Item 1A. Risk Factors
We operate in a rapidly changing environment that involves a number of risks which could materially affect our business, financial condition or future results, some of which are beyond our control. In addition to the other information set forth in this Quarterly Report on Form 10-Q, the risks and uncertainties that we believe are most important for you to consider are discussed in Part I-Item 1A under the heading “Risk Factors” in our Annual Report on Form 10-K for the year ended December 31, 2022, as filed with the Securities and Exchange Commission (“SEC”) on March 8, 2023. The risk factors set forth below are risk factors containing changes, which may be material, from the risk factors previously disclosed in Item 1A of our Annual Report on Form 10-K for the fiscal year ended December 31, 2022, as filed with the SEC.
We have incurred significant losses since our inception. We expect to continue to incur losses over the next several years and may never achieve or maintain profitability.
We are a clinical development-stage biopharmaceutical company. In November 2013, we merged with Sonkei Pharmaceuticals, Inc. (“Sonkei”), and, in February 2014, we acquired Mind-NRG Sarl (“Mind-NRG”), which were also clinical development-stage biopharmaceutical companies. Investment in biopharmaceutical product development is highly speculative because it entails substantial upfront capital expenditures and significant risk that any potential product candidate will fail to demonstrate adequate effect or an acceptable safety profile, gain regulatory approval or become commercially viable. In August 2022, we submitted a New Drug Application (“NDA”) with the U.S. Food and Drug Administration (“FDA”) for our lead product candidate, roluperidone. The FDA subsequently notified us that they would not accept the file for review, issuing a refusal to file letter (“RTF”) in October 2022. In December 2022, following a Type A meeting held on November 30, 2022, the FDA confirmed the RTF remained in effect with respect to our NDA for roluperidone. On May 1, 2023, we announced that the FDA filed our NDA for roluperidone on April 27, 2023. The decision to file the NDA followed our request for formal dispute resolution and appeal of the October 2022 RTF. On May 8, 2023, we received confirmation from the FDA that the NDA for roluperidone has been assigned a standard review classification, and that the FDA has assigned a Prescription Drug User Fee Act (PDUFA) goal date of February 26, 2024. The FDA advised that it identified potential review issues that had been previously cited in the RTF decision letter, which included those discussed at the Type C meeting in March 2022, namely: (i) the potential impact of roluperidone administration on the efficacy and safety of antipsychotic drugs, or more specifically, the psychiatric division (the “Division”) wanted reassurance that those patients administered roluperidone who manifest worsening of schizophrenia symptoms and in the opinion of the clinician/investigators need treatment with antipsychotics, do not experience a diminished benefit of the antipsychotic treatment or unexpected adverse effects; (ii) the comparability of US and non-US schizophrenia patients, or more specifically, the Division wanted to be reassured that data collected in MIN-101C03 in non-US patients is applicable to US patients; (iii) supporting statistical evidence of efficacy of roluperidone on negative symptoms; and (iv) the ability of clinicians to identify patients who might benefit from roluperidone. See also the section titled “Item 2. Management’s Discussion and Analysis of Financial Condition and Results of Operations—Clinical and Regulatory Updates—Type C Meeting (March 2, 2022)” for more information. While the FDA filed the NDA for roluperidone, we may never succeed in any or all these activities and, even if we do, we may never generate sufficient revenue to achieve profitability.
We have no products approved for commercial sale and have not generated any revenue from product sales to date, and we may never generate product revenue or achieve profitability. As of March 31, 2023, we had an accumulated deficit of approximately $373.8 million.
22
We expect to continue to incur significant losses for the foreseeable future, and we expect these losses to increase as we continue our research and development of, and/or seek regulatory approvals for, roluperidone and other potential product candidates. If any of our product candidates fail in clinical trials or do not obtain regulatory approval, or if any of our product candidates, if approved, fail to achieve market acceptance, we may never generate revenue or become profitable. Even if we achieve profitability in the future, we may not be able to sustain profitability in subsequent periods. Failure to become and remain profitable may adversely affect the market price of shares of our common stock and our ability to raise capital and continue operations. We may encounter unforeseen expenses, difficulties, complications, delays and other unknown factors that may adversely affect our business. The size of our future net losses will depend, in part, on the rate of future growth of our expenses and our ability to generate revenues. Our prior losses and expected future losses have had and will continue to have an adverse effect on our results of operations, financial position and working capital.
We will require additional capital to finance our operations, which may not be available to us on acceptable terms, or at all. Failure to obtain this necessary capital when needed may force us to delay, limit or terminate our product development efforts or other operations.
Our operations and the historic operations of Sonkei and Mind-NRG have consumed substantial amounts of cash since inception. As of March 31, 2023, we had cash, cash equivalents, and restricted cash of $36.1 million. We believe that our existing cash, cash equivalents, and restricted cash will be sufficient to meet our cash commitments for at least the next 12 months after the date that our interim condensed financial statements are issued. The process of drug development can be costly, and the timing and outcomes of clinical trials are uncertain. The assumptions upon which we have based our estimates are routinely evaluated and may be subject to change. The actual amount of our expenditures will vary depending upon a number of factors, including, but not limited to, the design, timing and duration of future clinical trials, the progress of our research and development programs, the infrastructure to support a commercial enterprise, the cost of a commercial product launch, and the level of financial resources available.
We will require additional capital to continue advancing the development, regulatory approval process and potential commercialization of roluperidone and other potential product candidates that we may develop in the future. Because the length of time and activities associated with successful development of product candidates are highly uncertain, we are unable to estimate with certainty the actual funds we will require for development and any approved marketing and commercialization activities. Additional capital may not be available in sufficient amounts or on reasonable terms, if at all, and our ability to raise additional capital may be adversely impacted by global economic conditions, including the recent disruptions to and volatility in the credit and financial markets in the U.S. and worldwide resulting from the COVID-19 pandemic, the war in Ukraine and other factors. Our future funding requirements, both short and long-term, will depend on many factors, including:
•the initiation, progress, timing, costs and results of pre-clinical studies and clinical trials for our product candidates and future product candidates we may develop;
•the outcome, timing and cost of seeking and obtaining regulatory approvals from the European Commission, FDA, and comparable foreign regulatory authorities, including the potential for such authorities to require that we perform more studies than those that we currently expect;
•the cost to establish, maintain, expand and defend the scope of our intellectual property portfolio, including the amount and timing of any payments we may be required to make, or that we may receive, in connection with licensing, preparing, filing, prosecution, defense and enforcement of any patents or other intellectual property rights;
•the effect of competing technological and market developments;
•market acceptance of any approved product candidates;
•the costs of acquiring, licensing or investing in additional businesses, products, product candidates and technologies; and
•the cost of establishing sales, marketing and distribution capabilities for our product candidates for which we may receive regulatory approval and that we determine to commercialize ourselves or in collaboration with our partners.
If we are unable to raise additional capital in sufficient amounts or on terms acceptable to us, we may have to delay, limit or terminate the development or commercialization of one or more of our product candidates or other operations, including potentially discontinue operations altogether. In addition, when we need to secure additional financing, such additional fundraising efforts may divert our management from our day-to-day activities, which may adversely affect our ability to develop and commercialize our product candidates. Any of these events could significantly harm our business, financial condition and prospects, and our stockholders could lose all or part of their investment in our company.
We cannot give any assurance that any of our product candidates will receive regulatory approval in a timely manner or at all, which is necessary before they can be commercialized.
23
The regulatory approval process is expensive and the time required to obtain approval from the European Commission (following the opinion of the Committee of Medicinal Products for Human Use of the European Medicines Agency (“EMA”)), FDA or other comparable regulatory authorities in other jurisdictions to sell any product is uncertain and may take years.
Whether regulatory approval will be granted is unpredictable and depends upon numerous factors, including the substantial discretion of the regulatory authorities. Moreover, the filing of an application for regulatory approval, including NDA, or Biologics License Application (“BLA”), a Marketing Authorization Application (“MAA”) in the EEA, or comparable foreign regulatory applications for approval, requires a payment of a significant user fee upon submission. The filing of applications for regulatory approval of our product candidates may be delayed due to our lack of financial resources to pay such user fee.
If, following submission, our application is not accepted for substantive review or approved, the EMA, FDA or other comparable foreign regulatory authorities may require that we conduct additional clinical or pre-clinical trials, provide additional data, manufacture additional validation batches or develop additional analytical tests methods before they will reconsider our application. On October 14, 2022, we received a refusal-to-file communication from the FDA for our NDA submission for roluperidone, our lead product candidate, which decision was confirmed by the FDA in a subsequent Type A meeting. On April 27, 2023, the FDA filed our NDA for roluperidone following our request for formal dispute resolution and appeal of the refusal-to-file letter. On May 8, 2023, we received confirmation from the FDA that our NDA for roluperidone had been assigned a standard review classification and a Prescription Drug User Fee Act (“PDUFA”) goal date of February 26, 2024. The FDA also advised that it identified potential review issues that had been previously cited in the RTF decision letter, which included those discussed at the Type C meeting in March 2022, namely: (i) the potential impact of roluperidone administration on the efficacy and safety of antipsychotic drugs, or more specifically, the Division wanted reassurance that those patients administered roluperidone who manifest worsening of schizophrenia symptoms and in the opinion of the clinician/investigators need treatment with antipsychotics, do not experience a diminished benefit of the antipsychotic treatment or unexpected adverse effects; (ii) the comparability of US and non-US schizophrenia patients, or more specifically, the Division wanted to be reassured that data collected in MIN-101C03 in non-US patients is applicable to US patients; (iii) supporting statistical evidence of efficacy of roluperidone on negative symptoms; and (iv) the ability of clinicians to identify patients who might benefit from roluperidone. See also the section titled “Item 2. Management’s Discussion and Analysis of Financial Condition and Results of Operations—Clinical and Regulatory Updates—Type C Meeting (March 2, 2022)” for more information. [Author1] Even though the NDA has been filed by the FDA, the review issues may prevent approval and result in a Complete Response Letter, potentially requiring additional studies. [Author2] Additional studies and data would impose increased costs and delays in the regulatory approval process, which may require us to expend more resources than we have available. In addition, the EMA, FDA or other comparable foreign regulatory authorities may not consider any additional required trials, data or information that we perform or provide to be sufficient, or we may decide, or be required, to abandon the program.
Moreover, policies, regulations, or the type and amount of pre-clinical and clinical data necessary to gain approval may change during the course of a product candidate’s clinical development and may vary among jurisdictions. It is possible that none of our existing product candidates or any of our future product candidates will ever obtain regulatory approval, even if we expend substantial time and resources seeking such approval.
Our product candidates could fail to receive regulatory approval for many reasons, including the following:
•The EMA, FDA or other regulatory authorities may disagree with the design or implementation of our clinical trials.
•We may be unable to demonstrate to the satisfaction of the EMA, the European Commission, the FDA or other comparable regulatory authorities that a product candidate is safe and effective for its proposed indication.
•The results of clinical trials may not meet the level of statistical significance required by the EMA, FDA or other regulatory authorities for approval.
•We may be unable to demonstrate that a product candidate’s clinical and other benefits outweigh any safety risks.
•The EMA, the European Commission, the FDA or other regulatory authorities may disagree with our interpretation of data from pre-clinical studies or clinical trials.
•The data collected from clinical trials of our product candidates may not be sufficient to support an NDA or other submission or to obtain regulatory approval in the United States or elsewhere.
•The national competent authorities of EU Member States, FDA or other regulatory authorities may fail to approve the manufacturing processes or facilities of third-party manufacturers with which we contract for clinical and commercial supplies.
•The approval policies or regulations of the European Commission, FDA or other regulatory authorities may significantly change in a manner rendering our clinical data insufficient for approval.
24
Even if we obtain approval for a particular product, regulatory authorities may approve that product for fewer or more limited indications, including more limited patient populations, than we request, may require that contraindications, warnings, or precautions be included in the product labeling, including a boxed warning, may grant approval contingent on the performance of costly post-marketing clinical trials or other post-market requirements, including risk evaluation and mitigation strategies (“REMS”) or comparable foreign strategies, or may approve a product candidate with a label that does not include the labeling claims necessary or desirable for the successful commercialization of that product. Any of the foregoing could materially harm the commercial prospects for our product candidates.
A variety of risks associated with international operations could materially adversely affect our business.
We own one Swiss subsidiary, expect to engage in significant cross-border activities, and we will be subject to risks related to international operations, including:
•different regulatory requirements for conduct of clinical trials of investigational drugs and obtaining and maintaining approval of drugs in foreign countries;
•reduced protection for contractual and intellectual property rights in certain countries;
•unexpected changes in tariffs, trade barriers and regulatory requirements;
•economic weakness, including inflation, political instability in particular foreign economies and markets, such as the instability caused by Russia’s invasion of Ukraine, or public health issues or pandemics, such as the COVID-19 pandemic;
•compliance with tax, employment, immigration and labor laws for employees living or traveling abroad;
•compliance with tax laws of various jurisdictions, including with respect to intercompany transfer pricing arrangements and taxable nexus;
•foreign currency fluctuations, which could result in increased operating expenses and reduced revenue, and other obligations incident to doing business in another country;
•workforce uncertainty in countries where labor unrest is more common than in North America;
•tighter restrictions on privacy and the collection and use of patient data; and
•business interruptions resulting from geopolitical actions, including political instability, hostilities, war and terrorism, such as the war in Ukraine, or natural disasters including pandemics, earthquakes, typhoons, floods and fires.
If any of these issues were to occur, our business could be materially harmed.
In addition, we publish privacy policies, marketing materials and other statements, such as compliance with certain certifications or self-regulatory principles, regarding data privacy and security. If these policies, materials or statements are found to be deficient, lacking in transparency, deceptive, unfair, or misrepresentative of our practices, we may be subject to investigation, enforcement actions by regulators or other adverse consequences.
Our common stock may be delisted from The Nasdaq Capital Market which could negatively impact the price of our common stock, liquidity and our ability to access the capital markets.
Our common stock is currently listed on The Nasdaq Capital Market under the symbol “NERV.” The listing standards of The Nasdaq Capital Market provide that a company, in order to qualify for continued listing, must maintain a minimum stock price of $1.00 and satisfy standards relative to minimum stockholders’ equity, minimum market value of publicly held shares and various additional requirements. If Nasdaq delists our securities from trading on its exchange for failure to meet the listing standards, we and our stockholders could face significant negative consequences including:
•limited availability of market quotations for our securities;
•a determination that the common stock is a “penny stock” which would require brokers trading in the common stock to adhere to more stringent rules, possibly resulting in a reduced level of trading activity in the secondary trading market for shares of common stock;
•a limited amount of analyst coverage, if any; and
•a decreased ability to issue additional securities or obtain additional financing in the future.
25
Delisting from The Nasdaq Capital Market could also result in other negative consequences, including the potential loss of confidence by suppliers, customers and employees, the loss of institutional investor interest and fewer business development opportunities.
As previously reported, on January 12, 2022, we received a deficiency letter from Nasdaq notifying us that, for the previous 30 consecutive business days, the closing bid price of our shares of common stock had not been maintained at the minimum required closing bid price of at least $1.00 per share, as required for continued listing on The Nasdaq Global Market, where our securities were listed for trading at the time. In accordance with the listing rules of Nasdaq, we were given 180 calendar days, or until July 11, 2022, to regain compliance with the minimum bid price requirement. On June 17, 2022, we implemented a one-for-eight (1-for-8) reverse stock split of our outstanding commons stock in an effort to regain compliance with Nasdaq’s minimum bid price requirement of $1.00 per share. On July 6, 2022, we received a letter from Nasdaq notifying us that the closing bid price of our common stock had been at $1.00 per share or greater for the last 10 consecutive business days and we had regained compliance with Nasdaq Stock Market Rule 5450(a)(1) and this matter was closed.
On March 8, 2022, we received a second deficiency letter from Nasdaq that our stockholders’ equity as reported in our Annual Report on Form 10-K for the year ended December 31, 2021 did not satisfy The Nasdaq Global Market continued listing requirement of $10 million as set forth in Nasdaq Stock Market Rule 5450(b)(1). We had 45 calendar days from the date of this letter to submit to Nasdaq a plan to regain compliance with such requirement. Nasdaq later extended the deadline for such submission, and we subsequently submitted our plans to regain compliance on May 2, 2022, May 24, 2022 and May 25, 2022. On June 3, 2022, we received a letter from Nasdaq notifying us that it has determined to grant us an extension until September 5, 2022 to regain compliance with Nasdaq Stock Market Rule 5450(b)(1). In September 2022, we submitted an application to Nasdaq to transfer our common stock from The Nasdaq Global Market to The Nasdaq Capital Market, as allowed under Nasdaq Stock Market Rule 5810(c)(3)(A). Based on our meeting the listing requirements of The Nasdaq Capital Market, our application was approved by Nasdaq. Effective September 12, 2022, we transferred the listing of our common stock from The Nasdaq Global Market to The Nasdaq Capital Market.
Also as previously reported, on December 1, 2022, we received a deficiency letter from Nasdaq notifying us that for the last 30 consecutive business days, our minimum Market Value of Listed Securities (“MVLS”) was below the minimum of $35 million required for continued listing on The Nasdaq Capital Market pursuant to Nasdaq Listing Rule 5550(b)(2). In accordance with the listing rules of Nasdaq, we have been provided an initial period of 180 calendar days, or until May 30, 2023, to regain compliance. The letter states that the Nasdaq staff will provide written notification that we have achieved compliance with Rule 5550(b)(2) if at any time before May 30, 2023, our MVLS closes at $35 million or more for a minimum of ten consecutive business days. If compliance is not achieved by May 30, 2023, we expect that Nasdaq would provide written notification to us that our securities are subject to delisting.
While we will continue to monitor our MVLS and consider available options to regain compliance with the Nasdaq minimum MVLS requirements, which may include applying for an extension of the compliance period or appealing to a Nasdaq Hearings Panel, there can be no assurance that we will be able to regain compliance with the Nasdaq minimum MVLS requirements or otherwise maintain compliance with the other Nasdaq listing requirements.
In particular, our share price may continue to decline for a number of reasons, including many that are beyond our control. See the risk factor captioned “The market price of our stock may be volatile, and you could lose all or part of your investment”, described in our Annual Report on Form 10-K for the year ended December 31, 2022.
If we fail to comply with the continued listing standards of The Nasdaq Capital Market, we may seek to list our common stock on the NYSE American or on a regional stock exchange or, if one or more broker-dealer market makers comply with applicable requirements, the over-the-counter (“OTC”) market. Listing on such other market or exchange could reduce the liquidity of our common stock. If our common stock were to trade in the OTC market, an investor would find it more difficult to dispose of, or to obtain accurate quotations for the price of, the common stock. Delisting of the common stock could depress our stock price, substantially limit liquidity of our common stock and materially adversely affect our ability to raise capital on terms acceptable to us, or at all. Further, delisting of the common stock would likely result in the common stock becoming a “penny stock” under the Exchange Act.
Even if we commercialize any of our product candidates, these products may become subject to unfavorable pricing regulations, third-party reimbursement practices or healthcare reform initiatives, which could harm our business.
26
The laws that govern regulatory approvals, pricing and reimbursement for new drug products vary widely from country to country. Current and future legislation may significantly change the approval requirements in ways that could involve additional costs and cause delays in obtaining approvals. In many countries, the pricing review period begins after marketing or product licensing approval is granted. Some countries require approval of the sale price of a drug before it can be marketed or soon thereafter. Additionally, in some foreign markets, prescription pharmaceutical pricing remains subject to continuing governmental control even after initial approval is granted. As a result, we might obtain regulatory approval for a product in a particular country, but then be subject to price regulations that delay our commercial launch of the product, possibly for lengthy time periods, which could negatively impact the revenues we generate from the sale of the product in that particular country. Adverse pricing limitations may hinder our ability to recoup our investment in one or more product candidates even if our product candidates obtain regulatory approval.
In international markets, reimbursement and healthcare payment systems vary significantly by country, and many countries have instituted price ceilings on specific products and therapies. In the European Union (“EU”), the pricing and reimbursement schemes of medicinal products is governed by the national legislation of each EU Member State and also vary widely from country to country. In these countries, pricing negotiations with governmental authorities can take considerable time after receipt of regulatory approval for a product. Some countries provide that products may be marketed only after a reimbursement price has been agreed. Some countries may require the completion of additional studies that compare the cost-effectiveness of a particular product candidate to currently available therapies (so called health technology assessments) in order to obtain reimbursement or pricing approval.
In addition, there can be considerable pressure by governments and other stakeholders on prices and reimbursement levels, including as part of cost containment measures in the current economic climate in the European Union. There is very limited harmonization between EU Member States regarding pricing and reimbursement practices.
Reference pricing used by various European Union Member States and parallel distribution, or arbitrage between low-priced and high-priced Member States, can further reduce prices. In particular, Germany, Portugal and Spain have all introduced a number of short-term measures to lower healthcare spending, including mandatory discounts, clawbacks and price referencing rules, which could have a material adverse effect on our business.
Moreover, in the European Economic Area some countries require the completion of additional studies that compare the cost-effectiveness of a particular medicinal product candidate to currently available therapies. This Health Technology Assessment, or HTA process, which is currently governed by the national laws of the individual EU Member States, is the procedure according to which the assessment of the public health impact, therapeutic impact and the economic and societal impact of use of a given medicinal product in the national healthcare systems of the individual country is conducted. The outcome of HTA regarding specific medicinal products will often influence the pricing and reimbursement status granted to these medicinal products by the competent authorities of individual EU Member States. On January 31, 2018, the European Commission adopted a proposal for a regulation on health technologies assessment. The proposed regulation is intended to boost cooperation among EU Member States in assessing health technologies, including new medicinal products, and providing the basis for cooperation at EU level for joint clinical assessments in these areas. In December 2021, the HTA Regulation was adopted and entered into force on January 11, 2022. It will apply from 2025.
There can be no assurance that our products will be considered cost-effective, that an adequate level of reimbursement will be available or that a foreign country’s reimbursement policies will not adversely affect our ability to sell our products profitably.
If reimbursement of our drugs is unavailable or limited in scope or amount, or if pricing is set at unsatisfactory levels, our business could be materially harmed.
Our ability to commercialize any products successfully will depend in part on the extent to which coverage and adequate reimbursement for these products and related treatments will be available from government health administration authorities and other third-party payors, such as private health insurers and health maintenance organizations. Government authorities and other third-party payors determine which medications they will cover and establish reimbursement levels. Assuming we obtain coverage for a given product by a third-party payor, the resulting reimbursement payment rates may not be adequate or may require co-payments that patients find unacceptably high. Patients who are prescribed medications for the treatment of their conditions, and their prescribing physicians, generally rely on third-party payors to reimburse all or part of the costs associated with their prescription drugs. Patients are unlikely to use our products unless coverage is provided and reimbursement is adequate to cover all or a significant portion of the cost of our products. Therefore, coverage and adequate reimbursement is critical to new product acceptance. Coverage decisions may depend upon clinical and economic standards that disfavor new drug products when more established or lower cost therapeutic alternatives are already available or subsequently become available.
27
Government authorities and other third-party payors are developing increasingly sophisticated methods of controlling healthcare costs, such as by limiting coverage and the amount of reimbursement for particular medications. Increasingly, third-party payors are requiring that drug companies provide them with predetermined discounts from list prices as a condition of coverage, are using restrictive formularies and preferred drug lists to leverage greater discounts in competitive classes, and are challenging the prices charged for medical products. In addition, in the United States, federal programs impose penalties on drug manufacturers in the form of mandatory additional rebates and/or discounts if commercial prices increase at a rate greater than the Consumer Price Index-Urban, and these rebates and/or discounts, which can be substantial, may impact our ability to raise commercial prices. Further, in the United States there has been heightened governmental scrutiny over the manner in which manufacturers set prices for their marketed products, which has resulted in several Congressional inquiries and proposed and enacted federal and state legislation designed to, among other things, bring more transparency to drug pricing, reduce the cost of prescription drugs under government payor programs, and review the relationship between pricing and manufacturer patient programs. We expect that additional U.S. federal healthcare reform measures will be adopted in the future, any of which could limit the amounts that the U.S. federal government will pay for healthcare products and services, which could result in reduced demand for our product candidates or additional pricing pressures.
Additionally, no uniform policy requirement for coverage and reimbursement for drug products exists among third-party payors in the United States. Therefore, coverage and reimbursement for drug products can differ significantly from payor to payor. As a result, the coverage determination process is often a time-consuming and costly process that will require us to provide scientific and clinical support for the use of our products to each payor separately, with no assurance that coverage and adequate reimbursement will be applied consistently or obtained in the first instance.
We cannot be sure that coverage and reimbursement will be available for any product that we commercialize and, if reimbursement is available, what the level of reimbursement will be. Coverage and reimbursement may impact the demand for, or the price of, any product candidate for which we obtain regulatory approval. If coverage and reimbursement are not available or reimbursement is available only to limited levels, we may not successfully commercialize any product candidate for which we obtain regulatory approval.
There may be significant delays in obtaining coverage and reimbursement for newly approved drugs, and coverage may be more limited than the purposes for which the drug is approved by the European Commission, FDA or comparable foreign regulatory authorities. Moreover, eligibility for coverage and reimbursement does not imply that a drug will be paid for in all cases or at a rate that covers our costs, including research, development, manufacture, sale and distribution. Interim reimbursement levels for new drugs, if applicable, may also not be sufficient to cover our costs and may only be temporary. Reimbursement rates may vary according to the use of the drug and the clinical setting in which it is used, may be based on reimbursement levels already set for lower cost drugs and may be incorporated into existing payments for other services. Prices paid for a drug also vary depending on the class of trade. Prices charged to government customers and certain customers that receive federal funds are subject to price controls, and private institutions may obtain discounts through group purchasing organizations or use formularies to leverage discounts. Net prices for drugs may be reduced by mandatory discounts or rebates required by government healthcare programs or private payors and by any future relaxation of laws that presently restrict imports of drugs from countries where they may be sold at lower prices than in the United States. Our inability to promptly obtain coverage and profitable reimbursement rates from both government-funded and private payors for any approved products that we develop could have a material adverse effect on our operating results, our ability to raise capital needed to commercialize products and our overall financial condition.
Additionally, there has been increasing legislative and enforcement interest in the United States with respect to specialty drug pricing practices. Specifically, there have been several recent U.S. Presidential executive orders, Congressional inquiries and proposed federal and proposed and enacted state legislation designed to, among other things, bring more transparency to drug pricing, review the relationship between pricing and manufacturer patient programs, and reform government program reimbursement methodologies for drugs. For example, in July 2021, the Biden administration released an executive order, “Promoting Competition in the American Economy,” with multiple provisions aimed at prescription drugs. In response to Biden’s executive order, on September 9, 2021, the U.S. Department of Health and Human Services (“HHS”) released a Comprehensive Plan for Addressing High Drug Prices that outlines principles for drug pricing reform and sets out a variety of potential legislative policies that Congress could pursue as well as potential administrative actions HHS can take to advance these principles. Further, on August 16, 2022, President Biden signed the Inflation Reduction Act of 2022 (“IRA”) into law which, among other things, (1) directs HHS to negotiate the price of certain single-source drugs and biologics covered under Medicare and (2) imposes rebates under Medicare Part B and Medicare Part D to penalize price increases that outpace inflation. The IRA permits HHS to implement many of these provisions through guidance, as opposed to regulation, for the initial years. HHS has and will continue to issue and update guidance as these programs are implemented. These provisions will take effect progressively starting in fiscal year 2023, although they may be subject to legal challenges. It is currently unclear how the IRA will be implemented but is likely to have a significant impact on the pharmaceutical industry. Further, in response to the Biden administration’s October 2022 executive order, on February 14, 2023, HHS released a report outlining three new models for testing by the CMS Innovation Center which will be evaluated on their ability to lower the cost of drugs, promote accessibility, and improve quality of care. It is unclear whether the models will be utilized in any health reform measures in the future.
28
At the state level, legislatures are passing increasing amounts of legislation and implementing regulations designed to control pharmaceutical and biological product pricing, including price or patient reimbursement constraints, discounts, restrictions on certain product access and marketing cost disclosure and transparency measures, and, in some cases, designed to encourage importation from other countries and bulk purchasing.
We are subject to stringent and evolving U.S. and foreign laws, regulations, rules, contractual obligations, policies and other obligations related to data privacy and security. Our actual or perceived failure to comply with such obligations could lead to regulatory investigations or actions; litigation; fines and penalties; disruptions of our business operations; reputational harm; loss of revenue or profits; and other adverse business consequences.
In the ordinary course of business, we collect, receive, store, process, generate, use, transfer, disclose, make accessible, protect, secure, dispose of, transmit, and share (collectively, processing) personal data and other sensitive data, including proprietary and confidential business data, trade secrets, intellectual property, data we collect about trial participants in connection with clinical trials, sensitive third-party data, and employee data. Our data processing activities may subject us to numerous data privacy and security obligations, such as various laws, regulations, guidance, industry standards, external and internal privacy and security policies, contractual requirements, and other obligations relating to data privacy and security.
In the United States, federal, state, and local governments have enacted numerous data privacy and security laws, including data breach notification laws, personal data privacy laws, and consumer protection laws (e.g. Section 5 of the Federal Trade Commission Act). For example, the federal Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), as amended by the Health Information Technology for Economic and Clinical Health Act (“HITECH”), imposes specific requirements relating to the privacy, security, and transmission of individually identifiable health information. In addition, the California Consumer Privacy Act of 2018 (“CCPA”) requires businesses to provide specific disclosures in privacy notices and honor requests of California residents to exercise certain privacy rights. The CCPA provides for civil penalties of up to $7,500 per violation and allows private litigants affected by certain data breaches to recover significant statutory damages. Although the CCPA exempts some data processed in the context of clinical trials, the CCPA may increase compliance costs and potential liability with respect to other personal data maintained about California residents.
In addition, the California Privacy Rights Act of 2020 (“CPRA”), effective January 1, 2023, expands the CCPA’s requirements, adds a new right for individuals to correct their personal information, and establishes a new regulatory agency to implement and enforce the law. Other states, such as Virginia, Colorado and Utah, have also passed comprehensive privacy laws, and similar laws are being considered in several other states. While these states, like the CCPA, also exempt some data processed in the context of clinical trials, these developments may further complicate compliance efforts, and may increase legal risk and compliance costs for us, the third parties upon whom we rely. In addition, data privacy and security laws have been proposed at the federal, state, and local levels in recent years, which could further complicate compliance efforts.
Outside the United States, an increasing number of laws, regulations, and industry standards may apply to data privacy and security, including the GDPR, as described in preceding risk factors, imposes strict requirements for processing personal data, and violators of these laws face significant penalties.
Certain jurisdictions, such as the EU, Switzerland and the UK, have enacted cross-border personal data transfer laws regulating personal data flows to third countries. In addition to personal data transfer restrictions, other countries (such as Russia and China) have adopted or proposed laws prohibiting certain businesses from transferring data outside those countries, which may increase the cost and complexity of doing business or require us not to conduct business in certain countries. Existing mechanisms that facilitate cross-border personal data transfers may change or be invalidated and may pose additional compliance burdens. For example, absent appropriate safeguards or other circumstances, the EU GDPR generally restricts the transfer of personal data to countries outside of the European Economic Area (“EEA”) that the European Commission does not consider to provide an adequate level of data privacy and security, such as the United States. The European Commission released a set of “Standard Contractual Clauses” (“SCCs”) that are designed to be a valid mechanism to facilitate personal data transfers out of the EEA to these jurisdictions. Currently, these SCCs are a valid mechanism to transfer personal data outside of the EEA. Additionally, the SCCs impose additional compliance burdens, such as conducting transfer impact assessments to determine whether additional security measures are necessary to protect the at-issue personal data. If we cannot implement a valid personal data transfer mechanism, we may face increased exposure to regulatory actions, substantial fines, and injunctions against processing or transferring personal data, as well as other adverse consequences. In particular we may be unable to import personal data to the United States, which could significantly and negatively impact our business operations, including by limiting our ability to conduct clinical trial activities in Europe and elsewhere; limiting our ability to collaborate with parties that are subject to such cross-border data transfer or localization laws; or requiring us to increase our personal data processing capabilities and infrastructure in foreign countries at significant expense.
29
In addition to data privacy and security laws, we may be contractually subject to data privacy and security obligations, including industry standards adopted by industry groups and may become subject to new data privacy and security obligations in the future. For example, certain privacy laws require our customers to impose specific contractual restrictions on their service providers. We publish privacy policies, marketing materials and other statements, such as compliance with certain certifications or self-regulatory principles, regarding data privacy and security. If these policies, materials or statements are found to be deficient, lacking in transparency, deceptive, unfair, or misrepresentative of our practices, we may be subject to investigation, enforcement actions by regulators or other adverse consequences.
Obligations related to data privacy and security are quickly changing, becoming increasingly stringent and, creating regulatory uncertainty. Additionally, these obligations may be subject to differing applications and interpretations, which may be inconsistent or conflict among jurisdictions. Preparing for and complying with these obligations requires us to devote significant resources. These obligations may necessitate changes to our information technologies, systems, and practices and to those of any third parties that process personal data on our behalf.
We may at times fail (or be perceived to have failed in our efforts to comply with our data privacy and security obligations). Moreover, despite our efforts, our personnel or third parties upon whom we rely may fail to comply with such obligations, which could negatively impact our business operations and compliance posture. For example, any failure by a third-party processor to comply with applicable law, regulations, or contractual obligations could result in adverse effects, including proceedings against us by governmental entities or others.
If we or the third parties on which we rely fail, or are perceived to have failed, to address or comply with applicable data privacy and security obligations, we could face significant consequences, including but not limited to: government enforcement actions (e.g., investigations, fines, penalties, audits, inspections, and similar); litigation (including class-action claims); additional reporting requirements and/or oversight; bans on processing personal data; orders to destroy or not use personal data; and imprisonment of company officials. Any of these events could have a material adverse effect on our reputation, business, or financial condition, including but not limited to: loss of customers; interruptions or stoppages in our business operations (including, as relevant, clinical trials); inability to process personal data or to operate in certain jurisdictions; limited ability to develop or commercialize our products; expenditure of time and resources to defend any claim or inquiry; adverse publicity; or revision or restructuring of our operations.
If our information technology systems or data, or those of third parties upon which we rely, are or were compromised, we could experience adverse consequences resulting from such compromise, including but not limited to regulatory investigations or actions; litigation; fines and penalties; disruptions of our business operations; reputational harm; loss of revenue or profits; and other adverse consequences.
In the ordinary course of our business, we or the third parties upon which we rely, may process proprietary, confidential, and sensitive data, including personal data (such as health-related data and data related to clinical trials), intellectual property, and trade secrets (collectively, sensitive information). We may rely upon third-party service providers and technologies to operate critical business systems to process sensitive information in a variety of contexts, including, without limitation, third-party providers of cloud-based infrastructure, encryption and authentication technology, employee email, content delivery to customers, and other functions. Our ability to monitor these third parties’ information security practices is limited, and these third parties may not have adequate information security measures in place. While we may be entitled to damages if our third-party service providers fail to satisfy their privacy or security-related obligations to us, any award may be insufficient to cover our damages, or we may be unable to recover such award. In addition, supply-chain attacks have increased in frequency and severity, and we cannot guarantee that third parties’ infrastructure in our supply chain or our third-party partners’ supply chains have not been compromised. We may also share or receive sensitive information with or from third parties.
Cyberattacks, malicious internet-based activity, online and offline fraud, and other similar activities threaten the confidentiality, integrity, and availability of our sensitive information and information technology systems, and those of the third parties upon which we rely. Such threats are prevalent continue to rise, are increasingly difficult to detect, and come from a variety of sources, including traditional computer “hackers,” threat actors, “hacktivists,” organized criminal threat actors, personnel (such as through theft or misuse), sophisticated nation states, and nation-state-supported actors. Some actors now engage and are expected to continue to engage in cyber-attacks, including without limitation nation-state actors for geopolitical reasons and in conjunction with military conflicts and defense activities. During times of war and other major conflicts, we and the third parties upon which we rely may be vulnerable to a heightened risk of these attacks, including retaliatory cyber-attacks, that could materially disrupt our systems and operations, supply chain, and ability to produce, sell and distribute our goods and services. We and the third parties upon which we rely may be subject to a variety of evolving threats, including but not limited to social-engineering attacks (including through phishing attacks), malicious code (such as viruses and worms), malware (including as a result of advanced persistent threat intrusions), denial-of-service attacks (such as credential stuffing), personnel misconduct or error, ransomware attacks, supply-chain attacks, software
30
bugs, server malfunctions, software or hardware failures, loss of data or other information technology assets, adware, telecommunications failures, earthquakes, fires, floods, and other similar threats.
In particular, ransomware attacks, including by organized criminal threat actors, nation-states, and nation-state-supported actors, are becoming increasingly prevalent and severe and can lead to significant interruptions in our operations, loss of data and income, reputational harm, and diversion of funds. Extortion payments may alleviate the negative impact of a ransomware attack, but we may be unwilling or unable to make such payments due to, for example, applicable laws or regulations prohibiting such payments. Similarly, supply-chain attacks have increased in frequency and severity, and we cannot guarantee that third parties and infrastructure in our supply chain or our third-party partners’ supply chains have not been compromised or that they do not contain exploitable defects or bugs that could result in a breach of or disruption to our information technology systems or the third-party information technology systems that support us and our services. Future or past business transactions (such as acquisitions or integrations) could expose us to additional cybersecurity risks and vulnerabilities, as our systems could be negatively affected by vulnerabilities present in acquired or integrated entities’ systems and technologies. Furthermore, we may discover security issues that were not found during due diligence of such acquired or integrated entities, and it may be difficult to integrate companies into our information technology environment and security program. Remote work has become more common and has increased risks to our information technology systems and data, as more of our employees utilize network connections, computers and devices outside our premises or network, including working at home, while in transit and in public locations.
Any of the previously identified or similar threats could cause a security incident or other interruption. A security incident or other interruption could result in unauthorized, unlawful, or accidental acquisition, modification, destruction, loss, alteration, encryption, disclosure of, or access to our sensitive information. A security incident or other interruption could disrupt our ability (and that of third parties upon whom we rely) to provide our services. We may expend significant resources or modify our business activities (including our clinical trial activities) to try to protect against security incidents. Certain data privacy and security obligations may require us to implement and maintain specific security measures, industry-standard or reasonable security measures to protect our information technology systems and sensitive information.
While we have implemented security measures designed to protect against security incidents, there can be no assurance that these measures, or those of a third party upon whom we rely, will be effective. For example, an external contractor experienced a cyberattack in 2019, which resulted in a disruption to patient recruitment in our Phase 3 clinical trial of roluperidone. We may be unable in the future to detect vulnerabilities in our information technology systems. We take steps to detect and remediate vulnerabilities, but we may not be able to detect and remediate all vulnerabilities because the threats and techniques used to exploit the vulnerability change frequently and are often sophisticated in nature. Therefore, such vulnerabilities could be exploited but may not be detected until after a security incident has occurred. Despite our efforts to identify and address vulnerabilities, if any, in our information technology systems, our efforts may not be successful. These vulnerabilities pose material risks to our business. Further, we may experience delays in developing and deploying remedial measures designed to address any such identified vulnerabilities.
Applicable data privacy and security obligations may require us to notify relevant stakeholders of security incidents. Such disclosures are costly, and the disclosure or the failure to comply with such requirements could lead to adverse consequences. If we (or a third party upon whom we rely) experience a security incident or are perceived to have experienced a security incident, we may experience adverse consequences. These consequences may include: government enforcement actions (for example, investigations, fines, penalties, audits, and inspections); additional reporting requirements and/or oversight; restrictions on processing sensitive information (including personal data); litigation (including class claims); indemnification obligations; negative publicity; reputational harm; monetary fund diversions; interruptions in our operations (including availability of data); financial loss; and other similar harms. Security incidents and attendant consequences may negatively impact our ability to grow and operate our business. In addition to experiencing a security incident, third parties may gather, collect, or infer sensitive information about us from public sources, data brokers, or other means that reveals competitively sensitive details about our organization and could be used to undermine our competitive advantage or market position.
Our contracts may not contain limitations of liability, and even where they do, there can be no assurance that limitations of liability in our contracts are sufficient to protect us from liabilities, damages, or claims related to our data privacy and security obligations. We cannot be sure that our insurance coverage will be adequate or sufficient to protect us from or to mitigate liabilities arising out of our privacy and security practices, that such coverage will continue to be available on commercially reasonable terms or at all, or that such coverage will pay future claims.