Item 1. Business.
In this Annual Report on Form 10-K, unless otherwise specified or where the context requires otherwise, references to “we,” “our,” “us,” “KLD” and “the Company” (i) for the periods prior to the completion of the business combination between Pivotal Acquisition Corp. and LD Topco, Inc., which closed on December 19, 2019, refer to Pivotal Acquisition Corp., the special purpose acquisition company, and (ii) for the periods after completion of the business combination, to KLDiscovery Inc., the combined company, and its consolidated subsidiaries. References to and the descriptions of the business included in this Annual Report on Form 10-K refer, prior to the business combination, to the business of LD Topco, Inc., and after the business combination, to the business of KLDiscovery Inc. This Annual Report on Form 10-K also refers to our websites, but information contained on those sites is not part of this Annual Report on Form 10-K.
Mission
We solve complex legal, regulatory and data challenges for our clients around the world by leveraging our proprietary software and innovative technology-based solutions.
Our Company
The Company was incorporated by its founder, Pivotal Acquisition Holdings LLC, or Pivotal, under the name “Pivotal Acquisition Corp.” as a blank check company on August 2, 2018 under the laws of the State of Delaware for the purpose of entering into a merger, capital stock exchange, stock purchase, reorganization or similar business combination with one or more businesses or entities. On February 4, 2019, the Company consummated its initial public offering, or the IPO, of units, with each unit consisting of one share of Class A common stock and one redeemable warrant entitling the holder to purchase one share of Class A common stock at a price of $11.50 per share, or the Public Warrants. On December 19, 2019, pursuant to an Agreement and Plan of Reorganization, dated as of May 20, 2019, as amended, the Company and LD Topco, Inc., or LD Topco, consummated a business combination transaction, or the Business Combination, pursuant to which, among other things, a merger subsidiary was merged with and into LD Topco, with LD Topco surviving the merger as a wholly owned subsidiary of the Company. The Business Combination was accounted for as a reverse merger in accordance with generally accepted accounting principles in the United States, or U.S. GAAP. Under this method of accounting, Pivotal Acquisition Corp. was treated as the “acquired” company for financial reporting purposes.
Overview
We are a leading global provider of eDiscovery, information governance and data recovery solutions to corporations, law firms, insurance companies and individuals in 16 countries around the world. With our long- standing history and transformative acquisition in 2016 of Kroll Ontrack, a storied eDiscovery platform with history dating back to 1985, we have decades of experience designing, building, and developing innovative technology solutions that evolve with the needs of our clients. Our integrated, proprietary technology solutions enable clients to efficiently and accurately collect, process, transmit, review and recover complex and large-scale enterprise data. In conjunction with our proprietary technology, we provide immediate expert consultation and 24/7/365 support worldwide, empowering us to be a “first-call” partner for mission-critical, time-sensitive, and nuanced eDiscovery and data recovery challenges. We leverage our proprietary technology solutions and extensive industry expertise to provide a more reliable, secure and seamless experience for our clients when tackling “big data” volume, velocity, and veracity challenges.
5
A key example of our purpose-built innovation is Nebula, our flagship, end-to-end AI / ML powered solution that serves as a singular platform of engagement for legal and other types of data. We also offer clients the optionality they desire—KLDiscovery-developed or externally-developed software and cloud-based or a number of different on-premise data storage options. We processed 8,009 and 7,823 Legal Technology matters for the years ended December 31, 2022 and 2021 respectively, and currently average over 32,000 data recoveries annually from all types of storage media. We believe our scale, expertise, proprietary technology and optionality, and global presence uniquely positions us to be the go-to partner for our clients and solve the world’s largest and most complicated data challenges.
Since January 1, 2020, we have provided services to a highly diverse base of more than 5,800 Legal Technology clients. Our Legal Technology clients include both law firms and corporations serving many industry sectors including finance and banking, pharmaceutical and biotechnology, technology, insurance, and real estate. Our data recovery clients include corporations and individuals that need to recover and access data. Our loyal client base includes 96% of the highest-grossing law firms in the United States as ranked by American Lawyer, known as the Am Law 100, as well as 50% of Fortune 500 companies, as of December 31, 2022. We have longstanding relationships with many of our clients. For example, the average length of our relationships with our top 25 clients based on revenue for the year ended December 31, 2022 is approximately 15 years. We actively collect and review feedback from our clients to ensure we are investing in the features and services that address their ever-evolving needs. We believe our commitment to being a “first-call” provider for our clients’ largest and most complex cases has helped drive significant revenues from larger and more complex matters, with Legal Technology matters generating over $100,000 and $500,000 in revenue representing 77% and 47%, respectively, of our Legal Technology revenue during the year ended December 31, 2022.
The legal technology industry is fragmented and bifurcated into dozens of software providers, which concentrate on technology solutions, and service providers, which license software and focus on client support to assist with managing the third-party technology. Software providers have increasingly prioritized DIY solutions and generally lack full-service support to address complex data challenges, while service providers have relied on multiple, disparate third-party tools and systems that are limited in the client use cases they can address. We bridged this gap by establishing KLDiscovery as a leading legal technology provider with scale that merges state of the art proprietary software and white-glove services. This combination allows us to manage incidents from an organization’s smallest concerns to its most complex legal reviews, as well as time and strategically sensitive legal matters.
As the first provider to license Relativity, a ubiquitous document review tool, we set a new standard in eDiscovery workflow, being the first provider to reach over one million records on the platform. Since then, we have developed KLD AI and review automation proprietary tools to augment the Relativity offering. For those clients who may choose to use third-party tools like Relativity for data hosting, we complement and enhance their experience via our proprietary toolkit to maximize the hosting platform’s functionality.
In response to an increasing number of clients seeking an end-to-end, fully integrated offering, we launched our proprietary cloud-native Nebula ecosystem in 2018. Nebula is a differentiated, comprehensive platform that addresses the full lifecycle of the Electronic Discovery Reference Model, or EDRM. Nebula is designed for enterprise adoption and can be seamlessly applied to address a multitude of use cases for the global legal and corporate communities. Clients who utilize our all-in-one platform benefit from a scalable, singular repository for their legal workflow processes, while reducing costs, and reducing data security risks inherent when processing and transferring data across multiple disparate systems and service providers. Nebula also offers clients flexibility in data delivery methods; in the public cloud, in our secure data centers, behind the client’s firewall in an enterprise server-rack and at a client’s location via Nebula Portable, optionality no other provider’s proprietary platform can offer. Regardless of data storage location, clients can seamlessly manage their data through the integrated Nebula platform. Demonstrating Nebula’s potential, we have experienced strong growth in Nebula revenues. For the year ended December 31, 2022, Nebula revenue was $28.4 million, a 9.7% increase from the prior year. Our diversified and deep-rooted client relationships provide a large and loyal user base to further accelerate the adoption and growth of Nebula.
6
As Nebula’s capabilities continue to offer additional upstream use cases beyond eDiscovery, our clients are able to leverage our technology throughout their respective eDiscovery lifecycles. For example, we offer clients Nebula Archive, which captures data across numerous platforms and provides a secure, searchable copy of data under preservation, as well as Nebula Legal Hold, which allows clients to ingest and manage hold data from any source. We believe the breadth of Nebula presents an attractive entry point for us to engage with clients early and bring them onto our platform.
Additionally, we are a global leader of data recovery services, currently averaging over 32,000 data recoveries annually from all types of storage media. With our in-lab, remote, and on-site capabilities, we recover data at an over 80% success rate from almost any device, storage manufacturer, operating system, database, and back up format. We expect to continue to benefit from our deep data recovery competencies, given the increasing relevance of data privacy and cybersecurity issues at the institutional, governmental, and international levels.
We believe we have a strong runway to capture a greater percentage of our large and growing market opportunity. Our unique combination of proprietary software and technology-enabled services, coupled with our full stack, scalable platform that covers the full EDRM life cycle, best positions us to tackle our clients’ “big data” challenges. Moreover, we believe our proprietary Nebula offering, unlike other existing solutions, offers broad flexibility in deployment methods, cost efficiency with customizable pricing models, and optimized accuracy with its underlying AI / ML technology. We see further opportunity to grow our sales among new and existing clients, scale internationally, and extend our technology leadership.
Industry background
The rule of law is integral to society—it is the foundation for systems of justice, underpins government functions, and upholds fair economic transactions and social development. From multi-national corporations and governments to local businesses and individual citizens, millions rely on legal services to navigate complex matters and uphold the law in an ever-changing world. According to Statista, legal services represents one of the largest sectors in the global economy, with worldwide spend estimated to increase to $846 billion in 2023. As technology continues to revolutionize the legal services industry, there is a significant existing market opportunity for legal technology solutions that should continue to grow.
While the legal technology industry is vast and diverse, most organizations in the industry fall into one of four categories:
•Corporations and other entities—Ultimately the “end buyers” of technology and services, they hire law firms and providers to help them navigate legal, regulatory, and cyber matters
•Law firms—Often seen as an intermediary between providers and corporations/government entities, law firms often make provider decisions on behalf of their clients. Law firms are also consumers of legal technology and solutions themselves, both for in-house matters and as an extension of their litigation technology teams. As a result, law firms not only become direct sources of revenue for service and software providers, but also an important source of referrals to corporations that providers can leverage to build direct relationships
•Service providers—License and package technology and provide services to corporations and government entities and the law firms they work with. Most service providers of any scale have some proprietary technology, but very few have material portfolios and instead rely largely on licensing third party tools
•Software providers—Create technology solutions that service providers rely on, but often take a “hands-off” approach with respect to substantive matter support or client service. They typically offer only software without domain expertise and support that goes beyond the software itself. This DIY approach is not equipped to handle large engagements. Moreover, most software providers focus their technology to a particular segment of the EDRM and/or a specific delivery vehicle, forcing buyers to maintain multiple relationships to ensure all their needs are satisfied
7
Despite the clear distinctions among these categories, there is often overlap between their needs. Service providers commonly license and repackage technology with their services to law firms and corporations, who typically lack the full requisite of resources and domain expertise. Additionally, each organization has specific needs and requirements relating to where data can be hosted, ranging from entirely cloud to entirely behind their firewall, or somewhere in between. While each organization’s technology and service needs are unique, software providers can nevertheless market their solutions to all of those organizations, due to the overlap in needs.
These dynamics underscore the market potential for software providers and highlight the opportunity that exists today for a solution that has broad functionality, around-the-clock client service, and optionality in delivery vehicles to meet all of a buyer’s data needs.
Electronic Discovery Reference Model (EDRM)
eDiscovery
eDiscovery is a critical component of the legal industry: parties preserve, collect, review, and exchange information electronically for the purpose of using it as evidence in a civil, criminal or investigative legal case or regulatory action. Electronically Stored Information or, ESI, in eDiscovery can range from simple data sources such as emails, word documents, and databases, to increasingly modern and complex data sources such as social media messages, cell phone data, and mobile applications, such as internal digital chat data, and audio / visual calls. The volume and complexity of eDiscovery varies significantly from case-to-case, ranging from small matters comprising little data to highly complex matters with vast amounts of enterprise data where support from technology and legal experts is essential. According to complexdiscovery.com, the worldwide eDiscovery software and services market is forecasted to grow from $14.0 billion in 2022 to $22.3 billion by 2027 due to the proliferation of data and legal challenges, thereby underscoring eDiscovery’s growing significance and use cases.
The eDiscovery market is highly fragmented, resulting in low penetration divided amongst many vendors. Further, within the eDiscovery industry, there is a significant disconnect between software providers and service providers. Most service providers of any scale have some proprietary technology, but very few have material portfolios and instead rely largely on licensing third party tools. These vendors lack fundamental control over the products they resell, which weakens the user experience and diminishes lifetime value.
Information governance
Information governance is a rapidly maturing discipline, the objective of which is to enable enterprises to manage their huge and growing data estates, taking into account the many demands placed upon that data. These demands include everything from ready access to data for business utility and continuity, to data protection against ransomware and other cyber-attacks, to complying with proliferating privacy and other regulatory requirements, to responding to regulatory investigations and civil litigation. Radicati estimates the information governance market will grow to approximately $8.9 billion in 2024.
8
Vendors that offer versatile solutions can help minimize costly and duplicative workflows arising from using separate systems to address multiple needs. Information governance products also serve as attractive entry points for new eDiscovery business opportunities. We expect increases in legal and regulatory demands, and burgeoning data volumes, as well as strategic needs to protect data from cyber-attacks, to drive the growing adoption of information governance solutions.
Data recovery
Data recovery technology providers help clients, ranging from Fortune 500 companies to individual consumers, recover data that would otherwise be lost for a myriad of reasons, such as system failures, accidental deletion, physical damage, natural disasters, ransomware or user error. Data recovery companies use software tools and physical inspection to diagnose and determine the condition of the media and what data may be recovered. Then, they make an image of the data and perform a logical reconstruction of it. In the case of physical damage, large- scale facilities are required as the device may need to be disassembled in a clean room lab and spare parts used to facilitate the recovery. According to the IDC, the worldwide data protection market, which consists of data recovery, archives, and backup spending, is expected to grow to $18.4 billion in 2025.
Many of the vendors in this fragmented industry are small electronics repair shops using off-the-shelf data recovery software tools. Many smaller data recovery vendors can recover data from hard disk or external drives, while some have the capability to assist with more complex data recovery from servers, storage systems, and networks. Very few global data recovery providers support large-scale operations such as clean room labs and physical data recovery capabilities. Data recovery also complements eDiscovery and information governance by minimizing the amount of data that cannot be recovered from lost or deleted files.
Our solutions
We are a legal technology pioneer with a long-standing presence developing proprietary technology solutions. We provide an expansive suite of technology offerings including our end-to-end fully integrated solution, Nebula, which comprehensively addresses information governance, eDiscovery and data recovery needs. Our solutions have been developed in-house by capitalizing on our more than 15 years of technology expertise and legal process management experience. As the first provider to license Relativity, we have developed an entire suite of proprietary technology solutions that creates a bespoke and enhanced experience within the platform.
We introduced Nebula, our proprietary platform, in 2018 after years of learning from our many client relationships and the engagements on which we support them. Our vast experience taught us that our clients needed one comprehensive and integrated platform that can be used to complete all steps of the information governance and EDRM process, and we believe Nebula fills this critical need. Complemented by our world-class client service, Nebula empowers our clients with flexible, scalable, and innovative tools. As a result, unlike other providers who cannot update the third-party software they sell in real-time or technology companies who are unable to provide after-sale support, we fully control our proprietary technology—along with the user experience—enabling us to serve as a unified one-stop shop.
KLDiscovery value proposition
Highly differentiated combination of proprietary software and human capital
We believe our position as the differentiated legal technology provider with proprietary, state of the art, EDRM software combined with our white-glove services will help drive retention and support client growth. We have spent over 15 years investing in, delivering, and perfecting data-centric technology, including our flagship eDiscovery solution, Nebula. At the same time, we built a successful track record of solving some of the most challenging legal data problems through a combination of our proprietary technology and service-oriented culture. As the relationship between software and service providers shifts within the legal industry, we are well- positioned to disrupt the space as a singular, end-to-end and trusted provider of both software and services.
9
Full stack, scalable technology offerings covering the full spectrum of the EDRM
Through our proprietary technology offerings, we provide full stack, scalable AI-powered software solutions for corporate legal functions allowing clients to collect, process, transmit, store, analyze, and govern all of their data on a single platform in a timely and efficient manner. Nebula, our singular, end-to-end platform, allows us to provide a superior level of client service and minimize the risk of a data breach. Our solutions are designed for enterprise adoption and can be applied to a wide variety of enterprise use cases outside of litigation such as internal investigations, merger clearance, and legal holds.
Nebula is a highly differentiated and comprehensive technology platform
Our proprietary platform, Nebula, addresses virtually all potential eDiscovery and information governance use cases for the global legal and corporate communities. This end-to-end platform allows our clients to contract with a single solution provider and provides one, instantly scalable, secure repository for their legal data that avoids error-prone processes of moving data through different disparate systems. Our platform enables greater efficiency and optionality by offering our clients control over the location of their data and method of delivery. Regardless of data storage location or size, clients can seamlessly manage their data through the integrated Nebula platform with consistent user experience, performance, and features. In addition, Nebula, with its single- source platform and simple usage-based pricing model, addresses virtually all use cases, thus allowing our users to benefit from greater cost predictability and improved efficiency. With existing software solutions limited by any combination of expensive pricing models, limited features, and a lack of delivery options, we believe there is an underserved population of buyers, including eDiscovery service providers, law firms, corporations, and other organizations, that can immediately benefit from Nebula. By supporting a variety of deployment environments with increased cost-efficiency, we believe Nebula is the premier, unified solution that meets and will evolve with the needs of our clients.
State of the art AI / ML functionality
Our leading-edge AI / ML technology allows clients to review their legal data accurately and quickly. We have a strong, decades-long track record of developing award-winning workflow batching software, predictive coding, and AI / ML programs that maximize the efficiency and productivity of lawyers around the world. Developed through continuous use and refinement, our legal review technology has predictive capabilities that we believe are superior to our competitors, giving us an advantage as our clients use our solutions.
Simplified and flexible pricing to provide end-to-end optimization
Our pricing model, customized based on platform functionality and data volume, allows us to offer a wide variety of optionality for our clients. We employ different pricing structures across our large suite of offerings including usage-based subscriptions, transactional, à la carte, and alternative fee arrangements for software such as our proprietary Nebula platform and our technology-enabled services and data recovery engagements. We set transparent and attractive pricing, which allows us to deepen our relationships with our large, blue-chip client base. We believe the ease of our pricing structure and solutions, even for the largest and most complex organizations, provides critical entry points for us to onboard additional products and expand beyond traditional use cases. As the strategic value of our technology solutions continues to grow, our pricing strategy will attract both existing and new clients deeper into our ecosystem.
Our business model
We offer differentiated solutions to our clients via a flexible and scalable, usage-based business model, where, as an example, clients pay us on the basis of the amount of data processed, ingested, and/or reviewed on our platform, which drives future business opportunities. Our proprietary data and technology fuels referrals from our large global client base. As more clients begin to use our software and solutions, we have opportunities to cross- and up-sell to drive growth of our complementary features and add-ons. By continuously expanding our usage, we increase our global reach and create more value for clients and stakeholders.
•Pricing—We predominately employ a usage-based pricing model for our technology platforms, such as Nebula. For these solutions, our pricing is measured by the amount of data ingested, hosted, produced, and/or reviewed. Since no single structure works for every client, we also offer a
10
subscription-based model, where clients commit to a set capacity of usage over a pre-defined term (typically one to three years) at a discount over the usage-based rates typically associated with project-by-project engagements. Our data recovery engagements are fixed fee arrangements.
•Client benefits—We offer simplicity and flexibility for our clients. Our usage-based model is designed to scale and adopt to our clients’ changing needs. With no user fees, Nebula pricing is transparent and allows clients to efficiently budget and support any legal, project, and technology demands.
•Network effect—As we continue to grow, we accumulate more data across our ecosystem, which strengthens our technology capabilities and enhances user experience, which attracts even more clients. We allow our clients to store and reuse data for future legal purposes which can serve as the starting point for new sales opportunities. Our AI / ML technology continuously processes more data and observes human usage to refine our platform for increased efficiency and relevancy.
•Partner Channel Subscriptions—Starting in 2022, we began offering multi-year agreements for Nebula based on usage tiers. With existing software solutions limited by any combination of expensive pricing models, limited features, and a lack of delivery options, we believe there is an under serviced population of buyers ranging from eDiscovery providers, law firms, corporations, to other organizations that can immediately benefit from Nebula.
For the years ended December 31, 2022 and 2021, revenues arising from usage-based agreements comprised 89.9% and 90.7% of revenue, respectively, while subscription agreements comprised 10.1% and 9.3% of revenue, respectively.
Our clients
Our Legal Technology clients include both law firms and corporations serving many industry sectors including finance and banking, pharmaceutical and biotechnology, technology, insurance, and real estate. Our data recovery clients include corporations and individuals that need to recover and access data.
Our definition of a Legal Technology client includes each primary law firm and corporation to which we provided services in a litigation matter that we billed during the past two years. Since January 1, 2020, we provided services to more than 5,800 Legal Technology clients. As of December 31, 2022, our clients include 96% of the Am Law 100 and 50% of Fortune 500 companies.
We have longstanding relationships with our clients; the average length of our client relationship with the top 25 clients for the year ended December 31, 2022 is 15 years. As of and for the year ended December 31, 2022 we had one single customer that represented approximately six percent (6%) of our consolidated revenues and one single customer that represented approximately six percent (6%) of our consolidated accounts receivable and, as of and for the year ended December 31, 2021, we did not have a single customer that represented more than five percent (5%) or more of our consolidated revenues or accounts receivable.
Our key differentiators
A trusted partner for the most complex, mission critical legal matters and data needs
Through our decades of experience, we have built a reputation of technological excellence and “first-call” expertise for the most complex legal and data challenges worldwide. Our proven ability to perform the most difficult legal data reviews (such as antitrust second requests, joint defense, and large-scale M&A matters) and help our clients through their most challenging moments (such as mitigating and navigating a ransomware event) has made us a critical partner for our clients. Our proprietary technology capabilities and ability to evolve with the needs of our clients results in better outcomes for their organizations. By building a reputation as a trusted legal solution provider, we have created a loyal client base that will allow us to drive future business opportunities and expand the reach of our offerings including Nebula. Our comprehensive offerings distinctly position us to navigate our dedicated client base through the technological transformation of the legal industry while serving as a critical partner for all their legal technology needs.
11
Comprehensive technology solutions that expand beyond traditional eDiscovery use cases
As Nebula continues to expand further upstream within the EDRM, our technology is leveraged earlier in the data lifecycle, opening an attractive entry point for engaging our clients and moving them along the eDiscovery journey within our end-to-end Nebula platform. We believe our position as a one-stop platform that offers comprehensive solutions allows clients to contract with a single provider, avoiding frictions and risks in moving data and contracting multiple providers. Additionally, we are a global leader of data recovery services, supporting both small businesses and large enterprises with business server recoveries and backup tape restorations. Our proprietary incident response solutions enable our clients to recover from the deletion or destruction of data due to malicious or accidental incidents. The rapid proliferation of ransomware episodes faced by organizations worldwide validates the value of data today and how critical it is to retrieve.
Founder led, proven and experienced management team
Chris Weiler, our Chief Executive Officer, co-founded our Company in 2005 with a mission to support clients through their most complex and stressful legal and data challenges. As one of the longest-tenured CEOs in the global eDiscovery sector, he provides extensive industry expertise and relationships. Moreover we have a deep team of seasoned executives, including Dawn Wilson (Chief Financial Officer) and Danny Zambito (Chief Operating Officer), Daniel Balthaser (EVP of Engineering), Robert Hunter (EVP of Global IT and eDiscovery Operations), Krystina Jones (Chief Revenue Officer), Anthony DeJohn (EVP of Product, Design, and Data Science), Oscar Vega (EVP of Global Sales and Marketing), Andy Southam (General Counsel), Lindsey Hammond (SVP of Global Talent), and Dan Clarkin (SVP of Global Managed Review Services) who have collectively spent over 185 years in the legal and technology industries. Furthermore, our sales and software development executives have worked together over the past 15+ years and developed a seamless feedback loop to improve our technology in response to the changing needs of our clients. Together, our experienced and passionate team is committed to delivering best-in-class solutions and a superior user experience to our clients worldwide.
Expansive global footprint
Our geographic presence spans 25 locations in 16 countries. Our broad reach provides us with the ability to act as a first responder when clients have urgent work requiring immediate attention. In addition, our familiarity with local laws and regulations allows us to effectively assist clients in navigating complex, cross-border situations.
Highly qualified and experienced sales force
Our sales management team recruits and retains highly qualified and experienced sales team members, focusing on expertise, knowledge and tenure, prioritizing the quality of team members over the quantity. Our top 15 sales team professionals by revenue average 16 plus years of experience in the eDiscovery industry and averaged more than $14.8 million in revenue per person for the year ended December 31, 2022, while our entire sales organization had a revenue per person average of over $5.3 million for the same period. We rely on a team of value-add sales professionals to act as consultants for their clients across a wide array of offerings. In 2020, we effectively integrated our data recovery and legal technology sales teams to better offer the full KLDiscovery portfolio of technology and solutions to a wider base of existing clients.
Established track-record with scale and financial flexibility to fund investments
Our size and scale provide us with the financial flexibility to self-fund the development of our Nebula platform as we continue to advance new product features and enhancements. We possess a unique combination of industry-leading scale, with our loyal client base of more than 5,800 Legal Technology clients and with offices in 16 different countries as of December 31, 2022, and financial flexibility. We have a strong track record of funding our growth expansion in a disciplined manner, and we believe our robust financial profile affords us the continued financial flexibility to do so.
12
Our growth strategy
Building on the many strengths of our existing business and strategy, we are focused on continuing to enhance our proprietary solutions, expand our ecosystem, and extend our reach to capitalize on our large and growing market opportunity.
•Extend our technology leadership with continued innovation and platform expansion. We have successfully built a strong technology platform based on years of research and feedback from our clients and strive to further invest in research and development to maintain our track record of innovation. We plan to drive growth by expanding the functionality of our current platform, including the Nebula ecosystem, and broaden the range of products we offer. In addition, we will continue working to be an industry leader for ease of client experience through seamless integration with clients’ back-office functions. We will also seek to capitalize on our highly transparent pricing to capture mission-critical, high value, and long-term revenue opportunities. As we continue to innovate and increase our value proposition and address clients’ challenges within eDiscovery, information governance, and data recovery, we believe we will strengthen the breadth of our premium product offerings, increase penetration of existing clients, and grow our addressable market.
•Continue to increase adoption of Nebula on a global scale. Our large and deep-rooted client relationships on a global basis provide a loyal base to expand adoption of Nebula, in addition to new service providers, law firms, and corporations. As we continue to innovate and improve Nebula’s offerings, we plan to gradually transition our clients who rely on third-party software onto our proprietary Nebula platform. For these clients who may use a different eDiscovery platform, we believe we can increase Nebula adoption by introducing and educating these clients to the advantages of our proprietary and differentiated platform. With new functionalities continuing to be released in 2023 and beyond, such as granular document-level permissions and enhanced analytics, we believe Nebula will further differentiate itself versus offerings from other providers, thus allowing us to capture a larger total addressable market within eDiscovery.
•Grow our client base and drive incremental penetration within existing clients. With the increased adoption of technological solutions within the legal industry and more organizations opting for functional solutions like those we offer, we see significant client growth potential for our business. We will continue to drive brand awareness on the robust functionalities, ease of use, and high degree of customizability of our offerings, in order to accelerate the growth of new clients. We believe that Nebula, our differentiated end-to-end offering that spans the eDiscovery lifecycle, positions us to up- and cross-sell additional products to existing clients seeking to reap the full benefits of our comprehensive product suite. We believe our release of new products, tools, add-ons, and features has increased the value we provide to our clients, and our growing product capabilities will continue to attract new and maintain existing clients.
•Build partner channels. In 2022, we began to build our partner channel by selling subscriptions for Nebula, and as of December 31, 2022 we had seven partners in our partner channel. These agreements generally have a minimum one-year commitment and our goal is to have a two-year average commitment across our entire partner channel. We will leverage and broaden our partnerships with other eDiscovery providers, law firms, corporations, consulting firms and other organizations to drive growth and bring innovation to the global legal community. Nebula’s comprehensive capabilities and competitive pricing will allow us to target multiple partner market segments, spanning those seeking a single “one-stop-shop” solution to those who may require a point solution to process and triage small data volumes in-house for loading to other applications. The subscriptions are generally based on usage tiers and offer all of our technology for the client’s use, with the option to pay extra for services. By building a partner channel for Nebula, we are able to generate revenue opportunities from a brand-new population of buyers and further increase industry awareness and utilization of Nebula.
•Expand and strengthen sales force coverage. We continue to recruit, attract and retain top sales professionals to capture untapped clients and we intend to hire more sales professionals to drive growth. We pride ourselves in our high-quality and globally integrated salesforce and their ability to
13
bring in significant revenue. They are cross trained across our product suite so they can sell our comprehensive offerings to new and existing clients.
•Further our presence in international markets. The eDiscovery market is global, and we continue to invest to increase our market share worldwide. We already have an established presence in 16 countries with qualified sales reps and client support. Internationally, our flexible delivery models (such as Microsoft Azure and Nebula Enterprise) enable us to more easily penetrate new markets and better adapt to the varied and unique data handling requirements and regulations that our clients face across different geographies.
•Pursue opportunistic strategic acquisitions. We continue to seek acquisitions that will expand the depth and breadth of our product offerings and make us the provider of choice for existing and new clients. With our strong leadership and demonstrated success of our platform, we believe we will be able to attract strong acquisition targets going forward. Our past acquisitions demonstrate our management’s ability to effectively source, execute, and integrate acquisitions into our existing and growing platform. We plan to continue to opportunistically pursue our acquisition strategy to continue to provide more comprehensive offerings for the highly fragmented eDiscovery and information governance industries.
Our products and technology
We have developed an array of integrated technologies and offerings that allows us to provide exceptional value to our clients.
eDiscovery
Nebula
Nebula epitomizes the modern, cloud-native application boasting the latest in AI / ML. Our award-winning software development and data science teams have incorporated best-of-breed technologies ranging from our own patented AI / ML technology to cutting-edge public cloud machine learning suites throughout Nebula to enhance efficiencies, streamline user experiences, and drive results.
Nebula can be delivered across numerous delivery vehicles, allowing the technology to be viable for virtually any use-case.
•Hosted in Microsoft Azure—Nebula maximizes the scalability, resiliency, and performance benefits of the Microsoft Azure cloud platform, delivering a powerful and fully optimized SaaS solution. Nebula is currently available via Azure with a wide regional diversity to address data sovereignty considerations across the globe. Clients with cloud-first strategies, or those with “in-region” mandates, will easily satisfy those requirements by utilizing the Nebula global cloud footprint. Further, we are always expanding Nebula’s global reach with multiple new regions added each year.
As with all Nebula deployments, security and compliance are top requirements. Microsoft Azure supports compliance with a broad set of industry-specific laws and meets comprehensive international standards. For example, Azure has ISO 27001, ISO 27017, ISO 27018, ISO 22301, ISO 9001 certifications, PCI DSS Level 1 validation, SOC 1 Type 2 and SOC 2 Type 2 attestations, HIPAA Business Associate Agreement, and HITRUST certification. Operated and maintained globally, Microsoft Azure is regularly and independently verified for compliance with industry and international standards and provides clients the foundation to achieve compliance for their applications.
•Hosted in Nebula data centers—Nebula is also hosted in seven countries strategically positioned globally. We continually invest in our overall infrastructure. Running the same code as our other deployment models, our hosted SaaS deployments boast the same highly efficient, containerized, auto-scaling capabilities as do our cloud deployments. All our deployments are built for high availability, strong uptime, and robust disaster recovery and business continuity in the event of major disruptions. We maintain a global security governance program designed to meet current best-in-class security practices. Nebula’s infrastructure is regularly audited to maintain ISO 27001 certification. In addition,
14
our data centers in North America are audited for SOC II compliance. Both audits assess the security standards, procedures, controls, and related practices deployed throughout our global operations. We believe Nebula provides the highest levels of performance, data protection, and fault tolerance, and unparalleled disaster recovery capabilities.
•Portable appliance—Nebula Portable is an encrypted device that is the size of a carry-on suitcase that functions as an entirely private and isolated Nebula instance. As with all our applications, security is of the utmost importance—providing clients with an elegant air-gapped solution for needs including data privacy, fraud investigations, cross-border litigation, and reviewing highly sensitive data.
•Enterprise appliance—Though Nebula, we are expanding availability of a rack-mounted solution to accommodate the geographic and data control needs of our clients. Nebula Enterprise brings the power, flexibility, and enhanced feature set of Nebula to clients’ data centers in a plug-and-play expandable appliance designed to address a myriad of security and compliance considerations. The capacity of our enterprise models ranges from a five terabyte model designed for corporations or law-firms seeking a small scale, low maintenance, in-house eDiscovery capability solution up to a 100 terabyte model for a large eDiscovery vendor’s entire technology stack.
oReliability—Designed for long-term installation with minimal maintenance, Nebula Enterprise is self-healing, meaning the system can automatically restore normal operations in the event of hardware failure. Administrators are notified when an element requires replacement, and maintenance can be scheduled while maintaining functionality in the interim.
oScalability—With different sizes available to meet client needs, this enterprise-grade hardware solution is offered as an annual subscription. In addition, Nebula Enterprise’s storage can be expanded to larger tiers as a client’s organization grows.
oComprehensive dashboard—An integrated dashboard allows client’s IT staff to control and configure the system. In the event additional assistance is needed, secure remote support can be authorized through the dashboard.
oScheduled Nebula updates—Nebula Enterprise subscribers receive complete Nebula upgrades, with the flexibility to schedule updates at a convenient time or manually initiate installations. Enterprise software is on the same release schedule as the other delivery models, so clients’ data is never stranded in any one delivery model.
Nebula includes an array of tools and features including:
•Email Threading—Determines the relationship between email messages and identifies the most content-inclusive messages to avoid redundant review.
•Near-Duplicate Detection—Identifies, groups, and highlights data with focus on subtle differences to enable quicker review.
•Language Identification—Automatically identifies the primary language of documents in a dataset.
•KLD Translations—Leverages advanced machine translation based on the current gold standard in translation AI, neural networks, to get accurate and reliable translations of documents written in many of the most common languages used across the globe. A fast and cost-saving alternative to human multi-lingual review.
•Native Spreadsheet Redaction—Allows reviewers to redact content from within Excel files without the need to convert to TIFF images. Options for redactions include removing cells, rows, columns, worksheets, formulas, images, and more. Pristine copies of the original file are always maintained.
•A/V Suite—Winner of Innovation Awards for Best Service Provider Solution and People’s Choice, A/V Suite simplifies the review of multimedia files. A/V suite allows users to visualize audio files and have total playback control in addition to providing the ability to quickly redact and produce audio files— something no other review platform can provide.
15
•Auto Redaction—Protect sensitive information and streamline the redaction process with an automated approach. Greatly reduce the burden of redacting documents by automatically finding and redacting personally identifiable information or any other category of sensitive information.
•PrivLog Builder—PrivLog Builder, or PLB, is an integrated suite of tools with advanced functionality to build privilege logs effectively and accurately. With automated privilege log features, name standardization and full compatibility with the most popular review platforms, PLB makes a daunting and costly process easier and significantly less expensive.
Nebula Archive
Nebula Archive provides a critical foundation to any information governance program. It captures data as it is created in dozens of platforms, such as Office 365, Slack, Box, and more. It provides the means to effectively classify and manage that data over the course of its lifecycle, including reliably preserving data subject to legal hold. It offers excellent data assurance against loss or alteration via a separate, secure copy of critical business data. It also enhances data with the ability to search and effectively retrieve targeted results, even from petabytes of source data. Lastly, it reliably and defensibly disposes of data no longer required to be retained for any business or regulatory compliance purpose.
Nebula Archive provides an alternative and/or enhancement to traditional backup solutions, particularly in the cloud era when many SaaS productivity platforms lack effective recovery means in response to inadvertent data loss, alteration, or ransomware attacks. Nebula Archive offers a platform that is designed to satisfy strict retention and data assurance regulations, such as those of FINRA and the SEC governing broker-dealer communications. In addition, it is the foundation of a cost-effective eDiscovery strategy, permitting what we believe is unprecedented insight into data very early in a case and a highly effective means of selecting the most relevant data for quick and easy promotion within the Nebula platform.
KLD AI and review automation
To support our review platforms, we offer cutting-edge tools for our users that enhances productivity and efficiency for eDiscovery.
•Machine Learning—Our supervised machine learning, known as Predictive Coding in the legal industry, supports multiple workflows and methodologies and helps prioritize essential documents for review. As a result, we can automate the classification of electronic data, drastically reducing the time required for legal review and creating significant cost savings. Our predictive coding technology gets smarter with every document reviewed and supports proven statistical methodologies to create defensible workflows. In addition, we offer Predictive Coding in multiple ways including TAR 1.0 or Simple Active Learning and TAR 2.0 or Continuous Active Learning, which provides flexibility and optionality for our clients.
•Automated Workflow—Our workflow engine automates the routing and distribution of documents to streamline document review and maximize accuracy and defensibility—a key component of our bespoke document review offering. Workflow eliminates the need to maintain static batch sets and manually transition records to different review teams. Instead, documents flow automatically through completely customizable paths based on an endless number of potential criteria: foreign-language documents to native speakers; privileged documents to senior attorneys; random samples of reviewed documents to quality control teams; and so on. Since documents cannot move on without meeting defined criteria, an additional layer of quality control is built in. Workflow works hand-in-hand with Predictive Coding to make the review even more efficient.
•Workflow Reporting Suite—For large, complex document review projects, monitoring reviewer productivity and accuracy is paramount to achieving cost efficiency and accuracy. Workflow reporting suite is exclusively available in Nebula and provides dynamic, on-demand information on the progress, productivity, and tagging trends for document review projects run within the Workflow system.
•Natural Language Processing—Also exclusive to Nebula, powerful language-based AI enables users to gain meaningful insights into their data. For example, it can visually locate and search for
16
documents about named entities, such as locations, events, and key people, with the added ability to filter for documents containing critical language by analyzing the author’s sentiment.
Nebula’s entity extraction engine is trained to recognize eight distinct categories of real-world entities, then visually cluster documents referencing the same entities. This approach, based on semantic understanding rather than simple word frequency, provides enhanced insight into the data, allowing users to isolate and retrieve relevant information or filter non-relevant material quickly. Nebula can also uncover topics that might otherwise go unnoticed, giving legal teams an advantage.
Nebula’s sentiment analysis tools analyze tone at both the document and sentence levels. At its core, sentiment analysis applies Natural Language Processing techniques and computational linguistics to derive emotional attributes from text content. By leveraging sentiment analysis, users can better understand how communications are perceived and help discern the author’s tone and intent. This gives Nebula users an edge in contexts where more than just the words themselves matter, as in, for example, matters related to workplace harassment. Companies can use this feature to learn the tone of their employees to help determine if communications are positive, negative, or neutral, and help understand the behaviors and communication styles of employees and clients to identify trends and identify bad actors.
Processing
Our proprietary technology is purpose-built to address large and complex matters as easily and efficiently as it does the small and simple ones. With full integration in the Nebula ecosystem, our Processing technology allows us to address diverse needs on a massive, global scale.
We believe Nebula Processing allows us to process data with a higher degree of quality and, due to the lack of third-party licensing costs, at a lower cost point, as compared to providers relying exclusively on licensed technology. For organizations licensing Nebula for their eDiscovery needs—providers, law firms, and corporations alike—they reap the benefits of a mature processing technology that can not only be used at any scale and for any data set, but is also fully integrated and does not require any of the wrappers or clunky export/ import processes that come with licensing disparate third-party solutions.
Professional services
Leveraging our industry expertise and focus on delivering differentiated user experience, we complement our offerings with a suite of technology-enabled services.
•Technology Enabled Managed Review Services—We can provide staffing and expertise necessary to review large and complex data sets with a high degree of accuracy and efficiency to suit any and all cases. Our Managed Review Solutions are powered by our suite of proprietary technology, led by our AI and workflow accelerators that lead to a faster, more accurate, and most cost-effective review.
•Digital Forensics Services—Specializes in computer forensics, including collections and analysis, through in-person and remote locations.
•Information Archiving Services—Offers information preservation for long-term access and enhancing access to large volumes of information through scalable, enterprise-grade storage solutions.
•Advisory Services—Our team of experts provides unique perspectives and insights derived from extensive legal and regulatory knowledge, deep technical expertise, and real-world experience. Spanning all aspects of discovery and data management, our professional guidance is a complementary service to existing KLD solutions and critical for us in winning very large mandates that require astute client-focused expertise. Solutions offered encompass: eDiscovery readiness and response solutions, including eDiscovery expert witness, custodian interviews, preservation and collection strategy, legal hold solution; information governance solutions comprising Office 365 health check and legal hold process improvement; and data privacy solutions, including privacy compliance assessment and data breach risk mitigation.
17
Client Portal
The Client Portal is a secure, web-based platform offered by KLDiscovery that provides clients with access to their data and case information. It offers real-time visibility and updates on project status, as well as the ability to collaborate and share information with other stakeholders. The Client Portal is designed to streamline communication and increase efficiency throughout the discovery process. With its user-friendly interface and robust security features, the Client Portal is a valuable tool for organizations in need of a centralized platform for managing their discovery and litigation support needs.
Data recovery
Ontrack EasyRecovery
Developed through our partnership with one of the world’s leading data recovery software manufacturers, Ontrack EasyRecovery allows clients to perform precise file recovery of data lost through deletion, reformatting, and a number of other data loss scenarios. The product recovers data from solid-state drives and conventional hard drives, memory cards, USB hard drives, flash drives, and optical media. The product functions on both Windows and Mac operating systems and comes in several different versions, covering needs ranging from a small, one-time recovery to the most complex projects. There is a “free” version that is capable of recovering up to 1 GB of data, a “Home” version for straightforward recoveries, a “Professional” version suitable for small to medium businesses, and a “Technician” version that includes the tools needed to successfully perform data recoveries on all types of computer storage devices and rebuild broken RAID volumes.
Ontrack PowerControls
We believe Ontrack PowerControls is a market leading granular restore software product, developed from Ontrack’s expertise in data recovery. Ontrack PowerControls is used to find and export email, SharePoint items and structured query language tables for eDiscovery, litigation, investigations, compliance, selective migration, develop and test, and general restore use cases for IT.
We believe Ontrack PowerControls provides a more powerful and faster search tool than native tools, and, most importantly for legal and compliance use cases, it does not alter the metadata, making it forensically sound. Most enterprise backup platforms do not have granular restore capabilities, so they collaborate with Ontrack and integrate Ontrack PowerControls with their products.
We are currently licensing Ontrack PowerControls globally to more than 200 organizations, and to over 800 channel partners for distribution to their customers.
Ransomware recovery
Ransomware is a form of malicious software designed to block access to a computer system or certain data or publishes a victim’s data online. The attacker demands a ransom from the victim, promising—not always truthfully—to restore access to the data upon payment. When organizations are struck with ransomware, and crucial data cannot be accessed, it can be an extremely stressful time for all involved. Getting access to that critical data as quickly as possible is vital to ensure downtime is minimized and the organization can get back to normal.
The last decade has seen an increase of various ransomware Trojans surface, but the real opportunity for attackers has increased since the introduction of Bitcoin. This and other cryptocurrencies allow attackers to easily collect money from their victims without going through traditional channels.
No vertical is safe from the effects of ransomware. Unfortunately, some are more susceptible to successful attacks than others. There are various reasons for this: the technology they deploy, the security they have in place; identity governance and privilege maturity, and their overall cybersecurity protocols. And human error will always pose its own risks.
18
We continually track over 360 different types of ransomware, a population that is always evolving and growing. Ransomware changes and develops all of the time, so we want to make sure we are watching and studying the latest changes and advancements. Studying ransomware and its ever-changing forms provides additional knowledge and experience, leading to a higher probability that we will recover data that has been lost as a result of an attack.
Email extraction
We offer professional email recovery solutions for consumers and businesses alike. From individual files to entire databases, we maintain the expertise and technology to support practically any use case. The success of email recovery depends on where the email is stored. Email software, such as Microsoft Outlook, commonly stores email on hardware like a laptop, desktop, mobile phone, tablet, or server. We can easily recover email from both functioning and non-functioning hardware. Additionally, our recovery engineers are experienced in recovering enterprise email no matter how it is stored on a client’s server, whether it is inside a database, a Microsoft Exchange Information Store or individual messages in separate files, such as .pst containers.
Tape Solutions
We provide a range of tape services to solve the problems associated with legacy backup tapes and regularly support our clients to solve the following challenges:
•backup infrastructure migration and consolidation;
•legacy tape and data remediation;
•recovery from physically-damaged tapes; and
•recovery from quickly-erased or partially-overwritten tapes.
Data destruction solutions
Permanently deleting data is not as straightforward as pressing the delete button—it takes time and proper resources. Data that is not completely expunged before the media is disposed of is vulnerable to exposure. To increase the security of data, a secure, verified data destruction process is required. Based on their knowledge, our data experts seek to select and execute the most appropriate data destruction method for the client’s media. Once the data has been destroyed, we provide a certificate of destruction and disposal.
We support our clients throughout the whole data destruction process by offering data destruction solutions in our labs or onsite using Blancco Erasing Software or our Ontrack Degausser. For clients who want to handle the data destruction process themselves, we sell these products to the client and advise them how to best use them.
Sales
We operate with a global sales team that was integrated in 2020 across our offerings to address the specialized needs of our client base and cultivate strategic partnerships with key clients in our industry. As of December 31, 2022, our sales organization comprised of 61 professionals and is led by our sales executives and regional managers. Our business development managers have developed “first-call” relationships with several of our largest clients while providing significant expertise in the technical nature of the services.
Our global sales structure is tailored to deliver quick responses on pricing, account ownership requests, and general assistance with client requests and training. This structure is built on our foundational values of teamwork and responsiveness. Our global sales force pursues opportunities in a wide range of geographies and is not confined by the traditional territorial structure that competitors offer. This allows us to maximize relationships and revenue.
19
Sales leadership encourages representatives around the world to collaborate. A global sales strategy initiative has been implemented to facilitate communication between teams on shared major accounts, which includes the coordination of regular calls and information sharing on key accounts. Most law firms have multiple buyers, and this model maximizes our ability to increase penetration.
Sales executives are encouraged to act as their own entrepreneurs, backed by the support of seasoned sales leadership and a global sales operations team. The sales operations team assists the sales team with all client requests including conflict checks, Salesforce data entry, estimate creation, and generation of client agreements and work orders. This global support team allows the sales representatives to focus on what they do best— generating new business and maintaining existing client relationships. Our global sales structure and sales operations teams deliver quick responses to representatives and clients, flexible pricing models, and simplified matter initiation, giving us a competitive advantage in a fast-paced industry.
Marketing
We focus on connecting with our clients through our marketing team. Our marketing campaigns are developed internally and are focused on our mantra, the “KLD Difference. One KLD.” and our “Proprietary Powerhouse” technology. We advertise in a wide variety of trade publications and at sports and entertainment events. We also sponsor a variety of events, seminars, and conferences around the world. We operate 38 global websites, which highlight our leadership, products, services, technology, industry experience, press clippings, and our community contributions. Holding true to our values, we are heavily focused on charitable donations and community work, which are highlighted on our “KLD Community” website page. We also have several video advertising campaigns which are shared via YouTube, Twitter, and LinkedIn. Additionally, we own the “ediscovery.com” domain and believe that a continued emphasis on strategic digital marketing and search engine optimization helps KLDiscovery capture significant internet search results on eDiscovery.
Research and Development
Our research and development organization is responsible for the design, development, testing, and scaling of our proprietary technology infrastructure. We believe that our continued investment in research and development, including hiring top engineering talent, is critical for us to provide a leading and differentiated ecosystem that can tackle the industry’s most complex data problems. Additionally, our application development process is informed by the continuous feedback we receive from our own service providers, as well as long-term clients who are looking for a better and more secure solution.
Our research and development team is based across the United States and European Union, primarily in Minnesota and Poland, with an expanding presence in Greece. As of December 31, 2022, we had 172 employees in our research and development department.
Our competition
We believe the eDiscovery and information governance market is bifurcated, highly fragmented, competitive, and evolving. We encounter competition from different software and service providers with various business model and product offerings that overlap with parts of our solutions, including:
oLegacy on-premise software—Providers such as Nuix, Open Text, Relativity, RELX and Thomson Reuters, as well as many other smaller software companies.
oCloud software—Providers such as Everlaw, Logikcull, Relativity through its RelativityOne product offering, and Reveal Data Corporation, as well as many other smaller software companies. CS DISCO, another cloud-native software provider, is also offering a mix of software and human professional services.
20
oLegal services—Providers such as Consilio, Epiq Systems, FTI Consulting, the legal services divisions of large professional services firms such as Deloitte, Ernst and Young, KPMG, and PricewaterhouseCoopers, as well as an array of smaller regional and local legal services providers. Certain law firms also provide in-house eDiscovery solutions and legal document review services to their clients that may compete with our solutions.
We believe the principal competitive factors in this industry include:
•client service and support;
•level of client satisfaction
•solution features and capabilities;
•flexibility of solution deployment;
•ease of access, deployment, implementation, and use;
•breadth of geographic coverage;
•accuracy, quality and depth of services offered;
•quality and use of technology;
•cost and predictability of costs;
•client relationships and brand loyalty.
There are many small regional eDiscovery providers which may have a few captive relationships but lack the resources or scale to compete for meaningful work. Likewise, most of the global and national providers lack a comprehensive proprietary platform to complement their scale and resources. We believe we are distinctly positioned with an ideal complement of global reach, scale of resources, and proprietary technology to address almost any client need.
Additionally, we serve the data recovery market, which is highly fragmented and generally competitive. Clients choose vendors based on brand awareness and reputation, speed, price, and security. Our competitors in the data recovery market include Drivesavers, Gillware Data Recovery, Stellar Data Recovery, Disk Doctors, Digital Data Recovery DDC, and Myung Information Technologies.
We also compete in the legal hold market with companies such as Exterro, OpenText, ZApproved, and Zylab.
Intellectual property
We own a range of issued, registered and applied for intellectual property rights across the world, primarily trademarks and patents.
As of December 31, 2022, we owned 158 trademark registrations globally and had 44 trademark applications at various stages in the application process. Our material trademarks are either registered or are the subject of pending applications for registrations in the U.S. Patent and Trademark office and various non-U.S. jurisdictions (but with a focus on the European Union, the United Kingdom, Norway, Switzerland, Japan, Australia, China, Singapore and Hong Kong). We use “KLDiscovery”, “Ontrack”, and “Ibas” as our primary corporate trademarks. The trademark “KLDiscovery” has proceeded to registration in Australia, China, Brazil, the European Union, Hong Kong, Japan, India, Switzerland, and the United Kingdom. Additionally, we have applied to register “Nebula,” the brand name for
21
our proprietary eDiscovery platform, in our key markets and, to date, applications have proceeded to registration in the United States, Japan, the European Union, United Kingdom, Hong Kong, Switzerland, and Brazil.
We use “Kroll Ontrack” and “KrolLDiscovery” subject to a license from Kroll, LLC. In October 2021, we executed an agreement with Kroll, LLC, which amended the existing trademark license agreement, and provided that our rights to use the Kroll Ontrack and KrolLDiscovery trade names will expire on October 29, 2023. Part of the terms of the amended trademark license are that the licensed marks will be withdrawn and/or cancelled upon our instructions and Kroll, LLC will be prevented from using and/or registering the same or similar marks. This agreement was a triggering event which resulted in an evaluation of impairment of our Kroll Ontrack and KrolLDiscovery tradenames capitalized as part of our 2016 Kroll Ontrack acquisition. See Note 1—Organization, business and summary of significant accounting policies to our audited consolidated financial statements.
We are the registered owner of 573 domain names including our key domains used to promote our activities, namely: kldiscovery.com, ontrack.com, compiled.com, and ibas.com (along with many local variants of these main domain names). We are also the registered owner of ediscovery.com, which we believe helps capture significant internet traffic. Information contained on these websites or linked therein or otherwise connected thereto does not constitute part of nor is it incorporated by reference into this Annual Report on Form 10-K, and the inclusion of these website addresses is an inactive textual reference only.
We own the copyright of many of our business software and tools as they have been created by employees in the course of their employment. These include the Nebula and EDR platforms, the PMDB Database (internal job tracking tool), Service Cloud (data recovery portal), PowerControls, and the various Relativity applications to enhance the license of standard Relativity platform services.
We have 18 patent registrations, including granted patents for our Nebula offering.
Human Capital Management
As of December 31, 2022, we had 2,434 employees. This total includes 1,163 regular employees and 1,271 temporary contingent employees who are employed on a project basis to work on active managed review matters. Our employees are not represented by a labor union, and we have not experienced any work stoppages. We believe employee relations are good.
The skills, experience, and industry knowledge of our employees significantly benefit our operations and performance. We continuously evaluate, modify, and enhance our internal processes and technologies to increase employee engagement, productivity, and efficiency.
We strive to hire employees who adhere to the following cultural values:
•Team—We beat with one heart and succeed by working together
•Humility—No one person is above the team. Our company, clients, and teammates come before personal agenda
•Availability and connectivity—Responsiveness and efficient communication are key
•Frugality—Smart spending leads to greater return on investment
•Creativity—We think outside the box and always try to improve process
•Urgency and Productivity—Every day is an opportunity to work smarter, faster, and harder
•Vigilance (courage / honesty)—Management must value and be responsive to employee and client feedback, competitive information, and well-designed process improvement
•Singular Focus—Laser focus on performing your job to the best of your ability
•Recruiting—We hire smart, hungry and humble employees
•Client focus—Clients are our lifeline, and their satisfaction is our #1 priority
22
Annual employee training is used to reinforce these values across our global employee base. These trainings cover topics related to ethics, environment, health and safety, cyber-security, and emergency responses.
We believe that an inclusive culture where all employees feel valued and engaged makes KLDiscovery a desirable place to work, helps us to attract key talent and retain employees as they grow in their careers and fosters an environment that enhances each individual’s productivity and professional satisfaction. KLDiscovery has an Inclusion & Diversity program focused on commitment to inclusion and diversity through our Culture & Environment, Business & Technology, and Community & Partnerships. The program includes employee-led Business Resource Groups dedicated to promoting and integrating inclusion and diversity throughout the organization.
As of December 31, 2022, not including contingent employees who were employed temporarily to work on active managed review matters, our employees, including those employed by region, were located as follows:
|
|
Region |
Percentage |
North America |
67% |
Europe, Middle East, and Africa |
29% |
Asia Pacific |
4% |
In order to comply with local employee-related laws, we do not require our employees to disclose their race and ethnicity. As of December 31, 2022, based on self-reported information of approximately 66% of our U.S. based employees, and not including contingent employees who were employed temporarily to work on active managed review matters, our gender and ethnicity demographics were as follows:
|
|
Gender |
Employee Percentage |
Female |
33% |
Male |
67% |
|
|
Ethnicity |
Employee Percentage |
Asian |
8.7% |
Black / African American |
5.3% |
Hispanic / Latin |
6.5% |
Multiracial, Native American and Pacific Islander |
3.4% |
White |
76.0% |
Government regulation
We collect, store, transmit, use, disclose and otherwise process, which we refer to herein as “Process” or “Processing,” data that was collected from and about persons or their devices, including personal information, which is defined broadly by relevant privacy and cybersecurity laws, and other regulated or confidential client data. In addition to terms in our contractual arrangements with clients, there are numerous federal, state, local and foreign laws, regulations and directives regarding privacy and the Processing and protection of such personal information and client data, the scope of which is continually evolving and subject to differing interpretations. We and our clients must comply with such laws, regulations and directives and we and our clients may be subject to significant consequences, including penalties and fines, for our failure to comply.
For example, on May 25, 2018, GDPR replaced the Data Protection Directive 95/46/EC with respect to the Processing of personal information in the European Union. The GDPR imposes several stringent requirements for controllers and processors of personal information (including non-E.U. processors who Process personal data on behalf of E.U. controllers), including, for example, more robust internal accountability controls, a strengthened individual data rights regime, shortened timelines for mandatory data breach notifications, limitations on retention and secondary use of information and additional obligations when we contract with third parties in connection with the Processing of personal information. Failure to comply with the requirements of the GDPR and the applicable
23
national data protection laws of the E.U. member states may result in fines of up to €20 million or up to 4% of the total worldwide annual turnover of the preceding financial year, whichever is higher, and other administrative penalties. Complying with the GDPR has required us to implement additional internal processes to seek to ensure that we Process personal information in a compliant way and we have regularly re-drafted all our standard contracts to meet specific articles within the GDPR and new interpretations of the GDPR. As we continue to operate under the GDPR, compliance may become onerous and adversely affect our business, financial condition, results of operations and prospects.
In addition, following Brexit (the process by which the United Kingdom left the European Union), the United Kingdom enacted the Data Protection Act 2018, which implemented legislation similar to the GDPR, referred to as the UK GDPR, which provides for fines of up to the greater of £17.5 million (sterling) or 4% of global turnover.
Furthermore, recent legal developments in Europe have created complexity and compliance uncertainty regarding certain transfers of information from the EEA to the United States. For example, on July 16, 2020, the E.U.-U.S. Privacy Shield Framework, which allowed for the transfer of personal data from the US to the EU, was invalidated by the European Court of Justice, or CJEU, and this was followed on September 8, 2020 by the invalidation of the equivalent Swiss-US Privacy Shield Framework. Three of our group companies were accredited under the E.U.-U.S. Privacy Shield Framework to legitimize the transfer of personal data from the EEA to the United States. Although the CJEU upheld the adequacy of the standard contractual clauses (a standard form of contract approved by the European Commission as an adequate personal information transfer mechanism) upon which we rely for intra group transfers of personal information (and which is the most widely used transfer mechanism by our clients), it made clear that use of the standard contractual clauses must now be assessed on a case-by-case basis taking into account the legal regime applicable in the destination country, in particular applicable surveillance laws and rights of individuals. Additionally, the European Data Protection Board (assigned by the European Commission to oversee data privacy in the EU) has issued guidance concerning data transfers following these CJEU decisions which places a higher burden on compliance for data transfers. The European Union has re-issued the standard contractual clauses which must be used for all new personal data transfers after September 27, 2021 (with the sunset date for existing personal data transfers expiring on December 27, 2022 meaning that any existing personal data transfers were subject to the new standard contractual clauses by this date). The European Commission has just announced a new Data Privacy Framework with the United States, and this may eventually replace the E.U. – U.S. Privacy Shield Framework.
The United Kingdom’s exit from the European Union has also imposed different requirements on personal data transfers with the introduction of the International Data Transfer Agreement and the Addendum to the E.U. standard contractual clauses in March 2022. Given these legal developments and the United Kingdom's potential long-term divergence from E.U. law, long-term validity of United Kingdom data protection measures remains uncertain, and we could be impacted by changes in law, including any future review of transfer mechanisms by the European courts or any supervisory authorities, which could require us to undertake substantial additional review of agreements on a going forward basis. If further legal bases for transferring personal information from Europe (or even the United Kingdom) to the United States are invalidated, or if we are unable to transfer personal information between and among countries and regions in which we operate, it could affect the manner in which we provide our solutions or could adversely affect our financial results.
The California Consumer Protection Act, or CCPA, which became effective on January 1, 2020, introduced the most stringent data privacy laws in the United States to date, though several other states have passed or are in the process of passing laws and regulations governing privacy of their residents. Among other things, the CCPA requires covered companies to provide new disclosures to California residents and affords such residents expanded rights to access and delete their personal information and certain opt-out rights for sales of personal information. The CCPA includes a private right of action for certain data breaches, with potential for severe statutory damages. In November 2020, California voters passed the California Privacy Rights Act of 2020, or the CPRA. The CPRA further expands the CCPA, imposing additional data privacy compliance requirements that may impact our business, and establishing a regulatory agency dedicated to enforcing those requirements. In addition, Virginia enacted the Virginia Consumer Data Protection Act, creating the second comprehensive U.S. state privacy law, which took effect on January 1, 2023, and Colorado enacted the Colorado Privacy Act, which will go into effect partially on July 1, 2023; both laws are substantively similar to the CCPA and the CPRA in many respects, but also include their
24
own unique compliance requirements. Certain aspects of the interpretation and enforcement of these laws remain uncertain as regulating bodies in these jurisdictions continue to work out applicability and scope of the laws and regulations. Comprehensive privacy laws have also been proposed in several other states and at the federal level. The effects of such laws could be significant and may require us to modify our data Processing practices and policies and incur substantial compliance-related costs and expenses. Additionally, many laws and regulations relating to privacy and the Processing and protection of certain types of data are subject to varying degrees of enforcement and new and changing interpretations by courts. Companies like ours that operate on a national and international scale are responsible for monitoring and complying with the patchwork of state requirements in the United States as well as other jurisdictions worldwide.
Furthermore, any failure, or perceived failure, by us to comply with or make effective modifications to our policies, or to comply with any federal, state or international privacy, data-retention or data-protection-related laws, regulations, orders or industry self-regulatory principles could result in proceedings or actions against us by governmental entities or others (including clients), a loss of client confidence, damage to our brand and reputation or a loss of clients, any of which could have an adverse effect on our business. In addition, various federal, state, and foreign legislative or regulatory bodies may enact new or additional laws and regulations concerning privacy, data retention and data-protection issues, including laws or regulations mandating disclosure to domestic or international law enforcement bodies, which could adversely impact our business, our brand or our reputation with clients. For example, some countries have adopted laws mandating that personal information regarding clients in their country be maintained solely in their country. Having to maintain local data centers and redesign product, service, and business operations to limit personal information Processing to within individual countries could increase our operating costs significantly and require that we establish a physical presence in a country or region where we otherwise may not have opened any facilities.
Additionally, in connection with some of our product initiatives, we expect that our clients may increasingly use our cloud services to Process personal information and other regulated data. While we include privacy or information security obligations in our contracts, new jurisdictional legal requirements, in particular those from the E.U., may make it so that we will be unable to do business without more stringent obligations. Any failure by us to timely amend client contracts to conform to changing data protection laws, or to comply with our posted privacy policies, other federal, state or international privacy-related or data protection laws and regulations, or the privacy or information security commitments contained in our contracts could result in proceedings against us by governmental entities or others, including individual rights of action, any of which could have a material adverse effect on our business, financial condition and results of operations. In addition, the increased attention focused upon any liability we may have as a result of lawsuits or regulatory actions could also harm our reputation or otherwise impact the growth of our business. Furthermore, although we market and sell products to our clients to help them comply with federal, state, local and foreign laws, regulations and directives, including the GDPR, our clients are responsible for ensuring they are in compliance with such laws, regulations and directives. Any failure by our clients to comply could result in significant consequences to them, including penalties and fines, and despite the existence of contractual exclusions and marketing disclaimers which make their responsibility for their own compliance clear, our clients may file claims or seek indemnification from us, which may result in reputational harm and require us to expend time, effort and costs to defend such claims or respond to indemnification requests. Our standard terms of business include caps on liability, where legally permitted, but these may be challenged by clients and disapplied by a court in any judgment against the Company.
In addition to government regulation, privacy advocacy and industry groups or other third parties may propose new and different self-regulatory standards that either legally or contractually apply to our clients or us. Any significant change to applicable laws, regulations, directives or industry practices regarding the Processing of our clients’ data, or regarding the manner in which the legal basis for Processing, such as express or implied consent of clients for the Processing of such data, is obtained, could require us to modify our solutions and features, possibly in a material manner, and may limit our ability to develop new solutions and features that make use of the data that our clients voluntarily share with us. Any failure or perceived failure by us to comply with our privacy policies, our privacy-related obligations to clients or other third parties or our privacy-related legal obligations or any compromise of security that results in the unauthorized access to, use, release or transfer of personal information or other client data, may result in governmental enforcement actions, litigation, negative media attention or public statements against us by consumer advocacy groups or others and could cause our clients to lose trust in us, which would have an adverse
25
effect on our reputation and business. Our clients may also accidentally disclose their passwords or store them on a mobile device that may be lost or stolen, resulting in unauthorized access to their data and creating the perception that our systems are not secure against third-party access. Additionally, if employees or third parties that we work with, such as contractors, vendors or developers, violate applicable laws or our policies, such violations may also put our clients’ information at risk and could in turn have an adverse effect on our business.
We have expanded our involvement in the delivery and provision of cloud computing through business alliances with various providers of cloud computing services and software and expect to continue to do so in the future. The application of U.S. and international data privacy laws to cloud computing vendors is uncertain, and our existing contractual provisions may prove to be inadequate to protect us from claims for data loss or regulatory noncompliance made against us resulting from the failures of cloud computing providers which we may partner with. While we do seek to limit our liability for such claims in our contractual agreements with clients, the failure to comply with data protection laws and regulations by our business partners who provide cloud computing services could have a material adverse effect on our business. Cloud computing providers typically do not offer terms that match the commercial terms sought by our clients. We will need to modify our procurement processes in response to changing client and regulatory demands.
Corporate information
The mailing address of our principal executive office is 9023 Columbine Road, Eden Prairie, MN 55347 and the telephone number is (703) 288-3380. Our website address is www.kldiscovery.com. Information contained on our website or linked therein or otherwise connected thereto does not constitute part of nor is it incorporated by reference into this Annual Report on Form 10-K.
Available Information
We file annual, quarterly and current reports, proxy statements and other information with the SEC. Our SEC filings are available to the public over the internet at the SEC’s website at www.sec.gov. Our SEC filings are also available free of charge on our website at www.kldiscovery.com as soon as reasonably practicable after they are filed with or furnished to the SEC. Our website and the information contained on, or that can be accessed through, our website is not incorporated into this Annual Report on Form 10-K.
Implications of being an emerging growth company and smaller reporting company
We are an “emerging growth company,” as defined under Section 2(a) of the Securities Act of 1933, as amended, or the Securities Act, as modified by the Jumpstart Our Business Startups Act of 2012, or the JOBS Act. As an emerging growth company, we are eligible to take advantage of certain exemptions from various reporting requirements that are applicable to other public companies that are not emerging growth companies. These include:
•reduced disclosure obligations regarding executive compensation in our periodic reports, proxy statements and registration statements;
•exemption from the requirements of holding a non-binding advisory vote on executive compensation and any golden parachute payments; and
•exemption from the auditor attestation requirement in the assessment of our internal control over financial reporting.
In addition, Section 107 of the JOBS Act provides that an emerging growth company can take advantage of an extended transition period set forth in Section 7(a)(2)(B) of the Securities Act for complying with new or revised accounting standards. We have elected to take advantage of the extended transition period and, as a result, we are not subject to the same new or revised accounting standards as other public companies that comply with new or revised standards on a non-delayed basis.
26
We will remain an emerging growth company until the earlier of (i) December 31, 2024 (the last day of the fiscal year following the fifth anniversary of the IPO), (ii) the last day of the fiscal year in which we have total annual gross revenue of at least $1.235 billion, (iii) the last day of the fiscal year in which the market value of our common stock held by non-affiliates is greater than $700.0 million as of the last business day of our second quarter of that fiscal year, and (iv) the date on which we have issued more than $1.0 billion in nonconvertible debt during the prior three-year period.
We are also a “smaller reporting company” as defined in Rule 12b-2 under the Securities Exchange Act of 1934, as amended, or the Exchange Act. As a smaller reporting company, we are eligible to take advantage of certain exemptions from various reporting requirements that are applicable to other public companies that are not smaller reporting companies. These include:
•presenting only the two most recent fiscal years of audited financial statements in our annual reports on Form 10-K and registration statements; and
•reduced narrative disclosure obligations, particularly with respect to executive compensation, in our periodic reports, proxy statements and registration statements.
Further, if we are a smaller reporting company with less than $100 million in annual revenue, we would be exempt from the auditor attestation requirement in the assessment of our internal control over financial reporting, similar to emerging growth companies. We will remain a smaller reporting company until the last business day of the second fiscal quarter of a fiscal year on which either (i) the market value of our common stock held by non-affiliates is $250 million or more as of such date, or (ii) both our annual revenue was $100 million or more during the most recently completed fiscal year and the market value of our common stock held by non-affiliates is $700 million or more as of such date. However, we may continue relying on the reduced reporting requirements of smaller reporting companies through the Annual Report on Form 10-K for the fiscal year in which we no longer qualify as a smaller reporting company. Therefore, we may continue to be a smaller reporting company even after we are no longer an emerging growth company.
We have elected to take advantage of certain of these reduced disclosure obligations in this Annual Report on Form 10-K, and expect to take advantage of reduced disclosure obligations in future filings with the Securities and Exchange Commission, or SEC, while we remain an emerging growth company or smaller reporting company, as applicable. If we do, the information that we provide stockholders may be different than what you might receive from other public reporting companies in which you may have equity interests. See “Risk Factors—Risks Related to Ownership of Our Common Stock.”
27
Item 1A. Risk Factors.
RISK FACTORS
An investment in our securities carries a significant degree of risk. You should carefully consider the risks described below, together with the financial and other information contained in this Annual Report on Form 10-K, including the section titled “Management’s Discussion and Analysis of Financial Condition and Results of Operations” and our consolidated financial statements and related notes, before you make an investment decision regarding our securities. Any one of these risks and uncertainties has the potential to cause material adverse effects on our business, prospects, financial condition and operating results which could cause actual results to differ materially from any forward-looking statements expressed by us and a significant decrease in the value of our securities. Additionally, macroeconomic conditions may amplify many of the risks discussed below to which we are
subject and may materially and adversely affect us in ways that are not anticipated by or known to us or that we do not currently consider to present material risk.
We may not be successful in preventing the material adverse effects that any of the following risks and uncertainties may cause. These potential risks and uncertainties may not be a complete list of the risks and uncertainties facing us. There may be additional risks and uncertainties that we are presently unaware of, or presently consider immaterial, that may become material in the future and have a material adverse effect on us. You could lose all or a significant portion of your investment due to any of these risks and uncertainties.
Privacy and Cybersecurity Risks
We collect, store, transmit, use, disclose and otherwise process personal and other regulated or confidential data, primarily on behalf of our clients, which subjects us to laws, governmental regulation and other legal and contractual obligations related to privacy and information security, and our actual or perceived failure to comply with such obligations could adversely affect our business and reputation.
We collect, store, transmit, use, disclose and otherwise process, which we refer to herein as “Process” or “Processing,” data that was collected from and about persons or their devices, including personal information, which is as defined broadly by relevant privacy and cybersecurity laws, and other regulated or confidential client data. In addition to terms in our contractual arrangements with clients, there are numerous federal, state, local and foreign laws, regulations and directives regarding privacy and the Processing and protection of such personal information and client data, the scope of which is continually evolving and subject to differing interpretations. We and our clients must comply with such laws, regulations and directives and we and our clients may be subject to significant consequences, including penalties and fines, for our failure to comply.
For example, on May 25, 2018, the GDPR replaced the Data Protection Directive 95/46/EC with respect to the Processing of personal information in the European Union. The GDPR imposes several stringent requirements for controllers and processors of personal information (including non-E.U. processors who Process personal data on behalf of E.U. controllers), including, for example, more robust internal accountability controls, a strengthened individual data rights regime, shortened timelines for mandatory data breach notifications, limitations on retention and secondary use of information and additional obligations when we contract with third parties in connection with the Processing of personal information. Failure to comply with the requirements of the GDPR and the applicable national data protection laws of the E.U. member states may result in fines of up to €20 million or up to 4% of the total worldwide annual turnover of the preceding financial year, whichever is higher, and other administrative penalties. Complying with the GDPR has required us to implement additional internal processes to seek to ensure that we Process personal information in a compliant way and we have regularly re-drafted all our standard contracts to meet specific articles within the GDPR and new interpretations of the GDPR. As we continue to operate under the GDPR, compliance may become onerous and adversely affect our business, financial condition, results of operations and prospects.
28
In addition, following Brexit (the process by which the United Kingdom left the European Union), the United Kingdom enacted the Data Protection Act 2018, which implemented legislation similar to the GDPR, referred to as the UK GDPR, which provides for fines of up to the greater of £17.5 million (sterling) or 4% of global turnover.
Furthermore, recent legal developments in Europe have created complexity and compliance uncertainty regarding certain transfers of information from the EEA to the United States. For example, on July 16, 2020, the E.U.-U.S. Privacy Shield Framework, which allowed for the transfer of personal data from the US to the EU, was invalidated by the European Court of Justice, or CJEU, and this was followed on September 8, 2020 by the invalidation of the equivalent Swiss-US Privacy Shield Framework. Three of our group companies were accredited under the E.U.-U.S. Privacy Shield Framework to legitimize the transfer of personal data from the EEA to the United States. Although the CJEU upheld the adequacy of the standard contractual clauses (a standard form of contract approved by the European Commission as an adequate personal information transfer mechanism) upon which we rely for intra group transfers of personal information (and which is the most widely used transfer mechanism by our clients), it made clear that use of the standard contractual clauses must now be assessed on a case-by-case basis taking into account the legal regime applicable in the destination country, in particular applicable surveillance laws and rights of individuals. Additionally, the European Data Protection Board (assigned by the European Commission to oversee data privacy in the EU) has issued guidance concerning data transfers following these CJEU decisions which places a higher burden on compliance for data transfers. The European Union has re-issued the standard contractual clauses which must be used for all new personal data transfers after September 27, 2021 (with the sunset date for existing personal data transfers expiring on December 27, 2022 meaning that any existing personal data transfers were subject to the new standard contractual clauses by this date). The European Commission has just announced a new Data Privacy Framework with the United States and this may eventually replace the E.U. – U.S. Privacy Shield Framework.
The United Kingdom’s exit from the European Union has also imposed different requirements on personal data transfers with the introduction of the International Data Transfer Agreement and the Addendum to the E.U. standard contractual clauses in March 2022. Given these legal developments and the United Kingdom’s potential long term divergence from E.U. law, the long-term validity of United Kingdom data protection measures remains uncertain, and we could be impacted by changes in law, including any future review of transfer mechanisms by the European courts or any supervisory authorities, which could require us to undertake substantial additional review of agreements on a going forward basis. If further legal bases for transferring personal information from Europe (or even the United Kingdom) to the United States are invalidated, or if we are unable to transfer personal information between and among countries and regions in which we operate, it could affect the manner in which we provide our solutions or could adversely affect our financial results.
The California Consumer Protection Act, or CCPA, which became effective on January 1, 2020, introduced the most stringent data privacy laws in the United States to date, though several other states have passed or are in the process of passing laws and regulations governing privacy of their residents. Among other things, the CCPA requires covered companies to provide new disclosures to California residents and affords such residents expanded rights to access and delete their personal information and certain opt-out rights for sales of personal information. The CCPA includes a private right of action for certain data breaches, with potential for severe statutory damages. In November 2020, California voters passed the California Privacy Rights Act of 2020, or the CPRA. The CPRA further expands the CCPA, imposing additional data privacy compliance requirements that may impact our business, and establishing a regulatory agency dedicated to enforcing those requirements. In addition, Virginia enacted the Virginia Consumer Data Protection Act, creating the second comprehensive U.S. state privacy law, which took effect on January 1, 2023, and Colorado enacted the Colorado Privacy Act, which will go into effect partially on July 1, 2023; both laws are substantively similar to the CCPA and the CPRA in many respects, but also include their own unique compliance requirements. Certain aspects of the interpretation and enforcement of these laws remain uncertain as regulating bodies in these jurisdictions continue to work out applicability and scope of the laws and regulations. Comprehensive privacy laws have also been proposed in several other states and at the federal level. The effects of such laws could be significant and may require us to modify our data Processing practices and policies and incur substantial compliance-related costs and expenses. Additionally, many laws and regulations relating to privacy and the Processing and protection of certain types of data are subject to varying degrees of
29
enforcement and new and changing interpretations by courts. Companies like ours that operate on a national and international scale are responsible for monitoring and complying with the patchwork of state requirements in the United States as well as other jurisdictions worldwide.
Furthermore, any failure, or perceived failure, by us to comply with or make effective modifications to our policies, or to comply with any federal, state or international privacy, data-retention or data-protection-related laws, regulations, orders or industry self-regulatory principles could result in proceedings or actions against us by governmental entities or others (including clients), a loss of client confidence, damage to our brand and reputation or a loss of clients, any of which could have an adverse effect on our business. In addition, various federal, state and foreign legislative or regulatory bodies may enact new or additional laws and regulations concerning privacy, data-retention and data-protection issues, including laws or regulations mandating disclosure to domestic or international law enforcement bodies, which could adversely impact our business, our brand or our reputation with clients. For example, some countries have adopted laws mandating that personal information regarding clients in their country be maintained solely in their country. Having to maintain local data centers and redesign product, service and business operations to limit personal information Processing to within individual countries could increase our operating costs significantly and require that we establish a physical presence in a country or region where we otherwise may not have opened any facilities.
Additionally, in connection with some of our product initiatives, we expect that our clients may increasingly use our cloud services to Process personal information and other regulated data. While we include privacy or information security obligations in our contracts, new jurisdictional legal requirements, in particular those from the E.U., may make it so that we will be unable to do business without more stringent obligations. Any failure by us to timely amend client contracts to conform to changing data protection laws, or to comply with our posted privacy policies, other federal, state or international privacy-related or data protection laws and regulations, or the privacy or information security commitments contained in our contracts could result in proceedings against us by governmental entities or others, including individual rights of action, any of which could have a material adverse effect on our business, financial condition and results of operations. In addition, the increased attention focused upon any liability we may have as a result of lawsuits or regulatory actions could also harm our reputation or otherwise impact the growth of our business. Furthermore, although we market and sell products to our clients to help them comply with federal, state, local and foreign laws, regulations and directives, including the GDPR, our clients are responsible for ensuring they are in compliance with such laws, regulations and directives. Any failure by our clients to comply could result in significant consequences to them, including penalties and fines, and despite the existence of contractual exclusions and marketing disclaimers which make their responsibility for their own compliance clear, our clients may file claims or seek indemnification from us, which may result in reputational harm and require us to expend time, effort and costs to defend such claims or respond to indemnification requests. Our standard terms of business include caps on liability, where legally permitted, but these may be challenged by clients and disapplied by a court in any judgment against the Company.
In addition to government regulation, privacy advocacy and industry groups or other third parties may propose new and different self-regulatory standards that either legally or contractually apply to our clients or us. Any significant change to applicable laws, regulations, directives or industry practices regarding the Processing of our clients’ data, or regarding the manner in which the legal basis for Processing, such as express or implied consent of clients for the Processing of such data, is obtained, could require us to modify our solutions and features, possibly in a material manner, and may limit our ability to develop new solutions and features that make use of the data that our clients voluntarily share with us. Any failure or perceived failure by us to comply with our privacy policies, our privacy-related obligations to clients or other third parties or our privacy-related legal obligations or any compromise of security that results in the unauthorized access to, use, release or transfer of personal information or other client data, may result in governmental enforcement actions, litigation, negative media attention or public statements against us by consumer advocacy groups or others and could cause our clients to lose trust in us, which would have an adverse effect on our reputation and business. Our clients may also accidentally disclose their passwords or store them on a mobile device that may be lost or stolen, resulting in unauthorized access to their data and creating the perception that our systems are not secure against third-party access. Additionally, if employees or third parties that we work with, such as contractors, vendors or developers, violate applicable laws or our policies, such violations may also put our clients’ information at risk and could in turn have an adverse effect on our business.
30
We have expanded our involvement in the delivery and provision of cloud computing through business alliances with various providers of cloud computing services and software and expect to continue to do so in the future. The application of U.S. and international data privacy laws to cloud computing vendors is uncertain, and our existing contractual provisions may prove to be inadequate to protect us from claims for data loss or regulatory noncompliance made against us resulting from the failures of cloud computing providers which we may partner with. While we do seek to limit our liability for such claims in our contractual agreements with clients, the failure to comply with data protection laws and regulations by our business partners who provide cloud computing services could have a material adverse effect on our business. Cloud computing providers typically do not offer terms that match the commercial terms sought by our clients. We will need to modify our procurement processes in response to changing client and regulatory demands. If we fail to do so correctly, or in a timely manner, we may experience disruptions in client relationships, or receive regulatory inquiries or be the subject of government enforcement actions, which may in turn cause a material loss in revenues or damage our brand and reputation.
Any actual or perceived failure, or any allegations of failure to comply with governmental regulation and other legal obligations related to privacy and information security could adversely affect our business, financial condition and results of operations.
Our products, SaaS offerings, website and networks may be subject to intentional or accidental disruption, or unauthorized access, that could adversely affect our reputation and business.
Despite our precautions and significant ongoing investments to protect against security risks such as data breaches, cyber-attacks and other intentional or accidental disruptions of or unauthorized access to our products, offerings and networks, in light of our business and types and sensitivity of the information we store on behalf of clients, we have been and expect to continue to be an ongoing target of attacks specifically designed to breach or interrupt our networks and systems, which could harm our reputation and result in litigation, fines and penalties. Sophisticated actors may attempt to penetrate our network security or the security of our website and misappropriate proprietary or other information such as personal information or cause interruptions to our solutions. Our products may come under focused threats and attacks and we or our clients may suffer data loss or unauthorized access as a consequence of such attacks on our products. Such cyber-attacks threaten to misappropriate our or our clients’ proprietary or personal information and cause interruptions of our information technology solutions. Because the techniques used by unauthorized persons to access or sabotage networks change frequently and may not be recognized until launched against a target, we may be unable to anticipate or detect these techniques. Further, if unauthorized access or sabotage remains undetected for an extended period of time, the effects of such breach could be exacerbated. In addition, sophisticated hardware and operating system software and applications that we produce or procure from third parties may contain defects in design or manufacture, including “bugs” and other problems that could unexpectedly interfere with the operation of our systems and networks. We have experienced and defended against threats to our systems and security including malware, phishing attacks and Distributed Denial of Service attacks. For example, in 2020 a phishing attack resulted in certain client correspondence being made available to an unauthorized email account for a period of time. This incident was remediated and the investigation showed that the phishing attack did not affect any of our other computer systems, databases or networks, including those systems used to host or transfer client data, and that it was an isolated incident. While this incident and other unsuccessful attempts have not had a material adverse effect on our business to date, we may experience more serious incidents in the future. Our exposure to cybersecurity threats and negative consequences of cybersecurity breaches will likely increase as we store increasing amounts of our clients’ data in cloud-based environments.
We outsource a number of our internal business functions to third-party contractors, and some of our client facing business operations depend, in part, on the success of our contractors’ own cybersecurity measures. We also partner with cloud service providers for some client solutions. Similarly, particularly for the Data & Storage Technology business, we rely upon distributors, resellers, system vendors and systems integrators to sell our products and our sales operations depend, in part, on the reliability of their cybersecurity measures. Additionally, we depend upon our employees to appropriately handle confidential information and deploy our IT resources in a safe and secure fashion and in accordance with our policies so as not to expose our network systems to security breaches and the loss of or
31
unauthorized access to data. Accordingly, if our cybersecurity systems, policies and procedures, and those of our contractors, partners and vendors fail to protect against unauthorized access, cyber- attacks or the mishandling or misappropriation of information by our employees, contractors, partners or vendors, our ability to conduct our business effectively could be damaged in a number of ways, including:
•sensitive data regarding our business, including intellectual property and other proprietary data, could be stolen or mishandled;
•our sensitive or proprietary data or the sensitive and proprietary data of our clients could be rendered unavailable through a ransomware or other cyberattack, resulting in potentially significant service disruptions, negative publicity, and loss of business;
•our electronic communications systems, including email and other methods, could be disrupted, and our ability to conduct our business operations could be seriously damaged until such systems can be restored and secured;
•our ability to process client orders and electronically deliver products and solutions could be lost or degraded, and our distribution channels could be disrupted, resulting in delays in revenue recognition;
•defects and security vulnerabilities could be exploited or introduced into our products or our cloud offerings, thereby damaging the reputation and perceived reliability and security of our products and solutions and potentially making the data systems of our clients vulnerable to further data loss and cyber incidents; and
•personal information, protected health information, or PHI or other confidential data of our clients, employees and business partners could be accessed without authorization, stolen or lost.
Should any of the above events occur, we could be subject to significant claims for liability from our clients, consumers and other third parties and regulatory actions from governmental agencies, our ability to protect our intellectual property rights could be compromised and our reputation and competitive position could be significantly harmed. The regulatory and contractual actions, litigations, investigations, fines, penalties and liabilities relating to data breaches that result in losses of personal information, PHI or credit card information of users of our solutions can be significant in terms of fines and reputational impact, and necessitate changes to our business operations that may be disruptive to us. Additionally, we could incur significant costs in order to upgrade our cybersecurity systems and remediate damages. Consequently, our business, financial condition and results of operations would be adversely affected.
Risks Related to Our Business and Industry
We operate in highly competitive markets and our inability to effectively compete may adversely affect our business.
The markets for our products and solutions are highly competitive and are subject to rapid technological changes and evolving client demands and needs. We compete on the basis of various factors, including product functionality, product integration, platform coverage, quality of service interoperability with third-party technologies, ability to scale and price products and solutions, worldwide sales infrastructure, global technical support, name recognition and reputation.
Our competitors vary in size, scope and breadth of the products and solutions they offer and include software vendors that offer software products that directly compete with our product offerings. In our Data & Storage Technology business, we face growing competition from network equipment, computer hardware manufacturers, large operating system providers and other technology companies that increasingly develop and incorporate into their products storage, server management software and backup that compete at some levels with our product offerings. Our competitive position could be materially adversely affected if our clients perceive the functionality incorporated into these products as a replacement for our products. Many of our principal competitors are established companies that have substantial financial resources, recognized brands, technological expertise and market experience, and sometimes have more established positions in certain product lines and geographies than we
32
do. We also compete with smaller and sometimes newer companies, some of which are specialized with a narrower focus than our company, and face competition from other eDiscovery and data management solutions providers. Our competitors invest significantly in research and development as well as sales and marketing. We also face competition from the backup solutions offered by cloud IT providers. It is also possible that certain of our clients have the resources to develop their own products or solutions that could be competitive with our offerings.
Our competitors may be able to more quickly adopt new or emerging technologies or address client requirements and new and emerging technologies may allow startup companies to more quickly enter the market than in the past. We may also face increased competition from companies that provide more in-depth offerings, adapting their products and solutions to meet the demands of their clients or combining with one of their competitors to enhance their products and solutions. A number of our principal competitors may continue to make acquisitions to improve the competitiveness of their offerings. Increased competition could cause, among other things, price reductions of our products, reduced profitability and loss of market share. To competitively serve the needs of our existing clients and to attract new clients, we must continue to:
•enhance and improve our existing products and solutions (such as by adding new content and functionalities);
•develop new products and solutions;
•invest in technology; and
•strategically acquire additional businesses and partner with other businesses in key sectors that will allow us to offer a broader array of products and solutions.
If we fail to effectively compete, our business, financial condition and results of operations would be adversely affected.
Our continued growth depends in large part upon achieving significant market acceptance of Nebula or other new solutions we may develop in the future and we may not be successful in attaining such market acceptance.
Nebula is a relatively new offering and we have not derived a significant percentage of our Company’s historical revenue from its sales. The commercial success of Nebula or other new solutions we may offer will depend, in part, upon the degree of market acceptance by our existing and prospective client base. The degree of market acceptance of Nebula and any other solution we may develop in the future will depend on several factors, including the potential and perceived advantages of that solution as compared to other existing alternatives, our ability to offer the solution at competitive prices, the convenience and ease of use of the solution and the strength of our marketing and sales efforts. Any new or otherwise novel solution that we commercialize may not gain acceptance with one or more client groups, meaning we may not generate significant incremental revenue from Nebula. Efforts to educate our existing and prospective clients on the benefits of Nebula, or any other new offering we may develop as compared to other solutions we and our competitors offer, will require committing significant financial and other resources, including the time of our management, sales and marketing teams, and these efforts may not be successful. Further, even if Nebula or another new solution gains some market acceptance, it may nonetheless fail to gain sufficient traction to generate significant additional revenue. We may also over-estimate the size of the potential market for new products such as Nebula. Further, the means by which we make new solutions available to clients, such as the partner channel for Nebula, may not be successful. If Nebula does not achieve widespread acceptance, or in the future if there is a reduction in demand for Nebula caused by a lack of client acceptance, technological challenges, weakening economic conditions, security or privacy concerns, competing technologies and products, decreases in corporate spending, or otherwise, our business, financial condition and results of operations could be adversely affected.
33
Our business depends on clients increasing their use of our solutions and services and any decline in their use of our solutions and services or failure to grow revenues with existing clients could adversely affect our business.
Our ability to grow and generate incremental revenue depends, in part, on our ability to maintain our relationships with existing clients and to grow their usage of our solutions and services. Most of our clients do not have long-term contractual financial commitments to us and, therefore, most of our clients, particularly those under usage-based or project-based arrangements, may reduce or cease their use of our solutions and services at any time, with little or no notice and without incurring any financial penalties. Clients on subscription-based arrangements may choose not to renew their agreement with us. Clients may reduce or terminate their use of our solutions and services or choose not to renew their agreement(s) with us for any number of reasons, including the settlement or other resolution of legal matters, reductions in the volume of major legal matters, budget constraints, dissatisfaction or negative perceptions regarding the reliability of our solutions and services, changes in our clients’ underlying businesses and financial conditions, changes in the type and size of our clients, pricing changes, legal industry trends from litigation toward alternative forms of dispute resolution, competitive conditions and general economic conditions. In addition, even if our clients expand their usage of our solutions and services, we cannot guarantee that they will maintain those usage levels for any meaningful period of time. Existing clients may also negotiate lower rates for their usage in exchange for an agreement to renew, enter into a subscription agreement, expand their usage in the future or adopt new solutions and services. As a result, the revenue we derive from consistent usage levels may decrease over time. If existing clients reduce their usage of or rates of payment for, or do not continue to use our solutions and services, our business, financial condition and results of operations could be adversely affected.
Our future growth and financial performance also depends in part on our ability to expand our existing client relationships by increasing usage, increasing the number of clients on subscription-based agreements and selling additional solutions and services to our existing clients. The rate at which our clients purchase solutions and services from us depends on a number of factors, including our ability to develop additional solutions and services and the quality of such applications, general economic conditions and pricing and services offered by our competitors. If our efforts to increase usage, increase the number of clients on subscription-based agreements and sell additional solutions and services to our clients are not successful, our business, financial condition and results of operations may be adversely affected.
If we are unable to attract new clients, our business, financial condition and results of operations will be adversely affected.
We must attract new clients to continue to grow our business and our success in doing so will depend to a substantial extent on the widespread adoption of our solutions and services, including Nebula, by new clients. Achieving new client growth may require significant and costly sales efforts and will depend on the effectiveness of our sales organization. A number of factors, many of which are beyond our control, could impact our ability to acquire new clients, including, but not limited to, our competitors’ offerings, prospective new clients’ commitments to other providers, the real or perceived cost of switching to our solutions or services, our failure to develop and maintain relationships with prospective clients and our partner ecosystem, our failure to help clients successfully deploy our solutions and services, negative media or industry commentary regarding us or our offerings, the general level of litigation activity, and our failure to expand, retain and motivate our sales and marketing personnel. Any failure to grow our existing client base as a result of these or other factors could adversely affect our business, financial condition and results of operations.
We may need to change our pricing models in order to compete successfully.
General economic and business conditions together with intense competition in the sales of our products and solutions place pressure on us to reduce prices for our software and solutions, and we frequently encounter aggressive price competition. If our competitors offer deep discounts on certain products or solutions or develop products that the marketplace considers more valuable than ours, we may need to lower our prices or offer other incentives in order to compete successfully. Any such changes may reduce margins and could adversely affect operating results or require that we offer our products or solutions at, or in certain cases, below our cost.
34
Additionally, the increasing prevalence of cloud and SaaS delivery models offered by us and our competitors may unfavorably impact pricing of both our on-site software business and our cloud business, as well as overall demand for our on-site software product and solutions, which could reduce our revenues and profitability.
Industry pricing models are evolving, and we anticipate that clients may increasingly request alternative pricing models. These alternative pricing models may exacerbate existing pricing pressures, require investments in different product solutions or place us at a competitive disadvantage relative to our competitors. Moreover, the use of evolving technology by our clients to develop more complex pricing models may lead to additional pricing pressures. If we are unable to adapt our operations to these evolving pricing models, our results of operations may be adversely affected or we may not be able to offer pricing that is attractive relative to our competitors.
Any broad-based change to our prices and pricing policies could cause our revenues to decline or be delayed as our sales force implements, and our clients adjust to, such new pricing policies. Some of our competitors may bundle products for promotional purposes or as a long-term pricing strategy or provide guarantees of prices and product implementations. These practices could, over time, significantly constrain the prices that we can charge for certain of our products. If we do not adapt our pricing models to reflect changes in client use of our products or changes in client demand, our revenues could decrease. An increase in open source software distribution may also cause us to change our pricing models.
Any of the foregoing risks with respect to our pricing policies could adversely affect our business, financial condition and results of operations.
Our ability to expand our operations and maintain or increase our revenue is dependent on the quality of our client service and support services, and our failure to provide high level service could have an adverse effect on our business.
Our clients depend upon our client service and support staff to meet their eDiscovery needs and they demand high-quality support services. Failure to meet that demand could negatively affect our reputation in the marketplace and could adversely affect sales of our services and solutions. Further, we may be unable to respond quickly enough to accommodate short-term increases in client demand for support services. We also may be unable to modify the format of our support services to compete with changes in support services provided by competitors or successfully integrate support for our clients. Further client demand for these services could increase our costs and adversely affect our operating results. Any failure to respond to the foregoing or other related risks could adversely affect our business, financial condition and results of operations.
If we are unable to develop new and enhanced products and solutions that achieve widespread market acceptance, or if we are unable to continually improve the performance, features and reliability of our existing products and solutions or adapt our business model to keep pace with industry trends, our business could be adversely affected.
The markets in which we compete are characterized by rapid technological change, frequent new product introductions, evolving industry standards and changing client needs. We believe that key competitive factors in the markets we serve include the breadth and quality of professional services, system and software solutions, product integration, platform coverage, the stability of our information systems, the features and capabilities of our product and solutions, the pricing of our products and solutions, and the potential for future product and solution enhancements. Our future success depends in part on our ability to keep pace with technological changes and to respond to the rapidly changing needs of our clients by developing or introducing new products, product upgrades and solutions on a timely and cost-effective basis. We have in the past incurred, and will continue to incur, significant research and development expenses as we strive to remain competitive. Clients may require features and capabilities that our current products and solutions do not have, such as remote collections from mobile phones. We need to successfully respond to significant market challenges to our existing product portfolio as well as invest in new growth areas based on our core technical capabilities. Our failure to develop products and solutions that satisfy client preferences in a timely and cost-effective manner may harm our ability to maintain relationships with existing clients, as well as our ability to create or increase demand for our products and solutions, and may materially
35
adversely affect our operating results. As competition in the IT industry increases, it may become increasingly difficult for us to maintain a technological advantage and to leverage that advantage toward increased revenues and profits. New product development and introduction involve a significant commitment of time and resources and are subject to a number of risks and challenges including:
•managing the length of the development cycle for new products and product enhancements, including the continued development of Nebula, which can fluctuate as new features are developed;
•designing and marketing products and professional services solutions that will be adopted by our client base as well as attract new clients for our technology;
•managing clients’ transitions to new products and solutions;
•adapting to emerging and evolving industry standards and to technological developments by our competitors and clients;
•extending the operation of our products and solutions to new and evolving platforms, operating systems, operating environments and models, including support of new workloads and data management technologies, and hardware products;
•clients’ ability to upgrade to the most current versions of software to take advantage of new functionalities;
•reacting to trends and predicting which technologies will be successful and develop into industry standards;
•tailoring our business and pricing models appropriately as we enter new markets and respond to competitive pressures and technological changes;
•extending or creating technology alliances with other key technology players in our industry;
•managing new product and solutions for the markets in which we operate;
•addressing trade compliance issues affecting our ability to ship our products;
•developing or expanding efficient sales channels; and
•obtaining sufficient licenses to technology and technical access from proprietary software providers, open source software providers and operating system software vendors on reasonable terms to enable the development and deployment of interoperable products, including source code licenses for certain products with deep technical integration into operating systems.
If we are not successful in managing these risks and challenges, if our new products, product upgrades and solutions are not technologically competitive or do not achieve market acceptance, or if our efforts are more costly or resource-intensive than anticipated or fail to achieve the expected outcomes, our business, financial condition and results of operations could be adversely affected.
An outbreak of disease or similar public health threat, such as the COVID-19 pandemic, could have an ongoing adverse effect on the Company’s business.
We are vulnerable to the general economic effects of disease outbreaks and similar public health threats. COVID-19 began to spread globally in late 2019, was declared a pandemic by the World Health Organization and continues to impact worldwide economic activity. A public health pandemic, including COVID-19, poses the risk that we or our employees, contractors, suppliers, clients and other business partners may be prevented from conducting business activities for an indefinite period of time, including due to shutdowns that may be requested or mandated by governmental authorities. KLDiscovery was eligible for federal government stimulus incentives, including U.S. payroll tax deferral and employee retention tax credits. For the year ended December 31, 2020, we deferred $4.0 million in payroll taxes, of which we repaid $2.0 million in December 2021 and $2.0 million of which was paid in December 2022. As of December 31, 2021, we claimed tax credits of $3.2 million, primarily related to the retention of our employees. As of December 31, 2022, we have received $2.7 million of these credits, which we do not have to repay.
36
Our business has been adversely affected by the COVID-19 pandemic and may be similarly adversely affected by future pandemics or the global response thereto. Primarily due to the impact of COVID-19, our revenues decreased 7.2% for the year ended December 31, 2020 as compared to the prior year as many clients delayed new litigation and court systems closed for a period of time and were slow to reopen. The COVID-19 pandemic has also adversely affected many industries as well as the economies and financial markets of many countries, in some countries, causing a significant deceleration of economic activity. This slowdown at times reduced production, decreased demand for a broad variety of goods and services, diminished trade levels and led to corporate downsizing and increased unemployment. We also saw significant disruption of and have continued to see extreme volatility in the global capital markets, which could increase the cost of, or entirely restrict access to, capital. The impact of future pandemics on the United States and world economies could be similar, or worse, and impact all segments of the global economy, resulting in a significant recession or worse, any of which could impact our business.
A future pandemic or an unexpected worsening of the COVID-19 pandemic and the related events could have a negative effect on our business and could accelerate or magnify one or more of the risks described elsewhere in this Annual Report on Form 10-K, and the full extent and scope of the impact on our business and industry, as well as on national, regional and global markets and economies, cannot be predicted. Accordingly, our ability to conduct our business in the manner and on the timelines previously done or presently planned could be adversely affected.
Technology and Intellectual Property Related Risks
Our inability to successfully recover from a disaster or other business continuity event could impair our ability to deliver our products and solutions and adversely affect our business.
We are heavily reliant on our technology and infrastructure to provide our products and solutions to our clients. For example, we provide solutions through computer hardware that is located in our 9 global data centers around the world as well as in cloud-based data centers offered through the Microsoft Azure Cloud. Our physical data centers are vulnerable to damage, interruption or performance problems from earthquakes, floods, fires, power loss, terrorist attacks, telecommunications failures and similar events. They are also subject to break-ins, computer viruses, sabotage, intentional acts of vandalism and similar misconduct. The occurrence of any of these events, a decision to close a data center, or other unanticipated problems could result in interruptions in the delivery of certain of our products and solutions.
Any errors, defects, disruptions or other performance problems with our systems, products and solutions could reduce our revenue, cause us to issue credits or pay penalties, cause clients to terminate their agreements with us, commence or threaten litigation against us, harm our reputation and damage our clients’ businesses. We have experienced and may in the future experience disruptions, outages and other performance problems due to a variety of factors, including infrastructure changes, natural disasters, power outages, human or software errors, capacity constraints due to an overwhelming number of users accessing our website simultaneously, fraud or security attacks. Further, use of our solutions typically requires network and internet connectivity and our clients may experience disruptions, outages and other performance problems with their network or internet access independent of whether our systems are operating normally, which could affect their ability to use our products and solutions. In some instances, we may not be able to identify the cause or causes of these performance problems within an acceptable period of time or at all. Interruptions in our products and solutions could cause clients to cease doing business with us and adversely affect our reputation. In addition, our business would be harmed if any events of this nature caused our clients and potential clients to believe our solutions are unreliable. Our operations are dependent upon our ability to protect our technology infrastructure against damage from business continuity events that could have a significant disruptive effect on our operations and any failure to do so could adversely affect our business, financial condition and results of operations.
37
Defects, disruptions, performance problems or risks related to the provision of our product offerings could impair our ability to deliver our solutions and could expose us to liability, damage our brand and reputation or otherwise negatively impact our business.
Certain of our products and solutions utilize software solutions developed by us or third parties for our clients’ needs, and new releases of software products are issued to our clients periodically. Complex software products, such as those we offer, may contain undetected errors or defects, especially when they are first introduced or new versions are released. Despite testing, these undetected errors may be discovered only after a product has been installed and used either in our internal processing system or by our clients, and could result in unanticipated service interruptions or other performance problems and cause damage to our clients’ businesses. If that occurs, clients could elect not to renew with us, to delay or withhold payment to us, or to make warranty or other claims against us, and we could be obligated to provide service credits based on our failure to meet service level commitments, which could result in additional expense and risk of litigation.
We believe that our reputation and name recognition are critical factors in our ability to compete and generate additional sales. Promotion and enhancement of our name will depend largely on our success in continuing to provide effective products and solutions. The occurrence of errors in our products or solutions, the discovery of security vulnerabilities or the detection of bugs by our clients may damage our reputation in the market and our relationships with our existing clients, and as a result, we may be unable to attract or retain clients.
In addition, because our products and solutions are used to manage data that is often critical to our clients, they may have a greater sensitivity to defects in our products than to defects in other, less critical, applications. As a result, the licensing and support of our products and solutions involve the risk of product liability claims. Our license agreements with our clients typically contain provisions designed to limit our exposure to potential product liability claims. However, the limitation of liability provisions contained in our license agreements vary and may not be effective as a result of existing or future national, federal, state or local laws or ordinances or unfavorable judicial decisions. Although we have not experienced any material product liability claims to date, the sale and support of our products entail the risk of such claims, which could be substantial in light of the use of our products in enterprise-wide environments. In addition, our insurance against product liability may not be adequate to cover all potential claims.
Any of the foregoing risks or others related to defects, disruptions, or performance problems related to the provision of our product and solutions could adversely affect our business, financial condition and results of operations.
Our products and solutions use third-party open source software components, and the failure to comply with the terms of the underlying open source software licenses could restrict our ability to provide our products and services.
A large number of our proprietary software and applications are built on commonly used “open source” licenses, which carries its own unique risks. Some open source licenses contain terms that may, depending on how the licensed software is used or modified, require that we make available source code for modifications or derivative works we create based upon the licensed open source software, authorize further modification and redistribution of that source code, make that source code available at little or no cost, or grant other licenses to our intellectual property. If we combine, distribute, link or convey our proprietary software together with open source software in a certain manner, we could, under certain open source licenses, be required to release the source code of our proprietary software. These scenarios could enable our competitors to create similar offerings with lower development effort and time and ultimately could result in a loss of our competitive advantages. Alternatively, to avoid the release of the affected portions of our source code, we could be required to purchase additional licenses, expend substantial time and resources to re-engineer some or all of our software or cease use or distribution of some or all of our software until we can adequately address the concerns.
Use of open source software can also present additional security risks because the public availability of such software may make it easier for hackers and other third parties to determine how to compromise our systems. In addition, use and distribution of open source software may entail greater risks than use of third-party commercial
38
software, as open source licensors generally do not provide support, warranties, indemnification, or other contractual protections regarding infringement claims or the quality of the code. Any of the foregoing or other risks related to the use of open source software could adversely affect our business, financial condition and results of operations.
The terms of many open source licenses have not been interpreted by U.S. or foreign courts and there is a risk that these licenses could be construed in a way that could impose unanticipated conditions or restrictions on our ability to provide or distribute our products and solutions. From time to time, there have been claims challenging the ownership of open source software against companies that incorporate open source software into their solutions. As a result, we could be subject to lawsuits by parties claiming ownership of what we believe to be open source software. While we employ practices designed to monitor compliance with third-party open source software licenses and to protect our proprietary source code, we generally do not run a complete open source license review and may inadvertently use third-party open source software in a manner that exposes us to claims of non-compliance or breach of contract, If we are held to have breached or failed to fully comply with all the terms and conditions of an open source software license, we could face infringement or other liability, or be required to seek costly licenses from third parties to continue providing our platform on terms that are not economically feasible, to re-engineer our platform, to discontinue or delay the provision of our platform if re-engineering could not be accomplished on a timely basis, or to make generally available, in source code form, our proprietary code, any of which could adversely affect our business, financial condition and results of operations.
The unavailability of third-party technology could materially adversely affect our business.
We license certain eDiscovery-related software from third parties and incorporate or integrate such components into and with our solutions and products. For instance, we integrate third-party solutions licensed from certain providers such as Relativity, a key supplier of one of our eDiscovery platforms, with our eDiscovery solutions and products. While we have developed our own proprietary platforms, certain third-party software, such as that licensed from Relativity, has become central to the operation and delivery of our eDiscovery solutions and products.
Certain of our third-party software license contracts expire within the next one to three years and may be renewed only by mutual consent. For instance, our license agreement with Relativity expires on June 30, 2024. There is no assurance that we will be able to renew these contracts as they expire or that such renewals will be on the same or substantially similar terms or on conditions that are commercially reasonable to us. If we fail to renew these contracts as they expire, we may be unable to offer certain eDiscovery-related solutions and products to our clients. In addition, our third-party software licenses are non-exclusive. For example, all of our primary competitors in the eDiscovery business use Relativity in connection with their eDiscovery platforms (in addition to any proprietary platforms that they may own themselves).
If certain of our third-party licensors were to terminate our licenses, change their product offerings, cease actively supporting their existing technologies, fail to update and enhance their technologies to keep pace with changing industry standards, encounter technical difficulties in the continued development of their technologies, significantly increase prices, suffer significant capacity or supply chain constraints or suffer other disruptions, we would need to identify alternative suppliers and incur additional internal and/or external development costs to ensure continued performance of our eDiscovery-related solutions and products. Such alternatives may not be available on attractive terms, or at all, or may not be as widely accepted or as effective as the software provided by our existing suppliers. If the cost of licensing or maintaining this third-party technology significantly increases, our margins could significantly decrease. In addition, interruptions in the functionality of our solutions and products resulting from changes in or with our third-party licensors could adversely affect our commitments to clients, reputation, future sales of our services and products solutions, and materially and adversely affect our business, financial condition and results of operations.
We utilize various web service providers, such as Microsoft Azure, for the delivery of our cloud-based products. These solutions are operated by third parties that we do not control and that could require significant time to replace. We expect this dependence on third parties to continue. These systems are vulnerable to damage or interruption and have experienced interruptions in the past. A prolonged web service disruption affecting our cloud-based offerings for any of the foregoing reasons would negatively impact our ability to serve our clients and could damage our reputation with current and potential clients, expose us to liability, cause us to lose clients or otherwise harm our
39
business. We may also incur significant costs for using alternative equipment or taking other actions in preparation for, or in reaction to, events that damage the web services we use. Interruptions in these third party-services on which we rely could affect the security or availability of our products and cloud infrastructure and could have a material adverse effect on our business. In addition, these web services providers may generally terminate our agreements for convenience upon providing some nominal period of notice and may terminate our agreements for cause if a breach by us has not been cured within a short time period. In the event that our service agreements are terminated, or there is a lapse of service, elimination of web services or features that we utilize, interruption of internet service provider connectivity or damage to such facilities, we could experience interruptions in access to our platforms as well as significant delays and additional expense in arranging or creating new facilities and services and/or re-architecting our solutions for deployment on a different cloud infrastructure service provider, any of which may adversely affect our business, financial condition and results of operations.
If we encounter difficulties as we implement our new consolidated business systems, our business may be adversely affected.
We are in the process of implementing new consolidated business systems across our global operations which we expect to complete in coming years. We rely on our IT to help us effectively manage our client relationships, sales information, order processing and support and marketing services, and we anticipate that the implementation of new consolidated business systems will improve our processes. However, implementations such as these are complex and time-consuming projects that require transformations of business and finance processes, and there is a risk that implementation of these new systems will not achieve these expected benefits as quickly as anticipated or at all. In addition, there can be no assurance that there will not be errors, delays or other related issues resulting from the transition to our new business systems and adjustments to associated business processes, or that we will be able to fix any error or issue. These risks include loss of information, the compromise of data integrity and control systems and the potential disruption to our normal business operations and financial reporting processes. Additionally, if the new system does not operate as intended, the effectiveness of our internal control over financial reporting could be adversely affected and our ability to assess those controls adequately could be delayed. Such errors, interruptions, delays or other issues may also result in unanticipated costs or expenditures and divert the attention of key senior management away from other aspects of our business, any of which may adversely affect our business, financial condition and results of operations.
If we do not protect our proprietary rights and information and prevent third parties from making unauthorized use of our products and technology, our business could be adversely affected.
Most of our products and underlying technology is proprietary. We seek to protect our proprietary rights through a combination of confidentiality agreements and procedures, and through copyright, patent, trademark and trade secret laws of the United States and international jurisdictions. In addition, we use licenses, non-disclosure agreements and other agreements to restrict the use of our products by our clients and other third parties. However, all of these measures afford only limited protection and may be challenged, invalidated, disregarded, declared unenforceable or circumvented by third parties, subject to government march-in or sovereign rights or compulsory licensing, sunshine laws or be subject to freedom of information requests or court-ordered public disclosure, and we may not have effective remedies to protect our proprietary rights. Third parties may copy, reverse engineer all or portions of our products and underlying technology or otherwise misappropriate, disparage, dilute, steal, otherwise improperly use, distribute or sell our proprietary technology without authorization. Moreover, we may not be able to obtain effective protection for the technology underlying our new products and solutions as they are developed. For example, any of our pending or future patent applications, whether or not being currently challenged, may not be issued with the scope of the protection we seek, if at all. Furthermore, confidentiality procedures and contractual provisions can be difficult to enforce and, even if successfully enforced, may not have effective remedies available to ameliorate unauthorized use or disclosure of our intellectual property.
Third parties may also develop similar or superior technology by designing around our patents and the other intellectual property protections or independently developing technology that does not infringe, misappropriate or violate our intellectual property rights. Our intellectual property may also be replaced or rendered obsolete by new technologies to which we have no right of use or can only acquire such use at unreasonable or unsustainable costs.
40
Furthermore, the laws of some foreign countries do not offer the same level of protection or enforcement of our proprietary rights as the laws of the United States, and we may not be able to prevent unauthorized use of our products in those countries. For example, for some of our products, we rely on “shrink-wrap” or “click-wrap” licenses, which may be unenforceable in whole or in part in some jurisdictions in which we operate. The unauthorized sale, distribution or use of our products or proprietary technology could result in reduced sales of our products, or diminish our brand and reputation. Any legal action to protect proprietary technology that we may bring or be engaged in with a client, strategic partner or vendor could adversely affect our ability to access software, operating systems and/or hardware platforms of such client, partner or vendor, or cause such partner or vendor to choose not to offer our products to their clients. In addition, any legal action we engage in to protect our proprietary technology could be costly, may distract management from day-to-day operations and may lead to additional claims against us, and we may not succeed; any of which could adversely affect our business, financial condition and results of operations.
Third party claims of intellectual property infringement could cause us to incur significant expenses and restrict or otherwise adversely affect our business.
The software and internet industries are characterized by frequent litigation based on allegations of infringement or other violations of intellectual property rights. We have received in the past, and may receive in the future, communications from third parties alleging infringement of their intellectual property rights, including claims regarding patents, copyrights, trade secrets and trademarks. We also incorporate technology from third parties into our software and systems and, as such, cannot be certain that these licensors are not infringing the intellectual property rights of others or that the suppliers and licensors have sufficient rights to the technology in all jurisdictions in which we may offer our products and solutions. Because of the constant technological change in the markets in which we compete and the extensive coverage of intellectual property protection for existing technologies, including software patents, it is possible that the number of these claims may grow. In addition, former employers of our former, current or future employees may assert claims that such employees have improperly disclosed to us the confidential or proprietary information of these former employers. Many potential litigants, including some of our competitors and patent-holding companies, have the ability to dedicate substantial resources to assert their intellectual property rights.
Any such intellectual property claim, with or without merit, could result in costly litigation and distract management from day-to-day operations, and the outcomes of such claims are inherently uncertain. Also, because of the significant amount of discovery required in connection with intellectual property litigation, we may risk compromising confidential or proprietary information if litigation ensued. If we are not successful in defending such claims, we may be subject to an injunction or other restrictions that could require us to stop selling, delay shipments of or redesign our products, stop offering (or temporarily stop offering) our solutions to others, pay royalties, fines or other monetary amounts as damages, enter into royalty or licensing arrangements or satisfy indemnification obligations that we have with some of our clients. There is no assurance that any royalty or licensing arrangements we may seek in such circumstances will be available on commercially reasonable terms or at all. In addition, certain client agreements require us to indemnify our clients for third-party intellectual property infringement claims, which would increase the cost to us of an adverse ruling on such a claim. While our standard client agreements include contractual caps on liability, there is no guarantee that these would be upheld by a court. At times, even if we believe a suit is without merit, we may determine it is prudent to settle it in a way that restricts our use of the technology or requires us to pay monetary amounts. We have made and expect to continue making significant expenditures to preempt, investigate, defend and settle claims related to the use of technology and intellectual property rights, including trademarks, as part of our strategy to manage this risk. However, any alleged infringement or other violation of a third party’s intellectual property rights could adversely affect our business, financial condition and results of operations.
Other Business Risks
We have a history of losses and may not be able to achieve or sustain profitability in the future.
We may not be able to increase the amount of revenues or cash flow we generate, and we might continue to incur net losses for some time as we continue to grow. We have experienced net losses for a number of years, including net losses of $(43.2) million and $(60.5) million for the years ended December 31, 2022 and 2021, respectively, and we may incur net losses in the future. As of December 31, 2022, we had an accumulated deficit of $359.1 million. It
41
is difficult for us to predict our future results of operations, and we expect our operating expenses to increase significantly over the next several years as we continue to grow our business, hire additional personnel, expand our operations and infrastructure and invest in research and development. If we fail to increase our revenue to offset the increases in our operating expenses, we may not achieve or sustain profitability in the future.
If we do not continue to attract, motivate and retain members of our senior management team and key employees, we may be unable to expand our products and solutions or effectively manage or grow our business.
Our future success depends upon the continued service and performance of our senior management team and key technical and sales personnel. If we lose any of our senior management team or key technical and sales personnel, we may be unable to effectively manage our current and future operations, including maintaining and growing existing, and developing new, client relationships.
Our success and future growth depend upon our ability to attract, train, motivate and retain highly qualified technical, managerial, and sales and marketing employees in order to implement our corporate development strategy and operations. Our ability to increase our client base and usage of our solutions, including Nebula, will significantly depend on our ability to successfully retain our sales and marketing teams and execute our sales strategy. Further, our top three sales representatives were responsible for approximately 28% of our sales for the twelve-months ended December 31, 2022. If any of our top sales personnel cease working for us, we may lose existing business from clients who had relationships with specific sales representatives and we may not be able to grow our business as quickly, or to the extent, we expect. There is a limited pool of employees who have the requisite skills, training and education. We face intense competition for qualified individuals from numerous technology, software, startup and emerging growth companies, which are active in many of the technical areas and geographic regions in which we conduct product development. Attracting and retaining highly skilled employees will be costly as we offer competitive compensation packages to prospective and current employees. For example, we have agreed to provide payments to various current employees in connection with certain changes of control, and such payments may, in the aggregate, be material to us. Further, because our common stock is not listed on a national securities exchange, our ability to use equity compensation may be more limited, and this type of compensation may not be as attractive to a prospective employee as it would if we were listed on an exchange. If we are unable to continue to successfully recruit and retain the most skilled and capable senior managers and key technical and sales employees, particularly in connection with our current plan to significantly increase our sales and marketing and research and development teams, our ability to implement our business plan, growth strategy and develop and maintain our software and solutions, including Nebula, could be adversely affected, any of which could adversely affect our business, financial condition and results of operations.
If we are unable to maintain, promote or expand our brand through effective marketing practices, our brand and business could be adversely affected.
We believe that maintaining and promoting our brand in a cost-effective manner is critical to retaining and expanding our client base. We have invested considerable money and resources in the establishment and maintenance of our brand, and we will continue to invest resources in brand marketing and other efforts to continue to preserve and enhance consumer awareness. If we fail to successfully promote and maintain our brand or if we incur excessive expenses in this effort, our business, financial condition and results of operations could be adversely affected.
We utilize internet search engines such as Google, principally through the purchase of keywords, to generate additional traffic to our websites. The number of users we attract from search engines to our websites is due in large part to how links to our websites are displayed on search engine results pages. Search engines frequently update and change the algorithm that determines the placement and display of results of a user’s search, such that the purchased or algorithmic placement of links to our websites can be negatively affected. In addition, a significant amount of traffic is directed to our websites through our participation in pay-per-click and display advertising campaigns on search engines. If a major search engine changes its algorithms or results in a manner that negatively affects the search engine ranking, paid or unpaid, of our websites, our business, financial conditions and results of operations would be adversely affected.
42
We have acquired businesses in the past, and we may consider opportunities in the future to acquire other companies, assets or product lines that complement or expand our business. Risks related to acquisitions and the integration of businesses we may acquire could have an adverse effect on our business.
In the past we have grown through acquisitions and we may continue to do so in the future. Achieving the anticipated benefits of any acquisitions depends on a number of factors, including whether we can identify and execute on suitable acquisition targets as well as integrate new businesses in an efficient and effective manner. The acquisition and integration of any acquired businesses involves a number of risks, including, but not limited to: the complexity, time and costs associated with the acquisition and integration process, the diversion of management’s time and attention, the assumption of liabilities of the acquired businesses, including unknown liabilities and litigation related to the acquired business, the impairment of relationships with our existing clients and business partners or of those of the acquired business and the addition of acquisition-related debt as well as increased expenses and working capital requirements.
The successful acquisition and integration of any businesses or operations will depend on our ability to manage these operations, realize opportunities for revenue growth presented by strengthened product and solutions and expanded geographic market coverage, and eliminate redundant and excess costs to fully realize the expected synergies. Because of difficulties in combining operations and systems which may not be fully compatible and may be geographically distant, we may not be able to achieve the financial strength and growth and other benefits we anticipate from an acquisition. Any failure to integrate acquired businesses and operations efficiently and effectively or fail to realize the benefits we anticipate could adversely affect our business, financial condition and results of operations.
Our international business operations subject our business to additional risks.
We have significant international operations with 25 locations in 16 countries, including data centers in Canada, England, France, Germany, Ireland and Japan. We may expand our international operations if we identify growth opportunities. Our international operations are subject to the following risks, among others:
•foreign certification, licensing and regulatory requirements, which may be substantially more complex or burdensome than our domestic requirements;
•risk associated with selecting or terminating partners for foreign expansion, including marketing agents, distributors or other strategic partners for particular markets;
•risk associated with local ownership and/or investment requirements, as well as difficulties in obtaining financing in foreign countries for local operations;
•reduced protection of confidential consumer information in some countries;
•political unrest, international hostilities, military actions, including, without limitation, the war in Ukraine, terrorist or cyber-terrorist activities, other geopolitical events, natural disasters, pandemics, and infrastructure disruptions;
•differing economic cycles and adverse economic conditions;
•unexpected changes in and compliance with foreign regulatory requirements, including GDPR;
•regulations or restrictions on the use, import or export of technologies that could delay or prevent the acceptance and use of our products;
•differing business practices, which may require us to enter into agreements that include non-standard terms;
•varying tax regimes, including with respect to the imposition of withholding taxes on remittances and other payments by our partnerships or subsidiaries;
•differing labor regulations;
•foreign exchange controls and restrictions on repatriation of funds from our international subsidiaries;
•fluctuations in currency exchange rates, economic instability and inflationary conditions
43
•inability to collect payments or seek recourse under or comply with ambiguous or vague commercial or other laws;
•potential loss of proprietary or personal information due to misappropriation or laws that may be less protective of our intellectual property rights than U.S. laws or that may not be adequately enforced
•varying attitudes towards censorship and the treatment of information service providers by foreign governments, in particular in emerging markets
•difficulties in attracting and retaining qualified management and employees, or rationalizing our workforce;
•difficulties in staffing, managing and operating our international operations, including difficulties related to administering our stock plans in some foreign countries;
•difficulties in coordinating the activities of our geographically dispersed and culturally diverse operations;
•costs and delays associated with developing software and providing support in multiple languages; and
•difficulties in penetrating new markets due to entrenched competitors, lack of recognition of our brands or lack of local acceptance of our products and solutions.
Foreign operations bring increased complexity and the costs of managing or overseeing foreign operations, including adapting and localizing solutions or systems to specific regions and countries, can be material. Further, international operations carry inherent uncertainties regarding the effect of local or domestic actions, such as the long-term impact of the United Kingdom’s exit from the European Union (Brexit), which could be material. Our overall success as a global business depends, in part, on our ability to anticipate and effectively manage these risks, and there can be no assurance that we will be able to do so without incurring unexpected costs. If we are not able to manage the risks related to our international operations, our business, financial condition and results of operations may be materially affected.
We may need to recognize impairment charges related to goodwill, identified intangible assets and fixed assets.
We have substantial balances of goodwill and identified intangible assets. We are required to test goodwill and any other intangible assets with an indefinite life for possible impairment on an annual basis, or more frequently when circumstances indicate that impairment may have occurred. We are also required to evaluate amortizable intangible assets and fixed assets for impairment if there are indicators of a possible impairment.
Based on the results of the annual impairment test as of October 1, 2022 and the qualitative assessment performed as of December 31, 2022, we concluded that the fair value of our reporting unit exceeded the individual reporting unit’s carrying value, and goodwill was not impaired. There is significant judgment required in the analysis of a potential impairment of goodwill, identified intangible assets and fixed assets. If, as a result of a general economic slowdown, deterioration in one or more of the markets in which we operate or impairment in our financial performance and/or future outlook, the estimated fair value of our long-lived assets decreases, we may determine that one or more of our long-lived assets is impaired. An impairment charge would be recorded if the estimated fair value of the assets is lower than the carrying value and any such impairment charge could have a material adverse effect on our results of operations and financial position. For example, we recorded an impairment charge of $22.5 million in 2021 associated with our intangible assets.
The insurance coverage that we purchase may prove to be inadequate or unavailable when we need the coverage.
We carry liability, property, directors and officers, business interruption, Cyber and other insurance policies to cover insurable risks to our company. We select the types of insurance, the limits and the deductibles based on our specific risk profile, the cost of the insurance coverage versus its perceived benefit and general industry standards. Our insurance policies contain industry standard exclusions for events such as war. Although we generally attempt to select reputable insurance carriers, any economic disruptions may prevent us from using our insurance if the counterparty does not have the capital necessary to meet the coverage. In addition, our agreements with clients also contain obligations to carry comprehensive general liability, property, workers’ compensation, and automobile
44
liability insurance. Any of the limits of insurance that we purchase could prove to be inadequate, which could materially and adversely impact our business, financial condition and results of operations.
Our sales cycles with clients can be long and unpredictable and our sales efforts require significant time and expense.
The timing of our sales with our clients and related revenue recognition is difficult to predict due to the length and unpredictability of the sales cycle for our clients. In addition, the lengthy sales cycle for the evaluation and implementation of our solutions may also cause us to experience a delay between incurring expenses for such sales efforts and the generation of corresponding revenue. The length of our sales cycle can vary substantially from client to client. Our sales efforts, include educating our clients about the use, technical capabilities and benefits of our solution. The clients we serve often undertake a prolonged evaluation process, which frequently involves not only our solution but also those of our competitors. In addition, the size of potential clients may lead to longer sales cycles. As the use of our solution can be dependent upon the timing of work in legal matters, our sales cycle can extend to even longer periods of time. During the sales cycle, we expend significant time and resources on sales and marketing and contract negotiation activities, which may not result in a completed sale. Additional factors that may influence the length and variability of our sales cycle include:
•macroeconomic conditions and other factors affecting client budgets, including inflation;
•the regulatory environment in which our clients operate;
•the discretionary nature of clients’ purchasing decisions and budget cycles;
•the effectiveness of our sales force, particularly new salespeople, as we increase the size of our sales force and train our new salespeople;
•clients’ procurement processes, including their evaluation of competing products and services;
•evolving client demands; and
Further, some of our potential clients may undertake a significant evaluation and negotiation process due to size, organizational structure and approval requirements, all of which can lengthen our sales cycle. We may also face unexpected deployment challenges or more complicated deployment of our solution. These clients may demand additional features, support services and pricing concessions or require additional security management or control features. We may spend substantial time, effort and money on sales efforts to our potential clients without any assurance that our efforts will produce any sales. As a result, it is difficult to predict exactly when, or even if, we will make a sale to a potential client or if we can increase sales to our existing clients. Any of the foregoing could have an adverse effect on our business, financial condition and results of operations.
Legal and Regulatory Risks
Our failure to comply with the export controls and trade and economic sanctions laws and regulations of the United States and various international jurisdictions could result in legal liability and adversely affect our reputation and business.
Our business activities are subject to various export controls and trade and economic sanctions laws and regulations, including, without limitation, the U.S. Commerce Department’s Export Administration Regulations, the U.S. Treasury Department’s Office of Foreign Assets Control’s trade and economic sanctions programs, the United Nations Security Council, and other laws and regulations of a similar nature administered and enforced by relevant government authorities (collectively, “Trade Controls”). Such Trade Controls may prohibit or restrict our ability to, directly or indirectly, conduct activities or dealings in or with certain countries, as well as with individuals or entities that are the subject of Trade Controls-related prohibitions and restrictions. For example, our ability to procure items necessary for our business activities could be adversely impacted by the imposition of export or sanctions-related prohibitions or restrictions on our contractual counterparties. Similarly, our sales of certain commodities, software
45
and technology, and our provision of solutions to persons located outside the United States may be subject to certain regulatory prohibitions, restrictions or other requirements, including certain licensing or reporting requirements. Similarly, our ability to procure such items necessary for our business activities could be adversely impacted by the imposition of export or sanctions-related prohibitions or restrictions on our contractual counterparties. Our failure to successfully comply with applicable Trade Controls may expose us to negative legal and business consequences, including civil or criminal penalties, government investigations, disgorgement of profits, injunctions and suspension or debarment from government contracts, other remedial measures, and reputational harm. Investigations of alleged violations can be expensive and disruptive.
Although we have implemented compliance policies and internal procedures reasonably designed to promote compliance with applicable Trade Controls, we cannot assure compliance by our employees or representatives for which we may be held responsible, and any such violation could materially adversely affect our reputation, business, financial condition and results of operations.
Our failure to comply with the anti-corruption laws and regulations of the United States and various international jurisdictions could adversely affect our reputation and business.
Doing business on a worldwide basis requires us to comply with anti-corruption laws and regulations imposed by governments around the world with jurisdiction over our operations, which may include the Foreign Corrupt Practices Act, or the FCPA, and the U.K. Bribery Act 2010, as well as the laws of the countries where we do business. These laws and regulations apply to companies, individual directors, officers, employees and agents, and may restrict our operations, trade practices, investment decisions and partnering activities. Where they apply, the FCPA and the U.K. Bribery Act prohibit us and our officers, directors, employees and business partners acting on our behalf, including joint venture partners and agents, from corruptly offering, promising, authorizing or providing anything of value to “foreign officials” for the purposes of influencing official decisions or obtaining or retaining business or otherwise obtaining favorable treatment. The U.K. Bribery Act also prohibits non-governmental “commercial” bribery and accepting bribes. As part of our business, we may deal with governments and state-owned business enterprises, the employees and representatives of which may be considered “foreign officials” for purposes of the FCPA and the U.K. Bribery Act. We also are subject to the jurisdiction of various governments and regulatory agencies around the world, which may bring our personnel and agents into contact with “foreign officials” responsible for issuing or renewing permits, licenses or approvals or for enforcing other governmental regulations. In addition, some of the international locations in which we operate lack a developed legal system and have elevated levels of corruption.
Our global operations expose us to the risk of violating, or being accused of violating, anti-corruption laws and regulations. Our failure to successfully comply with these laws and regulations may expose us to reputational harm as well as significant sanctions, including criminal fines, imprisonment, civil penalties, disgorgement of profits, injunctions and suspension or debarment from government contracts, as well as other remedial measures. Investigations of alleged violations can be expensive and disruptive. Despite our compliance efforts and activities, we cannot assure compliance by our employees or representatives for which we may be held responsible, and any such violation could materially adversely affect our reputation, business, financial condition and results of operations.
The legal industry is highly regulated and we are or may become subject to a wide range of foreign, federal, state and local laws, rules and regulations, and any failure to comply with these laws, rules and regulations may adversely affect our business.
The legal industry is and will continue to be subject to extensive and evolving U.S. federal, state and foreign laws, rules and regulations, including the rules and regulations of the organizations and other authorities governing the legal profession in the jurisdictions in which we or our clients operate. These laws, rules and regulations can vary significantly from jurisdiction to jurisdiction. For example, in the United States, each state has adopted laws, regulations and codes of ethics that provide for the licensure of attorneys, generally grant licensed attorneys the exclusive right to practice law in that state and place restrictions upon the activities of licensed attorneys. As a company, we are not authorized to practice law. In the United States, we may not provide legal advice to our clients, primarily because we do not meet the ethical and regulatory requirements, present in nearly every U.S. jurisdiction, of being exclusively owned by licensed attorneys. Although we believe that our operations are either compliant with, or not subject to, these and other regulatory requirements of the jurisdictions in which we or our clients
46
operate, regulators or other authorities of such jurisdictions could disagree. In such circumstances, regulators may enjoin our operations, subject us to rules governing conflicts of interests, require registration, seek to impose punitive fines or sanctions or take other disciplinary actions against us, our employees or our clients, any of which may inhibit our ability to do business in those jurisdictions. In addition, we are subject to regulations and laws specifically governing the internet and the collection, storage, processing, transfer and other use of personal information and other client data. We are also subject to laws and regulations involving taxes, import/export, privacy and data security, anti-spam, content protection, electronic contracts and communications, mobile communications, unencumbered internet access to our products and solutions, the design and operation of websites and internet neutrality. Any failure to comply with these rules and regulations, or any allegations of our failure to comply whether or not we believe they have merit, could adversely affect our business, financial condition and results of operations.
The foregoing description of laws, rules and regulations to which we are or may be subject is not exhaustive and the regulatory framework governing our operations is subject to evolving interpretations and continuous change. Moreover, if we expand into additional jurisdictions, we will be subject to additional laws and regulations.
Litigation and other legal and regulatory claims and proceedings could have an adverse effect on us.
From time to time we have been and may in the future be involved in litigation and other legal and regulatory claims or proceedings that arise in and outside the ordinary course of business, some of which could be material. We expect that the number, frequency and significance of these matters may increase as our business continues to expand, including entering new jurisdictions, and we grow as a company. In addition to the types of claims discussed in elsewhere in “—Legal and Regulatory Risks,” we have been, and may in the future be, subject to claims involving commercial disputes, intellectual property matters, labor and employment matters, such as complaints filed with the U.S. Equal Employment Opportunity Commission or claims brought under the Fair Labor Standards Act, and other matters. We may also be exposed to potential claims arising from the conduct of our employees for which we may be liable. In addition to more general litigation, because of the nature of our business and the fact that most client projects utilizing our offerings are legal matters, at times we are also a named party in these matters because of the use of our services and solutions, including with respect to billing matters.
Any legal or regulatory claims against us or investigation into our business, whether meritorious or not, can be time consuming, result in significant legal and other expenses, require significant amounts of management’s time and divert significant operational resources. Class action lawsuits are often particularly burdensome given the breadth of claims, large potential damages and significant defense costs. Claims and proceedings can also impact client confidence and the general public’s perception of our company, even if the underlying allegations are proven false.
While we from time to time establish legal reserves that we believe to be reasonable under the facts known, the outcomes of litigation and other legal and regulatory claims and proceedings are often hard to reliably predict, making the timing and amount of any reserves difficult to determine and, if a reserve is established, often subject to future revision. Although we carry general liability insurance coverage, our insurance may not cover all potential losses to which we may be subject as a result of litigation and other claims. Any claims or proceedings, particularly those in which we are unsuccessful or for which we did not establish adequate reserves or are not adequately insured, could have an adverse effect on our business, financial condition and results of operations.
Our ability to use our net operating loss carryforwards and certain other tax attributes may be limited and could adversely affect our business, financial condition and operating results.
Under Sections 382 and 383 of the Internal Revenue Code of 1986, as amended, the Code, if a corporation undergoes an “ownership change,” the corporation’s ability to use its pre-change net operating loss, or NOL, carryforwards and other pre-change tax attributes to offset its post-change income and taxes may be limited. In general, an “ownership change” occurs if there is a cumulative change in our ownership by one or more “5% shareholders” (as defined under U.S. income tax laws) that exceeds 50 percentage points over a rolling three-year period. Similar rules apply under state tax laws. We believe it is possible that we may experience an ownership change in the future as a result of future offerings or subsequent shifts in our stock ownership, some of which are outside our control, in which case we may be limited in our ability to use our net operating loss carryforwards and other tax assets to reduce taxes owed on the net taxable income that we earn. If finalized, Treasury Regulations
47
currently proposed under Section 382 of the Code may further limit our ability to utilize our pre-change NOL and tax credit carryforwards if we undergo such an ownership change. See Note 13 – Income Taxes to our audited consolidated financial statements included elsewhere in this Annual Report on Form 10-K.
Unanticipated changes in our effective tax rate or challenges by tax authorities could adversely affect our future results of operations.
We are subject to income taxes in the United States and various non-U.S. jurisdictions. Our effective tax rate could be adversely affected by changes in the allocation of our pre-tax earnings and losses among countries with differing statutory tax rates, in certain non-deductible expenses as a result of acquisitions, in the valuation of our deferred tax assets and liabilities, or in federal, state, local or non-U.S. tax laws and accounting principles, including increased tax rates, new tax laws or revised interpretations of existing tax laws and precedents. Increases in our effective tax rate would adversely affect our operating results.
In addition, we may be subject to income tax audits by various tax jurisdictions throughout the world. The application of tax laws in such jurisdictions may be subject to diverging and sometimes conflicting interpretations by tax authorities in these jurisdictions. Although we believe our income tax liabilities are reasonably estimated and accounted for in accordance with applicable laws and principles, an adverse resolution of one or more uncertain tax positions in any period could have a material impact on the results of operations for that period.
Taxing authorities may successfully assert that we should have collected or in the future should collect additional sales and use taxes, and we could be subject to liability with respect to past or future sales, which could adversely affect our results of operations.
We have not historically filed sales and use tax returns or collected sales and use taxes in all jurisdictions in which we have sales, based on our belief that such taxes are not applicable. Taxing authorities may seek to impose such taxes on us, including for past sales, which could result in penalties and interest. Any such tax assessments may adversely affect the results of our operations.
Taxing authorities could reallocate our taxable income among our subsidiaries, which could increase our consolidated tax liability.
We conduct integrated operations internationally through subsidiaries in various tax jurisdictions pursuant to transfer pricing arrangements between our subsidiaries and between our subsidiaries and us. If two or more affiliated companies are located in different countries, the tax laws or regulations of each country generally require that transfer prices be the same as those between unrelated companies dealing at arm’s length and that contemporaneous documentation is maintained to support the transfer prices. While we believe that we operate in compliance with applicable transfer pricing laws and intend to continue to do so, our transfer pricing procedures are not binding on applicable tax authorities. If tax authorities in any of these countries were to successfully challenge our transfer prices as not reflecting arms’ length transactions, they could require us to adjust our transfer prices and thereby reallocate our income to reflect these revised transfer prices, which could result in a higher tax liability to us. Such reallocations may subject us to interest and penalties that would increase our consolidated tax liability and could adversely affect our financial condition, results of operations and cash flows.
Risks Related to our Substantial Indebtedness
Our substantial levels of indebtedness, a significant portion of which could mature as early as June 2024, could adversely affect our business.
As of December 31, 2022, we had approximately $539.6 million of indebtedness, including $244.8 million in the form of convertible debentures due December 2024 (the “Debentures”) and $294.8 million under the 2021 Credit Agreement that matures on February 8, 2026, unless the Debentures are outstanding six months prior to the December 19, 2024 maturity date thereof, in which case the 2021 Credit Agreement matures on June 19, 2024.
As of December 31, 2022, we did not have any amounts outstanding under our revolving credit facility. Additionally, under our credit facility, we may borrow up to $50 million in the form of delayed draw term loans and,
48
subject to outstanding letters of credit, up to $40 million under our revolving credit facility, as described in Note 7 – Long term debt in our audited consolidated financial statements included elsewhere in this Annual Report on Form 10-K.
Our indebtedness could have important consequences to us and our investors, including, but not limited to:
•increasing our vulnerability to, and reducing our flexibility to respond to, general adverse economic and industry conditions;
•requiring the dedication of a substantial portion of cash flow from operations to the payment of principal of, and interest on, our indebtedness, thereby reducing the availability of such cash flow to fund operations, working capital, capital expenditures, acquisitions, joint ventures or other future business opportunities;
•exposing us to the risk of increased interest rates on our borrowings under our credit facility, which is at variable rates of interest;
•limiting flexibility in planning for, or reacting to, changes in our business, market conditions and the competitive environment, placing us at a competitive disadvantage compared to our competitors who are less highly leveraged; and
•limiting our ability to borrow additional funds and increasing the cost of any such borrowing.
In addition, as our indebtedness matures in 2024, or if we are unable to service our high level of indebtedness, we may need to restructure or refinance all or a portion of our indebtedness, sell material assets or operations or raise additional debt or equity capital. We may not be able to effect any of these actions on a timely basis, on commercially reasonable terms, or at all, and these actions may not be sufficient to meet our capital requirements. Furthermore, we may not be able to invest in our business and as a result, we may not be able to achieve our forecasted results of operation.
Our ability to make payments on debt, to repay existing or future indebtedness when due, to fund operations and significant planned capital expenditures and to support our growth strategy will depend on our ability to generate cash in the future. Our ability to produce cash from operations is, and will be, subject to a number of risks, including those described above in “—Risks Related to Our Business and Industry” and elsewhere in this Annual Report on Form 10-K. Our ability to repay debt will also depend on external factors that are outside of our control, including economic, financial, competitive, legislative, regulatory and other factors. If we are unable to make required interest and principal payments on our indebtedness, it would result in an event of default under the agreements governing such indebtedness, which may result in the acceleration of some or all of our outstanding indebtedness and foreclosure on the assets that secure such indebtedness.
Although our debt agreements contain restrictions on the incurrence of additional indebtedness, the amount of indebtedness that could be incurred in the future in compliance with these restrictions could be substantial, thereby exacerbating the risks associated with our high level of indebtedness.
Any of the foregoing risks could adversely affect our business, financial condition and results of operations. For additional information on our indebtedness, see “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Liquidity and Capital Resources”, and Note 7 – Long term debt in our audited consolidated financial statements included elsewhere in this Annual Report on Form 10-K.
The terms and covenants in our existing indebtedness restricts our ability to engage in some business and financial transactions, which could adversely affect our business.
Our senior secured credit facility and the instruments governing our Debentures have restrictive covenants that limit our and our subsidiaries’ ability to, among other things:
•pay dividends, redeem capital stock and make other restricted payments and investments;
49
•sell assets or merge, consolidate, or transfer all or substantially all of our subsidiaries’ assets;
•engage in certain transactions with affiliates;
•incur or guarantee additional debt;
•impose dividend or other distribution restrictions on our subsidiaries; and
•create liens on our subsidiaries’ assets.
In addition, our credit facility contains a financial maintenance covenant that, among other things, requires the loan parties to not exceed a specified net leverage ratio tested at the end of each quarter. Among other things, we may not be able to borrow money under our credit facility if we are unable to comply with the financial and other covenants included therein. Our credit facility also contains certain customary representations and warranties, affirmative covenants and events of default (including, among other things, an event of default upon a change of control). If an event of default occurs, our lenders will be entitled to take various actions, including the acceleration of amounts due under our credit facility and all actions permitted to be taken by a secured creditor.
Any future debt that we incur may contain additional and more restrictive negative covenants and financial maintenance covenants. These restrictions could limit our ability to obtain debt financing, repurchase stock, pay dividends, refinance or pay principal on our outstanding debt, complete acquisitions for cash or debt or react to changes in our operating environment or the economy.
Our failure to comply with obligations under our credit facility or the agreements governing the Debentures or any future indebtedness may result in an event of default under the applicable agreement. A default, if not cured or waived, may permit acceleration of some or all of our other indebtedness and trigger other termination and similar rights under other contracts. We cannot be certain that we will be able to remedy any defaults and, if our indebtedness is accelerated, we cannot be certain that we will have sufficient funds available to pay the accelerated indebtedness or that we will have the ability to refinance the accelerated indebtedness on terms favorable to us or at all, any of which could have a material adverse effect on our business, financial condition and results of operations.
See Note 7– Long term debt in our audited consolidated financial statements included elsewhere in this Annual Report on Form 10-K.
Risks Related to our Common Stock
There is currently no active public market for our common stock and an active, liquid and orderly trading market for our common stock may not develop or be maintained.
Our common stock currently trades in over-the-counter markets and is quoted on the OTC Pink Sheet Market under the ticker symbol “KLDI.” An active, liquid and orderly trading market for our common stock may not develop or be maintained. Accordingly, no assurance can be given as to the following:
•the likelihood that an active trading market for our common stock will develop or be sustained;
•the liquidity of any such market;
•the ability of our stockholders to sell their shares of common stock; or
•the price that our stockholders may obtain for their common stock.
On December 19, 2019 we received notification from the NYSE regarding the delisting of our common stock following consummation of the Business Combination for failing to meet the listing requirement to have 400 minimum round lot shareholders (holders of 100 shares or more) and, on January 7, 2020, our common stock was delisted. If an active market for our common stock with meaningful trading volume does not develop in the future or is not maintained for any reason, the market price of our common stock may decline materially and you may not be able to sell your shares or get accurate price quotations on our common stock. Further, to the extent our common stock is determined to be a “penny stock” (an equity security with a price of less than $5.00 that is not registered on certain national securities exchanges or authorized for quotation on certain automated quotation systems meeting certain requirements), brokers trading in our common stock would be required to adhere to different rules, possibly
50
resulting in a reduced level of trading activity in the secondary trading market for our common stock. Under any of these scenarios, our ability to issue additional securities for financing or other purposes, or otherwise to arrange for any financing we may need in the future, may also be materially and adversely affected.
The trading price of our common stock may be volatile.
The market price of our common stock may be highly volatile and could fluctuate significantly due to a number of factors, some of which are beyond our control. The following factors, among others, could adversely affect our stock price or result in significant price or volume volatility, regardless of our actual operating performance:
•actual or anticipated variations in our operating and financial performance and that of our competitors, including reserve estimates;
•changes in our industry or the markets in which we operate;
•our ability to accurately project future results and our ability to achieve those or meet the expectations of other industry and analyst forecasts;
•changes in market valuations of similar companies;
•strategic actions, including acquisitions, or investments by us or our competitors;
•speculation in the press or investment community;
•sales of our common stock by us, our directors or officers or the perception that such sales may occur;
•changes in key management personnel;
•actions by our stockholders, including sales of large blocks of our common stock;
•general macroeconomic and political conditions, including an economic slowdown, increased interest rates or inflation;
•new or changes to existing legislation or other regulatory developments that affect us, or our industry or our markets;
•short selling of our common stock or related derivative securities or hedging activities; and
•the realization of any risks described in this “Risk Factors” section or elsewhere in this Annual Report on Form 10-K.
The stock markets in general have experienced extreme price and volume volatility often unrelated to the operating performance of particular companies. These broad market fluctuations may adversely affect the trading price of our common stock and other companies in our industry, often without regard to the operating performance of the affected companies. Securities class action litigation has often been instituted against companies following periods of volatility in the overall market and in the market price of a company’s securities. Such litigation, if instituted against us, could result in substantial costs, divert our management’s attention and resources and harm our business, operating results, financial condition and reputation. In addition, the Business Combination resulted in our merging with a special purpose acquisition company, or SPAC, which can cause additional volatility in the price of our common stock. We expect that the price of our common stock and of that of SPACs in general may be more volatile compared to the stock price of an operating company. Therefore, factors that have little or nothing to do with us could cause the price and trading volume of our common stock to fluctuate, and these fluctuations or any fluctuations related to our company could cause the market price of our common stock to decline materially.
Our stock price may be exposed to additional risks because our business became a public company through a “de-SPAC” transaction. Recently, there has been increased focus by government agencies and plaintiff firms on transactions such as the Business Combination, and we expect that increased focus to continue, and we may be subject to increased scrutiny by the SEC and other government agencies and holders or former holders of our securities as a result, which could adversely affect the price of our common stock.
51
The coverage of our business or our common stock by securities or industry analysts or the absence thereof could adversely affect our stock price and trading volume.
The market for our common stock will be influenced in part by the research and other reports that industry or securities analysts may publish about us or our business or industry. We do not currently have, and may never obtain, research coverage by industry or financial analysts. If no or few analysts commence coverage of us, the trading price and volume of our stock would likely be negatively impacted. If analysts do cover us and one or more of them downgrade our stock, or if they issue other unfavorable commentary about us or our industry or inaccurate research, our stock price would likely decline. Furthermore, if one or more of these analysts cease coverage or fail to regularly publish reports on us, we could lose visibility in the financial markets. Any of the foregoing would likely cause our stock price and trading volume to decline.
We may issue additional shares of common stock or other equity securities without stockholder approval, which would dilute existing ownership interests and may depress the market price of our common stock.
We have warrants outstanding to purchase up to an aggregate of 29,350,000 shares of common stock at an exercise price of $11.50 per share. To the extent the price of our common stock rises above the exercise price of these warrants and they are exercised, an existing stockholder’s investment in the company will be diluted. Further, the warrants that were issued in a private placement concurrent with the consummation of the IPO, or the Private Warrants, can be exercised on a cashless basis, meaning we would not receive any cash proceeds in connection with any such exercise. We also may issue an aggregate of 2,200,000 shares of common stock to certain of our stockholders if the reported closing sale price of our common stock equals or exceeds $13.50 per share for any 20 consecutive trading days during the five-year period following the closing of the Business Combination on December 19, 2019. As of December 31, 2022, 11,760,678 shares of common stock were reserved under the 2019 Plan, of which 2,145,118 shares of common stock remained available for issuance. We have filed registration statements on Form S-8 under the Securities Act registering these shares under our 2019 Plan and outstanding awards issued under our 2019 Plan. Subject to the terms of the awards pursuant to which these shares have been or may be granted, and except for shares held by affiliates who will be subject to the resale restrictions described below, the shares issuable pursuant to awards granted under our stock incentive plans will be available for sale in the public market immediately.
Additionally, in the event we voluntarily prepay all or a portion of the Debentures prior to maturity, the holders of such prepaid Debentures will have the right to purchase shares of our common stock in amount commensurate in value to the pre-payment at a price of $18 per share, subject to adjustment. The holders of the Debentures also have the option to convert the Debentures into shares of our common stock at the same price at any time. The number of shares that may be issued in such a circumstance cannot be determined at this time. We may issue additional shares of common stock or other equity securities of equal or senior rank in the future in connection with, among other things, future acquisitions or repayment of outstanding indebtedness, without stockholder approval, in a number of circumstances. The issuance of additional shares of common stock or other equity securities of equal or senior rank would dilute the ownership interests of existing stockholders and could cause the market price of our common stock to decline.
We are an emerging growth company and a smaller reporting company, and any decision on our part to comply with certain reduced reporting and disclosure requirements available to us could make our common stock less attractive to investors.
We are an emerging growth company and a smaller reporting company, and, for as long as we continue to be either, we intend to take advantage of exemptions from various reporting requirements applicable to other public companies but not to emerging growth companies or smaller reporting companies, including, but not limited to: including only two years of audited financial statements in our Annual Reports on Form 10-K and Securities Act registration statements; not being required to have our independent registered public accounting firm audit our internal control over financial reporting under Section 404 of the Sarbanes-Oxley Act; reduced disclosure obligations regarding our business, executive compensation, corporate governance and other matters in our registration statements, periodic reports and proxy statements; and exemptions from the requirements of holding a nonbinding advisory vote on executive compensation and stockholder approval of any golden parachute payments not previously approved. Under the JOBS Act, emerging growth companies can also delay adopting new or revised
52
accounting standards until such time as those standards apply to private companies. We have chosen to “opt in” to this extended transition period for complying with new or revised accounting standards and, as a result, we are not be subject to the same new or revised accounting standards as other public companies that comply with such new or revised standards on a non-delayed basis. We will cease to be an emerging growth company upon the earliest of: (i) the end of the fiscal year following the fifth anniversary of the IPO, which occurs in February 2024; (ii) the last day of the fiscal year during which our total annual gross revenues are $1.235 billion or more; (iii) the date on which we have, during the previous three-year period, issued more than $1.0 billion in non-convertible debt securities; or (iv) both our annual revenue is $100 million or more during the most recently completed fiscal year and the market value of our common stock held by non-affiliates is $700 million or more as of the last business day of our second fiscal quarter of that year. We will cease being a smaller reporting company as of the last business day of the second fiscal quarter of any fiscal year on which either (i) the market value of our common stock held by non-affiliates is $250.0 million or more as of such date or (ii) both our annual revenue was $100 million or more during the most recently completed fiscal year and the market value of our common stock held by non-affiliates is $700 million or more as of such date. However, we may continue relying on the reduced reporting requirements of smaller reporting companies through the Annual Report on Form 10-K for the fiscal year in which we no longer qualify as a smaller reporting company. Therefore, we may continue to qualify as a smaller reporting company even after we cease to be an emerging growth company. We cannot predict if investors will find our common stock less attractive because we have chosen to rely on these exemptions. If some investors find our common stock less attractive as a result of any choices to reduce future disclosure, there may be a less active trading market for our common stock and the price of our common stock may decline or be more volatile.
The trading price of our common stock may decline if our stockholders sell a large number of shares of our common stock or if we issue a large number of new shares of our common stock or shares convertible into our common stock.
A majority of our outstanding shares of common stock are held by a relatively small number of our stockholders, including one or more affiliates of the Carlyle Group, L.P., or TCG, Revolution Growth III, L.P., or Revolution Growth, and Pivotal. All shares held by our affiliates are eligible for resale in the public market, subject to applicable securities laws, including the Securities Act. Rule 144 of the Securities Act provides a safe harbor under which affiliates of an issuer may resell their securities into the public market, subject to volume limitations and other restrictions. However, TCG has the right to demand that we register its shares under the Securities Act and it and other stockholders have the right to include their shares in any registration statement that we file with the SEC, subject to certain exceptions. Any registration of these or other shares would enable those shares to be sold in the public market. A sale of a substantial number of our shares in the public market by our significant stockholders or pursuant to new issuances by us or the perception that one or more of these sales or issuances could occur could depress the market price of our common stock and impair our ability to raise capital through the sale of additional equity securities.
Concentration of ownership among our large stockholders and their affiliates may limit the influence of smaller stockholders on corporate decisions and the interests of such large stockholders may not align with those of the smaller stockholders.
Currently, a majority of our outstanding shares are held by a relatively small number of our stockholders, including one or more affiliates of TCG, Revolution Growth and Pivotal. Additionally, TCG and Revolution Growth have the right together to nominate for election up to six members of our Board of Directors, depending on the parties’ aggregate beneficial ownership of our common stock. As a result, if some of these stockholders vote in an aligned manner, they could meaningfully influence the outcome of matters submitted to our stockholders for approval, including the election of directors, amendments to our certificate of incorporation and bylaws and approval of significant corporate transactions, such as a merger or sale of our company or its assets and make some transactions that might otherwise give our other stockholders the opportunity to realize a premium over the then-prevailing market price of our common stock more difficult or impossible without their support. This concentration of ownership could limit the ability of other stockholders to influence corporate matters and may delay or preclude an acquisition. These stockholders may transfer significant voting blocks of our common stock to a third-party by transferring their common stock, which would not require the approval of our Board of Directors or other
53
stockholders. Some of these persons or entities may have interests that may materially differ from the rest of our stockholders. This concentration of ownership may also adversely affect our share price.
Additionally, TCG, Revolution Growth, Pivotal and certain current and former directors, including Kevin Griffin, and, in each case, and their respective affiliates, are in the business of making investments in companies and may from time to time acquire and hold interests in businesses that compete directly or indirectly with us. These parties may also pursue acquisition opportunities that may be complementary to our business, and as a result, those acquisition opportunities may not be available to us. In recognition that representatives of these parties and their respective affiliated entities and funds may serve as members of our Board of Directors or in other capacities, our second amended and restated certificate of incorporation provides, among other things, that, to the fullest extent permitted by law: (i) the parties and their respective affiliates shall not have any fiduciary duty to refrain from engaging directly or indirectly in the same or similar business activities or lines of business we do, (ii) we renounce any interest or expectancy in, or in being offered an opportunity to participate in, business opportunities that are from time to time presented to these parties and their respective affiliates, even if the opportunity is one that we might reasonably be expected to pursue or would have pursued given the opportunity to do so and (iii) each of these parties and their respective affiliates shall have no duty to communicate or offer any such business opportunity to us and will not be liable to us for breach of any fiduciary or other duty, as a director or officer or otherwise, by reason of the fact that they pursue the business opportunity, direct the business opportunity to another person or fail to present the business opportunity to us; provided that the corporate opportunity was not expressly and exclusively offered to any such person in his, her or its capacity as one of our directors or officers. In the context of this waiver, a corporate opportunity will not be deemed to belong to us if it is a business opportunity that we are not financially or legally able or contractually permitted to undertake, or that is, from its nature, not in our line of business or is of no practical advantage to us or that is one in which we have no interest or reasonable expectancy. These potential conflicts of interest could have a material adverse effect on our business, financial condition and results of operations if, among other things, attractive corporate opportunities are allocated by these parties to themselves or one of their respective affiliates.
We have never paid dividends on our common stock, and we do not anticipate paying any cash dividends on our common stock in the foreseeable future.
We have never declared or paid cash dividends on our common stock. We do not anticipate paying any cash dividends on our common stock in the foreseeable future. We currently intend to retain all available funds and any future earnings to fund the development and growth of our business. Any determination to pay dividends to holders of our common stock will be at the discretion of our Board of Directors and will depend upon many factors, including our financial condition, results of operations, projections, liquidity, earnings, legal requirements, restrictions in our credit facility, agreements governing any other indebtedness we may enter into and other factors that our Board of Directors deems relevant. See “Market for Registrant’s Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities—Dividend Policy.” Accordingly, our stockholders may need to sell their shares of our common stock to realize a return on their investment, and they may not be able to sell their shares at or above the price they paid for them. As a result, capital appreciation, if any, of our common stock will be our stockholders’ sole source of gain for the foreseeable future.
Our ability to raise capital in the future may be limited and we may not be able to secure additional financing on terms that are acceptable to us, or at all.
In order for us to grow and successfully execute our business plan, we will require additional financing. Additionally, our business and operations may consume resources faster than we anticipate. Therefore, in the future, we expect we will raise additional funds through various financings that may include the issuance of new equity securities, debt or a combination of both. However, any sale or perception of a possible sale by one or more of our significant stockholders or our other affiliates, and any related decline in the market price of our common stock, could impair our ability to raise capital. Further, additional financing, whether debt or equity, may not be available on favorable terms, or at all. If adequate funds are not available on acceptable terms, we may be unable to fund our capital requirements. If we issue new debt securities, the debt holders would have rights senior to stockholders to make claims on our assets, and the terms of any debt could restrict our operations, including our ability to pay dividends on our common stock. If we issue additional equity securities, existing stockholders will experience
54
dilution, and the new equity securities could have rights senior to those of our common stock. Because our decision to issue securities in any future offering will depend on market conditions and other factors beyond our control, we cannot predict or estimate the amount, timing or nature of our future offerings. Thus, our stockholders bear the risk of our future securities offerings reducing the market price of our common stock and diluting their interest.
Other Miscellaneous Risks
Any failure to maintain an effective internal control over financial reporting could adversely affect our business and stock price.
As a public company, we are subject to the reporting requirements of the Exchange Act and the Sarbanes-Oxley Act of 2002. The Sarbanes-Oxley Act requires, among other things, that we establish and maintain effective internal control over financial reporting. In particular, Section 404 of the Sarbanes-Oxley Act requires us to furnish annually a report by management on the effectiveness of our internal control over financial reporting. As an emerging growth company and smaller reporting company, we currently avail ourselves of the exemption from the requirement that our independent registered public accounting firm attest to the effectiveness of our internal control over financial reporting under Section 404. However, we may no longer avail ourselves of this exemption when we cease to be both an emerging growth company and a smaller reporting company. At such time, our independent registered public accounting firm may issue a report that is adverse in the event it is not satisfied with the level at which our internal control over financial reporting is documented, designed or operating.
We expect that the requirements of these rules and regulations will continue to increase our legal, accounting and financial compliance costs, make some activities more difficult, time-consuming and costly and place significant strain on our personnel, systems and resources. Testing and maintaining internal controls can also divert our management’s attention from other matters that are important to the operation of our business. Our current controls and any new controls that we develop may become inadequate because of changes in conditions in our business. Additionally, a control system, no matter how well designed and operated, can provide only reasonable, not absolute, assurance that the control system’s objectives will be met. Because of the inherent limitations in all control systems, no evaluation of controls can provide absolute assurance that misstatements due to error or fraud will not occur or that all control issues and instances of fraud will be detected. Therefore, our internal control over financial reporting will not prevent or detect all errors and all fraud.
Any failure to develop or maintain effective controls could harm our results of operations or make it more difficult to record, process, produce and report financial information accurately, and to prepare financial statements on a timely basis as required by SEC rules, which could cause us to fail to meet our reporting obligations and may result in a restatement of our consolidated financial statements for prior periods. Any failure to maintain effective internal control over financial reporting could adversely affect our business, financial condition and results of operations. Ineffective internal control over financial reporting could also cause investors to lose confidence in our reported financial and other information, subject us to civil and criminal investigations and penalties and adversely effect on the trading price of our common stock.
We had identified a material weakness in our internal control over financial reporting. If we are unable to develop and maintain an effective system of internal control over financial reporting, we may not be able to accurately report our financial results in a timely manner, which may adversely affect investor confidence in us and materially and adversely affect our business and operating results.
We had identified a material weakness in our internal control over financial reporting in the past and other significant deficiencies and material weaknesses may be discovered in the future. A material weakness is a deficiency, or a combination of deficiencies, in internal control over financial reporting such that there is a reasonable possibility that a material misstatement of our annual or interim financial statements will not be prevented or detected on a timely basis. Following the April 12, 2021 issuance of the SEC “Staff Statement on Accounting and Reporting Considerations for Warrants Issued by Special Purpose Acquisition Companies (“SPACs”)” and after consultation with our independent registered public accounting firm, our management and our audit committee concluded that, in light of the SEC Staff statement, the Private Warrants, which we had been accounting for as a component of equity in the 2020 and 2019 financial statements should have been recorded as a liability at fair value. The Company had determined that the errors were not material to those historical financial
55
statements and therefore recorded the cumulative effect of the errors on prior periods during the three months ended March 31, 2021. As part of such process, we had identified a material weakness in our internal control over financial reporting. Although we believe we have remediated this material weakness, we may need to take additional measures to address the material weakness or modify remediation steps taken, and we cannot be certain that the measures we have taken, will be sufficient to address the issues identified, to ensure that our internal controls are effective or to ensure that the identified material weakness will not result in a material misstatement of our consolidated financial statements. Moreover, we cannot assure you that we will not identify additional material weaknesses in our internal controls over financial reporting in the future. Further, as a result of this material weakness, and other matters raised or that may in the future be raised by the SEC, we face potential for litigation or other disputes which may include, among others, claims invoking the federal and state securities laws, contractual claims or other claims arising from the material weakness in our internal control over financial reporting and the preparation of our financial statements. As of the date of this Annual Report on Form 10-K, we have no knowledge of any such litigation or dispute. However, we can provide no assurance that such litigation or dispute will not arise in the future. Any such litigation or dispute, whether successful or not, could have a material adverse effect on our business, financial condition and results of operations.
Our second amended and restated certificate of incorporation contains anti-takeover provisions that could adversely affect the rights of our stockholders.
Our second amended and restated certificate of incorporation contains provisions to limit the ability of others to acquire control of our company or cause us to engage in change-of-control transactions, including, among other things:
•provisions that authorize our Board of Directors, without action by our stockholders, to issue additional shares of common stock and preferred stock with preferential rights determined by our Board of Directors;
•provisions that permit only a majority of our Board of Directors to call stockholder meetings and therefore do not permit stockholders to call stockholder meetings;
•provisions that impose advance notice requirements, minimum shareholding periods and ownership thresholds, and other requirements and limitations on the ability of stockholders to propose matters for consideration at stockholder meetings;
•provisions limiting stockholders’ ability to act by written consent; and
•a staggered Board of Directors whereby our directors are divided into three classes, with each class subject to retirement and re-election once every three years on a rotating basis.
These provisions could have the effect of depriving our stockholders of an opportunity to sell their common stock at a premium over prevailing market prices by discouraging third parties from seeking to obtain control of our company in a tender offer or similar transaction. With our staggered Board of Directors, at least two annual or special meetings of stockholders will generally be required in order to effect a change in a majority of our directors. Our staggered Board of Directors can discourage proxy contests for the election of our directors and purchases of substantial blocks of our shares by making it more difficult for a potential acquirer to gain control of our Board of Directors in a relatively short period of time.
Our second amended and restated certificate of incorporation provides, subject to limited exceptions, that the Court of Chancery of the State of Delaware will be the sole and exclusive forum for certain stockholder litigation matters, which could limit our stockholders’ ability to obtain a favorable judicial forum for disputes with us or our directors, officers, employees or stockholders.
Our second amended and restated certificate of incorporation requires, to the fullest extent permitted by law, that derivative actions brought in our name, actions against directors, officers and employees for breach of fiduciary duty and other similar actions may be brought only in the Court of Chancery in the State of Delaware and, if brought outside of Delaware, the stockholder bringing the suit will be deemed to have consented to service of process on
56
such stockholder’s counsel except any action (A) as to which the Court of Chancery in the State of Delaware determines that there is an indispensable party not subject to the jurisdiction of the Court of Chancery (and the indispensable party does not consent to the personal jurisdiction of the Court of Chancery within ten days following such determination), (B) which is vested in the exclusive jurisdiction of a court or forum other than the Court of Chancery, (C) for which the Court of Chancery does not have subject matter jurisdiction, or (D) any action arising under the Securities Act, as to which the Court of Chancery and the federal district court for the District of Delaware shall have concurrent jurisdiction. Any person or entity purchasing or otherwise acquiring any interest in shares of our capital stock shall be deemed to have notice of and consented to the forum provisions in the second amended and restated certificate of incorporation.
This choice of forum provision may limit a stockholder’s ability to bring a claim in a judicial forum that it finds favorable for disputes with us or any of our directors, officers, other employees or stockholders, which may discourage lawsuits with respect to such claims. We cannot be certain that a court will decide that this provision is either applicable or enforceable, and if a court were to find the choice of forum provision contained in our second amended and restated certificate of incorporation to be inapplicable or unenforceable in an action, we may incur additional costs associated with resolving such action in other jurisdictions, which could harm our business, operating results and financial condition.
Our second amended and restated certificate of incorporation provides that the exclusive forum provision will be applicable to the fullest extent permitted by applicable law. Notwithstanding the foregoing, Section 27 of the Exchange Act creates exclusive federal jurisdiction over all suits brought to enforce any duty or liability created by the Exchange Act or the rules and regulations thereunder. As a result, the exclusive forum provision will not apply to suits brought to enforce any duty or liability created by the Exchange Act or any other claim for which the federal courts have exclusive jurisdiction.