Cannae Holdings (CNNE) Risk Analysis

Alight's competitors may have greater resources, larger customer bases, greater name recognition, stronger presence in certain geographies and more established relationships with their customers and suppliers than it has. In addition, new competitors, alliances among competitors or mergers of competitors could result in Alight's competitors gaining significant market share and some of Alight's competitors may have or may develop a lower cost structure, adopt more aggressive pricing policies or provide services that gain greater market acceptance than the services that Alight offers or develops. Large and well-capitalized competitors may be able to respond to the need for technological changes (including the implementation of AI and Machine Learning ("ML")) and innovate faster, or price their services more aggressively. They may also compete for skilled professionals, finance acquisitions, fund internal growth and compete for market share more effectively than Alight does. If Alight is unable to compete successfully, it could lose market share and clients to competitors, which could materially adversely affect its results of operations. To respond to increased competition and pricing pressure, Alight may have to lower the cost of its solutions or decrease the level of service provided to clients, which could have an adverse effect on its financial condition or results of operations.

Black Knight Football's revenue is driven by the performance and popularity of its football clubs. BKFC's football clubs earn most of their revenue from media rights distributions from their domestic leagues which vary significantly depending on the level at which each club competes in their domestic league systems. For example, AFCB competes in the Premier League, the top league in the English football system. Relegation from the Premier League to lower tiers of the English Football League system would result in a significant decrease in the media rights revenue earned by AFCB. Relegation from the Premier League or a general decline in the success of AFCB, particularly in consecutive seasons, may also negatively affect AFCB's ability to attract or retain talented players and coaching staff, as well as supporters, sponsors and other commercial partners, which would have a material adverse effect on Black Knight Football's business, results of operations, financial condition and cash flow.

Improper access to, misappropriation, destruction or disclosure of confidential, personal or proprietary data could result in significant harm to our reputation or the reputation of any of the businesses we own. For example, D&B collects, stores and transmits a large amount of confidential company information on hundreds of millions of businesses, including financial information and personal information, as well as certain consumer information and credit information. D&B operates in an environment of significant risk of cybersecurity incidents resulting from unintentional events or deliberate attacks by third parties or insiders, which may involve exploiting highly obscure security vulnerabilities or sophisticated attack methods. With respect to Alight, one of its significant responsibilities is to maintain the security and privacy of its employees' and clients' confidential and proprietary information and the confidential information about clients' employees' compensation, health and benefits information and other personally identifiable information. With respect to our Restaurant Group companies, they rely heavily on information technology systems across their operations and corporate functions, including for order and delivery from suppliers and distributors, point-of-sale processing in their restaurants, management of their supply chains, payment of obligations, collection of cash, data warehousing or support analytics, finance or accounting systems, labor optimization tools, gift cards, online business and various other processes and transactions, including the storage of employee and customer information. The businesses we own and manage have experienced and we expect will continue to experience numerous attempts to access their computer systems, software, networks, data and other technology assets on a daily basis. The security and protection of their data is a top priority for them. Such businesses devote significant resources to maintain and regularly upgrade the wide array of physical, technical and contractual safeguards that they employ to provide security around the collection, storage, use, access and delivery of information they possess. These businesses have implemented various measures to manage their risks related to system and network security and disruptions, but an actual or perceived security breach, a failure to make adequate disclosures to the public or law enforcement agencies following any such event or a significant and extended disruption in the functioning of its information technology systems could damage a subsidiary company's reputation and cause it to lose clients, adversely impact its operations, sales and operating results and require it to incur significant expense to address and remediate or otherwise resolve such issues. Although our businesses have not incurred material losses or liabilities to date as a result of any breaches, unauthorized disclosure, loss or corruption of their data or inability of their clients to access their systems, such events could result in intellectual property or other confidential information being lost or stolen, including client, employee or business data, disrupt their operations, subject them to substantial regulatory and legal proceedings and potential liability and fines, result in a material loss of business and/or significantly harm their reputation. If they are unable to efficiently manage the vulnerability of their systems and effectively maintain and upgrade their system safeguards, they may incur unexpected costs and certain of their systems may become more vulnerable to unauthorized access. Furthermore, if we are unable to similarly and effectively maintain and upgrade our corporate system safeguards, data and confidential information we may have access to from time to time about the businesses we own and manage may also become more vulnerable to unauthorized access. We utilize a third party to manage the Company's corporate IT network and related resources and we actively collaborate with the third party to monitor risks and recent threats to our IT environment, develop protocols for responding to cybersecurity incidents, and train employees on common techniques used in cyber attacks. Our failure to adequately monitor our key third-party IT service provider could result in the failure of all or a portion of our IT resources and impact the operations of our business. Furthermore, loss of our third-party IT service provider could result in increased cost associated with acquiring new internal IT resources and developing internal IT processes. Due to concerns about data security and integrity, a growing number of legislative and regulatory bodies have adopted breach notification and other requirements in the event that information subject to such laws is accessed by unauthorized persons and additional regulations regarding the use, access, accuracy and security of such data are possible. For example, in the United States, D&B is subject to laws that provide for at least 50 disparate notification regimes. D&B is also subject to various laws in regulations in the other global markets it operates including Europe and Asia. Complying with such numerous and complex regulations in the event of unauthorized access would be expensive and difficult, and failure to comply with these regulations could subject D&B to regulatory scrutiny and additional liability. In many jurisdictions, including North America and the European Union, Alight is subject to laws and regulations relating to the collection, use, retention, security and transfer of this information including the Health Insurance Portability and Accountability Act of 1996, as amended ("HIPAA") and the HIPAA regulations governing, among other things, the privacy, security and electronic transmission of individually identifiable protected health information, the Personal Information Protection and Electronic Documents Act and the European Union General Data Protection Regulation ("GDPR"). California also enacted legislation, the California Consumer Privacy Act of 2018 ("CCPA") and the related California Privacy Rights Act ("CPRA"), that afford California residents expanded privacy protections and a private right of action for security breaches affecting their personal information. Virginia and Colorado have similarly enacted comprehensive privacy laws, the Consumer Data Protection Act and Colorado Privacy Act, respectively, both laws of which emulate the CCPA and CPRA in many respects. The Virginia Consumer Data Protection Act took effect on January 1, 2023, and the Colorado Privacy Act took effect on July 1, 2023. We anticipate federal and state regulators to continue to consider and enact regulatory oversight initiatives and legislation related to privacy and cybersecurity. These and other similar laws and regulations are frequently changing and are becoming increasingly complex and sometimes conflict among the various jurisdictions and countries in which Alight provides services both in terms of substance and in terms of enforceability. This makes compliance challenging and expensive. Alight's failure to adhere to or successfully implement processes in response to changing regulatory requirements in this area could result in legal liability or impairment to our reputation in the marketplace. Further, regulatory initiatives in the area of data protection are more frequently including provisions allowing authorities to impose substantial fines and penalties, and therefore, failure to comply could also have a significant financial impact. If Cannae or its businesses are unable to protect their computer systems, software, networks, data and other technology assets it could have a material adverse effect on the value of our businesses, and ultimately, our financial condition and results of operations.

A quickly evolving social, legal and regulatory environment may cause Alight to incur increased operational and compliance costs, including increased research and development costs, or divert resources from other development efforts, to address potential issues related to usage of AI and ML. Alight is increasingly building AI and ML into many of its offerings including in its generative AI-enhanced Search and Chat function for Alight Worklife as well as its intelligent document processing tools. As with many cutting-edge innovations, AI and ML present new risks and challenges, and existing laws and regulations may apply to Alight in new ways, the nature and extent of which are difficult to predict. The risks and challenges presented by AI and ML could undermine public confidence in AI and ML, which could slow its adoption and affect Alight's business. Alight incorporates AI and ML into its offerings for use cases that could potentially impact civil, privacy, or employment benefit rights. Failure to adequately address issues that may arise with such use cases could negatively affect the adoption of Alight's solutions and subject it to reputational harm, regulatory action, or legal liability, which may harm its financial condition and operating results. Potential government regulation related to AI, including relating to ethics and social responsibility, may also increase the burden and cost of compliance and research and development. Employees, customers, or customers' employees who are dissatisfied with Alight's public statements, policies, practices, or solutions related to the development and use of AI and ML may express opinions that could introduce reputational or business harm, or legal liability.

Black Knight Football is highly dependent on members of the management, coaching staff and players of its clubs. Competition for talented players and staff is, and will continue to be, intense. BKFC's ability to attract and retain the highest quality players and coaching staff for its clubs is critical to the on field success of its clubs and, consequently, to its business, results of operations, financial condition and cash flow. A downturn in the performance of BKFC's clubs could adversely affect its clubs ability to attract and retain coaches and players. While Black Knight Football and its clubs enter into employment contracts with its key personnel, including players and coaches, with the aim of securing their services for the term of the contract, the retention of their services for the full term of the contract cannot be guaranteed due to possible contract disputes or approaches by other clubs. Black Knight Football's failure to attract and retain key personnel for each of its clubs could have a negative impact on its ability to effectively manage and grow its business.

Alight's business is subject to extensive legal and regulatory oversight throughout the world including a variety of laws, rules, and regulations addressing, among other things, licensing, data privacy and protection, wage and hour standards, employment and labor relations, occupational health and safety, environmental matters, anti-competition, anti-corruption, anti-money laundering, language requirements, economic sanctions, currency, reserves and government contracting. This legal and regulatory oversight could reduce Alights profitability or limit its growth by increasing the costs of legal and regulatory compliance; by limiting or restricting the products or services it sells, the markets it enters, the methods by which it sells its services, the prices it can charge for our services, and the form of compensation it can accept from its clients and third parties; or by subjecting its business to the possibility of legal and regulatory actions or proceedings. The global nature of Alight's operations increases the complexity and cost of compliance with laws and regulations, including training and employee expenses, adding to its cost of doing business. In addition, many of these laws and regulations may have differing or conflicting legal standards across jurisdictions, increasing further the complexity and cost of compliance. In emerging markets and other jurisdictions with less developed legal systems, local laws and regulations may not be established with sufficiently clear and reliable guidance to provide us adequate assurance that Alight is operating its business in a compliant manner with all required licenses or that our rights are otherwise protected. In addition, certain laws and regulations, such as the U.S. Foreign Corrupt Practices Act and similar laws in other jurisdictions in which Alight operates, could impact its operations outside of the legislating country by imposing requirements for the conduct of overseas operations, and in a number of cases, requiring compliance by foreign subsidiaries. Alight is also subject to economic and trade sanctions programs, including those administered by the U.S. Treasury Department's Office of Foreign Assets Control ("OFAC"), which prohibit or restrict transactions or dealings with specified countries, their governments, and in certain circumstances, their nationals, and with individuals and entities that are specially designated. Alight's employees, consultants or agents may still take actions in violation of its policies for which it may be ultimately responsible, or its policies and procedures may be inadequate or may be determined to be inadequate by regulators. Any violations of applicable anti-corruption, economic and trade sanctions or anti-money laundering laws or regulations could limit certain of Alight's business activities until they are satisfactorily remediated and could result in civil and criminal penalties, including fines that could damage its reputation and have a materially adverse effect on its results of operation or financial condition. In addition to the complexity of the laws and regulations themselves, the development of new laws and regulations, changes in application or interpretation of laws and regulations and Alight's continued operational changes and development into new jurisdictions and new service offerings also increases Alight's legal and regulatory compliance complexity as well as the type of governmental oversight to which it may be subject. These changes in laws and regulations could mandate significant and costly changes to the way Alight implements its services and solutions or could impose additional licensure requirements or costs to Alight's operations and services, or limit its ability to mitigate risk. In addition, new regulatory or industry developments could create an increase in competition that could adversely affect Alight. These potential developments include: - changes in regulations relating to health and welfare plans including potential challenges or changes to the Patient Protection and Affordable Care Act, expansion of government-sponsored coverage through Medicare or the creation of a single payer system;- changes in regulations relating to defined contribution and defined benefit plans, including pension reform that could decrease the attractiveness of certain of our retirement products and services to retirement plan sponsors and administrators or have an unfavorable effect on Alight's ability to earn revenues from these products and services;- changes in regulations relating to payroll processing and payments or withholding taxes or other required deductions;- additional requirements respecting data privacy and data usage in jurisdictions in which Alight operates that may increase its costs of compliance and potentially reduce the manner in which data can be used by Alight to develop or further its product offerings;- changes in regulations relating to fiduciary rules;- changes in federal or state regulations relating to marketing and sale of Medicare plans, Medicare Advantage and Medicare Part D prescription drug plans;- changes to regulations of producers, brokers, agents or third-party administrators such as the Consolidated Appropriations Act of 2021, that may alter operational costs, the manner in which Alight markets or is compensated for certain services or other aspects of Alight's business; and - additional regulations or revisions to existing regulations promulgated by other regulatory bodies in jurisdictions in which Alight operates. For example, there have been, and likely will continue to be, legislative and regulatory proposals at the federal and state levels directed at addressing the availability of healthcare and containing or lowering the cost of healthcare. Although Alight cannot predict the ultimate content or timing of any healthcare reform legislation, potential changes resulting from any amendment, repeal or replacement of these programs, including any reduction in the future availability of healthcare insurance benefits, could adversely affect Alight's business and future results of operations. Further, the federal government from time to time considers pension reform legislation, which could negatively impact Alight's sales of defined benefit or defined contribution plan products and services and cause sponsors to discontinue existing plans for which Alight provides administrative or other services. Certain tax-favored savings initiatives that have been proposed could hinder sales and persistency of Alight's products and services that support employment-based retirement plans. Alight's services are also the subject of ever-evolving government regulation, either because the services provided to or business conducted by Alight's clients are regulated directly or because third parties upon whom Alight relies on to provide services to its clients are regulated, thereby indirectly impacting the manner in which Alight provides services to those clients. Changes in laws, government regulations or the way those regulations are interpreted in the jurisdictions in which Alight operates could affect the viability, value, use or delivery of benefits and HR programs, including changes in regulations relating to health and welfare plans (such as medical), defined contribution plans (such as 401(k)), defined benefit plans (such as retirement or pensions) or payroll delivery, may adversely affect the demand for, or profitability of, Alight's services. In addition, as Alight, and the third parties upon whom Alight relies, implement and expand direct-to-consumer sales and marketing solutions, Alight is subject to various federal and state laws and regulations that prescribe when and how Alight may market to consumers (including, without limitation, the Telephone Consumer Protection Act (the "TCPA") and other telemarketing laws and the Medicare Communications and Marketing Guidelines issued by the Center for Medicare Services of the U.S. Department of Health and Human Service). The TCPA provides for private rights of action and potential statutory damages for each violation and additional penalties for each willful violation. Alight has in the past and may in the future become subject to claims that it has violated the TCPA and/or other telemarketing laws. Changes to these laws could negatively affect Alight's ability to market directly to consumers or increase Alight's costs or liabilities.