Curis (CRIS) Risk Factors

In order to market and sell our products in the European Union and other foreign jurisdictions, we, and any future collaborators, must obtain separate marketing approvals and comply with numerous and varying regulatory requirements. The approval procedure varies among countries and can involve additional testing. The time required to obtain approval may differ substantially from that required to obtain FDA approval. The marketing approval process outside the United States generally includes all of the risks associated with obtaining FDA approval. In addition, in many countries outside the United States, a product must be approved for reimbursement before the product can be approved for sale in that country. We, and any future collaborators, may not obtain approvals from regulatory authorities outside the United States on a timely basis, if at all. Approval by the FDA does not ensure approval by regulatory authorities in other countries or jurisdictions, and approval by one regulatory authority outside the U.S. does not ensure approval by regulatory authorities in other countries or jurisdictions or by the FDA. We may file for marketing approvals but not receive the necessary approvals to commercialize our products in any market. In many countries outside the United States, a drug candidate must also be approved for reimbursement before it can be sold in that country. In some cases, the price that we intend to charge for our product, if approved, is also subject to approval. Obtaining non-U.S. regulatory approvals and compliance with non-U.S. regulatory requirements could result in significant delays, difficulties and costs for us and any future collaborators and could delay or prevent the introduction of our drug candidate in certain countries. In addition, if we or any future collaborators fail to obtain the non-U.S. approvals required to market our drug candidate outside the United States or if we or any future collaborators fail to comply with applicable non-U.S. regulatory requirements, our target market will be reduced and our ability to realize the full market potential of our drug candidate will be harmed and our business, financial condition, results of operations and prospects may be adversely affected. The United Kingdom left the EU on January 31, 2020, commonly referred to as Brexit. The United Kingdom is no longer part of the European Single Market and European Union Customs Union as of January 1, 2021. A trade and cooperation agreement that outlines the future trading relationship between the United Kingdom and the EU was agreed to in December 2020 and entered into force on May 1, 2021. As of January 1, 2021, the Medicines and Healthcare products Regulatory Agency, or the MHRA, became responsible for supervising medicines and medical devices in Great Britain, comprising England, Scotland and Wales under domestic law, whereas Northern Ireland will continue to be subject to EU rules under the Northern Ireland Protocol (as amended by the so-called Windsor Framework relating to Northern Ireland agreed to in February 2023). The MHRA relies on the Human Medicines Regulations 2012 (SI 2012/1916) (as amended), or the HMR, as the basis for regulating medicines. The HMR has incorporated into the domestic law of the body of EU law instruments governing medicinal products that pre-existed prior to the United Kingdom's withdrawal from the EU. Since a significant proportion of the regulatory framework for pharmaceutical products in the United Kingdom covering the quality, safety, and efficacy of pharmaceutical products, clinical trials, marketing authorization, commercial sales, and distribution of pharmaceutical products is derived from EU directives and regulations, Brexit may have a material impact upon the regulatory regime with respect to the development, manufacture, importation, approval and commercialization of our drug candidates in the United Kingdom. For example, the United Kingdom is no longer covered by the centralized procedures for obtaining EU-wide marketing authorization from the EMA, and a separate marketing authorization will be required to market our drug candidates in the United Kingdom. Until December 31, 2023, it was possible for the MHRA to rely on a decision taken by the European Commission on the approval of a new marketing authorization via the centralized procedure. From January 1, 2024 on, a new international recognition procedure, or IRP, applies which intends to facilitate approval of pharmaceutical products in the United Kingdom. The IRP is open to applicants that have already received an authorization for the same product from one of MHRA's specified Reference Regulators, or RRs. The RRs notably include EMA and regulators in the EEA member states for approvals in the E.U. centralized procedure and the Mutual Recognition/Decentralised Reliance, or MRDC, procedure as well as the FDA (for product approvals granted in the U.S.). However, the concrete functioning of the IRP is currently unclear. Any delay in obtaining, or an inability to obtain, any marketing approvals, as a result of Brexit or otherwise, may force us to restrict or delay efforts to seek regulatory approval in the United Kingdom for our drug candidates, which could significantly and materially harm our business. We expect that we will be subject to additional risks in commercializing emavusertib if it receives marketing approval outside the United States, including tariffs, trade barriers and regulatory requirements; economic weakness, including inflation, or political instability in particular foreign economies and markets; compliance with tax, employment, immigration and labor laws for employees living or traveling abroad; foreign currency fluctuations, which could result in increased operating expenses and reduced revenue, and other obligations incident to doing business in another country; and workforce uncertainty in countries where labor unrest is more common than in the United States.

We are subject to data privacy and protection laws and regulations that apply to the collection, transmission, storage and use of personally-identifying information, which among other things, impose certain requirements relating to the privacy, security and transmission of personal information, including comprehensive regulatory systems in the U.S., EU and United Kingdom. The legislative and regulatory landscape for privacy and data protection continues to evolve in jurisdictions worldwide, and there has been an increasing focus on privacy and data protection issues with the potential to affect our business. Failure to comply with any of these laws and regulations could result in enforcement action against us, including fines, claims for damages by affected individuals, damage to our reputation and loss of goodwill, any of which could have a material adverse effect on our business, financial condition, results of operations or prospects. There are numerous U.S. federal and state laws and regulations related to the privacy and security of personal information. In particular, regulations promulgated pursuant to HIPAA establish privacy and security standards that limit the use and disclosure of individually identifiable health information, or protected health information, and require the implementation of administrative, physical and technological safeguards to protect the privacy of protected health information and ensure the confidentiality, integrity and availability of electronic protected health information. Determining whether protected health information has been handled in compliance with applicable privacy standards and our contractual obligations can be complex and may be subject to changing interpretation. These obligations may be applicable to some or all of our business activities now or in the future. If we are unable to properly protect the privacy and security of protected health information, we could be found to have breached our contracts. Further, if we fail to comply with applicable privacy laws, including applicable HIPAA privacy and security standards, we could face civil and criminal penalties. HHS enforcement activity can result in financial liability and reputational harm, and responses to such enforcement activity can consume significant internal resources. In addition, state attorneys general are authorized to bring civil actions seeking either injunctions or damages in response to violations that threaten the privacy of state residents. We cannot be sure how these regulations will be interpreted, enforced or applied to our operations. In addition to the risks associated with enforcement activities and potential contractual liabilities, our ongoing efforts to comply with evolving laws and regulations at the federal and state level may be costly and require ongoing modifications to our policies, procedures and systems. In addition to federal privacy requirements there also are state law requirements that may impact our business operations. In 2018, California passed into law the California Consumer Privacy Act, or the CCPA, which took effect on January 1, 2020,and imposed many requirements on businesses that process the personal information of California residents. Many of the CCPA's requirements are similar to those found in the General Data Protection Regulation, or the GDPR, including requiring businesses to provide notice to data subjects regarding the information collected about them and how such information is used and shared, and providing data subjects the right to request access to such personal information and, in certain cases, request the erasure of such personal information. The CCPA also affords California residents the right to opt out of "sales" of their personal information. The CCPA contains significant penalties for companies that violate its requirements. In November 2020, California voters passed a ballot initiative for the California Privacy Rights Act, or the CPRA, which went into effect on January 1, 2023, and significantly expand the CCPA to incorporate additional GDPR-like provisions including requiring that the use, retention and sharing of personal information of California residents be reasonably necessary and proportionate to the purposes of collection or processing, granting additional protections for sensitive personal information, and requiring greater disclosures related to notice to residents regarding retention of information. The CPRA also created a new enforcement agency – the California Privacy Protection Agency – whose sole responsibility is to enforce the CPRA, which will further increase compliance risk. The provisions in the CPRA may apply to some of our business activities. In addition to California, eleven other states have already passed comprehensive privacy laws similar to the CCPA and CPRA. These laws are either in effect or will go into effect sometime before the end of 2026. Like the CCPA and CPRA, these laws create obligations related to the processing of personal information, as well as special obligations for the processing of "sensitive" data, which includes health data in some cases. Some of the provisions of these laws may apply to our business activities. There are also states that are strongly considering or have already passed comprehensive privacy laws during the 2024 legislative sessions that will go into effect in 2025 and beyond, including New Hampshire and New Jersey. In addition, the State of Washington passed the My Health My Data Act in 2023 which specifically regulated health information that is not otherwise regulated by the HIPAA rules. Connecticut and Nevada have also passed similar laws regulating consumer health data, and more states (such as Vermont) are considering such legislation in 2024. In addition, Congress has also been debating passing a federal privacy law. These laws may impact our business activities, including our identification of research subjects, relationships with business partners and ultimately the marketing and distribution of our products. Similar to the laws in the U.S., there are significant privacy and data security laws that apply in Europe and other countries. The collection, use, disclosure, transfer, or other processing of personal data, including personal health data, regarding individuals who are located in the European Economic Area, or the EEA, and the processing of personal data that takes place in the EEA, is regulated by the GDPR, which went into effect in May 2018 and which imposes obligations on companies that operate in our industry with respect to the processing of personal data and the cross-border transfer of such data. The GDPR imposes onerous accountability obligations requiring data controllers and processors to maintain a record of their data processing and policies. If our or our partners' or service providers' privacy or data security measures fail to comply with the GDPR requirements, we may be subject to litigation, regulatory investigations, enforcement notices requiring us to change the way we use personal data and/or fines of up to 20 million Euros or up to 4% of the total worldwide annual turnover of the group of companies of the preceding financial year, whichever is higher, as well as compensation claims by affected individuals, negative publicity, reputational harm and a potential loss of business and goodwill. The GDPR places restrictions on the cross-border transfer of personal data from the EU to countries that have not been found by the EC to offer adequate data protection legislation. There are ongoing concerns about the ability of companies to transfer personal data from the EU to other countries. In July 2020, the Court of Justice of the EU, or the CJEU, invalidated the EU-U.S. Privacy Shield, one of the mechanisms used to legitimize the transfer of personal data from the EEA to the U.S. The CJEU decision also drew into question the long-term viability of an alternative means of data transfer, the standard contractual clauses, for international transfers of personal data from the EEA. This CJEU decision resulted in increased scrutiny on data transfers and increased our costs of compliance with data privacy legislation as well as our costs of negotiating appropriate privacy and security agreements with our vendors and business partners. In October 2022, President Biden signed an executive order to implement the EU-U.S. Data Privacy Framework, which serves as a replacement to the EU-U.S. Privacy Shield. The EC adopted the adequacy decision on July 10, 2023. The adequacy decision permits U.S. companies who self-certify to the EU-U.S. Data Privacy Framework to rely on it as a valid data transfer mechanism for data transfers from the EU to the U.S. However, some privacy advocacy groups have already suggested that they will be challenging the EU-U.S. Data Privacy Framework. If these challenges are successful, they may not only impact the EU-U.S. Data Privacy Framework, but also further limit the viability of the standard contractual clauses and other data transfer mechanisms. The uncertainty around this issue has the potential to impact our business. Following the withdrawal of the UK from the EU, the UK Data Protection Act 2018 applies to the processing of personal data that takes place in the UK and includes parallel obligations to those set forth by GDPR. In relation to data transfers, both the UK and the EU have determined, through separate "adequacy" decisions, that data transfers between the two jurisdictions are in compliance with the UK Data Protection Act and the GDPR, respectively. The UK and the U.S. have also agreed to a U.S.-UK "Data Bridge", which functions similarly to the EU-U.S. Data Privacy Framework and provides an additional legal mechanism for companies to transfer data from the UK to the U.S. In addition to the UK, Switzerland is also in the process of approving an adequacy decision in relation to the Swiss-U.S. Data Privacy Framework (which would function similarly to the EU-U.S. Data Privacy Framework and the U.S.-UK Data Bridge in relation to data transfers from Switzerland to the U.S.). Any changes or updates to these developments have the potential to impact our business. Beyond GDPR, there are privacy and data security laws in a growing number of countries around the world. While many loosely follow GDPR as a model, other laws contain different or conflicting provisions. These laws will impact our ability to conduct our business activities, including both our clinical trials and the sale and distribution of commercial products, through increased compliance costs, costs associated with contracting and potential enforcement actions. While we continue to address the implications of the recent changes to data privacy regulations, data privacy remains an evolving landscape at both the domestic and international level, with new regulations coming into effect and continued legal challenges, and our efforts to comply with the evolving data protection rules may be unsuccessful. It is possible that these laws may be interpreted and applied in a manner that is inconsistent with our practices. We must devote significant resources to understanding and complying with this changing landscape. Failure to comply with laws regarding data protection would expose us to risk of enforcement actions taken by data protection authorities in the EEA and elsewhere and carries with it the potential for significant penalties if we are found to be non-compliant. Similarly, failure to comply with federal and state laws in the U.S. regarding privacy and security of personal information could expose us to penalties under such laws. Any such failure to comply with data protection and privacy laws could result in government-imposed fines or orders requiring that we change our practices, claims for damages or other liabilities, regulatory investigations and enforcement action, litigation and significant costs for remediation, any of which could adversely affect our business. Even if we are not determined to have violated these laws, government investigations into these issues typically require the expenditure of significant resources and generate negative publicity, which could harm our business, financial condition, results of operations or prospects. Accordingly, any breach of privacy laws or data security laws, particularly any breach resulting in a significant security incident or breach involving the misappropriation, loss or other unauthorized use or disclosure of sensitive or confidential patient or consumer information, could have a material adverse effect on our business, reputation and financial condition. As a data controller, we will be accountable for any third-party service providers we engage to process personal data on our behalf, including our CROs. There is no assurance that privacy and security-related safeguards we implement will protect us from all risks associated with the third-party processing, storage and transmission of such information. In certain situations, both in the United States and in other countries, we also may be obligated as a result of a security breach to notify individuals and/or government entities about these breaches. Given the breadth and depth of changes in data protection obligations, preparing for and complying with such requirements is rigorous and time intensive and requires significant resources and a review of our technologies, systems and practices, as well as those of any third party collaborators, service providers, contractors or consultants that process or transfer personal data collected in the European Union. The GDPR and other changes in laws or regulations associated with the enhanced protection of certain types of sensitive data, such as healthcare data or other personal information from our clinical trials, could require us to change our business practices and put in place additional compliance mechanisms, may interrupt or delay our development, regulatory and commercialization activities and increase our cost of doing business, and could lead to government enforcement actions, private litigation and significant fines and penalties against us and could have a material adverse effect on our business, financial condition or results of operations.

Because we have limited financial and managerial resources, we focus on our research and clinical development program for emavusertib as we believe it may have the best potential in certain specific indications. As a result, we have and may delay or forgo pursuit of certain opportunities with our other drug candidates or for other indications that later prove to have greater commercial potential. Our resource allocation decisions may cause us to fail to capitalize on viable commercial drugs or profitable market opportunities. Our spending on current and future proprietary research and development program for emavusertib for specific indications may not yield any commercially viable drug. If we do not accurately evaluate the commercial potential or target market for a particular drug candidate, we may relinquish valuable rights to that drug candidate through collaboration, licensing or other royalty arrangements in cases in which it would have been more advantageous for us to retain sole development and commercialization rights to such drug candidate. For example, in November 2022, as a result of our strategic reprioritization, while we had not yet reached the maximum tolerated dose in our Phase 1 trial of CI-8993, we deprioritized and did not exercise our option to license this candidate

The long-term success of our business depends in significant part on our ability to: - obtain patents to protect our technologies and discoveries;- protect trade secrets from disclosure to competitors;- operate without infringing upon the proprietary rights of others; and - prevent others from infringing on our proprietary rights. The patent positions of pharmaceutical and life science companies, including ours, are generally uncertain and involve complex legal, scientific and factual questions. The laws, procedures and standards that the U.S. Patent and Trademark Office and various foreign intellectual property offices use to grant and maintain patents, and the standards that courts use to interpret patents, are not always applied predictably or uniformly and have changed in significant ways and are expected to continue to change. In addition, the laws of foreign countries may not protect our rights to the same extent or in the same manner as the laws of the U.S. For example, European patent law restricts the patentability of methods of treatment of the human body more than U.S. law does. Consequently, the level of protection, if any, that will be obtained and provided by our patents if we attempt to enforce them, and they are challenged, is uncertain. Patents may not issue from any of the patent applications that we own or license. If patents do issue, the type and extent of patent claims issued to us may not be sufficient to protect our technology from exploitation by our competitors. Our patents also may not afford us protection against competitors with similar technology. Assuming the other requirements for patentability are met, currently, the first to file a patent application is generally entitled to the patent. Prior to March 16, 2013, in the U.S., patent applications were subject to a "first to invent" rule of law. Applications filed on or after March 16, 2013 (with the exception of certain applications claiming priority to applications filed prior to March 16, 2013, such as continuations and divisionals) are subject to new laws including a "first to file" rule of law. Publications of discoveries in the scientific literature often lag behind the actual discoveries, and patent applications in the U.S. and other jurisdictions are typically not published until 18 months after filing, or in some cases not at all. Additionally, how the U.S. Patent & Trademark Office and U.S. courts will interpret the new laws remains significantly uncertain at this time. We cannot be certain that any existing or future application will be subject to the "first to file" or "first to invent" rule of law, that we were the first to make the inventions claimed in our existing patents or pending patent applications subject to the prior laws, or that we were the first to file for patent protection of such inventions subject to the new laws. We may not have rights under patents that may cover one or more of our drug candidates. Patents of others may overlap with our own patents regarding one or more of our drug candidates. In some cases, these patents may be owned or controlled by third party competitors and may prevent or impair our ability to exploit our technology. As a result, we or our current or potential future collaborative partners may be required to obtain licenses under third party patents to develop and commercialize some of our drug candidates. If we are unable to secure licenses to such patented technology on acceptable terms, we or our collaborative partners may not be able to develop and commercialize the affected drug candidate or candidates. It is also possible that we will fail to identify patentable aspects of our research and development output before it is too late to obtain patent protection. Moreover, in some circumstances, we do not have the right to control the preparation, filing and prosecution of patent applications, or to maintain the patents, covering technology or drugs that we license from third parties and are reliant on our licensors. If we do not control the filing, prosecution of certain patent rights, we cannot be certain that these patents and applications will be prosecuted and enforced in a manner consistent with the best interests of our business. The issuance of a patent is not conclusive as to its inventorship, scope, validity or enforceability, and our owned and licensed patents may be challenged in courts or patent offices in the U.S. and abroad. Such challenges may result in loss of exclusivity or in patent claims being narrowed, invalidated or held unenforceable, which could limit our ability to stop others from using or commercializing similar or identical technology and drugs, or limit the duration of the patent protection of our technology and drugs. Given the amount of time required for the development, testing, and regulatory review of new drug candidates, patents protecting such candidates might expire before or shortly after such candidates are commercialized. As a result, our owned and licensed patent portfolio may not provide us with sufficient rights to exclude others from commercializing drugs similar or identical to ours.

We are exposed to the risk of employee fraud or other misconduct, including intentional failures to comply with FDA regulations or similar regulations of comparable foreign regulatory authorities, provide accurate information to the FDA or comparable foreign regulatory authorities, comply with manufacturing standards we have established, comply with federal and state healthcare fraud and abuse laws and regulations and similar laws and regulations established and enforced by comparable foreign regulatory authorities, report financial information or data accurately or disclose unauthorized activities to us. Employee misconduct could also involve the improper use of information obtained in the course of clinical trials, which could result in regulatory sanctions and serious harm to our reputation. It is not always possible to identify and deter employee misconduct, and the precautions we take to detect and prevent this activity may not be effective in controlling unknown or unmanaged risks or losses or in protecting us from governmental investigations or other actions or lawsuits stemming from a failure to be in compliance with such laws, standards or regulations. If any such actions are instituted against us, and we are not successful in defending ourselves or asserting our rights, those actions could have a significant impact on our business and results of operations, including the imposition of significant fines or other sanctions.

Pursuant to our collaboration with Genentech, we have granted to Genentech exclusive rights to develop and commercialize drugs based upon our Hedgehog signaling pathway technologies. Collaborations involving our drug candidates, including our collaborations with Aurigene and Genentech, pose the following risks to us: - Our collaborators each have significant discretion in determining the efforts and resources that they will apply to their respective collaboration with us. If a collaborator fails to allocate sufficient time, attention and resources to our collaboration, the successful development and commercialization of drug candidates under such collaboration is likely to be adversely affected. - Our collaborators may develop and commercialize, either alone or with others, drugs that are similar to or competitive with the drug candidates that are the subject of our respective collaborations. For example, Genentech and Roche are involved in the commercialization of many cancer medicines and are seeking to develop several other cancer drug therapies, and Aurigene has other active cancer-focused discovery programs and has also entered into license agreements with other companies that focus on cancer therapies. - Our collaborators may change the focus of their development and commercialization efforts or pursue higher-priority programs and there can be no assurance that third parties engaged to develop or commercialize our drug candidates or products will succeed in developing or commercializing our products or devote sufficient resources to the development or commercialization of our drug candidates or products. In addition, potential competitors may have substantially greater financial and other resources and may be able to expend more funds and effort with respect to competing products than Genentech or other third parties engaged by us. - Our collaborators may enter into one or more transactions with third parties, including a merger, consolidation, reorganization, sale of substantial assets, sale of substantial stock or change of control. Any such transaction could divert the attention of our collaborative partner's management and adversely affect its ability to retain and motivate key personnel who are important to the continued development of the program under such collaboration. In addition, an acquirer could determine to reprioritize our collaborator's development program such that our collaborator ceases to diligently pursue the development of our program, and/or terminates our collaboration. - Our collaborators may, under specified circumstances, terminate their collaborations with us on short notice and for circumstances outside of our control, which could make it difficult for us to attract new collaborators or adversely affect how we are perceived in the scientific, biotech, pharma and financial communities. - Our collaborators may utilize our intellectual property rights in such a way as to invite litigation that could jeopardize or invalidate our intellectual property rights, or expose us to potential liability. - Disputes may arise between collaborators and us regarding ownership of or other rights in the intellectual property generated in the course of the collaborations. - If any of our collaborators were to breach or terminate its arrangement with us, the development and commercialization of the affected drug candidate or program could be delayed, curtailed or terminated.

We currently have no sales, marketing, or drug distribution experience or capabilities. If we receive required regulatory approvals to commercialize emavusertib, we may plan to rely primarily on sales, marketing and distribution arrangements with third parties, including our collaborative partners. For example, as part of our agreements with Genentech, we have granted Genentech the exclusive rights to distribute drugs resulting from such collaboration, and Genentech is currently commercializing Erivedge. We may have to enter into additional marketing and/or sales arrangements in the future and we may not be able to enter into these additional arrangements on terms that are favorable to us, if at all. In addition, we may have limited or no control over the sales, marketing, and distribution activities of these third parties, and sales through these third parties could be less profitable for us than direct sales. These third parties could sell competing drugs and may devote insufficient sales efforts or resources to our drugs. Our future revenues will be materially dependent upon the successful efforts of these third parties. We may seek to independently market and sell emavusertib. If we undertake to perform sales, marketing and distribution functions ourselves, we could face a number of additional risks, including: - we may not be able to attract and build a significant and skilled marketing staff or sales force;- the cost of establishing a marketing staff or sales force may not be justifiable in light of the revenues generated by any particular drug; and - our direct sales and marketing efforts may not be successful.

We will require substantial funds to maintain our research and development program and support operations. We have incurred losses and negative cash flows from operations since our inception. As of December 31, 2023, we had $56.3 million in existing cash, cash equivalents and investments. We expect these available cash resources to fund our operating expenses and capital expenditure requirements into 2025. We have based this assessment on assumptions that may prove to be wrong, and we could exhaust our available capital resources sooner than we expect. Based on our current cash, cash equivalents, and investments, recurring losses and cash outflows from operations since inception, an expectation of continuing losses and cash outflows from operations for the foreseeable future and the need to raise additional capital to finance our future operations, we have concluded that we do not have sufficient cash on hand to support current operations beyond the next 12 months from the date of filing this Annual Report on Form 10-K. We will require additional funding to fund the development of emavusertib through regulatory approval and commercialization, and to support our continued operations. We will need to seek additional funding through a number of potential avenues, including private or public equity financings, collaborations, or other strategic transactions as needed. If we are unable to obtain sufficient funding, we will be forced to delay, reduce in scope or eliminate our research and development program for emavusertib, including related clinical trials and operating expenses, potentially delaying the time to market for, or preventing the marketing of, emavusertib, which could adversely affect our business prospects and our ability to continue operations, and would have a negative impact on our financial condition and our ability to pursue our business strategies. If we are unable to continue as a going concern, we may have to liquidate our assets and may receive less than the value at which those assets are carried on our audited financial statements, and it is likely that investors will lose all or a part of their investment. The report from our independent registered public accounting firm issued in connection with this Annual Report on Form 10-K contains, and future reports may contain, statements expressing substantial doubt about our ability to continue as a going concern. If we seek additional financing to fund our business activities in the future and there remains substantial doubt about our ability to continue as a going concern, investors or other financing sources may be unwilling to provide funding to us on commercially reasonable terms, if at all.