Washington, D.C. 20549
Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act. Yes
☐
No
☒
Indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or Section 15(d) of the Act. Yes
☐
No
☒
Indicate by check mark whether the registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days. Yes
☒
No
☐
Indicate by check mark whether the registrant has submitted electronically and posted on its corporate Web site, if any, every Interactive Data File required to be submitted and posted pursuant to Rule 405 of Regulation S-T (§ 232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit and post such files). Yes
☒
No
☐
Indicate by check mark if disclosure of delinquent filers pursuant to Item 405 of Regulation S-K is not contained herein, and will not be contained, to the best of registrant’s knowledge, in definitive proxy or information statements incorporated by reference in Part III of this Form 10-K or any amendment to this Form 10-K.
☐
Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, or a smaller reporting company. See the definitions of “large accelerated filer,” “accelerated filer” and “smaller reporting company” in Rule 12b-2 of the Exchange Act. (Check one):
Indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Act). Yes
☐
No
☒
The aggregate market value of the registrant's common stock held by non-affiliates of the registrant on June 30, 2016 (based on the closing sale price of $38.12 on that date), was approximately $373,329,249. Common stock held by each officer and director and by each person known to the registrant who owned 10% or more of the outstanding common stock have been excluded in that such persons may be deemed to be affiliates. This determination of affiliate status is not necessarily a conclusive determination for other purposes.
The number of shares of the registrant’s common stock outstanding as of February 17, 2017 was 30,714,527
.
Portions of the registrant’s definitive Proxy Statement for its 2017 Annual Meeting of Stockholders currently scheduled to be held on June 2, 2017 are incorporated by reference into Part III hereof.
Compliance and Certifications
We obtain third-party examinations of our controls relating to security and data privacy. Certain examinations are conducted under Statement on Standards for Attestation Engagements, or SSAE, No. 16 (Reporting on Controls at a Service Organization). In particular, we obtain Service Organization Controls, or SOC, reports known as SOC 1 Type II and SOC 2 Type II audits that test the design and operating effectiveness of controls over a period of time. An independent auditor conducts these examinations annually and addresses, among other areas, our physical and environmental safeguards for production data centers, data availability and procedures covering integrity, change management, and logical security.
On an annual basis, we complete an internal audit of compliance against the Payment Card Industry Data Security Standards, or PCI-DSS, applicable to Level 1 service providers. These standards focus on application and network security controls for companies that transmit and store credit card data on behalf of clients. Benefitfocus meets PCI compliance requirements as a Level 1 service provider and submits its Report on Compliance and Attestation of Compliance documenting this assessment to the four major credit card brands annually.
In addition to PCI-DDS, Benefitfocus meets all applicable security requirements required by the National Automated Clearinghouse Association, or NACHA, for third-party service providers, as well as all requirements for Covered Entities as required by HIPAA. We validate both NACHA and HIPAA compliance annually through internal audits.
Competition
While we do not believe any single competitor offers similarly expansive software solutions, we face competition from various sources, many of which have greater resources than us. Competition in our employer segment includes:
|
•
|
ERP software companies, including Oracle (PeopleSoft), Infor (Lawson) and Workday each offering a cloud-based benefits administration software solution;
|
|
•
|
HR outsourcing companies, including companies such as Towers Watson, both of which have recently launched benefits exchange solutions;
|
|
•
|
payroll service providers, including ADP and Paychex, both of which have expanded their core payroll services to include some form of cloud-based benefits administration services; and
|
|
•
|
various niche software vendors.
|
Competitors in our carrier segment include:
|
•
|
insurance carriers that have invested in internally developed benefit management solutions;
|
|
•
|
member services companies, including those providing web-based subscriber enrollment and claims adjudication services, such as Trizetto (acquired by Cognizant) and DST Health Solutions; and
|
|
•
|
various niche software vendors.
|
We believe that competition for benefits software and services is based primarily on the following factors:
|
•
|
capability for customization through configuration, integration, security, scalability, and reliability of applications;
|
|
•
|
competitive and understandable pricing;
|
|
•
|
breadth and depth of application functionality;
|
|
•
|
size of customer base and level of user adoption;
|
|
•
|
extensive data exchange network;
|
|
•
|
cloud-based delivery model;
|
|
•
|
dynamic communication capabilities with contextual media, animation, and acknowledgement tools;
|
|
•
|
ability to integrate with legacy enterprise infrastructures and third-party applications;
|
|
•
|
domain expertise in benefits and healthcare consumerism;
|
|
•
|
extensive base of rules and event-driven benefit eligibility and enrollment;
|
11
|
•
|
accessible on any browser or mobile device;
|
|
•
|
modern and adaptive technology platform;
|
|
•
|
access to third-party apps;
|
|
•
|
clearly defined implementation timeline;
|
|
•
|
customer-branding and styling; and
|
|
•
|
ability to innovate and respond to customer and legislative needs rapidly.
|
We believe that we compete effectively based upon all of these criteria, and that we are likely to continue to retain a high percentage of our customers from year to year. Nonetheless, we believe that the increasing acceptance of automated solutions in the healthcare marketplace and the adoption of more sophisticated technology and continuing legislative reform will result in increased competition, including potentially from large software companies with greater resources than ours. Other companies might develop superior or more economical service offerings that our customers could find more attractive than our offerings. Moreover, the regulatory landscape might shift in a direction that is more strategically advantageous to competitors.
Research and Development
Our ability to compete depends, in large part, on our continuous commitment to rapidly introduce new applications, technologies, features, and functionality. We deliver multiple software releases per year, updating the Benefitfocus Platform to leverage advances in cloud computing, mobile applications, and data management. Our research and development team is responsible for the design and development of our applications. We follow state-of-the-art practices in software development using modern programming languages, data storage systems, and other tools. We use both commercial and open source products, following a “best tool for the job” philosophy in product selection. Our software has a multi-tiered architecture that ensures flexibility to add or modify features quickly in response to changing market dynamics, customer needs, or regulatory requirements.
Our research and development expenses were $56.6 million, $52.3 million and $41.7 million for the years December 31, 2016, 2015 and 2014, respectively.
Intellectual Property
We rely on a combination of patent, trade secret, copyright, and trademark laws, license agreements, confidentiality procedures, confidentiality and nondisclosure agreements, and technical measures to protect the intellectual property used in our business. We generally enter into confidentiality and nondisclosure agreements with our associates, consultants, vendors, and customers. We also seek to control access to and distribution of our software, documentation, and other proprietary information.
We use numerous trademarks for our products and services, and “Benefitfocus”, “HR InTouch”, “HR InTouch Marketplace”, “All Your Benefits. One Place.”, “All Your Benefits. In Your Pocket.”, and “Shop. Enroll. Manage. Exchange.” are registered marks of Benefitfocus in the United States. Through claimed common law trademark protection, we also protect other Benefitfocus marks which identify our services, such as Benefitfocus eEnrollment, Benefitfocus eBilling, Benefitfocus eExchange, and Benefitfocus eSales, and we have reserved numerous domain names, including “benefitfocus.com”. We also have registered trademarks and pending trademark applications in foreign jurisdictions such as Australia, Canada, India, Israel, Ireland, New Zealand, South Africa, and the United Kingdom.
We have been granted five U.S. patents (utility patents) and have five U.S. patent applications (all for utility patents) pending. Our first patent, which protects specified systems and methods for the automatic creation of agent-based systems, was issued in April 2013 and will not expire until May 2030. Our second patent, which protects specified systems and methods for secure agent information, was issued in October 2013 and will not expire until November 19, 2030. Our third patent, which protects registration and execution of highly concurrent processing tasks, was issued in January 2015 and will not expire until February 2032. Our two patents issued in 2016 and expiring in 2033 protect systems and methods for classifying and analyzing computer system runtime events and intercepting and adjusting for behaviors through the configuration of computer system runtime settings. We also have two Chinese, two Japanese and one Australian, Taiwanese, and Hong Kong patents and a number of pending patent applications under foreign jurisdictions and treaties, such as Australia, Canada, China, Hong Kong, India, Japan, South Korea, Taiwan, the European Patent Convention, and the Patent Cooperation Treaty.
12
We also rely on certain intellectual property rights that we license from third parties. Al
though we believe that alternative technologies are generally available to replace such licenses, these third-party technologies may not continue to be available to us on commercially reasonable terms.
Although we rely on intellectual property rights, including trade secrets, patents, copyrights, and trademarks, as well as contractual protections to establish and protect our proprietary rights, we believe that factors such as the technological and creative skills of our personnel, creation of new modules, features and functionality, and frequent enhancements to our applications are more essential to establishing and maintaining our technology leadership position.
The steps we have taken to protect our copyrights, trademarks, and other intellectual property may not be adequate, and the potential exists that third parties could infringe, misappropriate, or misuse our intellectual property. If this were to occur, it could harm our reputation and adversely affect our competitive position or operations. In addition, laws of other jurisdictions may not protect our intellectual property and proprietary rights from unauthorized use or disclosure in the same manner as the United States. The risk of unauthorized use of our proprietary and intellectual property rights may increase as our company expands outside of the United States.
Government Regulation
Introduction
The employee benefits industry is required to comply with extensive and complex U.S. laws and regulations at the federal and state levels. Although many regulatory and governmental requirements do not directly apply to our business, our customers are required to comply with a variety of U.S. laws, and we may be impacted by these laws as a result of our contractual obligations. For many of these laws, there is little history of regulatory or judicial interpretation upon which to rely.
Requirements of PPACA
Our business could be affected by changes in healthcare spending. In March 2010, President Obama signed into law PPACA. PPACA changed how healthcare services are covered, delivered and reimbursed through expanded coverage of uninsured individuals, reduced Medicare program spending and insurance market reforms. PPACA required states to expand Medicaid coverage significantly and establish health insurance exchanges to facilitate the purchase of health insurance by individuals and small employers and provided subsidies to states to create non-Medicaid plans for certain low-income residents.
Although numerous lawsuits challenged the constitutionality of PPACA, the U.S. Supreme Court upheld the constitutionality of PPACA except for provisions that would have allowed the U.S. Department of Health and Human Services, or HHS, to penalize states that did not implement the Medicaid expansion with the loss of existing federal Medicaid funding. Consequently, a number of states opted out of the Medicaid expansion. Since that time, several states that initially opted out of the Medicaid expansion changed their minds and expanded Medicaid after all. While many of the provisions of PPACA will not be directly applicable to us, PPACA, as currently implemented, might affect the business of many of our customers. Carriers and large employers might experience changes in the numbers of individuals they insure as a result of Medicaid expansion and the creation of state and national exchanges, though it is unclear how many states will decline to implement the Medicaid expansion or adopt state-specific exchanges.
The long-term viability of PPACA is also currently in doubt. We expect that the U.S. federal government will seek to modify, repeal, or otherwise invalidate all, or certain provisions of PPACA. For instance, on January 20, 2017, an executive order was issued which stated that it is the U.S. federal government’s policy to seek the prompt repeal of PPACA, and directed the heads of all executive departments and agencies to minimize the economic and regulatory burdens of PPACA to the maximum extent permitted by law. Should Congress or the courts modify, repeal or otherwise invalidate PPACA or any parts of its provisions, the business of our customers could be substantially affected.
Requirements Regarding the Confidentiality, Privacy and Security of Personal Information
HIPAA and Other Privacy and Security Requirements.
There are numerous U.S. federal and state laws and regulations related to the privacy and security of personal health information. In particular, regulations promulgated pursuant to the Health Insurance Portability and Accountability Act of 1996, or HIPAA, establish privacy and security standards that
limit the use and disclosure of individually identifiable health information and require the implementation of administrative, physical and technological safeguards to ensure the confidentiality, integrity and availability of individually identifiable health information in electronic form. Health plans, healthcare clearinghouses and most providers are
13
considered by the HIPAA regulations to be “Covered Entities.” With respect to our operations as a healthcare clearinghouse, we are directly subject to the Privacy Standards and the Security Standards. In addition, our carr
ier customers, or payors, are considered to be Covered Entities and are required to enter into written agreements with us, known as Business Associate Agreements, under which we are considered to be a Business Associate and that require us to safeguard ind
ividually identifiable health information and restrict how we may use and disclose such information. Effective February 2010, the American Recovery and Reinvestment Act of 2009, or ARRA, extended the direct application of some provisions of the Privacy Sta
ndards and Security Standards to us when we are functioning as a Business Associate of our Covered Entity customers. The Privacy Standards extensively regulate the use and disclosure of individually identifiable health information by Covered Entities and t
heir Business Associates. For example, the Privacy Standards permit Covered Entities and their Business Associates to use and disclose individually identifiable health information for treatment and to process claims for payment, but other uses and disclosu
res, such as marketing communications, require written authorization from the individual or must meet an exception specified under the Privacy Standards. The Privacy Standards also provide patients with rights related to understanding and controlling how t
heir health information is used and disclosed. Effective February 2010 or later (in the case of restrictions tied to the issuance of implementing regulations), ARRA imposed stricter limitations on certain types of uses and disclosures, such as additional r
estrictions on marketing communications and the sale of individually identifiable health information. To the extent permitted by the Privacy Standards, ARRA and our contracts with our customers, we may use and disclose individually identifiable health info
rmation to perform our services and for other limited purposes, such as creating de-identified information. Determining whether data has been sufficiently de-identified to comply with the Privacy Standards and our contractual obligations may require comple
x factual and statistical analyses and may be subject to interpretation. The Security Standards require Covered Entities and their Business Associates
to implement and maintain administrative, physical and technical safeguards to protect the security of in
dividually identifiable health information that is electronically transmitted or electronically stored.
If we are unable to properly protect the privacy and security of health information entrusted to us, we could be found to have breached our contracts with our customers. Further, if we fail to comply with the Privacy Standards and Security Standards while acting as a Covered Entity or Business Associate, we could face civil and criminal penalties. ARRA significantly increased the amount of the civil penalties to up to $50,000 per violation for a maximum civil penalty of $1.5 million in a calendar year for violations of the same requirement. Recently, the U.S. Department of Health and Human Services Office for Civil Rights, which enforces the Security Standards and Privacy Standards, appears to have increased its enforcement activities. ARRA also strengthened the enforcement provisions of HIPAA, which may result in further increases in enforcement activity. ARRA also authorizes state attorneys general to bring civil actions seeking either injunctions or damages in response to violations of HIPAA privacy and security regulations that threaten the privacy of state residents. We have implemented and maintain policies and processes to assist us in complying with the Privacy Standards, the Security Standards and our contractual obligations.
Data Protection and Breaches.
In recent years, there have been a number of well-publicized data breaches involving the improper dissemination of personal information of individuals. Many states have responded to these incidents by enacting laws requiring holders of personal information to maintain safeguards and to take certain actions in response to a data breach, such as providing prompt notification of the breach to affected individuals. In many cases, these laws are limited to
electronic data, but states are increasingly enacting or considering stricter and broader requirements. Covered Entities must report breaches of unsecured protected health information to affected individuals without unreasonable delay, but not to exceed 60 days of discovery of the breach by a Covered Entity or its agents. Notification must also be made to HHS and, in certain circumstances involving large breaches, to the media. Business Associates must report breaches of unsecured protected health information to Covered Entities within 60 days of discovery of the breach by the Business Associate or its agents. The Federal Trade Commission, or FTC, has prosecuted some data breach cases as unfair and deceptive acts or practices under the Federal Trade Commission Act. Further, by regulation, the FTC requires creditors, which may include some of our customers, to implement identity theft prevention programs to detect, prevent and mitigate identity theft in connection with customer accounts. Although Congress passed legislation that restricts the definition of “creditor” and exempts many health providers from complying with this rule, we may be required to apply additional resources to our existing processes to assist our affected customers in complying with this rule. We have implemented and maintain physical, technical and administrative safeguards intended to protect all personal data and have processes in place to assist us in complying with all applicable laws and regulations regarding the protection of this data and properly responding to any security breaches or incidents.
Other Requirements.
In addition to HIPAA, numerous other U.S. state and federal laws govern the collection, dissemination, use, access to and confidentiality of individually identifiable health information and healthcare provider information. Some states also are considering new laws and regulations that further protect the confidentiality, privacy and security of medical records or other types of medical information. In many cases, these state laws are not preempted by the Privacy Standards and may be subject to interpretation by various courts and other governmental authorities. Further,
14
Congress and a number of states have considered or are considering prohibitions or limitations on the
disclosure of medical or other information to individuals or entities located outside of the United States.
HIPAA Administrative Simplification
HIPAA also mandated a package of interlocking administrative simplification rules to establish standards and requirements for the electronic transmission of certain healthcare claims and payment transactions. These regulations are intended to encourage electronic commerce in the healthcare industry and apply directly to Covered Entities. Some of our businesses, including our healthcare clearinghouse operations, are considered Covered Entities under HIPAA and its implementing regulations.
Transaction Standards.
The standard transaction regulations established under HIPAA, or Transaction Standards, mandate certain format and data content standards for the most common electronic healthcare transactions, using technical standards promulgated by recognized standards publishing organizations. These transactions include healthcare claims, enrollment, payment and eligibility. The Transaction Standards are applicable to that portion of our business involving the processing of healthcare transactions among payors, providers, patients and other healthcare industry constituents. Failure to comply with the Transaction Standards may subject us to civil and potentially criminal penalties and breach of contract claims. The Centers for Medicare and Medicaid Services, or CMS, is responsible for enforcing the Transaction Standards.
Payors who are unable to exchange data in the required standard formats can achieve Transaction Standards compliance by contracting with a clearinghouse to translate between standard and non-standard formats. As a result, use of a clearinghouse has allowed numerous payors to establish compliance with the Transaction Standards independently and at different times, reducing
transition costs and risks. In addition, the standardization of formats and data standards envisioned by the Transaction Standards has only partially occurred. However, PPACA requires HHS to establish operating rules to promote uniformity in the implementation of each standardized electronic transaction. PPACA sets forth a schedule with staggered deadlines for the development of and compliance with operating rules for the other standardized electronic transactions, with all operating rules finalized and requiring compliance by December 31, 2015. On June 30, 2011, HHS released an interim final rule that would require health plans, healthcare clearinghouses, and certain healthcare providers to implement operating rules for two electronic transactions, relating to whether a patient is eligible for healthcare coverage and the status of claims submitted to an insurer, by January 1, 2013. Under PPACA, payors and service contractors of payors, including, in some cases, us, will be required to certify compliance with these standards to HHS. The compliance date for the certification requirement depends on the type of transaction, with the earliest certification required by December 31, 2013. We cannot provide assurance regarding how the CMS will enforce the Transaction Standards. We continue to work with payors, healthcare information system vendors and other healthcare constituents to implement fully the Transaction Standards.
In January 2009, CMS published a final rule adopting updated standard code sets for diagnoses and procedures known as the ICD-10 code sets. A separate final rule also published by CMS in January 2009 resulted in changes to the formats to be used for electronic transactions, known as Version 5010. The use of Version 5010 became mandatory on January 1, 2012, but CMS delayed enforcement until July 1, 2012. The use of the ICD-10 code sets was originally required by October 1, 2013, but HHS extended this deadline twice, with a final implementation date of October 1, 2015. It is not known whether HHS will further the delay implementation of the ICD-10 code sets. We have modified our systems and processes to implement these changes.
Health Plan and Other Entity Identifiers.
HHS has promulgated regulations implementing the establishment of a unique health plan identifier, or HPID. Similar to a provider’s national provider identifier, the HPID provides an identification system for health plans to use for electronic transactions. HHS has also promulgated regulations implementing another entity identifier, or OEID, that serves as an identifier for entities that are not health plans, health care providers or individuals. These other entities, which include third-party administrators, transaction vendors, and clearinghouses, are not required to obtain an OEID, but they could obtain and use one if they needed to be identified in standardized transactions. The implementation of the enforcement of the HPID and OEID process has been indefinitely delayed by HHS, and if implemented its impact on our business is unclear at this time.
Financial Services Related Laws and Rules
Financial services and electronic payment processing services are subject to numerous laws, regulations and industry standards, some of which might impact our operations and subject us, our vendors and our customers to liability as a result of the payment distribution and processing solutions we offer. Although we do not act as a bank, we offer solutions that involve banks, or vendors who contract with banks and other regulated providers of financial services. As a result, we might be impacted by banking and financial services industry laws, regulations and industry standards, such as
15
licensing requirements, solvency standards, require
ments to maintain the privacy and security of nonpublic personal financial information and Federal Deposit Insurance Corporation deposit insurance
limits. In addition, our patient billing and payment distribution and processing solutions might be impacted
by payment card association operating rules, certification requirements and rules governing electronic funds transfers. If we fail to comply with applicable payment processing rules or requirements, we might be subject to fines and changes in transaction f
ees and may lose our ability to process credit and debit card transactions or facilitate other types of billing and payment solutions. Moreover, payment transactions processed using the Automated Clearing House Network, or ACH, are subject to network opera
ting rules promulgated by the National Automated Clearing House Association and to various federal laws regarding such operations, including laws pertaining to electronic funds transfers, and these rules and laws might impact our billing and payment soluti
ons. Further, our solutions might impact the ability of our payor customers to comply with state prompt payment laws. These laws require payors to pay healthcare claims meeting the statutory or regulatory definition of a “clean claim” within a specified ti
me frame.
Banking Regulation
The Goldman Sachs Group, affiliates of which owned approximately 20.5% of the voting and economic interest in our business as of December 31, 2016, is regulated as a bank holding company and a financial holding company under the Bank Holding Company Act of 1956, as amended, or the BHC Act. Due to the size of its voting and economic interest, we are deemed to be controlled by The Goldman Sachs Group and are therefore considered to be a non-bank “subsidiary” of The Goldman Sachs Group under the BHC Act. As a result, although we do not engage in banking operations, we are subject to regulation, supervision, examination and potential enforcement action by the Board of Governors of the Federal Reserve System, or the Federal Reserve, and to most banking laws, regulations and orders that apply to The Goldman Sachs Group. In addition, certain restrictions applicable to Goldman Sachs under the BHC Act apply to the Company as well, and we may be subject to regulatory oversight and examination because we are a technology service provider to regulated financial institutions. The bank regulatory framework is intended primarily to protect the safety and soundness of depository institutions, the federal deposit insurance system, and depositors rather than our stockholders. Because of The Goldman Sachs Group’s status as a bank holding company and a financial holding company, we have agreed to certain covenants for the benefit of The Goldman Sachs Group that are intended to facilitate its compliance with the BHC Act.
In addition, the Dodd-Frank Wall Street Reform and Consumer Protection Act, or Dodd-Frank Act, was signed into law by President Obama on July 21, 2010, including Title VI known as the “Volcker Rule”. US financial regulators approved final rules to implement the Volcker Rule in December 2013. The Volcker Rule, in relevant part, restricts banking entities from proprietary trading (subject to certain exemptions) and from acquiring or retaining any equity, partnership or other interests in, or sponsoring, a private equity fund, subject to satisfying certain conditions, and from engaging in certain transactions with funds. On February 3, 2017, President Trump signed an executive order entitled “Presidential Executive Order on Core Principles for Regulating the United States Financial System”. The executive order requires the Secretary of the Treasury to consult with the heads of the member agencies of the Financial Stability Oversight Council (including the Federal Reserve) and report to the president within 120 days of the date of the executive order on the extent to which existing laws, regulations, and other policies promote the core principles outlined in the order. The report must also identify any laws, regulations, and other policies that inhibit financial regulation in a manner consistent with the core principles. The extent to which this executive order may ultimately result in changes to financial services laws, regulations, and policies applicable to us is not currently known.
Under the current legislation, we will continue to be deemed to be controlled by The Goldman Sachs Group for purposes of the BHC Act and, therefore, we will continue to be subject to regulation by the Federal Reserve and to the BHC Act, as well as certain other banking laws, regulations and orders that apply to The Goldman Sachs Group. We will remain subject to this regulatory regime until The Goldman Sachs Group is no longer deemed to control us for bank regulatory purposes, which we do not generally have the ability to control and which will not occur until The Goldman Sachs Group has significantly reduced its voting and economic interest in us. We cannot predict the ownership level at which the Federal Reserve would consider us no longer controlled by The Goldman Sachs Group, but it could be less than 10%.
The Goldman Sachs Group and its subsidiaries, including Benefitfocus, generally may conduct only activities that are authorized for a bank holding company or a “financial holding company” under the BHC Act. The scope of services we may provide to our customers is limited under the BHC Act to those which are (i) financial in nature or incidental to financial activities (including data processing services such as those that we provide with our software solutions) or (ii) complementary to a financial activity and which do not pose a substantial risk to the safety and soundness of depository institutions or the financial system generally. We believe that our current and anticipated business activities are permitted under the BHC Act.
16
Any failure of The Goldman Sachs Group to maintain its status as a financial holding company could result in substantial limitations on our activities and our
growth. In particular, our permissible activities could be further restricted to only those that constitute banking or activities closely related to banking. The Goldman Sachs Group’s loss of its financial holding company status could be caused by several
factors, including any failure by The Goldman Sachs Group’s bank subsidiaries to remain sufficiently capitalized, by any examination downgrade of one of The Goldman Sachs Group’s bank subsidiaries, or by any failure of one of The Goldman Sachs Group’s ban
k subsidiaries to maintain a satisfactory rating under the Community Reinvestment Act. In addition, the Dodd-Frank Act broadened the requirements for maintaining financial holding company status by also requiring the holding company to remain “well capital
ized” and “well managed”. We have no ability to prevent such occurrences from happening.
The Federal Reserve has broad enforcement authority over us, including the power to prohibit us from conducting any activity that, in the Federal Reserve’s opinion, is unauthorized or constitutes an unsafe or unsound practice in conducting our business. The Federal Reserve may approve, deny or refuse to act upon applications or notices for The Goldman Sachs Group and its subsidiaries to conduct new activities, acquire or divest businesses or assets, or reconfigure existing operations. The Federal Reserve may also impose substantial fines and other penalties for violations of applicable banking laws, regulations and orders. The Dodd-Frank Act strengthened the Federal Reserve’s supervisory and enforcement authority over a bank holding company’s non-bank affiliates. We do not believe that any of our current or anticipated business activities will require Federal Reserve approval.
There are limits on the ability of The Goldman Sachs Group’s bank subsidiaries to extend credit to or conduct other transactions with us. In general, any loans to us from a bank subsidiary of The Goldman Sachs Group must be on market terms and secured by designated amounts of specified collateral and are limited to 10% of the lending bank’s capital stock and surplus. Statutory changes made by the Dodd-Frank Act place certain additional restrictions on transactions between us and The Goldman Sachs Group, which we do not expect to be material to us.
Geographic Areas
We operate solely in the United States. As such, we held substantially all our assets and generated all our revenue in the United States during the fiscal years ended December 31, 2016, 2015 and 2014.
Corporate Information
We were incorporated in June 2000 as Benefitfocus.com, Inc., a South Carolina corporation. In September 2013, we reincorporated in Delaware as Benefitfocus, Inc. Our principal executive offices are located at 100 Benefitfocus Way, Charleston, South Carolina 29492, and our phone number is (843) 849-7476. Our website address is www.benefitfocus.com. The information on, or that can be accessed through, our website is not part of this report. We currently employ approximately 1,430 associates.
Shawn A. Jenkins—Chief Executive Officer and Director
Shawn Jenkins, one of our founders, has been our Chief Executive Officer and a member of our board of directors since our founding in June 2000, and in addition to these roles, served as our President from June 2000 to March 2015. Prior to founding Benefitfocus, from 1995 to 2000, he served as Vice President with American Pensions, Inc., leading sales, operations, and technology. From 1994 to 1995, Mr. Jenkins was a program analyst with Rockwell Automation Inc. (NYSE:ROK). Mr. Jenkins serves on the Advisory Board for the School of Computing at Clemson University, Medical University of South Carolina Foundation Board of Directors, College of Charleston Board of Governors, and Charleston Southern University Board of Visitors. He previously served as Chairman of the Growing Forward Campaign for the Lowcountry Food Bank. Mr. Jenkins received an M.B.A. from Charleston Southern University and a B.A. from Geneva College in Beaver Falls, Pennsylvania.
Raymond August has served as our Chief Operating Officer since August 2014 and was promoted to the title of President and Chief Operating Officer in March 2015. Prior to joining Benefitfocus, Mr. August served as the General Manager of the Computer Sciences Corp., or CSC, Financial Services Group since October 2012. Prior to that, from March 2008 to September 2012, he served as CSC’s President of the Financial Services Group. Since July 2013 he has served as a member of the Executive Advisory council for Arthur Ventures Private Equity Fund. Mr. August earned a B.S. in Accounting and Management Science from the University of South Carolina and is a Certified Public Accountant.
Mason R. Holland, Jr.—Executive Chairman of the Board
Mason Holland, one of our founders, has been our Executive Chairman and a member of our board of directors since our founding in June 2000. Mr. Holland is responsible for the coordination of strategic partnerships with industry leaders and client relations. Mr. Holland founded American Pensions, Inc. in 1988, serving as its Chairman and President from 1988 to 2003. Mr. Holland’s other ventures have included establishing Holland Properties, LLC, a real estate development firm, in 1989, and acquiring Eclipse Aerospace, Inc., a jet aircraft manufacturer, in May 2009, for which he served as Chairman and Chief Executive Officer until its merger with Kestrel Aircraft in April 2015 to form ONE Aviation. Mr. Holland has served as Chairman of ONE Aviation since its formation. Mr. Holland attended Old Dominion University in Norfolk, Virginia.
Jeffrey M. Laborde—Chief Financial Officer, Treasurer, Assistant Secretary
Jeffrey Laborde began serving as our Chief Financial Officer in September 2016. He also serves as our Treasurer and Assistant Secretary. From June 2015 to July 2016, Mr. Laborde served as the Chief Financial Officer of Infor, Inc. From July 2012 to April 2015, he was the Chief Financial Officer of SumTotal Systems, LLC. Mr. Laborde served the Goldman, Sachs & Co. Technology, Media & Telecom Investment Banking Group as a Managing Director from December 2008 to June 2012 and as a Vice President in the same group from May 2006 to November 2008. Prior to that, Mr. Laborde was a Vice President in Credit Suisse First Boston Corporation’s Technology Investment Banking Group and an auditor for Arthur Andersen LLP in its Audit and Business Advisory – Enterprise Group. Mr. Laborde received his M.B.A. from The Wharton School at the University of Pennsylvania and his B.S. in Commerce, Business Administration and Accounting from Washington and Lee University.
James P. Restivo—Chief Technology Officer
James Restivo began serving as our Chief Technology Officer in January 2016. Prior to joining Benefitfocus, Mr. Restivo served as Vice President, Chief Technology Officer of Dodge Data & Analytics LLC beginning in February 2015. From December 2012 to September 2014, Mr. Restivo served as Vice President, Chief Technology Officer of Smarter Workforce at International Business Machines Corporation (“IBM”). Prior to that, beginning in October 2006, Mr. Restivo served as Chief Technology Officer of Kenexa Corporation where he managed global public Human Capital Management R&D, SaaS operations and information security before the company was purchased by IBM. Mr. Restivo received a B.S. in computer science, applied mathematics and statistics from Stony Brook University and an M.S. from the Massachusetts Institute of Technology in computer science.
As of December 31, 2016, we had approximately 1,430 full-time associates, or employees. None of our associates is represented by a labor union, and we consider our current relations with our associates to be good.
Item 1A. RIS
K FACTORS.
Investing in our common stock involves a high degree of risk. You should consider carefully the risks and uncertainties described below, together with all of the other information in this Annual Report on Form 10-K, including the consolidated financial statements and the related notes, before deciding to invest in shares of our common stock. If any of the following risks were to materialize, our business, financial condition, results of operations, and future growth prospects could be materially and adversely affected. In that event, the market price of our common stock could decline and you could lose part or all of your investment in our common stock.
Risks Related to Our Business
We have had a history of losses, and we might not be able to achieve or sustain profitability.
We experienced net losses of $ 40.1 million, $62.1 million, and $63.2 million for the years ended December 31, 2016, 2015, and 2014, respectively. We cannot predict if we will achieve sustained profitability in the near future or at all. We expect to make significant future expenditures to develop and expand our business. In addition, as a public company, we incur significant legal, accounting, and other expenses that we did not incur as a private company. These increased expenditures will make it harder for us to achieve and maintain future profitability. Our recent growth in revenue and number of customers might not be sustainable, and we might not achieve sufficient revenue to achieve or maintain profitability. We could incur significant losses in the future for a number of reasons, including the other risks described in this Annual Report on Form 10-K, and we may encounter unforeseen expenses, difficulties, complications and delays and other unknown events. Accordingly, we might not be able to achieve or maintain profitability and we may incur significant losses for the foreseeable future.
Our quarterly operating results have fluctuated in the past and might continue to fluctuate, causing the value of our common stock to decline substantially.
Our quarterly operating results might fluctuate due to a variety of factors, many of which are outside of our control. As a result, comparing our operating results on a period-to-period basis might not be meaningful. You should not rely on our past results as indicative of our future performance. Moreover, our stock price might be based on expectations of future performance that are unrealistic or that we might not meet and, if our revenue or operating results fall below the expectations of investors or securities analysts, the price of our common stock could decline substantially. For example, on July 29, 2016, the first trading day after we publically announced the resignation of our former Chief Financial Officer, our stock price dropped almost $1.50 per share, or 3.4%, to $43.00.
Our operating results have varied in the past. In addition to other risk factors listed in this section, some of the important factors that may cause fluctuations in our quarterly operating results include:
|
•
|
our ability to hire and retain qualified personnel, including the rate of expansion of our sales force;
|
|
•
|
the extent to which our products and services achieve or maintain market acceptance;
|
|
•
|
changes in the regulatory environment related to benefits and healthcare;
|
|
•
|
our ability to introduce new products and services and enhancements to our existing products and services on a timely basis;
|
|
•
|
new competitors and the introduction of enhanced products and services from competitors;
|
|
•
|
the financial condition of our current and potential customers;
|
|
•
|
changes in customer budgets and procurement policies;
|
|
•
|
the amount and timing of our investment in research and development activities;
|
|
•
|
technical difficulties with our products or interruptions in our services;
|
|
•
|
regulatory compliance costs;
|
19
|
•
|
the timing, size, and integration success of poten
tial future acquisitions; and
|
|
•
|
unforeseen legal expenses, including litigation and settlement costs.
|
In addition, a significant portion of our operating expense is relatively fixed in nature, and planned expenditures are based in part on expectations regarding future revenue. Accordingly, unexpected revenue shortfalls might decrease our gross margins and could cause significant changes in our operating results from quarter to quarter. If this occurs, the trading price of our common stock could fall substantially, either suddenly or over time.
Because we recognize revenue and expense relating to monthly subscriptions and professional services over varying periods, downturns or upturns in sales are not immediately reflected in full in our operating results.
As a SaaS company, we recognize our subscription revenue monthly for the term of our contracts and recognize the majority of our professional services revenue ratably over the longer of the contract term or the estimated expected life of the customer relationship. As a result, a portion of the revenue we report each quarter is the recognition of deferred revenue from contracts we entered into during previous quarters. Consequently, a shortfall in demand for our software solutions and professional services or a decline in new or renewed contracts in any one quarter might not significantly reduce our revenue for that quarter, but could negatively affect our revenue in future quarters. Accordingly, the effect of significant downturns in new or renewed sales of our products and services is not reflected in full in our results of operations until future periods. Our revenue recognition model also makes it difficult for us to rapidly increase our revenue through additional sales in any period, because revenue from new customers must be recognized over the applicable term of the contracts or the estimated expected life of the customer relationship period. In addition, we recognize professional services expenses as incurred, which could cause professional services gross margin to be negative.
As a result of our variable sales and implementation cycles, we might not be able to recognize revenue to offset expenditures, which could result in fluctuations in our quarterly results of operations or otherwise harm our future operating results.
The sales cycle for our products and services can be variable, averaging four months in our employer market segment and 15 months in our carrier market segment, each from initial contact to contract execution. During the sales cycle, we expend time and resources, and we do not recognize any revenue to offset such expenditures.
After a customer contract is signed, we provide an implementation process for the customer during which we establish and test appropriate integrations, connections and registrations, load data into our system, and train customer personnel. Our implementation cycle is also variable, typically ranging from four to five months for employer implementations and from eight to 10 months for complex carrier implementations, each from contract execution to completion of implementation. Some of our new customer projects are complex and require a lengthy set-up period and significant implementation work. During the implementation cycle, we expend substantial time, effort, and financial resources implementing our products and services, but accounting principles do not allow us to recognize the resulting revenue until implementation is complete and the services are available for use, at which time we begin recognition of implementation revenue over the longer of the life of the contract or the expected life of the customer relationship. Each customer’s situation is different, and unanticipated difficulties and delays might arise as a result of failure by us or by the customer to complete our respective responsibilities. If implementation periods are extended, revenue recognition could be delayed and our financial condition might be adversely affected. In addition, cancellation of any implementation after it has begun might result in lost time, effort, and expenses invested in the cancelled implementation process and lost opportunity for implementing paying clients in that same period of time.
These factors might contribute to continuing losses and substantial fluctuations in our quarterly operating results. As a result, in future quarters, our operating results could fall below the expectations of securities analysts or investors, in which event our stock price would likely decline.
Changes in, or interpretations of, existing accounting principles, including regarding revenue recognition and accounting for leases, and their implementation could have an adverse impact on our reported financial results.
We prepare our financial statements in accordance with U.S. GAAP. These rules are subject to interpretation by the SEC and various bodies formed to interpret and create appropriate accounting principles. Changes in these rules or their interpretation could have a negative impact on our reported financial results and may retroactively affect previously reported transactions. For example, in May 2014, the Financial Accounting Standards Board, or FASB, issued an
20
accounting standards update on revenue recognition, which supersedes nearly al
l existing revenue recognition guidance under U.S. GAAP. The new standard will be effective for us beginning January 1, 2018. While we are continuing to assess all potential impacts of the standard, it has initially identified certain areas that might be
more significantly affected, including the timing of revenue recognition for professional services and accounting for sales commissions. In addition, in February 2016, FASB issued an accounting standards update on leases, requiring lessees, among other t
hings, to recognize lease assets and lease liabilities on the balance sheet for those leases classified as operating leases under previous authoritative guidance. This update, which will be effective beginning January 1, 2019 with early adoption permitted,
also introduces new disclosure requirements for leasing arrangements. We are currently evaluating the impact of this update on the consolidated financial statements, which could be material, given our related party leases. Implementation of these new stan
dards, and any future accounting pronouncements, implementation guidelines or interpretations, could have an adverse impact on our reported financial results, require that we make significant changes to our systems, processes and controls, or the way we co
nduct our business.
We depend on our senior management team, and the loss of one or more key associates or an inability to attract and retain highly skilled associates could adversely affect our business.
Our success depends largely upon the continued services of our key executive officers and other associates. We also rely on our leadership team in the areas of research and development, marketing, services, finance, and general and administrative functions, and on mission-critical individual contributors in sales and research and development. From time to time, there may be changes in our executive management team resulting from the hiring or departure of executives, which could disrupt our business. For example, in 2015 three of our executive officers announced they were leaving the Company or transitioned into different roles, and in 2016 we hired a new Chief Technology Officer, a new Chief Financial Officer who subsequently resigned for family reasons, and his replacement. The loss of one or more of our executive officers or key associates could have a serious adverse effect on our business.
To continue to execute our growth strategy, we also must attract and retain highly skilled personnel. Competition is intense for sales people and for engineers with high levels of experience in designing and developing software and Internet-related services. We might not be successful in maintaining our unique culture and continuing to attract and retain qualified personnel. We have from time to time in the past experienced, and we expect to continue to experience in the future, difficulty in hiring and retaining highly skilled personnel with appropriate qualifications. The pool of qualified personnel with SaaS experience and/or experience working with the benefits market is limited overall and specifically in Charleston, South Carolina, where our principal office is located. In addition, many of the companies with which we compete for experienced personnel have greater resources than we have and are located in geographic areas, like Silicon Valley, that may attract more qualified technology workers.
In addition, in making employment decisions, particularly in the Internet and high-technology industries, job candidates often consider the value of the equity awards they are to receive in connection with their employment. Volatility in the price of our stock might, therefore, adversely affect our ability to attract or retain highly skilled personnel. Furthermore, the requirement to expense certain stock awards might discourage us from granting the size or type of stock awards that job candidates require to join our company. If we fail to attract new personnel or fail to retain and motivate our current personnel, our business and future growth prospects could be severely harmed.
We operate in a highly competitive industry, and if we are not able to compete effectively, our business and operating results will be harmed.
The benefits management software market is highly competitive and is likely to attract increased competition, which could make it hard for us to succeed. Small, specialized providers continue to become more sophisticated and effective. In addition, large, well-financed, and technologically sophisticated software companies might focus more on our market. The size and financial strength of these entities is increasing as a result of continued consolidation in both the IT and healthcare industries. We expect large integrated software companies to become more active in our market, both through acquisitions and internal investment. In addition, insurance carriers may seek to bring certain of their benefits software solutions in-house, whether through acquisitions or internal investment. For example, Aetna, a customer of ours, owns bswift, a provider of insurance exchange technology solutions and benefits administration technology solutions and services. If Aetna were to decide to use bswift’s solution in place of any portion of the solutions we currently provide to them, then our business and operating results could be materially and adversely affected. As costs fall and technology improves, increased market saturation might change the competitive landscape in favor of our competitors.
Some of our current large competitors have greater name recognition, longer operating histories, and significantly greater resources than we do. As a result, our competitors might be able to respond more quickly and effectively than we can to new or changing opportunities, technologies, standards, or customer requirements. In addition, current and
21
potential competitors have established, and might in the future establish, cooperative relationships with vendors of complementary products, technologies, or services to increase the availability of their products in the marketplace. Accordin
gly, new competitors or alliances might emerge that have greater market share, a larger customer base, more widely adopted proprietary technologies, greater marketing expertise, greater financial resources, and larger sales forces than we have, which could
put us at a competitive disadvantage. Further, in light of these advantages, even if our products and services are more effective than those of our competitors, current or potential customers might accept competitive offerings in lieu of purchasing our of
ferings. Increased competition is likely to result in pricing pressures, which could negatively impact our sales, profitability, or market share. In addition to new niche vendors, who offer standalone products and services, we face competition from existin
g enterprise vendors, including those currently focused on software solutions that have information systems in place with potential customers in our target market. These existing enterprise vendors might promise products or services that offer ease of inte
gration with existing systems and which leverage existing vendor relationships. In addition, large insurance carriers often have internal technology staffs and proprietary software for benefits management, making them less likely to buy our solutions.
The market for our products and services is immature and volatile, and if it does not develop or if it develops more slowly than we expect, the growth of our business will be harmed.
The cloud-based benefits management software market is relatively new and unproven, and it is uncertain whether it will achieve and sustain high levels of demand and market acceptance. Our success will depend to a substantial extent on the willingness of employers, carriers, and consumers to increase their use of benefits management software. Many employers and carriers have invested substantial personnel and financial resources to integrate internally developed solutions or traditional enterprise software into their businesses for benefits management, and therefore might be reluctant or unwilling to migrate to our cloud-based solutions. Furthermore, some businesses might be reluctant to use cloud-based solutions because they have concerns about the security of their data and the reliability of the technology delivery model associated with these solutions. If employers, carriers and consumers do not perceive the benefits of our solutions, then our market might not develop at all, or it might develop more slowly than we expect, either of which could significantly adversely affect our operating results. In addition, we might make errors in predicting and reacting to relevant business trends, which could harm our business. If any of these risks occur, it could materially adversely affect our business, financial condition or results of operations.
The SaaS pricing model is evolving and our failure to manage its evolution and demand could lead to lower than expected revenue and profit.
We derive most of our revenue growth from subscription offerings and, specifically, SaaS offerings. This business model depends heavily on achieving economies of scale because the initial upfront investment is costly and the associated revenue is recognized on a ratable basis. If we fail to achieve appropriate economies of scale or if we fail to manage or anticipate the evolution and demand of the SaaS pricing model, then our business and operating results could be adversely affected.
If we do not continue to innovate and provide products and services that are useful to consumers, employers, insurance carriers, and brokers and provide high quality support services, we might not remain competitive, and our revenue and operating results could suffer.
Our success depends in part on providing products and services that consumers, employers, insurance carriers, and brokers will use to manage benefits. We must continue to invest significant resources in research and development in order to enhance our existing products and services and introduce new high quality products and services that customers will want. If we are unable to predict user preferences or industry changes, or if we are unable to modify our products and services on a timely basis, we might lose customers. Our operating results would also suffer if our innovations are not responsive to the needs of our customers, are not appropriately timed with market opportunity, or are not effectively brought to market. As technology continues to develop, our competitors might be able to offer results that are, or that are perceived to be, substantially similar to or better than those generated by us. This would force us to compete on additional product and service attributes and to expend significant resources in order to remain competitive.
In addition, we may experience difficulties with software development, industry standards, design, or marketing that could delay or prevent our development, introduction, or implementation of new solutions and enhancements. The introduction of new solutions by competitors, the emergence of new industry standards, or the development of entirely new technologies to replace existing offerings could render our existing or future solutions obsolete.
Our success also depends on providing high quality support services to resolve any issues related to our products and services. High quality education and customer support is important for the successful marketing and sale of our products and services and for the renewal of existing customers. If we do not help our customers quickly resolve issues
22
and provide effective ongoing support, our
ability to sell additional products and services to existing customers would suffer and our reputation with existing or potential customers would be harmed.
If we are unable to retain our existing customers, our revenue and results of operations would be adversely affected.
We sell our products and services pursuant to agreements that are generally one year for employers and three to five years for carriers. While our employer contracts generally automatically renew on an annual basis, our carrier customers have no obligation to renew their contracts after their contract period expires, and these contracts might not be renewed on the same or on more profitable terms if at all. Additionally, some of our carrier customers are able to terminate their respective contracts without cause or for convenience, although generally our carrier contracts are only cancellable by the carrier in an instance of our uncured breach. As a result, our ability to grow depends in part on the continuance and renewal of our carrier contracts. We may not be able to accurately predict future trends in customer renewals, and our customers’ renewal rates may decline or fluctuate because of several factors, including their level of satisfaction or dissatisfaction with our services, the cost of our services, the cost of services offered by our competitors, or reductions in our customers’ spending levels. If our carrier customers terminate or do not renew their contracts for our services, renew on less favorable terms, or do not purchase additional functionality or products, our revenue may grow more slowly than expected or decline, and our profitability and gross margins may be harmed.
A significant amount of our revenue is derived from our largest customers, and any reduction in revenue from any of these customers would reduce our revenue and net income.
Our ten largest customers by revenue accounted for approximately 42.9%, 42.4% and 40.4% of our consolidated revenue in each of 2016, 2015 and 2014, respectively. Our largest customer by revenue accounted for approximately 11.4% and 8.5% of our revenue in each of 2016 and 2015, respectively. In addition, one customer represented 14.0% of our accounts receivable at December 31, 2016 and another represented 12.8% and 22.2% at December 31, 2016 and 2015, respectively. If any of our large customers or strategic partners decides not to renew its contracts with us, or to renew on less favorable terms, our business, revenues, reputation, and our ability to obtain new customers could be materially and adversely affected.
Our growth depends in part on the success of our strategic relationships with third parties.
In order to grow our business, we anticipate that we will continue to depend on our relationships with third parties, including Mercer LLC, or Mercer, and its affiliates, SAP SE, and others such as technology and content providers, and third party system integrators. Identifying partners, and negotiating and documenting relationships with them, requires significant time and resources. Our expanded relationship with and February 2015 sale of stock to Mercer increases our reliance on it and related risks, including Mercer’s competitors being less likely to do business with us. Our competitors might be effective in providing incentives to third parties to favor their products or services or to prevent or reduce subscriptions to our products and services. In addition, acquisitions of our partners by our competitors could result in a decrease in the number of our current and potential customers, as our partners may no longer facilitate the adoption of our applications by potential customers. If we are unsuccessful in establishing or maintaining our relationships with third parties, our ability to compete in the marketplace or to grow our revenue could be impaired and our operating results may suffer. Even if we are successful, we cannot assure you that these relationships will result in increased customer use of our applications or increased revenue.
If the number of individuals covered by our employer and carrier customers decreases or the number of products or services to which our employer and carrier customers subscribe decreases, our revenue will decrease.
Under most of our customer contracts, we base our fees on the number of individuals to whom our customers provide benefits and the number of products or services subscribed to by our customers. Many factors may lead to a decrease in the number of individuals covered by our customers and the number of products or services subscribed to by our customers, including:
|
•
|
failure of our customers to adopt or maintain effective business practices;
|
|
•
|
changes in the nature or operations of our customers;
|
|
•
|
government regulations; and
|
|
•
|
increased competition or other changes in the benefits marketplace.
|
23
If the number of individuals covered by our customers or the number of products or services subscribed to by our customers decreases for any reason, our revenue will likely de
crease.
Failure to manage our rapid growth effectively could increase our expenses, decrease our revenue, and prevent us from implementing our business strategy.
We have been experiencing a period of rapid growth, which puts strain on our business. To manage this and our anticipated future growth effectively, we must continue to maintain and enhance our IT infrastructure, financial and accounting systems, and controls. We also must attract, train, and retain a significant number of qualified sales and marketing personnel, customer support personnel, professional services personnel, software engineers, technical personnel, and management personnel. Failure to effectively manage our rapid growth could lead us to over-invest or under-invest in development and operations, result in weaknesses in our infrastructure, systems, or controls, give rise to operational mistakes, losses, loss of productivity or business opportunities, and result in loss of employees and reduced productivity of remaining employees. Our growth could require significant capital expenditures and might divert financial resources from other projects such as the development of new products and services. If our management is unable to effectively manage our growth, our expenses might increase more than expected, our revenue could decline or might grow more slowly than expected, and we might be unable to implement our business strategy. The quality of our products and services might suffer, which could negatively affect our reputation and harm our ability to retain and attract customers.
Economic uncertainties or downturns in the general economy or the industries in which our customers operate could disproportionately affect the demand for our solutions and negatively impact our results of operations.
General worldwide economic conditions have experienced significant downturns in the past, and market volatility and uncertainty remain widespread, including as a result of the U.S. presidential administration change. All of this makes it extremely difficult for our customers and us to accurately forecast and plan future business activities. In addition, these conditions could cause our customers or prospective customers to decrease headcount, benefits, or HR budgets, which could decrease corporate spending on our products and services, resulting in delayed and lengthened sales cycles, a decrease in new customer acquisition, and/or loss of customers. Furthermore, during challenging economic times, our customers may have difficulty gaining timely access to sufficient credit or obtaining credit on reasonable terms, which could impair their ability to make timely payments to us and adversely affect our revenue. If that were to occur, our financial results could be harmed. Further, challenging economic conditions might impair the ability of our customers to pay for the products and services they already have purchased from us and, as a result, our write-offs of accounts receivable could increase. We cannot predict the timing, strength, or duration of any economic slowdown or recovery. If the condition of the general economy or markets in which we operate worsens, our business could be harmed.
If we fail to maintain awareness of our brand cost-effectively, our business might suffer.
We believe that maintaining awareness of our brand in a cost-effective manner is critical to continuing the widespread acceptance of our existing solutions and is an important element in attracting new customers. Furthermore, we believe that the importance of brand recognition will increase as competition in our market increases. Successful promotion of our brand will depend largely on the effectiveness of our marketing efforts and on our ability to provide reliable and useful services at competitive prices. Our efforts to build, maintain and market changes to our brand nationally have involved significant expenses. Brand promotion activities may not yield increased revenue, and even if they do, any increased revenue may not offset the expenses we incur in maintaining our brand. If we fail to successfully maintain our brand, or incur substantial expenses in an unsuccessful attempt to maintain our brand, we may fail to attract enough new customers or retain our existing customers to the extent necessary to realize a sufficient return on our brand-building efforts, and our business could suffer.
If we are required to collect sales and use taxes in additional jurisdictions, we might be subject to liability for past sales and our future sales may decrease.
We might lose sales or incur significant expenses if states successfully impose broader guidelines on state sales and use taxes. A successful assertion by one or more states requiring us to collect sales or other taxes on the licensing of our software or sale of our services could result in substantial tax liabilities for past transactions and otherwise harm our business. For example, New York recently completed a tax audit of our Company and while we settled for amounts within our sales tax reserve, other states might audit us in the future. Each state has different rules and regulations governing sales and use taxes, and these rules and regulations are subject to varying interpretations that change over time. We review these rules and regulations periodically and, when we believe we are subject to sales and use taxes in a particular state, voluntarily engage state tax authorities in order to determine how to comply with their rules and regulations. We
24
cannot assure you that we will not be subject to sales a
nd use taxes or related penalties for past sales in states where we currently believe no such taxes are required.
Vendors of services, like us, are typically held responsible by taxing authorities for the collection and payment of any applicable sales and similar taxes. If one or more taxing authorities determines that taxes should have, but have not, been paid with respect to our services, we might be liable for past taxes in addition to taxes going forward. Liability for past taxes might also include substantial interest and penalty charges. Our customer contracts typically provide that our customers must pay all applicable sales and similar taxes. Nevertheless, our customers might be reluctant to pay back taxes and might refuse responsibility for interest or penalties associated with those taxes. If we are required to collect and pay back taxes and the associated interest and penalties, and if our clients fail or refuse to reimburse us for all or a portion of these amounts, we will incur unplanned expenses that may be substantial. Moreover, imposition of such taxes on us going forward will effectively increase the cost of our software and services to our customers and might adversely affect our ability to retain existing customers or to gain new customers in the areas in which such taxes are imposed.
We might not be able to utilize a significant portion of our net operating loss or other tax credit carryforwards, which could adversely affect our profitability.
As of December 31, 2016, we had federal and state net operating loss carryforwards due to prior period losses, which if not utilized will begin to expire in 2022 for federal and state purposes. We also have South Carolina jobs tax credit and headquarters tax credit carryforwards, which if not utilized will begin to expire in 2020. These tax credit carryforwards could expire unused and be unavailable to offset future income tax liabilities, which could adversely affect our profitability.
In addition, under Section 382 of the Internal Revenue Code of 1986, as amended, or the Code, our ability to utilize net operating loss carryforwards or other tax attributes in any taxable year may be limited if we experience an “ownership change”. A Section 382 “ownership change” generally occurs if one or more stockholders or groups of stockholders who own at least 5% of our stock increase their ownership by more than 50 percentage points over their lowest ownership percentage within a rolling three-year period. Similar rules might apply under state tax laws. Future issuances of our stock could cause an “ownership change”. It is possible that an ownership change, or any future ownership change, could have a material effect on the use of our net operating loss carryforwards or other tax attributes, which could adversely affect our profitability.
We might be unable to adequately protect, and we might incur significant costs in enforcing, our intellectual property and other proprietary rights.
Our success depends in part on our ability to enforce our intellectual property and other proprietary rights. We rely on a combination of trademark, trade secret, copyright, patent, and unfair competition laws, as well as license and access agreements and other contractual provisions, to protect our intellectual property and other proprietary rights. In addition, we attempt to protect our intellectual property and proprietary information by requiring employees and consultants to enter into confidentiality, noncompetition, and assignment of inventions agreements. Our attempts to protect our intellectual property might be challenged by others or invalidated through administrative process or litigation. While we have five U.S., two Chinese, two Japanese and one Australian, Taiwanese, and Hong Kong patents granted and a number of applications pending, we might not be able to obtain meaningful patent protection for our software. In addition, if any patents are issued in the future, they might not provide us with any competitive advantages, or might be successfully challenged by third parties. Agreement terms that address non-competition are difficult to enforce in many jurisdictions and might not be enforceable in certain cases. To the extent that our intellectual property and other proprietary rights are not adequately protected, third parties might gain access to our proprietary information, develop and market products or services similar to ours, or use trademarks similar to ours, each of which could materially harm our business. Existing U.S. federal and state intellectual property laws offer only limited protection. Moreover, the laws of other countries in which we might in the future conduct operations or contract for services might afford little or no effective protection of our intellectual property. The failure to adequately protect our intellectual property and other proprietary rights could materially harm our business.
In addition, if we resort to legal proceedings to enforce our intellectual property rights or to determine the validity and scope of the intellectual property or other proprietary rights of others, the proceedings could be burdensome and expensive, even if we were to prevail. Any litigation that is necessary in the future could result in substantial costs and diversion of resources and could have a material adverse effect on our business, operating results or financial condition.
25
We might be sued by third parties for alleged infringement of their proprietary rights.
The software and Internet industries are characterized by the existence of a large number of patents, trademarks, and copyrights and by frequent litigation based on allegations of infringement or other violations of intellectual property rights. We have received in the past, and might receive in the future, communications from third parties claiming that we have infringed the intellectual property rights of others. Our technologies might not be able to withstand any third-party claims or rights against their use. Any intellectual property claims, with or without merit, could be time-consuming and expensive to resolve, divert management attention from executing our business plan, and require us to pay monetary damages or enter into royalty or licensing agreements. In addition, many of our contracts contain warranties with respect to intellectual property rights, and most require us to indemnify our clients for third-party intellectual property infringement claims, which would increase the cost to us of an adverse ruling on such a claim.
Moreover, any settlement or adverse judgment resulting from such a claim could require us to pay substantial amounts of money or obtain a license to continue to use the software or information that is the subject of the claim, or otherwise restrict or prohibit our use of it. We might not be able to obtain a license on commercially reasonable terms, if at all, from third parties asserting an infringement claim; we might not be able to develop alternative technology on a timely basis, if at all; and we might not be able to obtain a license to use a suitable alternative technology to permit us to continue offering, and our clients to continue using, our affected services. Accordingly, an adverse determination could prevent us from offering our services to others.
Failure to adequately expand our direct sales force will impede our growth.
We believe that our future growth will depend on the development of our direct sales force and its ability to obtain new customers and to manage our existing customer base. Identifying and recruiting qualified personnel and training them in the use of our software requires significant time, expense, and attention. It can take six months or longer before a new sales representative is fully trained and productive. Our business may be adversely affected if our efforts to expand and train our direct sales force do not generate a corresponding increase in revenues. For example, reduction of our salesforce in 2016 negatively impacted sales, and as a result, revenue going forward. In particular, if we are unable to hire and develop sufficient numbers of productive direct sales personnel or if new direct sales personnel are unable to achieve desired productivity levels in a reasonable period of time, sales of our products and services will suffer and our growth will be impeded.
We might require additional capital to support business growth.
We intend to continue to make investments to support our business growth and might require additional funds to respond to business challenges or opportunities, including the need to develop new products and services or enhance our existing services, enhance our operating infrastructure, and acquire complementary businesses and technologies. Accordingly, we might need to engage in equity or debt financings to secure additional funds. If we raise additional funds through further issuances of equity or convertible debt securities, our existing stockholders could suffer significant dilution, and any new equity securities we issue could have rights, preferences and privileges superior to those of holders of our common stock. Any debt financing secured by us in the future could involve restrictive covenants relating to our capital-raising activities and other financial and operational matters, which might make it more difficult for us to obtain additional capital and to pursue business opportunities, including potential acquisitions. In addition, we might not be able to obtain additional financing on terms favorable to us, if at all. If we are unable to obtain adequate financing or financing on terms satisfactory to us when we require it, our ability to continue to support our business growth and to respond to business challenges could be significantly limited.
If we fail to meet our current credit facility’s financial covenants, our business and financial condition could be adversely affected.
Our current credit facility contains financial covenants, including covenants related to financial liquidity and EBITDA. If at any point we fail to comply with the financial covenants, the lenders can demand immediate repayment of our outstanding balance and deny future borrowings under the credit facility. This could have a negative impact on our liquidity, thereby reducing the availability of cash flow for other purposes and adversely affecting our business.
Any future litigation against us could be costly and time-consuming to defend.
We may become subject, from time to time, to legal proceedings and claims that arise in the ordinary course of business such as claims brought by our clients in connection with commercial disputes, employment claims made by our current or former associates, or purported securities class actions. Litigation might result in substantial costs and may divert management’s attention and resources, which might seriously harm our business, overall financial condition, and
26
operating results. Insurance might not cover such claims, might not provide sufficient payments to cover all the costs to resolve one or more such claims, and might not continue to be available on terms acceptable to us
. A claim brought against us that is uninsured or underinsured could result in unanticipated costs, thereby reducing our operating results and leading analysts or potential investors to reduce their expectations of our performance, which could reduce the t
rading price of our stock.
If we acquire companies or technologies in the future, they could prove difficult to integrate, disrupt our business, dilute stockholder value, and adversely affect our operating results and the value of our common stock.
As part of our business strategy, we might acquire, enter into joint ventures with, or make investments in complementary companies, services, and technologies in the future. For example, in 2010, we acquired the intellectual property assets of BeliefNetworks, Inc. We spent considerable time, effort, and money pursuing this company and successfully integrating it into our business. Acquisitions and investments involve numerous risks, including:
|
•
|
difficulties in identifying and acquiring products, technologies or businesses that will help our business;
|
|
•
|
difficulties in integrating operations, technologies, services and personnel;
|
|
•
|
diversion of financial and managerial resources from existing operations;
|
|
•
|
risk of entering new markets in which we have little to no experience; and
|
|
•
|
delays in customer purchases due to uncertainty and the inability to maintain relationships with customers of the acquired businesses.
|
If we fail to properly evaluate acquisitions or investments, we might not achieve the anticipated benefits of any such acquisitions, we might incur costs in excess of what we anticipate, and management resources and attention might be diverted from other necessary or valuable activities.
Future sales to customers outside the United States or with international operations might expose us to risks inherent in international sales which, if realized, could adversely affect our business.
An element of our growth strategy is to expand internationally. Operating in international markets requires significant resources and management attention and will subject us to regulatory, economic, and political risks that are different from those in the United States. Because of our limited experience with international operations, our international expansion efforts might not be successful in creating demand for our products and services outside of the United States or in effectively selling our solutions in the international markets we enter. In addition, we will face risks in doing business internationally that could adversely affect our business, including:
|
•
|
unstable regional political and economic conditions, such as those caused by the 2016 U.S. presidential election and subsequent administration change, or the 2016 vote by the U.K. to exit from the European Union;
|
|
•
|
the need to localize and adapt our solutions for specific countries, including translation into foreign languages and associated expenses;
|
|
•
|
data privacy laws which require that customer data be stored and processed in a designated territory;
|
|
•
|
difficulties in staffing and managing foreign operations;
|
|
•
|
different pricing environments, longer sales cycles and longer accounts receivable payment cycles and collections issues;
|
|
•
|
new and different sources of competition;
|
|
•
|
weaker protection for intellectual property and other legal rights than in the United States and practical difficulties in enforcing intellectual property and other rights outside of the United States;
|
|
•
|
laws and business practices favoring local competitors;
|
|
•
|
compliance challenges related to the complexity of multiple, conflicting and changing governmental laws and regulations, including employment, tax, privacy, and data protection laws and regulations;
|
|
•
|
increased financial accounting and reporting burdens and complexities;
|
27
|
•
|
restrictions on the transfer of funds; and
|
|
•
|
adverse tax consequences.
|
If we denominate our international contracts in local currencies, fluctuations in the value of the U.S. dollar and foreign currencies might impact our operating results when translated into U.S. dollars.
Risks Related to Our Products and Services Offerings
If our security measures are breached or fail, and unauthorized persons gain access to customers’ and consumers’ data, our products and services might be perceived as not being secure, customers and consumers might curtail or stop using our products and services, and we might incur significant liabilities.
Our products and services involve the storage and transmission of customers’ and consumers’ confidential information, which may include sensitive individually identifiable information that is subject to stringent legal and regulatory obligations. Because of the sensitivity of this information, security features of our software are very important. If our security measures are breached or fail and/or are bypassed as a result of third-party action, employee error, malfeasance, or otherwise, someone might be able to obtain unauthorized access to our customers’ confidential information and/or patient data. As a result, our reputation could be damaged, our business might suffer, information might be lost, and we could face damages for contract breach, penalties for violation of applicable laws or regulations, and significant costs for remediation and remediation efforts to prevent future occurrences.
In addition, we rely on various third parties, including employers’ HR departments, carriers, and other third-party service providers and consumers themselves, as users of our system for key activities to protect and promote the security of our systems and the data and information accessible within them, such as administration of enrollment, consumer status changes, claims, and billing. On occasion, people have failed to perform these activities. For example, employers sometimes have failed to terminate the login/password of former employees, or permitted current employees to share login/passwords. When we become aware of such breaches, we work with employers to terminate inappropriate access and provide additional instruction in order to avoid the reoccurrence of such problems. Although to date these breaches have not resulted in claims against us or in material harm to our business, failures to perform these activities might result in claims against us, which could expose us to significant expense, legal liability, and harm to our reputation, which might result in loss of business.
Because techniques used to obtain unauthorized access or to sabotage systems change frequently and generally are not recognized until launched against a target, we might not be able to anticipate these techniques or to implement adequate preventive measures. If an actual or perceived breach of our security occurs, the market perception of the effectiveness of our security measures could be harmed and we could lose sales and customers. Any significant violations of data privacy could result in the loss of business, litigation and regulatory investigations and penalties that could damage our reputation and adversely impact our results of operations and financial condition. In addition, our customers might authorize or enable third parties to access their information and data that is stored on our systems. Because we do not control such access, we cannot ensure the complete integrity or security of such data in our systems.
Failure by our customers to obtain proper permissions and waivers might result in claims against us or may limit or prevent our use of data, which could harm our business.
We require our customers to provide necessary notices and to obtain necessary permissions and waivers for use and disclosure of information on the Benefitfocus Platform, and we require contractual assurances from them that they have done so and will do so. If, however, despite these requirements and contractual obligations, our customers do not obtain necessary permissions and waivers, then our use and disclosure of information that we receive from them or on their behalf might be limited or prohibited by state or federal privacy laws or other laws. This could impair our functions, processes and databases that reflect, contain, or are based upon such data and might prevent use of such data. In addition, this could interfere with, or prevent creation or use of, rules, analyses, or other data-driven activities that benefit us and our business. Moreover, we might be subject to claims or liability for use or disclosure of information by reason of lack of valid notices, agreements, permissions or waivers. These claims or liabilities could subject us to unexpected costs and adversely affect our operating results.
28
Our proprietary software might not operate properly, w
hich could damage our reputation, give rise to claims against us, or divert application of our resources from other purposes, any of which could harm our business and operating results.
Proprietary software development is time-consuming, expensive, and complex. Unforeseen difficulties can arise. We might encounter technical obstacles, and it is possible that we discover problems that prevent our proprietary applications from operating properly. If they do not function reliably or fail to achieve customer expectations in terms of performance, customers could assert liability claims against us and/or attempt to cancel their contracts with us. This could damage our reputation and impair our ability to attract or maintain customers.
Moreover, benefits management software as complex as ours has in the past contained, and may in the future contain, or develop, undetected defects or errors. Material performance problems or defects in our products and services might arise in the future. Errors might result from the interface of our services with legacy systems and data, which we did not develop and the function of which is outside of our control. Defects or errors might arise in our existing or new software or service processes. Because changes in employer, carrier, and legal requirements and practices relating to benefits are frequent, we are continuously discovering defects and errors in our software and service processes compared against these requirements and practices. Undiscovered vulnerabilities could expose our software to unscrupulous third parties who develop and deploy software programs that could attack our software or result in unauthorized access to customer data. Defects and errors and any failure by us to identify and address them could result in loss of revenue or market share, liability to customers or others, failure to achieve market acceptance or expansion, diversion of development and other resources, injury to our reputation, and increased service and maintenance costs. Defects or errors in our product or service processes might discourage existing or potential customers from purchasing services from us. Correction of defects or errors could prove to be impossible or impracticable. The costs incurred in correcting any defects or errors or in responding to resulting claims or liability might be substantial and could adversely affect our operating results.
In addition, customers that rely on our products and services to collect, manage, and report benefits data might have a greater sensitivity to service errors and security vulnerabilities than customers of software products in general. We market and sell services that, among other things, provide information to assist care providers in tracking and treating ill patients. Any operational delay in or failure of our software service processes might result in the disruption of patient care and could cause harm to our business and operating results.
Our customers might assert claims against us in the future alleging that they suffered damages due to a defect, error, or other failure of our product or service processes. A product liability claim or errors or omissions claim could subject us to significant legal defense costs and adverse publicity regardless of the merits or eventual outcome of such a claim.
Various events could interrupt customers’ access to the Benefitfocus Platform, exposing us to significant costs.
The ability to access the Benefitfocus Platform is critical to our customers. Our operations and facilities are vulnerable to interruption and/or damage from a number of sources, many of which are beyond our control, including, without limitation: (i) power loss and telecommunications failures, (ii) fire, flood, hurricane, and other natural disasters, (iii) software and hardware errors, failures or crashes in our own systems or in other systems, (iv) computer viruses, denial-of-service attacks, hacking and similar disruptive problems in our own systems and in other systems, and (v) civil unrest, war, and/or terrorism. We have implemented various measures to protect against interruptions of customers’ access to our platform. If customers’ access is interrupted because of problems in the operation of our facilities, we could be exposed to significant claims by customers, particularly if the access interruption is associated with problems in the timely delivery of funds due to customers or medical information relevant to patient care. Our plans for disaster recovery and business continuity rely on third-party providers of related services. If those vendors fail us at a time when our systems are not operating correctly, we could incur a loss of revenue and liability for failure to fulfill our obligations. Any significant instances of system downtime could negatively affect our reputation and ability to retain customers and sell our services, which would adversely impact our revenue.
In addition, retention and availability of patient care and physician reimbursement data are subject to federal and state laws governing record retention, accuracy, and access. Some laws impose obligations on our customers and on us to produce information for third parties and to amend or expunge data at their direction. Our failure to meet these obligations might result in liability, which could increase our costs and reduce our operating results.
29
We rely on data center providers, Internet infrastructure, bandwidth providers, third-party computer hardware and software, other third parties, and our own systems for providing services to our customers, and any failure or int
erruption in the services provided by these third parties or our own systems could expose us to litigation and negatively impact our relationships with customers, adversely affecting our brand and our business.
We serve all our customers from two data centers, one located in Raleigh, North Carolina and the other located in Charlotte, North Carolina. While we control and have access to our servers, we do not control the operation of these facilities. The owners of our data center facilities have no obligation to renew their agreements with us on commercially reasonable terms, or at all. If we are unable to renew these agreements on commercially reasonable terms, or if one of our data center operators is acquired, we may be required to transfer our servers and other infrastructure to new data center facilities, and we may incur significant costs and possible service interruption in connection with doing so. Problems faced by our third-party data center locations, with the telecommunications network providers with whom we or they contract, or with the systems by which our telecommunications providers allocate capacity among their customers, including us, could adversely affect the experience of our customers. Our third-party data centers operators could decide to close their facilities without adequate notice. In addition, any financial difficulties, such as bankruptcy faced by our third-party data centers operators or any of the service providers with whom we or they contract may have negative effects on our business, the nature and extent of which are difficult to predict.
In addition, our ability to deliver our web-based services depends on the development and maintenance of the infrastructure of the Internet by third parties. This includes maintenance of a reliable network backbone with the necessary speed, data capacity, bandwidth capacity, and security. Our services are designed to operate without interruption in accordance with our service level commitments. However, we have experienced and expect that we will experience future interruptions and delays in services and availability from time to time. In the event of a catastrophic event with respect to one or more of our systems, we may experience an extended period of system unavailability, which could negatively impact our relationship with customers. To operate without interruption, both we and our service providers must guard against:
|
•
|
damage from fire, power loss, natural disasters and other force majeure events outside our control;
|
|
•
|
communications failures;
|
|
•
|
software and hardware errors, failures, and crashes;
|
|
•
|
security breaches, computer viruses, hacking, denial-of-service attacks, and similar disruptive problems; and
|
|
•
|
other potential interruptions.
|
We also rely on computer hardware purchased or leased and software licensed from third parties in order to offer our services, including software from Oracle Corporation and Microsoft Corporation, and routers and network equipment from Cisco, Dell and Hewlett-Packard Company. These licenses are generally commercially available on varying terms. However, it is possible that this hardware and software might not continue to be available on commercially reasonable terms, or at all. Any loss of the right to use any of this hardware or software could result in delays in the provisioning of our services until equivalent technology is either developed by us, or, if available, is identified, obtained and integrated.
We exercise limited control over third-party vendors, which increases our vulnerability to problems with technology and information services they provide. Interruptions in our network access and services might in connection with third-party technology and information services reduce our revenue, cause us to issue refunds to customers for prepaid and unused subscription services, subject us to potential liability, or adversely affect our renewal rates. Although we maintain insurance for our business, the coverage under our policies might not be adequate to compensate us for all losses that may occur. In addition, we might not be able to continue to obtain adequate insurance coverage at an acceptable cost, if at all.
The use of open source software in our products and solutions may expose us to additional risks and harm our intellectual property rights.
Some of our products and solutions use or incorporate software that is subject to one or more open source licenses. Open source software is typically freely accessible, usable, and modifiable. Certain open source software licenses require a user who intends to distribute the open source software as a component of the user’s software to disclose publicly part or all of the source code to the user’s software. In addition, certain open source software licenses require the user of such software to make any derivative works of the open source code available to others on potentially unfavorable terms or at no cost.
30
The terms of many open source licenses to which we are subject have not been interpreted by U.S. or foreign courts. Accordingly, there is a risk that those lic
enses could be construed in a manner that imposes unanticipated conditions or restrictions on our ability to commercialize our solutions. In that event, we could be required to seek licenses from third parties in order to continue offering our products or
solutions, to re-develop our products or solutions, to discontinue sales of our products or solutions, or to release our proprietary software code under the terms of an open source license, any of which could harm our business. Further, given the nature of
open source software, it may be more likely that third parties might assert copyright and other intellectual property infringement claims against us based on our use of these open source software programs.
While we monitor the use of all open source software in our products, solutions, processes, and technology and try to ensure that no open source software is used in such a way as to require us to disclose the source code to the related product or solution when we do not wish to do so, it is possible that such use may have inadvertently occurred in deploying our proprietary solutions. In addition, if a third-party software provider has incorporated certain types of open source software into software we license from such third party for our products and solutions without our knowledge, we could, under certain circumstances, be required to disclose the source code to our products and solutions. This could harm our intellectual property position and our business, results of operations, and financial condition.
Risks Related to Regulation
Government regulation of the areas in which we operate creates risks and challenges with respect to our compliance efforts and our business strategies.
The employee benefits industry is highly regulated and is subject to changing political, legislative, regulatory, and other influences. The outcome of the U.S. presidential and other elections in 2016 could have a significant impact on the regulatory environment in our industry. Existing and new laws and regulations affecting the employee benefits industry could create unexpected liabilities for us, cause us to incur additional costs and restrict our operations. These laws and regulations are complex and their application to specific services and relationships are not clear. In particular, many existing laws and regulations affecting employee benefits, when enacted, did not anticipate the services that we provide, and these laws and regulations might be applied to our services in ways that we do not anticipate. Our failure to accurately anticipate the application of these laws and regulations, or our failure to comply, could create liability for us, result in adverse publicity, and negatively affect our business. Some of the risks we face from the regulation of employee benefits are as follows:
|
•
|
PPACA. Governmental oversight punctuated with the passage of the Patient Protection and Affordable Care Act, or PPACA, has led to an increasingly intricate regulatory framework under which health benefits are obtained, delivered, accessed, and maintained. Although many of the provisions of PPACA do not directly apply to us, PPACA might affect the business of many of our customers. Carriers and large employers might experience changes in the numbers of individuals they insure as a result of Medicaid expansion and the creation of state and national exchanges under PPACA and state Medicaid expansion, and the number of states that have chosen to implement the Medicaid expansion or adopt state-specific exchanges remains in flux. Although we are unable to predict with any reasonable certainty or otherwise quantify the likely impact of PPACA on our business model, financial condition, or results of operations, changes in the business of our customers and the number of individuals they insure may negatively impact our business. Congress also has repeatedly but unsuccessfully attempted to repeal PPACA, and particularly after the presidential and Congressional elections of 2016, we are unable to predict the impact of any such pending or future attempts.
|
|
•
|
False or Fraudulent Claim Laws. There are numerous federal and state laws that forbid submission of false information or the failure to disclose information in connection with submission and payment of claims for reimbursement from the government. In some cases, these laws also forbid abuse of existing systems for such submission and payment. Although our business operations are generally not subject to these laws and regulations, any contract we have with a government entity requires us to comply with these laws and regulations. Any failure of our services to comply with these laws and regulations could result in substantial liability, including but not limited to criminal liability, could adversely affect demand for our services, and could force us to expend significant capital, research and development, and other resources to address the failure. Any determination by a court or regulatory agency that our services with government clients violate these laws and regulations could subject us to civil or criminal penalties, invalidate all or portions of some of our government client contracts, require us to change or terminate some portions of our business, require us to refund portions of our services fees, cause us to be disqualified from serving not only government clients but also all clients doing business with government payers, and have an adverse effect on our business.
|
|
•
|
HIPAA and Other Privacy and Security Requirements. There are numerous U.S. federal and state laws and regulations related to the privacy and security of personal health information. In particular, regulations
|
31
|
|
promulgated pursuant to the Health Insurance Portability and Accountability Act of 1996, or HIPAA, established privacy and security standards that limit the use and disclosu
re of individually identifiable health information, and require the implementation of administrative, physical, and technological safeguards to ensure the confidentiality, integrity, and availability of individually identifiable health information in elect
ronic form. Health plans, healthcare clearinghouses, and most providers are considered by the HIPAA regulations to be “Covered Entities”. With respect to our operations as a healthcare clearinghouse, we are directly subject to the privacy regulations estab
lished under HIPAA, or Privacy Standards, and the security regulations established under HIPAA, or Security Standards. In addition, our carrier customers, or payors, are considered to be Covered Entities and are required to enter into written agreements wi
th us, known as Business Associate Agreements, under which we are considered to be a “Business Associate” and that require us to safeguard individually identifiable health information and restrict how we may use and disclose such information. The American
Recovery and Reinvestment Act of 2009, or ARRA, and the HIPAA Omnibus Final Rules extended the direct application of certain provisions of the Privacy Standards and Security Standards to us when we are functioning as a Business Associate of our carrier cus
tomers. ARRA and the HIPAA Omnibus Final Rule also subject Business Associates to direct oversight and audit by the Department
of Health and Human Services.
|
Violations of the Privacy Standards and Security Standards might result in civil and criminal penalties, and ARRA increased the penalties for HIPAA violations and strengthened the enforcement provisions of HIPAA. For example, ARRA authorizes state attorneys general to bring civil actions seeking either injunctions or damages in response to violations of Privacy Standards and Security Standards that threaten the privacy of state residents. Moreover, the U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”) launched a formal HIPAA audit program. The audits are intended to assess compliance with HIPAA by both Covered Entities and Business Associates and will be conducted by OCR with assistance from a third party vendor. Issues identified during the audits may result in agency-imposed corrective action plans or civil monetary penalties.
We might not be able to adequately address the business risks created by HIPAA implementation and enforcement. Furthermore, we are unable to predict what changes to HIPAA or other laws or regulations might be made in the future or how those changes could affect our business or the costs of compliance.
Some payors and clearinghouses interpret HIPAA transaction requirements differently than we do. Where payors or clearinghouses require conformity with their interpretations as a condition of a successful transaction, we seek to comply with their interpretations.
In addition to the Privacy Standards and Security Standards, most states have enacted patient confidentiality laws that protect against the disclosure of confidential medical and/or health information, and many states have adopted or are considering further legislation in this area, including privacy safeguards, security standards, and data security breach notification requirements. Such state laws, if more stringent than HIPAA requirements, are not preempted by the federal requirements, and we are required to comply with them. Failure by us to comply with any state standards regarding patient privacy may subject us to penalties, including civil monetary penalties and, in some circumstances, criminal penalties. Such failure may injure our reputation and adversely affect our ability to retain customers and attract new customers.
|
•
|
Medicare and Medicaid Regulatory Requirements. We have contracts with insurance carriers who offer Medicare Managed Care (also known as Medicare Advantage or Medicare Part C) and Medicaid Managed Care benefits plans. We also have contracts with insurance carriers who offer Medicare prescription drug benefits (also known as Medicare Part D) plans. The activities of the Medicare plans are regulated by the Centers for Medicare & Medicaid Services, or CMS, the federal agency that provides oversight of the Medicare and Medicaid programs. The Medicaid Managed Care plans are regulated by both CMS and the individual states where the plans are offered. Some of the activities that we might perform, such as the enrollment of beneficiaries, may be subject to CMS and/or state regulation, and such regulations may force us to change the way we do business or otherwise restrict our ability to provide services to such plans. Moreover, the regulatory environment with respect to these programs has become, and will likely continue to become, increasingly complex.
|
|
•
|
Financial Services-Related Laws and Rules. Financial services and electronic payment processing services are subject to numerous laws, regulations and industry standards, some of which might impact our operations and subject us, our vendors, and our customers to liability as a result of the payment distribution and processing solutions we offer. Although we do not act as a bank, we offer solutions that involve banks, or vendors who contract with banks and other regulated providers of financial services. As a result, we might be impacted by banking and financial services industry laws, regulations, and industry standards, such as licensing requirements, solvency standards, requirements to maintain the privacy and security of nonpublic personal financial information, and Federal Deposit Insurance Corporation deposit insurance limits. In addition,
|
32
|
|
our patient billing and payment distribution and processing solutions might be impacted by payment card association operating rules, certification requirements, and rules governing electronic funds transfers. If we fail to comply with applicable pay
ment processing rules or requirements, we might be subject to fines and changes in transaction fees and may lose our ability to process credit and debit card transactions or facilitate other types of billing and payment solutions. Moreover, payment transac
tions processed using the Automated Clearing House are subject to network operating rules promulgated by the National Automated Clearing House Association and to various federal laws regarding such operations, including laws pertaining to electronic funds
transfers, and these rules and laws might impact our billing and payment solutions. Further, our solutions might impact the ability of our payor customers to comply with state prompt payment laws. These laws require payors to pay healthcare claims meeting
the statutory or regulatory definition of a “clean claim” within a specified time frame.
|
|
•
|
Insurance Broker Laws. Insurance laws in the United States are often complex, and states have broad authority to adopt regulations regarding brokerage activities. These regulations typically include the licensing of insurance brokers and agents and govern the handling and investment of client funds held in a fiduciary capacity. Although we believe our activities do not currently constitute the provision of insurance brokerage services, regulations may change from state to state, which could require us to comply with such expanded regulation.
|
|
•
|
ERISA. The Employee Retirement Income Security Act of 1974, as amended, or ERISA, regulates how employee benefits are provided to or through certain types of employer-sponsored health benefits plans. ERISA is a set of laws and regulations that is subject to periodic interpretation by the U.S. Department of Labor as well as the federal courts. In some circumstances, and under certain customer contracts, we might be deemed to have assumed duties that make us an ERISA fiduciary, and thus be required to carry out our operations in a manner that complies with ERISA in all material respects. We believe that our current operations do not render us subject to ERISA fiduciary obligations, and therefore that we are in material compliance with ERISA and that any such compliance does not currently have a material adverse effect on our operations. However, there can be no assurance that continuing ERISA compliance efforts or any future changes to ERISA will not have a material adverse effect on us.
|
|
•
|
Third-Party Administrator Laws. Numerous states in which we do business have adopted regulations governing entities engaged in third-party administrator, or TPA, activities. TPA regulations typically impose requirements regarding enrollment into benefits plans, claims processing and payments, and the handling of customer funds. Although we do not believe we are currently acting as a TPA, changes in state regulations could result in us being obligated to comply with such regulations, which might require us to obtain licenses to provide TPA services in such states.
|
We are subject to banking regulations that may limit our business activities.
The Goldman Sachs Group, affiliates of which owned approximately 20.5% of the voting and economic interest in our business at December 31, 2016, is regulated as a bank holding company and a financial holding company under the Bank Holding Company Act of 1956, as amended, or BHC Act. The BHC Act imposes regulations and requirements on The Goldman Sachs Group and on any company that is deemed to be controlled by The Goldman Sachs Group under the BHC Act and the regulations of the Board of Governors of the Federal Reserve System, or the Federal Reserve. Due to the size of its voting and economic interest, we are deemed to be controlled by The Goldman Sachs Group and are therefore considered to be a non-bank “subsidiary” of The Goldman Sachs Group under the BHC Act. We will remain subject to this regulatory regime until The Goldman Sachs Group is no longer deemed to control us for purposes of the BHC Act, which we do not generally have the ability to control and which will not occur until The Goldman Sachs Group has significantly reduced its voting and economic interest in us.
As a controlled non-bank subsidiary of The Goldman Sachs Group, we are restricted from engaging in activities that are not permissible under the BHC Act, or the rules and regulations promulgated thereunder. Permitted activities for a bank holding company or any controlled non-bank subsidiary generally include activities that the Federal Reserve has previously determined to be closely related to banking, financial in nature or incidental or complementary to financial activities, including data processing services such as those that we provide with our software solutions. Restrictions placed on The Goldman Sachs Group as a result of supervisory or enforcement actions under the BHC Act or otherwise may restrict us or our activities in certain circumstances, even if these actions are unrelated to our conduct or business. Further, as a result of being subject to regulation and supervision by the Federal Reserve, we may be required to obtain the prior approval of the Federal Reserve before engaging in certain new activities or businesses, whether organically or by acquisition. The Federal Reserve could exercise its power to restrict us from engaging in any activity that, in the Federal Reserve’s opinion, is unauthorized or constitutes an unsafe or unsound business practice. To the extent that
33
these regulations impose limitations on our business, we could be at a competitive disadvantage because some of our competitors are not subject to these limitati
ons.
Additionally, any failure of The Goldman Sachs Group to maintain its status as a financial holding company could result in further limitations on our activities and our growth. In particular, our permissible activities could be restricted to only those that constitute banking or activities closely related to banking. The Goldman Sachs Group’s loss of its financial holding company status could be caused by several factors, including any failure by The Goldman Sachs Group’s bank subsidiaries to remain sufficiently capitalized, by any examination downgrade of one of The Goldman Sachs Group’s bank subsidiaries, or by any failure of one of The Goldman Sachs Group’s bank subsidiaries to maintain a satisfactory rating under the Community Reinvestment Act. In addition, the Dodd-Frank Act broadened the requirements for maintaining financial holding company status by also requiring the holding company to remain “well capitalized” and “well managed”. We have no ability to prevent such occurrences from happening.
As a non-bank subsidiary of a bank holding company, we are subject to examination by the Federal Reserve and required to provide information and reports for use by the Federal Reserve under the BHC Act. In addition, we may be subject to regulatory oversight and examination because we are a technology service provider to regulated financial institutions. The Federal Reserve may also impose substantial fines and other penalties for violations of applicable banking laws, regulations and orders. Further, the Dodd-Frank Act, including Title VI thereunder known as the “Volcker Rule”, and related financial regulatory reform call for the issuance of numerous regulations designed to increase and strengthen the regulation of bank holding companies, including The Goldman Sachs Group and its affiliates. The Volker Rule, in relevant part, restricts banking entities from proprietary trading (subject to certain exemptions) and from acquiring or retaining any equity, partnership or other interests in, or sponsoring, a private equity fund, subject to satisfying certain conditions, and from engaging in certain transactions with funds.
We have agreed to certain covenants that are intended to facilitate The Goldman Sachs Group’s compliance with the BHC Act, but that may impose certain obligations on our company. In particular, The Goldman Sachs Group has rights to conduct audits on, and access certain information of, our company and certain rights to review the policies and procedures that we implement to comply with the laws and regulations that relate to our activities. In addition, we are obligated to provide The Goldman Sachs Group with notice of certain events and business activities and cooperate with The Goldman Sachs Group to mitigate potential adverse consequences resulting therefrom.
Potential regulatory requirements placed on our software, services, and content could impose increased costs on us, delay or prevent our introduction of new service types, and impair the function or value of our existing service types.
Our products and services are and are likely to continue to be subject to increasing regulatory requirements in a number of ways. As these requirements proliferate, we must change or adapt our products and services to comply. Changing regulatory requirements might render our services obsolete or might block us from accomplishing our work or from developing new services. This might in turn impose additional costs upon us to comply or to further develop our products and services. It might also make introduction of new product or service types more costly or more time-consuming than we currently anticipate. It might even prevent introduction by us of new products or services or cause the continuation of our existing products or services to become unprofitable or impossible.
Potential government subsidy of services similar to ours, or creation of a single payor system, might reduce customer demand.
Recently, entities including brokers and U.S. federal and state governments have offered to subsidize adoption of online benefits platforms or clearinghouses. In addition, federal regulations have been changed to permit such subsidy from additional sources subject to certain limitations. To the extent that we do not qualify or participate in such subsidy programs, demand for our services might be reduced, which may decrease our revenue. In addition, prior proposals regarding healthcare reform have included the concept of creation of a single payor for healthcare insurance. This kind of consolidation of critical benefits activity could negatively impact the demand for our services.
Our services present the potential for embezzlement, identity theft, or other similar illegal behavior by our associates with respect to third parties.
Among other things, certain services offered by us involve collecting payment information from individuals, and this frequently includes check and credit card information. Even though we do not handle direct payments, our services also involve the use and disclosure of personal and business information that could be used to impersonate third parties, commit identity theft, or otherwise gain access to their data or funds. If any of our associates take, convert, or misuse
34
such funds, documents, or data, we co
uld be liable for damages, and our business reputation could be damaged or destroyed. Moreover, if we fail to adequately prevent third parties from accessing personal and/or business information and using that information to commit identity theft, we might
face legal liabilities and other losses than can have a negative impact on our business.
Risks Related to Ownership of Our Common Stock
Our stock price may be volatile or may decline regardless of our operating performance, and you may not be able to resell your shares at or above the price at which you purchase it.
The stock market historically has experienced extreme price and volume fluctuations. As a result of this volatility, you might not be able to sell your common stock at or above the price at which you purchase it. The public market for our stock is new. From our IPO in September 2013 through December 31, 2016, the per share trading price of our common stock has been as high as $77.00 and as low as $19.58. It might continue to fluctuate significantly in response to various factors, some of which are beyond our control. These factors include:
|
•
|
our operating performance and the operating performance of similar companies;
|
|
•
|
the overall performance of the equity markets;
|
|
•
|
changes in laws or regulations relating to the sale of health insurance;
|
|
•
|
announcements by us or our competitors of acquisitions, business plans, or commercial relationships;
|
|
•
|
any major change in our management;
|
|
•
|
threatened or actual litigation;
|
|
•
|
publication of research reports or news stories about us, our competitors, or our industry, or positive or negative recommendations or withdrawal of research coverage by securities analysts;
|
|
•
|
large volumes of sales of our shares of common stock by existing stockholders; and
|
|
•
|
general political and economic conditions.
|
In addition, the stock market in general, and the market for Internet-related companies in particular, has experienced extreme price and volume fluctuations that have often been unrelated or disproportionate to the operating performance of those companies. These fluctuations might be even more pronounced in the relatively new trading market for our stock. Additionally, securities class action litigation has often been instituted against companies following periods of volatility in the overall market and in the market price of a company’s securities. This litigation, if instituted against us, could result in substantial costs, divert our management’s attention and resources, and harm our business, operating results, and financial condition.
We do not currently intend to pay dividends on our common stock and, consequently, your ability to achieve a return on your investment will depend on appreciation in the price of our common stock.
We have never declared or paid any cash dividends on our common stock and do not currently intend to do so for the foreseeable future. We currently intend to invest our future earnings, if any, to fund our growth. Therefore, you are not likely to receive any dividends on your common stock for the foreseeable future, and the success of an investment in shares of our common stock will depend upon future appreciation in its value, if any. There is no guarantee that shares of our common stock will appreciate in value or even maintain the price at which our stockholders purchased their shares.
Our stock price could decline due to the large number of outstanding shares of our common stock eligible for future sale.
Sales of a substantial number of shares of our common stock in the public market or the market perception that the holder or holders of a large number of shares intend to sell shares, could reduce the market price of our common stock. These sales could make it more difficult for us to sell equity or equity related securities in the future at a time and price that we deem appropriate.
As of December 31, 2016, we had an aggregate of 30,429,014 shares of common stock outstanding. As of December 31, 2016, there also were outstanding options, restricted stock units and warrants to purchase 2,779,147 shares of our common stock that, if exercised or vested, as applicable, will result in these additional shares becoming available for sale subject in some cases to Rule 144.
35
On November 12, 2013 and June 7, 2016, we also registered an aggregate of 6,399,766 shares of
our common stock that we may issue or sell under our stock plans, including the Benefitfocus, Inc. 2016 Employee Stock Purchase Plan. These shares can be freely sold in the public market upon issuance, unless they are held by “affiliates”, as that term is
defined in Rule 144 of the Securities Act. If a large number of these shares are sold in the public market, the sales could reduce the trading price of our common stock.
A limited number of stockholders will have the ability to influence the outcome of director elections and other matters requiring stockholder approval.
As of December 31, 2016, our directors, executive officers, and their affiliated entities beneficially owned approximately 40.3% of our outstanding common stock. In particular, GS Capital Partners VI Parallel, L.P., GS Capital Partners VI Offshore Fund, L.P., GS Capital Partners VI Fund, L.P., and GS Capital Partners VI GmbH & CO. KG, which are affiliates of Goldman, Sachs & Co. and which we refer to as the Goldman Funds, collectively beneficially owned approximately 20.5%. These stockholders, if they act together, could exert substantial influence over matters requiring approval by our stockholders, including the amendment of our certificate of incorporation and bylaws, and the approval of mergers or other business combination transactions.
Additionally, the Goldman Funds, Mason R. Holland, Jr., our Executive Chairman and a director, and Shawn A. Jenkins, our Chief Executive Officer and a director, entered into a voting agreement for the election of directors. As of December 31, 2016, these stockholders collectively beneficially owned approximately 37.8% of our common stock. Pursuant to the voting agreement, the parties are obligated to vote all of their shares to elect two directors nominated by the Goldman Funds and each of Messrs. Holland and Jenkins to our board of directors. As a result, these stockholders will have significant influence on the outcome of director elections. This concentration of ownership might discourage, delay, or prevent a change in control of our company, which could deprive our stockholders of an opportunity to receive a premium for their stock as part of a sale of our company and might reduce our stock price. These actions may be taken even if they are opposed by other stockholders.
Provisions in our restated certificate of incorporation and amended and restated bylaws and Delaware law might discourage, delay, or prevent a change in control of our company or changes in our management and, therefore, depress the trading price of our common stock.
Provisions of our certificate of incorporation and bylaws and Delaware law might discourage, delay, or prevent a merger, acquisition, or other change in control that stockholders consider favorable, including transactions in which you might otherwise receive a premium for your shares of our common stock. These provisions might also prevent or frustrate attempts by our stockholders to replace or remove our management. These provisions include:
|
•
|
limitations on the removal of directors;
|
|
•
|
advance notice requirements for stockholder proposals and nominations;
|
|
•
|
limitations on the ability of stockholders to call special meetings;
|
|
•
|
the inability of stockholders to act by written consent once The Goldman Sachs Group and its affiliates cease to own at least 35% of our voting equity;
|
|
•
|
the inability of stockholders to cumulate votes at any election of directors;
|
|
•
|
the classification of our board of directors into three classes with only one class, representing approximately one-third of our directors, standing for election at each annual meeting; and
|
|
•
|
the ability of our board of directors to make, alter or repeal our bylaws.
|
Our Board of Directors has the ability to designate the terms of and issue new series of preferred stock without stockholder approval. In addition, Section 203 of the Delaware General Corporation Law prohibits a publicly held Delaware corporation from engaging in a business combination with an interested stockholder, generally a person which together with its affiliates owns, or within the last three years has owned, 15% of our voting stock, for a period of three years after the date of the transaction in which the person became an interested stockholder, unless the business combination is approved in a prescribed manner.
The existence of the foregoing provisions and anti-takeover measures could limit the price that investors are willing to pay in the future for shares of our common stock. They could also deter potential acquirers of our company, thereby reducing the likelihood that you could receive a premium for your common stock in an acquisition.
36
Our business is subject to changing regulations regarding corporate governance, disclosure controls, internal cont
rol over financial reporting, and other compliance areas that will increase both our costs and the risk of noncompliance.
As a public company, we are subject to the reporting requirements of the Securities Exchange Act of 1934, or the Exchange Act, the Sarbanes-Oxley Act of 2002, or the Sarbanes-Oxley Act, the Dodd-Frank Act, and the rules and regulations of our stock exchange. The requirements of these rules and regulations will increase our legal, accounting, and financial compliance costs, will make some activities more difficult, time-consuming, and costly, and may also place undue strain on our personnel, systems, and resources.
The Sarbanes-Oxley Act requires, among other things, that we maintain effective disclosure controls and procedures and internal control over financial reporting. Commencing with our fiscal year ending December 31, 2014, we performed system and process evaluation and testing of our internal control over financial reporting to allow management to report on the effectiveness of our internal control over financial reporting, as required by Section 404 of the Sarbanes-Oxley Act. Our ongoing compliance with Section 404 of the Sarbanes-Oxley Act will require that we incur substantial accounting expense and expend significant management efforts.
We are required to disclose changes made to our internal control and procedures on a quarterly basis. However, our independent registered public accounting firm will not be required to formally attest to the effectiveness of our internal control over financial reporting pursuant to Section 404 of the Sarbanes-Oxley Act until the later of the year following our first annual report required to be filed with the SEC or the date we are no longer an “emerging growth company” as defined in the Jumpstart Our Business Startups Act of 2012, or the JOBS Act, if we take advantage of the exemption available under the JOBS Act to the auditor attestation requirement in Section 404(b) of the Sarbanes-Oxley Act. If we are not able to comply with the requirements of Section 404 of the Sarbanes-Oxley Act in a timely manner, the market price of our stock could decline and we could be subject to sanctions or investigations by the stock exchange on which our common stock is listed, the SEC, or other regulatory authorities, which would require additional financial and management resources.
Failure to develop and maintain adequate financial controls could cause us to have material weaknesses, which could adversely affect our operations and financial position.
As previously reported, in the first quarter of 2014, we identified a material weakness in internal controls over the accounting for leasing transactions which resulted in the identification of a material error in the accounting for our headquarters lease executed in May 2005. We might in the future discover other material weaknesses that require remediation. In addition, an internal control system, no matter how well-designed, cannot provide absolute assurance that misstatements due to error or fraud will not occur or that all control issues and instances of fraud will be detected. If we are not able to comply with the requirements of Section 404 of the Sarbanes-Oxley Act in a timely manner, or if we are unable to maintain proper and effective internal controls, we might not be able to produce timely and accurate financial statements. If that were to happen, the market price of our stock could decline and we could be subject to sanctions or investigations by the stock exchange on which our common stock is listed, the SEC, or other regulatory authorities.
Any failure to develop or maintain effective controls, or any difficulties encountered in their implementation or improvement, could harm our operating results or cause us to fail to meet our reporting obligations. Any failure to implement and maintain effective internal controls also could adversely affect the results of periodic management evaluations regarding the effectiveness of our internal control over financial reporting that we are required to include in our periodic reports filed with the SEC under Section 404 of the Sarbanes-Oxley Act. Ineffective disclosure controls and procedures or internal control over financial reporting could also cause investors to lose confidence in our reported financial and other information, which would likely have a negative effect on the trading price of our common stock. Implementing any appropriate changes to our internal controls may require specific compliance training of our directors, officers, and employees, entail substantial costs in order to modify our existing accounting systems, and take a significant period of time to complete. Such changes may not be effective, however, in maintaining the adequacy of our internal controls, and any failure to maintain that adequacy, or consequent inability to produce accurate financial statements on a timely basis, could increase our operating costs and could materially impair our ability to operate our business. In the event that we are not able to demonstrate compliance with Section 404 of the Sarbanes-Oxley Act in a timely manner, that our internal controls are perceived as inadequate, or that we are unable to produce timely or accurate financial statements, investors may lose confidence in our operating results and our stock price could decline.
37
We are an emerging growth company and we cannot be certain if the reduced disclosure requirements applicable to emerging growth companies will make our common stock less attractive to investors.
We are an emerging growth company. Under the JOBS Act, emerging growth companies can delay adopting new or revised accounting standards until such time as those standards apply to private companies. We have irrevocably elected not to avail ourselves of this exemption from new or revised accounting standards and, therefore, we will be subject to the same new or revised accounting standards as other public companies that are not emerging growth companies.
For as long as we continue to be an emerging growth company, we intend to take advantage of certain other exemptions from various reporting requirements that are applicable to other public companies including, but not limited to, reduced disclosure obligations regarding executive compensation in our periodic reports and proxy statements, exemptions from the requirements of holding a nonbinding advisory vote on executive compensation and stockholder approval of any golden parachute payments not previously approved, and exemptions from the requirements of auditor attestation reports on the effectiveness of our internal control over financial reporting. We cannot predict if investors will find our common stock less attractive because we will rely on these exemptions. If some investors find our common stock less attractive as a result, there may be a less active trading market for our common stock and our stock price may be more volatile.
We will remain an emerging growth company until the earliest of (i) the end of the fiscal year in which the market value of our common stock that is held by non-affiliates exceeds $700 million as of June 30 of that fiscal year, (ii) the end of the fiscal year in which we have total annual gross revenue of $1 billion or more during such fiscal year, (iii) the date on which we issue more than $1 billion in non-convertible debt in a three-year period, or (iv) September 17, 2018.
If securities or industry analysts do not publish research or reports about our business, or publish inaccurate or unfavorable research or reports about our business, our stock price and trading volume could decline.
The trading market for our common stock depends, to some extent, on the research and reports that securities or industry analysts publish about us and our business. We do not have any control over these analysts. If one or more of the analysts who cover us downgrade our common stock or change their opinion of our common stock, our stock price would likely decline. If one or more of these analysts cease coverage of our company or fail to regularly publish reports on us, we could lose visibility in the financial markets, which could cause our stock price or trading volume to decline.