Bowhead Specialty Holdings Inc. (BOW) Risk Analysis

We depend on our ability to attract and retain experienced and seasoned personnel who are knowledgeable about our business. Our senior management team, including our founder and Chief Executive Officer, Stephen Sills, plays an important role in our strategic direction, product development, broker partnership, corporate culture and our continued success as an organization. While we generally do not enter into employment agreements with our executive officers and other key personnel, we have entered into an employment agreement with Stephen Sills, however, Stephen Sills may terminate his agreement after the third anniversary of our initial public offering on at least 90 days' notice. The loss of Stephen Sills or other members of our senior management team could materially adversely impact our business. We could be adversely affected if we fail to adequately plan for the succession of our senior leaders and key executives. Our current succession plans and employment arrangements with certain key executives do not guarantee their services will continue to be available to us. The pool of talent from which we actively recruit is limited and may fluctuate based on market dynamics specific to our industry and independent of overall economic conditions. As such, higher demand for employees having the desired skills and expertise could lead to increased compensation expectations for existing and prospective personnel, making it difficult for us to retain and recruit key personnel and maintain labor costs at desired levels. To protect our confidential information and customer goodwill as well as to minimize the risk of disruption to our business in the event of a departure, our key employees, including our executive officers, are subject to non-compete and non-solicitation provisions that generally apply during, and extend for six to twelve months following the termination of, their employment; although, not all jurisdictions permit such non-compete agreements, and regardless of the jurisdiction, our key personnel could still pursue employment opportunities with other parties, including, with any of our competitors and there are no assurances that our non-compete agreements with any such key personnel would be enforceable in a cost effective manner, if at all. Should any of our key personnel terminate their employment with us, or if we are unable to retain and attract talented personnel, we may be unable to maintain our current competitive position in the specialized markets in which we operate, which could adversely affect our results of operations.

We distribute the majority of our products through a select group of brokers. For the twelve months ended December 31, 2024, 68.3%, or $475.0 million, of our gross written premiums were distributed through four of our approximately 65 brokers. Our relationship with any of these brokers may be discontinued at any time, subject to the terms of the respective producer agreements and applicable regulatory requirements. Even if the relationships do continue, they may not be on terms that are profitable for us. Consolidation could impact relationships with, and fees paid to, some agents and brokers. If brokers merge with or acquire each other, there could be a resulting failure or inability of brokers to market our products successfully or the loss of a substantial portion of the business sourced by one or more of our key brokers. The termination of a relationship with one or more significant brokers could result in lower gross written premiums and could have a material adverse effect on our results of operations or business prospects.

As a public company, we have incurred and expect to continue to incur significant legal, accounting and other expenses that we did not incur as a private company. We are subject to the reporting requirements of the Securities Exchange Act of 1934 (the "Exchange Act"), which requires, among other things, that we file with the SEC annual, quarterly and current reports with respect to our business and financial condition and therefore we need to have the ability to prepare financial statements that comply with all SEC reporting requirements on a timely basis. In addition, we are or will be subject to other reporting and corporate governance requirements, including certain requirements of and certain provisions of the Sarbanes-Oxley Act and the regulations promulgated thereunder, which impose significant compliance obligations upon us. In particular, we must perform system and process evaluation and testing of our internal control over financial reporting to allow management and, to the extent that we are no longer an "emerging growth company" as defined in the Jumpstart Our Business Startups Act of 2012 (the "JOBS Act"), our independent registered public accounting firm to report on the effectiveness of our internal control over financial reporting, as required by Section 404 of the Sarbanes-Oxley Act. Our compliance with Section 404 requires that we incur substantial accounting expense and expend significant management efforts. The Sarbanes-Oxley Act and the Dodd-Frank Act, as well as related rules subsequently implemented by the SEC and the New York Stock Exchange (the "NYSE"), have increased regulation of, and imposed enhanced disclosure and corporate governance requirements on, public companies. Our efforts to comply with these evolving laws, regulations and standards will increase our operating costs and divert management's time and attention from revenue-generating activities.?Further, if these laws, regulations and rules were to change substantially in the future, we might be unable to meet new requirements. These obligations place significant additional demands on our finance and accounting staff and on our financial accounting and information systems. We may need to hire additional accounting and financial staff with appropriate public company reporting experience and technical accounting knowledge. Other expenses associated with being a public company include increases in auditing, accounting and legal fees and expenses; investor relations expenses; increased directors' fees and director and officer liability insurance costs; registrar and transfer agent fees and listing fees; as well as other expenses. As a public company, we are required, among other things, to: - prepare and file periodic reports and distribute other stockholder communications, in compliance with the federal securities laws and requirements of the NYSE;- define and expand the roles and the duties of our board of directors and its committees;- institute more comprehensive compliance and investor relations functions; and - evaluate and maintain our system of internal control over financial reporting, and report on management's assessment thereof, in compliance with rules and regulations of the SEC and the Public Company Accounting Oversight Board. We may not be successful in implementing these requirements and implementing them could materially adversely affect our business. These increased costs will decrease our net income and may require us to reduce costs in other areas of our business or increase the prices of our products or services. For example, we expect these rules and regulations to make it more difficult and more expensive for us to obtain director and officer liability insurance and we may be required to incur substantial costs to maintain the same or similar coverage. We cannot predict or estimate the amount or timing of additional costs we may incur to respond to these requirements. The impact of these requirements could also make it more difficult for us to attract and retain qualified persons to serve on our board of directors or board committees or as executive officers. In addition, if we fail to implement the required controls with respect to our internal accounting and audit functions, our ability to report our results of operations on a timely and accurate basis could be impaired. If we do not implement the required controls in a timely manner or with adequate compliance, we may be subject to sanctions or investigation by regulatory authorities, such as the SEC or the NYSE. Any such action could harm our reputation and the confidence of investors in, and clients of, our Company and could negatively affect our business and cause the price of our shares of common stock to decline.

Regulatory authorities in the states or countries in which our operating subsidiaries conduct business may require individual or company licensing to act as producers, brokers, agents, third-party administrators, managing general agents, reinsurance intermediaries, or adjusters. Insurance is required to be written through licensed agents and brokers. Under the laws of most states in the United States, regulatory authorities have relatively broad discretion with respect to granting, renewing and revoking producers', brokers' and agents' licenses to transact business in such state. The operating terms may vary according to the licensing requirements of the particular state, which may require that a firm operate in the state through a local corporation. Our subsidiaries must comply with laws and regulations of the jurisdictions in which they do business. In states in which we operate on a non-admitted basis, surplus lines brokers generally are required to certify that a certain number of licensed admitted insurers had been offered and declined to write a particular risk prior to placing that risk with us or that the coverage is otherwise unavailable from an admitted carrier. Our insurance company subsidiary, BICI, is subject to extensive regulation in Wisconsin, its state of domicile, and to a lesser degree, any other states in which it may operate. Most insurance regulations are designed to protect the interests of insurance policyholders, as opposed to the interests of investors or stockholders. These regulations generally are administered by a department of insurance in each state and relate to, among other things, capital and surplus requirements, investment and underwriting limitations, affiliate transactions, dividend limitations, changes in control, solvency and a variety of other financial and non-financial aspects of our business. Significant changes in these laws and regulations, or how insurance departments interpret and enforce such laws and regulations, could further limit our discretion or make it more expensive to conduct our business. State insurance regulators also conduct periodic examinations of the affairs of insurance and reinsurance companies and require the filing of annual and other reports relating to financial condition, holding company issues and other matters. These regulatory requirements may impose timing and expense constraints that could adversely affect our ability to achieve some or all of our business objectives. We are subject to the insurance holding company laws of Wisconsin, which require BICI to register with the Wisconsin OCI and furnish information concerning the operations of companies within the holding company system that may materially affect the operations, management or financial condition of BICI. These statutes also provide that all transactions among members of a holding company system must be fair and reasonable and, if material or of specified types, such transactions require prior notice and approval or non-disapproval by the Wisconsin OCI. These prior notification and approval requirements may result in business delays and additional business expenses. If we fail to comply with such requirements or fail to comply with other applicable insurance regulations in Wisconsin, we may be subject to fines and penalties imposed by the Wisconsin OCI. In addition, individual states may impose different requirements on an insurance company's ability to cancel a policy which may extend the period during which we are exposed to risk for a policy or individual states may have differing interpretations of contractual language or require specific wordings which may also expose us to additional risk. Individual states may also prohibit certain types of insurance which could limit the lines of business we may be able to write and adversely affect our ability to achieve some or all of our business objectives. State insurance regulators also have broad discretion to suspend, deny or revoke licenses for various reasons, including the violation of regulations. In some instances, where there is uncertainty as to applicability, we follow practices based on our interpretations of regulations or practices that we believe generally to be followed by the industry. These practices may turn out to be different from the interpretations of regulatory authorities. If we do not have the requisite licenses and approvals or do not comply with applicable regulatory requirements, state insurance regulators could preclude or temporarily suspend us from carrying on some or all of our activities in their state or could otherwise penalize us. This could adversely affect our ability to operate our business. Further, changes in the level of regulation of the insurance industry or changes in laws or regulations themselves or interpretations by regulatory authorities could interfere with our operations and require us to bear additional costs of compliance, which could adversely affect our ability to operate our business. State insurance regulators require insurance companies to maintain specified levels of statutory capital and surplus. Insurance regulators have broad powers to prevent reduction of statutory surplus to inadequate levels. BICI is subject to risk-based capital requirements and other minimum capital and surplus restrictions imposed under Wisconsin law. Wisconsin has largely adopted the model legislation promulgated by the NAIC pertaining to risk-based capital. These requirements establish the minimum amount of risk-based capital necessary for a company to support its overall business operations. It identifies P&C insurers that may be inadequately capitalized by looking at certain inherent risks of each insurer's assets and liabilities and its mix of net written premium. Insurers falling below a calculated threshold may be subject to varying degrees of regulatory action, including supervision, rehabilitation or liquidation. In addition to these requirements under Wisconsin law, BICI is also subject to certain surplus and risk-based capital requirements under a company-specific stipulation and order from the Wisconsin OCI (the "Wisconsin OCI Stipulation and Order"). Pursuant to the Wisconsin OCI Stipulation and Order, BICI is required to (i) have a compulsory surplus equal to the greater of (A) $3.0 million or (B) the sum of (x) 50.0% of gross written premiums for medical malpractice insurance (which business is written as part of our Healthcare Liability division) and (y) 20.0% of gross written premiums for all other covered lines of insurance, (ii) maintain surplus in excess of its required security surplus standard under Wisconsin law and (iii) maintain a ratio of total adjusted capital to authorized control level risk-based capital of not less than 400.0%. See "Regulation-Restrictions on Paying Dividends" for additional information. Failure to maintain surplus and risk-based capital at the required levels could adversely affect the ability of BICI to maintain the regulatory authority necessary to conduct our business. In addition, state surplus lines laws, or laws pertaining to non-admitted insurance business, require that surplus lines brokers comply with diligent search/exempt commercial purchaser laws and affidavit/document filing requirements, as well as requiring the collection and paying of any taxes, stamping fees, assessment fees and other applicable charges on such business. E&S businesses, such as the Company, are often subject to special licensing, surplus lines tax and/or due diligence requirements by the home state of the insured. Fines for failing to comply with these surplus lines requirements, specifically for failing to comply with the surplus lines licensing or due diligence requirements, vary by state but can range to several million dollars. In addition, the NAIC has developed the IRIS, which is part of a collection of analytical tools designed to provide state insurance regulators with an integrated approach to screening and analyzing the financial condition of insurance companies operating in their respective states. IRIS is intended to assist state insurance regulators in targeting resources to those insurers in greatest need of regulatory attention. IRIS consists of two phases: statistical and analytical. In the statistical phase, the NAIC database generates key financial ratio results based on financial information obtained from insurers' annual statutory statements. The analytical phase is a review of the annual statements, financial ratios and other automated solvency tools. The primary goal of the analytical phase is to identify companies that appear to require immediate regulatory attention. A ratio result falling outside the usual range of IRIS ratios is not considered a failing result; rather, unusual values are viewed as part of the regulatory early monitoring system. Insurance regulators will generally begin to investigate, monitor or make inquiries of an insurance company if four or more of the company's ratios fall outside the usual ranges. Although these inquiries can take many forms, regulators may require the insurance company to provide additional written explanation as to the causes of the particular ratios being outside of the usual range, the actions being taken by management to produce results that will be within the usual range in future years and what, if any, actions have been taken by the insurance regulator of the insurers' state of domicile. Regulators are not required to take action if an IRIS ratio is outside of the usual range, but depending upon the nature and scope of the particular insurance company's exception (for example, if a particular ratio indicates an insurance company has insufficient capital) regulators may act to reduce the amount of insurance the company can write or revoke the insurer's certificate of authority and may even place the company under supervision.

As is typical in our industry, we continually face risks associated with litigation of various types, including disputes relating to insurance claims under our policies, disputes with our reinsurers, as well as other general commercial and corporate litigation. Litigation and other proceedings may also include complaints from or litigation by customers or reinsurers related to alleged breaches of contract or otherwise. Although we are not currently involved in any out-of-the-ordinary litigation with our customers, reinsurers or our current or former employees, other members of the insurance industry are the target of class action lawsuits and other types of litigation, including employment-related litigation, some of which involve claims for substantial or indeterminate amounts, and the outcomes of which are unpredictable. This litigation is based on a variety of issues, including insurance and claim settlement practices. If we were to be involved in litigation and it was determined adversely, it could require us to pay significant damage amounts or to change aspects of our operations, either of which could have a material adverse effect on our financial results. We are also subject to various contingencies. For example, we may owe certain employment taxes, penalties and interests related to 2021, 2022, 2023, and certain employment taxes for 2024 for an employee domiciled in the United Kingdom. While we have accrued certain amounts representing our best estimate of taxes, interests and penalties owed, such accruals may be insufficient and we may be subject to additional charges. Even claims without merit can be time-consuming and costly to defend and may divert management's attention and resources away from our business and adversely affect our business, results of operations and financial condition. Additionally, routine lawsuits over claims that are not individually material could in the future become material if aggregated with a substantial number of similar lawsuits. In addition to increasing costs, a significant volume of customer complaints or litigation could adversely affect our brand and reputation, regardless of whether such allegations are valid or whether we are liable. Accordingly, we cannot predict with any certainty whether we will be involved in such litigation in the future or what impact such litigation would have on our business.

As a company with a remote-friendly operating model, our business is highly dependent on our information technology and telecommunications systems, including our underwriting systems. We rely on these systems to interact with brokers and insureds, to underwrite business, to prepare policies and process premiums, to perform actuarial and other modeling functions, to process claims and make claims payments and to prepare internal and external financial statements. We also rely on our information and telecommunications systems for employees to interact with each other within the company, as most employees work on a remote basis a majority of their time as opposed to in physical offices. Some of these systems may include or rely on third-party systems provided by third party service providers and/or not located on our premises or under our control. We and our service providers face numerous and evolving cybersecurity risks that threaten the confidentiality, integrity and availability of systems and confidential information, including vulnerabilities that could be exploited by threat actors in commercial software that is integrated into our (or our suppliers' or service providers') IT systems, products or services. The risk of a data security breach or a disruption has generally increased in frequency, intensity and sophistication. Techniques used to compromise or sabotage systems change frequently, may originate from less regulated and remote areas of the world and be difficult to detect and generally are not recognized until launched against a target. Events such as natural catastrophes, terrorist attacks, industrial accidents, computer viruses, ransomware, a security breach by an unauthorized person, employee error, malfeasance, faulty password management or other irregularity and other cyber-attacks may cause our systems to fail or be inaccessible for extended periods of time. We have implemented management, operational, and technical security controls designed to identify, protect, detect, respond to and recover from breaches of security, such as business contingency plans and other reasonable plans to protect our systems, whether housed internally or through third-party cloud services. In addition, while we generally monitor vendor risk, including the security and stability of our critical vendors, we may fail to properly assess and understand the risks and costs involved in the third-party relationships. However, we cannot guarantee that these measures will be effective and sustained or repeated system failures or service denials could severely limit our ability to write and process new and renewal business, provide customer service, pay claims in a timely manner or otherwise operate in the ordinary course of business. Even if the vulnerabilities that may lead to the foregoing are identified, we may be unable to adequately investigate or remediate due to attackers using tools and techniques that are designed to circumvent controls, avoid detection and remove or obfuscate forensic evidence. As have many companies, we, and our third-party service providers, have been impacted by breaches in the past and will likely continue to experience cybersecurity incidents of varying degrees. Any such event may result in operational disruptions as well as unauthorized access to, the disclosure of, or loss of our proprietary information or our customers' data and information, which in turn may result in legal claims, regulatory scrutiny and liability, reputational damage, the incurrence of costs to eliminate or mitigate further exposure, an increase in our annual cybersecurity insurance premiums, the loss of customers or affiliated advisors, or other damage to our business. In addition, the trend toward general public notification of such incidents could exacerbate the harm to our business, financial condition and results of operations. Even if we successfully protect our technology infrastructure and the confidentiality of sensitive data, we could suffer harm to our business and reputation if attempted security breaches are publicized. We cannot be certain that advances in criminal capabilities, discovery of new vulnerabilities,attempts to exploit vulnerabilities in our systems, data thefts, physical system or network break-ins, inappropriate access, or other developments will not compromise or breach the technology or other security measures protecting the networks and systems used in connection with our business. In addition, as part of our normal business activities, we handle information related to individuals including, but not limited to, employees, claimants, individual third-party brokers or agents and individual vendors. As such, we are subject to various federal, state and local laws, regulations and industry standards. The regulatory environment surrounding information security and privacy is increasingly demanding, with frequent imposition of new and changing requirements that are subject to differing interpretations. In the United States, there are numerous federal and state data privacy and security laws, rules and regulations governing the collection, use, storage, sharing, transmission and other processing of personal information, including federal and state data privacy laws, data breach notification laws and consumer protection laws. Any failure or perceived failure by us to comply with laws, regulations, policies or regulatory guidance relating to privacy or data security may result in governmental investigations and enforcement actions, litigation, fines and penalties or adverse publicity, and could cause our customers and consumers to lose trust in us, which could have an adverse effect on our reputation and business.