OPENLANE (KAR) Risk Analysis

We have taken certain steps to reduce the cost of our operations, improve efficiencies, and realign our organization and staffing to better match our market opportunities and digital initiatives. Following the sale of the ADESA U.S. physical auction business, we have continued to restructure our business to reflect the current market and asset-light digital model, reallocate our resources towards the highest growth initiatives, consolidate our platforms, transition to cloud-based solutions and leverage a global shared services model. We expect to continue to implement cost reduction and business alignment initiatives as we seek to realize operating synergies, achieve our target operating model and profitability objectives, and more closely reflect changes in the strategic direction of our business. These changes could be disruptive to our business, and we may experience a loss of accumulated knowledge, loss of continuity and inefficiency, adverse effects on employee morale, loss of key personnel and other retention issues during transitional periods. These initiatives require a significant amount of time and focus, which may divert attention from operating and growing our business. If we fail to achieve some or all of the expected benefits of our cost reduction and business alignment initiatives, it could have an adverse effect on our competitive position and market share, business, financial condition and results of operations.

We rely on information technology systems, some of which are managed by third parties, to process, transmit and store confidential, proprietary and personal information about, or on behalf of, potential, current and former customers, employees and other third parties (referred to as "sensitive data"), and to manage or support a variety of our business processes and activities. The secure operation of these systems, and the maintenance, reliability and availability of these systems, are critical to our business operations and strategy. The technology to operate some of our businesses is provided, in whole or in part, by third-party service providers, and we do not own or control the operation of third-party systems and facilities. Our systems and the third-party systems with which we interact are subject to damage, failure or interruption due to various reasons, including but not limited to power or other critical infrastructure outages, facility damage, physical theft, telecommunications failures, security incidents, cyber-attacks (including the use of malicious codes, viruses, worms, phishing, social engineering, deepfakes, spyware, malware, denial of service attacks, and ransomware), natural disasters and catastrophic events, legacy applications, integration delays, inadequate system hygiene and inadequate or ineffective redundancy measures. We, our customers and our vendors also rely on each other's information technology systems to conduct our respective operations. Any significant disruptions of our information technology systems or those of our customers or vendors could negatively impact our business and customers, damage our reputation and materially adversely affect our financial position and results of operations. We have experienced cyber-attacks and security incidents of varying degrees and believe we will continue to be a potential target of such threats and attacks. This threat has increased corresponding to the increased sophistication and activities of organized crime, nation-state actors, hackers, terrorists and other bad actors. The technology infrastructure and systems of our suppliers, vendors, service providers and partners have also in the past experienced and may in the future experience such threats and attacks. Cyber-attacks or other security incidents compromise sensitive data and could lead to service interruptions, malfunctions or other failures in the technology that supports our businesses and customers, as well as the operations of our customers or other third parties. Cyber-attacks or other security incidents could also damage our reputation and cause us to incur substantial costs, regulatory penalties, financial losses to us, our customers and partners, and loss of customers and business opportunities. If such cyber-related events are not detected in a timely manner, their effect could be compounded. Although we have technology and information security policies and processes and disaster recovery plans in place, these measures may not be adequate to ensure that our sensitive data and operations will not be compromised or disrupted should such an event occur. There can be no assurance that the systems we have designed to prevent or limit the effects of cyber incidents or attacks will be sufficient to prevent or detect material consequences arising from such incidents or attacks, or to avoid a material adverse impact on our systems after such incidents or attacks do occur. The security measures we employ to protect our systems and sensitive data have in the past not detected or prevented, and may in the future not detect or prevent, security breaches, cyber-attacks, employee error, ephemeral messaging and malfeasance, and other similar incidents. The existence and use of acquired and legacy applications and systems increase these risks. Our network and systems are also subject to compromise from the actions or inactions of employees, customers, vendors and other parties who have legitimate access. Even if we successfully protect our own network and systems, our supply chain infrastructure and other third parties may not maintain adequate security measures (including identifying defects or vulnerabilities) to protect against unauthorized access, cyber- attacks or mishandling of data, which could result in a breach of or disruption to our systems and network or create other legal or financial exposure. Our control over and ability to monitor the security practices of our customers, vendors and other third parties with whom we do business remains limited, and there can be no assurance that we can prevent, mitigate, or remediate the risk of any compromise or failure in the cybersecurity infrastructure owned or controlled by such third parties or others within their respective supply chains. If our information technology systems are compromised, become inoperable for extended periods of time or cease to function properly, we may have to make a significant investment to fix or replace the information technology and our ability to provide services and solutions to our customers may be impaired, which would have a material adverse effect on our consolidated operating results and financial position. In addition, as cyber-threats continue to evolve in both intensity and velocity, we may be required to expend significant additional resources to modify or enhance our protective measures or to investigate and remediate any information security vulnerabilities. Further, the rapid evolution and increased adoption of artificial intelligence increases the risk of cyber-attacks and security incidences. Use of artificial intelligence by our employees and vendors, whether authorized or unauthorized, also increases the risk that our intellectual property and other proprietary information will be unintentionally disclosed. Any of the risks described above could result in the loss or misuse of sensitive data, disrupt our business, damage our reputation, expose us to legal liability and materially adversely affect our consolidated financial position and results of operations.

Our business is dependent on information technology, particularly as we continue to execute our digital transformation strategy. Robust information technology systems, platforms and products are critical to our operating environment, digital online products and competitive position. We have made and continue to make investments to improve our information technology infrastructure, including a multi-year technology platform consolidation initiative. This and other technology initiatives that management considers important to our long-term success require capital investment, have significant risks associated with their execution, and could take several years to implement. If we are unable to develop and implement these initiatives in a cost-effective, timely manner or at all, or if we encounter unforeseen problems with our new systems and processes or in migrating away from our existing systems and processes, our operations and our ability to manage our business could be negatively impacted as we may experience disruptions in our business operations, loss of customers, loss of revenue or damage to our reputation. We may not be successful in structuring our technology or developing, acquiring, implementing or consolidating technology systems which are competitive and responsive to the needs of our customers. There can be no assurance that others will not acquire or develop similar or superior technologies sooner than we do or that we will acquire technologies on an exclusive basis or at a significant price advantage. In addition, we may not timely or effectively develop or enhance services or business processes to respond to emerging technological trends, including artificial intelligence, or our competitors may be able to develop or enhance services or business processes sooner or more effectively. Our future success also depends on our ability to respond to evolving industry trends and changes in customer expectations. If new industry trends take hold, the automotive remarketing industry's economics could significantly change, and we may need to incur additional costs or otherwise alter our business model to adapt to these changes. If we do not accurately predict, prepare and respond to new kinds of technology innovations, market developments and changing customer needs, our revenues, profitability and long-term competitiveness could be materially adversely affected.

Our operations are subject to regulation, supervision and licensing under various federal, state, provincial, local and foreign authorities, agencies, statutes and ordinances, which, among other things, require us to obtain and maintain certain licenses, permits and qualifications, provide certain disclosures and notices and limit interest rates, fees and other charges. The regulations and laws that impact our company include, without limitation, the following: - The sale of used vehicles is regulated by various state and local motor vehicle departments and regulators. - Some of the transport vehicles used at our facilities are regulated by the U.S. Department of Transportation or similar regulatory agencies in the other locations in which we operate. - AFC is subject to certain federal, state and provincial laws which regulate commercial and small business lending activities and interest rates and, in certain jurisdictions, require AFC or one of its subsidiaries to be licensed. These laws are complex and are rapidly evolving, including adverse legislative and regulatory trends towards regulating small business lending more comparable to consumer lending. - We are subject to various local zoning requirements with regard to the location of our facilities, which requirements vary from location to location. - We are subject to federal, state and international laws, directives and regulations relating to the collection, use, retention, disclosure, security and transfer of personally identifiable information. These laws, directives, regulations and their interpretation and enforcement continue to evolve and may be inconsistent from jurisdiction to jurisdiction. - We are subject to laws and regulations with respect to emerging technologies being incorporated into our business, including artificial intelligence, machine learning and data analytics. - Certain of the Company's subsidiaries may be deemed subject to the regulations of the Consumer Financial Protection Act of 2010 due to their vendor relationships with financial institutions. - Our vehicle transition and asset recovery business is subject to laws in certain states which regulate activities related to repossession administration and debt collection and, in certain jurisdictions, require a license. - We are subject to various reporting and anti-money laundering regulations. The foregoing description of laws and regulations to which we are or may be subject is not exhaustive, and the regulatory framework governing our operations is subject to evolving interpretations and continuous change. Changes in law or governmental regulations or interpretations of existing law or regulations could result in increased costs, reduced vehicle prices and decreased profitability for us. In addition, failure to comply with present or future laws and regulations or changes in existing laws or regulations or in their interpretation could have a material adverse effect on our operating results and financial condition.

We have in the past been, are currently, and may in the future become, subject to a variety of legal actions relating to our current and past business operations, including but not limited to litigation claims and legal proceedings related to environmental, intellectual property, labor and employment, privacy, regulatory compliance, securities, tax, and tort laws. Such claims may be asserted against us by individuals, either individually or through class actions, by governmental entities in civil or criminal investigations and proceedings or by other entities. These actions could expose us to adverse publicity and to substantial monetary damages and legal defense costs, injunctive relief and criminal and civil fines and penalties, including but not limited to suspension or revocation of licenses to conduct business. There is no guarantee that we will be successful in defending ourselves in legal and administrative actions or in asserting our rights under various laws. In addition, we could incur substantial costs in defending ourselves or in asserting our rights in such actions. Any claims against us, whether meritorious or not, could be time consuming, costly, and harmful to our reputation, and could require significant amounts of management time and corporate resources. If any of these legal proceedings were to be determined adversely to us, or we were to enter into a settlement arrangement, we could be exposed to monetary damages or be forced to change the way in which we operate our business, which could have an adverse effect on our business, financial condition, and operating results.

As a multinational corporation, we are subject to income taxes, as well as non-income-based taxes, in both the U.S. (federal, state and local) and a number of other foreign jurisdictions. We may recognize additional tax expenses and be subject to additional tax liabilities due to changes in laws, regulations, administrative practices, principles, and interpretations related to tax, including changes to the global tax framework, competition and other laws and accounting rules in various jurisdictions. Such changes could come about as a result of economic, political and other conditions. An increasing number of jurisdictions are considering or have adopted laws or administrative practices that impose new tax measures, including revenue-based taxes, targeting certain digital services. For example, non-U.S. jurisdictions have proposed or enacted taxes on certain online marketplace services revenues. Proliferation of these or similar unilateral tax measures may continue unless broader international tax reform is implemented. Our results of operations and cash flows could be adversely impacted by additional taxes imposed on us prospectively or retroactively.

Our success depends in large part on the talents and efforts of our executives and other key employees, including those with digital capabilities. Our future success will depend upon our ability to continue to identify, hire, develop, motivate and retain talented personnel. If we lose the services of one or more of our key personnel, or if one or more key personnel joins a competitor or otherwise competes with us, we may not be able to effectively implement our business strategies or maintain customer relationships, and our business could be materially adversely affected. In addition, our failure to put in place adequate succession plans for key roles or the failure of key personnel to successfully transition into new roles could have an adverse effect on our business and operating results. The unexpected or abrupt departure of one or more of our key personnel and the failure to effectively transfer knowledge and effect smooth key personnel transitions may have an adverse effect on our business. Further, leadership changes have occurred and will continue to occur from time to time and we cannot predict whether significant resignations will occur or whether we will effectively manage leadership transitions. We may face risks related to these and other transitions in our leadership team. If we cannot effectively manage leadership transitions and management changes in the future, our reputation and future business prospects could be adversely affected.

We face significant competition for the supply of used vehicles, the buyers of those vehicles and the floorplan financing of these vehicles. Our principal sources of competition historically have come from: (i) direct competitors (e.g., Manheim, ADESA U.S. (Carvana), America's Auto Auction, ACV Auctions, EBlock and NextGear Capital), (ii) new entrants, including new vehicle remarketing venues and dealer financing services, and (iii) other participants in the automotive industry with vehicle remarketing or financing capabilities (e.g., rental car companies, automobile retailers and wholesalers). We also face increasing competition from online wholesale and retail marketplaces (generally without any meaningful physical presence) and from our own customers when they sell directly to end users through such platforms rather than remarket vehicles through our marketplaces. Increased competition could result in price reductions, reduced margins or loss of market share. Our marketplace businesses currently compete with a number of physical auction companies and online wholesale and retail vehicle selling platforms. The dealer-to-dealer space in particular is experiencing a digital disruption as competitors and new market participants introduce new technologies. If the number of vehicles sold through our marketplaces decreases due to these competitors or other industry changes, or if we are unable to compete and gain market share in the dealer-to-dealer space, our revenue and profitability may be negatively impacted. In addition, our long-lived assets could also become subject to impairment. At the national level, AFC's competition includes NextGear Capital, a subsidiary of Cox Enterprises, Inc., other specialty lenders, banks and financial institutions. At the local level, AFC faces competition from banks, credit unions and independent auctions who may offer floorplan financing to local auction customers. Some of our industry competitors who operate wholesale car auctions on a national scale may endeavor to capture a larger portion of the floorplan financing market. AFC offers its customers competitive rates and fees and competes primarily on the basis of quality of service, convenience of payment, scope of services offered to solve customer pain points and historical and consistent commitment to the sector. In addition, AFC offers a workforce in close proximity to its customers. If the number of loans originated and serviced decreases due to these competitors, our revenue and profitability may be negatively impacted. Some of our competitors may have greater financial and marketing resources than we do, may be able to respond more quickly to evolving industry dynamics and changes in customer requirements, or may be able to devote greater resources to the development, promotion and sale of new or emerging services and technologies. If we are unable to compete successfully or to successfully adapt to industry changes, our business, revenues and profitability could be materially adversely affected. In addition, if one or more of our competitors were to merge or partner with another of our competitors, the change in the competitive landscape could adversely affect our ability to compete effectively. Our competitors may also establish or strengthen cooperative relationships with our current or future data providers, technology partners, or other parties with whom we have relationships, thereby limiting our ability to develop, improve, and promote our solutions. We may not be able to compete successfully against current or future competitors, and competitive pressures may harm our revenue, business, and financial results. Our future success also depends on our ability to respond to evolving industry trends. If new industry trends take hold, including adverse trends such as a market reversal towards physical auctions or the simultaneous listing and selling of vehicles on multiple online sales platforms in North America, the automotive remarketing industry's economics could significantly change, which could cause us to lose vehicle volume and market share, and our business, revenues and profitability could be negatively impacted.

Loss of business from, or changes in the consignment patterns of, our key customers could have a material adverse effect on our business and operating results. Generally, commercial and dealer customers do not make binding long-term commitments to us regarding consignment volumes. Many of our customer agreements can be terminated by the customer for convenience on advance written notice, which provides our customers with the opportunity to renegotiate their agreements with us or to award more business to our competitors. Any such customer could reduce its overall supply of vehicles for our marketplaces, seek protection under the bankruptcy laws, or otherwise seek to materially change the terms of its business relationship with us at any time. Dealership and other customer consolidations may further intensify these risks. There is no guarantee that we will be able to retain or renew existing agreements, maintain relationships with any of our customers or business partners on acceptable terms or at all, or collect amounts owed to us from customers or business partners. Any such change could harm our business and operating results. While no single customer accounted for 10% or more of our consolidated revenues in 2024, the loss of, or material reduction in business from, our key customers could have a material adverse effect on our business and operating results.