PAYX, §1A diff (2021 → 2022)
Added paragraphs (2486 words)
We rely upon information technology (“IT”) networks, cloud-based platforms, and systems to process, transmit, and store electronic information, and to support a variety of business processes, some of which are provided by third-party vendors. Cyberattacks and security threats are a risk to our business and reputation. A cyberattack, unauthorized intrusion, malicious software infiltration, network disruption or outage, corruption of data, or theft of personal or other sensitive information, could have a material adverse effect on our business operations or that of our clients, result in liability or regulatory sanction, or cause harm to our business and reputation and result in a loss in confidence in our ability to serve clients all of which could have a material adverse effect on our business. The rapid speed of disruptive innovations involving cyberattacks, security vulnerabilities and Internet disruptions enabled by new and emerging technologies may outpace our organization's ability to compete and/or manage the risk appropriately. In addition, cybercriminals may seek to engage in payment-related fraud or by more frequently attempting to gain access to our systems through phishing or other means. Furthermore, security industry experts and government officials have warned about the risks of hackers and cyberattacks targeting IT products and businesses. Because techniques used to obtain unauthorized access or sabotage systems change frequently and often are not recognized until launched against a target, we may be unable to anticipate these techniques or to implement adequate preventative measures.
Data Security and Privacy Leaks: We collect, use, and retain increasingly large amounts of personal information about our clients, employees of our clients, and our employees, including: bank account, credit card, and social security numbers, tax return
information, health care information, retirement account information, payroll information, system and network passwords, and other sensitive personal and business information. At the same time, the continued occurrence of high-profile cyber and ransomware attacks and data breaches provides evidence of an external environment increasingly hostile to information security. We may be particularly targeted for cyberattack because of the amount and type of personal and business information that we collect, use, and retain. Vulnerabilities, threats, and more sophisticated and targeted computer crimes pose a risk to the security of our systems and networks, and the confidentiality, availability, and integrity of our data. Furthermore, if any of our products contains a software vulnerability, the vulnerability may be exploited to obtain access to our data or our clients’ data.
Data Loss and Business Interruption: If our systems are disrupted or fail for any reason, including Internet or systems failure, or if our systems are infiltrated by unauthorized persons, both the Company and our clients could experience data loss, financial loss, harm to reputation, or significant business interruption. Hardware, applications and services, including cloud-based services, that we develop or procure from third-party vendors may contain defects in design or other problems that could compromise the integrity and availability of our services. Any delays or failures caused by network outages, software or hardware failures, or other data processing disruptions, could result in our inability to provide services in a timely fashion or at all. The speed to closure of significant cyber security incidents may be influenced by the cooperation of governmental or law enforcement agencies. We may be required to incur significant costs to protect against damage caused by disruptions or security breaches in the future. Such events may expose us to unexpected liability, litigation, regulatory investigation and penalties, loss of clients’ business, unfavorable impact to business reputation, and there could be a material adverse effect on our business and results of operations.
Our operations are dependent on our ability to protect our infrastructure against damage from catastrophe or natural disaster, unauthorized security breach, power loss, telecommunications failure, terrorist attack or act of war, public health emergency, pandemic, or other events that could have a significant disruptive effect on our operations. Climate-related weather disasters, including hurricanes, flooding, snowstorms, and severe rainstorms, could also threaten the business continuity of our operations. We have a business continuity plan in place in the event of system failure due to any of these events. Our business continuity plan has been tested in the past by circumstances of severe weather, including hurricanes, floods, snowstorms, and rain storms and has been successful. However, these past successes are not an indicator of success in the future. If the business continuity plan is unsuccessful in a disaster recovery scenario, we could potentially lose client data or experience material adverse interruptions to our operations or delivery of services to our clients.
Within our PEO business, we maintain health and workers’ compensation insurance covering worksite employees. The insurance costs are impacted by claims experience and are a significant portion of our PEO costs. If we experience a sudden or unexpected increase in claims activity, our costs could increase. In addition, in the event of expiration or cancellation of existing contracts, we may not be able to secure replacement contracts on competitive terms, if at all. Also, as a co-employer in the PEO, we assume or share many of the employer-related responsibilities associated with health care reform, which may result in increased costs. Increases in costs not incorporated into service fees timely or fully could have a material adverse effect on our results of operations. Incorporating cost increases into service fees could also impact our ability to attract and retain clients.
The Note Purchase and Guarantee Agreement (the “Agreement”) that we entered into in January 2019 in connection with our acquisition of Oasis Outsourcing Group Holdings, L.P. (“Oasis”), contains covenants which may restrict our flexibility to operate our business. These covenants include restrictions regarding the incurrence of liens and indebtedness, substantial changes in the general nature of our business and our subsidiaries (taken as a whole), certain merger transactions, certain sales of assets and other matters, all subject to certain exceptions. The Agreement also contains financial covenants, which are reviewed for compliance on a quarterly basis, that require us not to exceed a maximum leverage ratio of 3.5:1.0 and a minimum interest coverage ratio of 2.0:1.0. In addition, certain of our indebtedness may not exceed 20% of our consolidated stockholders’ equity. If we do not comply with these covenants, it could result in material adverse effects on our operating results and our financial condition.
Many of our services, particularly payroll tax administration services, employee benefit plan administration services, and PEO services are designed according to government regulations that often change. Changes in regulations could affect the extent and type of benefits employers are required, or may choose, to provide employees or the amount and type of taxes employers and employees are required to pay. Such changes could reduce or eliminate the need for some of our services and substantially decrease our revenue. The addition of complex added requirements could also increase our cost of doing business.
Our services are subject to various laws and regulations, including, but not limited to, the ACA and anti-money laundering rules. The growth of our international operations via acquisition also subjects us to additional risks, such as compliance with foreign laws and regulations. The enactment of new laws and regulations, modifications of existing laws and regulations, or the adverse application or interpretation of new or existing laws or regulations can adversely affect our business. Failure to update our services to comply with modified or new legislation in the areas of payment networks, health care reform and retirement plans as well as failure to educate and assist our clients regarding this legislation could adversely impact our business reputation and negatively impact our client base. Failure to comply with anti-money laundering laws and regulations, which require us to develop and implement risk-based anti-money laundering programs, and maintain transaction records, could result in civil and criminal penalties and adversely impact our business reputation.
As a U.S. company, we are required to comply with the economic sanctions and embargo programs administered by the Office of Foreign Assets Control (“OFAC”) and similar multi-national bodies and governmental agencies worldwide, and the Foreign Corrupt Practices Act (“FCPA”). OFAC places restrictions on the sale or export of certain products and services to certain countries and persons, including most recently to Russia, Belarus, and portions of Ukraine. A violation of a sanction or embargo program, or of the FCPA, or similar laws prohibiting certain payments to governmental officials, could subject us, and individual employees, to a regulatory enforcement action as well as significant civil and criminal penalties which could adversely impact our business and operations.
Our services require the storage and transmission of proprietary and confidential information of our clients and their employees, including personal or identifying information, as well as their financial and payroll data. Our applications are subject to various complex government laws and regulations on the federal, state, and local levels, including those governing personal privacy. In the U.S., we are subject to rules and regulations promulgated under the authority of the Federal Trade Commission,
the Health Insurance Portability and Accountability Act of 1996, the Family Medical Leave Act of 1993, the ACA, federal and state labor and employment laws, and state data breach notification and data privacy laws, such as the California Consumer Protection Act. In the European Union, we are subject to the European Union’s General Data Privacy Regulation. Failure to comply with such laws and regulations could result in the imposition of consent orders or civil and criminal penalties, including fines, which could damage our reputation and have an adverse effect on our results of operations or financial condition. We could be subject to litigation or reputational risk if we or our third-party providers fail to utilize data practices sufficient to safeguard proprietary, confidential, or personal or identifying information. The regulatory framework for privacy issues is rapidly evolving and future enactment of more restrictive laws, rules, or regulations and/or future enforcement actions or investigations could have a materially adverse impact on us through increased costs or restrictions on our business and noncompliance could result in regulatory penalties and significant legal liability.
Our business, results of operations, and financial condition may continue to be impacted by COVID-19 and other macroeconomic events and such impact could be materially adverse.
The global spread of COVID-19 created significant volatility, uncertainty and economic disruption. The restrictions imposed to prevent the spread of COVID-19 disrupted economic activity, resulting in reduced commercial and consumer confidence and spending, increased unemployment, closure or restricted operating conditions for businesses, volatility in the global capital markets, instability in the credit and financial markets, labor shortages, regulatory relief for impacted consumers, disruption in supply chains, and restrictions on many hospitality and travel industry operations. Inflationary pressure, caused in part by the pandemic, is ongoing and may be compounded by the Russian invasion of Ukraine and the resulting impact on commodity prices and supply chains.
16
We are subject to the impacts related to the COVID-19 pandemic and inflationary pressure for so long as our clients are exposed to those heightened risks and uncertainties. Our business is substantially dependent on our clients’ continued use of our solutions and services, and our results of operations will decline if our clients are no longer willing or able to use them. Our clients are sensitive to negative changes in economic conditions. If they cease operations or file for bankruptcy protection, we may not be paid for services we already provided, and our client base will shrink, which will lower our revenue. If under financial pressure, our clients may determine that they are no longer willing to pay for the services and solutions we provide, which would reduce our revenue. Our clients may decrease their workforce, which would decrease their demand for our services. Because of spending constraints on our clients and competition in the industry, we may face pricing pressure on our services and face challenges in onboarding new clients, which would reduce revenue and ultimately impact our results of operations. Furthermore, if the third-party service providers we rely on are unable to perform their services for us and our clients, our operations could be materially disrupted, and we could face significant penalties or liabilities.
Trade, monetary and fiscal policies, and political and economic conditions may substantially change, and credit markets may experience periods of constriction and variability. These conditions may impact our business due to lower transaction volumes or an increase in the number of clients going out of business. Further, rising inflation may negatively impact our business, raise costs and reduce profitability. Current or potential clients may decide to reduce their spending on payroll and other outsourcing services. In addition, new business formation may be affected by an inability to obtain credit.
We invest our funds held for clients in high quality, investment-grade marketable available-for-sale (“AFS”) securities, money markets, and other cash equivalents. We also invest our corporate funds in short- to intermediate-term instruments. Funds held for clients and corporate investments are subject to general market, interest rate, credit, and liquidity risks. These risks may be exacerbated during periods of unusual financial market volatility and inflationary pressure. The interest we earn on funds held for clients and corporate investments may decrease as a result of a decline in funds available to invest or lower interest rates. In addition, during periods of volatility in the credit markets, certain types of investments may not be available to us or may become too risky for us to invest in, further reducing the interest we may earn on client funds. If we are unable to reinvest our AFS securities when they mature, our interest income earned and investment portfolio would be reduced. If we sell AFS securities to satisfy short-term funding requirements, we may recognize losses, which would further reduce the interest income earned on funds held for clients and corporate investments.
Our success, growth, and financial results depend in part on our continuing ability to attract, retain, and motivate highly qualified and diverse personnel at all levels, including management, technical, compliance, and sales personnel. Competition for these individuals can be intense, and we may not be able to retain our key people, or attract, assimilate, or retain other highly-qualified individuals in the future, which could harm our future success.
We are committed to good corporate citizenship, which is reflected in our company culture and core values. Disclosure of our corporate governance practices including our environmental, social and governance (“ESG”) initiatives, may draw negative publicity from stakeholders.
17
Negative publicity relating to events or activities attributed to us, our policies, our corporate employees, or others associated with us, whether or not justified, may tarnish our reputation and reduce the value of our brand. If we are unable to maintain quality HCM and employee benefit-related solutions and PEO and insurance solutions, our reputation with our clients may be harmed and the value of our brand may diminish. In addition, if our brand is negatively impacted, it may have a material adverse effect on our business, including challenges retaining clients or attracting new clients and recruiting talent and retaining employees.
Removed paragraphs (2330 words)
We rely upon information technology (“IT”) networks, cloud-based platforms, and systems to process, transmit, and store electronic information, and to support a variety of business processes, some of which are provided by third-party vendors. Cyberattacks and security threats are a risk to our business and reputation. A cyberattack, unauthorized intrusion, malicious software infiltration, network disruption or outage, corruption of data, or theft of personal or other sensitive information, could have a material adverse effect on our business operations or that of our clients, result in liability or regulatory sanction, or cause harm to our business and reputation and result in a loss in confidence in our ability to serve clients all of which could have a material adverse effect on our business. The rapid speed of disruptive innovations involving cyberattacks, security vulnerabilities and Internet disruptions enabled by new and emerging technologies may outpace our organization's ability to compete and/or manage the risk appropriately. In addition, cybercriminals may seek to exploit the disruptions caused by the COVID-19 pandemic by attempting to engage in payment-related fraud or by more frequently attempting to gain access to our systems through phishing or other means that may be more successful when employees are working remotely.
Data Security and Privacy Leaks: We collect, use, and retain increasingly large amounts of personal information about our clients, employees of our clients, and our employees, including: bank account, credit card, and social security numbers, tax return information, health care information, retirement account information, payroll information, system and network passwords, and other sensitive personal and business information. At the same time, the continued occurrence of high-profile cyber and ransomware attacks and data breaches provides evidence of an external environment increasingly hostile to information security. We may be particularly targeted for cyber-attack because of the amount and type of personal and business information that we collect, use, and retain. Vulnerabilities, threats, and more sophisticated and targeted computer crimes pose a risk to the security of our systems and networks, and the confidentiality, availability, and integrity of our data. Furthermore, if any of our products contains a software vulnerability, the vulnerability may be exploited to obtain access to our data or our clients’ data.
Data Loss and Business Interruption: If our systems are disrupted or fail for any reason, including Internet or systems failure, or if our systems are infiltrated by unauthorized persons, both the Company and our clients could experience data loss, financial loss, harm to reputation, or significant business interruption. Hardware, applications and services, including cloud-based services, that we develop or procure from third-party vendors may contain defects in design or other problems that could compromise the integrity and availability of our services. Any delays or failures caused by network outages, software or hardware failures, or other data processing disruptions, could result in our inability to provide services in a timely fashion or at all. We may be required to incur significant costs to protect against damage caused by disruptions or security breaches in the future. Such events may expose us to unexpected liability, litigation, regulatory investigation and penalties, loss of clients’ business, unfavorable impact to business reputation, and there could be a material adverse effect on our business and results of operations.
Our operations are dependent on our ability to protect our infrastructure against damage from catastrophe or natural disaster, unauthorized security breach, power loss, telecommunications failure, terrorist attack, public health emergency, pandemic, or other events that could have a significant disruptive effect on our operations. Climate-related weather disasters, including hurricanes, flooding, snowstorms, and severe rainstorms, could also threaten the business continuity of our operations. We have a business continuity plan in place in the event of system failure due to any of these events. Our business continuity plan has been tested in the past by circumstances of severe weather, including hurricanes, floods, snowstorms, and rain storms and has been successful. However, these past successes are not an indicator of success in the future. If the business continuity plan is unsuccessful in a disaster recovery scenario, we could potentially lose client data or experience material adverse interruptions to our operations or delivery of services to our clients.
Within our PEO business, we maintain health and workers’ compensation insurance covering worksite employees. The insurance costs are impacted by claims experience and are a significant portion of our PEO costs. If we experience a sudden or unexpected increase in claims activity, our costs could increase. In addition, in the event of expiration or cancellation of existing contracts, we may not be able to secure replacement contracts on competitive terms. Also, as a co-employer in the PEO, we assume or share many of the employer-related responsibilities associated with health care reform, which may result in increased costs. Increases in costs not incorporated into service fees timely or fully could have a material adverse effect on our results of operations. Incorporating cost increases into service fees could also impact our ability to attract and retain clients.
The Note Purchase and Guarantee Agreement (the “Agreement”) that we entered into in January 2019 in connection with our acquisition of Oasis Outsourcing Group Holdings, L.P. (“Oasis”), contains covenants which may restrict our flexibility to operate our business. These covenants include restrictions regarding the incurrence of liens and indebtedness, substantial changes in the general nature of our business and our subsidiaries (taken as a whole), certain merger transactions, certain sales
13
of assets and other matters, all subject to certain exceptions. The Agreement also contains financial covenants, which are reviewed for compliance on a quarterly basis, that require us not to exceed a maximum leverage ratio of 3.5:1.0 and a minimum interest coverage ratio of 2.0:1.0. In addition, certain of our indebtedness may not exceed 20% of our consolidated stockholders’ equity. If we do not comply with these covenants, it could result in material adverse effects on our operating results and our financial condition.
Many of our services, particularly payroll tax administration services and employee benefit plan administration services, are designed according to government regulations that often change. Changes in regulations could affect the extent and type of benefits employers are required, or may choose, to provide employees or the amount and type of taxes employers and employees are required to pay. Such changes could reduce or eliminate the need for some of our services and substantially decrease our revenue. Added requirements could also increase our cost of doing business.
Our services are subject to various laws and regulations, including, but not limited to, the ACA and anti-money laundering rules. The growth of our international operations via acquisition also subjects us to additional risks, such as compliance with foreign laws and regulations. The enactment of new laws and regulations, modifications of existing laws and regulations, or the adverse application or interpretation of new or existing laws or regulations can adversely affect our business. Failure to update our services to comply with modified or new legislation in the area of health care reform as well as failure to educate and assist our clients regarding this legislation could adversely impact our business reputation and negatively impact our client base. Failure to comply with anti-money laundering laws and regulations, which require us to develop and implement risk-based anti-money laundering programs, and maintain transaction records, could result in civil and criminal penalties and adversely impact our business reputation.
As a U.S. company, we are required to comply with the economic sanctions and embargo programs administered by the Office of Foreign Assets Control and similar multi-national bodies and governmental agencies worldwide, and the Foreign Corrupt Practices Act (“FCPA”). A violation of a sanction or embargo program, or of the FCPA, or similar laws prohibiting certain payments to governmental officials, could subject us, and individual employees, to a regulatory enforcement action as well as significant civil and criminal penalties which could adversely impact our business and operations.
Our services require the storage and transmission of proprietary and confidential information of our clients and their employees, including personal or identifying information, as well as their financial and payroll data. Our applications are subject to various complex government laws and regulations on the federal, state, and local levels, including those governing personal privacy. In the U.S., we are subject to rules and regulations promulgated under the authority of the Federal Trade Commission, the Health Insurance Portability and Accountability Act of 1996, the Family Medical Leave Act of 1993, the ACA, federal and state labor and employment laws, and state data breach notification and data privacy laws, such as the California Consumer Protection Act. In the European Union, we are subject to the European Union’s General Data Privacy Regulation. Failure to comply with such laws and regulations could result in the imposition of consent orders or civil and criminal penalties, including fines, which could damage our reputation and have an adverse effect on our results of operations or financial condition. We could be subject to litigation or reputational risk if we or our third-party providers fail to utilize data practices sufficient to safeguard proprietary, confidential, or personal or identifying information. The regulatory framework for privacy issues is rapidly evolving and future enactment of more restrictive laws, rules, or regulations and/or future enforcement actions or investigations could have a materially adverse impact on us through increased costs or restrictions on our business and noncompliance could result in regulatory penalties and significant legal liability.
Our business, results of operations, and financial condition may continue to be impacted by the outbreak of COVID-19 and such impact could be materially adverse.
The global spread of COVID-19 created significant volatility, uncertainty and economic disruption. The restrictions imposed to prevent the spread of COVID-19 disrupted economic activity, resulting in reduced commercial and consumer confidence and spending, increased unemployment, closure or restricted operating conditions for businesses, volatility in the global capital markets, instability in the credit and financial markets, labor shortages, regulatory relief for impacted consumers, disruption in supply chains, and restrictions on many hospitality and travel industry operations. While economic conditions have begun improving as vaccine distribution has accelerated in the United States, there can be no assurance that the economic recovery will occur or offset the uncertainty and instability triggered by the pandemic.
We are subject to the impacts related to the COVID-19 pandemic for so long as our clients are exposed to those heightened risks and uncertainties. Our business is substantially dependent on our clients’ continued use of our solutions and services, and our results of operations will decline if our clients are no longer willing or able to use them. Our clients are sensitive to negative changes in economic conditions. If they cease operations or file for bankruptcy protection, we may not be paid for services we already provided, and our client base will shrink, which will lower our revenue. If under financial pressure, our clients may determine that they are no longer willing to pay for the services and solutions we provide, which would reduce our revenue. Our clients may decrease their workforce, which would decrease their demand for our services. Because of spending constraints on our clients and competition in the industry, we may face pricing pressure on our services and face challenges in onboarding new clients, which would reduce revenue and ultimately impact our results of operations. Furthermore, if the third-party service providers we rely on are unable to perform their services for us and our clients, our operations could be materially disrupted, and we could face significant penalties or liabilities.
Trade, monetary and fiscal policies, and political and economic conditions may substantially change, and credit markets may experience periods of constriction and variability. These conditions may impact our business due to lower transaction volumes or an increase in the number of clients going out of business. Current or potential clients may decide to reduce their spending on payroll and other outsourcing services. In addition, new business formation may be affected by an inability to obtain credit.
We invest our funds held for clients in high quality, investment-grade marketable available-for-sale (“AFS”) securities, money markets, and other cash equivalents. We also invest our corporate funds in short- to intermediate-term instruments. Funds held for clients and corporate investments are subject to general market, interest rate, credit, and liquidity risks. These risks may be exacerbated during periods of unusual financial market volatility. The interest we earn on funds held for clients and corporate investments may decrease as a result of a decline in funds available to invest and lower interest rates. In addition, during periods
of volatility in the credit markets, certain types of investments may not be available to us or may become too risky for us to invest in, further reducing the interest we may earn on client funds. If we are unable to reinvest our AFS securities when they mature, our interest income earned and investment portfolio would be reduced. If we sell AFS securities to satisfy short-term funding requirements, we may recognize losses, which would further reduce the interest income earned on funds held for clients and corporate investments.
Our success, growth, and financial results depend in part on our continuing ability to attract, retain, and motivate highly qualified people at all levels, including management, technical, compliance, and sales personnel. Competition for these individuals can be intense, and we may not be able to retain our key people, or attract, assimilate, or retain other highly-qualified individuals in the future, which could harm our future success.
Negative publicity relating to events or activities attributed to us, our corporate employees, or others associated with us, whether or not justified, may tarnish our reputation and reduce the value of our brand. If we are unable to maintain quality HCM and employee benefit-related solutions and PEO and insurance solutions, our reputation with our clients may be harmed and the value of our brand may diminish. In addition, if our brand is negatively impacted, it may have a material adverse effect on our business, including challenges retaining clients or attracting new clients and recruiting talent and retaining employees.
Item 1B. Unr
Current §1A text (2022)
Show full section (4957 words)
Item 1A. Risk Factors
Our future results of operations are subject to risks and uncertainties that could cause actual results to differ materially from historical and current results, and from our projections. The following risk factors represent our current view of some of the most important risks facing our business and are important to understanding our business. These are not the only risks we face. Additional factors not presently known to us or that we currently deem to be immaterial also may adversely affect, possibly to a material extent, our business, cash flows, financial condition, or results of operations in future periods. In addition, refer to the cautionary note regarding forward-looking statements at the beginning of Part I of this Form 10-K.
Business and Operational Risks
We may not be able to keep pace with changes in technology or provide timely enhancements to our products and services.
The market for our products is characterized by rapid technological advancements, changes in customer requirements, frequent new product introductions and enhancements, and changing industry standards. To maintain our growth strategy, we must adapt and respond to technological advances and technological requirements of our clients. Our future success will depend on our ability to: enhance our current products and introduce new products in order to keep pace with products offered by our competitors; enhance capabilities and increase the performance of our internal systems, particularly our systems that meet our clients’ requirements; and adapt to technological advancements and changing industry standards. We continue to make significant investments related to the development of new technology. If our systems become outdated, it may negatively impact our ability to meet performance expectations related to quality, time to market, cost and innovation relative to our competitors. The failure to provide a more efficient and user-friendly customer-facing digital experience across internet and mobile platforms as well as in physical locations may adversely impact our business and operating results. There can be no assurance that our efforts to update and integrate systems will be successful. If we do not integrate and update our systems in a timely manner, or if our investments in technology fail to provide the expected results, there could be a material adverse effect to our business and results of operations. The failure to continually develop enhancements and use of technologies such as robotics and other workflow automation tools, natural language processing, and artificial intelligence/machine learning may impact our ability to increase the efficiency of and reduce costs associated with operational risk management and compliance activities.
We may experience software defects, undetected errors, and development delays, which could damage our relationship with clients, decrease our potential profitability and expose us to liability.
Our products rely on software and computing systems that can encounter development delays, and the underlying software may contain undetected errors, viruses or defects. Defects in our products and errors or delays caused by our products could result in additional development costs, diversion of technical and other resources from our other development efforts, loss of credibility with current or potential clients, harm to our reputation and exposure to liability. In addition, we rely on technologies and software supplied by third parties that may also contain undetected errors, viruses or defects that could have a material adverse effect on our business, financial condition, results of operations and cash flows.
We could be subject to reduced revenues, increased costs, liability claims, or harm to our competitive position as a result of cyberattacks, security vulnerabilities or Internet disruptions.
We rely upon information technology (“IT”) networks, cloud-based platforms, and systems to process, transmit, and store electronic information, and to support a variety of business processes, some of which are provided by third-party vendors. Cyberattacks and security threats are a risk to our business and reputation. A cyberattack, unauthorized intrusion, malicious software infiltration, network disruption or outage, corruption of data, or theft of personal or other sensitive information, could have a material adverse effect on our business operations or that of our clients, result in liability or regulatory sanction, or cause harm to our business and reputation and result in a loss in confidence in our ability to serve clients all of which could have a material adverse effect on our business. The rapid speed of disruptive innovations involving cyberattacks, security vulnerabilities and Internet disruptions enabled by new and emerging technologies may outpace our organization's ability to compete and/or manage the risk appropriately. In addition, cybercriminals may seek to engage in payment-related fraud or by more frequently attempting to gain access to our systems through phishing or other means. Furthermore, security industry experts and government officials have warned about the risks of hackers and cyberattacks targeting IT products and businesses. Because techniques used to obtain unauthorized access or sabotage systems change frequently and often are not recognized until launched against a target, we may be unable to anticipate these techniques or to implement adequate preventative measures.
Data Security and Privacy Leaks: We collect, use, and retain increasingly large amounts of personal information about our clients, employees of our clients, and our employees, including: bank account, credit card, and social security numbers, tax return
information, health care information, retirement account information, payroll information, system and network passwords, and other sensitive personal and business information. At the same time, the continued occurrence of high-profile cyber and ransomware attacks and data breaches provides evidence of an external environment increasingly hostile to information security. We may be particularly targeted for cyberattack because of the amount and type of personal and business information that we collect, use, and retain. Vulnerabilities, threats, and more sophisticated and targeted computer crimes pose a risk to the security of our systems and networks, and the confidentiality, availability, and integrity of our data. Furthermore, if any of our products contains a software vulnerability, the vulnerability may be exploited to obtain access to our data or our clients’ data.
Our service platforms enable our clients to store and process personal data on premises or, increasingly, in a cloud-based environment that we host. The security of our IT infrastructure is an important consideration in our customers’ purchasing decisions. Because the techniques used to obtain unauthorized access, disable or degrade service or sabotage systems change frequently, are increasingly more complex and sophisticated and may be difficult to detect for long periods of time, we may be unable or fail to anticipate these techniques or implement adequate or timely preventative or responsive measures. As cyber threats continue to evolve, we are focused on ensuring that our operating environments safeguard and protect personal and business information. We may be required to invest significant additional resources to comply with evolving cybersecurity regulations and to modify and enhance our information security and controls, and to investigate and remediate any security vulnerabilities. While we have security systems and IT infrastructure in place designed to detect and protect against unauthorized access to such information, if our security measures are breached, our business could be substantially harmed, and we could incur significant liabilities. Any such breach or unauthorized access could negatively affect our ability to attract new clients, cause existing clients to terminate their agreements with us, result in reputational damage, and subject us to lawsuits, regulatory fines, or other actions or liabilities which could materially and adversely affect our business and operating results. Third-parties, including vendors that provide services for our operations, could also be a source of security risk to us in the event of a failure of their own security systems and infrastructure.
Data Loss and Business Interruption: If our systems are disrupted or fail for any reason, including Internet or systems failure, or if our systems are infiltrated by unauthorized persons, both the Company and our clients could experience data loss, financial loss, harm to reputation, or significant business interruption. Hardware, applications and services, including cloud-based services, that we develop or procure from third-party vendors may contain defects in design or other problems that could compromise the integrity and availability of our services. Any delays or failures caused by network outages, software or hardware failures, or other data processing disruptions, could result in our inability to provide services in a timely fashion or at all. The speed to closure of significant cyber security incidents may be influenced by the cooperation of governmental or law enforcement agencies. We may be required to incur significant costs to protect against damage caused by disruptions or security breaches in the future. Such events may expose us to unexpected liability, litigation, regulatory investigation and penalties, loss of clients’ business, unfavorable impact to business reputation, and there could be a material adverse effect on our business and results of operations.
In the event of a catastrophe, our business continuity plan may fail, which could result in the loss of client data and adversely interrupt operations.
Our operations are dependent on our ability to protect our infrastructure against damage from catastrophe or natural disaster, unauthorized security breach, power loss, telecommunications failure, terrorist attack or act of war, public health emergency, pandemic, or other events that could have a significant disruptive effect on our operations. Climate-related weather disasters, including hurricanes, flooding, snowstorms, and severe rainstorms, could also threaten the business continuity of our operations. We have a business continuity plan in place in the event of system failure due to any of these events. Our business continuity plan has been tested in the past by circumstances of severe weather, including hurricanes, floods, snowstorms, and rain storms and has been successful. However, these past successes are not an indicator of success in the future. If the business continuity plan is unsuccessful in a disaster recovery scenario, we could potentially lose client data or experience material adverse interruptions to our operations or delivery of services to our clients.
We may be adversely impacted by any failure of third-party service providers to perform their functions.
As part of providing services to clients, we rely on a number of third-party service providers. These service providers include, but are not limited to, couriers used to deliver client payroll checks, banks used to electronically transfer funds from clients to their employees, and information technology vendors servicing cloud-based platforms we use. Failure by these service providers, for any reason, to deliver their services in a timely manner and in compliance with applicable laws and regulations could result in material interruptions to our operations, impact client relations, and result in significant penalties or liabilities to us.
We may be exposed to additional risks related to our co-employment relationship within our PEO business.
Many federal and state laws that apply to the employer-employee relationship do not specifically address the obligations and responsibilities of the “co-employment” relationship within our PEO business. State and federal positions regarding co-employment relationships are in a constant state of flux and changed with varying degrees of impact on our operations. We cannot predict when changes will occur or forecast whether any future changes will be favorable or unfavorable to our operations. There is a possibility that we may be subject to liability for violations of employment or discrimination laws by our clients and acts or omissions of client employees, who may be deemed to be our agents, even if we do not participate in any such acts or violations. Although our agreements with clients provide that they will indemnify us for any liability attributable to their own or their employees’ conduct, we may not be able to effectively enforce or collect such contractual obligations. In addition, we could be subject to liabilities with respect to our employee benefit plans if it were determined that we are not the “employer” under any applicable state or federal laws. Incurring additional liabilities related to our PEO business may adversely affect our results of operations.
We may be adversely impacted by changes in health insurance and workers’ compensation rates and underlying claims trends.
Within our PEO business, we maintain health and workers’ compensation insurance covering worksite employees. The insurance costs are impacted by claims experience and are a significant portion of our PEO costs. If we experience a sudden or unexpected increase in claims activity, our costs could increase. In addition, in the event of expiration or cancellation of existing contracts, we may not be able to secure replacement contracts on competitive terms, if at all. Also, as a co-employer in the PEO, we assume or share many of the employer-related responsibilities associated with health care reform, which may result in increased costs. Increases in costs not incorporated into service fees timely or fully could have a material adverse effect on our results of operations. Incorporating cost increases into service fees could also impact our ability to attract and retain clients.
We made and may continue to make acquisitions that involve numerous risks and uncertainties.
Acquisitions subject us to risks, including increased debt, assumption of unforeseen liabilities, and difficulties in integrating operations. Successful integration involves many challenges, including the difficulty of developing and marketing new products and services, our exposure to unforeseen liabilities of acquired companies, and the loss of key employees of an acquired business. The integration and conversion of our acquired operations or other future acquisitions, if any, could result in increased operating costs if the anticipated synergies of operating these businesses as one are not achieved, a loss of strategic opportunities if management is distracted by the integration process, and a loss of customers if our service levels drop during or following the integration process. In addition, an acquisition could adversely impact cash flows and/or operating results, and dilute stockholder interests, for many reasons, including charges to our income to reflect the impairment of acquired intangible assets including goodwill, interest costs and debt service requirements for any debt incurred in connection with an acquisition, and any issuance of securities in connection with an acquisition or new business venture that dilutes or lessens the rights of our current stockholders. If the integration of any or all of our acquisitions or future acquisitions is not successful, it could have a material adverse impact on our operating results and stock price.
Financial Risks
Our clients could have insufficient funds to cover payments we made on their behalf, resulting in financial loss to us.
As part of our payroll processing service, we are authorized by our clients to transfer money from their accounts to fund amounts owed to their employees and various taxing authorities. It is possible that we could be held liable for such amounts in the event the client has insufficient funds to cover them. We have in the past, and may in the future, make payments on our clients’ behalf for which we may not be reimbursed, resulting in loss to us. If a significant number of our clients are unable to cover payments we make on their behalf, our results of operations will be materially adversely impacted.
Our interest earned on funds held for clients may be impacted by changes in government regulations mandating the amount of tax withheld or timing of remittance.
We receive interest income from investing client funds collected but not yet remitted to applicable tax or regulatory agencies or to client employees. A change in regulations either decreasing the amount of taxes to be withheld or allowing less time to remit taxes to applicable tax or regulatory agencies could adversely impact interest income.
14
Certain of our debt agreements contain covenants that may constrain the operation of our business, and our failure to comply with these covenants could have a material adverse effect on our financial condition.
The Note Purchase and Guarantee Agreement (the “Agreement”) that we entered into in January 2019 in connection with our acquisition of Oasis Outsourcing Group Holdings, L.P. (“Oasis”), contains covenants which may restrict our flexibility to operate our business. These covenants include restrictions regarding the incurrence of liens and indebtedness, substantial changes in the general nature of our business and our subsidiaries (taken as a whole), certain merger transactions, certain sales of assets and other matters, all subject to certain exceptions. The Agreement also contains financial covenants, which are reviewed for compliance on a quarterly basis, that require us not to exceed a maximum leverage ratio of 3.5:1.0 and a minimum interest coverage ratio of 2.0:1.0. In addition, certain of our indebtedness may not exceed 20% of our consolidated stockholders’ equity. If we do not comply with these covenants, it could result in material adverse effects on our operating results and our financial condition.
Legal, Regulatory and Political Risks
Our business, services, and financial condition may be adversely impacted by changes in government regulations and policies.
Many of our services, particularly payroll tax administration services, employee benefit plan administration services, and PEO services are designed according to government regulations that often change. Changes in regulations could affect the extent and type of benefits employers are required, or may choose, to provide employees or the amount and type of taxes employers and employees are required to pay. Such changes could reduce or eliminate the need for some of our services and substantially decrease our revenue. The addition of complex added requirements could also increase our cost of doing business.
Our business and reputation may be adversely impacted if we fail to comply with U.S. and foreign laws and regulations.
Our services are subject to various laws and regulations, including, but not limited to, the ACA and anti-money laundering rules. The growth of our international operations via acquisition also subjects us to additional risks, such as compliance with foreign laws and regulations. The enactment of new laws and regulations, modifications of existing laws and regulations, or the adverse application or interpretation of new or existing laws or regulations can adversely affect our business. Failure to update our services to comply with modified or new legislation in the areas of payment networks, health care reform and retirement plans as well as failure to educate and assist our clients regarding this legislation could adversely impact our business reputation and negatively impact our client base. Failure to comply with anti-money laundering laws and regulations, which require us to develop and implement risk-based anti-money laundering programs, and maintain transaction records, could result in civil and criminal penalties and adversely impact our business reputation.
In addition, there has been and may continue to be a significant number of new laws and regulations promulgated by federal, state, local, and foreign governments following the outbreak of the COVID-19 pandemic. We have expended additional resources and incurred additional costs in addressing regulatory requirements applicable to us and our clients. These regulations may be unclear, difficult to interpret or in conflict with other applicable regulations. Failure to comply with laws and regulations could result in the imposition of consent orders or civil and criminal penalties, including fines, which could damage our reputation and have an adverse effect on our results of operations or financial condition.
As a U.S. company, we are required to comply with the economic sanctions and embargo programs administered by the Office of Foreign Assets Control (“OFAC”) and similar multi-national bodies and governmental agencies worldwide, and the Foreign Corrupt Practices Act (“FCPA”). OFAC places restrictions on the sale or export of certain products and services to certain countries and persons, including most recently to Russia, Belarus, and portions of Ukraine. A violation of a sanction or embargo program, or of the FCPA, or similar laws prohibiting certain payments to governmental officials, could subject us, and individual employees, to a regulatory enforcement action as well as significant civil and criminal penalties which could adversely impact our business and operations.
Our reputation, results of operations, or financial condition may be adversely impacted if we fail to comply with data privacy laws and regulations.
Our services require the storage and transmission of proprietary and confidential information of our clients and their employees, including personal or identifying information, as well as their financial and payroll data. Our applications are subject to various complex government laws and regulations on the federal, state, and local levels, including those governing personal privacy. In the U.S., we are subject to rules and regulations promulgated under the authority of the Federal Trade Commission,
15
the Health Insurance Portability and Accountability Act of 1996, the Family Medical Leave Act of 1993, the ACA, federal and state labor and employment laws, and state data breach notification and data privacy laws, such as the California Consumer Protection Act. In the European Union, we are subject to the European Union’s General Data Privacy Regulation. Failure to comply with such laws and regulations could result in the imposition of consent orders or civil and criminal penalties, including fines, which could damage our reputation and have an adverse effect on our results of operations or financial condition. We could be subject to litigation or reputational risk if we or our third-party providers fail to utilize data practices sufficient to safeguard proprietary, confidential, or personal or identifying information. The regulatory framework for privacy issues is rapidly evolving and future enactment of more restrictive laws, rules, or regulations and/or future enforcement actions or investigations could have a materially adverse impact on us through increased costs or restrictions on our business and noncompliance could result in regulatory penalties and significant legal liability.
Failure to protect our intellectual property rights may harm our competitive position and litigation to protect our intellectual property rights or defend against third-party allegations of infringement may be costly.
Despite our efforts to protect our intellectual property and proprietary information, we may be unable to do so effectively in all cases. Our intellectual property could be wrongfully acquired as a result of a cyberattack or other wrongful conduct by employees or third-parties. To the extent that our intellectual property is not protected effectively by trademarks, copyrights, patents, or other means, other parties with knowledge of our intellectual property, including former employees, may seek to exploit our intellectual property for their own and others’ advantage. Competitors may also misappropriate our trademarks, copyrights or other intellectual property rights or duplicate our technology and products. Any significant impairment or misappropriation of our intellectual property or proprietary information could harm our business and our brand and may adversely affect our ability to compete. Third parties may claim that we are infringing on their intellectual property rights. To the extent we seek to enforce or must defend our intellectual property rights with litigation, we could incur significant expenses and/or be required to pay substantial damages. We may also be obligated to indemnify our customers or vendors in connection with claims or litigation. The litigation to enforce or defend our intellectual property rights could be costly and time-consuming.
We are involved in litigation from time to time arising from the operation of our business and, as such, we could incur substantial judgments, fines, legal fees, or other costs.
We are sometimes the subject of complaints or litigation from customers, employees, or other third-parties for various actions. From time to time, we are involved in litigation involving claims related to, among other things, breach of contract, tortious conduct, and employment and labor law matters. The damages sought against us in some of these litigation proceedings could be substantial. Although we maintain liability insurance for some litigation claims, if one or more of the claims were to greatly exceed our insurance coverage limits or if our insurance policies do not cover a claim, this could have a material adverse effect on our business, financial condition, results of operations, and cash flows.
General Risk Factors
Our business, results of operations, and financial condition may continue to be impacted by COVID-19 and other macroeconomic events and such impact could be materially adverse.
The global spread of COVID-19 created significant volatility, uncertainty and economic disruption. The restrictions imposed to prevent the spread of COVID-19 disrupted economic activity, resulting in reduced commercial and consumer confidence and spending, increased unemployment, closure or restricted operating conditions for businesses, volatility in the global capital markets, instability in the credit and financial markets, labor shortages, regulatory relief for impacted consumers, disruption in supply chains, and restrictions on many hospitality and travel industry operations. Inflationary pressure, caused in part by the pandemic, is ongoing and may be compounded by the Russian invasion of Ukraine and the resulting impact on commodity prices and supply chains.
16
We are subject to the impacts related to the COVID-19 pandemic and inflationary pressure for so long as our clients are exposed to those heightened risks and uncertainties. Our business is substantially dependent on our clients’ continued use of our solutions and services, and our results of operations will decline if our clients are no longer willing or able to use them. Our clients are sensitive to negative changes in economic conditions. If they cease operations or file for bankruptcy protection, we may not be paid for services we already provided, and our client base will shrink, which will lower our revenue. If under financial pressure, our clients may determine that they are no longer willing to pay for the services and solutions we provide, which would reduce our revenue. Our clients may decrease their workforce, which would decrease their demand for our services. Because of spending constraints on our clients and competition in the industry, we may face pricing pressure on our services and face challenges in onboarding new clients, which would reduce revenue and ultimately impact our results of operations. Furthermore, if the third-party service providers we rely on are unable to perform their services for us and our clients, our operations could be materially disrupted, and we could face significant penalties or liabilities.
We may be adversely impacted by volatility in the political and economic environment.
Trade, monetary and fiscal policies, and political and economic conditions may substantially change, and credit markets may experience periods of constriction and variability. These conditions may impact our business due to lower transaction volumes or an increase in the number of clients going out of business. Further, rising inflation may negatively impact our business, raise costs and reduce profitability. Current or potential clients may decide to reduce their spending on payroll and other outsourcing services. In addition, new business formation may be affected by an inability to obtain credit.
We invest our funds held for clients in high quality, investment-grade marketable available-for-sale (“AFS”) securities, money markets, and other cash equivalents. We also invest our corporate funds in short- to intermediate-term instruments. Funds held for clients and corporate investments are subject to general market, interest rate, credit, and liquidity risks. These risks may be exacerbated during periods of unusual financial market volatility and inflationary pressure. The interest we earn on funds held for clients and corporate investments may decrease as a result of a decline in funds available to invest or lower interest rates. In addition, during periods of volatility in the credit markets, certain types of investments may not be available to us or may become too risky for us to invest in, further reducing the interest we may earn on client funds. If we are unable to reinvest our AFS securities when they mature, our interest income earned and investment portfolio would be reduced. If we sell AFS securities to satisfy short-term funding requirements, we may recognize losses, which would further reduce the interest income earned on funds held for clients and corporate investments.
Constriction in the credit markets may impact the availability of financing, even to borrowers with the highest credit ratings. Historically, we have periodically borrowed against available credit arrangements to meet short-term liquidity needs. However, should we require additional short-term liquidity during days of large outflows of client funds, a credit constriction may limit our ability to access those funds or the flexibility to obtain them at interest rates that would be acceptable to us. Growth in services for funding payrolls of our clients in the temporary staffing industry may be constricted if access to financing becomes limited. In addition, our ability to grow through significant acquisitions may be limited. See also “Item 7A. Quantitative and Qualitative Disclosures About Market Risk.” If all of these financial and economic circumstances were to remain in effect for an extended period of time, there could be a material adverse effect on our results of operations and financial condition.
We may not be able to attract and retain qualified people, which could impact the quality of our services and customer satisfaction.
Our success, growth, and financial results depend in part on our continuing ability to attract, retain, and motivate highly qualified and diverse personnel at all levels, including management, technical, compliance, and sales personnel. Competition for these individuals can be intense, and we may not be able to retain our key people, or attract, assimilate, or retain other highly-qualified individuals in the future, which could harm our future success.
In the event we receive negative publicity, our reputation and the value of our brand could be harmed, and clients may not use our products and services, which may have a material adverse effect on our business.
We are committed to good corporate citizenship, which is reflected in our company culture and core values. Disclosure of our corporate governance practices including our environmental, social and governance (“ESG”) initiatives, may draw negative publicity from stakeholders.
17
Negative publicity relating to events or activities attributed to us, our policies, our corporate employees, or others associated with us, whether or not justified, may tarnish our reputation and reduce the value of our brand. If we are unable to maintain quality HCM and employee benefit-related solutions and PEO and insurance solutions, our reputation with our clients may be harmed and the value of our brand may diminish. In addition, if our brand is negatively impacted, it may have a material adverse effect on our business, including challenges retaining clients or attracting new clients and recruiting talent and retaining employees.