our systems and their role in our platform is presented below:
HireRight Screening Manager
HireRight Screening Manager is our in-house system for customers to access and manage the full suite of our services all from one location. The Screening Manager system includes a comprehensive feature set, including placement of new screening requests, workflow management, order progress review, activity flagging, adjudication, and completed report views among others. It is accessible through easy-to-navigate mobile or desktop user interfaces or via direct integrations with our customers’ HCM system of choice.
HireRight Applicant Center
HireRight Applicant Center is our award-winning secure applicant system, which consolidates all communication with our customers’ workforce to provide a transparent and simplified channel for interaction throughout the employment reporting process. The Applicant Center system includes functionality for applicants to establish their identity, submit supporting information, check status, and access help, FAQs and other resources to streamline the submission process. The system is accessible to applicants free of charge, and aims to improve the hiring process for our customers by expediting the reporting process, keeping applicants adequately informed of required and pending documentation requests, reducing unnecessary communications with applicant-visible status reports and document receipts, and providing Web Content Accessibility Guidelines 2.1-compliant accessibility features.
HireRight Connect
HireRight Connect is our Application Programming Interface (“API”) system, which enables connections with our customers’ HCM systems and external data sources to support the exchange of information and delivery of our services. The Connect API aims to improve systems interoperability and flexibility in the delivery of on-demand employment reporting and supports web service integrations and secure data feeds with a range of third party systems. Currently, HireRight Connect API integrates with more than 50 HCM systems, including Workday, Oracle, IBM and SAP. By providing integrated connectivity with existing customer workflows and infrastructure, we improve the efficiency and productivity of workforce risk management and compliance teams, while simplifying the setup and transition process for our new customers.
backgroundchecks.com
backgroundchecks.com is our web application for use by customers desiring a self-service solution, which is a preferred option for the needs of many SMBs. Services accessible via backgroundchecks.com are organized in pre-packaged reports and include tailored options for staffing, construction and manufacturing, retail, and volunteer organizations. These reports include combinations of criminal and civil court record searches, motor vehicle record checks, drug screening, and credential verifications defined by a customer’s selected service tier. The backgroundchecks.com system delivers the right balance of confidence, convenience, and economy to serve self-service and SMB customers.
Segments and Geographic Information
We operate in one reportable segment. See “Item 8. Financial Statements and Supplementary Data - Note 13 — Segments and Geographic Information” of this Annual Report on Form 10-K for financial information related to our segments and geographic information.
Our Customers
We deliver our solutions to over 40,000 customers across the globe, ranging from SMBs to large, multinational enterprises. Our customer base spans numerous end markets including transportation, healthcare, technology, business and consumer services, financial services, manufacturing, education and not-for-profit, and retail. We serve multiple industry leaders within these end markets, including approximately 50% of the Fortune 100 as of 2021, while remaining highly diversified with no single customer representing more than 5% of annual revenue and our top 10 customers contributing less than 14% of annual revenue in 2021 in the aggregate.
Business with our enterprise customers is generally established under multi-year contracts which define pricing and scope of services. We also provide self-service solutions for certain enterprise and SMB customers by way of backgroundchecks.com. Services rendered through this channel are arranged under pre-defined pricing terms and services which are selected based on the customer’s preference. Our business agreements customarily do not include minimum volume thresholds or exclusivity requirements. We are therefore in an ongoing effort to win and retain our customers’ business by striving to consistently deliver high-quality service.
We seek to establish strong, long-term partnerships with our customers. We believe that we deliver a differentiated value proposition, supported by our technology leadership, history of innovation, and service excellence. We believe this differentiation is validated with the customer relationships that we have built, with an average enterprise customer tenure of nine years as of 2021. Additionally, we have demonstrated an ability to expand these relationships, growing our average order size.
We see a significant opportunity for further penetration in the SMB market through backgroundchecks.com. The SMB market represents approximately half of all U.S. employment according to the Bureau of Labor Statistics. However, this market represented less than 4% of our service revenues as of 2021. We believe that increasing levels of interest in effective workforce risk management and compliance solutions among SMB employers, in conjunction with our efforts to provide greater scalability and service availability, will drive significant growth for us in this market.
Our Growth Strategies
Drive new customers and expand our existing customer relationships
We believe that we have a technology platform and suite of services that enable us to provide differentiated results for our customers. Our customer success is evident in the Company achieving our highest revenue quarter in the Company’s history in the third quarter of 2021. We have a robust pipeline of opportunities developed by our sales team to continue to attract new customers and take share in the market. In addition to new customers, we also intend to drive growth through increasing average order size across our customer base, by expanding our customer relationships with incremental adoption of our services, along with the continued introduction of new and innovative services. Together, the momentum in new customer wins and growth in average order size provide significant visibility into our near-term organic growth.
Continue to penetrate and expand with high-growth, high-velocity customers
We believe our alignment to industry verticals with favorable growth and hiring characteristics provides a tailwind to our growth trajectory. In particular, we are a market leader in the transportation, healthcare and financial services sectors which all benefit from being highly regulated and having large employee bases with rapid hiring velocity.
We will continue to innovate to maintain our leadership position and capitalize on underlying growth trends across our current end markets, while aggressively targeting expansion in those industries that offer the strongest demand characteristics for our services. These characteristics primarily concern the end-market’s workforce size and expected growth, hiring velocity and turnover, level of regulatory and other requirements such as the relative importance of reputational risk management, and expected levels of background screening service adoption, among others. We have identified three key end markets as significant opportunities for future expansion:
•Gig economy: Employment dynamics in the gig economy result in high rates of workforce churn and a distinctive, loosely associated labor force which generates new and increased demands for background screening and compliance services. We have built significant momentum in this sector with the addition of key new customers and the recent implementation of our proprietary database for the transportation network, ride-sharing, and delivery driver markets. We intend to leverage our leadership in this sector to expand our presence and continue to capitalize on the gig economy’s growth.
•Financial services: We are currently a leader in financial services internationally and will look to leverage our experience and global customer relationships to further penetrate the U.S. market. The U.S. financial services end market carries a high regulatory burden, employs a large proportion of the U.S. labor force and has a rapid hiring velocity, which are attractive characteristics for our services.
•Small and medium-sized business: Significant “white space” exists in the SMB market, representing approximately half of total U.S. employment according to the U.S. Bureau of Labor Statistics. We plan to target this market primarily through our backgroundchecks.com platform, which provides a self-service solution preferred by many SMB customers. We see significant room for continued expansion as we execute on our marketing strategy, delivering our transparent pricing model and pre-packaged solutions specific to the needs of this market.
Grow service offering and addressable market
We have a substantial opportunity to expand our addressable market by driving higher adoption rates of outsourced background screening services, entering into adjacent markets, and launching new services. We plan to continue developing targeted new service launches within the context of our existing platform with a well-defined product roadmap that includes the following key growth initiatives:
•Ongoing monitoring services: In order to address growing market demands, we have placed priority on the development and improvement of ongoing monitoring tools for criminal and arrest records, healthcare sanctions, and professional license expirations. We see further opportunity for services development in social security number validation, Global Information Assurance Certification (“GIAC”), GIAC Security Essentials (“GSEC”) monitoring, and entity monitoring.
•Instant screening solutions: Our “automation-first” approach is exemplified by the usage of Robotic Process Automation (“RPA”) techniques across our platform. These techniques are supporting our implementation of new Instant Criminal Screening services which will leverage our WideScreen Plus proprietary database to provide significant flexibility for configurable searches by our customers, along with significantly increased service speeds.
•Expansion across workforce risk management and compliance services: We see further vectors for growth in services directly adjacent to our current offering, including, but not limited to skills assessments and credentialing, reference checks, enterprise risk services, and biometric screening. We believe the expansion of our service offering will enhance our value proposition to our customers and further differentiate us in the market.
Drive growth in international markets
International expansion represents a highly attractive opportunity for us to leverage our global scale and market leadership. To broaden our reach to international markets, we have established a network of offices in 13 countries across North America, Europe, Asia, the Middle East, and Australia, which supports provision of our services in over 200 countries. This network combines global scale with an ability to provide personalized support and regional insight. We have the capabilities in place today to deliver services across the globe with integrated localization and language capabilities and have placed increased importance on the pursuit of opportunities with both regional customers in international markets and multinational companies abroad in the development of our pipeline.
Disciplined growth through acquisitions
We maintain a disciplined approach to potential acquisitions but see a significant opportunity to accelerate and enhance our growth strategy via mergers and acquisitions. We have had success as an organization in driving value through acquisitions as evidenced by our combination with GIS in 2018, as well as successful tuck-in acquisitions, including J-Screen and PeopleCheck in 2019. Our approach to acquisitions will focus on three primary factors:
•Acquiring new capabilities to expand and enhance our service offering: In certain instances, we may identify opportunities to acquire new capabilities that would accelerate their inclusion in our service offering relative to in-house development. Specific focus capabilities in which we could consider acquisition opportunities include ongoing monitoring, biometrics, ID verification, skills assessments, and credentialing. Targeted acquisitions can also be used to continue enhancing our existing key competitive strengths, in particular through the further enhancement of our proprietary databases and records.
•Expanding our industry and geographic end-market presence: While we currently have broad reach across end markets, certain of our competitors may have a particular focus or a stronger relative presence within specific industry sectors or geographies in which we are under-penetrated or not present. In these cases, we may pursue acquisition targets to accelerate our existing organic growth strategies to address these end-markets.
•Enhancing our efficiency and market presence through consolidation: As a large player in the fragmented workforce risk management and compliance market, we may seek to acquire competitors of smaller scale with similar service offerings or end market exposure to enhance our scale efficiencies and market share.
Go-to-market organization
Our global go-to-market (“GTM”) operations are focused on generating business from new customers, retaining our existing base of customers, and cross-selling our full suite of services within our existing customer base. We sell our services primarily through our direct sales organization, which consists of new customer sales representatives, sales management, account managers, and strategic growth directors who focus on developing our existing customer relationships. We specialize portions of our GTM teams based on industry vertical and geographic region, while our new customer teams are organized by customer size and geographic region. We also operate a global customer service organization which provides in-bound support for both customers and applicants through phone, email, and online chat.
In concert with our direct sales efforts, we also leverage an established partner network to help influence new business and retention. We have built an extensive network of partnerships and integrations with leading HCM systems, such as Workday, IBM, Oracle, and SAP. Our GTM teams work with these partners on new business and retention opportunities that include, or could include, both organizations. We also receive leads from these partners, alerting us to potential new business opportunities within their customer base.
We also market, sell, and deliver our services to SMBs and self-service customers through backgroundchecks.com. We market directly to SMBs in this channel, leveraging search engine marketing and search engine optimization techniques to sell to and engage with those businesses.
Competition
The market for workforce risk management and compliance solutions is evolving, fragmented, and highly competitive. We face competition from a range of enterprises, including other global competitors in addition to local and regional providers. We are among the largest providers in the market in terms of revenue and we believe only a few competitors have comparable scale, reach and capabilities. Our competitive landscape can be broken down into the following categories:
•Global providers: First Advantage, Sterling Talent Solutions
•Mid-tier providers: Accurate, Certiphi, Cisive
•“Insta-screen” solutions: Checkr, GoodHire, Asurint
We compete for business based on numerous factors including service quality; the thoroughness, completeness and speed of results; breadth of offerings; technology and platform quality; price; reputation; and customer service. See “Item 1A – Risk Factors” for details on risks related to our competitive advantages.
Technology and Development
Our ability to compete in part depends on our commitment to innovation, and we invest, both independently and in combination with industry and education partners, in research into progressive technologies and practices covering data and information, user experiences, infrastructure, and software-product development. Our research and development is driven by direct engagement with customers to understand their needs and our ability to deliver flexible solutions that address their challenges. Most recently, we have invested in key enhancements to service speeds by utilizing automated data sourcing and artificial intelligence-based decision technologies; improvements in customer experience through additional automation, improved self-service tools, and expanded global access; and simplifications to the applicant experience through optimization and automation of applicant inputs.
Our technology organization evaluates new technologies on an on-going basis. We have dedicated staff and processes to monitor and review relevant technology advancements across architecture, infrastructure, software, data and data systems, information security, and user experience. We enhance and refine our technology platform to improve our customer’s experience, increase system availability, accelerate data processing and delivery, bolster information security, and reduce our cost structure. Our investment in product and technology for the years ended December 31, 2021, and 2020 was $83.1 million and $59.3 million respectively, including our investments in product management, development, and delivery.
Intellectual Property
We rely on a combination of copyright, trademark and trade secret laws, as well as non-disclosure agreements and other contractual provisions to protect our intellectual property. We own a number of trademarks, trade names, copyrights, domain names and trade secrets, and it is our policy to enter into confidentiality and invention assignment agreements with our employees and contractors and nondisclosure agreements with our suppliers and companies with which we have strategic alliances in order to limit access to and disclosure of our proprietary information. Currently, our HireRight trademark is registered with the U.S. Patent and Trademark Office, in the United Kingdom, the 27 countries of the European Community, and several other countries.
Human Capital Resources
As of December 31, 2021, we employed approximately 2,760 employees. None of these employees is covered by a collective bargaining agreement. We consider our relations with our employees to be good. Our human capital resources objectives include, as applicable, identifying, recruiting, retaining, incentivizing and integrating our existing and prospective employees. The principal purposes of our incentive plans are to attract, retain and motivate selected employees, executive officers and directors through the granting of stock-based compensation awards and cash-based performance bonus awards.
Our Values
We have established core values that are included in our onboarding curriculum for all employees. We refer to our core values as the CORE4 Values, which include: (i) service first mindset, (ii) grounded in respect, (iii) collaborative spirit, and (iv) sense of ownership. Our core values are integral to creating a work environment that allows and encourages all employees to perform their duties in an efficient and effective manner and to the best of their abilities. We have a recognition and awards program for employees who demonstrate these values.
We strive to maintain a work environment in which people are treated with dignity and respect. We have a variety of programs dedicated to ensuring our employees are appropriately trained and aligned with expectations with respect to our values and working environment that is inclusive and free of discrimination and harassment. This is accomplished through continuous training and evaluation of employee, safety, and business needs.
Diversity and Inclusion
We are committed to fostering, cultivating and preserving a culture of diversity, equity and inclusion. We recognize that a diverse, extensive talent pool provides the best opportunity to acquire unique perspectives, experiences, ideas, and solutions to drive our business forward.
We promote diversity by developing policies, programs, and procedures that foster a work environment where differences are respected, and all employees are treated fairly.
Talent Management
We recognize the importance of attracting and retaining the best employees. Our continued success is not only contingent upon seeking out the best possible candidates, but also retaining and developing the talent that lies within the organization. We strive to attract, develop, and retain the best and brightest from all walks of life and backgrounds. Our goal is to offer opportunities for employees to improve their skills to achieve their career goals.
Employee Health and Safety
COVID-19 continues to impact individuals and businesses worldwide. We acted quickly to protect the health and safety of our employees in response to the pandemic protocols. In March 2020, all employees who could work remotely began working from home. Most of these employees continue to work remotely. The health and safety of our employees has been and continues to be a priority as variants of COVID-19 emerge in areas in which we operate.
Government Regulation
Because we deal primarily in searching and reporting public and non-public consumer information and records and performing third-party administrative services for employment-related drug screening and other occupational testing, we are subject to significant and extensive governmental laws and regulations in the United States and other countries around the world. For example, in the United States we are subject to:
•the Fair Credit Reporting Act (the “FCRA”), which regulates the collection and use of consumer report information;
•the Financial Services Modernization Act of 1999, or the GLBA, which regulates the use of non-public personal financial information held by financial institutions and applies indirectly to companies that provide services to financial institutions;
•the Drivers Privacy Protection Act (the “DPPA”), which restricts the public disclosure, use and resale of personal information contained in state department of motor vehicle records;
•various state consumer reporting agency laws and regulations, including the California Investigative Consumer Reporting Agencies Act (the “ICRAA”), and privacy laws in other states and some cities;
Outside the United States, we are subject to the General Data Protection Regulation (the “GDPR”) and U.K. GDPR, which establish significant data protection and privacy standards that empower individuals in the European Economic Area and the United Kingdom to exercise significant control over their personal data, as well as similar laws in many other countries in which we do business including but not limited to Australia, Canada, and China.
The FCRA and ICRAA
The FCRA and ICRAA regulate consumer reporting agencies, including us, as well as data furnishers and users of consumer reports such as banks and other companies. These laws govern the accuracy, fairness and privacy of information in the files of consumer reporting agencies that engage in the practice of assembling or evaluating certain information relating to consumers for certain specified purposes; limit the type of information that may be reported by consumer reporting agencies and the distribution and use of consumer reports; and establish consumer rights to access, freeze and dispute information in their credit files. Consumer reporting agencies are required to follow reasonable procedures to assure maximum possible accuracy of the information concerning the individual about whom the report relates and if a consumer disputes the accuracy of any information in the consumer’s file, to conduct a reasonable reinvestigation. These laws impose many other requirements on consumer reporting agencies, data furnishers and users of consumer report information. Violation can result in civil and criminal penalties as well as attorney fee shifting to provide an incentive for consumers to bring individual or class action lawsuits against consumer reporting agencies for violations.
The GLBA
The GLBA regulates, among other things, the use of non-public personal information of consumers that is held by financial institutions. We are subject to various GLBA provisions, including rules relating to the use or disclosure of the underlying data and rules relating to the physical, administrative and technological protection of non-public personal financial information. Breach of the GLBA can result in civil and/or criminal liability and sanctions by regulatory authorities.
The DPPA
The DPPA requires all states to safeguard certain personal information included in licensed drivers’ motor vehicle records from improper use or disclosure. The DPPA limits the use of this information sourced from state departments of motor vehicles to certain specified purposes and does not apply if a driver has consented to the release of their data. The DPPA imposes criminal fines for non-compliance and grants individuals a private right of action, including actual and punitive damages and attorneys’ fees. The DPPA provides a federal baseline of protections for individuals, and is only partially preemptive, meaning that except in a few narrow circumstances, state legislatures may pass laws to supplement the protections made by the DPPA. Many states have laws that are more restrictive than the federal law.
The CCPA and Other State and Local Laws and Regulations
The California Consumer Privacy Act (the “CCPA”) requires businesses to provide California consumers with certain rights regarding their personal information, including the right to be informed about the type of information collected about them, the right to opt out of the sale of their personal information, the right to request deletion of their personal information, and the right to access their personal information. The CCPA exempts much of the activities that are covered by FCRA, GLBA, and DPPA and therefore much of our business is not subject to the CCPA. The CCPA creates a private right of action for security breaches. On November 3, 2020, California adopted the California Privacy Rights Act (the “CPRA”), which amends and expands CCPA. It is anticipated that most of the substantive provisions of CPRA will go into effect in 2023.
Certain other state laws and regulations, including the CPRA and the Illinois Biometric Information Privacy Act, impose similar privacy obligations, as well as obligations to provide notification of security breaches in certain circumstances. Failure to comply with these laws and regulations may result in the imposition of civil and criminal penalties, including fines, and may be a basis for private litigation. These laws and regulations vary among states and are subject to differing interpretations. In addition to interpreting and complying with laws and regulations as and to the extent they relate to our services, we must also reconcile the many potential conflicts between such laws and regulations among the various jurisdictions that may be involved in the provision of our services.
We may also be subject to other laws and regulations related to state private investigation licensing or that are designed to protect the privacy of individuals and to prevent the misuse of personal information in the marketplace. These regulations may restrict the use and disclosure of personal information and provide consumers certain rights to know the manner in, and the purposes for, which their personal information is being used, to challenge the accuracy of such information or to prevent the use and disclosure of such information. In addition, these laws and regulations vary among states and are subject to differing interpretations. In certain instances, these laws and regulations also impose requirements for safeguarding personal information through the issuance of data security standards or guidelines with which we are obligated to comply.
The GDPR and U.K. GDPR
Our operations in the European Economic Area are subject to the GDPR and in the United Kingdom, the United Kingdom data protection regime consisting primarily of the U.K. GDPR and the U.K. Data Protection Act 2018. These laws establish significant data protection and privacy standards that empower individuals in the European Economic Area and the United Kingdom to exercise significant control over their personal data, and impose other operational and technical requirements with which we must comply, including as described in “Item 1A — Risk Factors”. Failure to comply with any provision of these laws could result in significant regulatory or other enforcement penalties.
Available Information
We file with, or furnish to, the Securities and Exchange Commission (the “SEC”) reports including our Annual Report on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K, and amendments to those reports pursuant to Section 13(a) or 15(d) of the Securities Exchange Act of 1934 (the “Exchange Act”). These reports are available free of charge on our corporate website (www.hireright.com) as soon as reasonably practicable after they are electronically filed with or furnished to the SEC. Copies of any materials we file with the SEC can be obtained free of charge at www.sec.gov. The foregoing website addresses are provided as inactive textual references only. The information contained on, or that can be accessed through, our website is not part of this report and is not incorporated by reference as part of this Annual Report on Form 10-K.
Implications of Being an Emerging Growth Company
We qualify as an “emerging growth company” as defined in the Jumpstart Our Business Startups Act of 2012 (the “JOBS Act”). We will remain an emerging growth company until the earlier of (1) the last day of our fiscal year following November 2, 2026, (2) the last day of our fiscal year in which we have total annual gross revenue of at least $1.07 billion, (3) the date on which we are deemed to be a large accelerated filer (this means the market value of our common stock that is held by non-affiliates exceeds $700.0 million as of the end of the second quarter of that fiscal year), or (4) the date on which we have issued more than $1.0 billion in non-convertible debt securities during the prior three-year period.
An emerging growth company may take advantage of reduced reporting requirements that are otherwise applicable to public companies. These provisions include, but are not limited to:
•not being required to comply with the auditor attestation requirements of Section 404 of the Sarbanes-Oxley Act of 2002, as amended (the “Sarbanes-Oxley Act”);
•reduced disclosure obligations regarding executive compensation in our periodic reports, proxy statements and registration statements; and
•exemptions from the requirements of holding a nonbinding advisory vote on executive compensation and stockholder approval of any golden parachute payments not previously approved.
We have elected to take advantage of certain of the reduced disclosure obligations regarding financial statements and executive compensation in this Annual Report on Form 10-K and expect to elect to take advantage of other reduced burdens in future filings. As a result, the information that we provide to our stockholders may be different than you might receive from other public reporting companies in which you hold equity interests.
In addition, under the JOBS Act, emerging growth companies can delay adopting new or revised accounting standards until such time as those standards apply to private companies. We intend to take advantage of the longer phase-in periods for the adoption of new or revised financial accounting standards under the JOBS Act until we are no longer an emerging growth company. Our election to use the phase-in periods permitted by this election may make it difficult to compare our financial statements to those of non-emerging growth companies and other emerging growth companies that have opted out of the longer phase-in periods permitted under the JOBS Act and who will comply with new or revised financial accounting standards. If we were to subsequently elect instead to comply with public company effective dates, such election would be irrevocable pursuant to the JOBS Act.
ITEM 1A. RISK FACTORS
RISK FACTORS
Investing in our common stock involves a high degree of risk. You should carefully consider the risks and uncertainties described below, together with all of the other information contained in this Annual Report on Form 10-K, including our consolidated financial statements and the related notes thereto and Management’s Discussion and Analysis of Financial Condition and Results of Operations, before making investment decisions related to our common stock. The risks and uncertainties described below are not the only ones we face. The risks of investing in our common stock may change over time, and additional risks and uncertainties that we are unaware of, or that we currently believe are not material, may also become important factors that affect us. Accordingly, you are advised to consider additional sources of information and exercise your own judgment in addition to the information we provide. If any of the following or other risks occur, our business, financial condition, operating results, growth, ability to accomplish our strategic objectives, reputation and prospects could be materially and adversely affected. In that event, the price of our common stock could decline, and you could lose all or part of your investment.
Risks Related to Our Business Operations
We have no assurance of future business from any of our customers.
We estimate future revenue associated with customers and customer prospects for purposes of financial planning and measurement of our sales pipeline, but we have no contractual assurance of any revenue from any of our customers. Although our customers typically enter into multi-year contracts with us, they are not required to purchase any minimum amounts of services from us and may stop doing business with us for any reason at any time without notice or penalty. Many of our larger customers maintain simultaneous relationships with our competitors, which makes it easy for them to shift their business away from us if they choose to do so.
There is no guarantee that we will be able to implement newly contracted customers successfully, retain or renew existing agreements, maintain relationships with any of our customers or business partners on acceptable terms or at all, or collect amounts owed to us from insolvent customers or business partners. The loss of any of our large customers could have a material adverse impact on our business.
We rely upon third parties for the data we need to deliver our services.
Our background screening reports are made up of information that we acquire about consumers from a wide variety of sources. We obtain information from public sources, including courts, law enforcement agencies, motor vehicle departments, and other governmental authorities, and from private sources including credit bureaus, other aggregators, and private suppliers that execute local courthouse searches.
Public data sources are subject to significant and growing social and political pressures to protect the data privacy rights of persons whose data is in their custody, including by limiting the data that those public sources provide. For example, some courts are limiting or eliminating access to the date of birth information in their criminal records, which makes it more difficult to match criminal histories to the correct individuals. Private data sources may be subject to regulatory requirements over their use of data and typically have significant motivations to protect their proprietary data aggregation techniques. As a result, as a condition of providing their data to us, our suppliers impose significant requirements and restrictions on our use and handling of such data and routinely audit us to ensure our compliance. If, through error or oversight, or for any other reason, we fail to adhere to their requirements and restrictions, we could lose access to important data sources, which would compromise our competitive position and prevent us from delivering all of the services our customers expect.
In general, the data we obtain and reflect in the reports we provide to customers is equally available to our competitors. Therefore, our competitive advantages derive from our decisions about which available data we obtain and how efficiently and effectively we ingest, process, and utilize that data to produce timely, accurate, compliant, and actionable information to our customers. We differentiate ourselves in the market with a number of proprietary databases we have built using data from public sources or commercial counterparties, including broad criminal records databases and sector-specific databases serving the transportation, retail, and gig economy markets. We do
not own the data but we consider the databases to be proprietary to us because we have built the database structures and the technology and processes by which the data elements are gathered and processed to produce reports for our customers. If we lose access to the information we use to populate these databases, or our uses of that information are restricted in ways that limit the utility of these databases, we may lose an important source of competitive differentiation.
Finally, we are responsible for the accuracy of the reports we prepare and could incur significant liability to our customers, consumers, and regulators, as well as reputational harm, if inaccuracies or omissions in information provided to us by third parties are reflected in the reports we deliver to our customers. We seek to secure contractual indemnities from our data sources, but public data sources generally do not accept liability for errors in their data and private data sources may have enough negotiating leverage to limit their liability to us for their own errors. Smaller providers may not have the resources to fund their indemnity obligations.
We rely upon third-party contractors to help us fulfill our service obligations to our customers.
In addition to relying on third-party sources for our data, we use third-party service providers to supplement our own staff and help us deliver our services. These service providers include business process outsourcing companies, court runners, and providers of additional assorted services, such as drug and health screening. These third parties enable us to adjust our staffing to changes in our order flow, and to access additional sources of information (such as local courthouses), and utilize certain facilities (such as medical testing or fingerprinting sites) that we cannot access efficiently using our own personnel. While we impose various standards and requirements on these third parties, they are more difficult to monitor and control than our own personnel. Furthermore, these third parties can become unavailable to us for various reasons or increase their pricing, which can disrupt the processing of customer orders and increase costs for us and our customers.
There is no assurance that these third-party service providers will maintain the standards that we require of our own personnel. We are responsible to our customers for the acts and omissions of our contractors and we could incur significant liability to our customers, consumers, and regulators, as well as reputational harm, because of errors by contractors engaged in helping us deliver our services. While we seek to secure contractual indemnities from our contractors, such indemnities may be limited or unavailable.
The COVID-19 pandemic further exacerbated the risks associated with our use of third-party service providers, as large portions of the staffing provided by our business process outsourcing providers were forced to temporarily suspend services or transition to work from home set-ups because of the stay-at-home orders and quarantines. The infrastructure and procedures that we needed to put in place to support a work from home set-up and to coordinate efficiently and effectively with our third-party contractors required significant costs and time. As a result, we suffered significant losses of processing capacity and prolonged turnaround times for orders. Further, our costs increased as we turned to higher-cost labor sources to compensate. There are no assurances that the procedures we developed during the COVID-19 pandemic will suffice for future calamitous events. Future global economic slowdown could also adversely affect the businesses of our third-party providers, hindering their ability to provide the services on which we rely. Additional costs and further losses because of the pandemic may continue; any escalation of the pandemic may result in reduced access to these third-party providers. Further, our efforts to manage these kinds of exigencies through business continuity and disaster recovery planning may not be effective.
Cost increases, failure, or termination by our third-party data and services providers could impair the effectiveness and competitiveness of our services.
Our agreements with many of our data suppliers may be terminated by the supplier for various reasons, including our failure to comply with stringent and evolving data protection requirements or changes in the supplier’s business model. Some data suppliers, as well as some service suppliers, such as the drug testing laboratories we use, are also owned, or may in the future be acquired, by our competitors, which may make us vulnerable to unpredictable price increases or delays and refusals to continue doing business with us. Because our contracts with our customers may contain restrictions on the amounts or types of costs that may be passed on to our customers, or due to competitive pricing pressure, our ability to recover any or all of the costs of any increases in fees by our data and service suppliers may be limited. If our suppliers are no longer able or are unwilling to provide us with certain
data or services, we may need to find alternative sources with comparable breadth and accuracy, which may not be available on acceptable terms, or at all, or attempt to build our own networks at substantial cost. There are no alternatives to some of our critical data sources, so we are vulnerable to increases in the price of that data, and the loss of individual data sources can significantly limit our competitiveness and ability to perform for our customers. If we are unable to identify and contract with suitable alternative data and service suppliers and integrate them into our solution offerings, we could experience service disruptions, increased costs, and reduced quality of our services.
We rely upon commercial providers of applicant tracking and human capital management systems for integration with many of our customers.
We rely upon third-party information technology systems and the ability to integrate these systems with our own. We communicate with our customers, receive their orders, and deliver their services through integrations between our information technology systems and theirs. While we frequently integrate directly with customers, in many cases these integrations are made through third-party human capital management systems or applicant tracking systems (“ATS”) that our customers use to manage their workflows. We currently have over 70 integrated solutions with more than 50 HCM systems and ATS, and approximately 40% of our order volume flows through these third-party systems. Therefore, a significant portion of our business depends upon the willingness and ability of these HCM systems and ATS providers to maintain integrations with us and to keep those integrations and their systems operating correctly. Furthermore, when an HCM system or ATS is interposed between us and our customer, we must sometimes rely upon the provider of that HCM system or ATS to work cooperatively with us to address technical issues. We have no assurances that these HCM system or ATS providers will cooperate with us or maintain their integrations; HCM system and ATS providers may not share our priorities and we may have little ability to secure the degree of cooperation we need from them. Any disruption to our ability to use these HCM systems, ATS and other integrations can have an adverse effect on the flow of data between us and our customers, which could jeopardize customer relationships, reduce our revenue, and impair our ability to manage that data flow in compliance with applicable laws and regulations.
We intend to rely, in part, on acquisitions to help grow our business. Any acquisitions we undertake may not produce the benefits we expect, and may disrupt our business, adversely affect operations, dilute stockholders, and expose us to costs and liabilities.
Historically, we have relied, in part, on acquisitions to grow our business, and we may pursue future acquisitions in an effort to increase revenue, expand our market position, add to our service offering and technological capabilities, respond to dynamic market conditions, or for other strategic or financial purposes. However, there is no assurance that we will identify suitable acquisition candidates or complete any acquisitions on favorable terms, or at all. Further, any acquisitions we do complete would involve a number of risks, including the following:
•The identification, acquisition, and integration of acquired businesses require substantial attention from management. The diversion of management’s attention and any difficulties encountered in the transition process could hurt our business.
•The identification, acquisition, and integration of acquired businesses requires significant investment, including to determine which new service offerings we might wish to acquire, harmonize service offerings, expand management capabilities and market presence, and improve or increase development efforts and technology features and functions.
•The anticipated benefits from an acquisition may not be achieved, including as a result of loss of customers or personnel of the target, other difficulties in supporting and transitioning the target’s customers, the inability to realize expected synergies, or negative culture effects arising from the integration of new personnel.
•We may face difficulties in integrating the personnel, technologies, solutions, operations, and existing contracts of the acquired business.
•We may fail to identify all of the problems, liabilities or other shortcomings or challenges of an acquired company, technology, or solution, including issues related to intellectual property, solution quality or architecture, income tax and other regulatory compliance practices, revenue recognition or other accounting practices, or employee or customer issues.
•To pay for future acquisitions, we could issue additional shares of our common stock or pay cash. Issuance of shares would dilute stockholders. Use of cash reserves could diminish our ability to respond to other opportunities or challenges. Borrowing to fund any cash purchase price would result in increased fixed obligations and could also include covenants or other restrictions that would impair our ability to manage our operations.
•Acquisitions expose us to the risk of assumed known and unknown liabilities including contract, tax, compliance, and other obligations incurred by the acquired business or fines or penalties, for which indemnities, escrow arrangements or insurance may not be available or may not be sufficient to provide coverage.
•New business acquisitions can generate significant intangible assets that result in substantial related amortization charges and possible impairments.
•The operations of acquired businesses, or our adaptation of those operations, may require that we apply revenue recognition or other accounting methodologies, assumptions, and estimates that are different from those we use in our current business. This could complicate our financial statements, expose us to additional accounting and audit costs, and increase the risk of accounting errors.
•Acquired businesses may have insufficient internal controls that we must remediate, and the integration of acquired businesses may require us to modify or enhance our own internal controls, in each case resulting in increased administrative expense and risk that we fail to comply with the requirements of Section 404 of the Sarbanes-Oxley Act of 2002 or that our independent registered public accounting firm is unable to express an opinion as to the effectiveness of our internal control over financial reporting or issues an adverse opinion, resulting in late filing of our periodic reports, loss of investor confidence, regulatory investigations, and litigation.
•Acquisition of businesses based outside the United States would require us to operate in languages other than English, manage non-U.S. currency, billing, and contracting needs, and comply with non-U.S. laws and regulations, including labor laws and privacy laws, that in some cases may be more restrictive on our operations than laws applicable to our business in the United States.
•Acquisitions can sometimes lead to disputes with the former owners of the acquired company, which can result in increased legal expenses, management distraction and the risk that we may suffer an adverse judgment if we are not the prevailing party in the dispute.
We must attract, motivate, train, and retain the management, technical, market-facing, and operational personnel we need to enable the success and growth of our business.
Our business is largely dependent on the personal efforts and abilities of key personnel, including our senior management team, who have significant industry expertise and specialized knowledge that is essential to our operational capabilities. Although we have employment contracts with some of our senior executives, they can terminate their employment relationship with us at any time. We currently do not maintain key person insurance on any officer or employee. Our performance also depends on our ability to identify, attract, retain and motivate highly skilled development and marketing personnel. Competition for such personnel is intense, and we may not be successful in attracting and retaining such personnel.
We are a technology-driven company, and it is imperative that we have highly skilled technical personnel to innovate and deliver our systems. Increasing our customer base depends to a significant extent on our ability to expand our sales and marketing operations and activities, and our services require a sophisticated sales force with specific sales skills and specialized technical knowledge that takes time to develop.
In international markets, we encounter staffing challenges that are unique to particular countries or regions, such as language skills, knowledge of local regulations and business practices and customs, and experience in foreign markets where background screening is less established. It can be difficult to recruit and retain qualified personnel in foreign countries and difficult to manage such personnel and integrate them into our culture.
We have a large operations fulfillment workforce that works on an hourly basis. These personnel require significant training and perform work that is detail-oriented and demanding. In general, these persons have many employment alternatives and retention in these roles is often a challenge.
It can be difficult, time-consuming, and expensive to recruit personnel with the combination of skills and attributes required to execute our business strategy, and we may be unable to hire or retain sufficient numbers of qualified individuals in the markets where we do business or plan to do business. Our personnel require significant training and it may take several months before they achieve full productivity. As a result, we may incur significant costs to attract and retain employees, and we may lose new employees to our competitors or other companies before we realize the benefit of our investment in recruiting and training, and we may have difficulty rapidly increasing our processing capacity in response to sudden increases in order volume. Moreover, new employees may not be or become as productive as we expect, and we may face challenges in adequately or appropriately integrating them into our workforce and culture. At times we have experienced elevated levels of unwanted turnover, and as our organization grows and changes and competition for talent increases, this type of attrition may increase. Periods of wage inflation exacerbate these risks and increase our operating expenses.
COVID-19 has had, and may continue to have, an adverse effect on our business.
The global spread of COVID-19 created significant volatility, uncertainty, and economic disruption. In the United States and globally, governmental authorities instituted certain preventative measures, including border closures, travel restrictions, operational restrictions on certain businesses, shelter-in-place orders, quarantines and recommendations to practice social distancing. These restrictions disrupted and may continue to disrupt economic activity, resulting in reduced commercial and consumer confidence and spending, lower levels of business formation, lower levels of labor mobility, increased unemployment, closure or restricted operating conditions for businesses, volatility in the global capital markets, instability in the credit and financial markets, labor shortages, regulatory recommendations to provide relief for impacted consumers, disruption in supply chains, and restrictions on many hospitality and travel industry operations.
The extent to which the coronavirus pandemic continues to affect our business, operations, and financial results is uncertain and will depend on future developments, including the duration or recurrence of the pandemic, the related length and severity of its impact on the U.S. and global economy, and the continued governmental, business and individual actions taken in response to the pandemic and economic disruption. For example, vaccine mandates may have an adverse effect on employment, which could decrease demand for our services. Impacts related to the COVID-19 pandemic are expected to continue to pose risks to our business for the foreseeable future, heighten many of the risks and uncertainties identified below, and could have an adverse impact on our business, financial condition, and results of operations.
Our business is substantially dependent on our customers’ continued use of our services, and our results of operations will decline if our customers reduce use of our services or are no longer willing or able to use them. Our customers are sensitive to negative changes in economic conditions. If they cease operations or file for bankruptcy protection, we may not be paid for services we already provided, and our customer base will shrink, which will lower our revenue.
There have been and there may continue to be a significant number of new laws and regulations promulgated by federal, state, local, and foreign governments because of the COVID-19 pandemic. We have expended additional resources and incurred additional costs in addressing regulatory requirements applicable to us and our customers. These regulations may be unclear, difficult to interpret or in conflict with other applicable regulations. The failure to comply with these new laws and regulations could result in financial penalties, legal proceedings, and reputational harm.
Forecasts of market growth may prove to be inaccurate, and even if the market in which we compete achieves the forecasted growth, our business may not grow at similar rates, if at all.
We may provide or rely upon forecasts related to growth of and conditions in our market. Forecasts are subject to significant uncertainty and are based on assumptions and estimates that may prove to be inaccurate. Further, even if our market grows, we may not. Our strategic plans may not succeed for various reasons, including possible shortfall or misallocation of resources or superior technology development, marketing, or service delivery by competitors.
As a result of various factors, our operating results may fluctuate significantly, be difficult to predict, and fall below analysts’ and investors’ expectations.
Our operating results may be difficult to predict, particularly because our customers are not required to continue purchasing our services and our business is vulnerable to economic downturns. We have experienced significant variations in revenue and operating results from period to period, and operating results may continue to fluctuate and be difficult to predict due to a number of factors, including:
•changes in pricing of our services in response to competitive pressure, increased data acquisition or labor costs, changes in revenue mix, and other factors;
•diversification of our revenue mix to include new services, some of which may have lower pricing than our prior services or may cannibalize existing business;
•the addition or loss of significant customers;
•changes in the business or financial condition of customers;
•the cost, timeliness, and quality of our services;
•changes and uncertainty in the regulatory environment for us or our customers;
•the introduction of new technologies or service offerings by our competitors and market acceptance of such technologies or services;
•our level of expenses, including investment required to support our innovation and scale our technology infrastructure and business expansion efforts;
•the effectiveness of our financial and information technology infrastructure and controls;
•foreign exchange rate fluctuations; and
•changes in accounting policies and principles and the significant judgments and estimates made by management in the application of these policies and principles.
Because significant portions of our expenses are relatively fixed, variation in our quarterly revenue could cause significant variations in operating results and resulting stock price volatility from period to period. Period-to-period comparisons of our historical results of operations are not necessarily meaningful, and historical operating results may not be indicative of future performance. If our revenue or operating results fall below the expectations of investors or securities analysts, or below any guidance we may provide to the market, the price of our common stock could decline substantially.
Our balance sheet includes significant amounts of goodwill and intangible assets. An impairment charge on our goodwill and other intangible assets could negatively affect our financial condition or results of operations.
Goodwill and intangible assets represented approximately 79% and 87% of our consolidated assets at December 31, 2021 and December 31, 2020, respectively. Future events, such as declines in our cash flow projections or customer demand, may cause impairments of our goodwill or long-lived assets, including intangible assets, based on factors such as the price of our common stock, projected cash flows, assumptions used, or other
variables. If our market capitalization drops significantly below the amount of net equity recorded on our balance sheet, that might indicate a decline in our fair value and would require us to further evaluate whether our goodwill has been impaired. The amount of any impairment could be significant and any write-down of goodwill or intangible assets resulting from future periodic evaluations would, as applicable, either decrease our net income or increase our net loss and could have a material adverse effect on our business, results of operations and financial condition.
Legal and Regulatory Risks
Litigation, inquiries, investigations, examinations or other legal proceedings in which we are involved, in which we may become involved, or in which our customers or competitors are involved could subject us to significant monetary damages or restrictions on our ability to do business.
In the ordinary course of our business activities, we are subject to frequent legal proceedings. These are typically claims by private plaintiffs, including subjects of our background reports and third parties with which we do business, but can also include regulatory investigations and enforcement proceedings. Most of these matters arise in the U.S. under the FCRA and other laws of U.S. states focused on privacy and the conduct and content of background reports, and relate to actual or alleged process errors, inclusion of erroneous or impermissible information, or failure to include appropriate information in background reports that we prepare. Investigations, enforcement actions, claims or proceedings may also arise under other laws addressing privacy and the use of background information such as criminal and credit histories around the world.
A consumer reporting agency that negligently fails to comply with any requirement under the FCRA is liable for actual damages sustained by the consumer because of the failure plus the legal fees and costs incurred by the consumer in enforcing the claim. If the consumer reporting agency’s failure to comply is “willful,” in lieu of actual damages the consumer may recover statutory damages of not less than $100 or more than $1,000 per violation plus any punitive damages allowed by the court. For these purposes, “willful” can extend beyond intentional acts to include errors or omissions that are difficult to avoid without the ability to predict problems in advance but that appear in hindsight to have been reckless, or to business decisions not to focus resources on technological developments or process improvements that are not deemed to be priorities but that, with the benefit of hindsight, prove to be more important than previously foreseen. Claimants need not show any actual harm in order to be entitled to statutory damages, which the FCRA does not cap. The ICRAA follows a similar approach, but imposes statutory damages of $10,000 for individual claims, without any requirement of negligence or willfulness.
The right of a consumer to recover legal fees and costs for any successful claim is a powerful motivator for plaintiffs’ attorneys to bring claims under the FCRA, and attorneys’ fee awards in FCRA cases often exceed the actual damages. This creates settlement value and therefore imposes significant costs upon us for minor claims and even technical violations that result in no real harm.
The availability of attorneys’ fees and statutory damages also make class actions under the FCRA potentially lucrative for plaintiffs’ attorneys. Even minimal error rates produce a number of actionable claims against us when multiplied across the millions of reports we prepare, and an error in the design or execution of a process can affect large numbers of consumer reports to which that process applies, thereby creating class exposure to statutory damages of $1,000 per violation. This allows plaintiffs’ attorneys who seek the largest class possible, even if liability to the class is unlikely, to threaten aggregate statutory damages that might be excluded from or exceed the limits of our insurance, potentially by significant amounts.
Commonly asserted mistakes include matching a person who has no criminal history with the criminal records of another person having the same or almost the same identifying information; reporting arrests, civil suits or judgments, or other adverse information that is more than seven years old; reporting criminal records inaccurately, such as failure to identify amendments to the original charges or expungements of convictions; and failing to follow regulatory process requirements, such as providing appropriate disclosure to, and receiving required authorization from, the subjects of our background reports (which is legally the customer’s responsibility but which we often facilitate), receiving required certifications from our customers that they have complied with their disclosure and authorization obligations, reinvestigating and correcting erroneous information reported about a consumer in
response to the consumer’s demand that we do so, and upon demand by a consumer, disclosing all information that we record and retain about that consumer.
Many factors contribute to these and other kinds of errors. Criminal record information is sourced from a large number of federal, state, county, and local government agencies, including court systems in approximately 3,000 counties across the U.S. There are significant disparities in how these data sources keep records and describe the nature and disposition of criminal charges and convictions. This contributes to errors in extracting information requested by our customers from those records and correctly describing that information in our background reports.
Associating the correct records to a consumer involves matching the identifying information we receive from our customer or the consumer to the identifying information in our data source. This can be challenging because the various sources of the information we gather do not always include common or complete identifying information. We look for identifying information beyond simply first and last names, but additional identifiers such as middle name (if the subject has a middle name), date of birth, address, and government-issued identification number may or may not be present in any particular data source. We must also overcome differences in names arising from the use of nicknames, previous names (e.g., maiden names), and aliases. In some instances, there are errors in the recorded identifying information for an individual. In addition, many courts do not include date of birth information in their criminal records for privacy reasons, and some courts that do include date of birth information in their criminal records are limiting or eliminating public access to that information. Inability to obtain date of birth information associated with criminal records may require us to depend upon other identifiers that are more difficult to use, potentially increasing the cost of criminal record searches and the chances of mismatch. In some cases, inability to access date of birth information or other identifiers may prevent us from meeting legal requirements for accuracy, which would prevent us from reporting otherwise relevant and reportable criminal records, potentially making our services less useful and depriving us of important revenue streams.
Evolving regulatory priorities and interpretations and judicial decisions can expose industry participants, including us, to potential liability for compliance practices that were widely accepted in the past.
At any given time, we have a number of demands pending against us by consumers claiming that we made a mistake in their consumer report. Some of these are articulated as class actions. Damages claimed can include loss of employment opportunities, defamation, invasion of privacy, and emotional distress, among other things. Such claims have on occasion resulted in significant liability for us and other industry participants and future claims could be material, divert management’s attention, cause reputational harm, and subject us to regulatory scrutiny and equitable remedies that could limit the scope and increase the costs of our operations. In particular, class action or other multi-plaintiff claims have the potential to have a material adverse effect on our financial condition and results of operations. While we do not believe that the outcome of any pending or threatened legal proceeding, investigation, examination, or supervisory activity will have a material adverse effect on our financial position, new claims or regulatory actions could emerge at any time. Such events are inherently uncertain and adverse outcomes could result in significant monetary damages, penalties, or injunctive relief against us.
In addition to these direct risks to our business, consumer-reporting laws have indirect effects on our business. Some of our suppliers are themselves consumer reporting agencies that impose requirements and restrictions upon us and require us to indemnify them as part of their own compliance efforts.
The FCRA, the ICRAA and other laws that regulate our business impose significant operational requirements and liability risks.
We are subject to U.S. federal, state, and local laws and regulations related to background reporting. These laws and regulations are complex, stringent, and subject to evolving and often uncertain administrative and judicial application in ways that can be difficult to predict and can harm our business. For example, we are subject to the FCRA, the ICRAA, and other similar laws that impose many restrictions and process requirements upon “consumer reporting agencies” (like us) that provide those reports and customers that use them. The restrictions and process requirements largely relate to what may be reported about an individual, when, to whom, and for what purposes, and how the subjects of consumer reports are to be treated. For example, under the FCRA, the consumer reporting agency providing a consumer report must follow reasonable procedures to assure the accuracy of the information
reported, and may not report certain things, including adverse information (other than criminal convictions) that is more than seven years old, even if this information is otherwise available to our customer. A consumer report may not be furnished for employment purposes unless the subject of the report has authorized procurement of the report after receiving disclosure, in a document that consists solely of the disclosure, that such a consumer report may be obtained for that purpose. Before taking any adverse action based upon a consumer report prepared for employment purposes, the user of the report must provide the subject of the report with a copy of the report and certain required disclosures. If the subject of a consumer report disputes its accuracy, the consumer reporting agency must reinvestigate. Violations of FCRA can result in civil and criminal penalties. Regulatory enforcement of FCRA is under the purview of the Federal Trade Commission (the “FTC”), the Consumer Financial Protection Bureau (the “CFPB”) and state attorneys general, acting alone or in concert with one another.
Some employment-related background reporting practices may be allowed, or even required, in some jurisdictions or circumstances yet prohibited in others. For example, in the U.S., applicable regulations require employers in some industries, such as finance, health care, or transportation, to inquire into elements that are or may be prohibited by the FCRA, state consumer reporting laws, or restrictions around the use of criminal history. Where such laws and regulations conflict or may conflict, we may be required to restrict the information we provide our customers. Other countries and localities around the world regulate background reporting in their own ways, including by prohibiting reporting of certain kinds of information, such as criminal or credit histories, and imposing unique process requirements. These requirements are constantly evolving and can change quickly. This requires us to maintain wide-ranging compliance expertise and adapt our operations appropriately to divergent local requirements or face liability and reputational harm for failure to do so.
Any failure by us to comply with, or remedy any violations of, applicable laws and regulations, could result in substantial fines and restitution obligations and court-ordered injunctions or administrative cease-and-desist orders or settlements that require us to modify our business practices in ways that are costly to implement or that reduce our efficiency or the utility of our services, or may prohibit conduct that would otherwise be legal and in which our competitors may engage. In addition, there may also be adverse publicity and uncertainty associated with investigations, litigation and orders (whether pertaining to us, our suppliers, our customers, or our competitors) that could decrease customer acceptance of our services.
For example, in 2012 the U.S. Federal Trade Commission assessed civil penalties of $2.6 million and other measures against HireRight for various process failures including failing to follow reasonable procedures to (i) assure that the information contained in its consumer reports reflected the current public record status of the consumers’ information (such as expungement of a criminal record); (ii) prevent the inclusion of multiple entries for the same criminal offense in a single report; and (iii) prevent the inclusion of obviously erroneous information in reports. In 2015, the U.S. Consumer Financial Protection Bureau issued a Consent Order against GIS assessing consumer redress payments of $10.5 million and civil monetary penalties of $1.25 million payable to the Bureau for (i) reporting of mismatched criminal record information; (ii) failure to notify consumers at the time of reporting adverse information or maintaining strict procedures to ensure adverse information is complete and up-to-date; (iii) reporting adverse non-conviction information, such as civil suits and judgments, that antedated the report by more than seven years; and (iv) and failing to maintain adequate processes to prevent such errors. Similar enforcement actions have affected our competitors and it appears that the current political climate may result in increased regulatory enforcement activity. Additionally, our customers might face similar proceedings, actions, or inquiries, which could result in indemnity claims against us and could affect their business and, in turn, our ability to do business with those customers.
Along with laws and regulations related to background reporting, other laws and regulations governing employment relationships and practices around the world also expose us to compliance requirements and enforcement risk. For example, laws prohibiting inquiry into a job applicant’s criminal history until after a conditional offer of employment is made require us to adapt our operational procedures. Identity and right-to-work verification requirements, such as U.S. I-9 compliance procedures and drug and health screening requirements applicable to employment in certain industries, can expose us to significant liability and regulatory penalties for errors we make in assisting our customers with these processes.
In the future, we expect to be subject to significant additional compliance expense and liability risk as a result of increased governmental and private enforcement activity and implementation of new laws and regulations restricting access to and use of personal information in response to social trends and growing worldwide concern that:
•inaccuracies in background reports harm the individuals who are the subjects of those reports;
•background reporting has a disparate adverse impact on some populations;
•background reports can impair the ability of persons with criminal records to reintegrate with society;
•use of algorithms and automated processing, including artificial intelligence and machine-learning, fail to take individual circumstances into account and may reinforce inaccurate or unjust biases; and
•privacy must be protected as a fundamental right, resulting in significant limitations on collection and use of personal background information.
Increased enforcement and new laws and regulations related to background reporting may limit our ability to pursue business opportunities we might otherwise consider, prevent full utilization of our services and reduce the availability or effectiveness of our services or the supply of data available to our customers. Further, any perception that our practices or services are inaccurate, are an invasion of privacy or have disparate impacts, whether or not consistent with current or future regulations and industry practices, may subject us to public criticism, private class actions, reputational harm, or claims by regulators, which could disrupt our business and expose us to increased liability. We cannot predict the ultimate impact on our business of new or proposed rules, supervisory examinations or government investigations or enforcement actions.
We are subject to rapidly changing and increasingly stringent laws and industry standards relating to privacy, data security, and data protection. The requirements and costs imposed by these laws, or our actual or perceived failure to comply with them, could subject us to liabilities that adversely affect our business.
We collect, process, transmit and store sensitive data, including personally identifiable information of applicants and employees of our customers about whom we prepare background reports. We and our data suppliers are subject to numerous laws regarding privacy and the storage, sharing, use, transfer, disclosure, protection, and other processing of this kind of information. In the U.S., these laws include the DPPA (regulating driving records), the GLBA (regulating financial data), the HIPPA (regulating health information), the Federal Motor Carrier Safety Administration’s rules (regulating truck-driver drug testing and other qualifications), and the Death Master File rule (regulating death notices related to Social Security Numbers).
In addition, multiple legislative proposals concerning privacy and the protection of user information are being considered by the U.S. Congress. Various U.S. state legislatures have announced intentions to consider additional privacy legislation, and U.S. state legislatures have already passed and enacted comprehensive privacy legislation. For example, the CCPA imposes obligations and restrictions on businesses regarding their collection, use, processing, retaining and sharing of personal information and provides new and enhanced data privacy rights to California residents, such as affording them the right to access and delete their personal information and to opt out of certain sharing of personal information. The CCPA exempts much of the data that is covered by FCRA, GLBA, and DPPA and, therefore, much of our data is not subject to the CCPA. However, information we hold about individual residents of California that is not subject to FCRA, GLBA, and DPPA would be subject to the CCPA. Because the CCPA is relatively new, there is still some uncertainty about how such exceptions may be applied under the CCPA. In addition, new laws and regulations proposed or enacted in a number of states impose, or have the potential to impose additional obligations on companies that collect, store, use, retain, disclose, transfer and otherwise process confidential, sensitive and personal information, and will continue to shape the data privacy environment nationally. State laws are changing rapidly and there is discussion in Congress of a new federal data protection and privacy law to which we would become subject if it is enacted.
In the European Economic Area, we are subject to the General Data Protection Regulation (the “GDPR”) and in the United Kingdom, we are subject to the United Kingdom data protection regime consisting primarily of the U.K. General Data Protection Regulation (“U.K. GDPR”) and the U.K. Data Protection Act 2018. The GDPR and U.K.
GDPR are extremely broad and sweeping privacy laws that establish multiple privacy and data protection requirements, including with respect to criminal convictions data, that are in some respects more comprehensive than those of the U.S. and other countries where we operate. These requirements include providing detailed disclosures about how personal data is collected and processed (in a concise, intelligible and easily accessible form); demonstrating that an appropriate legal basis is in place or otherwise exists to justify data processing activities; rights for data subjects in regard to their personal data (including the right to be “forgotten” and the right to data access); notifying data protection regulators or supervisory authorities (and in certain cases, affected individuals) of significant data breaches; imposing limitations on retention of personal data; maintaining a record of data processing; and complying with the principle of accountability and the obligation to demonstrate compliance through policies, procedures, training and audit. Fines for certain breaches of the GDPR and the U.K. data protection regime are significant e.g., fines for certain breaches of the GDPR or the U.K. GDPR are up to the greater of €20 million / £17.5 million or 4 % of total global annual turnover. Other countries outside of the European Economic Area and the United Kingdom have also enacted comprehensive data protection legislation similar to the GDPR to which we are or may become subject in the future.
These privacy laws and regulations also regulate many of our data suppliers, which in turn impose their restrictions and requirements upon us. If we violate those restrictions and requirements, we risk both liability and interruptions in our ability to obtain information that we need to deliver our services.
Compliance with multiple federal, state and international laws and regulations imposing varying and increasingly rigorous requirements is complicated and costly, and we must devote substantial resources to strive for adherence with applicable laws, regulations, and related requirements. The scope of such laws is constantly changing, and in some cases, inconsistent and conflicting and subject to differing interpretations, and new laws of this nature are regularly proposed and adopted. Consequently, we currently, and from time to time, may not be in compliance with all such laws. Such laws also are becoming increasingly rigorous and could be interpreted and applied in ways that may have a material adverse effect on our business, financial condition, results of operations and prospects. Therefore, enforcement practices are likely to remain uncertain for the foreseeable future. There is no assurance that we will not be subject to claims that we have violated applicable laws or codes of conduct, that we will be able to successfully defend against such claims or that we will not be subject to significant fines and penalties in the event of non-compliance. Additionally, to the extent multiple state-level laws are introduced with inconsistent or conflicting standards and there is no federal law to preempt such laws, compliance with such laws could be difficult and costly to achieve and we could be subject to fines and penalties in the event of non-compliance.
Furthermore, enforcement actions and investigations by regulatory authorities related to data security incidents and privacy violations continue to increase. As discussed above, we have in the past received, and may continue to receive inquiries from regulators regarding our data privacy practices. Any failure or perceived failure by us to comply with applicable privacy and security laws, or any compromise of security that results in unauthorized access, use or transmission of, personal user information, could result in a variety of claims against us, including governmental enforcement actions and investigations, and class action privacy litigation. We could further be subject to significant fines, other litigation, claims of breach of contract and indemnity by third parties, and adverse publicity. When such events occur, our reputation may be harmed, we may lose current and potential customers and the competitive positions of our various brands might be diminished. In addition, if our practices are not consistent or viewed as not consistent with legal and regulatory requirements, including changes in laws, regulations and standards or new interpretations or applications of existing laws, regulations, and standards, we may become subject to audits, inquiries, whistleblower complaints, adverse media coverage, investigations, loss of export privileges or severe criminal or civil sanctions.
In addition to the above, we have been, and could be in the future, the victim of fraudulent requests for background screening reports as a result of fraudsters “spoofing” or impersonating our customers. The internal controls or procedures we put into place to combat such attacks may not be enough to stop them. Any transfer or loss of personal data to fraudsters as a result of such attacks may cause us to violate our contractual commitments, compromise our ability to receive information from our data suppliers, harm our reputation, give rise to unwanted media attention, and result in litigation and regulatory action.
We can incur significant liability for omitting adverse information in a background report if the subject of that report causes harm that could have been foreseen and avoided if we had reported the omitted information.
One of the reasons our customers use our services is to protect against negligent hiring claims that are likely to result if they hire an individual who causes harm that could have been foreseen and avoided through a careful review of the individual’s background. If we fail to report potentially negative information, such as criminal records, a history of dangerous driving, or illegal drug use about an individual who later commits a crime or causes other harm in the course of employment by our customer, we may face potential direct liability to damaged third parties, as well as an obligation to indemnify and defend our customer against its own negligent hiring liability exposure. We have in the past experienced such claims for crimes such as assaults and thefts allegedly committed, as well as automobile accidents allegedly caused, by persons on whom we prepared background reports that did not include records of similar past conduct. These kinds of situations tend to attract adverse publicity, which together with the liability to which we may be subject, could be extremely damaging and might be excluded from, or exceed the limits of, our insurance coverage. Even in situations in which we have no legal responsibility, such as for prior records that we allegedly “missed” but did not discover because they were outside the scope of the search we were hired to perform, merely being associated with a negligent hiring claim could be extremely damaging to our reputation, and we may choose to indemnify customers or otherwise contribute to legal settlements in the interests of customer relations.
We may be subject to and in violation of state private investigator licensing laws and regulations, which could adversely affect our ability to do business in certain states and subject us to liability.
Although our work is distinct from the activities normally associated with private investigators, we fit within the definitional scope of many state laws that regulate private investigators because of our information gathering and reporting activities. These laws and related licensing requirements and regulations vary among the states and are subject to differing interpretations. Failure to correctly interpret and comply with these laws, requirements and regulations may result in the imposition of penalties or restrictions on our ability to continue our operations in certain states.
We are subject to government regulations concerning our employees, including wage-hour laws and taxes.
We are subject to applicable rules and regulations relating to our relationship with our employees, including health benefits, sick days, unemployment and similar taxes, overtime and working conditions, equal pay, immigration status, and classification of employee benefits for tax purposes. Legislated increases in labor-cost components, such as employee benefit costs, workers’ compensation insurance rates, and compliance costs, as well as the cost of litigation and fines in connection with these regulations, would increase our labor costs. Many employers nationally have been subject to actions brought by governmental agencies and private individuals under wage-hour laws on a variety of claims, such as improper classification of workers as exempt from overtime pay requirements, failure to pay overtime wages properly, and failure to provide meal and rest breaks or pay for missed breaks, with such actions sometimes brought as class or collective actions. These actions can result in material liabilities and expenses. Federal and state standards for classifying employees under wage-and-hour laws differ and are often unclear or require application of judgment, and classifications may need to change as employment duties evolve over time. We may misclassify employees and be subject to liability as a result. If we become subject to employment litigation, such as actions involving wage-and-hour, overtime, breaks and working time rules, it may distract our management from business matters and result in increased labor costs.
We may be subject to intellectual property claims by third parties, which are costly to defend, could require us to pay significant damages and could limit our ability to use certain technologies and intellectual property.
Third parties may assert claims of infringement or misappropriation of intellectual property rights against us, or against our customers for use of our systems or services. We cannot be certain that we are not infringing any third-party intellectual property rights, and we may have liability or indemnification obligations as a result of such claims. As a result of the information disclosure in required public company filings our business and financial condition are visible, which may result in threatened or actual litigation, including by competitors and other third parties.
Regardless of whether claims that we are infringing patents or infringing or misappropriating other intellectual property rights have any merit, these claims are time-consuming and costly to evaluate and defend and can impose a
significant burden on management and employees. The outcome of any claim is inherently uncertain, and we may receive unfavorable interim or preliminary rulings in the course of litigation. There can be no assurances that favorable final outcomes will be obtained in all cases. We may decide to settle lawsuits and disputes on terms that are unfavorable to us. Some parties that could make claims of infringement against us have substantially greater resources (including in-house expertise on the disputed technology) than we do and are able to sustain the costs of complex intellectual property litigation to a greater degree and for longer periods of time than we could.
Although third parties may offer a license to their technology or intellectual property, the terms of any offered license may not be acceptable and the failure to obtain a license or the costs associated with any license could cause our business to be materially and adversely affected. In addition, some licenses may be non-exclusive, and therefore our competitors may have access to the same technology or intellectual property licensed to us. Alternatively, we may be required to develop non-infringing technology or to make other changes that could require significant effort and expense and ultimately may not be successful. Furthermore, a successful claimant could secure a judgment or we may agree to a settlement that prevents us from performing certain services, limits the way we may provide certain services, or requires us to pay substantial damages, including treble damages if we are found to have willfully infringed the claimant’s patents or copyrights. Claims of intellectual property infringement or misappropriation also could result in injunctive relief against us, or otherwise result in delays or stoppages in providing all or certain aspects of our solution.
If we are unable to protect our proprietary technology and other intellectual property rights, it may reduce our ability to compete for business and we may experience reduced revenue and incur costly litigation to protect our rights.
Our business depends on our brands as well as our internally-developed and licensed technology and content, including software, databases, confidential information and know-how, the protection of which is crucial to the success of our business. We rely on a combination of trademark, trade secret and copyright laws, confidentiality procedures, and contractual provisions to protect our rights in our internally-developed technology, brands and other intellectual property. These measures may not be sufficient to offer us meaningful protection, particularly in jurisdictions that do not protect intellectual property rights to the same extent as do the laws of the United States. If we are unable to protect our intellectual property, our competitive position and our business could be harmed, as third parties may be able to commercialize and use technologies that are substantially similar to ours without incurring the development and licensing costs that we have incurred. Any of our owned or licensed intellectual property rights could be challenged, invalidated, circumvented, infringed, misappropriated or otherwise violated, our trade secrets and other confidential information could be disclosed in an unauthorized manner to third parties, or our intellectual property rights may not be sufficient to permit us to take advantage of current market trends or otherwise to provide us with competitive advantages, each of which could result in costly redesign efforts, discontinuance of certain offerings or other competitive harm.
Monitoring unauthorized use of our intellectual property is difficult and costly, and the steps we have taken to protect our intellectual property rights may not be adequate to prevent infringement, misappropriation, dilution or other violations. Litigation brought to protect and enforce our intellectual property rights can be costly, time consuming and distracting to management, and could be ineffective or result in the impairment or loss of portions of our intellectual property. As a result, we may be aware of infringement or other violations by competitors but may choose not to bring litigation to enforce our intellectual property rights. Furthermore, even if we decide to bring litigation, our efforts to enforce our intellectual property rights may be met with defenses, counterclaims and countersuits challenging or opposing our right to use and otherwise exploit particular intellectual property, services and technology or the enforceability of our intellectual property rights. As a result, despite efforts by us to protect our intellectual property rights, unauthorized third parties may attempt to use, copy, or otherwise obtain and market or distribute our intellectual property or technology or otherwise develop solutions with the same or similar functionality as our solutions. If competitors infringe, misappropriate, or otherwise violate our intellectual property rights and we are not adequately protected or elect not to litigate, our competitive position, business, financial condition and results of operations could be harmed.
In general, any inability to meaningfully protect our intellectual property rights could impair our ability to compete and reduce demand for our services. Moreover, our failure to develop and properly manage new intellectual
property could adversely affect our market positions and business opportunities. Also, some of our services rely on technologies and software developed by or licensed from third parties, and we may not be able to maintain our relationships with such third parties or enter into similar relationships in the future on reasonable terms or at all.
Uncertainty may result from changes to intellectual property legislation and from interpretations of intellectual property laws by applicable courts and agencies. Accordingly, despite our efforts, we may be unable to obtain, maintain, protect and enforce the intellectual property rights necessary to provide us with a competitive advantage. Our failure to obtain, maintain, protect, and enforce our intellectual property rights could therefore have a material adverse effect on our business, financial condition and results of operations.
Our business relationships expose us to risk of substantial liability for contract breach, violation of laws and regulations, intellectual property infringement and other acts and omissions by us and others, and our contractual indemnities, limitations of liability, and insurance may not protect us adequately.
Our agreements with our customers and suppliers typically obligate us to provide indemnity and defense for violation of applicable laws and regulations, damages to property or persons, misappropriation of confidential or personally identifiable information in our custody or control, intellectual property infringement, business losses, and other liabilities. Generally, these indemnity and defense obligations relate to our own business operations, and acts or omissions. However, under some circumstances, we agree to indemnify and defend contract counterparties against losses resulting from their own business operations and acts or omissions, or the business operations and acts or omissions of third parties. For example, our customers also typically require us to indemnify them against acts and omissions of our subcontractors and suppliers, such as business process outsourcing providers and data sources. At the same time, these subcontractors and suppliers often require us to indemnify them against acts and omissions of our customers, including indemnifying our data sources for our customers’ misuse of that data.
Even in the absence of a clear contractual obligation to provide indemnity, customers regularly seek indemnification from us in respect of claims made against them due to alleged errors in our services, or alleged errors they make in complying with laws and regulations applicable to their procurement and use of our services. Some of these indemnity claims are supportable and result in costs to us, and we may sometimes fund even invalid claims for relationship reasons.
Our agreements with customers and suppliers typically include provisions limiting our liability to the counterparty and the counterparty’s liability to us, although these limits sometimes do not apply to certain liabilities, including indemnity obligations, and certain customers and suppliers, including government entities, may require indemnity from us without any limit on our liability, and provide us with little or no reciprocal indemnity support.
We have limited ability to control acts and omissions of our customers, suppliers, or other third parties that could trigger our indemnity obligations, and our insurance policies may not cover us for acts and omissions of others. Because we contract with many customers and suppliers and those contracts are individually negotiated with different scopes of indemnity and different limits of liability, it is possible that in any case our obligation to provide indemnity for the acts or omissions of a third party such as a customer or supplier may exceed what we are able to recover from that third party. Further, contractual limits on our liability may not apply to our indemnity obligations, contractual limits on our counterparties’ liability may limit what we can recover from them, and contract counterparties may be unable to meet their obligations to indemnify and defend us as a result of insolvency or other factors. Large indemnity obligations, or obligations to third parties not adequately covered by the indemnity obligations of our contract counterparties, could expose us to significant costs.
In addition to the effects on indemnity described above, the limitation of liability provisions in our contracts may, depending upon the circumstances, be too high to protect us from significant liability for our own acts or omissions, or so low as to prevent us from recovering fully for the acts or omissions of our counterparties.
Liabilities we incur in the course of our business may be uninsurable, or insurance may be very expensive and limited in scope.
Insurance companies view consumer reporting as a risky business.
•The FCRA, the California Investigative Consumer Reporting Agencies Act, and similar laws that regulate our business are ambiguous in many respects, resulting in a constant succession of new liability theories conceived by plaintiffs’ attorneys and tested through claims against background reporting companies like us.
•There are significant uncertainties and inconsistencies in how courts interpret those laws.
•The availability under those laws of substantial statutory damages and attorneys’ fees awards can result in enormous class action claims.
•Background reporting companies may incur significant liability to their customers and members of the public for failure to report potentially negative information, such as criminal records, about an individual who later commits a crime or causes other harm that might have been foreseen and avoided if the prior record had been reported.
•Governmental agencies charged with enforcing these laws, such as the CFPB and FTC, have a history of imposing large fines and their enforcement approaches and intensity may vary with changes in partisan political control.
Due to these and similar factors, and the resulting frequency and potential severity of legal claims, some insurance companies will not underwrite errors and omissions policies for background reporting companies. Insurance companies that will underwrite such policies often impose very high retention requirements and various coverage limitations and exclusions, including for regulatory investigations, fines, and punitive damages. Consequently, while we do have errors and omissions coverage, we expect to bear responsibility for most claims that arise as a result of errors and omissions in delivery of our services. Further, significant claims under our policies, or negative claims experience in the industry in general, could result in carriers refusing to provide liability insurance to us, or charging prohibitive premiums and imposing co-insurance requirements in addition to high retentions. Finally, the terms of any regulatory enforcement order against us may prohibit us from recovering under insurance for any fines, penalties, or restitution assessed.
Technology and Data Security Risks
Breaches or misuse of our networks or systems, our customers’ networks or systems that are integrated with ours, or networks or systems of third parties upon which we rely, or any improper access to our information or platform may negatively impact our business and harm our reputation.
In the ordinary course of business, we access, collect, process, transmit and store sensitive data, including intellectual property and proprietary business information of our customers and suppliers and personally identifiable information of applicants and employees of our customers about whom we prepare background reports. The secure operation of our IT networks and systems and secure processing and maintenance of this information is critical to our business operations and strategy.
Because we access, store and transmit personally identifiable information, we could be the target of cyber attacks, fraudulent schemes and other security threats by third parties, including technically-sophisticated and well-resourced hackers, hostile state intelligence services and other bad actors attempting to access or steal the data we store or to disrupt our operations or to misappropriate such information by direct theft or subterfuge, such as by posing as customers. International tensions and economic sanctions, such as those accompanying the conflict in Ukraine, could contribute to an environment in which cyber attacks become more common, either as state-sponsored geo-political policy or military tactics, or as opportunistic behavior by criminals seeking to take advantage of chaotic situations. Furthermore, insider or employee cyber and security threats are also a significant concern for all companies, including ours, and have become a greater risk as a result of the greater adoption of remote work as a
response to the COVID-19 pandemic. Despite our investments in physical and technological security measures, employee training and other precautions, we are vulnerable to exploitation of our IT networks and infrastructure to gain unauthorized access to data from us or from our customers, our and their suppliers, and other service providers whose systems can be accessed through ours, resulting in breaches of confidential and personal information, computer malware, ransomware, and transmission of computer viruses.
Current security measures undertaken by us, our customers, suppliers, vendors or service providers may be ineffective as a result of various factors including employee error; failure to implement appropriate processes and procedures; malfeasance, acts of vandalism, computer viruses and interruption or loss of valuable business data, breaches, cyber-attacks or other tactics to obtain illicit system access. Moreover, the risk of unauthorized circumvention of our security measures or those of our customers, suppliers, vendors, and service providers has been heightened by advances in computer and software capabilities and the increasing sophistication of hackers who employ complex techniques, including without limitation, “phishing” or social engineering incidents, spoofing, ransomware, extortion, account takeover attacks, denial or degradation of service attacks, and malware. We and our customers and vendors have been in the past, and could be in the future, the victim of fraud schemes, including as a result of fraudsters “spoofing” or impersonating our customers, including by using stolen identities and credit cards and misappropriated customer credentials to order background reports as a way of compiling additional information about consumers.
While we have put in place internal controls and procedures designed to prevent or identify such fraudulent attacks and continue to review and upgrade our internal controls and procedures in response to the heightened risk and occurrence of such fraudulent attacks (some of which were successful), there can be no assurance that we will not fall victim to such attacks. Fraudulent transfer of funds can cause direct financial loss to us or our customers or vendors. Use of stolen credit cards to order our background reports subjects us to risk of refunding the fees we collected for providing those reports and bearing the unreimbursed costs of third-party data and services we purchased to fulfill those fraudulent orders. Transfer or loss of financial or personal data to fraudsters as a result of such spoofing or impersonation may cause us to violate our contractual commitments, compromise our ability to receive information from our data suppliers, including driver licensing and motor vehicle operating information that we receive from state motor vehicle departments, harm our reputation, give rise to unwanted media attention and result in litigation and regulatory action. Because techniques used to obtain unauthorized access or sabotage systems change frequently and generally are not identified until they are launched against a target, and because we typically are not able to control the efficacy of security measures implemented by our customers and suppliers, we may be unable to anticipate these techniques, implement adequate preventative measures or remediate any intrusion on a timely or effective basis even if our security measures are appropriate, reasonable, and comply with applicable legal requirements. Although we have developed and strive to improve systems and processes designed to prevent security breaches and data loss, these security measures cannot provide absolute security, and the protection of our systems and information against exploitation and misappropriation is partially dependent on our customers’ security practices, such as measures to safeguard credentials.
Though it is difficult to determine what harm may directly result from any specific interruption or breach, any security incident could disrupt computer systems or networks, interfere with services to our customers or their applicants and employees, and result in unauthorized access to personally identifiable information, intellectual property, and other confidential business and personal information. As a result, we could be exposed to unwanted media attention, legal claims and litigation, indemnity obligations, legal and contractual reporting obligations, regulatory fines and penalties, contractual obligations, other liabilities, significant costs for remediation and re-engineering to prevent future occurrences, such as increased investment in technology, the costs of compliance with consumer protection laws and costs resulting from consumer fraud, significant distraction to our business, and damage to our reputation, our relationships with customers and suppliers, and our ability to retain and attract new customers and suppliers. If personally identifiable information is compromised, we may be required to undertake notification and remediation procedures, provide indemnity, and undergo regulatory investigations and penalties, all of which can be extremely costly and result in adverse publicity. While we maintain cyber liability insurance, we cannot ensure that our insurance policies will be sufficient to cover all losses that we may incur if we suffer significant or multiple attacks. We also cannot be certain that our existing insurance coverage will continue to be
available on acceptable terms or in amounts sufficient to cover the potentially significant losses that may result from a security incident or breach or that the insurer will not deny coverage of any future claim.
We rely significantly on the use of information technology. System failures, including failures due to natural disasters or other catastrophic events, could delay and disrupt our services, cause harm to our business and reputation and result in a loss of customers.
We depend heavily upon computer systems to provide reliable, uninterrupted service to our customers. We have experienced brief system interruptions in the past, often relating to specific customers or groups of customers, and we believe that interruptions will continue to occur from time to time in the future. Our platform operates on our data processing equipment that is housed in third-party commercial data centers that we do not control. In addition, our systems interact with the systems of our customers, their HCM systems and ATS providers, and our suppliers. All of these facilities and systems are vulnerable to interruption and/or damage from a number of sources, many of which are beyond our control, including natural disasters or other catastrophic events such as earthquakes, fires, floods, terrorist attacks, power loss and telecommunications failures, as well as computer viruses, physical and electronic break-ins, software issues, technology glitches, and other similar events, any of which can temporarily or permanently interrupt services to customers. In particular, as described above, intentional cyber-attacks present a serious issue because they are difficult to prevent and remediate and can be used to steal data or disrupt operations.
Although we maintain redundant data center capabilities for business continuity and disaster recovery, any substantial disruption of this sort could cause interruptions or delays in our business and loss of data or render us unable to deliver our services in a timely manner, or at all. These interruptions may also interfere with our suppliers’ ability to provide us information and our employees’ ability to perform their responsibilities. In addition, a significant portion of the work required to deliver our services is conducted by outsourced suppliers that work from other countries, including India, the Philippines, and the Caribbean, that are vulnerable to natural disasters and infrastructure failures. Any disruption in the ability of our outsourced suppliers to perform such functions may result in service interruptions and delays for our customers.
The steps we take to mitigate these risks may not protect against all problems, and our ability to mitigate risks to third-party systems is limited. In addition, we rely to a significant degree upon security and business continuity measures of our data center operators, telecommunications providers, and other third parties, and if those suppliers fail us, we could be unable to meet the needs of our customers. Any steps we take to increase the reliability and redundancy of our systems may be expensive and may not be successful in preventing system failures.
Any failures or delays with our systems or other systems that interact with our systems, or inaccessibility or corruption of data, could be time-consuming and costly to repair or replace, divert our employees’ attention, expose us to liability, and harm our reputation, resulting in customers seeking to avoid payment, demanding future credits for disruptions or failures, and diverting their business to competitors. The financial harm from such circumstances could exceed any applicable business interruption insurance we may have.
If we fail to enhance and expand our technology and services to meet customer needs and preferences, the demand for our services may materially diminish.
Technology is critical to our ability to provide market-leading services that meet the diverse and complex needs of our global customers. To remain competitive and responsive to customer demands, we must continually innovate new services and upgrade, enhance, and expand our technology and services. In addition, some of our older technology needs to be updated or replaced to keep pace with our growth, evolving compliance requirements, and the increasing complexity of our business. This will require significant and increasing investments in our technology for the foreseeable future, as well as operating both older and new versions of the same systems concurrently until the new systems are fully operational following testing, integration with customer and supplier systems, personnel training, and other activities associated with implementation of new technology.
Our services are complex and can require a significant investment of time and resources to develop, test, introduce into use, and enhance. These activities can take longer than we expect. We schedule and prioritize our development efforts according to a variety of factors, including our perceptions of market trends, customer requirements, and resource availability. We may encounter unanticipated difficulties that require us to re-direct or
scale back our efforts and we may need to modify our plans in response to changes in customer requirements, market demands, resource availability, regulatory requirements, or other factors. These factors place significant demands upon our engineering organization, require complex planning and decision making, and can result in acceleration of some initiatives and delay of others. As a result of such factors, we may not execute successfully on our technology and services development strategy.
In addition, investment in development of new services often involves a long return-on-investment cycle. We must continue to dedicate a significant amount of resources to our development efforts before knowing to what extent our investments will result in services that meet evolving market conditions.
If we do not manage our development efforts efficiently and effectively, we may fail to produce, or to timely produce, services that respond appropriately to the needs of our customers, and competitors may develop offerings that more successfully anticipate market demand. If our services are not responsive and competitive, customers can be expected to shift their business to our competitors. Customers may also resist adopting our new services for various reasons, including reluctance to disrupt existing relationships and business practices or to invest in necessary technological integration.
Real or perceived errors, failures, or bugs in our platform could adversely affect our business.
The technology that forms the basis of our platforms is complex. Additionally, our platforms interact with a variety of systems in addition to our internal systems, including customer and ATS systems as well as those of third-party data providers. The complexity of the technology we employ as well as the variety of networking configurations we run and applications to which our platforms connect increases the likelihood of real or perceived errors, bugs or failures in those business environments. We test our software and products and material changes made to our platforms, but errors, bugs or failures could exist and may not be found until after our products are deployed to our customers or until they disrupt operations. Any error, bug or failure could degrade the quality of service on our platform and adversely affect our customers’ business, which could in turn result in our loss of revenue, damage to our reputation and brand, and weakening of our competitive position. Additionally, we could face legal claims for breach of contract due to service level failures or statutory liability for process errors due to errors or bugs. Defending a lawsuit, regardless of its merit, is costly and may divert management’s attention away from the business and cause additional harm to our reputation and operating results.
The use of open-source software may expose us to additional risks and compromise our intellectual property.
We have incorporated, and may continue to incorporate certain open-source software into our proprietary technology. Open-source software is software that is generally licensed by its authors or other third parties and made available to the general public on an “as is” basis under the terms of non-negotiable licenses. From time to time, companies that use open-source software have faced claims challenging their use and requesting compliance with the open-source software license terms. Some open-source software licenses purport to require users that distribute or make available software that is derived from or incorporates open-source software to make publicly available such user’s source code (which could include valuable proprietary code) which, if such requirements are imposed on us, may put our intellectual property rights at risk. Other open-source software licenses purport to require a user that incorporates the open-source software into its own proprietary intellectual property to grant a license to use the combined intellectual property under the terms of such open-source software license, sometimes for no or minimal charge. Because the terms of various open-source licenses have not been fully interpreted by courts, there is a risk that such licenses could be construed in a manner that imposes unanticipated conditions or restrictions on our use of open-source software that might require us to redesign our applications, discontinue the use of our solutions, or take other costly remedial actions, which could adversely impact our business. In addition, open-source software could be riskier to use than third-party commercial software because open-source licensors generally do not provide warranties or controls on the functionality of the software. While we test the use of open-source software before incorporating it into our proprietary platforms, we cannot be certain that we have identified and eliminated all functionality risk of the open-source software. For all of these reasons, we cannot guarantee that our use of open-source software will not subject us to liability or create circumstances that could harm our business.
Our technology development operations are centered in Estonia, exposing us to risks that may be difficult to manage.
Our software development and related technology operations are conducted primarily in our office in Estonia. Unless we are able to diversify these operations across other locations, our ability to maintain our platform and adapt it to meet customer needs and market opportunities is vulnerable to constraint or disruption as a result of various factors including unavailability of sufficient engineering talent, power loss, local pandemic conditions, weather, and regional political unrest, such as the ongoing conflict between Russia and Ukraine.
If our ability to use data to train our proprietary machine-learning models is lost or limited, our business could be adversely affected.
We employ proprietary machine-learning models, which are models built using a variety of data sets, some of which may be licensed from third-party providers or subject to other obligations to the provider or some other third party. These licenses, other obligations, or new or changing laws or regulations, may impose restrictions on the use of those data sets, including restrictions on use for any purpose inconsistent with the purpose for which the data was provided or to which the subject of the data has consented. Such restrictions may significantly limit our ability to utilize automation to improve the speed and accuracy of our services.
In addition, if third-party data used to train and improve our machine-learning models is limited or becomes unavailable to us, our ability to continue to use and improve our machine-learning models would be adversely affected. There may not be commercially reasonable alternatives to the third-party data we currently use, or it may be difficult or costly to migrate to other third-party data. Our use of additional or alternative third-party data could require us to enter into license agreements with third parties and integrate the data used in our machine-learning models with new third-party data, which may require significant work and substantial investment of our time and resources.
If the data we use to train our proprietary machine-learning models is significantly inaccurate, our business could be adversely affected.
If the data we use to train and improve our machine-learning models is inaccurate, our ability to continue to use and improve our machine-learning models would be adversely affected. There may not be commercially reasonable alternatives to the third-party data we currently license, or it may be difficult or costly to migrate to other third-party data. Our use of additional or alternative third-party data would require us to enter into license agreements with third parties and integrate the data used in our machine-learning models with such new third-party data, which may require significant work and substantial investment of our time and resources.
Our machine-learning models may not operate properly or as we expect them to, which could cause us to inaccurately evaluate applicant information.
We utilize data gathered from various sources in our services to train our machine-learning models. The continuous development, maintenance and operation of our machine-learning models is expensive and complex, and may involve unforeseen difficulties including material performance problems, and undetected defects or errors with new machine-learning or other artificial intelligence capabilities. Some of those difficulties could arise from undetected or uncorrected inaccuracies or unrepresentative tendencies in the data. We may encounter technical obstacles, and it is possible that we may discover additional problems that prevent our machine-learning models from operating properly. If our machine-learning models do not function reliably, we may incorrectly process background checks or suffer extended processing times and other failures of our services, which could result in customer dissatisfaction.
Our machine-learning models could lead to unintentional discrimination and be subject to evolving regulation.
Generally, machine-learning models use data about past decisions in a particular situation to create algorithms that make a new decision in a similar situation. If the past decisions on which our machine-learning models are based were affected by a disparate impact based on any legally prohibited classification (such as race or sex), our machine-learning models could make similarly disparate decisions. Consistently making decisions that result in
disparate impact could subject us or our customers to legal or regulatory liability. In light of these risks and evolving concerns about the fairness of the effects of use of artificial intelligence, regulation of artificial intelligence and machine-learning is increasing and can be expected to impose limitations and requirements on use of such technologies, exposing us to increased cost and legal risk and potentially reducing the efficacy of such technologies in our business.
Industry and Financial Risks
Changes to the availability and permissible uses of consumer data may reduce the demand for our services.
Public and commercial sources of free or relatively inexpensive information of the type our customers typically demand have become increasingly available, particularly through the internet. We expect this trend to continue, and the easier availability of this information may reduce demand for our services.
While various factors, including safety concerns, continue to drive the increased adoption of background reporting services worldwide, there are countervailing forces that could have the opposite effect. For example, certain privacy regulations restrict the collection and use of the kind of information included in our background reports (e.g., in some countries, as a general matter criminal background or credit histories must not be used as disqualifications to employment). In addition, social justice and criminal rehabilitation concerns have resulted in legal limits on the use of some background information. The continued proliferation of these limitations could reduce the scope and value of our services.
In addition, access to and use of consumer data are the subjects of intense public scrutiny and as a result subject to significant legislation and regulatory restrictions in jurisdictions around the world. Privacy and social justice considerations may result in reduced or lost access to information we need, which could reduce the utility and value of our services.
Technological changes in how personal data is managed could have the same effect. For example, the convergence of privacy concerns and new technologies such as blockchain and the increased mobility of data has led to emergence of technologies that allow consumers to manage their own background data and provide their own background reports directly to employers. While such developments present us with opportunities, such as acting as a validator of consumers’ self-managed background reporting, these kinds of market evolutions will require us to innovate aggressively to maintain our market position and relevance to our customers.
We operate in an intensely competitive market, and we may not be able to develop and maintain competitive advantages necessary to support our growth and profitability.
We face significant competition in our industry. Although we believe we are the largest participant in the market for background reporting and related services, our market share is relatively small due to the large number of competitors in the industry. We compete with companies close to our size that have capabilities similar to ours and could surpass us in capabilities and scale through their own organic growth or strategic acquisitions, as well as many smaller companies that may gain competitive advantages by focusing on particular geographies, market sectors, or discrete services. Barriers to entry are low in our business and, in general, all competitors have access to the same core sources of information that form the basis of background reports. Therefore, we must compete based upon our effectiveness at gathering and using that information more effectively than others to produce value-added insights, as well as our speed, accuracy, and ability to service a large customer base at scale and across diverse geographies and industries. This requires us to develop and maintain broad expertise, innovate new service offerings, and use technology effectively to improve our processes. If we are not able to outpace our competitors or keep up with their technological advances, we may lose a significant amount of business to those competitors.
Some of our competitors may have already developed, or may soon develop, a lower cost structure, more aggressive pricing, or better services than we offer or develop. Large and well-capitalized competitors may emerge, particularly through industry consolidation, that may be able to innovate faster, compete for talent more effectively, and price their services more aggressively than we can. Price reductions by our competitors could negatively affect our revenue and operating margins and results of operations and could also harm our ability to obtain new customers on favorable terms.
Many customers stage regular request for proposal processes as a matter of procurement policy, which enables competitors to bid aggressively to try to capture their business. This puts pressure on our margins if we are not able to compete effectively without reducing our pricing.
Growth will require us to improve our operating capabilities.
Our growth has resulted in significant increases in the number of transactions and the amount of customer, applicant, and employee data that our infrastructure supports, straining our resources and adding to the complexity of our organizational structure and procedures. Our success depends, in part, on our ability to improve our organizational effectiveness, including our operational, financial and management controls and our operating and reporting systems and procedures. The failure to effectively manage growth could result in declines in the quality of, or customer satisfaction with, our services, increases in costs or other operational difficulties.
Our business is vulnerable to economic downturns and seasonality.
Demand for our services is highly correlated to general levels of economic activity and the job market. Our customers are sensitive to changes in general economic conditions, the availability of affordable credit and capital, the level and volatility of interest rates, inflation, and consumer confidence, in all the markets in which we operate worldwide. When economic and market conditions turn adverse, our customers can be expected to curtail hiring, which presents considerable risks to our business and revenue.
Different customer segments have seasonal hiring needs that affect our order volumes. Depending upon business mix and market dynamics, our revenue may reflect underlying customer seasonality. Historically, we have experienced seasonal peaks during the first half of the year and during the peak hiring periods in the summer and over the winter holidays, but there can be no assurances that such seasonal trends will consistently repeat each year. We believe the micro and macro-economic changes in the traditional workforce landscape caused by the COVID-19 pandemic have shown that traditional seasonality or periodic fluctuation may be changing and becoming more difficult to predict. Any seasonality we experience might affect our operating results and financial condition and may cause projections based on previous operating results not to be a reliable measure of future operating results or our financial condition.
If we do not introduce successful new products, services, and analytical capabilities in a timely manner, or if the market does not adopt our new services, our competitiveness and operating results will suffer.
Our industry has historically been impacted by technological changes and changing industry standards. Without the timely introduction of new services and enhancements, our services may become technologically or commercially obsolete over time, in which case our revenue and operating results would suffer. The success of our new services will depend on several factors, including our ability to properly identify customer needs; innovate and develop new technologies, services, and applications; successfully commercialize new services in a timely manner; produce and deliver our services in sufficient volumes on time; differentiate our services from competitor services; price our services competitively; and anticipate our competitors’ development of new services or technological innovations. Our resources must be committed to any new services before knowing whether the market will adopt the new offerings.
Inflation may reduce our profitability.
Recent growth in inflation that has accompanied the COVID-19 recovery is increasing our operating costs. Among other things, competition for labor is becoming more acute and we expect our labor costs to continue to increase as a result. We may not be able to raise our pricing sufficiently to offset our increased costs. Some of our customer agreements fix the prices we may charge for some period of time and/or limit permissible price increases. Even if we are contractually permitted to increase prices, doing so could cause some customers to reduce their business with us in favor of lower-cost alternatives. Some competitors may have different business models or lower costs than we do, enabling them to absorb inflation and compete aggressively with less adverse effect to their profitability.
Risks Related to Our Indebtedness and Finances
Our existing indebtedness and other future payment obligations could adversely affect our business and growth prospects.
As of December 31, 2021, we had an aggregate of $707.9 million in principal amount outstanding under our First Lien Credit Agreement, dated July 12, 2018 (the “First Lien Credit Agreement”). Additionally, in connection with our initial public offering, we entered into an income tax receivable agreement with our pre-IPO equityholders (the “TRA”). We estimate our total obligations under the TRA to be approximately $210.6 million.
Our indebtedness, any additional indebtedness we may incur or other obligations, including the TRA, could require us to divert funds identified for other purposes for debt service and to satisfy these obligations and impair our liquidity position. If we cannot generate sufficient cash flow from operations to service our debt and other obligations, we may need to refinance our debt, dispose of assets, or issue equity to obtain necessary funds. We do not know whether we will be able to take any of these actions on a timely basis, on terms satisfactory to us or at all.
Our indebtedness and other obligations and the cash flow needed to satisfy them have important consequences, including:
•limiting funds otherwise available for financing our capital expenditures by requiring us to dedicate a portion of our cash flows from operations to the repayment of debt and other obligations and any interest payments;
•making us more vulnerable to rising interest rates; and
•making us more vulnerable in the event of a downturn in our business.
Our level of indebtedness and other obligations may place us at a competitive disadvantage to our competitors that are not as highly leveraged. Fluctuations in interest rates can increase borrowing costs. The U.S. Federal Reserve has indicated that it expects to raise interest rates and may continue to do so in the future. Increases in interest rates may directly impact the amount of interest we are required to pay and reduce earnings accordingly. In addition, developments in tax policy, such as the disallowance of tax deductions for interest paid on outstanding indebtedness, could have an adverse effect on our liquidity and our business, financial condition, and results of operations.
We expect to use cash flow from operations to meet current and future financial obligations, including funding our operations, debt service requirements and other obligations and capital expenditures. The ability to make these payments depends on our financial and operating performance, which is subject to prevailing economic, industry and competitive conditions and to certain financial, business, economic and other factors beyond our control.
The terms and conditions of the First Lien Credit Agreement restrict our current and future operations, particularly our ability to respond to changes or to take certain actions.
The First Lien Credit Agreement contains a number of restrictive covenants that impose significant operating and financial restrictions on us and may limit our ability to engage in acts that may be in our long-term best interests, including restrictions on our ability to:
•incur additional indebtedness or other contingent obligations;
•create liens;
•make investments, acquisitions, loans and advances;
•consolidate, merge, liquidate or dissolve;
•sell, transfer or otherwise dispose of our assets;
•pay dividends on our equity interests or make other payments in respect of capital stock; and
•materially alter the business we conduct.
The First Lien Credit Agreement includes a financial maintenance covenant for the benefit of the revolving lenders thereunder, which requires us to maintain a maximum first lien leverage ratio as of the last day of any fiscal quarter on which greater than 35% of the revolving commitments are drawn (excluding for this purpose up to $15.0 million of undrawn letters of credit). Our ability to satisfy this covenant can be affected by events beyond our control. As of December 31, 2021, we were in compliance with this financial covenant.
A breach of the covenants or restrictions under the First Lien Credit Agreement could result in an event of default that may allow the creditors to accelerate the related debt. In the event the holders of our indebtedness accelerate the repayment of that indebtedness, we may not have sufficient assets to repay that indebtedness or be able to borrow sufficient funds to refinance it. Even if we are able to obtain new financing, it may not be on commercially reasonable terms or on terms acceptable to us. As a result of these restrictions, we may be:
•limited in how we conduct our business;
•unable to raise additional debt or equity financing to operate during general economic or business downturns; or
•unable to compete effectively or to take advantage of new business opportunities.
These restrictions, along with restrictions that may be contained in agreements evidencing or governing other future indebtedness, may limit our ability to grow.
We may not be able to generate sufficient cash flow to meet our payment obligations under the First Lien Credit Agreement and TRA and may be forced to take other actions to satisfy our obligations, including refinancing indebtedness, which may not be successful.
Our ability to make scheduled payments under the First Lien Credit Agreement or TRA or to refinance outstanding debt obligations depends on our financial and operating performance, which will be affected by prevailing economic, industry and competitive conditions and by financial, business, and other factors beyond our control. We may not be able to maintain a sufficient level of cash flow from operating activities to permit us to pay the principal, premium, if any, and interest on our indebtedness or other obligations. Any failure to make payments of interest and principal on our outstanding indebtedness and other obligations on a timely basis would likely result in penalties or defaults, which would also harm our ability to incur additional indebtedness.
If our cash flows and capital resources are insufficient to fund our debt service and other obligations, we may be forced to reduce or delay capital expenditures, sell assets, seek additional capital, or seek to restructure or refinance our indebtedness. Any refinancing of our indebtedness could be at higher interest rates and may require us to comply with more onerous covenants. These alternative measures may not be successful and may not permit us to meet our obligations. In the absence of such cash flows and resources, we could face substantial liquidity problems and might be required to sell material assets or operations to attempt to meet our obligations. If we cannot meet our obligations, the holders of our indebtedness may accelerate such indebtedness and, to the extent such indebtedness is secured, foreclose on our assets. In such an event, we may not have sufficient assets to repay all of our indebtedness.
We may need to refinance all or a portion of our indebtedness before maturity. We cannot assure you that we will be able to refinance any of our indebtedness on commercially reasonable terms or at all. We may not be able to obtain sufficient funds to enable us to repay or refinance our debt obligations on commercially reasonable terms, or at all.
We may require additional capital to support our business, and such capital might not be available on terms acceptable to us, if at all. Inability to obtain financing could limit our ability to conduct necessary operating activities and make strategic investments.
Various business challenges and opportunities may require additional funds, including the need to respond to competitive threats or market evolution by developing new services and improving our operating infrastructure through additional hiring or acquisition of complementary businesses or technologies, or both. In addition, we could
incur significant expenses or shortfalls in anticipated cash generated as a result of unanticipated events in our business or competitive, regulatory, or other changes in our market, or longer payment cycles required or imposed by our customers.
Our available cash and cash equivalents, any cash we may generate from operations, and our available line of credit under the First Lien Credit Agreement may not be adequate to meet our capital needs, and therefore we may need to engage in equity or debt financings to secure additional funds. We may not be able to obtain additional financing on terms favorable to us, if at all. If we are unable to obtain adequate financing on terms satisfactory to us when we require it, our ability to continue to support our business growth and respond to business challenges could be significantly impaired, and our business may be adversely affected.
If we do raise additional funds through future issuances of equity or convertible debt securities, our existing stockholders could suffer significant dilution and any new equity securities we issue could have rights, preferences, and privileges superior to those of holders of our common stock. Any debt financing that we secure in the future could involve restrictive covenants relating to our capital raising activities and other financial and operational matters. This may make it more difficult for us to obtain additional capital and to pursue business opportunities, including potential acquisitions. In addition, if we issue debt, the holders of that debt would have prior claims on the Company’s assets, and in case of insolvency, the claims of creditors would be satisfied before distribution of value to equityholders, which would result in significant reduction or total loss of the value of our equity.
Risks Related to Our International Business Strategy
Our international operations require increased expenditures and impose additional risks and compliance imperatives, and failure to successfully execute our international plans will adversely affect our growth and operating results.
We serve customers around the world and have operations in Europe, Asia (including India, Japan and Singapore), Australia, Canada, and Mexico. We plan to continue to expand internationally. Achieving our international objectives will require a significant amount of attention from our management, finance, legal, operations, compliance, sales, and engineering teams, as well as significant investment in developing the technology infrastructure necessary to deliver our services and maintain sales, delivery, support, and administrative capabilities in the countries where we operate. Attracting new customers outside the United States may require more time and expense than in the United States, in part due to language requirements and the need to educate such customers about our services, and we may not be successful in establishing and maintaining these relationships. The data center and telecommunications infrastructure in some overseas markets may not be as reliable as in North America and Europe, which could disrupt our operations. In addition, our international operations will require us to develop and administer our internal controls and legal and compliance practices in countries with different cultural norms, languages, currencies, legal requirements, and business practices than the United States. Expanding internationally and building our overseas operations requires a significant amount of management and other employees’ time and focus as well as significant resources, which may divert attention and resources from operating activities and growing our business.
International operations impose their own risks and challenges, in addition to those faced in the United States, including management of a distributed workforce; the need to adapt our offering to satisfy local requirements and standards (including differing privacy policies and labor laws that are sometimes more stringent); laws and business practices that may favor local competitors; legal requirements or business expectations that agreements be drafted and negotiated in the local language and disputes be resolved in local courts according to local laws; the need to enable transactions in local currencies; longer accounts receivable payment cycles and other collection difficulties; the effect of global and regional recessions and economic and political instability; terrorism and acts of war (such as the conflict between Russia and Ukraine); potentially adverse tax consequences in the United States and abroad; staffing challenges, including difficulty in recruiting and retaining qualified personnel as well as managing such a diversity in personnel; reduced or ineffective protection of our intellectual property rights in some countries; and costs and restrictions affecting the repatriation of funds to the United States.
One or more of these requirements and risks may make our international operations more difficult and expensive or less successful than we expect and may preclude us from operating in some markets. There is no assurance that our international expansion efforts will be successful, and we may not generate sufficient revenue or margins from our international business to cover our expenses or contribute to our growth.
Operating in multiple countries requires us to comply with different legal and regulatory requirements.
Our international operations subject us to laws and regulations of multiple jurisdictions, as well as U.S. laws governing international operations, which are often evolving and sometimes conflict. For example, the Foreign Corrupt Practices Act (the “FCPA”) and comparable foreign laws and regulations (including the U.K. Bribery Act) prohibit improper payments or offers of payments to foreign governments and their officials and political parties by U.S. and other business entities for the purpose of obtaining or retaining business. Other laws and regulations prohibit bribery of private parties and other forms of corruption. As we expand our international operations, there is some risk of unauthorized payment or offers of payment or other inappropriate conduct by one of our employees, consultants, agents, or other contractors, including by persons engaged or employed by a business we acquire, which could result in violation by us of various laws, including the FCPA. Safeguards we implement to discourage these practices may prove to be ineffective and violations of the FCPA and other laws may result in severe criminal or civil sanctions, or other liabilities or proceedings against us, including class action lawsuits and enforcement actions from the SEC, Department of Justice, and foreign regulators. Other laws applicable to our international business include local employment, tax, privacy, data security, and intellectual property protection laws and regulations, including restrictions on movement of information about individuals beyond national borders. In some cases, customers operating in non-U.S. markets may impose additional requirements on our non-U.S. business in efforts to comply with their interpretation of their own or our legal obligations. Finally, these laws may overlap in specific cases; this problem is compounded by the fact that many of these laws (especially in the U.S.) do not explicitly state the basis of any extra-territorial application.
These compliance requirements may differ significantly from the requirements applicable to our business in the United States, require engineering, infrastructure and other costly resources to accommodate, and result in decreased operational efficiencies and performance. As these laws continue to evolve and we expand to more jurisdictions or acquire new businesses, compliance will become more complex and expensive, and the risk of non-compliance will increase.
Compliance with complex foreign and U.S. laws and regulations that apply to our international operations increases our cost of doing business abroad, and violation of these laws or regulations may interfere with our ability to offer our services competitively in one or more countries, expose us or our employees to fines and penalties, and result in the limitation or prohibition of our conduct of business.
We are subject to governmental export and import controls that could subject us to liability or impair our ability to compete in international markets.
Our operations are subject to U.S. export controls, specifically the Export Administration Regulations and economic sanctions enforced by the Office of Foreign Assets Control. These regulations limit and control export of encryption technology. Furthermore, U.S. export control laws and economic sanctions prohibit the shipment of certain products and services to countries, governments, and persons targeted by U.S. sanctions. We incorporate encryption technology into the servers that operate our systems. As a result of locating some servers in data centers outside of the United States, we must comply with these export control laws.
In addition, various countries regulate the import of certain encryption technology and have enacted laws that could limit our ability to deploy our technology or our customers’ ability to use our services in those countries. Changes in our technology or changes in export and import regulations may delay introduction of our services or the deployment of our technology in international markets, prevent our customers with international operations from using our services globally or, in some cases, prevent the export or import of our technology to certain countries, governments or persons altogether. Any change in export or import regulations, economic sanctions or related legislation, shift in the enforcement or scope of existing regulations, or change in the countries, governments,
persons, or technologies targeted by such regulations, could result in decreased use of our services by, or in our decreased ability to export our technology to, international markets.
Fluctuations in the exchange rates of foreign currencies could result in currency transaction losses.
We currently have transactions denominated in various non-U.S. currencies, and may, in the future, have sales denominated in the currencies of additional countries. In addition, we incur a portion of our expenses in non-U.S. currencies, and to the extent we need to convert currency to pay expenses, we are exposed to potentially unfavorable changes in exchange rates and added transaction costs. We expect international transactions to become an increasingly important part of our business, and such transactions may be subject to unexpected regulatory requirements and other barriers. Any fluctuation in relevant currency exchange rates may negatively impact our business, financial condition and results of operations. We have not previously engaged in foreign currency hedging, and any effort to hedge our foreign currency exposure may not be effective due to lack of experience, unreasonable costs, or illiquid markets. In addition, hedging may not protect against all foreign currency fluctuations and can result in losses.
Risks Related to Our Common Stock
The Principal Stockholders control us, and their interests may conflict with ours or yours in the future.
Investment funds managed by General Atlantic and investment funds managed by Stone Point Capital, referred to as our “Principal Stockholders,” together beneficially own approximately 58% of our common stock, which means that, based on their combined percentage voting power, the Principal Stockholders together control the vote of all matters submitted to a vote of our stockholders, which enables them to control the election of the members of our board of directors (the “Board”) and all other corporate decisions. Therefore, we are permitted to elect not to comply with certain corporate governance requirements, including (1) those that would otherwise require our Board to have a majority of “independent directors” as such term is defined by applicable stock exchange rules, (2) those that would require that we establish a compensation committee composed entirely of “independent directors” and with a written charter addressing the committee’s purpose and responsibilities and (3) those that would require we have a nominating and governance committee comprised entirely of “independent directors” with a written charter addressing the committee’s purpose and responsibilities, or otherwise ensure that the nominees for directors are determined or recommended to our Board by the independent members of our Board pursuant to a formal resolution addressing the nominations process and such related matters as may be required under the federal securities laws. Even when the Principal Stockholders cease to own shares of our stock representing a majority of the total voting power, for so long as the Principal Stockholders continue to own a significant percentage of our stock, the Principal Stockholders will still be able to significantly influence the composition of our Board and the approval of actions requiring stockholder approval. Accordingly, for such period of time, the Principal Stockholders will have significant influence with respect to our management, business plans and policies, including the appointment and removal of our officers, decisions on whether to raise future capital and amending our charter and bylaws, which govern the rights attached to our common stock. In particular, for so long as the Principal Stockholders continue to own a significant percentage of our stock, the Principal Stockholders will be able to cause or prevent a change of control of us or a change in the composition of our Board and could preclude any unsolicited acquisition of us. The concentration of ownership could deprive you of an opportunity to receive a premium for your shares of common stock as part of a sale of the Company and ultimately might affect the market price of our common stock. Although we do not currently intend to rely on these exceptions, in the future, while we are still a controlled company, we may elect not to comply with certain of these corporate governance rules.
In addition, the Company has entered into a Stockholders Agreement with the Principal Stockholders that provides (x) the investment funds managed by General Atlantic the right to designate: (i) a majority of the nominees for election to our Board for so long as such funds beneficially own over 40% of our common stock then outstanding; (ii) three of the nominees for election to our Board for so long as such funds beneficially own less than or equal to 40% but at least 30% of our common stock then outstanding; (iii) two of the nominees for election to our Board for so long as such funds beneficially own less than or equal to 30% but at least 20% of our common stock then outstanding; and (iv) one of the nominees for election to our Board for so long as such funds beneficially own less than or equal to 20% but at least 10% of our common stock then outstanding and (y) the investment funds
managed by Stone Point the right to designate (i) two of the nominees for election to our Board for so long as such investment funds and their affiliates beneficially own at least 20% of our common stock then outstanding; and (ii) one of the nominees for election to our Board for so long as such investment funds and their affiliates beneficially own less than or equal to 20% but at least 10% of our common stock then outstanding. The Principal Stockholders may also assign such rights to their affiliates.
The Principal Stockholders and their affiliates engage in a broad spectrum of activities, including investments in the human resources and technology industries generally. In the ordinary course of their business activities, each of the Principal Stockholders and their affiliates may engage in activities through which their interests conflict with our interests or those of our other stockholders, such as investing in or advising businesses that directly or indirectly compete with certain portions of our business or are suppliers or customers of ours. Our certificate of incorporation provides that none of the Principal Stockholders, any of their affiliates or any director who is not employed by us (including any non-employee director who serves as one of our officers in both his director and officer capacities) or its affiliates will have any duty to refrain from engaging, directly or indirectly, in the same business activities or similar business activities or lines of business in which we operate.
The Principal Stockholders also may pursue acquisition opportunities that may be complementary to our business and, as a result, those acquisition opportunities may not be available to us. In addition, the Principal Stockholders may have an interest in pursuing acquisitions, divestitures and other transactions that, in their judgment, could enhance their investment in our common stock, even though such transactions might involve risks to other stockholders.
We are an “emerging growth company,” and we expect to elect to comply with reduced public company reporting requirements, which could make our common stock less attractive to investors.
We are an “emerging growth company,” as defined in the JOBS Act. For as long as we continue to be an emerging growth company, we are eligible for certain exemptions from various public company reporting requirements. These exemptions include, but are not limited to, (i) not being required to comply with the auditor attestation requirements of Section 404 of the Sarbanes-Oxley Act, (ii) reduced disclosure obligations regarding executive compensation in our periodic reports, proxy statements and registration statements, (iii) exemptions from the requirements of holding a nonbinding advisory vote on executive compensation and stockholder approval of any golden parachute payments not previously approved, and (iv) an extended transition period to comply with new or revised accounting standards applicable to public companies. We could be an emerging growth company until the last day of the fiscal year following the fifth anniversary of the first sale of our common stock pursuant to an effective registration statement under the Securities Act of 1933, as amended (the “Securities Act”), for which the fifth anniversary will occur in October 2026. If, however, certain events occur prior to the end of such five-year period, including if we become a “large accelerated filer,” our annual gross revenue exceeds $1.07 billion, or we issue more than $1.0 billion of non-convertible debt in any three-year period, we would cease to be an emerging growth company prior to the end of such five-year period. We have made certain elections with regard to the reduced disclosure obligations regarding executive compensation and may elect to take advantage of other reduced disclosure obligations in future filings. In addition, we will choose to take advantage of the extended transition period to comply with new or revised accounting standards applicable to public companies. As a result, we might provide less information to holders of our common stock than you might receive from other public reporting companies in which you hold equity interests. We cannot predict if investors will find our common stock less attractive as a result of reliance on these exemptions. If some investors find our common stock less attractive as a result of any choice we make to reduce disclosure, there may be a less active trading market for our common stock and the market price for our common stock may be more volatile.
The requirements of being a public company may strain our resources, which could make it difficult to manage our business, particularly after we are no longer an “emerging growth company.”
As a newly public company, we will incur legal, accounting and other expenses that we did not previously incur. We are now subject to the reporting requirements of the Securities Exchange Act of 1934, as amended (the “Exchange Act”) and the Sarbanes-Oxley Act, the listing requirements of the New York Stock Exchange, and other applicable securities rules and regulations. Compliance with these rules and regulations will increase our legal and
financial compliance costs, make some activities more difficult, time-consuming or costly and increase demand on our systems and resources, particularly after we are no longer an “emerging growth company.” The Exchange Act requires that we file annual, quarterly and current reports with respect to our business, financial condition and results of operations. The Sarbanes-Oxley Act requires, among other things, that we establish and maintain internal control over financial reporting and disclosure controls and procedures, as discussed elsewhere in these Risk Factors. Furthermore, the need to establish and maintain the corporate infrastructure demanded of a public company may divert our management’s attention from implementing our growth strategy, which could prevent us from improving our business, financial condition and results of operations. We have made, and will continue to make, changes to our internal control over financial reporting and accounting systems to meet our reporting obligations as a public company. However, the measures we take may not be sufficient to satisfy our obligations as a public company. In addition, these rules and regulations will increase our legal and financial compliance costs and will make some activities more time-consuming and costly. For example, as a newly public company, it is now more difficult and more expensive for us to obtain director and officer liability insurance. These additional obligations could have a material adverse effect on our business, financial condition, and results of operations.
In addition, changing laws, regulations and standards relating to corporate governance and public disclosure are creating uncertainty for public companies, increasing legal and financial compliance costs and making some activities more time consuming. These laws, regulations and standards are subject to varying interpretations, in many cases due to their lack of specificity and, as a result, their application in practice may evolve over time as new guidance is provided by regulatory and governing bodies. This could result in continuing uncertainty regarding compliance matters and higher costs necessitated by ongoing revisions to disclosure and governance practices. We intend to invest resources to comply with evolving laws, regulations and standards, and this investment may result in increased general and administrative expenses and a diversion of our management’s time and attention from revenue-generating activities to compliance activities. If our efforts to comply with new laws, regulations and standards differ from the activities intended by regulatory or governing bodies due to ambiguities related to their application and practice, regulatory authorities may initiate legal proceedings against us and there could be a material adverse effect on our business, financial condition, and results of operations.
Failure to maintain effective internal control over financial reporting could cause our investors to lose confidence in us and adversely affect the market price of our common stock. If our internal control over financial reporting is not effective, we may not be able to accurately report our financial results or prevent fraud.
As a result of becoming a public company, we are obligated to develop and maintain adequate internal control over financial reporting in order to comply with Section 404 of the Sarbanes-Oxley Act. We may not complete our analysis of our internal control over financial reporting in a timely manner, or these internal controls may not be determined to be effective, which may adversely affect investor confidence in us and, as a result, the value of our common stock.
We may be unable to implement and maintain effective design or operation of our controls, and all internal control systems, no matter how well designed and operated, can provide only reasonable assurance that the objectives of the control system are met. Because there are inherent limitations in all control systems, there can be no absolute assurance that all control issues have been or will be detected. Completion of remediation of any control issues does not provide assurance that our remediated controls will continue to operate properly or that our financial statements will be free from error. There may be undetected material weaknesses in our internal control over financial reporting, as a result of which we may not detect financial statement errors on a timely basis. Moreover, in the future we may implement new offerings and engage in business transactions, such as acquisitions, reorganizations, or implementation of new information systems that could require us to develop and implement new controls and could negatively affect our internal control over financial reporting and result in material weaknesses.
As a public company, we are required by Section 404 of the Sarbanes-Oxley Act to furnish a report by management on, among other things, the effectiveness of our internal control over financial reporting in our second annual report following the completion of our initial public offering. The process of designing and implementing internal control over financial reporting required to comply with this requirement will be time-consuming, costly and complicated. If during the evaluation and testing process we identify one or more material weaknesses in our internal control over financial reporting, our management may be unable to assert that our internal control over
financial reporting is effective. In addition, if we fail to achieve and maintain the adequacy of our internal controls, as such controls are modified, supplemented or amended from time to time, we may not be able to ensure that we can conclude on an ongoing basis that we have effective internal control over financial reporting.
However, our independent registered public accounting firm will not be required to report on the effectiveness of our internal control over financial reporting pursuant to Section 404 of the Sarbanes-Oxley Act until the later of the filing of our second annual report following the completion of our initial public offering or the date we are no longer an “emerging growth company,” as defined in the JOBS Act.
We cannot be certain as to the timing of completion of our evaluation, testing and any remediation actions or the impact of the same on our operations. If we identify new material weaknesses in our internal control over financial reporting, if we are unable to comply with the requirements of Section 404 in a timely manner, or, once required, if our independent registered public accounting firm is unable to express an opinion as to the effectiveness of our internal control over financial reporting or issues an adverse opinion, we may be subject to sanctions or investigation by regulatory authorities, such as the SEC, we may be unable, or be perceived as unable, to produce timely and reliable financial reports, investors may lose confidence in the accuracy and completeness of our financial reports, and the market price of our common stock could be negatively affected. As a result of such failures, we could also become subject to investigations by the stock exchange on which our securities are listed, the SEC, or other regulatory authorities, and become subject to litigation from investors and stockholders, which could harm our reputation, financial condition, or divert financial and management resources from our core business. In addition, we may be required to incur costs in improving our internal control system and the hiring of additional personnel.
We have identified material weaknesses in our internal control over financial reporting and may identify additional material weaknesses in the future or otherwise fail to maintain effective internal control over financial reporting, which may result in material misstatements of our consolidated financial statements or cause us to fail to meet our periodic reporting obligations.
Our management is responsible for establishing and maintaining adequate internal control over financial reporting, as defined in Rule 13a-15(f) under the Securities Exchange Act of 1934, and is required to evaluate the effectiveness of these controls and procedures on a periodic basis and publicly disclose the results of these evaluations and related matters in accordance with the requirements of Section 404 of the Sarbanes-Oxley Act. Management has identified numerous material weaknesses that existed as of December 31, 2020, including material weaknesses relating to the ineffectiveness of the control environment. These material weaknesses continued to exist as of December 31, 2021. As a result of these material weaknesses, our management concluded that our internal controls and procedures were not effective as of December 31, 2021.
A material weakness is a deficiency, or a combination of deficiencies, in internal control over financial reporting such that there is a reasonable possibility that a material misstatement of our annual or interim consolidated financial statements will not be prevented or detected on a timely basis. These material weaknesses did not result in a material misstatement to the consolidated financial statements included herein. We have implemented or are in the process of implementing measures designed to improve our internal control over financial reporting and remediate the control deficiencies that led to the material weaknesses, but our remediation efforts are not complete and are ongoing. The specific material weaknesses and our remediation efforts are described in “Item 9A. Controls and Procedures” of this Annual Report on Form 10-K.
While we believe these efforts will remediate the material weaknesses, we may not be able to complete our evaluation, testing or any required remediation in a timely fashion. We cannot assure you that the measures we have taken to date and actions we may take in the future, will be sufficient to remediate the control deficiencies that led to our material weaknesses in our internal control over financial reporting or that they will prevent or avoid potential future material weaknesses. Any failure to maintain effective internal control over financial reporting could severely inhibit our ability to accurately report our financial condition or results of operations.
If we fail to remediate these material weaknesses or identify new material weaknesses by the time we have to issue our first report of management’s assessment regarding internal control over financial reporting under Section 404 of the Sarbanes-Oxley Act, we will not be able to conclude that our internal control over financial reporting is
effective, which may cause investors to lose confidence in our financial statements, and the trading price of our common stock may decline. If we fail to remedy any material weaknesses, our financial statements may be inaccurate, our access to the capital markets may be restricted and the trading price of our common stock may suffer.
Provisions of our corporate governance documents could make an acquisition of us more difficult and may prevent attempts by our stockholders to replace or remove our current management, even if beneficial to our stockholders.
In addition to the Principal Stockholders’ aggregate beneficial ownership of approximately 58% of our common stock, our certificate of incorporation and bylaws and the Delaware General Corporation Law (the “DGCL”), contain provisions that could make it more difficult for a third party to acquire us, even if doing so might be beneficial to our stockholders. Among other things, these provisions:
•allow us to authorize the issuance of undesignated preferred stock, the terms of which may be established and the shares of which may be issued without stockholder approval, and which may include supermajority voting, special approval, dividend, or other rights or preferences superior to the rights of stockholders;
•provide for a classified board of directors with staggered three-year terms;
•prohibit stockholder action by written consent from and after the date on which the Principal Stockholders beneficially own, in the aggregate, less than 40% of the voting power of then outstanding shares of capital stock entitled to vote generally in the election of directors;
•provide that any amendment, alteration, rescission or repeal of our bylaws by our stockholders will require the affirmative vote of the holders of at least 66 2/3% in voting power of all the then-outstanding shares of our stock entitled to vote thereon, voting together as a single class; and
•establish advance notice requirements for nominations for elections to our Board or for proposing matters that can be acted upon by stockholders at stockholder meetings, except that if a Principal Stockholder beneficially owns, in the aggregate, at least 40% of the voting power of then outstanding shares of capital stock entitled to vote generally in the election of directors, they will be subject to a shorter advance notice period.
Our certificate of incorporation contains provisions that provide us with protections similar to Section 203 of the DGCL. These provisions will prevent us from engaging in a business combination with a person who acquires at least 15% of our common stock for a period of three years from the date when that person (excluding the Principal Stockholders, any of their direct or indirect transferees, and any group of which any of the foregoing are a part) acquired that common stock, unless Board or stockholder approval is obtained prior to the acquisition. These provisions could discourage, delay, or prevent a transaction involving a change in control of our company or negatively affect the trading price of our common stock. These provisions could also discourage proxy contests, make it more difficult for stockholders to elect directors of their choosing and direct other corporate actions they may deem advantageous. In addition, because our Board is responsible for appointing the members of our management team, these provisions could in turn affect any attempt by our stockholders to replace current members of our management team.
These and other provisions in our certificate of incorporation, bylaws and Delaware law could make it more difficult for stockholders or potential acquirers to obtain control of our Board or initiate actions that are opposed by our then-current Board, including by delaying or impeding a merger, tender offer or proxy contest involving our company. The existence of these provisions could negatively affect the price of our common stock and limit opportunities for stockholders to realize value in a corporate transaction.
Our certificate of incorporation will provide that certain courts in the State of Delaware or the federal district courts of the United States for certain types of lawsuits will be the sole and exclusive forum for substantially all
disputes between us and our stockholders, which could limit our stockholders’ ability to obtain a favorable judicial forum for disputes with us or our directors, officers, or employees.
Our certificate of incorporation will provide that, unless we consent in writing to the selection of an alternative forum, the Court of Chancery of the State of Delaware is the sole and exclusive forum for (i) any derivative action or proceeding brought on our behalf, (ii) any action asserting a claim of breach of a fiduciary duty owed by any of our directors or officers to us or our stockholders, creditors, or other constituents (iii) any action asserting a claim arising pursuant to any provision of the DGCL or of our certificate of incorporation or our bylaws, or (iv) any action asserting a claim related to or involving the Company that is governed by the internal affairs doctrine. The exclusive forum provision provides that it will not apply to claims arising under the Securities Act, the Exchange Act or other federal securities laws for which there is exclusive federal or concurrent federal and state jurisdiction. Unless we consent in writing to the selection of an alternative forum, the federal district courts of the United States of America shall be the exclusive forum for the resolution of any complaint asserting a cause of action arising under the Securities Act.
Any person or entity purchasing or otherwise acquiring any interest in shares of our capital stock will be deemed to have notice of and, to the fullest extent permitted by law, to have consented to the provisions of our certificate of incorporation described above. Although we believe this exclusive forum provision benefits us by providing increased consistency in the application of Delaware law and federal securities laws in the types of lawsuits to which each applies, the choice of forum provision may limit a stockholder’s ability to bring a claim in a judicial forum that it finds favorable for disputes with us or our directors, officers, other employees or stockholders, which may discourage such lawsuits against us and our directors, officers, other employees or stockholders. However, the enforceability of similar forum provisions in other companies’ certificates of incorporation has been challenged in legal proceedings. If a court were to find the exclusive choice of forum provision contained in our certificate of incorporation to be inapplicable or unenforceable in an action, we may incur additional costs associated with resolving such action in other jurisdictions, which could materially adversely affect our business, financial condition and results of operations.
We are required to pay our pre-IPO equityholders (or their transferees or assignees) for certain tax benefits, which amounts are expected to be material.
In connection with our initial public offering, we entered into the TRA. This agreement provides for the payment by us to the pre-IPO equityholders or their permitted transferees of 85% of the benefits, if any, that we and our subsidiaries realize, or are deemed to realize (calculated using certain assumptions) in U.S. federal, state, and local income tax savings as a result of the utilization (or deemed utilization) of certain tax attributes existing at the time of our IPO. These include tax benefits arising as a result of: (i) all depreciation and amortization deductions, and any offset to taxable income and gain or increase to taxable loss, resulting from the tax basis that we had in our and our subsidiaries’ intangible assets as of the date of our IPO, and (ii) the utilization of our and our subsidiaries’ U.S. federal, state and local net operating losses and disallowed interest expense carryforwards, if any, attributable to periods prior to the date of our IPO (collectively, the “Pre-IPO Tax Benefits”). Actual tax benefits realized by us may differ from tax benefits calculated under the TRA as a result of the use of certain assumptions, including assumed state and local income taxes.
These payment obligations are our obligations and not obligations of any of our subsidiaries. The actual utilization of the Pre-IPO Tax Benefits as well as the timing of any payments under the TRA will vary depending upon a number of factors, including the amount, character and timing of our and our subsidiaries’ taxable income in the future.
We have a significant existing tax basis in our assets as well as material net operating losses and disallowed interest expense carryforwards. We expect that the payments we make under the TRA will be material. Although estimating the amount and timing of payments that may become due under the TRA is by its nature imprecise, we expect, assuming no material changes in the relevant tax law, and that we and our subsidiaries will earn sufficient income to realize the full Pre-IPO Tax Benefits subject to the TRA, that future payments under the TRA will aggregate to approximately $210.6 million. Based on our current taxable income estimates, we expect to repay the majority of this obligation by the end of 2030. Payments in accordance with the TRA could have an adverse effect
on our liquidity, financial condition, and results of operations. Any future changes in the realizability of the Pre-IPO Tax Benefits will impact the amount of the liability under the TRA. The payments under the TRA are not conditioned upon our pre-IPO equityholders’ continued ownership of us.
Because we are a holding company with no operations of our own, our ability to make payments under the TRA is dependent on the ability of our subsidiaries to make distributions to us. Although the Credit Agreement generally restricts distributions from our subsidiaries to us, it contains provisions that allow certain distributions which we believe will be sufficient to cover our payment obligations under the TRA. However, we may choose to utilize certain permitted distribution flexibility contained in our Credit Agreement for other purposes, in which case our subsidiaries may be restricted from making distributions to us, which could affect our ability to make payments under the TRA. In addition, we may, in the future, refinance the Credit Agreement, incur additional debt obligations or enter into other financing transactions on terms that may not be as favorable as our current Credit Agreement. We currently expect to fund these payments from cash flow from operations generated by our subsidiaries. There can be no assurance that we will be able to fund or finance our obligations under the TRA. We may need to incur debt to finance payments under the TRA to the extent our cash resources are insufficient to meet our obligations under the TRA as a result of timing discrepancies or otherwise. To the extent we are unable to make payments under the agreement for any reason (including because our debt obligations restrict the ability of our subsidiaries to make distributions to us), under the terms of the TRA such payments will be deferred and accrue interest until paid. If we are unable to make payments under the TRA for any reason, such payments may be deferred indefinitely while accruing interest at a per annum rate of a London Interbank Offered Rate (“LIBOR”) plus 100 basis points (in the case of the deferral of such payments as a result of restrictions imposed under our debt obligations) or LIBOR plus 500 basis points (in the case of the deferral) of such payments for any other reason. These deferred payments could negatively impact our results of operations and could also affect our liquidity in future periods in which such deferred payments are made.
If we did not enter into the TRA, we would be entitled to realize the full economic benefit of the Pre-IPO Tax Benefits. Stockholders other than the pre-IPO equityholders will not be entitled, indirectly by holding such shares, to the economic benefit of the Pre-IPO Tax Benefits that would have been available if the TRA were not in effect (except to the extent of our continuing 15% interest in the Pre-IPO Tax Benefits).
We will not be reimbursed for any payments made to our pre-IPO equityholders (or their transferees or assignees) under the TRA in the event that any tax benefits are disallowed.
Payments under the TRA will be based on the tax reporting positions that we determine, and the Internal Revenue Service (the “IRS”), or another tax authority, may challenge all or part of our net operating losses, existing tax basis or other tax attributes or benefits we claim, as well as other related tax positions we take, and a court could sustain such challenge. Although we are not aware of any issue that would cause the IRS to challenge our net operating losses, existing tax basis or other tax attributes or benefits for which payments are made under the TRA, if the outcome of any such challenge would reasonably be expected to materially affect a recipient’s payments under the TRA, then we will not be permitted to settle that challenge without the consent (not to be unreasonably withheld or delayed) of our pre-IPO equityholders (or their transferees or assignees) that are party to the TRA. The interests of our pre-IPO equityholders (or their transferees or assignees) in any such challenge may differ from or conflict with our interests and the interests of our then-current stockholders, and our pre-IPO equityholders (or their transferees or assignees) may exercise their consent rights relating to any such challenge in a manner adverse to our interests and the interests of our then-current stockholders. We will not be reimbursed for any cash payments previously made to our pre-IPO equityholders (or their transferees or assignees) under the TRA in the event that any tax benefits initially claimed by us and for which payment has been made to our pre-IPO equityholders (or their transferees or assignees) are subsequently challenged by a taxing authority and are ultimately disallowed. Instead, any excess cash payments made by us to our pre-IPO equityholders (or their transferees or assignees) will be netted against any future cash payments that we might otherwise be required to make to our pre-IPO equityholders (or their transferees or assignees) under the terms of the TRA. However, we might not determine that we have effectively made an excess cash payment to our pre-IPO equityholders (or their transferees or assignees) for a number of years following the initial time of such payment and, if any of our tax reporting positions are challenged by a taxing authority, we will not be permitted to reduce any future cash payments under the TRA until any such challenge is finally settled or determined. Moreover, the excess cash payments we previously made under the TRA could be
greater than the amount of future cash payments against which we would otherwise be permitted to net such excess. The applicable U.S. federal, state and local income tax rules for determining applicable tax benefits we may claim are complex and factual in nature, and there can be no assurance that the IRS, any other taxing authority or a court will not disagree with our tax reporting positions. As a result, payments could be made under the TRA significantly in excess of any tax savings that we realize in respect of the tax attributes that are the subject of the TRA.
In certain cases, payments under the TRA to our pre-IPO equityholders (or their transferees or assignees) may be accelerated or significantly exceed any actual benefits we realize in respect of the tax attributes subject to the TRA.
The TRA will provide that in the case of a certain mergers, asset sales and other transactions constituting a “change of control” under the TRA, the material breach of our obligations under the TRA, certain proceedings seeking liquidation, reorganization or other relief under bankruptcy, insolvency or similar law, or certain dispositions of assets not constituting a change of control, we will be required to make a payment to our pre-IPO equityholders (or their transferees or assignees) in an amount equal to the present value of future payments under the TRA (calculated based on certain assumptions, including those relating to our and our subsidiaries’ future taxable income, using a discount rate equal to the lesser of (i) 650 basis points and (ii) LIBOR plus 100 basis points, which may differ from our, or a potential acquirer’s, then-current cost of capital). In these situations, our obligations under the TRA could have a substantial negative impact on our, or a potential acquirer’s, liquidity and could have the effect of delaying, deferring, modifying the terms or structure of, or preventing potential mergers, asset sales, other forms of business combinations or other change of control transactions. As a result, the obligation to make payments under the TRA, including the acceleration of our obligation to make payments in the event of a “change of control,” could make us a less attractive target for a future acquisition. In addition, we could be required to make payments under the TRA that are substantial and in excess of our, or a potential acquirer’s, actual cash savings in income tax.
These provisions of the TRA may also result in situations in which our pre-IPO equityholders (or their transferees or assignees) have interests that differ from or are in addition to those of our other stockholders. Similarly, decisions we make in the course of running our business, such as with respect to mergers, asset sales, other forms of business combinations or other changes in control, may influence the timing and amount of payments made under the TRA. For example, an earlier disposition of assets resulting in an accelerated use of existing basis or available net operating losses may accelerate payments under the TRA and increase the present value of such payments.
We may have exposure to greater than anticipated tax liabilities and may be affected by changes in tax laws or interpretations, any of which could adversely impact our results of operations.
We are subject to income taxes in the United States and various jurisdictions outside of the United States. Our effective tax rate could fluctuate due to changes in the mix of earnings and losses in countries with differing statutory tax rates. Our tax expense could also be impacted by changes in non-deductible expenses, changes in excess tax benefits of equity-based compensation, changes in the valuation of deferred tax assets and liabilities and our ability to utilize them, the applicability of withholding taxes, effects from acquisitions, and the evaluation of new information that results in a change to a tax position taken in a prior period. A successful assertion by a country, state, or other jurisdiction that we have an income tax filing obligation could result in substantial tax liabilities for prior tax years.
Our tax position could also be impacted by changes in accounting principles, changes in U.S. federal, state, or international tax laws applicable to corporate multinationals, other fundamental law changes currently being considered by many countries, including the United States, and changes in taxing jurisdictions’ administrative interpretations, decisions, policies, and positions. Any of the foregoing changes could have a material adverse impact on our results of operations, cash flows, and financial condition. For example, the Biden administration proposed to increase the U.S. corporate income tax rate from 21% to 28%, increase U.S. taxation of international business operations, and impose a global minimum tax. Any of these developments or changes in federal, state, or international tax laws or tax rulings could adversely affect our effective tax rate and our operating results.
Additionally, the Organization for Economic Co-Operation and Development has released guidance covering various topics, including transfer pricing, country-by-country reporting, and definitional changes to permanent establishment that could ultimately impact our tax liabilities as that guidance is implemented in various jurisdictions.
The multinational nature of our business can expose us to unexpected tax consequences, which may be adverse.
We are subject to income taxes as well as non-income-based taxes, such as payroll, sales, use, value-added, property, and goods and services taxes, in both the United States and various foreign jurisdictions. Our domestic and international tax liabilities are subject to various jurisdictional rules regarding the timing and allocation of revenue and expenses. Additionally, the amount of taxes paid is subject to our interpretation of applicable tax laws in the jurisdictions in which we file and to changes in tax laws. Significant judgment is required in determining our worldwide provision for income taxes and other tax liabilities.
Our future effective tax rate may be affected by such factors as changes in tax laws, regulations, or rates, changing interpretation of existing laws or regulations, the impact of accounting for equity-based compensation, the impact of accounting for business combinations, changes in our international organization, and changes in overall levels of income before tax. In addition, in the ordinary course of our global business, there are many intercompany transactions and calculations where the ultimate tax determination is uncertain. Although we believe that our tax estimates are reasonable, we cannot ensure that the final determination of tax audits or tax disputes will not be different from what is reflected in our historical income tax provisions and accruals.
We may be subject to examinations of our tax returns by the IRS or other tax authorities. An adverse outcome of any such audit or examination by the IRS or other tax authority could have a material adverse effect on our results of operations, financial condition, and liquidity.
The U.S. and non-U.S. tax laws applicable to our business activities are complex and subject to interpretation. We are subject to audit by the IRS and by taxing authorities of the state, local, and foreign jurisdictions in which we operate. Taxing authorities may in the future challenge our tax positions and methodologies on various matters, which could expose us to additional taxes. Any adverse outcomes of such challenges to our tax positions could result in additional taxes for prior periods, interest, and penalties, as well as higher future taxes. In addition, our future tax expense could increase as a result of changes in tax laws, regulations, or accounting principles, or as a result of earning income in jurisdictions that have higher tax rates. An increase in our tax expense could have a negative effect on our financial position and results of operations. Moreover, determining our provision (benefit) for income taxes and other tax liabilities requires significant estimates and judgment by management, and the tax treatment of certain transactions is uncertain. Although we believe we will make reasonable estimates and judgments, the ultimate outcome of any particular issue may differ from the amounts previously recorded in our financial statements and any such occurrence could materially affect our financial position and results of operations.
We may be subject to state and local tax on certain of our services which could subject us to material liability and increase the cost our customers would have to pay for our services.
An increasing number of states and localities have considered or adopted laws that attempt to impose tax collection obligations on out-of-state companies providing services to customers in the relevant jurisdiction. States or local governments may adopt, or begin to enforce, laws requiring us to calculate, collect, and remit taxes on sales of services in their jurisdictions, or they may seek to recharacterize the services we provide in a manner that subjects such services to a higher rate, or different form, of tax. A change in tax laws in, or new administrative guidance issued by, such jurisdictions, or the successful assertion by one or more states or localities, in each case, with the effect that we are required to collect taxes where we presently do not do so, or to collect additional taxes in a jurisdiction in which we currently do collect some taxes, could result in substantial tax liability, including by imposing tax on historical sales, as well as penalties and interest. New or additional sales tax obligations could also create incremental administrative burdens for us, increase our costs of operation, put us at a competitive disadvantage to competitors who may not be subject to such laws, and decrease our future sales to the extent the ultimate burden of the tax is borne by our customers.
General Risk Factors
An active, liquid trading market for our common stock may not develop, which may constrain the market price of our common stock and limit your ability to sell your shares.
Prior to our initial public offering, there was no public market for our common stock. Although our common stock is listed on the New York Stock Exchange under the symbol “HRT,” an active trading market for our shares may not be sustained. The initial public offering price was determined by negotiations between us and the underwriters and may not be indicative of market prices of our common stock that will prevail in the open market. A public trading market having the desirable characteristics of depth, liquidity and orderliness depends upon the existence of willing buyers and sellers at any given time, with that existence being dependent upon the individual decisions of buyers and sellers over which neither we nor any market maker has control. The failure of an active and liquid trading market to continue would likely have a material adverse effect on the value of our common stock. The market price of our common stock declined below the initial public offering price, and there can be no assurance that the market price of our common stock will exceed or remain above the initial public offering price. An inactive market may also impair our ability to raise capital to continue to fund operations by issuing shares and may impair our ability to acquire other companies or technologies by using our shares as consideration.
Our operating results and stock price may be volatile.
Our quarterly operating results are likely to fluctuate in the future. In addition, securities markets worldwide have experienced, and are likely to continue to experience, significant price and volume fluctuations. This market volatility, as well as general economic, market or political conditions, could subject the market price of our shares to wide price fluctuations regardless of our operating performance. Our operating results and the trading price of our shares may fluctuate in response to various factors, including:
•market conditions in our industry or the broader stock market;
•actual or anticipated fluctuations in our quarterly financial and operating results due to seasonality or other reasons;
•introduction of new services by us or our competitors;
•issuance of new or changed securities analysts’ reports or recommendations;
•sales, or anticipated sales, of large blocks of our stock;
•additions or departures of key personnel;
•regulatory or political developments;
•litigation and governmental investigations;
•changing economic conditions;
•investors’ perception of us;
•events beyond our control such as weather, war, and pandemic; and
•any default on our indebtedness.
These and other factors, many of which are beyond our control, may cause our operating results and the market price and demand for our shares to fluctuate substantially. Fluctuations in our quarterly operating results could limit or prevent investors from readily selling their shares and may otherwise negatively affect the market price and liquidity of our shares. In addition, in the past, when the market price of a stock has been volatile, holders of that stock have sometimes instituted securities class action litigation against the company that issued the stock. If any of our stockholders brought a lawsuit against us, we could incur substantial costs defending the lawsuit and be exposed
to potentially significant damages. Such a lawsuit could also divert the time and attention of our management from our business, which could significantly harm our profitability and reputation.
A significant portion of our total outstanding shares are restricted from immediate resale but may be sold into the market in the near future. Future sales of substantial amounts of our common stock, or the possibility that such sales could occur, could adversely affect the market price of our common stock, even if our business is doing well.
At March 11, 2022, we had 79,392,937 shares of common stock outstanding, including the 22,224,646 shares that we sold in our IPO, which were eligible for immediate resale in the public market. Following the consummation of the IPO, shares not sold in the initial public offering were subjected to a 180-day lock-up period provided under lock-up agreements executed in connection with the IPO. All of these shares may be resold after the expiration of the lock-up period, as well as pursuant to customary exceptions thereto or upon the waiver of the lock-up agreement by the representatives on behalf of the underwriters. Approximately 58% of our outstanding stock is owned by our Principal Stockholders, which can be expected to begin liquidating their investments through public market sales in the not-too-distant future.
Open trading windows under our Insider Trading Policy may concentrate insider sales at certain times, and shares we issue as consideration for acquisitions may be subject to lock-up arrangements that expire in large numbers on certain dates. This concentration of relatively heavy selling into certain periods or the perception that such concentration may occur can cause the trading price of our common stock to decline at those times. In addition, our common stock may be thinly traded because the range of investors willing to invest in our shares may be limited by our relatively small float, the fact that we are new to the public markets and we are not well known to many analysts, investors, and others who could influence demand for our shares, and the absence of other publicly traded companies that are directly comparable to us. Consequently, future public market sales of substantial amounts of our common stock, or the perception by the market that these sales could occur, could lower the market price of our common stock or make it difficult for us to raise additional capital.
Because we have no current plans to pay regular cash dividends on our common stock, you may not receive any return on investment unless you sell your common stock for a price greater than what you paid for it.
We do not anticipate paying any regular cash dividends on our common stock in the foreseeable future. Any decision to declare and pay dividends in the future will be made at the discretion of our Board and will depend on, among other things, our results of operations, financial condition, cash requirements, contractual restrictions and other factors that our Board may deem relevant. In addition, our ability to pay dividends is, and will likely continue to be, limited by covenants of existing and any future outstanding indebtedness that we or our subsidiaries incur. Therefore, any return on investment in our common stock is solely dependent upon the appreciation of the price of our common stock on the open market, which may not occur. See “Item 5. Market for Registrant’s Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities — Dividend Policy” for more detail.
If securities or industry analysts do not publish research or reports about our business, if they adversely change their recommendations regarding our shares, or if our results of operations do not meet their expectations, our stock price and trading volume could decline.
The trading market for our shares will be influenced by the research and reports that industry or securities analysts publish about us and our business. We do not have any control over these analysts. If any of these analysts ceases coverage of us or fails to publish reports on us regularly, we could lose visibility in the financial markets, which in turn could cause our stock price or trading volume to decline. Moreover, any of the analysts who cover us downgrades our stock, or if our results of operations do not meet their expectations, our stock price could decline.
Our equity-based compensation and acquisition practices expose our stockholders to dilution.
We have relied and plan to continue to rely upon equity-based compensation, and consequently our outstanding unvested equity awards may represent substantial dilution to our stockholders. In addition, we may use our common stock as consideration for acquisitions of other companies, and we may use shares of our common stock or securities convertible into our common stock from time to time in connection with financings, acquisitions, investments, or
other transactions. Any such issuance could result in substantial dilution to our existing stockholders and cause the trading price of our common stock to decline.
As of December 31, 2021, we had 79,392,937 shares of common stock outstanding, excluding 710,735 restricted stock units and options to purchase 1,889,313 shares of common stock under our 2021 Omnibus Incentive Plan (the “Omnibus Incentive Plan”) (all of which are unvested) and options to purchase an aggregate of 3,760,319 shares of our common stock previously granted under the HireRight GIS Group Holdings LLC Equity Incentive Plan, of which 1,326,620 are vested. All of these outstanding stock awards, together with an additional 5,339,003 shares of our common stock reserved for issuance under our Omnibus Incentive Plan and 1,587,810 shares of common stock reserved under the employee stock purchase plan, and any increase in the shares available pursuant to the plans’ evergreen provisions, are registered for offer and sale on Form S-8 under the Securities Act of 1933. We also intend to register the offer and sale of all other shares of common stock that may be authorized under our current or future equity-based compensation plans, issued under equity plans we may assume in acquisitions, or issued as inducement awards under New York Stock Exchange rules. Shares registered under these registration statements on Form S-8 will be available for sale in the public market subject to vesting arrangements and exercise of options, our Insider Trading Policy trading blackouts, and the restrictions of Rule 144 in the case of our affiliates.
We could be negatively affected by actions of activist stockholders.
Campaigns by stockholders to effect changes at publicly traded companies are sometimes led by investors seeking to increase short-term stockholder value through actions such as financial restructuring, increased debt, special dividends, stock repurchases or sales of assets or the entire company. If we are targeted by an activist stockholder in the future, the process could be costly and time-consuming, disrupt our operations and divert the attention of management and our employees from executing our strategic plan. Additionally, perceived uncertainties as to our future direction as a result of stockholder activism or changes to the composition of our Board may lead to the perception of a change in the direction of our business, instability or lack of continuity, which may be exploited by our competitors, cause concern to current or potential customers, who may choose to transact with our competitors instead of us, and make it more difficult to attract and retain qualified personnel.
We may issue shares of preferred stock in the future, which could make it difficult for another company to acquire us or could otherwise adversely affect holders of our common stock, which could depress the price of our common stock.
Our certificate of incorporation authorizes us to issue one or more series of preferred stock. Our Board has the authority to determine the preferences, limitations and relative rights of the shares of preferred stock and to fix the number of shares constituting any series and the designation of such series, without any further vote or action by our stockholders. Our preferred stock could be issued with voting, liquidation, dividend and other rights superior to the rights of our common stock. The potential issuance of preferred stock may delay or prevent a change in control of us, discouraging bids for our common stock at a premium to the market price, and materially adversely affect the market price and the voting and other rights of the holders of our common stock.