BlackLine (BL) Risk Factors

We have incorporated and may continue to incorporate AI/ML solutions and features into our platform, and otherwise within our business, and these solutions and features may become more important to our operations or to our future growth over time. There can be no assurance that we will realize the desired or anticipated benefits from AI/ML, or at all, and we may fail to properly implement or market our AI/ML solutions and features. Our competitors or other third parties may incorporate AI/ML into their products, offerings, and solutions more quickly or more successfully than we do, which could impair our ability to compete effectively, and adversely affect our results of operations. Additionally, our AI/ML solutions and features may expose us to additional claims, demands, and proceedings by private parties and regulatory authorities and subject us to legal liability as well as brand and reputational harm. For example, the AI/ML models that we use are trained using various data sets, and if our models are incorrectly designed, the data we use to train them is incomplete or inadequate, or we do not have sufficient rights to use the data on which our models rely, the performance of our AI/ML solutions and features, as well as our reputation, could suffer or we could incur liability through the violation of contractual or regulatory obligations. The legal, regulatory, and policy environments around AI/ML are evolving rapidly. For example, the EU AI Act (the "AI Act"), which achieved approval by the European Council on February 2, 2024, and the European Parliament on March 13, 2024, will impose obligations on providers and users of artificial intelligence technologies. The AI Act may impact the development and adoption of our AI/ML solutions in Europe. Other countries also are contemplating laws regulating AI/ML technologies. We may become subject to new legal and other obligations in connection with our use of AI/ML, which could require us to make significant changes to our policies and practices, necessitating expenditure of significant time, expense, and other resources.

Use of our platform involves the storage, transmission and processing of our customers' proprietary data, including highly confidential financial information regarding their business and personal or identifying information of their customers or employees. Additionally, we maintain our own proprietary, confidential and otherwise sensitive information. Our platform is at risk for security breaches and incidents as a result of third-party action, employee, vendor or contractor error or malfeasance, cyberattacks (including from nation states and affiliated actors) and other forms of hacking, denial of service attacks, malfeasance, ransomware, viruses and other malicious software, or other factors. The risk of a cybersecurity incident occurring has increased as more companies and individuals work remotely, potentially exposing us to new, complex threats and increasing the potential for security breaches or incidents relating to phishing and other social engineering attacks, use of personal devices, and employee, vendor, or service provider error or malfeasance. Additionally, geopolitical events such as the war in Ukraine may create heightened risks of cyber attacks for us and our service providers, and we and they may be unable to defend against any such attacks. If any unauthorized or inadvertent access to, or a security breach or incident impacting our platform or other systems or networks used in our business occurs, such event could result in significant interruptions or other disruptions to our software solutions, platform and technology, the loss, alteration, or unavailability of data, unauthorized access to, or use, disclosure, or unauthorized processing of data, including proprietary, personal, or confidential data, and any such event, or the belief or perception that it has occurred, could result in a loss of business, severe reputational damage adversely affecting customer or investor confidence, regulatory investigations and orders, litigation, indemnity obligations, and damages for contract breach or penalties for violation of applicable laws or regulations. Additionally, service providers who store or otherwise process data on our behalf, including third-party and public-cloud infrastructure, also face security risks. As we rely more on third-party and public-cloud infrastructure, we are increasingly dependent on third-party security measures to protect against unauthorized access, cyberattacks, and the mishandling of customer, employee and other confidential data, and we may be required to expend significant time and resources to address any incidents related to the failure of those third-party security measures to prevent, detect, remediate, and otherwise address security breaches or incidents. Our ability to monitor our third-party service providers' data security is limited, and in any event, attackers may be able to circumvent our third-party service providers' security measures. There have been and may continue to be significant attacks on certain third-party providers, and we cannot guarantee that our or our third-party providers' systems and networks have not been breached or otherwise compromised, or that they do not contain exploitable defects or bugs that could result in a breach of or disruption to our systems and networks or the systems and networks of third parties that support us and our platform. We have and may also suffer breaches of, or incidents impacting, our internal systems. Security breaches or incidents impacting our platform or our internal systems could create significant interruptions or other disruptions of our software solutions, platform and technology, and may result in significant costs incurred in order to remediate or otherwise respond to a breach or incident, which may include liability for stolen assets or information, repair of system damage, incentives offered to customers or other business partners in an effort to maintain business relationships after a breach, and other costs, expenses and liabilities. We may be required to or find it appropriate to expend substantial capital and other resources to alleviate problems caused by any actual or perceived security breaches or incidents. Further, while we have expended, and will continue to expend, significant resources to enhance and improve our cybersecurity posture and capabilities, these efforts, and any other efforts we may make, may not prevent or significantly mitigate risk in the way we expect, and may require us to incur substantial costs and may require significant resources. We have incorporated and may continue to incorporate AI/ML solutions and features into our platform and otherwise within our business, which may create additional cybersecurity risks or increase cybersecurity risks, including risks of security breaches and incidents. Further, AI/ML technologies may be used for certain cybersecurity attacks, and may increase their frequency and intensity, resulting in heightened risks of security breaches and incidents. Additionally, many jurisdictions have enacted or may enact laws and regulations requiring companies to notify individuals of data security breaches involving certain types of personal data. These or other disclosures regarding a security breach or incident could result in negative publicity to us, which may cause our customers to lose confidence in the effectiveness of our data security measures which could impact our operating results. We incur significant expenses in our efforts to minimize the risks presented by security breaches and incidents, including deploying additional personnel and protection technologies, training employees annually, engaging in phishing simulation exercises, and engaging third-party experts and contractors. We continually increase our investments in cybersecurity to counter emerging risks and threats and to address certain other identified matters, and we anticipate being required to make substantial additional investments in our cybersecurity measures. If a high profile security breach or incident occurs with respect to another SaaS provider or other technology company, our current and potential customers may lose trust in the security of our platform or in the SaaS business model generally, which could adversely impact our ability to retain existing customers or attract new ones. Such a breach or incident, or series of breaches or incidents, could also result in regulatory or contractual security requirements that could make compliance challenging. Even in the absence of any actual or perceived security breach or incident, customer concerns about privacy, security, or data protection may deter them from using our platform for activities that involve personal or other sensitive information. Because the techniques used to obtain unauthorized access or to sabotage systems change frequently, and often are not identified until they are launched against a target, we may be unable to anticipate these techniques or to implement adequate preventative measures. We may also experience security breaches and incidents that may remain undetected for an extended period of time. Periodically, we experience cyber security events including phishing attacks targeting our employees, web application and infrastructure attacks, and other information technology incidents. These threats continue to evolve in sophistication and volume and are difficult to detect and predict due to advances in electronic warfare techniques, advances in cryptography and other technologies including AI/ML, and new and sophisticated methods used by criminals including phishing, social engineering or other illicit acts. We have and may experience security breaches or incidents introduced through the tools and services we use. We continuously monitor our infrastructure, adjust our intrusion detection capabilities, and practice security-by-design principles in our software development lifecycle to help prevent and detect security breaches and incidents, including those relating to tools and services provided by third parties. However, there can be no assurance that our defensive measures will prevent cyber attacks or other security breaches or incidents, or allow us to identify, remediate, or otherwise respond to them in a timely or effective manner. Any such attacks, breaches or incidents, or perception that any have occurred, could damage our brand and reputation and negatively impact our business. Our customers upload sensitive data to our platform, and data security is therefore a critical competitive factor in our industry. We make numerous statements in our privacy policy and customer agreements, through our certifications to standards and in our marketing materials, providing assurances about the security of our platform, including descriptions of security measures we employ. Should any of these statements be untrue, be perceived to be untrue, or become untrue, even through circumstances beyond our reasonable control, we may face claims of misrepresentation or deceptiveness by the U.S. Federal Trade Commission, state and foreign regulators and private litigants. Our errors and omissions insurance policies covering certain security and privacy damages and claim expenses may not be sufficient to compensate for all potential liability. Although we maintain cyber liability insurance, we cannot be certain that our coverage will be adequate for liabilities actually incurred, or that insurance will continue to be available to us on economically reasonable terms, or at all.

The market for accounting and financial software and services is highly competitive and rapidly evolving. Our competitors vary in size and in the breadth and scope of the products and services they offer. We often compete with other vendors of financial automation software, and we also compete with large, well-established, enterprise application software vendors whose software contains components that compete with our platform. In the future, a competitor offering ERP software could include a free service similar to ours as part of its standard offerings or may offer a free standalone version of a service similar to ours. Further, other established software vendors not currently focused on accounting and finance software and services, including some of our partners, resellers, and other parties with which we have relationships, may expand their services to compete with us. Some of our competitors have greater name recognition, longer operating histories, more established customer and marketing relationships, larger marketing budgets and significantly greater resources than we do. They may be able to respond more quickly and effectively than we can to new or changing opportunities, technologies, standards, or customer requirements. In addition, some of our competitors have partnered with, or have acquired, and may in the future partner with or acquire, other competitors to offer services, leveraging their collective competitive positions, which makes, or would make, it more difficult to compete with them. Market acceptance of our products may also be affected by customer confusion associated with the introduction of new and emerging technologies by us and our competitors, or changes in technological trends, such as the increase in the use of AI/ML. With the introduction of new technologies, the evolution of our platform and new market entrants, we expect competition to intensify in the future. Increased competition generally could result in reduced sales, reduced margins, losses or the failure of our platform to achieve or maintain more widespread market acceptance, any of which could harm our business.

Our initial subscription period for the majority of our customers is one to three years. In order for us to continue to increase our revenue, it is important that our existing customers renew their subscription agreements when the contract term expires. Although our agreements typically include automatic renewal language, our customers may cancel their agreements at the expiration of the term. In addition, our customers may renew for fewer users, renew for shorter contract lengths or renew for fewer products or solutions. Renewal rates may decline or fluctuate as a result of a variety of factors, including satisfaction or dissatisfaction with our software or professional services, our pricing or pricing structure, the pricing or capabilities of products or services offered by our competitors, the effects of economic conditions, or reductions in our customers' budgets and spending levels. For example, macroeconomic trends and changing customer preferences have impacted and may continue to impact our renewal rate. Any prolonged downturn in the global economy in general, or in particular sectors, such as technology or financial services, would adversely affect the industries in which our customers operate, which could adversely affect our customers' ability or willingness to renew their subscription agreements or could cause our customers to downgrade the terms of their subscription agreements. Even in the absence of unfavorable macroeconomic trends, changes in the size and mix of IT spend, such as favoring newer technologies like AI/ML at the expense of digital transformation, could negatively impact customers' ability or willingness to renew their subscription agreements or could cause our customers to downgrade the terms of their subscription agreements. Further, as the markets for our existing solutions mature, or as current and future competitors introduce new products or services that compete with ours, we may experience pricing pressure and be unable to renew our agreements with existing customers or attract new customers at prices that are profitable to us. If this were to occur, it is possible that we would have to change our pricing model, offer price incentives or reduce our prices. If our customers do not renew their agreements with us or renew on terms less favorable to us, our revenues may decline.

We believe that maintaining and enhancing our reputation for accounting and finance software is critical to our relationships with our existing customers and to our ability to attract new customers. The successful promotion of our brand attributes will depend on a number of factors, including our marketing efforts, our ability to continue to develop high-quality software, and our ability to successfully differentiate our platform from competitive products and services. Our brand promotion activities may not ultimately be successful or yield increased revenue. In addition, independent industry analysts provide reviews of our platform, as well as products and services offered by our competitors, and perception of our platform in the marketplace may be significantly influenced by these reviews. If these reviews are negative, or less positive as compared to those of our competitors' products and services, our brand may be adversely affected. The promotion of our brand requires us to make substantial expenditures, and we anticipate that the expenditures will increase as our market becomes more competitive, as we expand into new markets and as more sales are generated. To the extent that these activities yield increased revenue, this revenue may not offset the increased expenses we incur. If we do not successfully maintain and enhance our brand, our business may not grow, we may have reduced pricing power relative to competitors, and we could lose customers or fail to attract potential customers, all of which would adversely affect our business, results of operations and financial condition.

Global legal and regulatory requirements related to collecting, storing, handling, transferring, and otherwise processing personal data are rapidly evolving in ways that require our business to adapt to support our compliance and our customers' compliance. As the regulatory focus on privacy, data protection, and cybersecurity intensifies worldwide, and jurisdictions increasingly consider and adopt laws and regulations relating to these matters, the potential risks related to processing personal data by our business may grow. In addition, possible adverse interpretations of existing laws and regulations by governments in countries where we or our customers operate, as well as the potential implementation of new legislation, could impose significant obligations in areas affecting our business or prevent us from offering certain services in jurisdictions where we operate. Any failure or perceived failure to comply with applicable laws or regulations relating to privacy, data protection, or cybersecurity may adversely affect our business. Privacy, data protection, and cybersecurity have become significant issues in the U.S., Europe, and in many other jurisdictions where we offer our products. Following the European Union's passage of the General Data Protection Regulation ("GDPR"), which became effective in May 2018, the global regulatory landscape relating to privacy, data protection, and cybersecurity has grown increasingly complex and fragmented and is rapidly evolving. As a result, our business faces current and prospective risks related to increased regulatory compliance costs, reputational harm, negative effects on our existing business and on our ability to attract and retain new customers, and increased potential exposure to regulatory enforcement, litigation, and/or financial penalties for non-compliance. For example, in July 2020, the Court of Justice of the European Union ("CJEU") invalidated the Privacy Shield framework, which enabled companies to legally transfer data from the European Economic Area ("EEA") to the U.S. This ruling from the CJEU and recent rulings from various European Union ("EU") member state data protection authorities have created complexity and uncertainty regarding processing and transfers of personal data from the EEA to the U.S. and certain other countries outside the EEA. Moreover, on June 4, 2021, the European Commission adopted new Standard Contractual Clauses ("SCCs"), which impose additional obligations relating to personal data transfers out of the EEA. The new SCCs, and similar standard contractual clauses adopted in the UK, may increase the legal risks and liabilities associated with cross-border data transfers, and result in material increased compliance and operational costs. Following issuance of a U.S. Executive Order, a new framework, the EU-U.S. Data Privacy Framework ("DPF") was created. Following an adequacy decision issued by the European Commission on July 10, 2023, the DPF, along with a UK extension to the DPF that allows the transfer of personal data from the UK to the U.S. (the "UK DPF Extension") and the Swiss-U.S. Data Privacy Framework ("Swiss-U.S. DPF"), are available for companies to make use of to legitimize personal data transfers to the U.S. from the EEA, Switzerland, and UK. We have certified to the U.S. Department of Commerce that we adhere to the DPF, UK DPF Extension, and Swiss-U.S. DPF. However, the DPF has been subject to a legal challenge, and it, the UK DPF Extension, and the Swiss-U.S. DPF may be subject to legal challenges in the future from privacy advocacy groups or others. The European Commission's adequacy decision regarding the DPF also provides that the DPF will be subject to future reviews and may be subject to suspension, amendment, repeal, or limitations in scope by the European Commission. More generally, uncertainty may continue about the legal requirements for transferring customer personal data to and from the EEA, UK, Switzerland, and other regions, an integral process of our business. Other countries have passed or are considering passing laws imposing varying degrees of restrictive data residency requirements, which have created additional costs and complexity, and any new requirements may result in additional costs and complexity. In addition, the UK has established its own domestic regime with the UK GDPR and amendments to the Data Protection Act. While the UK GDPR so far mirrors the obligations in the GDPR and imposes similar penalties, the UK government is considering amending its data protection legislation. If UK regulation of data protection diverges significantly from the EU, new obligations and data flow issues could emerge, creating costs and complexity. Actual or alleged failure to comply with the GDPR or the UK GDPR can result in private lawsuits, reputational damage, loss of customers, and regulatory enforcement actions, which can result in significant fines, including, under the GDPR, fines of up to EUR 20 million (or GBP 17.5 million under the UK GDPR) or four percent (4%) of global revenue, whichever is greater. Regulatory developments in the U.S. present additional risks. For example, the California Consumer Privacy Act ("CCPA"), as amended by the California Privacy Rights Act ("CPRA"), gives California consumers, including employees, certain rights similar to those provided by the GDPR, and also provides for statutory damages or fines on a per violation basis that could be very large depending on the severity of the violation. Numerous other states have also enacted or are in the process of enacting or considering comprehensive state-level data privacy and security laws, rules and regulations. Furthermore, the U.S. Congress is considering privacy legislation, and the U.S. Federal Trade Commission continues to use its enforcement authority under Section 5 of the FTC Act against companies for privacy and cybersecurity practices alleged to be unfair or deceptive, and may undertake its own privacy rule making exercise. Globally, virtually every jurisdiction in which we operate has established its own frameworks governing privacy, data protection, and cybersecurity with which we, and/or our customers, must comply. These laws and regulations often are more restrictive than those in the U.S. Regulatory developments in these countries may require us to modify our policies, procedures, and data processing measures in order to address requirements under these or other applicable privacy, data protection, or cybersecurity regimes, and we may face claims, litigation, investigations, or other proceedings regarding them, initiated by private parties and governmental authorities, and may incur related liabilities, expenses, costs, and operational losses. Our compliance efforts are further complicated by the fact that laws and regulations relating to privacy, data protection, and cybersecurity around the world are rapidly evolving, may be subject to uncertain or inconsistent interpretations and enforcement, and may conflict among various jurisdictions. In addition to government activity, privacy advocacy and other industry groups have established or may establish various new, additional, or different self-regulatory standards that may place additional burdens on us. Our customers may require us, or we may find it advisable, to meet voluntary certifications or adhere to other standards established by them or third parties, such as the SSAE 18, SOC1, and SOC2 audit processes. If we are unable to maintain such certifications, comply with such standards, or meet such customer requests, it could reduce demand for our services and adversely affect our business. Compliance with applicable laws and regulations relating to privacy, data protection, and cybersecurity may require changes in our services, business practices, or internal systems that result in increased costs, lower revenue, reduced efficiency, or negative effects on our ability to attract and retain customers in certain industries and foreign countries, which could adversely affect our business. The costs of compliance with, and other obligations imposed by, these laws and regulations may require modification of our services, limit use and adoption of our services, reduce overall demand for our services, lead to significant fines, penalties, or liabilities for actual or alleged noncompliance, or slow the pace at which we close sales transactions, any of which could harm our business. Privacy, data protection, and cybersecurity concerns, whether valid or not valid, may inhibit the market adoption, effectiveness, or use of our services, particularly in certain industries and foreign countries.

Our operating results may vary based on the impact of changes in our industry or the global economy on us or our customers. The revenue growth and potential profitability of our business depend on demand for business software applications and services generally, and for accounting and finance systems in particular. We are currently operating in a period of economic uncertainty and cannot predict the timing, strength, or duration of any economic downturn. The global economy has been, and continues to be, adversely affected by concerns of inflation and rising interest rates, adverse business conditions and liquidity concerns, as well as macroeconomic volatility and uncertainty. These general macroeconomic conditions have contributed to a more restrained and selective IT spending environment that could adversely affect demand for our products and make it difficult to accurately forecast and plan our future business activities. For example, since the second quarter of 2022, we have observed certain customers delaying and deferring purchasing decisions, which has resulted in the deterioration of near-term demand. In addition, professional services revenue may decrease as new implementation projects are delayed. To the extent unfavorable conditions in the national and global economy persist or worsen, our business could be harmed as current and potential customers may reduce accounting, finance, and technology budgets and spending, or postpone or choose not to purchase or renew subscriptions to our products, which they may consider discretionary. Weakening economic conditions, and related corporate cost-cutting and tighter budgets, could affect the rate of accounting and finance and information technology spending and adversely affect our current or potential customers' ability or willingness to purchase our cloud platform, as well as further delay purchasing decisions, reduce the value or duration of their subscription contracts, or affect attrition rates, all of which would adversely affect our operating results. Prolonged economic uncertainties relating to macroeconomic trends could limit our ability to grow our business and negatively affect our operating results. Unfavorable trends in the national or global economy, such as rising interest rates and conditions resulting from financial and credit market fluctuations, may cause our customers and prospective customers to decrease their accounting and finance and information technology budgets, which would limit our ability to grow our business and negatively affect our operating results. The occurrence of a natural disaster, global public health crisis, geopolitical uncertainty or war has caused, and in the future may cause, customers to request concessions, including extended payment terms, free modules or better pricing. In addition, our customers may be affected by changes in trade policies, treaties, government regulations and tariffs, as well as geopolitical volatility. Trade protection measures, retaliatory actions, tariffs and increased barriers, policies favoring domestic industries, or increased import or export licensing requirements or restrictions, such as trade sanctions against Russia in response to the war in Ukraine, could have a negative effect on the overall macro economy and our customers, which could have an adverse impact on our operating results. Uncertain economic conditions may also adversely affect third parties with which we have entered into relationships and upon which we depend in order to grow our business, such as technology vendors and public cloud providers. As a result, we may be unable to continue to grow in the event of prolonged economic uncertainty or future economic slowdowns. See Risks Related to Our Dependence on Third Parties.

We currently maintain offices and/or have personnel in Australia, Canada, France, Germany, India, Japan, Mexico, the Netherlands, Poland, Romania, Singapore, and the United Kingdom, and we intend to build out our international operations. We have also executed several acquisitions and strategic transactions as part of our ongoing international expansion strategy. We derived approximately 29% and 28% of our revenues from sales outside the U.S. in the nine months ended September 30, 2024 and 2023, respectively. Any international expansion efforts that we may undertake, including acquisitions of businesses outside the U.S., may not be successful. In addition, conducting international operations in new markets subjects us to new risks that we have not generally faced in the U.S. These risks include: - localization of our solutions, including translation into foreign languages and adaptation for local practices and regulatory requirements;- lack of familiarity and burdens of complying with foreign laws, legal standards, regulatory requirements, tariffs and other barriers;- changes in legal and regulatory requirements, taxes, trade laws, tariffs, export quotas, custom duties or other trade restrictions, such as sanctions against Russia in response to the war in Ukraine;- differing technology standards;- longer accounts receivable payment cycles and difficulties in collecting accounts receivable;- difficulties in managing and staffing international operations and differing employer/employee relationships;- fluctuations in exchange rates that may increase the volatility of our foreign-based revenue;- potentially adverse tax consequences, including the complexities of foreign value-added tax (or other tax) systems and restrictions on the repatriation of earnings;- uncertain political and economic climates, including the significant volatility in the global financial markets and increasing inflation;- the impact of natural disasters, climate change, war, including the war in Ukraine, and public health pandemics, on employees, customers, partners, third-party contractors, travel and the global economy; and - reduced or varied protection for intellectual property rights in some countries. These factors may cause our international costs of doing business to exceed our comparable domestic costs. Operating in international markets also requires significant management attention and financial resources. Any negative impact from our international business efforts could negatively impact our business, results of operations and financial condition as a whole.

Natural disasters, climate change, political instability, or other catastrophic events may cause damage or disruption to our operations, international commerce, and the global economy, and thus could have a strong negative effect on us. Our business operations are subject to interruption by natural disasters, climate-related events, pandemics, terrorism, political unrest, geopolitical instability, war, such as the war in Ukraine, and other events beyond our control. Although we maintain crisis management and disaster response plans, such events could make it difficult or impossible for us to deliver our solutions to our customers, could decrease demand for our solutions, and could cause us to incur substantial expense. The majority of our research and development activities, corporate headquarters, information technology systems and other critical business operations are located in California, which has experienced, and is projected to continue to experience, major earthquakes, floods, droughts, heat waves, wildfires, and power shutoffs associated with wildfire prevention. Significant recovery time could be required to resume operations and our business could be harmed in the event of a major earthquake or other catastrophic event. Our insurance may not be sufficient to cover related losses or additional expenses that we may sustain. In addition, we may be subject to increased regulations, reporting requirements, standards, or expectations regarding the environmental impacts of our business, and failure to comply with such regulations, requirements, standards or expectations could adversely affect our reputation, business or financial performance.

We conduct transactions, particularly intercompany transactions, in currencies other than the U.S. Dollar, primarily the British Pound and the Euro. As we grow our international operations, we expect the amount of our revenues that are denominated in foreign currencies to increase in the future. Accordingly, changes in the value of foreign currencies relative to the U.S. Dollar could affect our revenue and operating results due to transactional and translational remeasurements that are reflected in our results of operations. As a result of such foreign currency exchange rate fluctuations, it could be more difficult to detect underlying trends in our business and results of operations. In addition, to the extent that fluctuations in currency exchange rates cause our results of operations to differ from our expectations or the expectations of our investors, the trading price of our common stock could be adversely affected. We do not currently maintain a program to hedge transactional exposures in foreign currencies. However, in the future, we may use derivative instruments, such as foreign currency forward and option contracts, to hedge exposures to fluctuations in foreign currency exchange rates. The use of such hedging activities may not offset any or more than a portion of the adverse financial effects of unfavorable movements in foreign exchange rates over the limited time the hedges are in place. Moreover, the use of hedging instruments may introduce additional risks if we are unable to structure effective hedges with such instruments.

Our success depends largely upon the continued services of our executive officers and other key employees. We rely on our leadership team, some of whom are new, in the areas of research and development, operations, security, marketing, sales and general and administrative functions. Changes in our executive management team resulting from the hiring or departure of executives, or our leadership structure, could disrupt our business, and could impact our ability to preserve our culture, which could negatively affect our ability to recruit and retain personnel. Our executive officers and other key personnel are at-will employees and, therefore, they could terminate their employment with us at any time. Any such departure could be particularly disruptive in light of the leadership transition. Competition for executive management is high, and it may take months to find a candidate that meets our requirements. Such recruiting efforts could divert the attention of our existing management team. Accordingly, the loss of one or more of our executive officers or key employees could have an adverse effect on our business. In addition, to execute our growth plan, we must attract and retain highly-qualified personnel. Competition for personnel is intense, especially for engineers experienced in designing and developing software applications, and experienced sales professionals. We have from time to time experienced, and we expect to continue to experience, difficulty in hiring and retaining employees with appropriate qualifications, and this difficulty may be heightened by labor shortages, higher employee turnover and slower hiring rates associated with hybrid work. In addition, we may need to increase our employee compensation levels in response to competition, rising inflation or labor shortages, which would increase our operating costs and reduce our profitability. Many of the companies with which we compete for experienced personnel have greater resources than we have. If we hire employees from competitors or other companies, their former employers may attempt to assert that these employees or we have breached legal obligations, resulting in a diversion of our time and resources. Likewise, if competitors hire our employees, we may divert time and resources to deter any breach by our former employees or their new employers of their respective legal obligations. Given the competitive nature of our industry, we have both received and asserted such claims in the past. In addition, job candidates and existing employees often consider the value of the equity awards they receive in connection with their employment. If the perceived value of our equity awards declines, due to volatile market conditions, stock price fluctuations or otherwise, it may adversely affect our ability to recruit and retain highly-skilled employees. Further, if we fail to attract new personnel or fail to retain and motivate our current personnel, our business and growth prospects could be adversely affected.

We depend on, and anticipate that we will continue to depend on, various strategic relationships in order to sustain and grow our business. We have established strong relationships with technology vendors such as SAP and Microsoft Dynamics to market our solutions to users of their ERP solutions, and professional services firms such as Deloitte and Ernst & Young, and business process outsourcers such as Cognizant, Genpact and IBM to supplement delivery and implementation of our applications. We believe these relationships enable us to effectively market our solutions by offering a complementary suite of services. In particular, our solution integrates with SAP's ERP solutions. SAP is part of the reseller channel that we use in the ordinary course of business, and accounts for a material portion of our total revenue. SAP has the ability to resell our solutions as SAP SolEx, for which we receive a percentage of the revenues. If we are unsuccessful in maintaining our relationship with SAP, if our reseller arrangement with SAP is less successful than we anticipate, if our customers that use an SAP ERP solution do not renew their subscriptions directly with us and instead purchase our solution through the SAP reseller channel or if we are unsuccessful in supporting or expanding our relationships with other companies, our business would be adversely affected. Additionally, while we continue to build relationships with a variety of third-party partners and will continue to support all ERP solutions, to the extent that our partnership with SAP continues to expand, this partnership may be a deterrent to other potential partners. Identifying, negotiating and documenting relationships with other companies require significant time and resources. Our agreements with technology vendors are typically limited in duration, non-exclusive, cancellable upon notice and do not prohibit the counterparties from working with our competitors or from offering competing services. For example, our agreement with SAP can be terminated by either party upon six months' notice and there is no assurance that our relationship with SAP will continue. If our solution is no longer resold by SAP as a solution extension, our business could be adversely affected. Our competitors may be effective in providing incentives to third parties to favor their products or services or to prevent or reduce subscriptions to our platform. If we are unsuccessful in establishing or maintaining our relationships, or if the counterparties to our relationships offer competing solutions, our ability to compete in the marketplace or to grow our revenue could be impaired and our operating results could suffer. Even if we are successful, we cannot assure you that these relationships will result in improved operating results.