ITEM 1A. RISK FACTORS
The Company's business and the results of its operations are affected by numerous factors and uncertainties, some of which are beyond our control. The following is a description of some of the important risks and uncertainties that may cause our actual results of operations in future periods to differ materially from those expected or desired.
Business and Operating Risks
Data security breaches, failures, or other incidents could damage our reputation and business. Our business relies upon receiving, processing, storing, and transmitting sensitive information relating to our operations, associates, and clients. If we fail to maintain a sufficient digital security infrastructure, address security vulnerabilities and new threats, or deploy adequate technologies to secure our systems against attack, we may be subject to security breaches that compromise confidential information, including valuable intellectual property, proprietary information, trade secrets, know-how, or source code, which could lead to their theft, misuse, unauthorized disclosure, or misappropriation. Such incidents could adversely affect our ability to operate our business, damage our reputation and business, adversely affect our results of operations and financial condition, and expose us to liability. We rely on third parties for various business purposes, and these third parties face similar security risks. A security failure by one of these third parties could expose our data or subject our information systems to interruption of operations and security vulnerabilities. Our information systems rely on hardware, software, and other technological elements, whether developed in-house or provided by third parties, that occasionally need to be patched or updated to address existing or potential security vulnerabilities. If these vulnerabilities are not remediated in a timely manner, our systems and data may be at risk of compromise or interruption.
Our services and infrastructure are increasingly reliant on the internet. Computer networks and the internet are vulnerable to disruptive problems such as denial of service attacks or other cyber-attacks carried out by cyber criminals or state-sponsored actors. We are continually subject to attempts by unauthorized parties to access confidential information or to destroy data, often through the introduction of computer viruses, ransomware or malware, and cyber-attacks. The use of artificial intelligence increasingly enabling their sophistication and accelerating their evolution, including through automated phishing and the rapid development of new malware, which continue to evolve and can be difficult to detect. Those same parties may also attempt to fraudulently induce associates, clients, vendors, or other authorized users of our systems through phishing schemes or other social
engineering methods to disclose sensitive information to gain access to our data or that of our clients or their accountholders. Any such coordinated attacks, if successful, can lead to data loss and exfiltration, disruption to systems and services, and damage to our reputation as a secure financial technology company.
We are also subject to the risk that our associates may, unintentionally or with malicious intent, intercept and transmit unauthorized confidential or proprietary information or that corporate-owned computers used by associates are stolen, or client data media is lost in shipment. An interception, misuse, or mishandling of personal, confidential, or proprietary information being sent to or received from a client or third party could result in legal liability, remediation costs, regulatory action, and reputational harm, any of which could adversely affect our results of operations and financial condition.
Like other financial institution service providers, we continually face third-party attempts to discover and exploit system weaknesses or to circumvent our security measures. We anticipate that attempts to attack our systems, services, and infrastructure, and those of our clients, third-party service providers and other vendors, will grow in frequency and sophistication. We cannot be certain that our security controls and infrastructure will be adequate to continue to protect our systems and data and our efforts may not be sufficient to combat all current and future technological risks and threats. These risks are further heightened by the fact that a significant portion of our associates and contractors work remotely outside of Company-controlled facilities using networks and devices that are not physically controlled by the Company, potentially limiting the effectiveness of our security controls. Advances in computer capabilities, new discoveries in the field of cryptography, the use of artificial intelligence, or other events or developments may render our security measures inadequate. Security risks may result in liability to our clients or other third parties, damage to our reputation, and may financial institutions from purchasing our products. The significant amount of capital and other resources we currently expend to protect the of security may prove to prevent a . We cannot ensure that any -of-liability provisions in our client and user agreements, contracts with third-party vendors, or other contracts are sufficient to protect us from liabilities or with respect to relating to a security or similar matters. The insurance coverage we maintain to address data security risks may be to cover all types of or that may arise, and there is no assurance that such insurance coverage will continue to be available to us on economically reasonable terms, or at all. In the event of a security , we may need to spend substantial additional capital and resources alleviating caused by such . Under state, federal, and foreign laws, including those requiring consumer notification of security , the costs to remediate security can be substantial. Addressing security may result in , , or cessation of service to users, any of which could our business.
Failure to maintain sufficient technological infrastructure or an operational failure in our outsourcing facilities could expose us to damage claims, increase regulatory scrutiny, and cause us to lose clients. Our products and services require substantial investments in technological infrastructure, and we have experienced significant growth in the number of users, transactions, and data that our technological infrastructure supports. If we fail to adequately invest in and support our technological infrastructure and processing capacity, we may not be able to support our clients’ processing needs and may be more susceptible to interruptions and delays in services. Damage or destruction that our outsourcing operations could cause and in processing which could our relationship with clients, our reputation, us to , and cause us to incur substantial additional expenses to relocate operations and repair or replace equipment. Events that could cause operational include, but are not limited to, hardware and software , or , cybersecurity , human , power , in telecommunications services, computer viruses or other malware, or other events. Our facilities are also subject to physical risks related to natural or weather events, such as tornados, flooding, hurricanes, and heat waves. Climate change may increase the likelihood and of such events. Our back-up systems and procedures may prove or otherwise to prevent , such as a of our transaction processing services. If an extends for more than several hours, we may experience data or a reduction in revenues due to such . Any significant of service could reduce revenue, have a impact on our reputation and the reputation of our clients, result in , lead our present and potential clients to choose other service providers, and lead to increased regulatory of the services we provide to financial institutions, with resulting increases in compliance and costs. Implementing modifications and upgrades to our technological infrastructure subjects us to inherent costs and risks associated with changing systems, policies, procedures, and monitoring tools.
Failures associated with payment transactions could result in financial loss. The volume and dollar amount of payment transactions that we process is significant and continues to grow. We direct the settlement of funds on behalf of financial institutions, other businesses, and consumers, and receive funds from clients, card issuers, payment networks, and consumers on a daily basis for a variety of transaction types. Transactions facilitated by us include debit card, credit card, electronic bill payment transactions, Automated Clearing House (“ACH”) payments, real-time payments through faster payment networks (such as Zelle, RTP, and FedNow), and check clearing that support consumers, financial institutions, and other businesses. If the continuity of operations, integrity of processing, or ability to detect or prevent fraudulent payments were compromised in connection with payments transactions, we could suffer financial as well as reputational loss. In addition, we rely on various third parties to process transactions and provide services in support of the processing of transactions and funds settlement for certain of our products and services that we cannot provide ourselves. If we are unable to obtain such services in the future or if the price of such services becomes , our business, financial position, and results of operations could be materially and affected. In addition, we may issue short-term credit to consumers, financial institutions, or other businesses as part of the funds settlement process. A on this credit by a counterparty could result in a financial to us.
Failures of third-party service providers we rely upon could lead to financial loss. We rely on third-party service providers to support key portions of our operations. We also rely on third-party service providers to provide part, or all, of certain services we deliver to clients. As we continue to move more computing, storage, and processing services out of our data centers and facilities and into third-party hosting environments, our reliance on these providers and their systems will increase. This reliance is further concentrated as we use certain third-party vendors to provide large portions of our hosting needs. While we have selected these third-party vendors carefully, we do not control their actions. A failure of these services by a third party could have a material impact upon our delivery of services to our clients. Such a failure could lead to damage claims, loss of clients, and reputational harm, depending on the duration and severity of the failure. Third parties perform significant operational services on our behalf. These third-party vendors are subject to similar risks as us including, but not limited to, compliance with applicable laws and regulations, hardware and software , or , cybersecurity , human , in internal controls, power , in telecommunications services, computer viruses or other malware, natural or weather events, or other events. One or more of our vendors may experience a cybersecurity event or operational and, if any such event does occur, it may not be addressed, either operationally or financially, by the third-party vendor. Certain of our vendors may have limited indemnification obligations or may not have the financial capacity to their indemnification obligations. If a vendor is to meet our needs in a timely manner or if the services or products provided by such a vendor are or otherwise and if we are not to develop alternative sources for these services and products timely and cost-effectively, our clients could be impacted, and it could have a material effect on our business.
We operate in a competitive business environment and our business will be adversely affected if we fail to compete effectively. We vigorously compete with a variety of software vendors and service providers in all our major product lines. We compete on the basis of product quality, reliability, performance, ease of use, quality of support and services, integration with other products, and pricing. Some of our competitors may have advantages over us due to their size, product lines, greater marketing resources, or exclusive intellectual property rights. New competitors, including smaller start-ups, regularly appear with new products, services, and technology for financial institutions. If competitors offer more favorable pricing, payment or other contractual terms, warranties, or functionality, or otherwise attract our clients or prevent us from capturing new clients, we may need to lower prices or offer other terms that negatively impact our results of operations in order to successfully compete.
Failure to achieve favorable renewals of service contracts could negatively affect our business. Our contracts with our clients for outsourced data processing and electronic payment transaction processing services generally run for a period of six years. We will continue to experience a significant number of these contracts coming up for renewal each year. Renewal time presents our clients with the opportunity to consider other providers or to renegotiate their contracts with us, including reducing the services we provide or negotiating the prices paid for our services. Certain of our renewals have resulted in price compression between the former and renegotiated contracts. If that trend accelerates or becomes more pronounced, it could negatively impact our results of operations. If we are not successful in achieving high renewal rates upon favorable terms, revenues and profit margins will suffer. We may experience increased costs for services from our third-party vendors due to inflation or other cost expansion, but because our client contracts typically have longer terms than our vendor contracts, our ability to pass on those higher costs to clients may be limited. If inflation or costs outpace our contractual ability to adjust pricing during the contractual terms of our client contracts, our revenues and profit margins could be impacted.
If we fail to adapt our products and services to changes in technology and the markets we serve, we could lose existing clients and be unable to attract new business. The markets for our products and services are characterized by changing client and regulatory requirements and rapid technological changes. These factors and new product introductions by our existing competitors or by new market entrants could reduce the demand for our existing products and services, and we may be required to develop or acquire new products and services. Our future success is dependent on our ability to enhance our existing products and services in a timely manner and to develop or acquire new products and services. If we are unable to develop or acquire new products and services to address the needs of our clients, or if we fail to sell the new or enhanced products and services in which we have invested, we may incur unanticipated expenses or fail to anticipated revenues, as well as prospective sales.
The increasing adoption of artificial intelligence (AI), machine learning (ML), and generative artificial intelligence into our products introduces significant and evolving risks that could lead to unintended consequences, result in reputational harm, and increased litigation. Our business currently utilizes AI and ML and we continue to evaluate and expand their use, including generative AI, to augment our products and services. While these technologies offer distinct business opportunities, they also bring evolving legal, regulatory, and operational risks. Both state and federal regulations relating to these emerging technologies are quickly and constantly evolving and may require significant resources to modify and maintain business practices to comply with U.S. laws, the nature of which cannot be determined at this time. From an operational standpoint, AI algorithms and training methodologies may create accuracy issues, unintended biases, factual errors, misrepresentations, offensive language, inappropriate statements, or other unexpected outcomes that could undermine product and service quality or lead to in our decision-making and solution development. or AI development, testing, evaluation, deployment, content labeling, or governance may public acceptance or cause , resulting in offerings not working as intended, and we also face explainability risk from our potential to interpret or justify AI model decisions, which may lead to about trust, regulatory compliance, and accountability. Additionally, the use of AI tools by associates—whether authorized or not—for internal functions or business operations may result in or outputs, which could impact the quality, accuracy, or consistency of work product and decision-making. Our to accurately identify and address our responsibilities and liabilities in this new environment could affect any solutions we develop incorporating such technology and could subject us to reputational , regulatory action, or , which may our financial condition and operating results. These same risks apply to our third-party service providers who are implementing these tools into the products or services they provide to us. Any to manage and mitigate these risks by these third-party service providers may affect the products and services we provide our clients.
Software defects or problems with installations and updates may harm our business and reputation and expose us to potential liability. Our software products are complex and may contain undetected defects, especially in connection with newly released products and software updates. Software defects may cause interruptions or delays to our services as we attempt to correct the problem. We may also experience difficulties in installing or integrating our products on systems used by our clients. Defects in our software, installation problems or delays, or other difficulties could result in negative publicity, of revenues, of competitive position, or us by clients. In addition, we rely on technologies and software supplied by third parties that may also contain or that could have a effect on our business and results of operations. If patches or updates are not properly tested prior to installation, or are not properly installed, our systems and data may be at risk of compromise or as a result of such .
Expansion of services to non-traditional clients could expose us to new risks. We have expanded our services to business lines that are marketed outside our traditional, regulated, and litigation-averse base of financial institution clients. These non-regulated clients may entail greater operational, credit, and litigation risks than we have faced before and could result in increases in bad debts and litigation costs.
Regulatory and Compliance Risks
The software and services we provide to our clients are subject to government regulation that could hinder the development of our business, increase costs, or impose constraints on the way we conduct our operations. The financial services industry is subject to extensive and complex federal and state regulation. As a supplier of software and services to financial institutions, portions of our operations are subject to ongoing supervision and examination by the Office of the Comptroller of the Currency, the Federal Reserve Board, the Federal Deposit Insurance Corporation, the Consumer Financial Protection Bureau, and the National Credit Union Association, among other regulatory agencies. These agencies regulate services we provide and the way we operate, and we are required to comply with a broad range of applicable federal and state laws and regulations. We are routinely subject to the examination process with such regulators, which includes the identification of areas where we can improve our practices to better comply with the applicable regulations and guidelines. If regulators
identify significant issues, or if we fail to meet supervisory remediation expectations, we could be subject to regulatory actions that could harm our client relationships and reputation. Failure by third parties, with whom we contract or partner, to comply with regulations or guidelines could also harm our relationships and reputation. Such failures could require significant expenditures to correct and could negatively affect our ability to retain clients and obtain new clients.
In addition, existing laws, regulations, and policies could be amended or interpreted differently by regulators in a manner that imposes additional costs and has a negative impact on our existing operations or that limits our future growth or expansion. New regulations could require additional programming or other costly changes in our processes or personnel. Our clients are also regulated entities, and actions by regulatory authorities could influence both the decisions they make concerning the purchase of data processing and other services and the timing and implementation of these decisions. We will be required to apply substantial research and development and other corporate resources to adapt our products to this evolving, complex, and often unpredictable regulatory environment. Our failure to provide compliant solutions could result in significant fines or consumer liability on our clients, for which we may bear ultimate liability.
Compliance with new and existing data privacy and cybersecurity laws, regulations, and rules may adversely impact our expenses, development, and strategy. We are subject to complex laws, rules, and regulations related to data privacy and cybersecurity. If we fail to comply with such requirements, we could be subject to reputational harm, regulatory enforcement, and litigation. The use, confidentiality, and security of private client information is under increased scrutiny. Regulatory agencies, Congress, state legislatures, and foreign regulatory and governmental bodies are considering numerous regulatory and statutory proposals to protect the interests of consumers and to require compliance with standards and policies that have not been defined. The number of state privacy and cybersecurity laws and regulations has grown tremendously over the past several years, resulting in an increasingly complex and fragmented regulatory landscape. These laws often include industry-specific requirements and board consumer data protection obligations. While many of these frameworks share common principles each jurisdiction imposes unique compliance standards, definitions, and obligations that may not align with one another. This lack of uniformity, combined with frequent legislative updates and regulatory amendments, creates ongoing for organizations seeking to maintain consistent and compliant data governance practices across multiple jurisdictions. Further, the FTC and state attorneys general may interpret federal and state consumer protection laws as imposing standards for the collection, use, dissemination, and security of data. In addition, compliance with these laws and regulations may require changes to our technology and our internal processes and procedures, including the way that we handle, process, and store data, which could company resources and impact growth . We will also be affected by these regulations as a third-party provider to clients who are subject to such regulations and will seek our assistance in their compliance efforts.
Failure to comply or readily address compliance and regulatory rule changes made by payment card networks could adversely affect our business. We are subject to card association and network compliance rules governing the payment networks we serve, including Visa, MasterCard, Zelle, FedNow, and The Clearing House’s RTP network, and all rules governing the Payment Card Data Security Standards. If we fail to comply with these rules and standards, we could be fined or our certifications could be suspended or terminated, which could limit our ability to service our clients and result in reductions in revenues and increased costs of operations. Changes made by the networks, even when complied with, may result in reduction in revenues and increased costs of operations.
Economic Conditions Risks
Natural disasters, public health crises, wars, acts of terrorism, other armed conflict, and workforce shortages could adversely affect our results of operations. The occurrence of, or threat of, natural disasters, widespread public health crises, political unrest, war, acts of terrorism, other armed conflicts involving the United States or foreign countries, or general workforce shortages can result in significant economic disruptions and uncertainties and could adversely affect our business, results of operation, and financial condition. The conditions caused by such events may affect the rate of spending by our clients and their ability to pay for our products and services, delay prospective clients’ purchasing decisions, interfere with our associates’ ability to support our business function, the ability of third-party providers we rely upon to deliver services, impact our ability to provide on-site services or installations to our clients, or reduce the number of transactions we process, all of which could affect our results of operation and financial position. We are to accurately predict the impact of such events on our business due to a number of uncertainties, including the duration, , geographic reach and governmental responses to such events, the impact on our clients’ and vendors' operations, and our ability to continue to provide products and services, including the ability of our associates to work remotely. If we are not to respond to and manage the impact of such events effectively, our business will be .
Our business may be adversely impacted by general U.S. and global market and economic conditions or specific conditions in the financial services industry. We derive most of our revenue from products and services we provide to the financial services industry. If the general economic environment worsens, including if inflation or interest rates continue to increase or remain at higher than recent historical levels, or if conditions or regulatory requirements within the financial services industry change—such as if financial institutions are required to increase reserve amounts, become subject to new regulatory assessments, or if tariffs or other trade restrictions are imposed or increased—clients may be less willing or able to pay the cost of our products and services, and we could face a reduction in demand from current and potential clients for our products and services, which could have a material adverse effect on our business, results of operations, and financial condition. In addition, a growing portion of our revenue is derived from transaction processing fees, which depend heavily on levels of consumer and business spending. Deterioration in general economic conditions could negatively impact consumer confidence and spending, resulting in reduced transaction volumes and our related revenues.
Consolidation and failures of financial institutions will continue to reduce the number of our clients and potential clients. Our primary market consists of approximately 4,440 commercial and savings banks and more than 4,550 credit unions. The number of commercial banks and credit unions in the United States has experienced a steady decrease over recent decades due to mergers and acquisitions and financial failures and we expect this trend to continue as more consolidation occurs. Such events may reduce the number of our current and potential clients, which could negatively impact our results of operations. A client who merges with, or is acquired by, an entity that is not our client, or a client that is closed by regulatory action, can lead to a reduction or loss of services and negatively impact our results of operation.
Acquisition Risks
Our growth may be affected if we are unable to find or complete suitable acquisitions. We have augmented the growth of our business with a number of acquisitions and we plan to continue to acquire appropriate businesses, products, and services. This strategy depends on our ability to identify, negotiate, and finance suitable acquisitions. Merger and acquisition activity in our industry has affected the availability and pricing of such acquisitions. If we are unable to acquire suitable acquisition candidates, we may experience slower growth.
Acquisitions subject us to risks and may be costly and difficult to integrate. Acquisitions are difficult to evaluate, and our due diligence may not identify all potential liabilities or valuation issues. We may also be subject to risks related to cybersecurity incidents or vulnerabilities of the acquired company and the acquired systems. We may not be able to successfully integrate acquired companies. We may encounter problems with the integration of new businesses, including: financial control and computer system compatibility; unanticipated costs and liabilities; unanticipated quality or client problems with acquired products or services; differing regulatory and industry standards; diversion of management's attention; adverse effects on existing business relationships with suppliers and clients; loss of key associates; and significant depreciation and amortization expenses related to acquired assets. To finance future acquisitions, we may have to increase our borrowing or sell equity or debt securities to the public. If we to integrate our acquisitions, our business, financial condition, and results of operations could be materially and affected. acquisitions could also produce material and charges as we review our acquired assets.
Intellectual Property Risks
If others claim that we have infringed their intellectual property rights, we could be liable for significant damages or could be required to change our processes. We have agreed to indemnify many of our clients against claims that our products and services infringe on the proprietary rights of others. We also use certain open- source software in our products, which may subject us to suits by persons claiming ownership of what we believe to be open-source software. Infringement claims have been and will in the future be asserted with regard to our software solutions and services. Such claims, whether with or without merit, are time-consuming, may result in costly litigation and may not be resolved on terms favorable to us. If our defense of such claims is not , we could be to pay or could be subject to that would cause us to making or selling certain applications or us to redesign applications.
Our failure to protect our intellectual property and proprietary rights may adversely affect our competitive position. Our success and ability to compete depend in part upon protecting our proprietary systems and technology. Unauthorized parties may attempt to copy or access systems or technology that we consider proprietary. We actively take steps to protect our intellectual property and proprietary rights, including entering into agreements with users of our services for that purpose and maintaining security measures. However, these steps may be inadequate to prevent misappropriation. Policing unauthorized use of our proprietary rights is difficult and misappropriation or litigation relating to such matters could have a material negative effect on our results of operation.
General Risk Factors
A material weakness in our internal controls could have a material adverse effect on us. Effective internal controls are necessary for us to provide reasonable assurance with respect to our financial reports and to mitigate risk of fraud. If material weaknesses in our internal controls are discovered or occur in the future, our consolidated financial statements may contain material misstatements and we could be required to restate our financial results, which could materially and adversely affect our business and results of operations or financial condition, restrict our ability to access the capital markets, require us to expend significant resources to correct the weaknesses or deficiencies, subject us to fines, penalties or judgments, harm our reputation, or otherwise cause a in investor confidence.
The loss of key associates and difficulties in hiring and retaining associates could adversely affect our business. We depend on the contributions and abilities of our senior management and other key associates. Our Company has grown significantly in recent years and our management remains concentrated in a small number of highly qualified individuals. If we lose one or more of our key associates, we could suffer a loss of managerial experience, and management resources would have to be diverted from other activities to compensate for this loss. We do not have employment agreements with any of our executive officers. We continue to face a competitive market for hiring and retaining skilled associates. Difficulties in hiring and retaining skilled associates may restrict our ability to adequately support our business needs and/or result in increased personnel costs. These challenges are further compounded by the fact that a substantial portion of our workforce operate in hybrid or fully remote arrangements, which introduces additional complexities related to employee engagement, , training, and the preservation of corporate culture. As we navigate these dynamics, there is no assurance that we will be to attract and retain the personnel necessary to maintain the Company’s strategic direction.
Unfavorable resolution of tax contingencies or unfavorable future tax law changes could adversely affect our tax expense. Our income tax positions result in a significant net deferred income tax liability on our consolidated balance sheet. Unfavorable future tax law changes, including increasing U.S. corporate tax rates, could increase this net liability and negatively impact our provision for income taxes, net income, and cash flow.
The impairment of a significant portion of our goodwill and intangible assets would adversely affect our results of operations. Our balance sheet includes goodwill and intangible assets that represent a significant portion of our total assets as of June 30, 2025. On an annual basis, and whenever circumstances require, we review our goodwill and intangible assets for impairment. If the carrying value of a material asset is determined to be impaired, it will be written down to fair value by a charge to operating earnings. An impairment of a significant portion of our goodwill or intangible assets could have a material negative effect on our operating results.
Changes in interest rates could increase our borrowing costs or result in decreased interest income. Although our debt borrowing levels have historically been low, we may require additional or increased borrowings in the future under existing or new debt facilities to support operations, finance acquisitions, or fund stock repurchases. Our current credit facilities bear interest at variable rates. Increases in interest rates on variable-rate debt would increase our interest expense, which could negatively impact our results of operations. Conversely, if interest rates substantially decrease, we would collect less interest income on settlement accounts.
