Levi Strauss & Co (LEVI) Risk Analysis

There can be no assurance we will be able to detect, prevent or fix all defects that may affect our products. Inconsistency of legislation and regulations may also affect the costs of compliance with such laws and regulations. Such problems could hurt the image of our brands, which is critical to maintaining and expanding our business. Any negative publicity, product recalls or lawsuits filed against us related to the perceived quality or safety of our products could harm our brand, impact our results of operations and decrease demand for our products.

The majority of our products are made of cotton, where the remaining balance are primarily made of synthetics, cotton/synthetic blends and viscose. The prices we pay our suppliers for our products are dependent in part on the market price for raw materials used to produce them, primarily cotton. The price and availability of cotton may fluctuate substantially, depending on a variety of factors, including demand, acreage devoted to cotton crops and crop yields, climate change, weather, supply conditions, transportation costs, energy prices, work stoppages, government regulation, sanctions and policy, economic climates, market speculation, compliance with our working condition, environmental protection, other standards and other unpredictable factors. For example, compliance with the sanctions and trade orders issued by the United States, Europe and other governments related to raw materials, entities and individuals who are connected to a region of China, as well as retaliatory measures or restrictions of critical materials by certain governments, could affect the sourcing and availability of raw materials, including cotton, used by our suppliers in the manufacturing of certain of our products and the importation of products from China into the United States. Any and all of these factors may be exacerbated by global climate change. Cotton prices have fluctuated significantly in recent months, and we expect they will continue to experience unprecedented variability and uncertainty. We do not currently hedge the price of cotton. In the event of a significant disruption or unavailability in the supply of the fabrics, synthetics or other raw materials used by our vendors in the manufacture of our products, our vendors might not be able to locate alternative suppliers of materials of comparable quality at an acceptable price. In addition, prices of purchased finished products also depend on wage rates and energy costs in the regions where our contract manufacturers are located, as well as freight costs from those regions that are in turn affected by crude oil prices. Increases in raw material costs, wage rates, energy costs and freight costs, unless sufficiently offset by our pricing actions, may cause a decrease in our profitability and negatively impact our sales volume. These factors may also have an adverse impact on our cash and working capital needs as well as those of our suppliers.

The apparel industry is characterized by low barriers to entry for both suppliers and marketers, global sourcing through suppliers located throughout the world, trade liberalization, continuing movement of product sourcing to lower cost countries, regular promotional activity, and the ongoing emergence of new competitors with widely varying strategies and resources. These factors have contributed, and we expect them to continue to contribute in the future, to intense pricing pressure and uncertainty throughout the supply chain. Macroeconomic pressures around the world such as inflation and recession fears are creating a complex and challenging retail environment for us and our customers as consumers reduce discretionary spending. Pricing pressure has been further exacerbated by the variability and availability of raw materials, combined with labor and cost inflation and uncertainty throughout the supply chain. This pressure could have adverse effects on our business and financial condition, including: - reduced gross margins across our product lines and distribution channels;- increased retailer demands for allowances, incentives, and other forms of economic support;- unfavorable consumer reactions to price increases; and - increased pressure on us to reduce our production costs and operating expenses. In addition, we compete with other companies in the apparel industry on the basis of investments in technology and adapting to changes in technology, including the successful use of data analytics, artificial intelligence and machine learning.

Our success depends in large part on the value, overall health and reputation of our brands, which are integral to our business and the implementation of our "Brand Led" strategy for expanding our business. Maintaining, promoting and positioning our brands will depend largely on the success of our marketing, design and merchandising efforts and our ability to provide consistent, high-quality products supported by engaging marketing campaigns. In addition, our success in maintaining, extending and expanding our brand image depends on our ability to adapt to a rapidly changing media environment, including our increasing reliance on social media and digital dissemination of advertising campaigns on our digital platforms and through our digital experiences. Our brands and reputation could be adversely affected if we fail to achieve these objectives, if we fail to deliver high-quality products acceptable to our customers and consumers or if we face or mishandle a product recall. Our brand value also depends on our ability to maintain a positive consumer perception of our brands, corporate integrity and culture. Negative claims or publicity involving us or our products, the production methods, materials or locations of any of our suppliers or contract manufacturers, consumer data or any of our key employees, endorsers or suppliers could seriously damage our reputation, sales and brand image, regardless of whether such claims or publicity are accurate. Social media, which accelerates and potentially amplifies the scope of negative claims or publicity, can increase the challenges of responding to negative claims or publicity. In addition, we, our senior executives and the descendants of the family of our founder, Levi Strauss, may from time to time take positions or actions (including internal programs) or make statements on or charitable donations to social issues, including donations to the Levi Strauss Foundation (which is not one of our consolidated entities), that may be unpopular with some consumers or customers, which may result in adverse publicity or impact our ability to attract or retain such consumers or customers, and which could adversely impact our results in certain locations. Additionally, people or groups who oppose these positions or statements may cause disruptions to our business operations. Adverse publicity, regardless of its accuracy, could undermine consumer confidence in our brands and reduce long-term demand for our products. In addition, actions taken or statements made by recipients of such charitable donations could also seriously harm our brand image with consumers. Any harm to our brands and reputation could adversely affect our business and financial condition. The appeal of our brands may also depend on the success of our ESG initiatives, which require company-wide coordination and alignment. We are working to manage risks and costs to us, our licensees and our supply chain of any effects of climate change as well as diminishing fossil fuel and water resources. Risks related to our ESG initiatives include increased public focus, including by governmental and nongovernmental organizations, on these and other environmental sustainability matters, including packaging and waste, animal welfare and land use. Moreover, because of the increased focus from our stakeholders, including consumers, employees and investors, and more recently regulatory organizations, on corporate ESG practices, including corporate practices related to the causes and impacts of climate change and corporate statements, practices or products related to a variety of social issues, and the rapid evolution of stakeholder expectations and actions with respect to ESG practices and social issues, there is an increased risk of negative public reaction to and public backlash against our initiatives, products or practices related to ESG or other social issues that could have an adverse impact on our image, reputation, business operations and financial results. Risks also include increased pressure and regulatory requirements to expand our disclosures in these areas, make commitments, set targets or establish additional goals and take actions to meet them, which could expose us to legal, market, operational and execution costs or risks. The metrics we disclose, such as emissions and water usage, whether they be based on the standards we set for ourselves or those set by others, may influence our reputation and the value of our brand. In addition, as we work to align with the recommendations and requirements of various ratings and disclosure organizations and new and evolving regulations, we will likely expand our disclosures in these areas and, as a result, we may face increased scrutiny related to our ESG activities. Our failure to achieve progress on our metrics on a timely basis, or at all, could adversely affect our business, financial performance and growth. We could damage our reputation and the value of our brand if we fail to act responsibly in the areas in which we report. Any harm to our reputation resulting from setting these metrics, expanding our disclosure or our failure or perceived failure to meet such metrics or disclosures could adversely affect our business, financial performance and growth.

Changes in U.S. or international social, political, regulatory and economic conditions or in laws and policies governing trade, manufacturing, development and investment in the countries where we currently sell our products or conduct our business, could adversely affect our business, reputation, financial condition and results of operations. For example, we are required to observe certain laws relating to economic sanctions, including those implemented by the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) and other sanctions authorities. These requirements may prohibit or restrict activities relating to certain individuals, entities, countries or territories. Although we have implemented controls to promote compliance with economic sanctions, such requirements are subject to rapid change, and it may be time-consuming and expensive for us to alter our business operations to adapt to or comply with any changes in these or other laws. Should our controls prove to be, or have been, ineffective, we may be subject to regulatory or enforcement action that could adversely affect our reputation, financial condition, or business. Changes or proposed changes in U.S. or other countries' trade policies may result in restrictions and economic disincentives on international trade. Tariffs, economic sanctions and other changes in U.S. trade policy have in the past and could in the future trigger retaliatory actions by affected countries, and certain foreign governments have instituted or are considering imposing retaliatory measures on certain U.S. goods. Further, any emerging protectionist or nationalist trends (whether regulatory- or consumer-driven) either in the United States or in other countries could affect the trade environment. We, like many other multinational corporations, conduct a significant amount of business that would be impacted by changes to the trade policies of the United States and foreign countries (including governmental action related to tariffs, international trade agreements, or economic sanctions). Such changes have the potential to adversely impact the U.S. economy or certain sectors thereof or the economy of another country in which we conduct operations, our industry and the global demand for our products, and as a result, could have a material adverse effect on our business, financial condition and results of operations.

We earn a substantial portion of our income in foreign countries and, as such, we are subject to the tax laws in the United States and numerous foreign jurisdictions. Current economic and political conditions make tax laws and regulations, or their interpretation and application, in any jurisdiction subject to significant change. Recent tax legislation and regulations, including the enactment of a new corporate minimum tax in the U.S. and the U.S. Treasury Department's 2022 foreign tax credit regulations, make significant changes to the U.S. tax regime and could materially impact how our earnings are taxed. In addition, the Organization for Economic Cooperation and Development ("OECD") reached agreement with over 140 countries to implement a minimum 15% tax rate on certain multinational enterprises, commonly referred to as the Pillar Two Inclusive Framework. Many jurisdictions continue to announce changes in their tax laws and regulations based on the Pillar Two Inclusive Framework. While we continue to evaluate the impact of these legislative changes as additional guidance becomes available, uncertainty remains regarding the timing and interpretation by tax authorities in affected jurisdictions. These legislative changes are not expected to have a material impact in fiscal year 2025 but could have an adverse impact on our effective tax rate, tax liabilities, and cash tax in future years. We utilize tax rulings and other agreements to obtain certainty in treatment of certain tax matters. These rulings and agreements expire from time to time and may be extended when certain conditions are met, or terminated if certain conditions are not met. We cannot guarantee that such rulings and agreements will be extended or all conditions will continue to be satisfied. Changes in these rulings and agreements or their termination may result in a loss of certainty in treatment, which may adversely impact our effective tax rate. We are also subject to the examination of our tax returns by the United States Internal Revenue Service ("IRS") and other tax authorities. We regularly assess the likelihood of an adverse outcome resulting from these examinations to determine the adequacy of our provision for income taxes. Although we believe our tax provisions are adequate, the final determination of tax audits and any related disputes could be materially different from our historical income tax provisions and accruals. The results of audits or related disputes could have an adverse effect on our financial statements for the period or periods for which the applicable final determinations are made. For example, we and our subsidiaries are also engaged in a number of intercompany transactions across multiple tax jurisdictions. Although we believe we have clearly reflected the economics of these transactions and the proper local transfer pricing documentation is in place, tax authorities may propose and sustain adjustments that could result in changes that may impact our mix of earnings in countries with differing statutory tax rates.

In addition to our own sensitive and proprietary business information, we handle transactional and personal information, including without limitation credit card information and personal information about our employees, customers, consumers and users of our digital experiences, which include online distribution channels and product engagement. As a result of our data collection and processing activities, we must comply with increasingly complex and rigorous, and sometimes conflicting laws, regulatory standards, industry standards, external and internal privacy and security policies, contracts and other obligations that govern the processing of business and personal data, including personal health information of our employees. For example, the European Union's General Data Protection Regulation (the "EU GDPR"), the United Kingdom's GDPR (the "UK GDPR"), California's Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 impose obligations on companies regarding the handling of personal data and provide certain individual privacy rights to persons whose data is stored or otherwise processed. Furthermore, other comprehensive privacy laws, such as China's Personal Information Protection Law, Canada's Personal Information Protection and Electronic Documents Act and India's new Digital Personal Data Protection Act, as well as other states in the United States have enacted data privacy laws that have come into effect or will come into effect in the coming months and years, which are likely to continue to influence other jurisdictions, U.S. states or even the U.S. Congress to pass comparable legislation. Additionally, laws in certain jurisdictions require data localization and impose restrictions on the transfer of personal information across borders. For example, the EU GDPR and the UK GDPR generally restrict the transfer of personal information, including employee and consumer information, to countries outside of the EEA and the United Kingdom (respectively) without appropriate safeguards or other measures. If we cannot implement a valid compliance mechanism for cross-border privacy and security transfers, we may face increased exposure to legal or regulatory actions, substantial fines and injunctions against processing or transferring personal information from Europe or elsewhere. In addition, privacy advocates and industry groups have proposed, and may propose in the future, standards with which we are legally or contractually bound to comply. For example, we are also subject to the Payment Card Industry Data Security Standard ("PCI DSS"). The PCI DSS requires companies to adopt certain measures to ensure the security of cardholder information, and noncompliance with PCI-DSS can result in penalties ranging from $5,000 to $100,000 per month by credit card companies, litigation, damage to our reputation and revenue losses. Furthermore, we are bound by contractual obligations related to privacy, data protection and data security, and our efforts to comply with such obligations may not be successful or may have other negative consequences. We may publish privacy policies, marketing materials and other statements, such as compliance with certain certifications or self-regulatory principles, regarding data privacy and security. If these policies, materials or statements are found to be deficient, lacking in transparency, deceptive, unfair or misrepresentative of our practices, we may be subject to investigation, enforcement actions by regulators or other adverse consequences. In general, negative publicity we might receive regarding any actual or perceived violations of consumer privacy rights, including fines and enforcement actions against us or other similarly placed businesses, may also impair consumers' trust in our privacy practices and make them reluctant to give their consent to share their data with us. Obligations related to data privacy and security are quickly changing, becoming increasingly stringent and creating regulatory uncertainty. Additionally, these obligations may be subject to differing applications and interpretations, which may be inconsistent or conflict among jurisdictions. Compliance with existing and forthcoming data privacy and security laws and regulations can be costly and time consuming, and may require changes to our information technologies, systems and practices and to those of any third parties that process personal information on our behalf and cause us to divert resources from other initiatives and projects to address these evolving compliance and operational requirements. If we or the third parties on which we rely fail, or are perceived to have failed, to address or comply with obligations related to data privacy and security, we could face significant consequences, including, but not limited to, proceedings against the company by governmental entities (for example, investigations, lawsuits (including class actions), fines, penalties, audits and inspections) or other entities or individuals, additional reporting requirements or oversight bans, damage to our reputation and credibility or inability to process data or operate in certain jurisdictions, any of which could have a negative impact on our business, operations, reputation, revenues and profits.

We may face significant expenses and liability in connection with the protection of our intellectual property rights, including outside the United States, and if we are unable to successfully protect our rights or resolve conflicts relating to infringement of intellectual property rights with others, our business or financial condition may be adversely affected. Our competitive position largely depends upon our trademarks and other intellectual property rights, which we take steps to establish and protect both domestically and internationally. However, we may be unable to adequately protect or enforce our intellectual property rights or determine the extent of any unauthorized use by third parties, particularly in foreign countries where the laws do not protect proprietary rights as fully as in the United States. We periodically discover counterfeit reproductions of our products or products that otherwise infringe our intellectual property rights. Given that we place significant value on our trademarks, trade dress and the overall appearance and image of our products, if we are unsuccessful in enforcing or protecting our intellectual property rights, continued sales of these infringing products could adversely affect our sales and our brand and could result in a shift of consumer preference away from our brand and products. The actions we take to establish and protect our intellectual property rights are expensive, time-consuming and may not be adequate to prevent imitation of our products or other unauthorized uses of our intellectual property by others. We also cannot assure that our rights in, or ownership of, our trademarks or other intellectual property rights would be upheld if challenged. Further, we cannot ensure that licensees will not take any actions that hurt the value of our intellectual property. We also may be unable to prevent others from seeking to block sales of our products as purported violations of their proprietary rights. We may be subject to liability or be prevented from using our trademarks or other intellectual property rights, which could have an adverse effect on our financial conditions and operations, if third parties successfully claim we infringe their intellectual property rights. Defending infringement claims could be expensive and time consuming and might result in our entering into costly license agreements or other settlement agreements. We also may be subject to significant damages or injunctions against development, manufacturing, use, importation or sale of certain products. Although we take various actions to prevent the unauthorized use or disclosure of our confidential information and intellectual property rights, our controls and efforts to prevent unauthorized use or disclosure thereof might not always be effective. For example, confidential information related to business strategy, innovations, new technologies, mergers and acquisitions, unpublished financial results or personal data could be prematurely, inadvertently or improperly used or disclosed, resulting in a loss of reputation, loss of intellectual property rights, a decline in our stock price or a negative impact on our market position, and could lead to damages, fines, penalties or injunctions.

In the ordinary course of our business, we may collect, store, use, transmit, disclose or otherwise process proprietary confidential and sensitive data, including personal information, intellectual property, and trade secrets, and we rely upon third parties (such as service providers) for data processing-related activities. We also rely on third parties for the operation of certain of our e-commerce websites, and do not control these service providers. As a result, we and the third parties upon which we rely face a variety of evolving threats, including but not limited to ransomware attacks, security breaches, cyber-attacks or other malicious activities by hackers, criminal groups, nation-states and nation-state-sponsored organizations and social-activist organizations, computer viruses or other malicious codes, unauthorized access, phishing attacks, or unauthorized uses, any of which may be irreversible and result in operational problems and security incidents. Given the nature of information collected and processed, the retail industry in particular has been the target of many cyber-attacks, and it is possible that an individual or group could defeat our security measures, or those of a third-party service provider. We have been and will continue to be a target of cyber-attacks, including phishing, and other attempts to breach, or gain unauthorized access to, our systems because of the visibility of our brand, making the secure maintenance of proprietary, confidential and sensitive data critical to our business and reputation. In the future, we may see an increase in the number of such attacks as we have shifted to a hybrid working model under which some employees will continue working remotely and accessing our technology infrastructure remotely. Our work to integrate, secure and enhance these systems and related processes in our global operations is ongoing and we will continue to invest in these efforts. We may expend significant resources or modify our business activities to try to protect against security incidents. We cannot provide assurance, however, that the measures we take to secure and enhance these systems will be sufficient to prevent security incidents, cyber-attacks, system failures or data or information loss. Cyber-attacks, malicious internet-based activity and online and offline fraud are prevalent and continue to increase in frequency and magnitude. The techniques used to obtain unauthorized, improper or illegal access to our systems, our data or our customers' data, to disable or degrade service or to sabotage systems, including through the use of artificial intelligence, are constantly evolving, have become increasingly complex and sophisticated, may be difficult to detect quickly and often are not recognized until launched against a target, even if we take all reasonable precautions, including to the extent required by law. In addition to traditional computer "hackers," threat actors, personnel (such as through theft or misuse), sophisticated nation-states and nation-state supported actors and social-activist organizations now engage in attacks. Furthermore, our efforts to address undesirable activity on our platforms may also increase the risk of retaliatory attack. We have and may continue to be subject to a variety of evolving threats, including but not limited to social engineering, such as phishing, malicious code (such as viruses and worms), malware (including as a result of advanced persistent threat intrusions), denial-of-service attacks, credential stuffing, personnel misconduct or error, supply-chain attacks, software bugs, server malfunctions and large-scale, complex automated attacks that can evade detection for long periods of time. Future or past business transactions (such as acquisitions or integrations) could expose us to additional cybersecurity risks and vulnerabilities, as our systems could be negatively affected by vulnerabilities present in acquired or integrated entities' systems and technologies. Ransomware attacks, including those perpetrated by organized criminal threat actors, nation-states and nation-state supported actors and social-activist organizations, are becoming increasingly prevalent and severe and can lead to significant interruptions in our operations, loss of data and income, reputational harm and diversion of funds. In addition, such incidents could result in unauthorized disclosure and misuse of material confidential information, including personal information. Extortion payments may alleviate the negative impact of a ransomware attack, but we may be unwilling or unable to make such payments due to, for example, applicable laws or regulations prohibiting such payments or beliefs that payment may not result in system restoration. In addition to our own systems, we use third-party service providers to store, transmit and otherwise process information on our behalf, and our third-party service providers are subject to similar cybersecurity risks. Due to applicable laws and regulations or contractual obligations, we may be held responsible for any cybersecurity incident attributed to our service providers as they relate to the information we share with them or to which they are granted access. Although we generally contractually require these service providers to implement and maintain a standard of security (such as implementing reasonable measures) as well as incident response commitments, we cannot control third parties and cannot guarantee that a security breach will not occur in their systems or that we will receive timely information should an incident occur. Our software or information technology systems, or that of third parties upon whom we rely to operate our business, may have material vulnerabilities and, despite our efforts to identify and remediate these vulnerabilities, our efforts may not be successful or we may experience delays in developing and deploying remedial measures designed to address any such identified vulnerabilities. Actual or perceived vulnerabilities or unauthorized access of our or our service providers' information technology systems or networks may result in the loss of confidential business and financial data, misappropriation of our consumers', users' or employees' personal information or a disruption of our business. Any of these outcomes could have a material adverse effect on our business, including unwanted media attention, impairment of our consumer and customer relationships, damage to our reputation, and the value of our brands, resulting in lost sales, fines, lawsuits (including class actions), government enforcement actions (for example, investigations, fines, penalties, audits and inspections) or significant legal and remediation expenses. We also may need to expend significant resources to protect against, respond to or redress problems caused by any unauthorized processing.