Risk Factors Dashboard
Once a year, publicly traded companies issue a comprehensive report of their business, called a 10-K. A component mandated in the 10-K is the ‘Risk Factors’ section, where companies disclose any major potential risks that they may face. This dashboard highlights all major changes and additions in new 10K reports, allowing investors to quickly identify new potential risks and opportunities.
View risk factors by ticker
Search filings by term
Risk Factors - FRGE
-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing
Item 1A. Risk Factors
We have established policies and processes for assessing, identifying, and managing material risk from cybersecurity threats, and have integrated these processes into our overall risk management framework, systems, and processes. We routinely assess material risks from cybersecurity threats, including any potential unauthorized occurrence on or conducted through our information systems that may result in adverse effects on the confidentiality, integrity, or availability of our information systems or any information residing therein. We implement, refine, and maintain reasonable safeguards designed to minimize identified risks; reasonably address any identified gaps in existing safeguards; and regularly monitor the effectiveness of our safeguards. We use frameworks established by the National Institute of Standards and Technology and other applicable industry standards to further define, benchmark, and refine our cybersecurity practices.
We engage consultants and other third parties in connection with our risk assessment processes. These service providers assist us with designing, implementing, and testing our cybersecurity policies and procedures, as well as advising on applicable disclosure requirements. We used a risk-based approach to require certain third-party service providers to certify that they have the ability to implement and maintain appropriate security measures consistent with all applicable laws, to implement and maintain reasonable security measures in connection with their work with us, and to promptly report any suspected breach of its security measures that may affect us.
To date, we have not experienced any cybersecurity incidents which have materially impacted or are likely to materially impact our business strategy, results of operations, or financial condition based on information known to us as of the date of this Report. As discussed more fully under the section titled “Risk Factors,” in this Report, the sophistication of cyber threats continues to increase, and the preventative actions we take to reduce the risk of cyber incidents and protect our systems and information may be insufficient despite our best efforts. That said, as discussed more fully under the section titled “Risk Factors,” in this Report, the sophistication of cyber threats continues to increase, and the preventative actions we take to reduce the risk of cyber incidents and protect our systems and information may be insufficient despite our best efforts.
Our board of directors, as a whole and as assisted by our risk committee, has responsibility for the oversight of our cybersecurity risk management framework. Consistent with this approach, our board of directors maintains oversight in the context of discussions with management, question and answer sessions, and reports from the management team, each on at least a quarterly basis and ad hoc as needed. Such reports include updates on any cybersecurity incidents and mitigation efforts until they have been resolved. Our board of directors and our audit committee also receives regular and ad hoc reports from our risk committee on all enterprise risks, including risks from cybersecurity threats. Our audit committee provides additional oversight on our cybersecurity risk management framework, with an emphasis on public reporting obligations and the effects cybersecurity risks could have on our financial condition generally.
In addition to the factors discussed elsewhere in this Report, the following risks and uncertainties, some of which have occurred and any of which may occur in the future, could have a material adverse effect on our business, financial condition, results of operations, and cash flows. Additional risks and uncertainties not presently known to us or that we currently deem immaterial may also impair our business, financial condition, results of operations, and cash flows. Our actual results may differ materially from any future results expressed or implied by such forward-looking statements as a result of various factors, including, but not limited to, those discussed in the sections of this Report titled “Cautionary Note Regarding Forward-Looking Statements” and “Management’s Discussion and Analysis of Financial Condition and Results of Operations.”
Risk Factor Summary
An investment in our securities is subject to numerous risks and uncertainties, and the following is a summary of key risk factors when considering an investment. You should read this summary together with the more detailed description of these and other risk factors contained in the subheadings further below.
•We have a history of losses and may not achieve or maintain profitability in the future.
•There is no assurance that our revenue and business models will be successful.
•If we are unable to develop new solutions or adapt to technological changes, our revenue may not grow as expected.
•If we fail to retain our existing clients or acquire new clients in a cost-effective manner, our business could be harmed.If we fail to retain our existing customers or acquire new customers in a cost-effective manner, our business could be harmed.
•We face intense and increasing competition and, if we do not compete effectively, our competitive positioning and operating results will be harmed.
•Given our focus on the private market, our clients may encounter additional risks when investing through our platform, including potential transfer or sale restrictions on securities, lack of information about private companies, opacity in pricing, and liquidity concerns.Given our focus on the private market, our customers may encounter additional risks when investing through our platform, including potential transfer or sale restrictions on securities, lack of information about private companies, opacity in pricing, and liquidity concerns.
•Unfavorable macroeconomic or financial market conditions, as well as adverse global economic or geopolitical conditions could limit our ability to grow our business and adversely affect the results of our operations.
•Our business is subject to extensive, complex, and evolving laws and regulations promulgated by U.S. state, U.S. federal, and non-U.S. laws, including those applicable to broker-dealers, investment advisers, and alternative trading systems, such as regulation by the SEC and FINRA, and in the jurisdictions in which we operate. These laws are subject to change and are interpreted and enforced by various federal, state, and local government authorities, as well as self-regulatory organizations. Compliance with laws and regulations require significant expense and devotion of resources, which may adversely affect our ability to operate profitably.
•We rely on our executive team and key personnel to grow our business, and the loss of or inability to hire either could harm our business.
•Cybersecurity incidents or attacks directed at us and to our systems could result in unauthorized access, information theft, data corruption, operational disruption, and/or financial and reputational loss.Cyber incidents or attacks directed at us and to our systems could result in unauthorized access, information theft, data corruption, operational disruption, and/or financial and reputational loss.
12
•We collect, store, share, disclose, transfer, use, and otherwise process client information and other data, including personal information, and an actual or perceived failure by us or our third-party service providers to protect such information and data or respect clients’ privacy could damage our reputation and brand, negatively affect our ability to retain clients and harm our business, financial condition, operating results, cash flows, and prospects.We collect, store, share, disclose, transfer, use, and otherwise process customer information and other data, including personal information, and an actual or perceived failure by us or our third-party service providers to protect such information and data or respect customers’ privacy could damage our reputation and brand, negatively affect our ability to retain customers and harm our business, financial condition, operating results, cash flows, and prospects.
•We depend on third parties for a wide array of services, systems, and information technology applications, and a breach or violation of law by one of these third parties could disrupt our business. Additionally, the loss of any of those service providers could materially and adversely affect our business, results of operations, and financial condition.
•We have previously completed and may continue to evaluate and complete acquisitions in the future, which could require significant management attention, result in additional dilution to our stockholders, increase expenses, disrupt our business, and adversely affect our financial results.
Risks Related to Our Business
We have a history of losses and may not achieve or maintain profitability in the future.
Our net loss was $66.3 million and $90.2 million for the years ended December 31, 2024 and 2023, respectively.Our net loss was $90.2 million and $111.9 million for the years ended December 31, 2023 and 2022, respectively. As of December 31, 2024, we had an accumulated deficit of $347.0 million. We may continue to incur net losses in the future. We will need to generate and sustain significant revenue for our business generally in future periods in order to achieve and maintain profitability. We also expect general and administrative expenses to continue to increase to meet the increased compliance and other requirements associated with operating as a public company and evolving regulatory requirements. We also expect general and administrative expenses to continue to increase to meet the 13Table of Contentsincreased compliance and other requirements associated with operating as a public company and evolving regulatory requirements.
Our efforts to grow our business may be more costly than we expect, and we may not be able to increase our revenue sufficiently to offset our higher operating expenses. We may continue to incur losses, and we may not achieve or maintain future profitability due to a number of reasons, including the risks described in this Report, unforeseen expenses, difficulties, complications and delays, and other unknown events. Furthermore, if our future growth and operating performance fail to meet investor or analyst expectations, or if we have future negative cash flow or losses resulting from expanding our operations, this could make it difficult for you to evaluate our current business and our future prospects and have a material adverse effect on our business, financial condition, and results of operations.
There is no assurance that our revenue and business models will be successful.
Our revenue is primarily driven by fees generated from our marketplace and custody solutions. If we fail to grow and maintain our client base and invest in our platform in a cost-effective manner, we may be unable to increase revenue and achieve profitability. Our revenue can be adversely affected by numerous market trends, including but not limited to, a reduction in anticipated or planned IPOs, lowered private company funding activity, and lowered consumer appetite due to changes in macroeconomic conditions such as inflation, fiscal policies, interest rates, and overall market volatility. These trends could all, individually or together, negatively impact our revenue and overall financial position.
Furthermore, although we continue to invest and develop our platform to complete transactions in a more automated and technology enabled manner, portions of our platform rely upon manual procedures carried out by our private market specialists who help facilitate trades between buyers and sellers. Our Private Company Solutions, asset management services, and data products also may not gain broad market acceptance and therefore may fail to generate material revenue or increased participation in our platform generally.
While some of our issuer clients may prefer that we not publish the transaction prices for transactions in their securities, we maintain that such prices are, by definition, information belonging to us. We negotiate exceptions to this policy on a case-by-case basis, and such exceptions have historically been very limited. Accordingly, our revenue may be adversely impacted to the extent that we are not able to publish transaction prices or related data through our marketplace and data solutions.
We continually refine our revenue and business model, which is premised on creating a virtuous cycle for our clients to engage in more products across our platform. We promote our platform as providing a holistic suite of complementary solutions that allows clients to engage in various investment opportunities in the private markets with support from beginning to end. However, there is no assurance that these efforts will be successful or that we will generate revenues commensurate with our efforts and expectations, or become profitable. There is no assurance that these efforts will be successful or that we will generate revenues commensurate with our efforts and expectations, or become profitable.
13
If we are unable to develop new solutions or adapt to technological changes, our revenue may not grow as expected.
We operate in a dynamic industry characterized by rapidly evolving technology, frequent product introductions, and competition based on pricing and other differentiators. Our scalability could be contingent on us successfully automating portions of our platform that rely on manual processes, which may be expensive and time consuming, and the success of which is not guaranteed. Our scalability could be contingent on us successfully building a mobile app for our services, which may be expensive and time consuming, and the success of which is not guaranteed. In addition, we may increasingly rely on technological innovation as we introduce new types of products, expand our current products into new markets, and continue to streamline our platform. The process of developing new technologies and products is complex, and if we are unable to successfully innovate and continue to deliver a superior experience, demand for our products may decrease and our growth and operations may be harmed.
If we fail to retain our existing clients or acquire new clients in a cost-effective manner, our business could be harmed.If we fail to retain our existing customers or acquire new customers in a cost-effective manner, our business could be harmed.
Our continued business and revenue growth is dependent on our ability to cost-effectively attract new clients, retain existing clients, and increase usage of our products and services, and we cannot be sure that we will be successful in these efforts.Our continued business and revenue growth is dependent on our ability to cost-effectively attract new customers, retain existing customers, and increase usage of our products and services, and we cannot be sure that we will be successful 14Table of Contentsin these efforts. As we expand our business operations and potentially enter new markets, new challenges in attracting and retaining clients will arise that we may not successfully address.
We face intense and increasing competition and, if we do not compete effectively, our competitive positioning and operating results will be harmed.
We expect our competition to continue to increase. In addition to established enterprises and global banks, we may also face competition from early-stage companies attempting to capitalize on the same, or similar, opportunities as we are. Some of our current and potential competitors have longer operating histories, significantly greater financial, technical, marketing, and other resources and a larger client base than we do. Any of these advantages would allow competitors to potentially offer more competitive pricing or other terms or features, a broader range of investment and financial products, or a more specialized set of specific products or services, as well as respond more quickly than we can to new or emerging technologies and changes in client preferences. Our existing or future competitors may develop products or services that are similar to our products and services or that achieve greater market acceptance than our products and services, which could attract new clients away from our services and reduce our market share. Additionally, when new competitors seek to enter our markets, or when existing market participants seek to increase their market share, these competitors sometimes undercut, or otherwise exert pressure on, the pricing terms prevalent in that market, which could adversely affect our revenues, market share, or ability to capitalize on new market opportunities.
Given our focus on the private market, our clients may encounter additional risks when investing through our platform, including potential transfer or sale restrictions on securities, lack of information about private companies, opacity in pricing, and liquidity concerns.Given our focus on the private market, our customers may encounter additional risks when investing through our platform, including potential transfer or sale restrictions on securities, lack of information about private companies, opacity in pricing, and liquidity concerns.
Institutions and individual investors face significant risk when buying securities on our platform, which may make our offerings generally less attractive. These risks include the following:
•private companies may exercise their right of first refusal over the securities or otherwise prohibit the transfer of the securities, and therefore certain securities on our platform may not be available to certain investors;
•private companies are not required to make periodic public filings, and therefore certain capitalization, operational, and financial information may not be available for evaluation;
•an investment may only be appropriate for investors with a long-term investment horizon and a capacity to absorb a loss of some or all of their investment;
•the securities, when purchased, are generally highly illiquid, are often subject to further transfer restrictions, and no public market exists for such securities;
•post-IPO transfer restrictions, including lock-up restrictions, may ultimately limit the ability to sell the securities on the open market; and
•transactions may fail to settle, which could harm our reputation.
14
We have and may in the future become involved in, disputes or litigation matters between clients with respect to failed transactions on our platform (such as in the event of delayed delivery or a failure to deliver securities).
We have and may in the future become involved in, disputes and litigation matters between clients with respect to transactions on our platform.We have and may in the future become involved in, disputes and litigation matters between customers with respect to transactions on our platform. The high notional value of transactions on our platform makes us a target for clients to engage in lawsuits between one another and/or with us. The high notional value of transactions on our platform makes us a target for customers to engage in lawsuits between one another and/or with us. There is a risk that clients may increasingly look to us to make them whole for delayed and/or broken trades. There is a risk that customers may increasingly look to us to make them whole for delayed and/or broken trades. Clients may litigate over a failure of sellers to deliver securities or over the untimely deliveries of securities. Customers may litigate over a failure of sellers to deliver securities or over the untimely deliveries of securities. Any litigation to which we are a party could be expensive and time consuming, regardless of the ultimate outcome, and the potential costs and risks of such litigation may incentivize us to settle. Additionally, we may agree to forego commissions in a failed settlement situation even if we are not at fault or do not have an obligation to do so for client relations or other reasons. If we reduce or forego commissions on behalf of clients, it would lead to a reduction in profits. If we reduce or forego commissions on behalf of customers, it would lead to a reduction in profits.
If we fail to effectively manage future growth by developing and investing in our infrastructure as appropriate, our business, operating results and financial condition could be adversely affected.15Table of ContentsIf we fail to effectively manage future growth by developing and investing in our infrastructure as appropriate, our business, operating results and financial condition could be adversely affected.
We have and expect to continue to experience growth, and intend to continue to expand our operations. This growth has placed, and will continue to place, significant demands on our management, operational, and financial infrastructure, and our business, financial condition, and results of operations could be materially and adversely affected if we are unable to manage such growth. Our future growth will depend on our ability to incur significant additional expenses and commit additional senior management and operational resources. To manage our growth effectively, we must continue to improve our operational, financial, and management systems and controls by, among other things:
•effectively attracting, training, integrating, and retaining new personnel;
•further improving our key business systems, processes, and information technology infrastructure, including our and third-party services, to support our business needs;
•enhancing our information, training, and communication systems to ensure that our personnel are well-coordinated and can effectively communicate with each other and our clients; and
•improving our internal control over financial reporting and disclosure controls and procedures to ensure timely and accurate reporting of our operational and financial results.
If we fail to manage our expansion, implement improvements, or maintain effective internal controls and procedures, our costs and expenses may increase more than we plan and we may lose the ability to develop new solutions, satisfy our clients, respond to competitive pressures, or otherwise execute our business plan.
Our projections and key performance metrics are subject to significant risks, assumptions, estimates, judgments, and uncertainties. As a result, our financial and operating results may differ materially from our expectations.
We operate in a competitive industry, and our projections and calculations of key performance metrics are subject to the risks and assumptions made by management with respect to our industry. Operating results are difficult to forecast because they generally depend on a number of factors, including the competition we face, as well as our ability to attract and retain clients while generating sustained revenues through our services. We may be unable to adopt measures in a timely manner to compensate for any unexpected shortfall in income. Any of these factors could cause our operating results in a given quarter to be higher or lower than expected, which makes creating accurate forecasts and budgets challenging. As a result, we may fall materially short of our forecasts and expectations, including with respect to our key performance metrics, which could cause our stock price to decline and investors to lose confidence in us and our business, financial condition, and results of operations.
We may require additional capital to satisfy our liquidity needs and support the growth of our business, and this capital might not be available to us on reasonable terms.
We may require additional capital to satisfy our liquidity needs, support the growth of our business, and respond to competitive challenges, including the need to promote our products and services, develop new products and services, enhance our existing products, services, and operating infrastructure, and acquire and invest in complementary companies, businesses,
15
and technologies. When available cash is not sufficient for our liquidity and growth needs, we may need to engage in equity or debt financings to secure additional funds. There can be no assurance that such additional funding will be available on terms attractive to us, or at all, and our inability to obtain additional funding when needed could have an adverse effect on our business, financial condition and results of operations.
In addition, if additional funds are raised through the issuance of equity or convertible debt securities, our stockholders could suffer significant dilution, and any new shares we issue in connection therewith could have rights, preferences, and privileges superior to those of our current stockholders. Any debt financing secured by us in the future could involve restrictive covenants relating to our capital-raising activities and other financial and operational matters, which may make it more difficult for us to obtain additional capital and to pursue future business opportunities.
We are subject to regulations which require us to maintain appropriate capital adequacy and liquidity reserves.
Maintaining adequate liquidity is crucial to our securities brokerage business operations. We meet our liquidity needs primarily from working capital and cash generated by client activity, as well as from external equity financing. We meet our liquidity needs primarily from working capital and cash generated by customer activity, as well as from external equity financing. Increases in the number of clients, fluctuations in client cash or deposit balances, as well as market conditions or changes in regulatory treatment of client deposits, may affect our ability to meet our liquidity needs. Increases in the number of customers, fluctuations in customer cash or deposit balances, as well as market conditions or changes in regulatory treatment of customer deposits, may affect our ability to meet our liquidity needs. Our broker-dealer subsidiary, Forge Securities LLC ("Forge Securities"), is subject to Rule 15c3-1 under the Exchange Act, which specifies minimum capital requirements intended to ensure the general financial soundness and liquidity of broker-dealers. Our broker-dealer subsidiary, Forge Securities, is subject to Rule 15c3-1 under the Exchange Act, which specifies minimum capital requirements intended to ensure the general financial soundness and liquidity of broker-dealers. Forge Securities is exempt from the requirements of Rule 15c3-3 under the Exchange Act, which requires broker-dealers to maintain certain liquidity reserves. Additionally, our trust company subsidiary, Forge Trust Co., is subject to minimum capital requirements of the State of South Dakota, in which it is chartered.
A reduction in our liquidity position could reduce our clients’ confidence in us, which could result in the withdrawal of client assets and loss of clients, or could cause us to fail to satisfy broker-dealer or other regulatory capital guidelines, which may result in immediate suspension of securities activities, regulatory prohibitions against certain business practices, increased regulatory inquiries and reporting requirements, increased costs, fines, penalties, or other sanctions, including suspension or expulsion by the SEC, FINRA, or other self-regulatory organizations or state regulators, and could ultimately lead to the liquidation of our broker-dealers or other regulated entities.A reduction in our liquidity position could reduce our customers’ confidence in us, which could result in the withdrawal of customer assets and loss of customers, or could cause us to fail to satisfy broker-dealer or other regulatory capital guidelines, which may result in immediate suspension of securities activities, regulatory prohibitions against certain business practices, increased regulatory inquiries and reporting requirements, increased costs, fines, penalties, or other sanctions, including suspension or expulsion by the SEC, FINRA, or other self-regulatory organizations or state regulators, and could ultimately lead to the liquidation of our broker-dealers or other regulated entities.
We have previously completed and may continue to evaluate and complete acquisitions in the future, which could require significant management attention, result in additional dilution to our stockholders, increase expenses, disrupt our business, and adversely affect our financial results.
Our success will depend, in part, on our ability to expand our business. In some circumstances, we may determine to do so through the acquisition of complementary assets, businesses, and technologies rather than through internal development. The identification of suitable acquisition candidates can be difficult, time-consuming, and costly, and we may not be able to successfully complete or integrate acquisitions. The risks we face in connection with acquisitions include:
•diversion of management time and focus from operating our business to addressing acquisition integration challenges;
•poor quality or misleading performance data available during due diligence, and resultant inability to realize the projected benefits of such acquisitions;
•difficulties or delays in obtaining required regulatory approvals;
•coordination of technology, product development, risk management, sales, and marketing functions;
•retention of personnel from the acquired company, and retention of our personnel who were attracted to us because of our smaller size or for other reasons;
•cultural challenges associated with integrating personnel from the acquired company into our organization;
•integration of the acquired company’s accounting, management information, human resources, and other administrative systems;
16
•the need to implement or improve controls, procedures, and policies at a business that prior to the acquisition may have lacked effective controls, information security safeguards, procedures, and policies;
•potential write-offs or impairments of goodwill, other intangible assets or long-lived assets;
•liability for activities of the acquired company before the acquisition, including intellectual property infringement claims, violations of laws, commercial disputes, tax liabilities, and other known and unknown liabilities;
•litigation or other claims in connection with the acquired company, including claims from terminated employees, subscribers, former stockholders, or other third parties; and
•geographic expansion that may expose our business to known and unknown regulatory compliance risks including elevated risk factors for tax compliance, money laundering controls, and supervisory controls oversight.
Our failure to address these risks or other problems encountered in connection with our acquisitions and investments could cause us to fail to realize the anticipated benefits of these acquisitions or investments, cause us to incur unanticipated liabilities and harm our business generally. Future acquisitions could also result in dilutive issuances of our equity securities, the incurrence of debt, contingent liabilities, regulatory obligations to further capitalize our business, and goodwill and intangible asset impairments, any of which could harm our financial condition and negatively impact our stockholders. To the extent we pay the consideration for any future acquisitions or investments in cash, it would reduce the amount of cash available to us for other purposes. In addition, to the extent we issue equity securities to pay for any such acquisitions or investments, any such issuances of additional capital stock may cause stockholders to experience significant dilution of their ownership interests and the per share value of our common stock to decline.
Unfavorable macroeconomic or financial market conditions, as well as adverse global economic or geopolitical conditions could limit our ability to grow our business and adversely affect the results of our operations.
As a financial services company, our business, results of operations and reputation are directly affected by elements beyond our control, such as macroeconomic and geopolitical conflicts that might affect the volatility in financial markets. In particular, market volatility can decrease investor appetite in the private market and increase liquidity risks to private equity valuations given uncertainty around settlement prices for illiquid assets. Weaknesses in public and private equity markets could also cause our existing clients to incur losses, which in turn could cause our brand and reputation to suffer. Weaknesses in public and private equity markets could also cause our existing customers to incur losses, which in turn could cause our brand and reputation to suffer.
Our business depends on our trusted brand, and failure to maintain and protect our brand, or any damage to our reputation, or the reputation of our partners, could adversely affect our business, financial condition, or results of operations.
We believe we are developing a trusted brand that has contributed to the success of our business. We believe that maintaining and promoting our brand in a cost-effective manner is critical to achieving widespread acceptance of our products and services and expanding our base of clients. Maintaining, promoting, and positioning our brand and reputation will depend on our ability to continue providing useful, reliable, secure, and innovative products and services; to maintain trust and remain a financial services leader; and to provide a consistent, high-quality client experience.
We may introduce, or make changes to, features, products, services, privacy practices, or terms of service that clients do not like, which may materially and adversely affect our brand.We may introduce, or make changes to, features, products, services, privacy practices, or terms of service that customers do not like, which may materially and adversely affect our brand. Our brand promotion activities may not generate client awareness or increase revenue, and even if they do, any increase in revenue may not offset the expenses we incur in building our brand. Our brand promotion activities may not generate customer awareness or increase revenue, and even if they do, any increase in revenue may not offset the expenses we incur in building our brand. If we fail to successfully promote and maintain our brand or if we incur excessive expenses in this effort, our business could be materially and adversely harmed.
Harm to our brand can arise from many sources, including failure by us or our partners and service providers to satisfy expectations of service and quality, inadequate protection or actual or perceived misuse of personally identifiable information, compliance failures and claims, regulatory inquiries and enforcement, rumors, litigation and other claims, misconduct by our partners, personnel or other counterparties, and actual or perceived failure to adequately address the environmental, social, and governance expectations of our various stakeholders, any of which could lead to a tarnished reputation and loss of clients. We may in the future be the target of incomplete, inaccurate, and misleading or false statements about our company and our business that could damage our brand and deter clients from adopting our services. Any negative publicity about our industry or our company, the quality and reliability of our products and services, our compliance and risk
17
management processes, changes to our products and services, our privacy, data protection, and information security practices, litigation, regulatory licensing and infrastructure, and the experience of our clients with our products or services could adversely affect our reputation and the confidence in and use of our products and services. If we do not successfully maintain a strong and trusted brand, our business, financial condition, and results of operations could be materially and adversely affected.
We conduct our brokerage and other business operations through subsidiaries and rely on dividends from our subsidiaries for a substantial amount of our cash flows.We conduct our brokerage and other business operations through subsidiaries and may in the future rely on dividends from our subsidiaries for a substantial amount of our cash flows.
We depend on dividends, distributions, and other payments from our subsidiaries to fund payments on our obligations, including any debt obligations we may incur.We may in the future depend on dividends, distributions, and other payments from our subsidiaries to fund payments on our obligations, including any debt obligations we may incur. Regulatory and other legal restrictions may limit our ability to transfer funds to or from certain subsidiaries, including Forge Securities. In addition, certain of our subsidiaries are subject to laws and regulations that authorize regulatory bodies to block or reduce the flow of funds to us, or that prohibit such transfers altogether in certain circumstances. These laws and regulations may hinder our ability to access funds that we may need to make payments on our obligations, including any debt obligations we may incur and otherwise conduct our business by, among other things, reducing our liquidity in the form of corporate cash. These laws and regulations may hinder our ability to access funds that we may 18Table of Contentsneed to make payments on our obligations, including any debt obligations we may incur and otherwise conduct our business by, among other things, reducing our liquidity in the form of corporate cash. In addition to negatively affecting our business, a significant decrease in our liquidity could also reduce investor confidence in us. Certain rules and regulations of the SEC and FINRA may limit the extent to which our broker-dealer subsidiary may distribute capital to us. For example, under SEC rules applicable to Forge Securities, a dividend in excess of 30% of a member firm’s excess net capital may not be paid without Forge Securities providing prior written notice. Compliance with these rules may impede our ability to receive dividends, distributions, and other payments from Forge Securities.
Fluctuations in interest rates can affect the results of our operations.
Sustained high interest rates could shift investment preferences and flows affecting client appetite for trading in private equity assets on our Forge marketplace, and could also adversely influence fund redemption rates and allocation within our subsidiary, Forge Global Advisors LLC ("FGA").Sustained high interest rates could shift investment preferences and flows affecting customer appetite for trading in private equity assets on our Forge Markets platform, and could also adversely influence fund redemption rates and allocation within our subsidiary, Forge Global Advisors LLC ("FGA"). Conversely, low interest rates directly reduce our ability to earn custodial administration fees from our custodial solutions, but could increase activity on our Forge marketplace and positively influence fund redemption rates and allocation within FGA. Conversely, low interest rates directly reduce our ability to earn custodial administration fees from our Forge Trust services, but could increase activity on our Forge Markets platform and positively influence fund redemption rates and allocation within FGA. Accordingly, fluctuations in interest rates can both positively and adversely affect our business, financial condition, results of operations, cash flows, and future prospects.
Failure to maintain effective internal controls over financial reporting in accordance with Section 404 of the Sarbanes-Oxley Act could have an adverse effect on our business and stock price.
As a public company, we are required to maintain effective internal control over financial reporting in accordance with Section 404 of the Sarbanes-Oxley Act. Internal control over financial reporting is complex and may be revised over time to adapt to changes in our business, or changes in applicable accounting rules. We have designed, implemented, and tested our internal control over financial reporting required to comply with these obligations. This process is time-consuming, costly, and complicated. We cannot assure you that our internal control over financial reporting will be effective in the future or that a material weakness will not be discovered with respect to a prior period for which we had previously believed that internal controls were effective. Matters impacting our internal controls may cause us to be unable to report our financial information on a timely basis or may cause us to restate previously issued financial information, and thereby subject us to adverse regulatory consequences, including sanctions or investigations by the SEC, or violations of applicable stock exchange listing rules. This could result in a negative reaction from the financial markets due to a loss of investor confidence in us and the reliability of our financial statements. Confidence in the reliability of our financial statements is also likely to suffer if we report a material weakness in our internal control over financial reporting. This could materially adversely affect us by, for example, leading to a decline in our share price and an inability to remain listed on the NYSE. Furthermore, we could become subject to investigations by the NYSE, the SEC, or other regulatory authorities, which could require additional financial and management resources. These events could have a material and adverse effect on our business, results of operations, financial condition, and prospects.
If our goodwill, or other intangible assets, or fixed assets become impaired, we may be required to record a charge to our earnings.
We are required to test goodwill for impairment at least annually or earlier if events or changes in circumstances indicate the carrying value may not be recoverable. As of December 31, 2024, we had recorded a total of approximately $126 million of goodwill and other intangible assets. An adverse change in domestic or global market conditions, and/or
18
declines in our stock price, particularly if such change has the effect of changing one of our critical assumptions or estimates made in connection with the impairment testing of goodwill or intangible assets, could result in a change to the estimation of fair value that could result in an impairment charge to our goodwill or other intangible assets. Any such material charges may have a negative impact on our operating results or financial condition.
Regulatory, Tax, and Legal Risks
Our business is subject to extensive, complex, and evolving laws and regulations promulgated by U.S. state, U.S. federal, and non-U.S. laws, including those applicable to broker-dealers, investment advisers, and alternative trading systems, such as regulation by the SEC and FINRA, and in the jurisdictions in which we operate. These laws are subject to change and are interpreted and enforced by various federal, state, and local government authorities, as well as self-regulatory organizations. Compliance with laws and regulations require significant expense and devotion of resources, which may adversely affect our ability to operate profitably.
We are subject to various federal, state, and local regulatory regimes. The principal policy objectives of these regulatory regimes are to protect borrowers, investors, and other financial services clients and to prevent fraud, money laundering, and terrorist financing. Laws and regulations, among other things, impose licensing and qualifications requirements; require various disclosures and consents; mandate or prohibit certain terms and conditions for various financial products; prohibit discrimination based on certain prohibited bases; prohibit unfair, deceptive, or abusive acts or practices; require us to submit to examinations by federal, state, and local regulatory regimes; and require us to maintain various policies, procedures, and internal controls, including in some cases, internal information barriers. There is a risk that our affiliated entities will not maintain proper information barriers if we fail to develop and enforce appropriate policies and procedures regarding information barriers between entities. The introduction of new laws and regulations related to our businesses, and changes in the enforcement of existing laws and regulations, could have a negative impact on our results and ability to operate.
FGA is an investment adviser registered with the SEC under the Investment Advisers Act of 1940, as amended (the “Advisers Act”). As such, FGA is subject to the anti-fraud provisions of the Advisers Act and to fiduciary duties derived from these provisions, which apply to our relationships with the funds we manage. These provisions and duties impose restrictions and obligations on us with respect to our dealings with our clients, fund investors, and our investments; including, for example, restrictions on transactions with our affiliates. These provisions and duties impose restrictions and obligations on us with respect to our dealings with our customers, fund investors, and our investments; including, for example, restrictions on transactions with our affiliates. In addition, FGA is subject to periodic SEC examinations and other requirements under the Advisers Act and related regulations primarily intended to benefit advisory clients. These additional requirements relate to matters including maintaining effective and comprehensive compliance programs, record-keeping, and reporting and disclosure requirements. The Advisers Act generally grants the SEC broad powers, including the power to limit or restrict an investment adviser from conducting advisory activities in the event it fails to comply with federal securities laws. Additional sanctions that may be imposed for failure to comply with applicable requirements include the prohibition of individuals from associating with an investment adviser, the revocation of registrations, and other censures and fines. Even if an investigation or proceeding did not result in a sanction or the sanction imposed against us or our personnel by a regulator were small in monetary amount, the adverse publicity relating to the investigation, proceeding, or imposition of these sanctions could harm our reputation and cause us to lose existing clients or fail to gain new clients.
Our subsidiary, Forge Securities, is an SEC registered broker-dealer and member of FINRA that operates an alternative trading system. Broker-dealer activities are highly regulated, including under federal, state, and other applicable laws, rules, and regulations, and we may be adversely affected by regulatory changes related to suitability of financial products, supervision, sales practices, advertising, private placements, application of fiduciary standards, best execution, and market structure, any of which could limit our business and damage our reputation. FINRA has adopted extensive regulatory requirements relating to sales practices, advertising, registration of personnel, compliance and supervision, and compensation and disclosure, to which Forge Securities and its personnel are subject. FINRA and the SEC also have the authority to conduct periodic examinations of Forge Securities, and may also conduct administrative and enforcement proceedings. Additionally, material expansions of the business in which Forge Securities engages are subject to approval by FINRA. This could delay, or even prevent, the firm’s ability to expand its securities and brokerage offerings in the future.
Our subsidiary, Forge Trust Co., is a South Dakota non-depository trust company authorized to act as a custodian of self-directed individual retirement accounts. Forge Trust Co. is registered with and subject to regulation and examinations by the South Dakota Division of Banking. Forge Trust Co. is also subject to the Bank Secrecy Act, the regulations promulgated by FinCEN, as well as the economic and trade sanction programs administered by OFAC.
19
Our subsidiary, Forge Lending LLC, is a licensed lender with the State of California and is subject to regulation and examinations by the Department of Financial Protection and Innovation pursuant to the California Financing Law.
Monitoring and complying with all applicable laws and regulations across different entities can be difficult and costly. Failure to comply with any of these requirements may result in, among other things, enforcement action by governmental authorities and self-regulatory organizations, lawsuits, monetary damages, fines or monetary penalties, restitution or other payments to investors, modifications to business practices, revocation of required licenses or registrations, voiding of loan contracts, and reputational harm, all of which could materially harm our results of operations. Failure to comply with any of these requirements may result in, among other things, enforcement action by governmental authorities, lawsuits, monetary damages, fines or monetary penalties, restitution or other payments to investors, modifications to business practices, revocation of required licenses or registrations, voiding of loan contracts, and reputational harm, all of which could materially harm our results of operations.
The regulatory requirements to which we are subject result in substantial compliance costs, and our business would be adversely affected if any applicable authorities determine we are not in compliance with those requirements.
We must comply with state licensing requirements and varying compliance requirements in all the states in which we operate and the District of Columbia. In addition, we rely on certain exemptions from licensing requirements in other jurisdictions where we conduct business. In addition, we rely on certain exemptions from licensing requirements in other 20Table of Contentsjurisdictions where we conduct business. Changes in licensing and registration laws may result in increased disclosure requirements, increased fees, or may impose other conditions to licensing or registrations that we or our personnel are unable to meet. In most states and jurisdictions in which we operate, a regulatory agency or agencies regulate and enforce laws relating to loan servicers, brokers, originators, collection agencies, and money services businesses. We are subject to periodic examinations by state and other regulators in the jurisdictions in which we conduct business, which can result in increases in our administrative costs and refunds to borrowers of certain fees earned by us, and we may be required to pay substantial and material penalties imposed by those regulators due to compliance errors, including any failures to properly register for applicable licenses or registrations, or we may lose our license or our ability to do business in the jurisdiction otherwise may be impaired. Fines and penalties incurred in one jurisdiction may cause investigations or other actions by regulators in other jurisdictions.
We may not be able to acquire or maintain all requisite licenses, registrations, and permits. If we change or expand our business activities, either in scope or geographically, we may be required to obtain additional licenses before we can engage in those activities. If we change or expand our business activities, either in scope or geographically such as through our recent establishment of Forge Europe, we may be required to obtain additional licenses before we can engage in those activities. In addition, the jurisdictions that currently do not regulate our business may later choose to do so, and if this occurs, we may not be able to obtain or acquire or maintain all requisite licenses, registrations, and permits, which could require us to modify or limit our activities in the relevant jurisdictions. The failure to satisfy those and other regulatory requirements could have a material adverse effect on our business, financial condition, and results of operations.
We have expanded and may continue to expand into international markets, which exposes us to significant new risks, and our international expansion efforts may not be successful.
We operate and serve investors in foreign jurisdictions, and our business is subject to the laws and requirements of each jurisdiction in which we operate. Issuers, buyers and sellers from over 80 jurisdictions have transacted on our platform since inception as of December 31, 2024 (including the historical business and companies we have acquired on a pro forma basis). While our operations are chiefly located in the United States and the majority of our trading revenues are derived from transactions involving U.S. issuers, we have and may continue to expand internationally in order to match the global demand for our products and services. These international expansion efforts include Forge Europe, which operates in Germany and the UK through our subsidiaries Forge Europe GmbH (“Forge GmbH”) and Forge Europe UK Ltd (“Forge UK”), respectively.
Forge GmbH has registered with the Federal Financial Supervisory Authority ("BaFin”) as a tied agent to provide investment brokerage services in Germany exclusively under the license and liability of Effecta GmbH, an independent third-party which is registered with BaFin as an investment firm. In addition, Forge UK, a wholly owned subsidiary of Forge GmbH, is an appointed representative of Sapeno Partners LLC, an independent third-party which is authorized and regulated by the Financial Conduct Authority to facilitate transactions in securities. In addition, Forge UK, a wholly owned subsidiary of Forge GmbH, is an appointed representative of Kroll Securities Limited, an independent third-party which is authorized and regulated by the Financial Conduct Authority to facilitate transactions in securities. Accordingly, the ability of Forge GmbH and Forge UK to conduct their business is dependent on the good standing of the principal firms under whose license we operate in the respective jurisdiction, and any suspension or other restriction on their licenses may have a material adverse effect on our expansion efforts and restrict our ability to operate in the respective jurisdiction. Accordingly, the ability of Forge GmbH and Forge UK to conduct their business is completely dependent on the good standing of the principal firms under whose license we operate in the respective jurisdiction, and any suspension or other restriction on their licenses may have a material adverse effect on our expansion efforts and restrict our ability to operate in the respective jurisdiction.
There is risk that local regulators may determine we are not in compliance with applicable local laws and regulations. In such cases, we may be subject to material fines and penalties, and may need to materially modify, limit, or cease operations in that jurisdiction. In addition, if we change or expand our business activities, we may be required to obtain additional licenses or registrations before we can engage in those activities in each jurisdiction, which could cause us to incur
20
substantial compliance costs. If we apply for a new license or registration, a regulator may determine that we were required to do so at an earlier point in time, and as a result, may impose penalties or refuse to issue the license, which could require us to materially modify, limit, or cease our activities in the relevant jurisdiction. We may be required to pay substantial penalties imposed by those regulators due to compliance errors, or we may lose our license or our ability to do business in the jurisdiction otherwise may be impaired. Fines and penalties incurred in one jurisdiction may cause investigations or other actions by regulators in other jurisdictions. This could be detrimental to our business, resulting in lost revenue, fines, or other adverse consequences. In addition, the jurisdictions that currently do not provide extensive regulation of our business may later choose to do so, and if such jurisdictions so act, we could incur substantial compliance costs and may not be able to obtain or maintain all requisite licenses and permits, which could require us to modify, limit, or cease our activities in the relevant jurisdiction or jurisdictions.
In addition to regulatory risks, there are significant risks and costs inherent in doing business in international markets, including:
•difficulty establishing and managing international operations and the increased operations, travel, infrastructure, and legal and compliance costs associated with locations in different countries or regions;
•difficulties or delays in obtaining and/or maintaining the regulatory permissions, authorizations, licenses, or consents that may be required to offer certain products in one or more international markets;
•difficulties in managing multiple regulatory relationships across different jurisdictions on complex legal and regulatory matters;
•difficulties in identifying and obtaining appropriate local foreign counsel in the jurisdictions in which we operate or plan to operate;
•if we were to engage in any merger or acquisition activity internationally, this is complex and would be new for us and subject to additional regulatory scrutiny;
•the need to vary products, pricing, and margins to effectively compete in international markets;
•the need to adapt and localize products for specific countries, including obtaining rights to third-party intellectual property used in each country;
•increased competition from local providers of similar products and services;
•the challenge of positioning our products and services to meet a demand in the local market;
•the ability to obtain, maintain, protect, defend, and enforce intellectual property rights abroad;
•the need to offer client support and other aspects of our offering (including websites, articles, blog posts, and client support documentation) in various languages;
•compliance with anti-bribery laws and the potential for increased complexity due to the requirements on us as a group to follow multiple rule sets;
•maintaining risk management frameworks, and adhering to appropriate global and local regulatory risk management guidelines, prudential rules, and control standards.
•complexity and other risks associated with current and future legal requirements in other countries, including laws, rules, regulations, and other legal requirements related to cybersecurity and data privacy frameworks and labor and employment laws;
•the need to enter into new business partnerships with third-party service providers in order to provide products and services in the local market, which we may rely upon to be able to provide such products and services or to meet certain regulatory obligations;
21
•varying levels of internet technology adoption and infrastructure, and increased or varying network and hosting service provider costs and differences in technology service delivery in different countries;
•fluctuations in currency exchange rates and the requirements of currency control regulations, which might restrict or prohibit conversion of other currencies into U.S. dollars;
•taxation of our international earnings and potentially adverse tax consequences due to requirements of or changes in the income and other tax laws of the United States or the international jurisdictions in which we operate; and
•political or social unrest or economic instability in a specific country or region in which we operate.
We have limited experience with international regulatory environments and market practices, and we may not be able to penetrate or successfully operate in the markets we choose to enter.22Table of ContentsWe have limited experience with international regulatory environments and market practices, and we may not be able to penetrate or successfully operate in the markets we choose to enter. In addition, we may incur significant expenses as a result of our international expansion, and we may not be successful. We also may fail to sufficiently adapt our offerings in terms of language, culture, issuer operations, stockholder behaviors, investor preferences, or otherwise, which would limit or prevent our success in entering new markets.
We have in the past, and will continue to be, subject to inquiries, exams, investigations, or enforcement matters, any of which could have an adverse effect on our business.
The financial services industry is subject to extensive regulation under federal, state, and applicable international laws. From time to time, we have been threatened with or named as a defendant in lawsuits, arbitrations, and/or administrative claims involving securities, consumer financial services, and other matters. We are also subject to periodic regulatory examinations and inspections.We are also subject to periodic regulatory examinations and inspections. Compliance and trading problems or other deficiencies or weaknesses that are reported to regulators, such as the SEC, FINRA, the CFPB, or state regulators, by dissatisfied clients or others, or that are identified by regulators themselves, are investigated by such regulators, and may, if pursued, result in formal claims being filed against us by clients or disciplinary action being taken against us or our employees by regulators or enforcement agencies. Compliance and trading problems or other deficiencies or weaknesses that are reported to regulators, such as the SEC, FINRA, the CFPB, or state regulators, by dissatisfied customers or others, or that are identified by regulators themselves, are investigated by such regulators, and may, if pursued, result in formal claims being filed against us by customers or disciplinary action being taken against us or our employees by regulators or enforcement agencies. To resolve issues raised in examinations or other governmental actions, we may be required to take various corrective actions, including changing certain business practices, making refunds, or taking other actions that could be financially or competitively detrimental to us. We expect to continue to incur costs to comply with governmental regulations. Any such claims or disciplinary actions that are decided against us could have a material impact on our financial results.
Employee misconduct, including insider trading violations (given the nature of our business), can be difficult to detect and deter, and could harm our reputation and subject us to significant legal liability. We cannot ensure that all of our employees and agents will comply with our internal policies and procedures and applicable law, including anti-corruption, anti-bribery, and similar laws. We may ultimately be held responsible for any such non-compliance.
We operate in an industry in which integrity and the confidence of our clients is of critical importance. While we take precautions to deter and detect employee misconduct, these might be circumvented or might not always be effective. We are therefore subject to risks of errors and misconduct by our employees that could adversely affect our business. If any of our employees engage in illegal, improper, or suspicious activity or other misconduct, we could become subject to regulatory sanctions and significant legal liability, and could suffer serious harm to our reputation, financial condition, relationships, and our ability to attract new clients.
Litigation, regulatory actions, and compliance issues could subject us to significant fines, penalties, judgments, remediation costs, negative publicity, changes to our business model, and requirements resulting in increased expenses.
Our business is subject to increased risks of litigation and regulatory actions as a result of a number of factors and from various sources, including as a result of the highly regulated nature of the financial services industry and the focus of state and federal enforcement agencies on the financial services industry.
From time to time, we are also involved in, or the subject of, reviews, requests for information, and investigations and proceedings (both formal and informal) by state and federal governmental agencies and self-regulatory organizations, regarding our business activities and our qualifications to conduct our business in certain jurisdictions, which could subject us to significant fines, penalties, obligations to change our business practices, and other requirements resulting in increased expenses and diminished earnings. Our involvement in any such matter also could cause significant harm to our reputation and divert management attention from the operation of our business, even if the matters are ultimately determined in our
22
favor. Moreover, any settlement, or any consent order or adverse judgment in connection with any proceeding or investigation by a government agency, may prompt litigation or additional investigations or proceedings as other litigants or other government agencies begin independent reviews of the same activities.
The current regulatory environment, increased regulatory compliance efforts, and enhanced regulatory enforcement have resulted in significant operational and compliance costs and may prevent us from providing certain products and services. There is no assurance that these regulatory matters or other factors will not affect how we conduct our business and, in turn, have a material adverse effect on our business. In particular, legal proceedings brought under state consumer protection statutes or under several of the various federal consumer financial services statutes may result in a separate fine for each violation of the statute, which, particularly in the case of class action lawsuits, could result in damages substantially in excess of the amounts we earned from the underlying activities.
Our risk management and regulatory compliance framework may not be fully effective in identifying or mitigating risk exposures in evolving market and regulatory environments or against all types of risk.
As a financial services company operating in the securities industry, among others, our business model exposes us to various risks, including capital adequacy and liquidity risk, strategic risk, operational risk, information technology risk, cybersecurity risk, vendor/third party risk, financial risk, and reputational risk. Our risk management and compliance processes, policies, and procedures may not be fully effective in identifying or mitigating all exposures and particularly against emerging risks. We have devoted significant resources to develop our compliance and risk management policies and procedures and will continue to do so, but there can be no assurance these are sufficient or that we will not sustain unexpected losses, especially as our business is growing and evolving.
It is difficult to predict all of the risks and challenges we may encounter and the level of resources needed to address them. It also makes it difficult to predict completely the landscape of risks we will face as we introduce new products and services and expand into new jurisdictions. Insurance and other traditional risk mitigating tools may be held by or available to us in order to manage certain exposures, but they are subject to terms such as deductibles, coinsurance, limits, and policy exclusions, as well as risk of counterparty denial of coverage, default, or insolvency. Any perceived or actual breach of laws and regulations could also negatively impact our business, financial condition, and results of operations.
We are subject to stringent laws and regulations regarding data privacy and security and may become subject to additional related laws and regulations in jurisdictions into which we expand. Any failure or perceived failure to comply with such laws and regulations, or other legal requirements regarding data privacy and security, could result in claims, changes to our business practices, monetary penalties, increased cost of operations, or other harm to our business.
The global regulatory framework for data privacy and security worldwide is rapidly evolving and, as a result, interpretation and implementation standards and enforcement practices are likely to remain uncertain for the foreseeable future. The regulatory framework for data privacy and security worldwide is continuously evolving and developing and, as a result, interpretation and implementation standards and enforcement practices are likely to remain uncertain for the foreseeable future. New laws, amendments to, or reinterpretations of existing laws, as well as other applicable legal requirements, may require us to incur additional costs, restrict our business operations, or change how we use, collect, store, transfer, or otherwise process certain types of information and implement new processes to comply with them.
In the United States, federal law, such as the Gramm-Leach-Bliley Act of 1999 (“GLBA”) and its implementing regulations, restricts certain collection, processing, storage, use, disclosure, and disposal of personal information, requires notice to certain individuals of privacy practices and provides certain individuals the ability to prevent the use and disclosure of certain nonpublic or otherwise legally protected information.In the United States, federal law, such as the GLBA and its implementing regulations, restricts certain collection, processing, storage, use, and disclosure of personal information, requires notice to individuals of privacy practices and provides individuals with certain rights to prevent the use and disclosure of certain nonpublic or otherwise legally protected information. These rules also impose requirements for the safeguarding of personal information through the issuance of data security standards or guidelines. These rules also impose requirements for the safeguarding and proper destruction of personal information through the issuance of data security standards or guidelines. Additionally, the FTC Act imposes standards for online collection, use, and dissemination of personal information, which has been the subject of increased regulatory enforcement in recent years. Any actual or alleged failure to follow such laws, regulations, and standards, even if no personal information is compromised, may result in significant fines and a significant increase in compliance costs.
Numerous states have enacted comprehensive data privacy and security laws with more expected to take effect in the coming years. For example, the California Consumer Privacy Act (the "CCPA"), as amended by the California Privacy Rights Act, created certain requirements for data use, sharing, and transparency, and provides certain rights to California residents with respect to their personal information. The CCPA allows for statutory damages as well as a private right of action for certain data breaches. Additional states have followed the CCPA with comprehensive consumer privacy laws. All states have enacted breach notification laws, and some states have also proposed or enacted cybersecurity requirements. Such laws, regulations, and rules differ and may impose conflicting obligations, which could make our compliance efforts more
23
complex, costly, and increase the likelihood that we become subject to enforcement actions or other liabilities for noncompliance. Further, the effects of U.S. state, federal, international, and other future changes in laws or regulations, relating to privacy, data protection, and information security may require us to modify our data processing practices and policies and could materially increase the cost of providing our offerings, require significant changes to our operations, or even prevent us from providing certain offerings in jurisdictions in which we currently operate and in which we may operate in the future.
Additionally, we are subject to both the EU’s and the UK’s General Data Protection Regulation (collectively, the "GDPR"), which imposes stringent privacy and data protection requirements, and may lead to additional compliance costs and could increase our overall risk. The GDPR and UK data protection laws also impose strict rules on the transfer of personal data out of the EU or UK, to a “third country,” including the United States, unless particular compliance mechanisms are implemented. The mechanisms that we and many other companies rely upon for such data transfers include, for example, the EU-U.S. Data Privacy Framework ("DPF") and the UK extension to the DPF, which may be subject to regulatory interpretations, judicial decisions, or other legal challenges. Further, new cybersecurity requirements and data privacy restrictions in the EU and UK, could increase the cost and complexity of doing business in those regions. Failure to comply with the GDPR, and any supplemental European Economic Area country’s, or UK’s, national data protection laws which may apply by virtue of the location of the individuals whose personal information we may collect, may result in significant fines and other administrative penalties. Failure to comply with the GDPR, and any supplemental European Economic Area country’s national data protection laws which may apply by virtue of the location of the individuals whose personal information we may collect, may result in significant fines and other administrative penalties. For example, non-compliance with the GDPR, and the related national data protection laws of European Economic Area countries, may result in monetary penalties of up to €20 million (under the EU GDPR), £17.5 million (under the UK GDPR), or 4% of worldwide annual revenue, whichever is higher. For example, non-compliance with the GDPR, and the related national data protection laws of European Economic Area countries, may result in monetary penalties of up to €20,000,000 (£17.5 million) or 4% of worldwide annual revenue, whichever is higher.
As we continue to expand our operations internationally, we may become subject to additional foreign privacy and data protection laws and regulations, which may differ or be more stringent than the requirements in the jurisdictions in which we currently operate. These laws and regulations may impose conflicting obligations, which could make our compliance efforts more complex, costly, and increase the likelihood that we become subject to enforcement actions or other liabilities for noncompliance. Privacy laws at the federal or international level may also impose differing obligations, which could make our compliance efforts more complex, costly, and may increase the likelihood that we become subject to enforcement actions or other liabilities for noncompliance.
We make public statements about our use, collection, disclosure, and other processing of personal information through our privacy policies, information provided on our website and press statements.25Table of ContentsWe make public statements about our use, collection, disclosure, and other processing of personal information through our privacy policies, information provided on our website and press statements. Although we endeavor to comply with our public statements and documentation, we may at times fail to do so or be alleged to have failed to do so. Any failure or perceived failure by us or our third-party service providers to comply with our posted privacy policies or with any applicable federal, state or similar foreign laws, rules, regulations, industry standards, policies, certifications, or orders relating to data privacy and security, or any compromise of security that results in the theft, unauthorized access, acquisition, use, disclosure, or misappropriation of personal information or other client data, could result in civil and/or criminal penalties or judgments, proceedings, litigation (including class actions) and negative publicity and reputational harm, one or all of which could have an adverse effect on our reputation, business, financial condition, and results of operations. Any failure or perceived failure by us or our third-party service providers to comply with our posted privacy policies or with any applicable federal, state or similar foreign laws, rules, regulations, industry standards, policies, certifications, or orders relating to data privacy and security, or any compromise of security that results in the theft, unauthorized access, acquisition, use, disclosure, or misappropriation of personal information or other customer data, could result in significant awards, fines, civil and/or criminal penalties or judgments, proceedings or litigation by governmental agencies or customers, including class action privacy litigation in certain jurisdictions and negative publicity and reputational harm, one or all of which could have an adverse effect on our reputation, business, financial condition, and results of operations.
We collect, store, share, disclose, transfer, use, and otherwise process client information and other data, including personal information, and an actual or perceived failure by us or our third-party service providers to protect such information and data or respect clients’ privacy could damage our reputation and brand, negatively affect our ability to retain clients and harm our business, financial condition, operating results, cash flows, and prospects.We collect, store, share, disclose, transfer, use, and otherwise process customer information and other data, including personal information, and an actual or perceived failure by us or our third-party service providers to protect such information and data or respect customers’ privacy could damage our reputation and brand, negatively affect our ability to retain customers and harm our business, financial condition, operating results, cash flows, and prospects.
The operation of our platform involves the use, collection, storage, sharing, disclosure, transfer, and other processing of client information, including personal information. Despite our implementation of security measures, security breaches and other security incidents in our internal computer systems, and those of our contractors and consultants, could expose us to a risk of loss or exposure of this information, which could result in potential liability, investigations, regulatory fines, penalties for violation of applicable laws or regulations, litigation, and remediation costs, as well as reputational harm. Further, it may not be possible for us to know all potential ramifications of a disruption event and it is possible that certain risks created may remain undetected for an extended period of time.
Successful and attempted attacks upon information technology systems are increasing in their frequency, levels of persistence, sophistication, and intensity, and are being conducted by sophisticated and organized groups and individuals with a wide range of motives and expertise. Such attacks can include third parties gaining access to systems and confidential information, including personal information of our employees or clients, including through the use of stolen or inferred credentials, computer malware, viruses, spamming, phishing attacks, ransomware, card skimming code, business email compromises, and other deliberate attacks and attempts to gain unauthorized access or otherwise compromise or disrupt our systems or those of our third-party providers. Such attacks can include third parties gaining access to systems and confidential information, including personal information of our employees or customers, including through the use of stolen or inferred credentials, computer malware, viruses, spamming, phishing attacks, ransomware, card skimming code, business email compromises, and other deliberate attacks and attempts to gain unauthorized access or otherwise compromise or disrupt our systems or those of our third-party providers. We may also face increased cybersecurity risks due to our reliance on internet
24
technology and the number of our employees who are working remotely, which may create additional opportunities for cybercriminals to exploit vulnerabilities. Furthermore, because the techniques used to obtain unauthorized access to, compromise or to sabotage our networks, platforms, or systems, and those of our third-party providers change frequently and often are not recognized until launched against a target, we may be unable to anticipate these techniques or implement adequate preventative measures. We or our third-party providers may also experience security breaches or other incidents that may remain undetected for an extended period. Even if identified, we may be unable to adequately investigate or remediate additional incidents or breaches due to attackers increasingly using tools and techniques that are designed to circumvent controls, to avoid detection, and to remove or obfuscate forensic evidence.
Any or all of the issues above could adversely affect our ability to attract new clients and continue our relationship with existing clients, cause our clients to stop using our products and services, result in negative publicity, or subject us to governmental, regulatory, or third-party lawsuits, disputes, investigations, orders, regulatory fines, penalties for violation of applicable laws or regulations, or other actions or liability, thereby harming our business, financial condition, operating results, cash flows, and prospects.Any or all of the issues above could adversely affect our ability to attract new customers and continue our relationship with existing customers, cause our customers to stop using our products and services, result in negative publicity, or subject us to governmental, regulatory, or third-party lawsuits, disputes, investigations, orders, regulatory fines, penalties for violation of applicable laws or regulations, or other actions or liability, thereby harming our business, financial condition, operating results, cash flows, and prospects. Any accidental or unauthorized access to or disclosure, loss, destruction, disablement or encryption of, use or misuse of or modification of data, including personal information, cybersecurity breach, or other security incident that we, our clients or our third-party service providers experience or the perception that one has occurred or may occur, could harm our reputation, reduce the demand for our products and services, and disrupt normal business operations. Any accidental or unauthorized access to or disclosure, loss, destruction, disablement or encryption of, use or misuse of or modification of data, including personal information, cybersecurity breach, or other security incident that we, our customers or our third-party service providers experience or the perception that one has occurred or may occur, could harm our reputation, reduce the demand for our products and services, and disrupt normal business operations. In addition, it may require us to expend significant financial and operational resources in response to a security breach, including repairing system damage, increasing security protection costs by deploying additional personnel, and modifying or enhancing our protection technologies, investigating, remediating, or correcting the breach and any security vulnerabilities, defending against and resolving legal and regulatory claims, and preventing future security breaches and incidents, all of which could expose us to uninsured liability, increase our risk of regulatory scrutiny, expose us to legal liabilities, including litigation, regulatory enforcement, indemnity obligations or damages for contract breach, divert resources and the attention of our management and key personnel away from our business operations, and cause us to incur significant costs, any of which could materially adversely affect our business, financial condition, and results of operations.
We are subject to anti-money laundering and anti-terrorism financing laws and regulations, and failure to comply with these obligations could have significant adverse consequences for us, including subjecting us to criminal or civil liability and harm to our business.
Various laws and regulations in the United States and abroad, such as the Bank Secrecy Act, the Dodd-Frank Act, and the USA PATRIOT Act, impose certain anti-money laundering ("AML") requirements on companies that are financial institutions or that provide financial products and services. Under these laws and regulations, financial institutions are required to develop and implement risk-based AML programs, report suspicious activity, and maintain transaction records, among other requirements. State regulators may impose similar requirements. In addition, our contracts with financial institution partners and other third parties may contractually require us to maintain an AML program.
We are also subject to economic and trade sanctions programs administered by OFAC, which prohibit or restrict transactions to or from or dealings with specified countries, their governments, and in certain circumstances, their nationals, and with individuals and entities that are specially-designated nationals of those countries, narcotics traffickers, terrorists or terrorist organizations, and other sanctioned persons and entities. Our failure to comply with AML, economic and trade sanctions regulations, and similar laws could subject us to substantial civil and criminal penalties, or result in the loss or restriction of our financial institution registrations and state licenses, or liability under our contracts with third parties, which may significantly affect our ability to conduct some aspects of our business. Changes in this regulatory environment, including changing interpretations and the implementation of new or varying regulatory requirements, must be monitored for, and our AML program adapted accordingly.
We are subject to anti-corruption, anti-bribery and similar laws, and non-compliance with such laws can subject us to significant adverse consequences, including criminal or civil liability and harm our business.
We are subject to the Foreign Corrupt Practices Act, U.S. domestic bribery laws, and other U.S. and foreign anti-corruption laws. Anti-corruption and anti-bribery laws are enforced aggressively and are interpreted broadly to generally prohibit companies, their employees, and their third-party intermediaries from authorizing, offering, or providing, directly or indirectly, improper payments or benefits to recipients in the public sector. These laws also require that we keep accurate books and records and maintain internal controls and compliance procedures designed to prevent any such actions. In addition, we or our third-party intermediaries may have direct or indirect interactions with officials and employees of government agencies or state-owned or affiliated entities. We can be held liable for the corrupt or other illegal activities of
25
these third-party intermediaries, our employees, representatives, contractors, partners, and agents, even if we do not explicitly authorize such activities. The failure to comply with any such laws could subject us to criminal or civil liability, cause us significant reputational harm and have an adverse effect on our business, financial condition, and results of operations.
We may be unable to sufficiently obtain, develop, or protect, our intellectual property, any of which could reduce our competitiveness and harm our business and operating results.
Our ability to service our clients depends, in part, upon our ability to obtain and develop intellectual property in an extremely competitive market. Even if we are able to do so, we may be unable to protect such intellectual property effectively, which would allow competitors to duplicate our business processes and know-how, and adversely affect our ability to compete with them. A third party may attempt to reverse engineer or otherwise obtain and use our intellectual property without our consent. The pursuit of a claim against a third party for infringement of our intellectual property could be costly, and there can be no guarantee that any such efforts would be successful.
In addition, our platform may infringe upon claims of third-party intellectual property, and we may face intellectual property challenges from such other parties. We may not be successful in defending against any such challenges or in obtaining licenses to avoid or resolve any intellectual property disputes. The costs of defending any such claims or litigation could be significant and, if we are unsuccessful, could subject us to substantial liability, prevent us from using the relevant intellectual property or providing related products or services, or result in a requirement that we pay significant damages or licensing fees. Furthermore, our intellectual property may become obsolete, and there is no guarantee that we will be able to successfully obtain, develop, or use new intellectual property to adapt our platform to stay competitive in the future. If we cannot protect our intellectual property from third-party challenges, or if our platform becomes obsolete, our business, financial condition, and results of operations could be adversely affected. If we 27Table of Contentscannot protect our intellectual property from third-party challenges, or if our platform becomes obsolete, our business, financial condition, and results of operations could be adversely affected.
Accusations of infringement of third-party intellectual property rights could materially and adversely affect our business.
Our success depends upon our ability to refrain from infringing upon the intellectual property rights of others. Some companies, including some of our competitors, may own large numbers of patents, copyrights, and trademarks, which they may use to assert claims against us. As we grow and enter new markets, we will face a growing number of competitors. As the number of competitors in our industry grows and the functionality of products in different industry segments overlaps, we expect that software and other solutions in our industry may be subject to such claims by third parties. Third parties may in the future assert claims of infringement, misappropriation, or other violations of intellectual property rights against us. We cannot assure you that infringement claims will not be asserted against us in the future, or that, if asserted, any infringement claim will be successfully defended. A successful claim against us could require that we pay substantial damages, prevent us from offering our services, or require that we comply with other unfavorable terms. Even if we were to prevail in such a dispute, any litigation regarding our intellectual property could be costly and time-consuming and divert the attention of our management and key personnel from our business operations.
Changes and complexities in tax laws, incomplete filings, differences in interpretation of tax laws and regulations, and proposed legislation that would impose taxes on certain financial transactions could have a material adverse effect on our business, financial condition, and results of operations.Changes in tax laws, differences in interpretation of tax laws and regulations, and proposed legislation that would impose taxes on certain financial transactions could have a material adverse effect on our business, financial condition, and results of operations.
We operate in multiple jurisdictions and are subject to tax laws and regulations of the U.S. federal, state, and local and non-U.S. governments. U.S. federal, state, and local and non-U.S. tax laws and regulations are complex and subject to change (possibly with retroactive effect) and to varying interpretations. U.S. federal, state, and local and non-U.S. tax authorities may interpret tax laws and regulations differently than we do and challenge tax positions that we have taken. This may result in differences in the treatment of revenues, deductions, credits and/or differences in the timing of these items. The differences in treatment may result in payment of additional taxes, interest, or penalties that could have an adverse effect on our financial condition and results of operations. Further, future changes to U.S. federal, state, and local and non-U.S. tax laws and regulations could increase our tax obligations in jurisdictions where we do business or require us to change the manner in which we conduct some aspects of our business.
In addition, we are required to file extensive informational returns and forms to various tax authorities in connection with our custodial and trading solutions. If such filings are incomplete or untimely, we may be subjected to fines or penalties if we do not meet the requirements of reasonable cause, safe harbor, or other relief as may be provided by the relevant tax authorities. In October 2024, we self-identified a failure to submit certain informational filings to the Internal Revenue Service (“IRS”) in connection with our custodial solutions. We have submitted our reasonable cause letter to the IRS and do
26
not expect any potential fine or penalty to be material to our financial condition and operations at this time. However, recent actions by the federal government, notably President Trump's establishment of the Department of Government Efficiency in January 2025 by executive order, have increased the difficulty of determining the timeline of resolving this matter given uncertainty at the IRS and federal government generally as a result of such actions.
On August 16, 2022, the Inflation Reduction Act (“IRA”) was enacted in the United States, which introduced, among other provisions, a new minimum corporate income tax on certain large corporations, an excise tax of 1% on certain share repurchases by corporations (which could increase the cost to us of implementing our share repurchase program), and increased funding for the IRS. The minimum corporate income tax does not currently apply to us, nor do we expect it to apply to us in the foreseeable future. However, changes in our business and any future regulations or other guidance on the interpretation and application of these provisions, may result in additional taxes payable by us, which could materially and adversely affect our financial results and operations.
We have in the past recorded, and may in the future record, significant valuation allowances on our deferred tax assets, which may have a material impact on our results of operations and cause fluctuations in such results. As of December 31, 2024, we had a valuation allowance for deferred tax assets in the United States and in other countries. Our net deferred tax assets relate predominantly to the U.S. federal and state tax jurisdictions. The need for a valuation allowance requires an assessment of both positive and negative evidence when determining whether it is more likely than not that deferred tax assets are recoverable; such assessment is required on a jurisdiction-by-jurisdiction basis. In making such an assessment, significant weight is given to evidence that can be objectively verified. We continue to monitor the likelihood that we will be able to recover our deferred tax assets in the future. Future adjustments in our valuation allowance may be required. The recording of any future increases in our valuation allowance could have a material impact on our reported results, and both the recording and release of the valuation allowance could cause fluctuations in our quarterly and annual results of operations.
In addition, under Section 382 and Section 383 of the Internal Revenue Code of 1986, as amended (the "Code"), a corporation that undergoes an “ownership change” is subject to limitations on its ability to utilize its net operating loss carryforwards ("NOLs") to offset future taxable income.In addition, under Section 382 of the Internal Revenue Code of 1986, as amended (the "Code"), a corporation that undergoes an “ownership change” is subject to limitations on its ability to utilize its net operating loss carryforwards ("NOLs") to offset future taxable income. An ownership change generally occurs if one or more stockholders or groups of stockholders who own at least 5% of our stock increase their ownership by more than 50 percentage points over their lowest ownership percentage (by value) within a rolling three-year period. We may have experienced an ownership change in the past. Future changes in our stock ownership as well as other changes that may be outside of our control, could result in additional ownership changes under Section 382 and Section 383 of the Code. Our NOLs may also be impaired under similar provisions of state law. Further, additional changes to federal or state tax laws or technical guidance relating to such laws that would further reduce the corporate tax rate could operate to effectively reduce or eliminate the value of any deferred tax asset.
Key Personnel Risks
We rely on our executive team and key personnel to grow our business, and the loss of or inability to hire either could harm our business.
We believe our success has depended, and continues to depend, on the efforts and talents of our senior management, including our Chief Executive Officer Kelly Rodriques, who have significant experience in industries we operate, are responsible for our core competencies, and would be difficult to replace. Our future success depends on our continuing ability to attract, develop, motivate, and retain highly qualified and skilled personnel. Qualified individuals are in high demand, and we may incur significant costs to attract and retain them. In addition, the loss of any of our senior management or key personnel could materially adversely affect our ability to execute our business plan and strategy, and we may not be able to find adequate replacements on a timely basis, or at all. Our executive officers and other employees are at-will employees, which means they may terminate their employment relationship with us at any time, and their knowledge of our business and industry would be extremely difficult to replace. We cannot ensure that we will be able to retain the services of any members of our senior management or other key personnel. If we do not succeed in attracting well-qualified personnel or retaining and motivating existing personnel, our business could be materially and adversely affected. In addition, we outsource certain of our software development functions to third-party contractors outside of the United States, which can create additional risks to our business. In particular, we may not be able to manage third-party contractors to the same extent as employees and also may not maintain as effective control over functions after outsourcing them.
Business Continuity Risks
27
Our business operations depend on the resilience of our critical business functions and technology systems. We may experience business or system interruptions, errors or downtime, and our business and operations could be negatively impacted. To minimize business interruptions and ensure our ability to continue operations during an incident regardless of duration, we depend on business continuity and disaster recovery plans and incident management programs. These plans and disaster recovery scripts, while intended to be composite, may not incorporate all scenarios and risks that we may occur.
We may not be able to secure adequate insurance to cover all known risks and our insurance policies may not be sufficient to cover all potential claims.
Our systems and operations, as well as those of the third parties on whom we rely to conduct certain key functions, are vulnerable to disruptions from natural disasters, power outages, computer and telecommunications failures, software bugs, cyber-attacks, computer viruses, malware, distributed denial of service attacks, spam attacks, phishing or other social engineering, ransomware, security breaches, credential stuffing, technological failure, human error, terrorism, and other similar events. If our technology is disrupted, we may have to make significant investments to upgrade, repair, or replace our technology infrastructure and may not be able to make such investments on a timely basis, if at all. While we have made significant investments designed to enhance the reliability and scalability of our operations, we cannot assure that we will be able to maintain, expand, and upgrade our systems and infrastructure to meet future requirements and mitigate future risks on a timely basis. Disruptions in service and slower system response times could interrupt our business and result in substantial losses, decreased client service and satisfaction, client attrition, fines, litigation, and harm to our reputation. Disruptions in service and slower system response times could interrupt our business and result in substantial losses, decreased customer service and satisfaction, customer attrition, fines, litigation, and harm to our reputation. Our insurance coverage may be insufficient to protect us against all losses and costs stemming from operational and technological failures and we cannot be certain that such insurance will continue to be available to us on economically reasonable terms, or at all, or that any insurer will not deny coverage as to any future claim. The successful assertion of one or more large claims against us that exceed available insurance coverage, or the occurrence of changes in our insurance policies, including premium increases or the imposition of large deductible or co-insurance requirements, could have a material and adverse effect on our business, financial condition, and results of operations.
Information Technology and Data Risks
We depend on third parties for a wide array of services, systems, and information technology applications, and a breach or violation of law by one of these third parties could disrupt our business. Additionally, the loss of any of those service providers could materially and adversely affect our business, results of operations, and financial condition.
We rely on third-party service providers to perform various functions relating to operational functions, cloud infrastructure services, and information technology. We do not have control over the operations of any of the third-party service providers that we utilize. In the event that a third-party service provider for any reason fails to perform functions properly, including through negligence, willful misconduct, or fraud, our ability to process billings and perform other operational functions for which we currently rely on such third-party service providers will suffer and our business, cash flows, and future prospects may be negatively impacted.
Additionally, if one or more key third-party service providers were to cease to exist, or to terminate its relationship with us, there could be delays in our ability to process transactions and perform other operational functions for which we are currently relying on such third-party service providers for, and we may not be able to promptly replace such third-party service provider with a different third-party service provider that has the ability to promptly provide the same services in the same manner and on the same economic terms. In many cases, we rely on a single third party to provide such services, and we may not be able to replace that provider on the same terms or at all. As a result of any such delay or inability to replace such key third-party service provider, our ability to process investments and perform other business functions could suffer and our business, financial condition, and results of operations could be adversely affected.
Because we rely on third parties to provide services, we could also be adversely impacted if they fail to fulfill their obligations or if our arrangements with them are terminated and suitable replacements cannot be found on commercially reasonable terms or at all.
Our products and internal systems rely on software that is highly technical, and if these systems contain errors, bugs, or vulnerabilities, or if we are unsuccessful in addressing or mitigating technical limitations or vulnerabilities in our systems, our business could be adversely affected.
28
Our products and internal systems rely on software, including software developed or maintained internally and by third parties, that is highly technical and complex. In addition, our platform and our internal systems depend on the ability of such software to collect, store, retrieve, transmit, manage, and otherwise process immense amounts of data. The software on which we rely may contain errors, bugs, or vulnerabilities, and our systems are subject to certain technical limitations that may compromise our ability to meet our objectives. Some errors, bugs, or vulnerabilities inherently may be difficult to detect and may only be discovered after code has been released for external or internal-use. Errors, bugs, vulnerabilities, design defects, or technical limitations within the software on which we rely may lead to negative client experiences (including the communication of inaccurate information to clients), compromised ability of our products to perform in a manner consistent with client expectations, delayed product introductions, compromised ability to protect the data (including personal information) of our clients and our intellectual property, or an inability to provide some or all of our services. Errors, bugs, vulnerabilities, design defects, or technical limitations within the software on which we rely may lead to negative customer experiences (including the communication of inaccurate information to customers), compromised ability of our products to perform in a manner consistent with customer expectations, delayed product introductions, compromised ability to protect the data (including personal information) of our customers and our intellectual property, or an inability to provide some or all of our services. Such errors, bugs, vulnerabilities, or defects could also be exploited by malicious actors and result in exposure of data of clients on our platform, or otherwise result in a security breach or other security incident. Such errors, bugs, vulnerabilities, or defects could also be exploited by malicious actors and result in exposure of data of customers on our platform, or otherwise result in a security breach or other security incident. We may need to expend significant financial and development resources to analyze, correct, eliminate, or work around errors or defects or to address and eliminate vulnerabilities. Any failure to timely and effectively resolve any such errors, bugs, vulnerabilities, or defects in the software on which we rely, and any associated degradations or interruptions of service, could result in damage to our reputation, loss of clients, loss of revenue, regulatory or governmental inquiries, civil litigation, or liability for damages, any of which could have an adverse effect on our business, financial condition, and results of operations. Any failure to timely and effectively resolve any such errors, bugs, vulnerabilities, or defects in the software on which we rely, and any associated degradations or interruptions of service, could result in damage to our reputation, loss of customers, loss of revenue, regulatory or governmental inquiries, civil litigation, or liability for damages, any of which could have an adverse effect on our business, financial condition, and results of operations.
Certain of our systems also rely on older programming languages and are dependent upon hardware that may soon be in need of replacement. A breakdown or shutdown of our operating systems could cause a major disruption to the business, and our attempts to modernize our systems or implement new hardware or software may not be successful, and may otherwise be costly and time-consuming.
Cybersecurity incidents or attacks directed at us and to our systems could result in unauthorized access, information theft, data corruption, operational disruption, and/or financial and reputational loss.Cyber incidents or attacks directed at us and to our systems could result in unauthorized access, information theft, data corruption, operational disruption, and/or financial and reputational loss.
We depend on digital technologies, including information systems, infrastructure, and cloud applications and services, including those of third parties. Like other companies in our industry, we and third parties related to us, have experienced and expect to continue to experience threats to our information technology systems. Sophisticated and deliberate attacks on, or security breaches in, our systems or infrastructure, or the systems or infrastructure of third parties or the cloud, could lead to corruption or misappropriation of our assets, proprietary information, and sensitive or confidential data. Our platform may make an attractive target for hacking and may be vulnerable to computer viruses, physical or electronic break-ins, and similar disruptions. We may not be able to anticipate or implement effective preventive measures against all security threats of these types, in which case there would be an increased risk of fraud or identity theft. Security incidents could occur from outside our company, and also from the actions of persons inside our company who may have authorized or unauthorized access to our technology systems. We may not have sufficient resources to adequately protect against, or to investigate and remediate any vulnerability to, cyber incidents. It is possible that any of these occurrences, or a combination of them, could have adverse consequences on our business, including, without limitation, financial loss, the disruption of operations, the misappropriation of protected information or confidential business information, including personal data, financial information, and trade secrets, and the disclosure of corporate strategic plans. Our contracts may not contain limitations of liability, and even where they do, there can be no assurance that limitations of liability in our contracts are sufficient to protect us from liabilities, damages, or claims related to our privacy and data security obligations. While we maintain cybersecurity insurance, the coverage may not be sufficient to cover all costs associated with a cybersecurity incident.
Financial services providers like us, as well as our clients, colleagues, regulators, vendors, and other third parties, have experienced a significant increase in fraudulent activity and will likely continue to be the target of increasingly sophisticated criminal activity in the future given our dependence on digital technologies.Financial services providers like us, as well as our customers, colleagues, regulators, vendors, and other third parties, have experienced a significant increase in fraudulent activity and will likely continue to be the target of increasingly sophisticated criminal activity in the future given our dependence on digital technologies.
We develop and maintain systems and processes aimed at detecting and preventing fraudulent activity, which require significant investment, maintenance, and ongoing monitoring and updating as technologies and regulatory requirements change and as efforts to overcome security and anti-fraud measures become more sophisticated. Despite our efforts, the possibility of fraudulent or other malicious activities and human error or malfeasance cannot be eliminated entirely and will evolve as new and emerging technology is deployed, including the increasing use of personal mobile and computing devices that are outside of our network and control environments. Risks associated with each of these include theft of funds and other monetary loss, the effects of which could be compounded if not detected quickly. Indeed, fraudulent activity may not be detected until well after it occurs and the severity and potential impact may not be fully known for a
29
substantial period of time after it has been discovered. Additionally, if hackers were able to access our secure data, they might be able to gain access to the personal information of our clients. If we are unable to prevent such activity, we may be required to notify impacted stakeholders (including affected individuals, regulators, and investors) and subject to significant liability, negative publicity, and a material loss of clients, all of which may materially and adversely affect our business, financial condition, and results of operations.
Risks Related to Being a Public Company
The requirements of being a public company may strain our resources and distract our management, which could make it difficult to manage our business.
We are subject to the reporting requirements of the Exchange Act, the Sarbanes-Oxley Act, the listing requirements of the NYSE, and other applicable securities laws, rules, and regulations. Compliance with these laws, rules, and regulations could continue to increase our legal and financial compliance costs, make some activities more difficult, time-consuming, or costly and increase demand on our systems and resources. The Exchange Act requires that we file annual, quarterly, and current reports with respect to our business, financial condition, and results of operations. The Sarbanes-Oxley Act requires, among other things, that we establish and maintain effective internal controls and procedures for financial reporting. Furthermore, maintaining the corporate infrastructure demanded of a public company may divert our management’s attention from implementing our growth strategy from time to time, which could prevent or delay us from improving our business, financial condition, and results of operations. We have made, and will continue to make, changes to our internal controls and procedures for financial reporting and accounting systems to meet our reporting obligations as a public company. However, the measures we take may not be sufficient to satisfy our obligations as a public company. These additional obligations could have a material adverse effect on our business, financial condition, and results of operations.
In addition, changing laws, regulations, and standards relating to corporate governance and public disclosure create uncertainty for public companies, and may result in increased legal and financial compliance costs and make some activities more time consuming. These laws, regulations and standards are subject to varying interpretations, in many cases due to their lack of specificity, and, as a result, their application in practice may evolve over time as new guidance is provided by regulatory and governing bodies. This could result in continuing uncertainty regarding compliance matters and higher costs necessitated by ongoing revisions to disclosure and governance practices. We have and intend to continue investing resources to comply with evolving laws, regulations, and standards, and this investment may result in increased general and administrative expenses and a diversion of our management’s time and attention from revenue-generating activities to compliance activities. If our efforts to comply with new laws, regulations, and standards differ from the activities intended by regulatory or governing bodies due to ambiguities related to their application and practice, regulatory authorities may initiate legal proceedings against us and there could be a material adverse effect on our business, financial condition, and results of operations.
Delaware law, our Certificate of Incorporation, and our Bylaws contain certain provisions, including anti-takeover provisions that limit the ability of stockholders to take certain actions and could delay or discourage takeover attempts that stockholders may consider favorable.
Delaware law, our Certificate of Incorporation, and our Bylaws contain provisions that could have the effect of rendering more difficult, delaying, or preventing an acquisition that stockholders may consider favorable, including transactions in which stockholders might otherwise receive a premium for their shares. These provisions could also limit the price that investors might be willing to pay in the future for shares, and therefore depress the trading price of our common stock. These provisions could also make it difficult for stockholders to take certain actions, including electing directors who are not nominated by the current members of our board of directors or taking other corporate actions, including effecting changes in our management. Among other things, our Certificate of Incorporation and our Bylaws include provisions regarding:
•providing for a classified board of directors with staggered, three-year terms;
•the ability of our board of directors to issue shares of preferred stock, including “blank check” preferred stock and to determine the price and other terms of those shares, including preferences and voting rights, without stockholder approval, which could be used to significantly dilute the ownership of a hostile acquirer;
30
•the prohibition of cumulative voting in the election of directors, which limits the ability of minority stockholders to elect director candidates;
•the limitation of the liability of, and the indemnification of, our directors and officers;
•the ability of our board of directors to amend our Bylaws, which may allow our board of directors to take additional actions to prevent an unsolicited takeover and inhibit the ability of an acquirer to amend our Bylaws to facilitate an unsolicited takeover attempt; and
•advance notice procedures with which stockholders must comply to nominate candidates to our board of directors or to propose matters to be acted upon at a stockholders’ meeting, which could preclude stockholders from bringing matters before annual or special meetings of stockholders and delay changes in our board of directors and also may discourage or deter a potential acquirer from conducting a solicitation of proxies to elect the acquirer’s own slate of directors or otherwise attempting to obtain control of us.
These provisions, alone or together, could delay or prevent hostile takeovers and changes in control or changes in our board of directors or management.
The provisions of our Bylaws requiring exclusive forum in the Court of Chancery of the State of Delaware for certain types of lawsuits may have the effect of discouraging lawsuits against our directors and officers.
Our Bylaws provide that, to the fullest extent permitted by law, unless we consent in writing to an alternative forum, (a) the Delaware Court of Chancery (or, if such court does not have, or declines to accept, jurisdiction, another state court or a federal court located in Delaware) will be the exclusive forum for any complaint asserting any internal corporate claims, including claims in the right of Forge based upon a violation of a duty by a current or former director, officer, employee, or stockholder in such capacity, or as to which the Delaware General Corporation Law confers jurisdiction upon the Court of Chancery and (b) the federal district courts of the United States will be the exclusive forum for any complaint asserting a cause of action arising under the Securities Act. The choice of forum provision may limit the ability of our stockholders to bring a claim in a forum that they find favorable for disputes with us or our directors, officers, or other employees, and may discourage such lawsuits. There is uncertainty as to whether a court would enforce this provision. If a court ruled the choice of forum provision was inapplicable or unenforceable in an action, we may incur additional costs to resolve such action in other jurisdictions. The choice of forum provision is intended to apply to the fullest extent permitted by law to the above-specified types of actions and proceedings, including any derivative actions asserting claims under state law or the federal securities laws, and is intended to require, in each case, to the fullest extent permitted by law, that (i) any Securities Act claims be brought in the federal district courts of the United States in accordance with clause (b) of the choice of forum provision and (ii) suits brought to enforce any duty or liability created by the Exchange Act be brought in the United States District Court for the District of Delaware. The provision does not apply to any direct claims brought by our stockholders on their own behalf, or on behalf of any class of similarly situated stockholders, under the Exchange Act. Our stockholders will not be deemed, by operation of the choice of forum provision, to have waived our obligation to comply with all applicable federal securities laws and the rules and regulations thereunder.
An active, liquid trading market for our common stock may not be sustained, which may make it difficult to sell the shares of our common stock you purchase.
An active trading market for our common stock may not be sustained which would make it difficult for you to sell your shares of our common stock at an attractive price (or at all). A public trading market having the desirable characteristics of depth, liquidity, and orderliness depends upon the existence of willing buyers and sellers at any given time, and its existence is dependent upon the individual decisions of buyers and sellers over which neither we nor any market maker has control. The failure of an active and liquid trading market to develop and continue would likely have a material adverse effect on the value of our common stock. The market price of our common stock may decline below your purchase price, and you may not be able to sell your shares of our common stock at or above the price you paid for such shares (or at all).
If we are unable to maintain compliance with the continued listing requirements of the NYSE, our common stock could be delisted from the NYSE, and if this were to occur, then the price and liquidity of our common stock, and our ability to raise additional capital, may be adversely affected.
31
Our common stock is currently listed on the NYSE, and continued listing of a security on the NYSE is conditioned upon compliance with certain continued listing requirements and continued listing standards. On December 31, 2024, we were notified by the NYSE that we are not in compliance with Section 802.01C of the NYSE Listed Company Manual (the "Listing Rule") because the average closing stock price of a share of our common stock was less than $1.00 per share over a consecutive 30 trading-day period.
Pursuant to the Listing Rule, we have 6 months following the NYSE notification to regain compliance with the Listing Rule, during which time our common stock will continue to be listed on the NYSE. We immediately notified the NYSE that to regain compliance with the Listing Rule, we intend to take steps to increase the value of shares of our common stock through executing our previously-announced business strategy, as well as considering other options for regaining compliance with the Listing Rule, including effecting a reverse stock split, subject to stockholder approval, which we would seek to obtain no later than at the Company’s next annual stockholders’ meeting.
On February 10, 2025, our board of directors approved a proposal to amend our Certificate of Incorporation to effect a potential reverse stock split of our issued and outstanding common stock at a ratio ranging from 1-for-3 to 1-for-50, inclusive, during a period of time not to exceed the 1-year anniversary of the date on which the reverse stock split is approved by our stockholders, subject to the board's authority to abandon the reverse stock split at any time or to delay or postpone it. As described in our definitive proxy statement filed with the SEC on February 27, 2025, the special meeting for our stockholders to vote on such proposal is expected to be held on March 27, 2025. The reverse stock split, if one occurs, would become effective upon the filing of a certificate of amendment with the Secretary of State of the State of Delaware.
Delisting of our common stock could adversely affect the liquidity of our common stock because alternatives, such as the OTC Bulletin Board and the pink sheets, are generally considered to be less efficient markets. An investor likely would find it less convenient to sell, or to obtain accurate quotations in seeking to buy our common stock on an over-the-counter market. Many investors likely would not buy or sell our common stock due to difficulty in accessing over-the-counter markets, policies preventing them from trading in securities not listed on a national exchange, or other reasons. A delisting of our common stock is likely to inhibit or preclude our ability to effect strategic acquisitions, raise additional financing, and may also materially and adversely impact our credit terms with our vendors.
We believe that a reverse stock split may increase the acceptability of our common stock to (i) long-term investors who may not find our shares attractive due to the trading volatility often associated with stocks below certain prices and (ii) indexes or funds with certain eligibility criteria, or make our common stock eligible for investment by brokerage houses and institutional investors that have internal policies and practices that either prohibit them from investing in low-priced stocks or tend to discourage individual brokers from recommending low-priced stocks to their customers or restrict or limit the ability to purchase such stocks on margin.
Furthermore, if a reverse stock split is implemented, we believe that such transaction will increase the market price of our common stock. However, the effect of a reverse stock split upon the market price of our common stock cannot be predicted with any certainty, and the history of similar stock splits for companies in like circumstances is varied. It is possible that (i) the per share price of our common stock after a reverse stock split will not rise in proportion to the reduction in the number of shares of our common stock outstanding resulting from the reverse stock split, or (ii) a reverse stock split may not result in a per share price that would attract brokers and investors who do not trade in lower priced stocks. Even if a reverse stock split is implemented, the market price of our common stock may decrease due to factors unrelated to the reverse stock split. In any case, the market price of our common stock will be based on other factors which may be unrelated to the number of shares outstanding, including our future performance. If a reverse stock split is consummated and the trading price of our common stock declines, the percentage decline as an absolute number and as a percentage of our overall market capitalization may be greater than would occur in the absence of the reverse stock split. In addition, the liquidity of our common stock may be harmed by a reverse stock split given the reduced number of shares of common stock that would be outstanding after the reverse stock split, particularly if our stock price does not increase as a result of the reverse stock split.
Our operating results and stock price may be volatile.
Stock markets have from time to time experienced significant price and volume fluctuations. Even if an active, liquid, and orderly trading market develops and is sustained for our common stock, the market price of our common stock may be volatile and could decline significantly. In addition, the trading volume in our common stock may fluctuate and cause significant price variations to occur. If the market price of our common stock declines significantly, you may be unable to
32
resell your shares. We cannot assure you that the market price of our common stock will not fluctuate widely or decline significantly in the future in response to a number of factors, including, among others, the following:
•the realization of any of the risk factors presented in this Report;
•actual or anticipated differences in our estimates, or in the estimates of analysts, for our revenues, results of operations, level of indebtedness, liquidity, or financial condition;
•additions and departures of key personnel;
•failure to comply with the requirements of the NYSE;
•failure to comply with the Sarbanes-Oxley Act or other laws or regulations;
•future issuances, sales or resales, or anticipated issuances, sales or resales, of common stock or other securities;
•perceptions of the investment opportunity associated with common stock relative to other investment alternatives;
•the performance and market valuations of other similar companies;
•future announcements concerning our business or our competitors’ businesses;
•broad disruptions in the financial markets, including sudden disruptions in the credit markets;
•speculation in the press or investment community;
•actual, potential, or perceived control, accounting, or reporting problems;
•changes in accounting principles, policies, and guidelines;
•a limited number of shares of our common stock available for trading;
•potential securities class-action litigation following periods of volatility in our stock price, would could result in substantial costs and divert management's attention and resources; and
•general economic and political conditions, such as the effects of ongoing geopolitical tensions, recessions, interest rates, local and national elections, fuel prices, international currency fluctuations, corruption, political instability, and acts of war or terrorism.
If securities or industry analysts do not publish research, publish inaccurate or unfavorable research, or cease publishing research about us, our share price and trading volume could decline significantly.
The market for our common stock will depend in part on the research and reports that securities or industry analysts publish about us or our business. Securities and industry analysts may not publish research on us. If no or few securities or industry analysts commence coverage of us, the market price and liquidity for our common stock could be negatively impacted. In the event securities or industry analysts initiate coverage, if one or more of the analysts who cover us downgrade their opinions about common stock, publish inaccurate or unfavorable research about us, or cease publishing about us regularly, demand for our common stock could decrease, which might cause our share price and trading volume to decline significantly.
Future sales, or the perception of future sales, by us or our stockholders in the public market could cause the market price for our common stock to decline.33Table of ContentsFuture sales, or the perception of future sales, by us or our stockholders in the public market could cause the market price for our common stock to decline.
The sale of shares of our common stock in the public market, or the perception that such sales could occur, could harm the prevailing market price of shares of our common stock. These sales, or the possibility that these sales may occur, also might make it more difficult for us to sell equity securities in the future at a time and at a price that it deems appropriate. Future resales of common stock may cause the market price of our securities to drop significantly, even if our business is
33
doing well. As such, sales of a substantial number of shares of our common stock in the public market could occur at any time. These sales, or the perception in the market that the holders of a large number of shares intend to sell shares, could reduce the market price of our common stock.
Future issuances of debt securities and equity securities may adversely affect us, including the market price of common stock and may be dilutive to existing stockholders.
While we have not previously incurred indebtedness to finance our business in the past and do not currently intend to do it in the future, there is no assurance that we will not incur debt or issue equity ranking senior to common stock. Those securities will generally have priority upon liquidation. Such securities also may be governed by an indenture or other instrument containing covenants restricting its operating flexibility. Additionally, any convertible or exchangeable securities that we issue in the future may have rights, preferences, and privileges more favorable than those of our common stock. Because our decision to issue debt or equity in the future will depend on market conditions and other factors beyond our control, we cannot predict or estimate the amount, timing, nature, or success of our future capital raising efforts. As a result, future capital raising efforts may reduce the market price of our common stock and be dilutive to existing stockholders.
We do not intend to pay cash dividends for the foreseeable future.
We currently intend to retain our future earnings, if any, to finance the further development and expansion of our business and do not intend to pay cash dividends in the foreseeable future. Any future determination to pay dividends will be at the discretion of our board of directors and will depend on our financial condition, results of operations, capital requirements, restrictions contained in future agreements and financing instruments, business prospects, and such other factors as our board of directors deems relevant.
We may not realize the anticipated long-term stockholder value of our share repurchase program and any failure to repurchase our common stock after we have announced our intention to do so may negatively impact our stock price.
In March 2025, our board of directors approved a share repurchase program of up to $10 million. No repurchases have been made under the program as of the date of this Report. Repurchases under the program may be made from time to time through open market purchases or through privately negotiated transactions subject to market conditions, applicable legal requirements, and other relevant factors. Open market repurchases may be structured to occur in accordance with the requirements of Rule 10b-18. We may also, from time to time, enter into Rule 10b5-1 plans to facilitate repurchases of shares under this authorization. The timing and number of shares repurchased under the program will depend on a variety of factors, including stock price, trading volume, and general business and market conditions. The program does not obligate us to acquire any particular amount of our common stock, and may be modified, suspended, or terminated at any time in our sole discretion. The program has no expiration date.
Any failure to repurchase stock after we have announced our intention to do so may negatively impact our reputation and investor confidence in us and may negatively impact our stock price. The existence of this program could cause our stock price to be higher than it otherwise would be and could potentially reduce the market liquidity for our stock. Although this program is intended to enhance long-term stockholder value, there is no assurance it will do so because the market price of our common stock may decline below the levels at which we repurchase shares and short-term stock price fluctuations could reduce the effectiveness of the program.
Repurchasing our common stock will reduce the amount of cash we have available to fund working capital, capital expenditures, strategic acquisitions or business opportunities, and other general corporate requirements, and we may fail to realize the anticipated long-term stockholder value of our repurchase program. Additionally, any repurchases of our common stock that are covered by the new U.S. federal 1% excise tax could increase our costs and adversely affect our operating results.
Item 1B. Unresolved Staff Comments
None.
Item 1C. Cybersecurity
Risk Management and Strategy
34
We conduct a regular cybersecurity risk assessment process through our Head of Information Security (“CISO”) and dedicated information security team. These risk assessments include the effectiveness of our cybersecurity program and its practices for identifying, assessing, and mitigating cybersecurity risks; our controls to prevent, detect, and respond to cyber incidents; our cyber resiliency, including crisis preparedness, incident response processes, business continuity, and disaster recovery capabilities; and our investments in cybersecurity infrastructure and program needs.
As part of our overall risk management system, our dedicated information security team monitors and tests our cybersecurity policies and procedures through methods such as periodic reviews, targeted assessments, and tabletop exercises. As part of our overall risk management system, our dedicated information security team monitors and tests our cybersecurity policies and procedures through methods such as periodic reviews, targeted assessments, and tabletop exercises. All personnel are made aware of our cybersecurity policies and procedures upon hire and through periodic refresher trainings. Such policies and procedures cover areas such as identity and access management, vendor management, data governance and protection, vulnerability management, incident response, and operational risk management. Our cybersecurity policies and procedures are also incorporated into our broader risk management framework such that all enterprise and operational risks are evaluated in a holistic manner.
Governance
Our management is responsible for the day-to-day oversight and management of our enterprise risks, including risks from cybersecurity threats. As described in “Risk Management and Strategy” above, primary responsibility for assessing, monitoring, and managing our cybersecurity risks rests with our CISO and dedicated information security team, who develop, prioritize, and execute our cybersecurity strategy in partnership with relevant departments and business units. Our CISO, who has over 20 years of cybersecurity and information security experience, oversees our cybersecurity framework, reports to our management-level risk committee, and chairs our cybersecurity risk subcommittee. Our CISO is assisted in this oversight role by additional members of management, including our Chief Technology Officer, Chief Risk Officer, and Head of Legal, each of whom bring decades of leadership experience managing risks in their respective fields. Our CISO is assisted in this oversight role by additional members of management, including our Chief Technology Officer, Head of Risk, and our Chief Legal Officer, each of whom bring decades of leadership experience managing risks in their respective fields.
Recently Filed
Click on a ticker to see risk factors
| Ticker * | File Date |
|---|---|
| CPPTL | 1 day, 4 hours ago |
| TUSK | 1 day, 4 hours ago |
| EQBK | 1 day, 4 hours ago |
| FSUN | 1 day, 4 hours ago |
| UBX | 1 day, 4 hours ago |
| BSTT | 1 day, 4 hours ago |
| NDLS | 1 day, 4 hours ago |
| FNRN | 1 day, 4 hours ago |
| SNBR | 1 day, 5 hours ago |
| FCBC | 1 day, 5 hours ago |
| MYFW | 1 day, 5 hours ago |
| BRDG | 1 day, 5 hours ago |
| AIMD | 1 day, 5 hours ago |
| GRND | 1 day, 5 hours ago |
| SPFI | 1 day, 5 hours ago |
| ATRA | 1 day, 5 hours ago |
| SGHT | 1 day, 5 hours ago |
| CMCT | 1 day, 5 hours ago |
| OB | 1 day, 5 hours ago |
| NABL | 1 day, 5 hours ago |
| NODK | 1 day, 5 hours ago |
| RGTI | 1 day, 5 hours ago |
| UNTY | 1 day, 5 hours ago |
| HBT | 1 day, 5 hours ago |
| ZCSH | 1 day, 5 hours ago |
| ETCG | 1 day, 5 hours ago |
| LXRX | 1 day, 5 hours ago |
| EBTC | 1 day, 5 hours ago |
| GSBC | 1 day, 6 hours ago |
| CCFN | 1 day, 6 hours ago |
| GPLB | 1 day, 6 hours ago |
| BCBP | 1 day, 6 hours ago |
| SBFG | 1 day, 6 hours ago |
| HMST | 1 day, 7 hours ago |
| CAC | 1 day, 7 hours ago |
| BMNM | 1 day, 7 hours ago |
| OFLX | 1 day, 7 hours ago |
| FSTR | 1 day, 7 hours ago |
| CARE | 1 day, 9 hours ago |
| IBCP | 1 day, 9 hours ago |
| BFST | 1 day, 9 hours ago |
| LFWD | 1 day, 10 hours ago |
| FNLC | 1 day, 11 hours ago |
| COOK | 1 day, 12 hours ago |
| ESPR | 1 day, 12 hours ago |
| FORR | 1 day, 12 hours ago |
| MASS | 1 day, 12 hours ago |
| ADV | 1 day, 13 hours ago |
| NBBK | 1 day, 13 hours ago |
| WHF | 1 day, 13 hours ago |
