Moody's (MCO) Risk Factors

Moody's conducts operations in various countries outside the U.S. and derives a significant portion of its revenue from foreign sources. Changes in the economic condition of the various foreign economies in which the Company operates have an impact on the Company's business. For example, economic uncertainty in the Eurozone or elsewhere, including, but not limited to, in Latin America, China or the Middle East, affects the number of securities offerings undertaken within those particular areas. In addition to the risks addressed elsewhere in this section, operations abroad expose Moody's to a number of legal, economic and regulatory risks such as: –economic and geopolitical events and market conditions, such as the Russia-Ukraine military conflict and the military conflict in Israel and surrounding areas, including the effect of these events and conditions on customers, customer retention and demands for our products and services;–exposure to exchange rate movements between foreign currencies and USD;–restrictions on the ability to convert local currency into USD and the costs, including the tax impact, of repatriating cash held by entities outside the U.S.;–U.S. laws affecting overseas operations, including domestic and foreign export and import restrictions, tariffs and other trade barriers and restrictions, such as those related to the U.S.'s relationship with China and embargoes and sanctions laws with respect to Russia, including the Russia-Ukraine military conflict;–differing and potentially conflicting legal or civil liability, compliance and regulatory standards;–current and future regulations relating to the imposition of mandatory rotation requirements on CRAs hired by issuers of securities;–uncertain, evolving and new laws and regulations, including those applicable to the financial services industries, such as the European Union's upcoming implementation of DORA in January 2025, and to the protection of intellectual property and to the emergence of LLMs in the context of Gen AI and other technologies, such as the EU AI Act, including the effect of these laws and regulations on our customers and on the products and services that we offer;–uncertainty regarding the future relationship and increasing tensions between the U.S. and China, which may result in further restrictions or actions by the U.S. government with respect to doing business in China and/or by the Chinese government with respect to business conducted by foreign entities in China;–the possibility of nationalization, expropriation, price controls and other restrictive governmental actions;–competition with CRAs that have greater familiarity, longer operating histories and/or support from local governments or other institutions;–uncertainties in obtaining data and creating products and services relevant to particular geographic markets;–reduced protection for intellectual property rights;–longer payment cycles and possible problems in collecting receivables;–differing accounting principles and standards;–difficulties in staffing and managing foreign operations;–difficulties and delays in translating documentation into foreign languages;–potentially adverse tax consequences; and –complexities of compliance with employment laws, various proposed and enacted data privacy laws, and cybersecurity rules in numerous jurisdictions. Additionally, Moody's is subject to complex U.S., foreign and other local laws and regulations that are applicable to its operations abroad, such as laws and regulations governing economic and trade sanctions, tariffs, embargoes, and anticorruption including the Foreign Corrupt Practices Act of 1977, the U.K. Bribery Act of 2010 and other similar local laws. The internal controls, policies and procedures and employee training and compliance programs to deter prohibited practices the Company has implemented may not be effective in preventing employees, contractors or agents from violating or circumventing such internal policies or from material violations of applicable laws and regulations. Any determination or allegations, even if unfounded, that the Company has violated sanctions, anti-bribery or anti-corruption laws could have a material adverse effect on Moody's business, operating results and financial condition. Compliance with international and U.S. laws and regulations that apply to the Company's international operations increases the cost of doing business in foreign jurisdictions. Violations of such laws and regulations may result in severe fines and penalties, criminal sanctions, administrative remedies and restrictions on business conduct and could have a material adverse effect on Moody's reputation, its ability to attract and retain employees, its business, operating results and financial condition.

Moody's business is impacted by general economic conditions and volatility in world financial markets. Furthermore, issuers of debt securities have increasingly elected to issue securities without ratings or securities which are rated or evaluated by non-traditional parties such as financial advisors, rather than traditional CRAs, such as MIS. Companies are also increasingly accessing alternative sources of financing, such as loans and debt financing from non-bank lenders that do not involve a CRA-issued credit rating. A majority of Moody's credit-rating-based revenue is transaction-based, and therefore it is especially dependent on the number and dollar volume of debt securities issued in the capital markets. Conditions that reduce issuers' ability or willingness to issue debt securities, such as market volatility, declining growth, currency devaluations, changes in laws (including tax-related laws) or other adverse economic trends, reduce the number and dollar-equivalent volume of debt issuances for which MIS provides ratings services and thereby adversely affect the fees Moody's earns in its ratings business. Current market, economic and government factors are negatively impacting the volume of debt securities issued in global capital markets and the demand for credit ratings, which is materially and adversely affecting the Company's business, operating results and financial condition. These factors include increases in or uncertainty around interest rates (as well as related monetary policy by governments in the response to factors such as inflation), the withdrawal of COVID-19 economic stimulus, inflationary pressures, increases or volatility in mortgage rates, widening credit spreads, regulatory and political developments (including uncertainty in various jurisdictions where Moody's operates), difficult economic conditions, growth in the use of alternative sources of credit, and defaults by significant issuers. Further declines or other changes in the markets for debt securities may materially and adversely affect the Company's business, operating results, financial condition, cash flows and prospects. Moody's initiatives to reduce costs to counteract a decline in its business, including the 2022 - 2023 Geolocation Restructuring Program, may not be sufficient. Cost reductions, including those associated with this program, may be difficult or impossible to obtain in the short term, due in part to rent, technology, compliance, compensation and other fixed costs associated with some of the Company's operations as well as the need to monitor outstanding ratings. Further, cost-reduction initiatives, including those under-taken to date, could make it difficult for the Company to rapidly expand operations in order to accommodate any unexpected increase in the demand for ratings. Further volatility in the financial markets, including continued decreases in the volumes of debt securities and increases in interest rates, may have a material adverse effect on the business, operating results and financial condition, which the Company may not be able to successfully offset with cost reductions.

Moody's considers many aspects of its products and services to be proprietary. Failure to protect the Company's intellectual property adequately could harm its reputation and affect the Company's ability to compete effectively. Businesses the Company acquires also involve intellectual property portfolios, which increase the challenges the Company faces in protecting its strategic advantage. In addition, the Company's operating results can be adversely affected by inadequate or changing legal and technological protections for intellectual property and proprietary rights in some jurisdictions and markets, including if and how rights in these markets evolve to address advances in LLMs and Gen AI. The lack of strong legal and technological intellectual property protections in foreign jurisdictions in which we operate may increase our vulnerability and may pose risks to our business. From time to time, laws are passed that require publication of certain information, in some cases at no cost, that the Company considers to be its intellectual property and that it currently sells or licenses for a fee, which could result in lost revenue. Unauthorized third parties may also try to obtain and use technology or other information that the Company regards as proprietary. It is also possible that Moody's competitors or other entities could obtain patents related to the types of products and services that Moody's offers, and attempt to require Moody's to stop developing or marketing the products or services, to modify or redesign the products or services to avoid infringing, or to obtain licenses from the holders of the patents in order to continue developing and marketing the products and services. Even if Moody's attempts to assert or protect its intellectual property rights through litigation, it may require considerable cost, time and resources to do so, and there is no guarantee that the Company will be successful. The Company's ability to establish, maintain and protect its intellectual property and proprietary rights against theft, misappropriation or infringement could be materially and adversely affected by insufficient and/or changing proprietary rights and intellectual property legal protections in some jurisdictions and markets. These risks, and the cost, time and resources needed to address them, may increase as the Company's business grows and its profile rises in countries with intellectual property regimes that are less protective than the rules and regulations applied in the United States.

In addition to the extensive and evolving U.S. laws and regulations governing the credit rating industry, foreign jurisdictions have taken measures to regulate CRAs and the markets for credit ratings. In particular, the EU has adopted a common regulatory framework for CRAs operating in the EU and continues to monitor the credit rating industry and analyze approaches that may strengthen existing regulation. Credit ratings emanating from outside the EU are subject to ESMA's oversight if they are endorsed into the EU, and ratings endorsed into the U.K. are similarly subject to oversight of the FCA. Additionally, other foreign jurisdictions have taken measures to increase regulation of CRAs and markets for credit ratings. See "Regulation" in Part 1, Item 1 of this annual report on Form 10-K for more information. The EU and other jurisdictions, as discussed further below, adopt legislation and engage in rulemaking on an ongoing basis that significantly impacts operations and the markets for the Company's products and services. Future laws and regulations could extend to products and services not currently regulated. These regulations could: –affect the need for debt securities to be rated;–expand supervisory remits to include credit ratings issued outside the home jurisdiction and used for regulatory purposes;–increase the level of competition in the market for credit ratings, including the distribution of credit ratings;–establish criteria for credit ratings or limit the entities authorized to provide credit ratings;–restrict the collection, use, accuracy, correction and sharing of personal information by CRAs; or –regulate pricing (for example to require fees that are based on costs and are non-discriminatory) on products and services provided by MA such as those products that incorporate credit ratings and research originated by MIS. Future regulations could also affect products and services the Company offers that incorporate or are based on artificial intelligence technologies. As part of the legislative package on sustainable finance, in June 2023, the European Commission published a proposal on the transparency and integrity of ESG rating activities. The Council of the European Union, in December 2023, agreed its position on the draft regulation, which would subject ESG rating and/or score providers to formal regulation and supervision by ESMA. The draft regulation is now set for negotiations between the European Council and Parliament and is expected to be adopted in 2024. Following the Brexit implementation period that ended December 31, 2020, the MIS U.K. registered CRA ceased to be registered with and regulated by ESMA and became subject to regulation by the U.K. Financial Conduct Authority ("FCA"). MIS put arrangements in place to endorse its U.K. credit ratings into the EU and its EU credit ratings into the U.K. On December 31, 2020, the U.K. also onshored the EU CRA Regulation, with certain necessary modifications, into U.K. domestic law (the "U.K. CRA Regulation"). The U.K. CRA Regulation contains requirements for the registration, regulation and supervision of CRAs based in the U.K. It also sets out the circumstances in which U.K. financial institutions can use credit ratings for regulatory purposes, as well as specific obligations for issuers, originators and sponsors relating to structured finance instruments. It is unclear if the regulation of CRAs in the EU and the U.K. will differ over time, and divergent regulation between the EU and the U.K. over time or differing interpretations by the FCA and ESMA of CRA regulation could adversely affect MIS's business through additional operating obligations and resulting increased cost. In February 2022, the FCA published a portfolio letter on its CRA supervision strategy. Among other things, the FCA explained that it takes a holistic approach to supervising CRAs. This means that if a CRA or the group to which it belongs also carries on unregulated activities (for example, ESG ratings), the FCA may assess these unregulated activities as part of its supervision of regulated activities. CRAs need to be able to demonstrate that they have considered, and are actively managing, potential risks from any unregulated activities. The FCA also identified its supervisory priorities for CRAs, which consist of: ratings process and methodologies; governance and oversight; market and perimeter risks; and operational resilience and resourcing. In March 2023, the FCA initiated a review of competition in the markets for certain types of wholesale market data. Credit rating data is included as one element of the FCA's review. In August 2023, the FCA published an update, determining that its findings did not require a referral to the U.K. Competition & Markets Authority. However, the FCA also stated that it would continue its analysis and announce any potential remedies in its final report due on or before March 1, 2024. Additionally, HM Treasury published a consultation in March 2023 proposing to make firms providing ESG ratings and/or scores to U.K. users (both from the U.K. and abroad) subject to FCA supervision. The proposals mirror the IOSCO recommendations on ESG ratings and data products providers. It is unclear if and when the U.K. Government might seek to move forward legislation to enable the FCA to supervise such firms. The U.K. is also currently developing a voluntary industry-led Code of Conduct for ESG ratings and data providers. The precise scope and impact of the regulatory developments related to ESG in Europe remain unclear; however, the Company continues to assess the potential impact on both MA and MIS. Both of Moody's segments face risks related to financial reforms outside the U.S. affecting the credit rating industry, Moody's businesses, and Moody's customers. For example: –MIS is a registered entity and is therefore subject to formal regulation and periodic or other inspections in the EU and other foreign jurisdictions, such as, but not limited to, Hong Kong and China, where it operates through registered subsidiaries. –In the EU and the U.K., applicable rules include procedural requirements with respect to credit ratings of sovereign issuers, liability for intentional or grossly negligent failure to abide by applicable regulations, mandatory rotation requirements of CRAs hired by issuers of securities for credit ratings of resecuritizations, and restrictions on CRAs or their shareholders if certain ownership thresholds are crossed. Additional procedural and substantive requirements include conditions for the issuance of credit ratings, rules regarding the organization of CRAs, restrictions on activities deemed to create a conflict of interest, including requirements that fees be based on costs and non-discriminatory, and special requirements for credit ratings of structured finance instruments. –In Hong Kong, applicable rules include liability for the intentional or negligent dissemination of false and misleading information and procedural requirements for the notification of certain matters to regulators. In addition, MIS Hong Kong is subject to a code of conduct applicable to CRAs that imposes procedural and substantive requirements on the preparation and issuance of credit ratings, restrictions on activities deemed to create a conflict of interest including the disclosure of its compensation arrangements with rated entities and special requirements for credit ratings of structured finance instruments. A failure to comply with these procedural and substantive requirements also exposes MIS Hong Kong to the risk of regulatory enforcement action which could result in financial penalties or, in serious cases, affect its ability to conduct credit rating activities in Hong Kong. –In China, while MIS is not a licensed CRA, it does issue global credit ratings on Chinese issuers from offices outside of China. In addition, the Company holds a 30% investment in CCXI, a domestic CRA licensed in China. China has laws applicable to domestic CRAs as well as foreign investment in such entities and entities in general (including national security review). MA is licensed in China to provide subscriptions to credit research and ratings data and other information relevant to the financial markets. Such laws are broadly crafted and the implementation, interpretation and enforcement of such laws are subject to the broad discretion of Chinese regulators, which could affect the Company's ability to conduct business in China. –In addition, U.S. economic sanctions have increasingly targeted Chinese persons. In response, China issued a blocking statute that establishes a framework for limiting the effect of foreign sanctions on Chinese persons. Blocking statutes typically create conflicts of law. An entity that is subject to conflicting laws in multiple jurisdictions may need to determine a means to comply with such laws. Such conflicts could eventually affect the ability of entities to adhere to applicable laws. With respect to MA, regulators in Europe and other foreign markets in which MA is active have issued guidance similar to that issued in the U.S. relating to financial institutions' assessment and management of risks associated with third-party relationships. In light of this, MA's existing or potential bank and financial services customers subject to this guidance have sought and may further revise their third-party risk management policies and processes and the terms on which they do business with MA. This can result in delayed or reduced sales to such customers, adversely affect MA's relationship with such customers, increase the costs of doing business with such customers and/or result in MA assuming greater financial and legal risk under its agreements with such customers. Although Moody's will monitor developments related to financial reforms outside the U.S. affecting the credit rating industry and Moody's customers, Moody's cannot predict the extent of such future laws and regulations, and the effect that they will have on Moody's business or the potential for increased exposure to liability could be significant. For example, compliance with the EU, U.K. and other foreign regulations may increase costs of operations and could have a significant negative effect on Moody's operations, profitability or ability to compete, or the markets for its products and services, including in ways that Moody's presently is unable to predict. In addition, exposure to increased liability under the EU, U.K. regulations and regulations of other foreign jurisdictions may further increase costs and legal risks associated with the issuance of credit ratings and materially and adversely impact Moody's results of operations. Financial reforms in the EU, U.K. and other foreign jurisdictions may have a material adverse effect on Moody's business, operating results and financial condition.

Moody's regularly evaluates and enters into acquisitions, dispositions or other strategic transactions and investments to strengthen its business and grow the Company. Such transactions and investments present significant challenges and risks. The Company faces intense competition for acquisition targets, especially in light of industry consolidation, which may affect Moody's ability to complete such transactions on favorable terms or at all. Additionally, the Company makes significant investments in technology, including software for internal use, which can be expensive, time-intensive and complex to develop and implement. The anticipated growth, synergies and other strategic objectives of completed transactions may not be fully realized, and a variety of factors may adversely affect any anticipated benefits from such transactions. Any strategic transaction involves a number of risks, including unanticipated challenges regarding integration of operations, technologies and new employees; the existence of liabilities or contingencies not disclosed to or otherwise known by the Company prior to closing a transaction; unexpected regulatory and operating difficulties and expenditures; scrutiny from competition and antitrust authorities; failure to retain key personnel of the acquired business; future developments that impair the value of purchased goodwill or intangible assets; diversion of management's focus from other business operations; failure to implement or remediate controls, procedures and policies appropriate for a larger public company at acquired companies that prior to the acquisition lacked such controls, procedures and policies; disputes or litigation arising out of acquisitions or dispositions; challenges retaining the customers of the acquired business; coordination of product, sales, marketing and program and systems management functions; integration of employees from the acquired business into Moody's organization; integration of the acquired business's accounting, information technology, human resources, legal and other administrative systems with Moody's; risks that acquired systems expose us to cybersecurity risks; and for foreign transactions, additional risks related to the integration of operations across different cultures and languages, and the economic, political and regulatory risks associated with specific countries. The anticipated benefits from an acquisition or other strategic transaction or investment may not be realized fully, or may take longer to realize than expected. As a result, the failure of acquisitions, dispositions and other strategic transactions and investments to perform as expected may have a material adverse effect on Moody's business, operating results and financial condition. At December 31, 2023, Moody's had $5,956 million of goodwill and $2,049 million of intangible assets on its balance sheet. Approximately 95% of the goodwill and intangible assets reside in the MA business and are allocated to the two reporting units within MA. The remaining 5% of goodwill and intangible assets reside in MIS and primarily relate to ICRA. Failure to achieve business objectives and financial projections in any of these reporting units could result in a significant asset impairment charge, which would result in a non-cash charge to operating expenses. Goodwill and intangible assets are tested for impairment on an annual basis and also when events or changes in circumstances indicate that impairment may have occurred. Determining whether an impairment of goodwill exists can be especially difficult in periods of market or economic uncertainty and turmoil, and requires significant management estimates and judgment. In addition, the potential for goodwill impairment is increased during periods of economic uncertainty. An asset impairment charge could have a material adverse effect on Moody's business, operating results and financial condition.

Moody's success depends upon its ability to recruit, retain and motivate highly skilled, experienced professionals, including financial analysts, data scientists and software engineers. Competition for skilled individuals in the financial services and technology industries is intense, and Moody's ability to attract high quality employees could be impaired if it is unable to offer competitive compensation and other incentives or if the regulatory environment mandates restrictions on or disclosures about individual employees that would not be necessary in competing industries. Rising expenses including wage inflation, and global labor shortages could adversely affect Moody's ability to attract and retain high-quality employees. As greater focus has been placed on executive compensation at public companies, in the future, Moody's may be required to alter its compensation practices in ways that adversely affect its ability to attract and retain talented employees. Investment banks, investors and competitors may seek to attract analyst talent by providing more favorable working conditions or offering significantly more attractive compensation packages than Moody's. Moody's also may not be able to identify and hire the appropriate qualified employees in some markets outside the U.S. with the required experience or skills to perform sophisticated credit analysis. We could also fail to effectively respond to evolving perceptions and goals of those in our workforce or whom we might seek to hire, including with respect to flexible working or other matters. Also, the emergence and adoption of LLM and Gen AI technologies will require upskilling and additional training of Moody's employees, making retention and training increasingly important. There is a risk that even when the Company invests significant resources in attempting to attract, train and retain qualified personnel, it will not succeed in its efforts, and its business could be harmed. Further, employee expectations in areas such as ESG have been rapidly evolving and increasing. A failure to adequately meet employee expectations may result in an inability to attract and retain talented employees. Moody's is highly dependent on the continued services of Robert Fauber, the Company's President and Chief Executive Officer, and other senior officers and key employees. The loss of the services of skilled personnel for any reason and Moody's inability to replace them with suitable candidates quickly or at all, as well as any negative market perception resulting from such loss, could have a material adverse effect on Moody's business, operating results and financial condition.

Moody's relies on Third-Party Technology in connection with its product development and offerings and operations. The Company depends on the ability of Third-Party Technology providers to deliver and support reliable products, enhance their current products, develop new products on a timely and cost-effective basis, provide data necessary to develop and maintain its products and respond to emerging industry standards and other technological changes. The Third-Party Technology Moody's uses can become obsolete or restrictive, incompatible with future versions of the Company's products, fail to be comprehensive or accurate, unavailable or fail to operate effectively, and Moody's business could be adversely affected when the Company is unable to timely or effectively replace such Third-Party Technology. In addition, certain aspects of the Company's business rely on a concentrated group of vendors, and a cybersecurity breach or event at one or more of such vendors could have a significant impact on the Company's operations. The Company also monitors its use of Third-Party Technology to comply with applicable license and other contractual requirements. Despite the Company's efforts, the Company cannot ensure that such third parties will permit Moody's use in the future, resulting in increased Third-Party Technology acquisition costs and loss of rights. In addition, the Company's operating costs could increase if license or other usage fees for Third-Party Technology increase or the efforts to incorporate enhancements to Third-Party Technology are substantial. Some of these third-party suppliers are also Moody's competitors, increasing the risks noted above. In the ordinary course, third-parties, including the Company's vendors, are subject to various forms of cyber-attacks. Additionally, the Company may be exposed to additional threats as the Company migrates its data from legacy systems to cloud-based solutions, and becomes increasingly dependent on third parties to store cloud-based data subjects. To date, such attacks have not resulted in a material adverse impact to Moody's business operations, but there can be no guarantee the Company will not experience such an impact in the future. If any of these risks materialize, they could have a material adverse effect on the Company's business, financial condition or results of operations.