Item 1A. Risk Factors
RISK FACTOR SUMMARY
Our business involves significant risks and uncertainties that make an investment in us speculative and risky. The following is a summary list of the principal risk factors that could materially adversely affect our business, financial condition, liquidity and results of operations. These are not the only risks and uncertainties we face, and you should carefully review and consider the full discussion of our risk factors, which is presented below.
• Uncertainties associated with the Merger with a wholly-owned affiliate of Nuvei Corporation could adversely affect our business, results of operations, stock price and financial condition.
• Failure to complete the Merger could adversely affect our business and the market price of our shares of common stock.
• The Merger Agreement contains provisions that limit our ability to pursue alternatives to the Merger.
• We are subject to certain restrictions on the conduct of our business under the terms of the Merger Agreement.
• Legal proceedings have been commenced against us, our Board of Directors and Nuvei Corporation relating to the Offer and the Merger, which could adversely affect our business, financial condition and operating results.
• Our results could be adversely affected by continued economic uncertainty, an economic slowdown or a recession.
• A substantial portion of our merchants are middle market businesses, which may increase the impact of economic fluctuations and merchant attrition on us.
• The COVID-19 pandemic has had, and may continue to have, a material adverse effect on our business and results of operations.
• The payment processing industry is highly competitive and such competition is likely to increase, which may adversely influence the prices we can charge to merchants for our services and the compensation we must pay to our distribution partners, and as a result, our profit margins.
• Degradation of the quality of the products and services we offer, including support services, could adversely impact our ability to attract and retain merchants and partners. Increases in card network fees and other changes to fee arrangements may result in the loss of merchants or a reduction in our earnings.
• Reliance on third parties, including our strategic relationship with Sage, and distribution partners that may not serve us exclusively and are subject to attrition and merchants who may be reluctant to switch to a new merchant acquirer, which may adversely affect our growth.
• Unauthorized disclosure of merchant or cardholder data, whether through breach of our computer systems, computer viruses, or otherwise, could expose us to liability, protracted and costly litigation and damage our reputation.
• If the banks that currently provide ACH and wire transfers fail to properly transmit ACH or terminate their relationship with us or limit our ability to process funds or we are not able to increase our ACH capacity with our existing and new banks, our ability to process funds on behalf of our clients and our financial results and liquidity could be adversely affected.
• If we fail to comply with the applicable requirements of card networks and industry self-regulatory organizations, those card networks or organizations could seek to fine us, suspend us, or terminate our
Table of Contents
registrations through our bank sponsors or our merchants or sales partners may incur fines or penalties that we cannot collect from them, causing us to bear the cost.
• In order to remain competitive and to continue to increase our revenues and earnings, we must continually update our products and services, a process which could result in increased costs and the loss of revenues, earnings, merchants and distribution partners if the new products and services do not perform as intended or are not accepted in the marketplace.
• We may not be able to continue to expand our share of our existing vertical markets or expand into new vertical markets, which would inhibit our ability to grow and increase our profitability.
• Our ability to grow our business will depend in part on the addition of new partners, and our inability to effectively onboard these new partners could have a material adverse effect on our business, financial condition and results of operations.
• We may not be able to successfully execute our strategy of growth through acquisitions.
• We may not be able to successfully manage our intellectual property and may be subject to infringement claims.
• A substantial portion of our merchants are middle market businesses, which may increase the impact of economic fluctuations and merchant attrition on us.
• Our systems and our third-party providers’ systems may fail due to factors beyond our control, which could interrupt our service, resulting in our inability to process payments, cause us to lose business, increase our costs and expose us to liability.
• Our reliance on other service and technology providers may result in service interruptions for our merchants.
• Fraud by merchants or others could subject us to liability and materially affect our results.
• Our reliance on bank sponsors, which have substantial discretion with respect to certain elements of our business practices to process electronic payment transactions may materially adversely affect our business.
• We incur liability when our merchants refuse or cannot reimburse us for chargebacks resolved in favor of their customers.
• Our risk management policies and procedures may not be fully effective in mitigating our risk exposure in all market environments or against all types of risks.
• Our ability to successfully operate the business depends upon the efforts of certain key personnel and our ability to attract, recruit, retain and develop qualified employees.
• We are subject to extensive government regulation, including the Bank Secrecy Act and limitations on consumer information among others, and any new laws and regulations, industry standards or revisions made to existing laws, regulations or industry standards affecting the electronic payments industry may have an unfavorable impact on our business, financial condition and results of operations.
Table of Contents
RISK FACTORS
You should carefully consider these risk factors, together with all of the other information included in this annual report on Form 10-K, including our consolidated financial statements and the related notes thereto, before you decide whether to make an investment in our securities. The risks set out below are not the only risks we face. Additional risks and uncertainties not currently known to us or that we currently deem to be immaterial also may materially adversely affect our business, financial condition and/or operating results. If any of the following events occur, our business, financial condition and results of operations could be materially adversely affected. In such case, the value of our common stock and the trading price of our securities could decline, and you may lose all or part of your investment.
Risks Related to the Proposed Merger
Uncertainties associated with the Merger with a wholly-owned affiliate of Nuvei Corporation could adversely affect our business, results of operations, stock price and financial condition.
On January 8, 2023, we entered into the Merger Agreement with Nuvei Corporation and the Purchaser, a wholly owned subsidiary of Parent. Pursuant to the Merger Agreement, we will merge with and into the Purchaser, with the Company continuing as the surviving corporation and a wholly-owned subsidiary of Parent. If the Merger is consummated, the Company’s common stock will be delisted from Nasdaq and the duty to file reports will be suspended under Section 13 and 15(d) of the Exchange Act. In connection with the Merger, on January 24, 2023, the Purchaser commenced the Offer to purchase any and all issued and outstanding shares of the Company’s common stock at a price of $9.75 per share without interest, to the seller in cash, less any applicable withholding taxes, upon the terms and subject to the conditions described in the Offer to Purchase, dated January 24, 2023.
Completion of the Merger is subject to various closing conditions, including, but not limited to, the Purchaser acquiring, pursuant to the Offer, 50% of the total number of shares of our common stock outstanding plus at least one additional share of our common stock (the “Minimum Condition”). There is no guarantee that all closing conditions will be satisfied (or waived, if permitted by the Merger Agreement and applicable law). Many of the conditions to completion of the Merger are not within our control, and we cannot predict when or if these conditions will be satisfied (or waived, if permitted by the Merger Agreement and applicable law). In addition, the Merger may fail to close for other reasons.
The announcement and pendency of the Merger, as well as any delays in the expected timeframe, could cause disruption in and create uncertainties, which could have an adverse effect on our business, results of operations, stock price and financial condition, regardless of whether the Merger is completed, and could cause us not to realize some or all of the benefits that we expect to achieve if the Merger is successfully completed within its expected timeframe. These risks include, but are not limited to:
• an adverse effect on our relationship with vendors, customers, and employees, including if our vendors, customers or others attempt to negotiate changes in existing business relationships, consider entering into business relationships with parties other than us, delay or defer decisions concerning their business with us, or terminate their existing business relationships with us during the pendency of the Merger;
• a diversion of a significant amount of management time and resources towards the completion of the Merger;
• being subject to certain restrictions on the conduct of our business;
• impacts on the price of our common stock;
• the requirement that we pay a termination fee of approximately $38 million if the Merger Agreement is terminated under certain circumstances;
Table of Contents
• developments beyond our control, including, but not limited to, changes in domestic or global economic conditions that may affect the timing or success of the Merger;
• stockholder litigation that could prevent or delay the Merger or otherwise negatively impact our business and operations;
• possibly foregoing certain business opportunities that we might otherwise pursue absent the pending Merger; and
• difficulties attracting and retaining key employees.
Failure to complete the Merger could adversely affect our business and the market price of our shares of common stock.
The closing of the Merger may not occur on the expected timeline or at all. The Merger Agreement contains customary termination provisions for both the Company and Parent, and provides that, in connection with the termination of the Merger Agreement under specified circumstances, including termination by the Company to accept and enter into an agreement with respect to a Superior Proposal (as defined in the Merger Agreement), the Company will pay Parent a termination fee of approximately $38 million. If Paya is required to pay this termination fee, such fee, together with costs incurred to execute the Merger Agreement and pursue the Merger, could have a material adverse effect on Paya’s financial condition and results of operations.
If the Merger Agreement is terminated and the Merger is not consummated, the price of our common stock may decline and you may not recover your investment or receive a price for your shares similar to what has been offered pursuant to the Merger. In addition, the price of our common stock has in the past and may continue to fluctuate substantially in the event that the Merger is not consummated. Factors affecting the trading price of our common stock may include:
• actual or anticipated fluctuations in our quarterly financial results or the quarterly financial results of companies perceived to be similar to it;
• changes in the market’s expectations about our operating results;
• success of competitors;
• our operating results failing to meet market expectations in a particular period;
• changes in financial estimates and recommendations by securities analysts concerning us or the payments industry and market in general;
• operating and stock price performance of other companies that investors deem comparable to us;
• our ability to market new and enhanced products on a timely basis;
• changes in laws and regulations affecting our business;
• commencement of, or involvement in, litigation involving us;
• changes in its capital structure, such as future issuances of securities or the incurrence of additional debt;
• the volume of shares of common stock available for public sale;
• any significant change in our board or management;
Table of Contents
• sales of substantial amounts of common stock by our directors, executive officers or significant stockholders or the perception that such sales could occur; and
• general economic and political conditions such as recessions, interest rates, fuel prices, international currency fluctuations and acts of war or terrorism.
Broad market and industry factors may depress the market price of our common stock irrespective of our operating performance. The stock market in general and Nasdaq have experienced price and volume fluctuations that have often been unrelated or disproportionate to the operating performance of the particular companies affected. The trading prices and valuations of these stocks, and of our common stock, may not be predictable. A loss of investor confidence in the market for financial technology stocks or the stocks of other companies which investors perceive to be similar to us could depress its stock price regardless of its business, prospects, financial conditions or results of operations. A decline in the market price of our common stock also could adversely affect our ability to issue additional securities and our ability to obtain additional financing in the future.
The Merger Agreement contains provisions that limit our ability to pursue alternatives to the Merger.
Under the Merger Agreement, we are restricted from soliciting, initiating, proposing or inducing the making, submission or announcement of, or knowingly encouraging, facilitating or assisting alternative acquisition proposals from third parties and/or providing non-public information to third parties in response to any inquiries regarding, or the submission of any proposal or offer that constitutes, or could reasonably be expected to lead to, any Acquisition Proposal (as defined in the Merger Agreement). These provisions could discourage a third party that may have an interest in acquiring all or a significant part of our business from considering or proposing that acquisition, even if such third party were prepared to pay consideration with a higher value than the value of the consideration in the Merger.
We are subject to certain restrictions on the conduct of our business under the terms of the Merger Agreement.
Under the terms of the Merger Agreement, we have agreed to certain restrictions on the operations of our business. We have agreed to limit the conduct of our business to those actions undertaken in the ordinary course of business and to refrain from, among other things, subject to certain specified exceptions (as set forth in the Merger Agreement): incurring debt; entering into, adopting, amending, modifying or terminating any employee plans; increasing the compensation of any director, officer, employee or independent contractor, or hiring or terminating certain employees (other than for “cause”); settling certain pending or threatened legal proceedings; changing our methods, procedures, principles or practices of financial accounting; and incurring certain capital expenditures. Because of these restrictions, we may be prevented from undertaking certain actions with respect to the conduct of our business that we might otherwise have taken if not for the Merger Agreement. Such restrictions could prevent us from pursuing certain business opportunities that arise prior to the effective time of the Merger and are outside the ordinary course of business, and could otherwise adversely affect our business and operations prior to completion of the Merger.
Legal proceedings have been commenced against us, our Board of Directors and Nuvei Corporation relating to the Offer and the Merger, which could adversely affect our business, financial condition and operating results.
Legal proceedings relating to the Offer and the Merger have been commenced against the Company, the Company's Board of Directors and Nuvei Corporation. Such litigation is common in connection with acquisitions of public companies, regardless of any merits related to the underlying acquisition. The outcome of any proceedings filed against the Company is uncertain, and we may not be successful in defending against any such claims. While we are defending against the proceedings commenced against the Company, the Company's Board of Directors and Nuvei Corporation in connection with the Offer and the Merger, the costs of the defense of such actions and other effects of such litigation could have an adverse effect on our business, financial condition and operating results. See Part I, Item 3, Legal Proceedings in this Annual Report for a description of these proceedings.
Table of Contents
Risks Relating to Our Business and Operations
Our results could be adversely affected by continued economic uncertainty, an economic slowdown or a recession.
The electronic payments industry depends heavily on the overall level of consumer, commercial and government spending. We are exposed to general economic conditions that affect consumer confidence, consumer spending, consumer discretionary income and changes in consumer purchasing habits. Periods of a slowing economy or recession, or periods of economic uncertainty, have historically been accompanied by a decrease in consumer spending and have negatively impacted our business. In 2022, in response to record levels of inflation, the Federal Reserve raised the federal funds rate and signaled it will continue to increase rates during 2023, with no reductions expected until 2024. Further increases in rates could adversely affect our financial performance by reducing the aggregate dollar volume of transactions made using electronic payments. If our merchants make fewer sales of their products and services using electronic payments, or consumers spend less money through electronic payments, we will have fewer transactions to process at lower dollar amounts, resulting in lower revenue. In addition, as a result of increased interest rates, our interest expense on the $250 million senior secured term loan facility (the "Term Loan") increased in 2022. We utilize derivative instruments to manage risk from fluctuations in interest rates on our Term Loan. As a result, to date, the effects of rising interest rates on our results of operations and financial condition have not been significant. However, there can be no assurance that our interest rates will not continue to increase and that we will be able to mitigate such increases in the future.
In addition, sustained deterioration in general economic conditions or a weakening in the economy could force merchants to close at higher than historical rates, resulting in exposure to potential losses and a decline in the number of transactions that we process. We also have material fixed and semi-fixed costs, including rent, debt service, contractual minimums, and salaries, which could limit our ability to quickly adjust costs and respond to changes in our business and the economy. Furthermore, our ability to generate revenues in specific markets is directly affected by local and regional conditions, and unfavorable regional economic or political conditions, such as those resulting from Russia's invasion of Ukraine. The war in Ukraine has given rise to potential global security issues that may adversely affect international business and economic conditions as well as economic sanctions imposed by the international community that have impacted the global economy. Certain of our customers may be negatively impacted by these events.
A severe or prolonged economic downturn, including a recession or depression, could impact our business, including our revenues and our ability to raise additional capital when needed on favorable terms or at all. We cannot anticipate the impact of the current economic environment on our business and any of the foregoing could materially harm our business. Nevertheless, if economic conditions worsen or a recession occurs, our business, operations and financial results could be materially adversely affected.
A substantial portion of our merchants are middle market businesses, which may increase the impact of economic fluctuations and merchant attrition on us.
We market and sell our solutions to middle market merchants. Middle market merchants are typically more susceptible to the adverse effects of economic fluctuations than larger businesses. We experience attrition in merchants and merchant charge volume in the ordinary course of business resulting from several factors, including business closures, transfers of merchants’ accounts to our competitors and account closures that we initiate due to heightened credit risks relating to, or contract breaches by, a merchant. Adverse changes in the economic environment or business failures of our middle market merchants may have a greater impact on us than on our competitors who do not focus on middle market merchants to the extent that we do. We cannot accurately predict the level of middle market merchant attrition if economic conditions worsen or a recession occurs. If we are unable to establish accounts with new merchants or otherwise increase our payment processing volume to counter the effect of this attrition, our revenues will decline.
Table of Contents
The COVID-19 global pandemic has had, and may continue to have, a material adverse effect on our business and results of operations.
Our business could be adversely affected by the effects of health pandemics or epidemics, including the ongoing COVID-19 global pandemic, the evolution of which continues to be uncertain. In 2020 and 2021, many of our customers experienced a decline in transaction volumes as a result of the COVID-19 pandemic compared to pre-pandemic levels. However, given many of our customers leverage our payment technology to accept transactions in a card-not-present environment, their business operations were not impacted dramatically. Further, most of our recurring or contractual transactions are B2B and not tied to consumer discretionary spend and, as such, were not significantly impacted. However, recurring COVID-19 outbreaks around the world such as those most recently occurring in China following the suspension of China's zero-COVID policy, have heightened concerns relating to new and potentially more dangerous virus variants, which, if transmitted around the globe could lead to the re-introduction of precautionary measures similar to, or more strict than, those imposed at the height of the pandemic. A resurgence of COVID-19 or another pandemic or epidemic may reinstate shelter-in place and social distancing policies, as well as broader economic decline, that can have a material impact on our results of operations. As the COVID-19 pandemic continues to evolve, its ultimate impact on our business is subject to change. A severe outbreak of COVID-19 or another pandemic or epidemic can disrupt our business and adversely materially impact our financial results
The payment processing industry is highly competitive and such competition is likely to increase, which may adversely influence the prices we can charge to merchants for our services and the compensation we must pay to our distribution partners, and as a result, our profit margins.
The payment processing industry is highly competitive. We primarily compete in the middle market merchant industry. Competition has continued to increase recently as other providers of payment processing services have established a sizable market share in the middle market. Our primary competitors for middle market merchants include financial institutions and their affiliates and well-established payment processing companies that target middle market merchants directly and through third parties, including REPAY, i3 Verticals, Stripe, and the acquiring arms of FIS, FISERV, and Global Payments. We also compete with many of these same entities for distribution partners. Many of our distribution partners are not exclusive to us but also have relationships with our competitors, such that we must continually expend resources to maintain those distribution partner relationships. Our growth depends on our ability to increase our market share through successful competitive efforts to gain new merchants and distribution partners.
In addition, many financial institutions, subsidiaries of financial institutions or well-established payment processing companies with which we compete, have substantially greater capital, technological, and marketing resources than we have. These factors may allow our competitors to offer better pricing terms to merchants and more attractive compensation to distribution partners, which could result in a loss of our potential or current merchants and distribution partners. This competition may effectively limit the prices we can charge our merchants, cause us to increase the compensation we pay to our distribution partners and require us to control costs aggressively to maintain acceptable profit margins. Our future competitors may also develop or offer services that have price or other advantages over the services we provide.
We are also facing new competition from emerging and non-traditional payment processing companies as well as traditional companies offering alternative electronic payments services and products. Certain of these competitors integrate proprietary software and service solutions with electronic payments services and have significant financial resources and robust networks that could allow them to have access to merchants needing electronic payments services. If these new entrants gain a greater share of total electronic payments transactions, they could impact our ability to retain and grow our relationships with merchants and distribution partners. These new entrants also may compete in ways that minimize or remove the role of traditional payment gateways in the electronic payments process upon which our services are based, which could also limit our ability to retain or grow those relationships. The wide acceptance of internet-based commerce has resulted in a number of alternative payment processing systems in which traditional intermediaries play only minor roles. Use of emerging alternative payment platforms, such as Apple Pay, PayPal, Stripe, Square, Bitcoin or other cryptocurrencies can alter consumer card, ACH and
Table of Contents
check payment processing behavior and consequently result in our products and services becoming unnecessary for merchants and partners. Wide acceptance of alternative payments methods could have a material adverse impact on our business.
Consolidation among financial institutions, including the merger of our customers with other entities that are not our customers could materially affect our financial position, results of operation and cash flows.
Consolidation among financial institutions, particularly in the area of credit card operations, and consolidation in the retail industry, is a risk that could negatively affect our existing agreements and future revenues with our merchants and partners. Continued consolidation among financial institutions could increase the bargaining power of our current and future customers and further increase our customer concentration. Consolidation among financial institutions and retail customers and the resulting loss of any significant number of customers by us could have a material adverse effect on our financial position, results of operations and cash flows.
Degradation of the quality of the products and services we offer, including support services, could adversely impact our ability to attract and retain merchants and partners.
Our merchants and partners expect a consistent level of quality in the provision of our products and services, which are a significant element of the value proposition we offer to them. If the reliability or functionality of our products and services is compromised or the quality or support of such products and services is otherwise degraded, we could lose existing merchants and partners and find it harder to attract new merchants and partners. If we are unable to scale our support functions to address the growth of our merchant portfolio and partner network, the quality of our support may decrease, which could also adversely affect our ability to attract and retain merchants and partners.
Failing to successfully implement initiatives to grow or improve our products and services could also adversely impact our business. While we offer redundant back-up capabilities inside of our data center environments, we still have site specific risk related to physical or communication network-based outages. Additionally, we rely on AWS and Azure to operate certain aspects of our service, including providing a distributed computing infrastructure platform for business operations, or what is commonly referred to as a “cloud” computing service. We continue building out full redundancy to prevent downtime in the case of an outage, we currently may encounter disruptions or interference in connection with our use of AWS and Azure. This could have an impact on our operations and consequently, our business would be adversely impacted if our partners and merchants leave due to a downtime or disruption.
Potential distribution partners and merchants may be reluctant to switch to a new merchant acquirer, which may adversely affect our growth.
Many potential distribution partners and merchants worry about potential disadvantages associated with switching payment providers, such as a loss of accustomed functionality, increased costs, and business disruption. For distribution partners, switching to us from another payment provider or integrating with us may constitute a significant undertaking. As a result, many distribution partners and merchants often resist change. There can be no assurance that our strategies for overcoming potential reluctance to change vendors or initiate a relationship with us will be successful, and this resistance may adversely affect our growth and performance results.
Table of Contents
Increases in card network fees and other changes to fee arrangements may result in the loss of merchants or a reduction in our earnings.
From time to time, card networks, including Visa and Mastercard, increase the fees that they charge merchant service providers. At their sole discretion, our sponsoring banks have the right to pass any increases in interchange fees on to us. Our sponsoring banks may seek to increase the sponsorship fees they charge us, all of which are based upon the dollar amount of the payment transactions we process. In addition, our back-end payment processors may seek to increase the fees they charge us, which are also based upon the floor amount of the payment transactions we process as well as the number of merchants we support. We could attempt to pass these increases along to our merchants, but this strategy might result in the loss of merchants to our competitors who do not pass along the increases. If competitive practices prevent us from passing along the higher fees to our merchants in the future, we may have to absorb all or a portion of such increases, which may increase our operating costs and reduce our earnings. In addition, in certain of our markets, card issuers pay merchant acquirers fees based on debit card usage in an effort to encourage debit card use. If this practice were discontinued, our revenue and margins in jurisdictions where we receive these fees would be adversely affected.
If we fail to comply with the applicable requirements of card networks and industry self-regulatory organizations, those card networks or organizations could seek to fine us, suspend us, or terminate our registrations through our bank sponsors. If our merchants or sales partners incur fines or penalties that we cannot collect from them, we may have to bear the cost of such fines or penalties.
We do not directly access the payment card networks, such as Visa, MasterCard and Discover, which enable our acceptance of credit cards and debit cards. Instead, we rely on sponsor banks and third-party processors to access such networks and settle transactions, and we must pay fees for such services.
Visa, Mastercard and other card networks set complex and evolving rules and standards with which our sponsor banks, third-party processors and we must comply. The payment networks and their member financial institutions routinely update, generally expand and modify requirements applicable to merchant acquirers, including rules regulating data integrity, third-party relationships (such as those with respect to sponsor banks and ISOs), merchant chargeback standards and PCI-DSS. Under certain circumstances, we are required to report incidents to the card networks within a specified time frame.
The rules of card networks are set by their boards, which include members that are card issuers that directly or indirectly sell processing services to merchants in competition with us. There is a risk that these members could use their influence to enact changes to the card network rules or policies that are detrimental to us. Any changes in network rules or standards that increase the cost of doing business or limit our ability to provide processing services to our merchants will adversely affect the operation of our business.
If we, our bank sponsors or our third-party processors fail to comply with the applicable rules and requirements of the Visa or Mastercard payment networks, Visa or Mastercard could suspend or terminate our registration. Further, our transaction processing capabilities, including settlement processes, could be delayed or otherwise disrupted, and recurring non-compliance could result in the payment networks seeking to fine us, or suspend or terminate our registrations which allow us to process transactions on their networks, making it impossible for us to conduct our business on its current scale. Under certain circumstances specified in the payment network rules, we may be required to submit to periodic audits, self-assessments, or other assessments of our compliance with the PCI-DSS. Such activities may reveal that we have failed to comply with the PCI-DSS. In addition, even if we comply with the PCI-DSS, there is no assurance that we will be protected from a security breach.
The termination of our registration with the payment networks, or any changes in payment network or issuer rules that limit our ability to provide merchant acquiring services, could have an adverse effect on our payment processing volumes, revenues and operating costs. If we are unable to comply with the requirements applicable to our settlement activities, the payment networks may no longer allow us to provide these services, which would require us to spend additional resources to obtain settlement services from a third-party provider. In addition, if we were
Table of Contents
precluded from processing Visa and Mastercard electronic payments, we would lose a substantial portion of our revenues.
In addition, if a merchant or sales partner fails to comply with the applicable requirements of the card networks, it could be subject to a variety of fines or penalties that may be levied by those card networks. We may have to bear the cost of such fines or penalties if we are unable to collect them from the applicable merchant or sales partner. The termination of our member registration, any change in our status as a service provider or merchant processor, or any changes in network rules or standards could prevent us from providing processing services relating to the affected card network and could adversely affect our business, financial condition, or results of operations.
We are also subject to the operating rules of NACHA. NACHA is a self-regulatory organization which administers and facilitates private-sector operating rules for ACH payments and defines the roles and responsibilities of financial institutions and other ACH network participants. The NACHA Rules and Operating Guidelines impose obligations on us and our partner financial institutions. These obligations include audit and oversight by the financial institutions and the imposition of mandatory corrective action, including termination, for serious violations. If an audit or self-assessment under PCI-DSS or NACHA identifies any deficiencies that we need to remediate, the remediation efforts may distract our management team and be expensive and time consuming.
Similarly, our ACH sponsor banks have the right to audit our compliance with NACHA’s rules and guidelines and are given wide discretion to approve certain aspects of our business practices and terms of our agreements with ACH customers. Like the payment networks, NACHA may update its operating rules and guidelines at any time, which could require us to take more costly compliance measures or to develop more complex monitoring systems.
There may be a decline in the use of electronic payments as a payment mechanism for consumers or adverse developments with respect to the electronic payments industry in general, which could adversely affect our business, financial condition, and operating results.
Maintaining or increasing our profitability is dependent on consumers and businesses continuing to use credit cards, debit cards and make ACH payments at the same or increasing rate. If consumers do not continue to use these cards or methods of payment for their transactions or if there is a change in the mix of payments between cash and electronic payments which is adverse to us, our profits could decline and we could incur material losses. Regulatory changes may also result in merchants seeking to charge customers additional fees for use of electronic payments which may discourage their use. Additionally, in recent years, increased incidents of security breaches have caused some consumers to lose confidence in the ability of businesses to protect or store their information, causing consumers to discontinue use of electronic payment methods. Security breaches could also result in financial institutions cancelling large numbers of credit and debit cards, or consumers electing to cancel their cards following such an incident. These events could result in reduced use of electronic payments, and therefore, could adversely affect our business, financial condition and operating results.
In order to remain competitive and to continue to increase our revenues and earnings, we must continually update our products and services, a process which could result in increased costs and the loss of revenues, earnings, merchants and distribution partners if the new products and services do not perform as intended or are not accepted in the marketplace.
The electronic payments industry in which we compete is subject to rapid technological changes and is characterized by new technology, product and service introductions, evolving industry standards, regulatory compliance, changing merchant needs and the entrance of non-traditional competitors. We are subject to the risk that our existing products and services become obsolete, and that we are unable to develop new products and services in response to industry demands. Our future success will depend in part on our ability to develop or adapt to technological changes and evolving industry trends. We are continually involved in a number of projects, many of which require investment in non-revenue generating products or services that our distribution partners and merchants expect to be included in our product and service offerings. These projects carry the risks associated with any development effort, including
Table of Contents
difficulty in determining market demand and timing for delivery of new products and services, cost overruns, delays in delivery and performance problems.
In addition, new products and offerings may not perform as intended or generate the business or revenue growth expected. Defects in our software and errors or delays in our processing of electronic transactions could result in additional development costs, diversion of technical and other resources from our other development efforts, loss of credibility with current or potential distribution partners and merchants, harm to our reputation, fines imposed by card networks, or exposure to liability claims. Any delay in the delivery of new products or services or the failure to differentiate our products and services could render them less desirable, or possibly even obsolete, to our merchants. Additionally, the market for alternative payment processing products and services is evolving, and it may develop too rapidly or not rapidly enough for us to recover the costs we have incurred in developing new products and services.
We may not be able to continue to expand our share of our existing vertical markets or expand into new vertical markets, which would inhibit our ability to grow and increase our profitability.
Our future growth and profitability depend, in part, upon our continued expansion within the vertical markets in which we currently operate, the emergence of other vertical markets for electronic payments and our integrated solutions, and our ability to penetrate new vertical markets and our current distribution partners’ customer base. As part of our strategy to expand into new vertical markets, we look for acquisition opportunities and partnerships with other businesses that will allow us to increase our market penetration, technological capabilities, product offerings and distribution capabilities. We may not be able to successfully identify suitable acquisition or partnership candidates in the future, and if we do, they may not provide us with the benefits we anticipated.
Our expansion into new vertical markets also depends upon our ability to adapt our existing technology or to develop new technologies to meet the particular needs of each new vertical market. We may not have adequate financial or technological resources to develop effective and secure services or distribution channels that will satisfy the demands of these new vertical markets. Penetrating these new vertical markets may also prove to be more challenging or costly or take longer than we may anticipate. If we fail to expand into new vertical markets and increase our penetration into existing vertical markets, we may not be able to continue to grow our revenues and earnings.
Our ability to grow our business will depend in part on the addition of new partners. Inability to effectively onboard these new partners could have a material adverse effect on our business, financial condition and results of operations.
Our ability to grow our business will depend in part on the addition of new partners, and an inability to effectively onboard these new partners could have a material adverse effect on our business, financial condition and results of operations. We may encounter delays onboarding partners due to economic uncertainty, an economic slowdown or a recession, risks related to the Merger, the continuing effects of COVID-19, issues integrating the partner into Paya Connect, or other unforeseen circumstances. If we do not effectively onboard our new partners, including assisting such partners to quickly resolve any post-onboarding issues and provide effective ongoing support, our reputation could be damaged and our ability to add new partners and our relationships with our existing partners could be adversely affected. Additionally, if we fail to onboard these partners in a timely manner, it could lead to delays in collecting revenues that we may otherwise receive, causing our financial condition and results of operations to be adversely affected.
We may not be able to successfully execute our strategy of growth through acquisitions.
A significant part of our growth strategy is to enter new vertical markets through platform acquisitions of vertically focused integrated payment and software solutions providers and to expand within our existing vertical markets through selective tuck-in acquisitions. Under the terms of the Merger Agreement, from its execution until the Merger is consummated or the Merger Agreement is terminated, without the consent of Parent, we may not acquire any other business, any material equity interest or enter into any joint venture, partnership, strategic alliance, limited liability company or similar arrangement with any third person, other than acquisitions of immaterial assets from
Table of Contents
vendors or suppliers under contracts in existence as of the date of the Merger Agreement in the ordinary course of business.
If the Merger is not consummated, we expect to continue to execute our acquisition strategy, however:
• we may not be able to identify suitable acquisition candidates or acquire additional assets on favorable terms;
• we may compete with others to acquire assets, and as competition increases, could result in decreased availability or increased prices for acquisition candidates;
• we may compete with others for select acquisitions and our competition may consist of larger, better-funded organizations with more resources and easier access to capital;
• we may experience difficulty in anticipating the timing and availability of acquisition candidates;
• we may not be able to obtain the necessary financing, on favorable terms or at all, to finance any of our potential acquisitions;
• we may not be able to generate the cash necessary to execute our acquisition strategy; and
• we may be unable to maintain uniform standards, controls, procedures, and policies as we attempt to integrate the acquired businesses, and this may lead to operational inefficiencies.
The occurrence of any of these factors could adversely affect our growth strategy.
Fraud by merchants or others could cause us to incur losses.
We face potential liability for fraudulent electronic payment transactions initiated by merchants or others. Merchant fraud occurs when a merchant opens a fraudulent merchant account and conducts fraudulent transactions or when a merchant, rather than a customer (though sometimes working in collusion with a customer engaged in fraudulent activities), knowingly uses a stolen or counterfeit card or card number to record a false sales transaction, or intentionally fails to deliver the merchandise or services sold in an otherwise valid transaction. Any time a merchant is unable to fund a chargeback, we are responsible for that chargeback.
Additionally, merchant fraud occurs when employees of merchants change the merchant demand deposit accounts to their personal bank account numbers, so that payments are improperly credited to the employee’s personal account. We have established systems and procedures to detect and reduce the impact of merchant fraud, but we cannot be sure that these measures are or will be effective. Failure to effectively manage risk and prevent fraud could increase our chargeback or other liability. In addition, beginning in October 2015, U.S. merchants that cannot process the Eurocard, Mastercard, and Visa standard ("EMV"), chip-based cards are held financially responsible for certain fraudulent transactions conducted using such cards. This has increased the risk to merchants who are not yet EMV-compliant and shifted a substantial amount of fraud to card-not-present transactions, which is the primary environment in which we operate. This increased risk and the shift to card-not-present fraud has resulted in us having to seek increased chargebacks from such merchants. Increases in chargebacks, failure to recover fraud-related losses from our merchants that have not yet complied with EMV standards or other liability could have a material adverse effect on our business, financial condition, and results of operations.
We also have potential liability for losses caused by fraudulent card-based payment transactions. Card fraud occurs when a merchant’s customer uses a stolen card (or a stolen card number in a card-not-present transaction) to purchase merchandise or services. In a card-present transaction, if the merchant swipes or dips the card, receives authorization for the transaction from the issuer and verifies the signature on the back of the card against the paper receipt signed by the customer, the issuer remains liable for any loss. In a card-not-present transaction, even if the merchant receives authorization for the transaction, the merchant is liable for any loss arising from the transaction. Many of the merchants that we serve transact a substantial percentage of their sales in card-not-present transactions
Table of Contents
over the Internet or in response to telephone or mail orders, which makes these merchants more vulnerable to fraud than merchants whose transactions are conducted largely in card-present transactions.
Criminals are using increasingly sophisticated methods to engage in illegal activities such as counterfeiting and fraud. For example, bust-out fraud is a first-party fraud scheme where legitimate business credentials are combined with legitimate personal identity credentials and used to open a merchant account. After a period of either no processing or normal processing activity, typically ranging from four to 12 months, and processing minimal volume, the criminal quickly processes a substantial volume from fraudulent cards, receives the corresponding deposits and exits before chargebacks or returns are assessed. Incidents and types of fraud and counterfeiting may increase in the future. Failure to effectively identify and manage risk and prevent fraud could increase our chargeback liability or cause us to incur other liabilities.
We incur liability when our merchants refuse or cannot reimburse us for chargebacks resolved in favor of their customers.
We have potential liability for chargebacks associated with the transactions we process. If a billing dispute between a merchant and a cardholder is not ultimately resolved in favor of the merchant, the disputed transaction is “charged back” to the merchant’s bank and credited or otherwise refunded to the cardholder. The risk of chargebacks is typically greater with those merchants that promise future delivery of goods and services rather than delivering goods or rendering services at the time of payment. If we or our bank sponsors are unable to collect the chargeback from the merchant’s account or reserve account (if applicable), or if the merchant refuses or is financially unable (due to bankruptcy or other reasons) to reimburse the merchant’s bank for the chargeback, we may bear the loss for the amount of the refund paid to the cardholder. Any increase in chargebacks not paid by our merchants could increase our costs and decrease our revenues. Additionally, an ACH transaction could be rejected in certain situations, including instances where we attempt to pull fees out of a bank account with insufficient funds, where an account has been closed, or where the account number is invalid. If an ACH reject occurs, we may bear the loss for the amount not pulled from the applicable account, which could increase our costs and decrease our revenues.
Our risk management policies and procedures may not be fully effective in mitigating our risk exposure in all market environments or against all types of risks.
We operate in a rapidly changing industry. Accordingly, our risk management policies and procedures may not be fully effective to identify, monitor, manage and remediate our risks. Some of our risk evaluation methods depend upon information provided by others and public information regarding markets, merchants or other matters that are otherwise inaccessible by us. In some cases, that information may not be accurate, complete, or current. Additionally, our risk detection system is subject to a high degree of “false positive” risks being detected, which makes it difficult for us to identify real risks in a timely manner. If our policies and procedures are not fully effective or we are not always successful in capturing all risks to which we are or may be exposed, we may suffer harm to our reputation or be subject to litigation or regulatory actions that materially increase our costs and subject us to reputational damage that could limit our ability to grow and cause us to lose existing merchant clients.
The loss of key personnel or of our ability to attract, recruit, retain and develop qualified employees could adversely affect our business, financial condition, and results of operations.
Our success depends upon the continued services of our senior management and other key personnel who have substantial experience in the electronic payments industry and the markets in which we offer our services. Our ability to recruit and retain our senior management, key personnel, and other skilled employees may be affected as a result of the announcement of the Merger. In addition, our success depends in large part upon the reputation within the industry of our senior managers who have, developed relationships with our distribution partners, payment networks and other payment processing and service providers. Further, for us to continue to successfully compete and grow, we must attract, recruit, develop and retain personnel who will provide us with expertise across the entire spectrum of our intellectual capital needs. Our success is also dependent on the skill and experience of our sales force, which we must continuously work to maintain. While we have key personnel who have substantial experience with our operations, we must also develop our personnel to provide succession plans capable of maintaining the
Table of Contents
continuity of our operations. The market for qualified personnel is competitive, and we may not succeed in recruiting additional personnel or may fail to effectively replace current personnel who depart with qualified or effective successors, including as a result of the announcement of the Merger. In addition, a sustained labor shortage or increased turnover rates within our employee base could lead to increased costs and could otherwise degrade our ability to efficiently operate our business.
Failure to retain or attract key personnel, including as a result of the announcement of the Merger, could impede our ability to grow and could result in our inability to operate our business profitably. In addition, contractual obligations related to confidentiality, assignment of intellectual property rights, and non-solicitation may be ineffective or unenforceable and departing employees may share our proprietary information with competitors in ways that could adversely impact us, or seek to solicit our distribution partners or merchants or recruit our key personnel to competing businesses.
Risks Relating to Intellectual Property and Information Technology
Unauthorized disclosure of merchant or cardholder data, whether through breach of our computer systems, computer viruses, or otherwise, could expose us to liability, protracted and costly litigation and damage our reputation.
We are responsible for data security for ourselves and for third parties with whom we partner and under the rules and regulations established by the payment networks, such as Visa, MasterCard, Discover and American Express, and debit card networks and by industry regulations and standards that may be promulgated by organizations such as NACHA, which manages the governance of the ACH network. These third parties include merchants, our distribution partners and other third-party service providers and agents. We and other third parties collect, process, store and/or transmit sensitive data, such as names, addresses, social security numbers, credit or debit card numbers and expiration dates, driver’s license numbers and bank account numbers. We have ultimate liability to the payment networks and our bank that sponsors our registration with Visa or MasterCard for our failure or the failure of third parties with whom we contract to protect this data in accordance with PCI-DSS and network requirements. The loss, destruction or unauthorized modification of merchant or cardholder data by us or our contracted third parties could result in significant fines, sanctions and proceedings or actions against us by the payment networks, card issuing banks, governmental entities, consumers, or others.
Threats may derive from human error, fraud, or malice on the part of employees or third parties, or from accidental technological failure. For example, certain of our employees have access to sensitive data that could be used to commit identity theft or fraud. Concerns about security increase when we transmit information electronically because such transmissions can be subject to attack, interception, or loss. Also, computer viruses can be distributed and spread rapidly over the Internet and could infiltrate our systems or those of our contracted third parties. Denial of service or other attacks could be launched against us for a variety of purposes, including interfering with our services or to create a diversion for other malicious activities. These types of actions and attacks and others could disrupt our delivery of services or make them unavailable. Any such actions or attacks against us or our contracted third parties could impugn our reputation, force us to incur significant expenses in remediating the resulting impacts, expose us to uninsured liability, result in the loss of our bank sponsors or our ability to participate in the payment networks, subject us to lawsuits, fines or sanctions, distract our management or increase our costs of doing business.
We and our contracted third parties could be subject to security breaches, cyber-attacks or cyber intrusions or disruptions by hackers, nation-state affiliated actions, and cyber-terrorists. Security breaches, cyber-attacks and cyber intrusions have generally increased as the number, intensity and sophistication of attempted attacks and intrusions from around the world have increased. Our encryption of data and other protective measures may not prevent unauthorized access to or use of sensitive data. A breach of a system may subject us to material losses or liability, including payment network fines, assessments and claims for unauthorized purchases with misappropriated credit, debit or card information, impersonation, or other similar fraud claims. A misuse of such data or a cybersecurity breach could harm our reputation and deter merchants from using electronic payments generally and our services specifically, thus reducing our revenue. In addition, any such misuse or breach could cause us to incur costs to correct the breaches or failures, expose us to uninsured liability, increase our risk of regulatory scrutiny,
Table of Contents
subject us to lawsuits, and result in the imposition of material penalties and fines under state and federal laws or by the payment networks. While we maintain insurance coverage that may, subject to policy terms and conditions, cover certain aspects of cyber risks, our insurance coverage may be insufficient to cover all losses. In addition, a significant cybersecurity breach of our systems or communications could result in payment networks prohibiting us from processing transactions on their networks or the loss of our bank sponsors that facilitate our participation in the payment networks, either of which could materially impede our ability to conduct business.
Although we generally require that our agreements with distribution partners or our service providers which may have access to merchant or cardholder data include confidentiality obligations that restrict these parties from using or disclosing any merchant or cardholder data except as necessary to perform their services under the applicable agreements, we cannot guarantee that these contractual measures will prevent the unauthorized use, modification, destruction or disclosure of data or allow us to seek reimbursement from the contracted party. In addition, many of our merchants are middle market businesses that may have limited competency regarding data security and handling requirements and thus may experience data breaches. Any unauthorized use, modification, destruction, or disclosure of data could result in protracted and costly litigation, and our incurring significant losses.
In addition, our agreements with our bank sponsors and our third-party payment processors (as well as payment network requirements) require us to take certain protective measures to ensure the confidentiality of merchant and consumer data. Any failure to adequately comply with these protective measures could result in fees, penalties, litigation, or termination of our bank sponsor agreements.
Cybersecurity has become a top priority for regulators around the world, and some jurisdictions have enacted laws requiring companies to notify individuals of data security breaches involving certain types of personal data. In February 2018, the SEC issued guidance stating that public companies are expected to have controls and procedures that relate to cybersecurity disclosure, and are required under the federal securities laws to disclose information relating to certain cyber-attacks or other information security breaches. In March 2022, the SEC proposed new cybersecurity disclosure requirements intended to increase the transparency of publicly traded organizations' cybersecurity practices, and has placed cybersecurity risk disclosure and compliance requirements on its rule-making agenda for 2023. Therefore, we are anticipating more detailed requirements about the information we may be required to regularly disclose if the Merger is not consummated and we continue to be a public company after rules become effective. If we fail to comply with the relevant laws and regulations relating to cybersecurity, we could suffer financial loss, a disruption of our business, liability to investors, regulatory intervention or reputational damage.
Any significant unauthorized disclosure of sensitive data entrusted to us would cause significant damage to our reputation, and impair our ability to attract new distribution partners, and may cause parties with whom we already have such agreements to terminate them.
We may not be able to successfully manage our intellectual property and may be subject to infringement claims.
We rely on a combination of contractual rights and copyright, trademark and trade secret laws to establish and protect our proprietary technology. Third parties may challenge, circumvent, infringe or misappropriate our intellectual property, or such intellectual property may not be sufficient to permit us to take advantage of current market trends or otherwise to provide competitive advantages, which could result in costly redesign efforts, discontinuance of service offerings or other competitive harm. Others, including our competitors, may independently develop similar technology, duplicate our services or design around our intellectual property and, in such cases, we could not assert our intellectual property rights against such parties. Further, our contractual arrangements may not effectively prevent disclosure of our confidential information or provide an adequate remedy in the event of unauthorized disclosure of our confidential information. We may have to litigate to enforce or determine the scope and enforceability of our intellectual property rights and knowhow, which is expensive, could cause a diversion of resources and may not prove successful. Also, because of the rapid pace of technological change in our industry, aspects of our business and our services rely on technologies developed or licensed by third parties, and we may not be able to obtain or continue to obtain licenses and technologies from these third parties on reasonable terms or at
Table of Contents
all. The loss of intellectual property protection or the inability to license or otherwise use third-party intellectual property could harm our business and ability to compete.
We may also be subject to costly litigation if our services and technology are alleged to infringe upon or otherwise violate a third party’s proprietary rights. Third parties may have, or may eventually be issued, patents that could be infringed by our products, services, or technology. Any of these third parties could make a claim of infringement against us with respect to our products, services, or technology. We may also be subject to claims by third parties for patent, copyright or trademark infringement, breach of license or violation of other third-party intellectual property rights. Any claim from third parties may result in a limitation on our ability to use the intellectual property subject to these claims. Additionally, in recent years, individuals and groups have been purchasing intellectual property assets for the sole purpose of making claims of infringement or other violations and attempting to extract settlements from companies like ours. Even if we believe that intellectual property related claims are without merit, defending against such claims is time consuming and expensive and could result in the diversion of the time and attention of our management and employees. Claims of intellectual property infringement or violation also might require us to redesign affected products or services, enter into costly settlement or license agreements, pay costly damage awards, or face a temporary or permanent injunction prohibiting us from marketing or selling certain of our products or services. Even if we have an agreement for indemnification against such costs, the indemnifying party, if any in such circumstances, may be unable to uphold its contractual obligations. If we cannot or do not license the infringed technology on reasonable terms or substitute similar technology from another source, our revenue and earnings could be adversely impacted.
Our systems and our third-party providers’ systems may fail due to factors beyond our control, which could interrupt our service, resulting in our inability to process payments, cause us to lose business, increase our costs and expose us to liability.
We depend on the efficient and uninterrupted operation of numerous systems, including our computer network systems, software, data centers and telecommunication networks, as well as the systems and services of our bank sponsors, the payment networks, third-party providers of processing services and other third parties. Our systems and operations or those of our third-party providers, such as our provider of authorization services, or the payment networks themselves, could be exposed to damage or interruption from, among other things, fire, natural disaster, power loss, telecommunications failure, unauthorized entry, computer viruses, denial-of-service attacks, acts of terrorism, human error or sabotage, financial insolvency and similar events. Our property and business interruption insurance may not be adequate to compensate us for all losses or failures that may occur. At present, our systems are not fully redundant. Therefore, certain aspects of our operations may be subject to interruption. While we have disaster recovery policies and arrangements in place, they have not been tested under actual disasters or similar events.
Defects in our systems or those of third parties, errors or delays in the processing of payment transactions, delays or discrepancies in merchant funding and settlement processes, telecommunications failures or other difficulties could result in failure to process transactions, additional operating costs, diversion of technical and other resources, loss of revenue, merchants and distribution partners, loss of merchant and cardholder data, harm to our business or reputation, exposure to fraud losses or other liabilities and fines and other sanctions imposed by payment networks.
We rely on other service and technology providers. If they fail or discontinue providing their services or technology generally or to us specifically, our ability to provide services to merchants may be interrupted, and, as a result, our business, financial condition and results of operations could be adversely impacted.
We rely on third parties to provide or supplement card processing services and for infrastructure hosting services. We also rely on third parties for specific software and hardware used in providing our products and services. The termination by our service or technology providers of their arrangements with us or their failure to perform their services efficiently and effectively may adversely affect our relationships with our merchants and, if we cannot find alternate providers quickly, may cause those merchants to terminate their relationship with us.
Table of Contents
We also rely in part on third parties for the development of and access to new technologies, or updates to existing products and services for which third parties provide ongoing support, which increases the cost associated with new and existing product and service offerings. Failure by these third-party providers to devote an appropriate level of attention to our products and services could result in delays in introducing new products or services, or delays in resolving any issues with existing products or services for which third-party providers provide ongoing support.
Risks Relating to Reliance on Third Parties
To acquire and retain a segment of our merchants, we depend in part on distribution partners that may not serve us exclusively and are subject to attrition.
We rely in significant part on the efforts of integrated software vendors and referral partners to market our services to merchants seeking to establish an integrated payment processing relationship. These distribution partners seek to introduce us, as well as our competitors, to newly established and existing middle market merchants. Generally, our agreements with distribution partners (except for a portion of our Integrated Solutions and Payment Services segments) are not exclusive and distribution partners retain the right to refer merchants to other merchant acquirers. Gaining and maintaining loyalty or exclusivity can require financial concessions to maintain current distribution partners and merchants or to attract potential distribution partners and merchants from our competitors. We have been required, and expect to be required in the future, to make concessions when renewing contracts with our distribution partners and such concessions can have a material impact on our financial condition or operating performance. If these distribution partners switch to another merchant acquirer, cease operations, or become insolvent, we will no longer receive new merchant referrals from them and we risk losing existing merchants that were originally enrolled by them. We cannot accurately predict the level of attrition of our distribution partners or merchants in the future, particularly those merchants we acquired as customers in the portfolio acquisitions we have completed in the past three years, which makes it difficult for us to forecast growth. If we are unable to establish relationships with new distribution partners or merchants, or otherwise increase our transaction processing volume to counter the effect of this attrition, our revenues will decline.
If the banks that currently provide ACH and wire transfers fail to properly transmit ACH or terminate their relationship with us or limit our ability to process funds or we are not able to increase our ACH capacity with our existing and new banks, our ability to process funds on behalf of our clients and our financial results and liquidity could be adversely affected.
We currently have agreements with three sponsor banks (Wells Fargo, Fifth Third Bank, and ACCU), to execute ACH and wire transfers to support our processing services. If one or more of the banks fails to process ACH transfers on a timely basis, or at all, then our relationship with our clients could be harmed and we could be subject to claims by a client with respect to the failed transfers. In addition, these banks have no obligation to renew their agreements with us on commercially reasonable terms, if at all. Currently, some agreements with our bank sponsors give them substantial discretion in approving certain aspects of our business practices, including our solicitation, application and qualification procedures for clients and the terms of our agreements with clients. If these banks terminate their relationships with us or restrict the dollar amounts of funds that they will process on behalf of our clients, their doing so may impede our ability to process funds and could have an adverse impact on our financial results and liquidity.
Inability to maintain our strategic relationship with Sage could adversely affect our business.
We have a strategic relationship with Sage Group plc, a global provider of integrated accounting, payroll, and payment solutions, which previously acquired Paya in 2006 and remained a strategic partner after GTCR, LLC acquired us in 2017. As part of this strategic relationship, we offer integration into Sage Intacct, X3, and other Sage products. During 2022, 2021 and 2020, we derived approximately 7.7%, 8.1%, and 8.6%, respectively, of our revenue from this relationship. We depend on Sage to refer new merchants to us and deliver an acceptable level of software functionality and service to our joint customers. There can be no assurance we will realize the expected benefits from this strategic relationship or that it will continue in the future. If successful, this relationship may be mutually beneficial and result in the continued growth in joint customers. However, such a relationship carries an
Table of Contents
element of risk given the ongoing competition for this customer base. Also, if Sage fails to perform or if the relationship fails to continue as expected, we could suffer reduced sales or other operational difficulties and our business, results of operations and financial condition could be materially adversely affected.
We rely on bank sponsors, which have substantial discretion with respect to certain elements of our business practices, to process electronic payment transactions. If these sponsorships are terminated and we are not able to secure new bank sponsors, we will not be able to conduct our business.
Because we are not a bank, we are not eligible for membership in the Visa, Mastercard, and other payment networks, and are, therefore, unable to directly access these payment networks, which are required to process transactions. These networks’ operating regulations require us to be sponsored by a member bank to process electronic payment transactions. We are currently registered with Visa and Mastercard through BMO Harris and Chesapeake Bank. We are also subject to network operating rules promulgated by the NACHA relating to payment transactions processed by us using the ACH Network. For ACH payments, our ACH network is sponsored by Wells Fargo and Fifth Third Bank. The term of the agreements with Wells Fargo and Fifth Third Bank, which automatically renew annually, do not have a fixed termination date but are terminable with written notice. From time to time, we may enter into other sponsorship relationships as well.
The current term of our agreement with BMO Harris lasted through November 1, 2022 and automatically renews for one year periods unless either party provides the other at least six months’ notice of its intent to terminate. Although we believe our relationships with BMO Harris Bank and Chesapeake Bank are good, there cannot be any guarantee that BMO Harris Bank or Chesapeake Bank will not provide a notice of termination at any time.
Our bank sponsors may terminate their agreements with us if we materially breach the agreements and do not cure the breach within an established cure period, if our membership with Visa and/or Mastercard terminates, if we enter bankruptcy or file for bankruptcy, or if applicable laws or regulations, including Visa and/or Mastercard regulations, change to prevent either the applicable bank or us from performing services under the agreement. If these sponsorships are terminated and we are unable to secure a replacement bank sponsor within the applicable wind down period, we will not be able to process electronic payment transactions.
Although we do not believe that we are substantially dependent on any of these agreements, bank sponsors do have discretion in these agreements and there is a possibility that the termination of a sponsorship could have an adverse impact on our business due to the need to transition services to an alternative provider. If any of these contracts were terminated, we believe we would be able to enter into alternative arrangements, although we may not be able to procure terms of an equal or more advantageous nature. Additionally, each of these agreements have wind down and de-conversion periods, which we believe would allow sufficient time for us to replace any of the aforementioned sponsors during such de-conversion periods. We are unable to predict with any certainty which terms might change in such alternative arrangements.
Furthermore, our agreements with our bank sponsors provide the bank with substantial discretion in approving certain elements of our business practices, including our solicitation, application, and underwriting procedures for merchants. We cannot guarantee that our bank sponsors’ actions under these agreements will not be detrimental to us, nor can we provide assurance that any of our bank sponsors will not terminate their sponsorship of us in the future. Our bank sponsors have broad discretion to impose new business or operational requirements on us, which may materially adversely affect our business. If our sponsorship agreements are terminated and we are unable to secure another bank sponsor, we will not be able to offer Visa or Mastercard transactions or settle transactions which would likely cause us to terminate our operations.
Our bank sponsors also provide or supplement authorization, funding, and settlement services in connection with our bankcard processing services. If our sponsorships agreements are terminated and we are unable to secure another bank sponsor, we will not be able to process Visa and MasterCard transactions, which would have a material adverse effect on our business, financial condition and results of operations.
Table of Contents
In July 2018, the Office of the Comptroller of the Currency (“OCC”) announced that it will begin accepting special purpose national bank charter applications from financial technology companies (“FinTech Charter”). Even though the application for FinTech Charters remains controversial, we cannot predict whether or which, if any, of our current or future competitors would take advantage of the charter, if available. However, such a development could increase the competitive risks discussed above or create new competitive risks, such as our nonbank competitors being able to more easily access the payment networks without the requirement of a bank sponsor, which could provide them with a competitive advantage.
Legal and Regulatory Risks
We are subject to extensive government regulation, and any new laws and regulations, industry standards or revisions made to existing laws, regulations or industry standards affecting the electronic payments industry may have an unfavorable impact on our business, financial condition and results of operations.
In addition to those regulations discussed below that are imposed by the cards networks, NACHA and PCI-DSS, we are subject to numerous regulations that affect electronic payments including, U.S. financial services regulations, consumer protection laws, escheat regulations, the Family Educational Rights and Privacy Act (“FERPA”), the Protection of Pupil Rights Amendment (“PPRA”), and other privacy and information security regulations. Regulation and proposed regulation of our industry has increased significantly in recent years, with states enacting regulations in areas that have historically only been federally regulated. Changes to statutes, regulations, or industry standards, including interpretation and implementation of statutes, regulations, or standards, could increase our cost of doing business, affect our competitive balance, and significantly increase the difficulty of compliance. Failure to comply with regulations may have an adverse effect on our business, including the limitation, suspension or termination of services provided to, or by, third parties, and the imposition of penalties or fines.
Interchange fees, which are typically paid by the payment processor to the issuer in connection with electronic payments, are subject to increasingly intense legal, regulatory, and legislative scrutiny. In particular, the 2010 Dodd-Frank Wall Street Reform and Consumer Protection Act, (the "Dodd-Frank Act”), significantly changed the U.S. financial regulatory system by regulating and limiting debit card fees charged by certain issuers, allowing merchants to set minimum dollar amounts for the acceptance of credit cards and allowing merchants to offer discounts or other incentives for different payment methods.
Rules implementing the Dodd-Frank Act also contain certain prohibitions on payment network exclusivity and merchant routing restrictions. These restrictions could limit the number of debit transactions, and prices charged per transaction, which would negatively affect our business. The Dodd-Frank Act also created the CFPB, which has assumed responsibility for most federal consumer protection laws, and the Financial Stability Oversight Council, which has the authority to determine whether any non-bank financial company, such as us, should be supervised by the Federal Reserve, because it is systemically important to the U.S. financial system. Because we provide data processing and other services to U.S. banks, we are subject to regular oversight and examination by the Federal Financial Institutions Examination Council (the “FFIEC”), which is an inter-agency body of federal banking regulators. Any such designation would result in increased regulatory burdens on our business, which increases our risk profile and may have an adverse impact on our business, financial condition, and results of operations.
We and many of our merchants are subject to Section 5 of the Federal Trade Commission Act prohibiting unfair or deceptive acts or practices. That statement and other laws, rules and or regulations, including the Telemarketing Sales Act, may directly impact the activities of certain of our merchants and, in some cases, may subject us, as the merchant’s electronic processor or provider of certain services, to investigations, fees, fines and disgorgement of funds if we were deemed to have improperly aided and abetted or otherwise provided the means and instrumentalities to facilitate the illegal or improper activities of the merchant through our services. Various federal and state regulatory enforcement agencies, including the Federal Trade Commission and state attorneys general, have authority to take action against non-banks that engage in unfair or deceptive practices or violate other laws, rules and regulations and to the extent we are processing payments or providing services for a merchant that may be
Table of Contents
in violation of laws, rules and regulations, we may be subject to enforcement actions and as a result may incur losses and liabilities that may impact our business.
Our business may also be subject to the FCRA, which regulates the use and reporting of consumer credit information and imposes disclosure requirements on entities that take adverse action based on information obtained from credit reporting agencies. We could be liable if our practices under the FCRA are not in compliance with the FCRA or regulations under it.
Separately, the Housing Assistance Tax Act of 2008 included an amendment to the Internal Revenue Code of 1986, as amended (the “Code”), that requires the filing of yearly information returns by payment processing entities and third-party settlement organizations with respect to payments made in settlement of electronic payment transactions and third-party payment network transactions occurring in that calendar year. Reportable transactions are also subject to backup withholding requirements. We could be liable for penalties if our information returns do not comply with these regulations.
These and other laws and regulations, even if not directed at us, may require us to make significant efforts to change our products and services and may require that we incur additional compliance costs and change how we price our services to merchants. Implementing new compliance efforts may be difficult because of the complexity of new regulatory requirements and may cause us to devote significant resources to ensure compliance. Furthermore, regulatory actions may cause changes in business practices by us and other industry participants which could affect how we market, price and distribute our products and services, which could limit our ability to grow, reduce our revenues, or increase our costs. In addition, even an inadvertent failure to comply with laws and regulations, as well as rapidly evolving social expectations of corporate fairness, could damage our business or our reputation.
We may be required to register under the Bank Secrecy Act as a money services business or to become licensed under state money transmission statutes.
We provide payment processing services through our Paya, Inc. subsidiary, including card processing and ACH processing services. We have taken the position that Paya, Inc. is: (i) exempt from the BSA, as Paya is a payment processor and therefore able to avail itself of the payment processor exemption in accordance with guidance from the Financial Crimes Enforcement Network, or FinCEN, including FinCEN Administrative Letter Ruling FIN-2014-R009; and (ii) exempt from licensure under various state money transmission laws, either expressly as a payment processor or agent of the payee, or pursuant to common law as an agent of the payee.
While we believe we have defensible arguments in support of our positions under the BSA and the state money transmission statutes, we have not expressly obtained confirmation of such positions from either FinCEN or the state banking departments who administer the state money transmission statutes. It is possible that FinCEN or certain state banking departments may determine that our activities are not exempt. Any determination that Paya, Inc. is in fact required to be registered either under the BSA or licensed under the state money transmission statutes may require substantial expenditures of time and money and could lead to liability in the nature of penalties or fines, as well as cause us to be required to cease operations in some or all of the US jurisdictions we service, which would have a materially adverse effect on our business and our financial results.
While we believe we are exempt from the BSA we are contractually required to comply with certain obligations in the BSA pursuant to our agreements with those federally-insured depository institutions that sponsor our card processing activities and our ACH activities.
In addition, we, and those federally-insured depository institutions that sponsor our card processing activities and our ACH activities, are subject to the sanctions programs enforced by OFAC. If we fail to comply with these sanctions programs or our sanctions compliance program is found to be deficient then the fines or penalties we face may be severe and our efforts to remediate our sanctions compliance program may be costly and result in diversion of management time and effort and may still not guarantee compliance.
Table of Contents
Governmental regulations designed to protect or limit access to or use of consumer information could adversely affect our ability to effectively provide our services to merchants.
Governmental bodies in the United States have adopted, or are considering the adoption of, laws and regulations restricting the use, collection, storage, and transfer of, and requiring safeguarding of, non-public personal information. Our operations are subject to certain provisions of these laws. Relevant federal privacy laws include the Gramm-Leach-Bliley Act of 1999, which applies directly to a broad range of financial institutions and indirectly, or in some instances directly, to companies that provide services to financial institutions. These laws and regulations restrict the collection, processing, storage, use and disclosure of personal information, require notice to individuals of privacy practices and provide individuals with certain rights to prevent the use and disclosure of protected information. These laws also impose requirements for safeguarding and proper destruction of personal information through the issuance of data security standards or guidelines. The Federal Trade Commission’s information safeguarding rules under the Gramm-Leach-Bliley Act require us to develop, implement and maintain a written, comprehensive information security program containing safeguards that are appropriate for our size and complexity, the nature and scope of our activities and the sensitivity of any customer information at issue. Our financial institution clients are subject to similar requirements under the guidelines issued by the federal banking regulators. As part of their compliance with these requirements, each of our financial institution clients is expected to have a program in place for responding to unauthorized access to, or use of, customer information that could result in substantial harm or inconvenience to customers and they are also responsible for our compliance efforts as a major service provider. Changes in our relationships with service providers, such as our plan to use AWS and Azure to provide additional redundancy, could further complicate the applicability of these regulations to our business. In addition, regulators are proposing new laws or regulations which could require us to adopt certain cybersecurity and data handling practices. In many jurisdictions, consumers must be notified in the event of a data breach, and such notification requirements continue to increase in scope and cost. The changing privacy laws in the United States create new individual privacy rights and impose increased obligations on companies handling personal data. In addition, there are state laws restricting the ability to collect and utilize certain types of information such as Social Security and driver’s license numbers. Certain state laws impose similar privacy obligations as well as obligations to provide notification of security breaches of computer databases that contain personal information to affected individuals, state officers and consumer reporting agencies and businesses and governmental agencies that own data.
In connection with providing services to our merchants, we are required by regulations and contracts with our merchants and with our financial institution referral partners to provide assurances regarding the confidentiality and security of non-public consumer information. These contracts require periodic audits by independent companies regarding our compliance with industry standards and allow for similar audits regarding best practices established by regulatory guidelines. The compliance standards relate to our infrastructure, components and operational procedures designed to safeguard the confidentiality and security of non-public consumer personal information shared by our merchants with us. Our ability to maintain compliance with these standards and satisfy these audits will affect our ability to attract, grow and maintain business in the future.
Additionally, privacy and data security have become significant issues in the United States. With the recent increase in publicity regarding data breaches resulting in improper dissemination of consumer information, all 50 states have passed laws regulating the actions that a business must take if it experiences a data breach, such as prompt disclosure to affected customers. As we receive, collect, process, use, and store personal and confidential data, we are subject to diverse laws and regulations relating to data privacy and security, including, local state laws such as the New York Stop Hacks and Improve Data Security Act (the “SHIELD Act”), and the CCPA.
The SHIELD Act requires companies to implement a written information security program that contains appropriate administrative, technical, and physical safeguards. The CCPA, which became effective on January 1, 2020 and operative on January 1, 2023, gives California residents expanded rights to access and delete their personal information, opt out of certain personal information sharing and receive detailed information about how their personal information is used. The CCPA provides for civil penalties for violations, as well as a private right of action for data breaches that is expected to increase data breach litigation. The CCPA may increase our potential liability and may require us to modify our data collection or processing practices and policies and to incur substantial costs and expenses in effort to comply. Moreover, the CPRA, which became effective on January 1,
Table of Contents
2023, significantly modifies and expands the CCPA, potentially resulting in further uncertainty and requiring us to incur additional costs and expenses in an effort to comply. Colorado, Connecticut, Virginia and Utah have each enacted comprehensive consumer data protection legislation, which is already effective or becomes effective throughout 2023. This, along with a growing number of other U.S. states that are proposing new privacy laws, has created the need for multi-state compliance. We continue to monitor and adapt to this evolving privacy landscape.
If we fail to comply with the laws and regulations relating to the protection of data privacy, we could be exposed to suits for breach of contract or to governmental proceedings. In addition, our relationships and reputation could be harmed, which could inhibit our ability to retain existing merchants and distribution partners and obtain new merchants and distribution partners.
If more restrictive privacy laws or rules are adopted by authorities in the future, our compliance costs may increase and our ability to perform due diligence on, and monitor the risk of, our current and potential merchants may decrease, which could create liability for us. Additionally, our opportunities for growth may be curtailed by our compliance capabilities or reputational harm, and our potential liability for security breaches may increase.
Changes in tax laws or their interpretations, or becoming subject to additional U.S., state or local taxes that cannot be passed through to our clients, could negatively affect our business, financial condition and results of operations.
We are subject to extensive tax liabilities, including federal and state and transactional taxes such as excise, sales/use, payroll, franchise, withholding, and ad valorem taxes. The rules dealing with taxation are constantly under review by legislators and regulators. We cannot predict how future tax proposals or regulations or other guidance issued by regulators might affect us. Changes in tax laws or their interpretations could decrease the amount of revenues we receive, the value of any tax loss carryforwards and tax credits recorded on our balance sheet and the amount of our cash flow, and have a material adverse impact on our business, financial condition and results of operations.
Some of our tax liabilities are subject to periodic audits by the respective taxing authority which could increase our tax liabilities. Furthermore, companies in the payment processing industry, including us, may become subject to incremental taxation in various tax jurisdictions. Taxing jurisdictions have not yet adopted uniform positions on this topic. If we are required to pay additional taxes and are unable to pass the tax expense through to our clients, our costs would increase and our net income would be reduced, which could have a material adverse effect on our business, financial condition and results of operations.
The elimination of the London Interbank Offered Rate ("LIBOR") could adversely affect the cost of our debt.
The United Kingdom’s Financial Conduct Authority (the "FCA"), which regulates LIBOR, stopped persuading or compelling banks to submit LIBOR rates after 2021, and on December 31, 2021, ICE Benchmark Administration, the administrator of LIBOR, with the support of the Federal Reserve Board and the FCA, ceased publication of USD LIBOR for the one week and two month U.S. dollar LIBOR tenors. Publications related to all other LIBOR tenors will cease immediately on June 30, 2023. In the U.S, the Alternative Reference Rates Committee formally recommended the Secured Overnight Financing Rate or "SOFR," plus a recommended spread adjustment, as the replacement for USD LIBOR. The application of or transition to SOFR or any other alternative reference rate could increase our interest expense or may introduce operational risks in our accounting or financial reporting and other aspects of our business.
Any of these occurrences could materially and adversely affect our borrowing costs, financial condition, and results of operations.
Table of Contents
Legal proceedings could have a material adverse effect on our business, financial condition or results of operations.
In the ordinary course of business, we may become involved in various litigation matters, including but not limited to commercial disputes and employee claims, and from time to time may be involved in governmental or regulatory investigations or similar matters arising out of our current or future business. Any claims asserted against us, regardless of merit or eventual outcome, could harm our reputation and have an adverse impact on our relationship with our merchants, distribution partners and other third parties and could lead to additional related claims. Certain claims may seek injunctive relief, which could disrupt the ordinary conduct of our business and operations or increase our cost of doing business. Our insurance or indemnities may not cover all claims that may be asserted against us, and any claims asserted against us, regardless of merit or eventual outcome, may harm our reputation and cause us to expend resources in our defense. Furthermore, there is no guarantee that we will be successful in defending ourselves in future litigation. Should the ultimate judgments or settlements in any pending litigation or future litigation or investigation significantly exceed our insurance coverage, they could have a material adverse effect on our business, financial condition, and results of operations.
Increasing scrutiny and changing expectations from investors, lenders, customers, government regulators and other market participants with respect to our Environmental, Social and Governance (“ESG”) policies and activities may impose additional costs on us or expose us to additional risks.
Companies across all industries and around the globe are facing increasing scrutiny relating to their ESG policies and activities. Investors, lenders and other market participants are increasingly focused on ESG practices and in recent years have placed increasing importance on the implications and social cost of their investments. Investment in funds that specialize in companies that perform well in assessments performed by ESG raters are increasingly popular, and major institutional investors have emphasized the importance of such ESG measures to their investment decisions. Responding to ESG considerations, including diversity and inclusion, environmental stewardship, support for local communities, labor conditions and human rights, ethics and compliance with law and corporate governance and transparency, and implementing goals and initiatives involve risks and uncertainties and depend in part on third-party performance or data that is outside our control.
In February 2021, the Acting Chair of the SEC issued a statement directing the Division of Corporation Finance to enhance its focus on climate-related disclosure in public company filings and in March 2021 the SEC announced the creation of a Climate and ESG Task Force in the Division of Enforcement. We risk damage to our brand and reputation or limited access to capital markets and loans, if we fail to adapt to or comply with investor, lender or other stakeholder expectations and standards and potential government regulation in a number of areas, such as diversity and inclusion, environmental stewardship, support for local communities, and corporate governance and transparency. In addition, compliance with standards and regulation may result in additional costs.
Risks Relating to Indebtedness
We have and will continue to have high levels of indebtedness.
Paya Holdings III, LLC (“Paya III”), Holdings and other indirect subsidiaries of Paya are party to a Credit Agreement, dated as of June 25, 2021 (the “Credit Agreement”). As of December 31, 2022, there were no outstanding borrowings under the revolving credit facility thereunder (the “2021 Revolving Credit Facility”) and $246.9 million outstanding under the Term Loan facility thereunder (the “2021 Term Credit Facility” and together with the 2021 Revolving Credit Facility, the “2021 Credit Facility”). Because borrowings under the 2021 Credit Facility bear interest at variable rates, increases in interest rates on debt that has not been fixed using interest rate hedges will increase interest expense, reduce cash flow or increase the cost of future borrowings or refinancings.
Our indebtedness could have important consequences to our investors, including, but not limited to:
• increasing vulnerability to, and reducing its flexibility to respond to, general adverse economic and industry conditions;
Table of Contents
• requiring the dedication of a substantial portion of cash flow from operations to the payment of principal of, and interest on, its indebtedness, thereby reducing the availability of such cash flow to fund working capital, capital expenditures, acquisitions, joint ventures or other general corporate purposes;
• limiting flexibility in planning for, or reacting to, changes in its business and the competitive environment; and
• limiting our ability to borrow additional funds and increasing the cost of any such borrowing.
If the proposed Merger is consummated, then the Company will terminate the Credit Agreement and concurrently repay all advances and other obligations outstanding thereunder and the surviving corporation will assume all remaining debts, liabilities and duties of the Company (if any), in each case as provided under the applicable provisions of the General Corporation Law of the State of Delaware, as amended.
Risks Relating to Ownership of our Common Stock and Our Status as a Public Company
If the Merger is not consummated and we remain a public company, we may issue additional common stock or other equity securities without your approval, which would dilute your ownership interests and may depress the market price of the common stock.
Pursuant to the terms of the Merger Agreement, until the Merger is consummated or the Merger Agreement is terminated, we generally may not issue, sell, deliver, pledge or agree or commit to issue, deliver, encumber or subject to a lien, or pledge any securities. However, if the Merger is not consummated and we remain a public company, we may issue additional shares of common stock or other equity securities in the future in connection with, among other things, future acquisitions, repayment of outstanding indebtedness or grants under the Omnibus Plan without stockholder approval in a number of circumstances. In 2021 and 2022, we issued a total of 15,362,438 and 170,958 shares of common stock, respectively, including shares issued in a primary offering, shares issued to partially finance the acquisition of Paragon Payment Solutions , shares issued in exchange for our then outstanding warrants, and shares issued under the Omnibus Plan. In addition, we are required to issue an aggregate of 14,018,188 shares of common stock to existing equity holders of Paya upon achievement of milestone targets. Our issuance of additional common stock or other equity securities of equal or senior rank would have the following effects:
• our existing shareholders’ proportionate ownership interest will decrease;
• the amount of cash available per share, including for payment of dividends in the future, may decrease;
• the relative voting strength of each previously outstanding share of common stock may be diminished; and
• the market price of our common stock may decline.
Provisions in our charter and Delaware law may inhibit a takeover, which could limit the price investors might be willing to pay in the future for our common stock and could entrench management.
Our amended and restated certificate of incorporation and bylaws contain provisions to limit the ability of others to acquire control of us or cause us to engage in change-of-control transactions, including, among other things:
• provisions that authorize our board of directors, without action by our stockholders, to authorize by resolution the issuance of shares of preferred stock and to establish the number of shares to be included in such series, along with the preferential rights determined by our board of directors;
• provisions that permit only a majority of our board of directors or the Chair of the board of directors at the direction of a majority of the board of directors or, for so long as GTCR-Ultra Holdings, LLC ("Ultra") and its affiliates beneficially own at least 35% of our common stock, the Chair of the board of directors at the written request of the holders of a majority of the voting power of the then outstanding shares of voting stock, to call shareholder meetings, and therefore do not permit stockholders to call special stockholder meetings;
Table of Contents
• provisions that impose advance notice requirements, minimum shareholding periods and ownership thresholds, and other requirements and limitations on the ability of stockholders to propose matters for consideration at stockholder meetings; and
• a staggered board whereby our directors are divided into three classes, with each class subject to reelection once every three years on a rotating basis.
These provisions could have the effect of depriving our stockholders of an opportunity to sell their shares at a premium over prevailing market prices by discouraging third parties from seeking to obtain control of us in a tender offer or similar transaction. With our staggered board of directors, at least two annual meetings of shareholders will generally be required in order to effect a change in a majority of our directors. Our staggered board of directors can discourage proxy contests for the election of our directors and purchases of substantial blocks of our shares by making it more difficult for a potential acquirer to gain control of our board of directors in a relatively short period of time.
Our amended and restated certificate of incorporation provides, subject to limited exceptions, that the Court of Chancery of the State of Delaware will be the sole and exclusive forum for certain stockholder litigation matters, which could limit our stockholders’ ability to obtain a favorable judicial forum for disputes with us or our directors, officers, employees or stockholders.
Our amended and restated certificate of incorporation requires, to the fullest extent permitted by law, that derivative actions brought in our name, actions against directors, officers and employees for breach of fiduciary duty and other similar actions may be brought only in the Court of Chancery in the State of Delaware and, if brought outside of Delaware, the stockholder bringing the suit will be deemed to have consented to service of process on such stockholder’s counsel. Any person or entity purchasing or otherwise acquiring any interest in shares of our capital stock shall be deemed to have notice of and consented to the forum provisions in its amended and restated certificate of incorporation.
This choice of forum provision may limit a stockholder’s ability to bring a claim in a judicial forum that it finds favorable for disputes with us or any of our directors, officers, other employees or stockholders, which may discourage lawsuits with respect to such claims. Alternatively, if a court were to find the choice of forum provision contained in our amended and restated certificate of incorporation to be inapplicable or unenforceable in an action, we may incur additional costs associated with resolving such action in other jurisdictions, which could harm its business, operating results and financial condition.
A market for our common stock may not be sustained, which would adversely affect the liquidity and price of our common stock.
The price of our common stock may fluctuate significantly due to general market and economic conditions. An active trading market for our common stock may not be sustained.
We may be unable to satisfy Nasdaq listing requirements in the future, which could limit investors’ ability to effect transactions in our common stock and subject us to additional trading restrictions.
If we fail to continue to satisfy ongoing Nasdaq listing requirements, or if we are delisted, there could be significant material adverse consequences, including:
• a limited availability of market quotations for our common stock;
• a limited amount of news and analyst coverage for us; and
• a decreased ability to obtain capital or pursue acquisitions by issuing additional equity or convertible securities
Table of Contents
If we fail to maintain effective internal control over financial reporting and disclosure controls and procedures, we may not be able to accurately report our financial results, or report them in a timely manner.
We are a public reporting company subject to the rules and regulations established from time to time by the SEC and Nasdaq. As a public company we are required to document and test our internal control over financial reporting pursuant to Section 404 of the Sarbanes-Oxley Act so that our management can certify as to the effectiveness of our internal control over financial reporting. In addition, our independent registered public accounting firm is required to provide an attestation report on the effectiveness of our internal control over financial reporting in our Annual Reports on Form 10-K on an ongoing basis.
As of December 31, 2021, we identified a material weakness in our controls related to the operating effectiveness of the review of the annual income tax provision prepared by a third-party firm. We did not maintain effective controls to sufficiently review the completeness and accuracy of the annual tax provision.
This material weakness resulted in adjustments that have been recorded in our consolidated financial statements as of and for the year ended December 31, 2021. Our management and our independent registered public accounting firm determined that as of December 31, 2022, this material weakness had been remediated and our internal control over financial reporting are effective.
Remediation of the 2021 required, and any other material weakness or any significant deficiency would require management to devote significant time and incur significant expense, and management may not be able to remediate other future material weakness or significant deficiencies in a timely manner. The existence of any material weakness in our internal control over financial reporting could result in errors in our financial statements that could require us to restate our financial statements and cause us to fail to meet our reporting obligations. If we are unable to remediate the existing material weakness or assert that our internal control over financial reporting is effective, or if our independent registered public accounting firm is unable to express an opinion as to the effectiveness of our internal control over financial reporting, or expresses an adverse opinion, investors may lose confidence in the accuracy and completeness of our financial reports, we may face restricted access to the capital markets and our stock price may be adversely affected.
In addition, if the Merger is not consummated and we remain a public company, we expect to continue to incur costs related to our internal control over financial reporting in the upcoming years to improve our internal control environment. If we are unable to comply with the requirements applicable to us as a public company, including the requirements of Section 404 of the Sarbanes-Oxley Act, in a timely manner, we may be unable to accurately report our financial results, or report them within the timeframes required by the SEC. If this occurs, we also could become subject to sanctions or investigations by the SEC or other regulatory authorities.
We do not anticipate paying dividends for the foreseeable future.
Under the terms of the Merger Agreement, until the Merger is consummated or the Merger Agreement is terminated, without prior consent from Parent, we may not declare, set aside or pay any dividend or other distribution in respect of any shares of capital stock or other equity or voting interest, or make any other distribution in respect of the shares of capital stock or other equity or voting interest. In addition, we do not anticipate that our board of directors will declare dividends in the foreseeable future. In addition, the ability of our board of directors to pay dividends in the future may be restricted by our debt documents, our holding company structure and capital requirements at our subsidiaries. Because we do not pay dividends, and do not anticipate paying dividends for the foreseeable future, the price of our common stock must appreciate in order for you to realize a gain on your investment. This appreciation may not occur.
Table of Contents
Our ability to meet expectations and projections in any research or reports published by securities or industry analysts, or a lack of coverage by securities or industry analysts, could result in a depressed market price and limited liquidity for our common stock.
The trading market for our common stock is influenced by the research and reports that industry or securities analysts may publish about us, our business, our market, or our competitors. If no securities or industry analysts commence coverage of us, our stock price would likely be less than that which would be obtained if it had such coverage, and the liquidity, or trading volume of our common stock may be limited, making it more difficult for a stockholder to sell shares at an acceptable price or amount. If any analysts do cover us, their projections may vary widely and may not accurately predict the results we actually achieve. Our share price may decline if our actual results do not match the projections of research analysts covering us. Similarly, if one or more of the analysts who write reports on us downgrades our stock or publishes inaccurate or unfavorable research about our business, our share price could decline. If one or more of these analysts ceases coverage of us or fails to publish reports on us regularly, our share price or trading volume could decline.
If the Merger is not consummated and we remain a public company, future sales of our common stock by Ultra may reduce the market price of common stock that you might otherwise obtain.
As of December 31, 2022, Ultra beneficially owned 45,234,022 shares of common stock and is entitled to receive an additional 14,018,188 shares in the event that the price of our common stock exceeds $17.50 per share for 20 out of any 30 consecutive trading days through October 16, 2025 (see Note 3 for details on the Fintech Transaction). If the Merger is not consummated and we remain a public company, Ultra or its affiliates may sell large amounts of the Company's common stock in the open market or in privately negotiated transactions. The Company also entered into a registration rights agreement with Ultra and certain other stockholders, pursuant to which it granted certain registration rights to Ultra and the other stockholders party thereto. The registration and availability of such a significant number of shares of common stock for trading in the public market may increase the volatility in the Company’s stock price or put significant downward pressure on the price of its stock.
