GoodRx Holdings (GDRX) Risk Analysis

The U.S. prescriptions market, pharma manufacturer solutions market and telehealth market are highly competitive and subject to ongoing innovation and development. Our ability to remain competitive is dependent upon our ability to appeal to consumers and attract and acquire new consumers to our platform, including through our apps. Our ability to remain competitive is also dependent upon our ability to retain existing consumers and encourage them to continue to use our platform as a tool for purchasing healthcare products and services. We operate in a highly competitive environment and in an industry that is subject to significant market pressures brought about by consumer demands, a limited number of major PBMs and pharmacy operators, fluctuations in medication pricing, legislative and regulatory activity, significant changes in demand and interest in telehealth and other market factors. We compete with companies that provide savings on prescriptions, as well as companies that offer advertising and market access for pharma manufacturers. Within the prescriptions discounts and price comparison market, our competition is fragmented and consists of competitors that are larger and smaller than us in scale, including large e-commerce companies. There can be no assurance that competitors will not develop and market similar offerings to ours, or that industry participants, such as integrated PBMs and pharmacy providers, will not seek to leverage our platform to drive consumer demand and traffic to their networks and eventually away from, or outside of, our platform. We may face increased competition from those that attempt to replicate our business model or marketing tactics, such as discount websites, e-commerce websites, apps, cash back and loyalty programs and new comparison shopping sites from various industry participants, any of which could impact our ability to attract and retain consumers. Our pharma manufacturer solutions offering competes for advertising and market access budget allocation against traditional direct to consumer and other platforms on which pharmaceutical manufacturers can reach consumers, such as through physicians, health-related apps and websites, television advertisements and services supporting patient access. We also face competition in the telehealth market from a range of companies, including providers of telehealth services that are larger than us, and which usually provide telehealth services on behalf of employers and insurance plans. A competitor's offerings, reputation and marketing strategies can have a substantial impact on its ability to attract and retain consumers, and we may face competition from existing or new market entrants with greater resources and better offerings, pricing, reputations and market strategies, which would have a negative impact on our business. Any such competitor may be better able to respond quickly to new technologies, develop deeper relationships with consumers and industry participants, including pharmacies, PBMs and telehealth providers, or offer more competitive discounts or pricing. While we negotiate protective terms related to our discounted prices, our intellectual property and our consumers, in our contracts with PBMs and partner pharmacies, such contracts are not exclusive and PBMs as well as our partner pharmacies can work with others in the industry to drive volume to their networks. For example, our contracts include provisions that, among others, restrict the ability of PBMs and our partner pharmacies to compete with us and solicit our consumers. We aim to differentiate our business through scale and by innovating and delivering offerings and services that demonstrate value to our new and existing consumers, particularly in response to frequent changes in medication pricing and the cost of medical care. Our failure to innovate and deliver offerings and services that demonstrate value, or to market such offerings and services effectively, may affect our ability to acquire or retain consumers, which could have a material adverse effect on our business, results of operations and financial condition. We may also face competition from companies that we do not yet know about. If existing or new companies develop or market an offering similar to ours, develop an entirely new solution for access to affordable healthcare, acquire one of our existing competitors or form a strategic alliance with one of our competitors or other industry participants, our ability to compete effectively could be significantly impacted, which would have a material adverse effect on our business, results of operations and financial condition.

There is currently significant concentration in the U.S. healthcare industry, and in particular there are a limited number of PBMs, including pharmacies' in-house PBMs, and a limited number of national pharmacy chains. If we are unable to retain favorable contractual arrangements and relationships with our PBM partners and partner pharmacies, including any successor PBMs or pharmacies should there be further consolidation of PBMs or pharmacies, we may lose them as customers and partners, as applicable, or the negotiated rates provided by such PBMs or directly through such partner pharmacies may become less competitive, which could have an adverse impact on the discounted prices we present through our platform. A limited number of PBMs generate a significant percentage of the discounted prices that we present through our platform and, as a result, we generate a significant portion of our revenue from contracts with a limited number of PBMs. We work with more than a dozen PBMs that maintain cash networks and prices, and the number of PBMs we work with has significantly increased over time, limiting the extent to which any one PBM contributes to our overall revenue; however, we may not expand beyond our existing PBM partners and the number of our PBM partners may even decline. Revenue from each PBM fluctuates from period to period as the discounts and prices available through our platform change, and different PBMs experience increases and decreases in the volume of transactions processed through their respective networks. Our three largest PBM partners accounted for 32% of our revenue in 2023, 31% of our revenue in 2022, and 34% of our revenue in 2021. In 2023 and 2022, Express Scripts accounted for more than 10% of revenue. In 2021, Express Scripts and Navitus each accounted for more than 10% of revenue. The loss of any of these large PBMs may negatively impact the breadth of the pricing that we are able to offer consumers. Most of our PBM contracts provide for monthly payments from PBMs, including our contracts with Navitus and Express Scripts. Our PBM contracts generally can be divided into two categories: PBM contracts featuring a percentage of fee arrangement, where fees are a percentage of the fees that PBMs charge to pharmacies, and PBM contracts featuring a fixed fee per transaction arrangement. Our percentage of fee contracts often also include a minimum fixed fee per transaction. The majority of our PBM contracts, including our contract with Navitus, are percentage of fee contracts, and a minority of our contracts, including our PBM contract with Express Scripts, provide for fixed fee per transaction arrangements. Our PBM contracts generally, including our contracts with Navitus and Express Scripts, have a tiered fee structure based on volume generated in the applicable payment period. Our PBM contracts, including our contracts with Navitus and Express Scripts, do not contain minimum volume requirements, and thus do not provide for any assurance as to minimum payments to us. Our PBM contracts generally renew automatically, including our contract with Navitus. In addition, our PBM contracts generally provide for continuing payments to us after such contracts are terminated, including our contracts with Navitus and Express Scripts. Some of our PBM contracts provide for these continuing payments for so long as negotiated rates related to the applicable PBM contract continue to be used after termination, and other contracts provide for these continuing payments for specified multi-year payment periods after termination. Our current contracts with Navitus and Express Scripts provide for initial terms of at least five years, during which payments will be made as negotiated rates related to the applicable PBM contract continue to be used. Between contract renewals, our current contracts generally provide for limited termination rights. In addition, our PBM contracts typically include provisions that prevent PBMs from circumventing our platform, redirecting volumes outside of our platform and other protective measures. For example, our PBM contracts, including our contracts with Navitus and Express Scripts, contain provisions that limit PBM use of our intellectual property related to our brand and platform and require PBMs to maintain the confidentiality of our data. While we have consistently renewed and extended the term of our contracts with PBMs over time, there can be no assurance that PBMs will enter into future contracts or renew existing contracts with us, or that any future contracts they enter into will be on equally favorable terms. Changes that limit or otherwise negatively impact our ability to receive fees from these partners would have an adverse effect on our business, financial condition and results of operations. Consolidation of PBMs or the loss of a PBM could negatively impact the discounts and prices that we present through our platform and may result in less competitive discounts and prices on our platform. Our consumers use GoodRx codes at the point of purchase at nearby pharmacies. These codes can be used at over 70,000 pharmacies in the United States. The U.S. prescriptions market is dominated by a limited number of national and regional pharmacy chains, such as CVS, Kroger, Walmart and Walgreens. These pharmacy chains represent a significant portion of overall prescription medication transactions in the United States. Similarly, a significant portion of our discounted prices are used at a limited number of pharmacy chains and, as a result, a significant portion of our revenue is derived from transactions processed at a limited number of pharmacy chains. We have entered, and may in the future enter, into direct contractual arrangements with pharmacies, which we refer to as our partner pharmacies, to offer discount prices to consumers at such pharmacies. If one or more pharmacy chains terminates its cash network contracts with PBMs that we work with, enters into cash network contracts with PBMs that we work with at less competitive rates or, to the extent a pharmacy chain has entered into a direct contractual arrangement with us, terminates such contractual arrangement, our business may be negatively affected. For example, a grocery chain took actions late in the first quarter of 2022 that impacted acceptance of discounted pricing for a subset of prescription drugs from PBMs and whose pricing we promote on our platform. This had a material adverse impact on our results of operations and we expect that it will continue to have a sustained adverse impact in future periods. Such actions could be exacerbated by further consolidation of PBMs or pharmacy chains. If such changes, individually or in the aggregate, are material, they would have an adverse effect on our business, results of operations and financial condition. If there is a decline in revenue generated from any of the PBMs or pharmacies we contract with, as a result of consolidation of PBMs or pharmacy chains, pricing competition among industry participants or otherwise, if we are unable to maintain or grow our relationships with PBMs and pharmacies or if we lose one or more of the PBMs or partner pharmacies we contract with and cannot replace such PBM or partner pharmacy in a timely manner or at all, there would be an adverse effect on our business, financial condition and results of operations. We do not generate a significant percentage of revenue from mail delivery service. To the extent consumer preferences change, including as a result of public health concerns, we may not be able to accommodate sufficient demand for mail delivery service which may have an adverse effect on our business, financial condition and results of operations.

We are subject to U.S. federal and state income taxes. Tax laws, regulations and administrative practices in various jurisdictions may be subject to significant change, with or without advance notice, due to economic, political and other conditions, and significant judgment is required in evaluating and estimating our provision and accruals for these taxes. There are many transactions that occur during the ordinary course of business for which the ultimate tax determination is uncertain. Our effective income tax rates could be affected by numerous factors, such as changes in tax, accounting and other laws, regulations, administrative practices, principles and interpretations, the mix and level of earnings in a given taxing jurisdiction or our ownership or capital structures. For example, the Inflation Reduction Act of 2022, enacted in August 2022, imposes a minimum tax on certain corporations with book income of at least $1 billion (subject to certain adjustments) and an excise tax on certain stock buybacks and similar corporate actions.

We rely on a variety of marketing techniques, including email and social media marketing and postal mailings, and we are subject to various laws, regulations and regulatory interpretations that govern such marketing and advertising practices. A variety of federal and state laws, regulations and regulatory interpretations govern the collection, use, retention, sharing and security of consumer data, particularly in the context of online advertising, which we rely upon to attract new consumers. Laws, regulations and regulatory interpretations relating to privacy, data protection, marketing and advertising, and consumer protection are evolving and subject to potentially differing interpretations, particularly as they involve classes of data deemed to be sensitive. These requirements may be interpreted and applied in a manner that varies from one jurisdiction to another and/or may conflict with other law, regulations and regulatory interpretations. As a result, our practices may not have complied or may not comply in the future with all such laws, regulations, requirements and obligations. Any failure, or perceived failure, by us or any of our third-party partners, data centers, or service providers to comply with privacy policies or federal or state privacy or consumer protection-related laws, regulations, regulatory interpretations, industry self-regulatory principles, industry standards or codes of conduct, regulatory guidance, orders to which we may be subject, or other legal obligations relating to privacy or consumer protection, could adversely affect our reputation, brand and business, and may result in claims, proceedings or actions against us by governmental entities, consumers, suppliers or others. These proceedings may result in financial liabilities or may require us to change our operations, including ceasing the use or sharing of certain data sets, or modifying marketing and other user engagement programs and plans. Any such claims, proceedings or actions could hurt our reputation, brand and business, force us to incur significant expenses in defense of such proceedings or actions, distract our management, increase our costs of doing business, result in a loss of consumers, suppliers, and contracts with PBMs and others and result in the imposition of monetary penalties. We are also contractually required to indemnify and hold harmless certain third parties from the costs or consequences of non-compliance with any laws, regulations, regulatory interpretations, or other legal obligations relating to privacy or consumer protection or any inadvertent or unauthorized use or disclosure of data that we store or handle as part of operating our business. Federal and state governmental authorities continue to evaluate the privacy implications inherent in the use of third-party cross-site behavioral advertising technologies and other methods of online tracking for behavioral advertising and other purposes. The U.S. federal and state governments have enacted, and may in the future enact legislation, regulations and regulatory interpretations impacting the ability of companies and individuals to engage in these activities, such as by regulating the level of consumer notice and consent required before a company can employ cross-site behavioral advertising technologies or other electronic tracking tools or the use of data gathered with such tools. Additionally, some providers of consumer devices and web browsers have implemented, or announced plans to implement, limits on behavioral or targeted advertising and/or means to make it easier for internet users to prevent the placement of cross-site behavioral advertising technologies or to block other tracking technologies, which could, if widely adopted, result in the decreased effectiveness or use of third-party cross-site behavioral advertising technologies and other methods of online tracking, targeting or re-targeting. The regulation of the use of these cross-site behavioral advertising technologies and other current online tracking and advertising practices or a loss in our ability to make effective use of services that employ such technologies could increase our costs of operations and limit our ability to acquire new consumers on cost-effective terms and consequently, materially and adversely affect our business, financial condition and results of operations. The CCPA, which became effective on January 1, 2020, creates individual privacy rights for California consumers and increases the privacy and security obligations of entities handling certain personal data. For example, the CCPA gives California residents expanded rights to access and require deletion of their personal information, opt out of certain personal information sharing and receive detailed information about how their personal information is used. Failure to comply with the CCPA may result in attorney general enforcement action and damage to our reputation. We have enacted and will continue to enact changes to ensure compliance with the CCPA. The CCPA provides for civil penalties for violations, as well as a private right of action for data breaches that has increased the likelihood of, and risks associated with data breach litigation. The CPRA significantly amends the CCPA and the majority of its provisions went into effect on January 1, 2023. The CPRA imposes additional data protection obligations on companies doing business in California, including additional consumer rights processes, limitations on data uses, new audit requirements for higher risk data, and opt outs for certain uses of sensitive data. It has also created a new California data protection agency authorized to issue substantive regulations and could result in increased privacy and information security enforcement. Additional compliance investment and potential business process changes may be required. Further, certain states have passed similar laws, and similar laws are also continuing to be proposed at the state and federal level. For example, Washington state's My Health My Data Act ("MHMDA") was recently signed into law and proposes additional obligations and limitations regarding data. The MHMDA differs from other state privacy laws because of its broad definition of health information and a broad private right of action. Other states may be considering similar laws to the MHMDA. Historically, laws with private rights of action have resulted in numerous class action suits under federal and state laws resulting in multi-million-dollar settlements to the plaintiffs. We have been, and in the future may be, subject to such litigation, which could be costly and time-consuming to defend. Private litigants may claim that the notices and disclosures we provide, form of consents we obtain or our general privacy practices are not adequate or violate applicable law. This may in the future result in civil claims against us. The scope and interpretation of the MHMDA will be continuously evolving and developing. If we do not comply with the MHMDA or similar laws or regulations or if we become liable under these laws or regulations, we could face direct liability, could be required to change some portions of our business model, could face negative publicity and our business, financial condition and results of operations could be adversely affected. Additionally, the interpretations of existing federal and state consumer protection laws relating to online collection, use, dissemination, and security of health related and other personal information adopted by the FTC state attorneys general, private plaintiffs, and courts have evolved, and may continue to evolve, over time. Consumer protection and certain state data privacy laws like the CCPA and CPRA require us to publish statements that describe how we handle personal information and choices individuals may have about the way we handle or provide access to their personal information. If such information that we publish is considered untrue, we may be subject to government claims of unfair or deceptive trade practices, which could lead to significant liabilities and consequences. Furthermore, the FTC also has authority to initiate enforcement actions against entities that make deceptive statements about privacy and data sharing in privacy policies, fail to limit third-party use of personal health information, fail to implement policies to protect personal health information or engage in other unfair practices that harm customers or that may violate Section 5(a) of the FTC Act. According to the FTC, violating consumers' privacy rights or failing to take appropriate steps to keep consumers' personal information secure may constitute unfair acts or practices in or affecting commerce and thus violate Section 5(a) of the FTC Act. It may also violate one or more FTC-enforced rules. The FTC expects a company's data security measures to be reasonable and appropriate in light of the sensitivity and volume of consumer information it holds, the size and complexity of its business, and the cost of available tools to improve security and reduce vulnerabilities. Individually identifiable health information is considered sensitive data that merits stronger safeguards. The FTC and many state Attorneys General also continue to enforce federal and state consumer protection laws against companies for online collection, use, dissemination and security practices that appear to be unfair or deceptive. These consumer protection laws are increasingly being applied by the FTC and state Attorneys General to regulate the collection, use, storage and disclosure of personal or personally identifiable information, through websites or otherwise, and to regulate the presentation of website content. In February 2023, we reached a negotiated settlement with the FTC with respect to an investigation of our privacy and security practices which included a monetary settlement amount of $1.5 million and agreements to effect or maintain, as applicable, certain changes to our business practices, policies and compliance requirements. As a result of regulatory enforcement proceedings and inquiries, we have been, and may in the future be, subject to related litigation, settlements or enforcement actions that have included or could include monetary penalties and/or compliance requirements that (1) impose significant and material costs, (2) require us to make modifications to our data practices and our marketing programs, (3) result in negative publicity, or (4) have a negative impact on consumer demand for our products and services, or on our commercial or industry relationships. Relatedly, there has also been, and may in the future also be, significant and material resource burdens on us, requirements that certain aspects of our operations to be overseen by an independent monitor, and/or limitations or the elimination of our ability to use certain targeting marketing strategies or work with certain third-party vendors. Even an unsuccessful challenge of our privacy practices by our consumers, regulatory authorities or other third parties could result in negative publicity and could require a costly response from and defense by us. Any of these events could adversely affect our ability to operate our business and our financial results. In addition, HIPAA, which applies to parts of our business, imposes on entities within its jurisdiction, among other things, certain standards relating to the privacy, security, transmission and breach reporting of individually identifiable health information. For example, HIPAA imposes privacy, security and breach reporting obligations with respect to individually identifiable health information upon "covered entities" (health plans, health care clearinghouses and certain health care providers) and their respective business associates, individuals or entities that create, receive, maintain or transmit protected health information in connection with providing a service for or on behalf of a covered entity. HIPAA mandates the reporting of certain breaches of health information to the U.S. Department of Health and Human Services ("HHS"), affected individuals and if the breach is large enough, the media. We have experienced such breaches in the past and could be exposed to a risk of loss or litigation and potential liability, which could materially adversely affect our business, results of operations and financial condition. In addition, to the extent we or our other contractors or agents receive or obtain individually identifiable health information from patients, healthcare professionals, pharmacies, or other individuals or entities, we could be subject to criminal penalties if we mishandle individually identifiable health information in a manner that is not authorized or permitted by HIPAA. Claims that we have violated individuals' privacy rights or breached our contractual obligations, even if we are not found liable, could be expensive and time-consuming to defend and could result in adverse publicity that could harm our business. In addition, though we have wound down vitaCare Prescription Services, Inc.'s ("vitaCare") principal operations in connection with our Restructuring Plan, vitaCare's past activities could be subject to regulation and enforcement by the federal government and the states in which vitaCare conducted its business, including state licensing of pharmacies and pharmacists. Although we work to comply with applicable laws, regulations and standards, our contractual obligations and other legal obligations, these requirements are evolving and may be modified, interpreted and applied in an inconsistent manner from one jurisdiction to another, and may conflict with one another or other legal obligations with which we must comply. Any failure or perceived failure by us or our employees, representatives, contractors, consultants, collaborators, or other third parties to comply with such requirements or adequately address privacy and security concerns, even if unfounded, could result in additional cost and liability to us, damage our reputation, and adversely affect our business and results of operations.

Our ability to maintain our competitive position is largely dependent on the services of our senior management and other key personnel. In addition, our future success depends on our continuing ability to attract, develop, motivate and retain highly qualified and skilled employees. Competition for such personnel is extremely intense. To attract and retain such personnel, we have had to offer, and believe we will need to continue to offer, highly competitive compensation packages. However, we have experienced and may continue to experience difficulties in hiring and retaining these personnel at compensation levels consistent with our existing compensation and salary structure. Some of the companies with which we compete for experienced employees have greater resources than we have and may be able to offer more attractive terms of employment. We have needed and may in the future need to invest significant amounts of cash and equity to attract and retain employees and we may not realize sufficient returns on these investments. In addition, the loss of any of our senior management or other key employees, the failure to successfully transition key roles, or our inability to recruit, develop and retain qualified personnel could materially and adversely affect our ability to execute our business plan and we may be unable to find adequate replacements. For instance, on April 25, 2023, Trevor Bezdek and Douglas Hirsch transitioned from their prior roles as our Co-Chief Executive Officers and our board of directors (our "Board") appointed Scott Wagner as Interim Chief Executive Officer while it engages in a search process for a permanent Chief Executive Officer. We have also recently made a number of additional changes to our senior management team. Any inability to successfully transition the Chief Executive Officer role and attract a permanent successor for such role or successfully transition other applicable senior management roles could adversely impact our business. All of our employees are at-will employees, meaning that they may terminate their employment relationship with us at any time, and their knowledge of our business and industry would be extremely difficult to replace. If we fail to retain talented senior management and other key personnel, or if we do not succeed in attracting well-qualified employees or retaining and motivating existing employees, our business, financial condition and results of operations may be materially adversely affected.

Although we only operate in the United States, our business, financial performance and results of operations depend in part on worldwide macroeconomic economic conditions and their impact on consumer spending. Recessionary economic cycles, higher interest rates, volatile fuel and energy costs, inflation, levels of unemployment, conditions in the residential real estate and mortgage markets, access to credit, consumer debt levels, unsettled financial markets and other economic factors that may affect costs of manufacturing prescription medications, consumer spending or buying habits could materially and adversely affect demand for our offerings. Volatility in the financial markets has also had and may continue to have a negative impact on consumer spending patterns. In addition, negative national or global economic conditions may materially and adversely affect the PBMs, partner pharmacies and pharma manufacturers we contract with and their associated industry participants, financial performance, liquidity and access to capital. This may affect their ability to renew contracts with us on the same or better terms, which could impact the competitiveness of the discounted prices we are able to offer our consumers. All of these factors may be exacerbated by global financial conditions and other geopolitical factors, which could harm our business, financial condition and results of operations. Economic factors such as increased insurance and healthcare costs, commodity prices, shipping costs, inflation, higher costs of labor, and changes in or interpretations of other laws, regulations and taxes may also increase our costs and make our offerings less competitive, increase general and administrative expenses, and otherwise adversely affect our financial condition and results of operations. Additionally, global public health crises, natural disasters, such as earthquakes and wildfires, and other adverse weather and climate conditions, political crises, such as terrorist attacks, war and other political instability or other unexpected events, could disrupt our operations, internet or mobile networks or the operations of PBMs and their pharmacy networks. For example, our corporate headquarters and other facilities are located in California, which in the past has experienced both severe earthquakes and wildfires. Certain natural events may become more frequent or intense as a result of climate change. For more information, see our risk factor titled "We are subject to a series of risks related to climate change." If any of these events occurs, our business could be adversely affected.