Mineralys Therapeutics, Inc. (MLYS) Risk Factors

The development of biopharmaceutical product candidates is capital-intensive. We expect our expenses to substantially increase in connection with our ongoing activities, particularly as we conduct our ongoing and planned clinical trials for lorundrostat and potentially seek regulatory approval for lorundrostat and any future product candidates we may develop. In addition, if we are able to progress lorundrostat through development and commercialization, we will be required to make commercial milestone and royalty payments to Mitsubishi Tanabe from whom we have in-licensed intellectual property related to lorundrostat. If we obtain regulatory approval for lorundrostat or any future product candidates, we also expect to incur significant commercialization expenses related to product manufacturing, marketing, sales, and distribution. Because the outcome of any clinical trial or preclinical study is highly uncertain, we cannot reliably estimate the actual amount of financing necessary to successfully complete the development and commercialization of lorundrostat or any future product candidates. Furthermore, we expect to incur additional costs associated with operating as a public company. Accordingly, we will need to obtain substantial additional funding in connection with our continuing operations. If we are unable to raise capital when needed or on attractive terms, we could be forced to delay, reduce, or eliminate our research and development programs or any future commercialization efforts. Based on our current operating plan, we believe that our existing cash, cash equivalents, and investments will enable us to fund our operations for at least the next 12 months. We have based these estimates on assumptions that may prove to be wrong, and we could use our capital resources sooner than we currently expect. Our operating plans and other demands on our cash resources may change as a result of many factors currently unknown to us, and we may need to seek additional funds sooner than planned. Our existing capital may not be sufficient to complete development of lorundrostat, or any future product candidate, and we will require substantial capital in order to advance lorundrostat and any future product candidates through clinical trials, regulatory approval, and commercialization. Accordingly, we will need to obtain substantial additional funding in connection with our continuing operations. Our ability to raise additional funds may be adversely impacted by potential worsening global economic conditions and the disruptions to, and volatility in, the credit and financial markets in the United States and worldwide resulting from factors that include but are not limited to, inflation, geopolitical conflict in and around Ukraine, Israel, and other areas of the world, diminished liquidity and credit availability, declines in consumer confidence, declines in economic growth, increases in unemployment rates, and uncertainty about economic stability. If the equity and credit markets deteriorate, it may make any necessary debt or equity financing more difficult, more costly, and more dilutive. If we are unable to raise capital when needed or on attractive terms, we could be forced to delay, reduce, or eliminate our research and development programs or any future commercialization efforts, or even cease operations. We expect to finance our cash needs through public or private equity or debt financings or other capital sources, including potential collaborations, licenses, and other similar arrangements. In addition, we may seek additional capital due to favorable market conditions or strategic considerations even if we believe we have sufficient funds for our current or future operating plans. Attempting to secure additional financing may divert our management from our day-to-day activities, which may adversely affect our ability to develop lorundrostat and any future product candidates. Our future capital requirements will depend on many factors, including, but not limited to: - the initiation, type, number, scope, progress, expansions, results, costs, and timing of clinical trials and preclinical studies of lorundrostat and any future product candidates we may choose to pursue, including any modifications to clinical development plans based on feedback that we may receive from regulatory authorities;- the costs and timing of manufacturing for lorundrostat, or any future product candidate, including commercial manufacture at sufficient scale, if any product candidate is approved, including as a result of inflation, any supply chain issues, or component shortages;- requirements of regulatory authorities in any additional jurisdictions in which we may seek approval for lorundrostat and any future product candidates and our anticipated timing for seeking approval in such jurisdictions;- the costs, timing, and outcome of regulatory meetings and reviews of lorundrostat or any future product candidates;- any delays and cost increases that may result from supply chain issues affected by any pandemics or geopolitical conflicts;- the costs of obtaining, maintaining, enforcing, and protecting our patents and other intellectual property and proprietary rights;- our efforts to enhance operational systems and hire additional personnel to satisfy our obligations as a public company, including enhanced internal control over financial reporting;- the costs associated with hiring additional personnel and consultants as our business grows, including additional executive officers and clinical development, regulatory, CMC quality, and commercial personnel;- the timing and amount of the milestone, royalty, or other payments we must make to Mitsubishi Tanabe, from whom we have in-licensed lorundrostat, or any future licensors;- the costs and timing of establishing or securing sales and marketing capabilities if lorundrostat or any future product candidate is approved;- our ability to achieve sufficient market acceptance, coverage, and adequate reimbursement from third-party payors and adequate market share and revenue for any approved products;- our ability and strategic decision to develop future product candidates other than lorundrostat, and the timing of such development, if any;- patients' willingness to pay out-of-pocket for any approved products in the absence of coverage and/or adequate reimbursement from third-party payors;- the terms and timing of establishing and maintaining collaborations, licenses, and other similar arrangements; and - costs associated with any products or technologies that we may in-license or acquire. Conducting clinical trials and preclinical studies and potentially identifying future product candidates is a time-consuming, expensive, and uncertain process that takes years to complete, and we may never generate the necessary data or results required to obtain regulatory approval and commercialize lorundrostat or any future product candidates. If approved, lorundrostat and any future product candidates may not achieve commercial success. Our commercial revenue, if any, will initially be derived from sales of lorundrostat, which we do not expect to be commercially available for many years, if at all. Accordingly, we will need to continue to rely on additional financing to achieve our business objectives. Adequate additional financing may not be available to us on acceptable terms, or at all.

We and our service providers maintain and will maintain a large quantity of sensitive information, including confidential business and patient health information, in connection with our preclinical studies and clinical trials, and are subject to laws and regulations governing the privacy and security of such information. The global data protection landscape is rapidly evolving, and we and our service providers may be affected by or subject to new, amended, or existing laws and regulations in the future, including as our operations continue to expand or if we operate in foreign jurisdictions. These laws and regulations may be subject to differing interpretations, which adds to the complexity of processing personal data. Guidance on implementation and compliance practices is often updated or otherwise revised. This may create uncertainty in our business, affect our ability to operate in certain jurisdictions or to collect, store, transfer, use, share, and otherwise process personal information, necessitate the acceptance of more onerous obligations in our contracts, result in liability, or impose additional costs on us. The cost of compliance with these laws, regulations, and standards is high and is likely to increase in the future. Any failure or perceived failure by us to comply with federal, state, or foreign laws or regulation, our internal policies and procedures, or our contracts governing our processing of personal information could result in negative publicity, government investigations and enforcement actions, claims by third parties, and damage to our reputation, any of which could have a material adverse effect on our business, financial condition, results of operations, and prospects. As our operations and business grow, we may become subject to or affected by new or additional data protection laws and regulations and face increased scrutiny or attention from regulatory authorities. In the United States, numerous federal and state laws and regulations, including health information privacy laws, data breach notification laws, and consumer protection laws (e.g., Section 5 of the Federal Trade Commission Act), govern the collection, use, storage, transfer, disclosure, protection, and other processing of health-related and other personal information could apply to our operations or the operations of our collaborators and third-party providers. In addition, we may obtain health information from third parties (including research institutions from which we obtain clinical trial data) that are subject to privacy and security requirements under HIPAA. Depending on the facts and circumstances, we could be subject to significant penalties if we violate HIPAA. In addition, certain state laws govern the privacy and security of health-related and other personal information in certain circumstances, some of which may be more stringent, broader in scope, or offer greater individual rights with respect to protected health information than HIPAA, many of which may differ from each other, thus, complicating compliance efforts. These laws are evolving rapidly and may differ from each other in significant ways and may not have the same effect, thus complicating compliance efforts. Such laws and regulations will be subject to interpretation by various courts and other governmental authorities, thus creating potentially complex compliance issues for us and our future customers and strategic partners. Failure to comply with these laws, where applicable, can result in the imposition of significant civil and/or criminal penalties and private litigation. By way of example, the California Consumer Privacy Act (CCPA), which went into effect on January 1, 2020, gives California residents individual privacy rights to access and delete their personal information, opt out of certain personal information sharing, and receive detailed information about how their personal information is used. The CCPA provides for civil penalties for violations, as well as a private right of action for data breaches that are expected to increase data breach litigation. The CCPA may increase our compliance costs and potential liability and many similar laws have been proposed at the federal level and in other states. Further, the California Privacy Rights Act (CPRA) was recently passed in California. The CPRA imposes additional data protection obligations on covered businesses, including additional consumer rights processes, limitations on data uses, new audit requirements for higher-risk data, and opt-outs for certain uses of sensitive data. It also created a new California data protection agency authorized to issue substantive regulations and could result in increased privacy and information security enforcement. The majority of the provisions of the CPRA went into effect on January 1, 2023, and additional compliance investment and potential business process changes may be required. Other states are exploring their own laws, which may or may not be similar to the CCPA or the CPRA. In the event that we are subject to or affected by HIPAA, the CCPA, the CPRA, or other domestic privacy and data protection laws, any liability from failure to comply with the requirements of these laws could adversely affect our financial condition. There also are a wide variety of privacy laws in other countries that may impact our operations, now or in the future. For example, in Europe, the General Data Protection Regulation (GDPR) imposes stringent requirements regarding the collection, use, disclosure, storage, transfer, or other processing of personal data of individuals within the European Economic Area (EEA), including providing information to individuals regarding data processing activities, implementing safeguards to protect the security and confidentiality of personal data, providing notification of data breaches, and taking certain measures when engaging third-party processors. Companies that must comply with the GDPR face increased compliance obligations and risk, including more robust regulatory enforcement of data protection requirements and potential fines for noncompliance of up to €20 million or 4% of the annual global revenue of the noncompliant company, whichever is greater. The GDPR also confers a private right of action in some circumstances on data subjects and consumer associations to lodge complaints with supervisory authorities, seek judicial remedies, and obtain compensation for damages resulting from violations of the GDPR. Among other things, the GDPR requires the establishment of a lawful basis for the processing of data, imposes requirements relating to the consent of the individuals to whom the personal data relates, including detailed notices for clinical trial subjects and investigators, as well as requirements regarding the security of personal data and notification of data processing obligations to the competent national data processing authorities. In addition, the GDPR increases the scrutiny of transfers of personal data from the EEA to the United States and other jurisdictions that the European Commission does not recognize as having "adequate" data protection laws. Recent legal developments in Europe have created complexity and uncertainty regarding transfers of personal data from the EEA to the United States. For example, on July 16, 2020, the Court of Justice of the European Union (CJEU) invalidated the EU-US Privacy Shield Framework (Privacy Shield) under which personal data could be transferred from the EEA to United States entities that had self-certified under the Privacy Shield scheme. While the CJEU upheld the adequacy of the standard contractual clauses (a standard form of contract approved by the European Commission as an adequate personal data transfer mechanism, and potential alternative to the Privacy Shield), it made clear that reliance on the standard contractual clauses alone may not necessarily be sufficient in all circumstances. Use of the standard contractual clauses must now be assessed on a case-by-case basis taking into account the legal regime applicable in the destination country, in particular applicable surveillance laws and rights of individuals, and additional measures and/or contractual provisions may need to be put in place, however, the nature of these additional measures is currently uncertain. The European Commission issued revised standard contractual clauses on June 4, 2021 to account for the decision of the CJEU and recommendations made by the European Data Protection Board. The revised standard contractual clauses must be used for relevant new data transfers beginning on September 27, 2021 and existing standard contractual clauses arrangements were required to be migrated to the revised clauses by December 27, 2022. The new standard contractual clauses apply only to the transfer of personal data outside of the EEA and not the United Kingdom; the United Kingdom's Information Commissioner's Office launched a public consultation on its draft revised data transfers mechanisms in August 2021 and the United Kingdom standard contractual clauses came into force in March 2022, with a two-year grace period. There is some uncertainty around whether the revised clauses can be used for all types of data transfers, particularly whether they can be relied on for data transfers to non-EEA entities subject to the GDPR. As supervisory authorities issue further guidance on personal data export mechanisms, including circumstances where the standard contractual clauses cannot be used, and/or start taking enforcement action, we could suffer additional costs, complaints, and/or regulatory investigations or fines, and/or if we are otherwise unable to transfer personal data between and among countries and regions in which we operate, it could affect the manner in which we provide our services, the geographical location, or segregation of our relevant systems and operations, and could adversely affect our financial results. Further, following the withdrawal of the United Kingdom from the European Union and the EEA and the end of the transition period, from January 1, 2021, we have to comply with the GDPR and separately the GDPR as implemented in the United Kingdom, which, together with the amended UK Data Protection Act 2018, retains the GDPR in UK national law. The UK GDPR mirrors the fines under the GDPR and has the ability to fine up to the greater of €20 million/£17 million or 4% of global turnover. The relationship between the United Kingdom and the European Union and the EEA in relation to certain aspects of data protection law remains unclear, and it is unclear how United Kingdom data protection laws and regulations will develop in the medium to longer term. The European Commission has adopted an adequacy decision in favor of the United Kingdom, enabling data transfers from European Union member states to the United Kingdom without additional safeguards. However, the UK adequacy decision will automatically expire in June 2025 unless the European Commission re-assesses and renews or extends that decision, which could have implications for our transfer of personal data. In many jurisdictions, enforcement actions and consequences for noncompliance are rising. In the United States, these include enforcement actions in response to rules and regulations promulgated under the authority of federal agencies and state attorneys general and legislatures and consumer protection agencies. In addition, privacy advocates and industry groups have regularly proposed, and may propose in the future, self-regulatory standards that may legally or contractually apply to us. If we fail to follow these security standards, even if no personal information is compromised, we may incur significant fines or experience a significant increase in costs. Many state legislatures have adopted legislation that regulates how businesses operate online, including measures relating to privacy, data security, and data breaches. Laws in all U.S. states require businesses to provide notice to customers whose personally identifiable information has been disclosed as a result of a data breach. The laws are not consistent, and compliance in the event of a widespread data breach is costly. Compliance with U.S. and international data protection laws and regulations could require us to take on more onerous obligations in our contracts, restrict our ability to collect, store, use, transfer, disclose, and otherwise process data, update our data privacy and security policies and procedures, or in some cases, impact our ability to operate in certain jurisdictions. Failure by us or our collaborators and our service providers to comply with U.S. and international data protection laws and regulations could result in government enforcement actions (which could include civil or criminal penalties), private litigation, and/or adverse publicity and could negatively affect our operating results and business. Moreover, clinical trial subjects about whom we or our potential collaborators obtain information, as well as the providers who share this information with us, may contractually limit our ability to use and disclose such information. Claims that we have violated individuals' privacy rights, failed to comply with data protection laws, or breached our contractual obligations, even if we are not found liable, could be expensive and time-consuming to defend, could result in adverse publicity and adversely affect our business, financial condition, results of operations, and prospects. Should any of these events occur, they could have a material adverse effect on our business, financial condition, results of operations, and prospects.

As product candidates progress through clinical trials to marketing approval and commercialization, it is common that various aspects of the development program, such as manufacturing methods and formulation, are altered along the way in an effort to optimize safety, efficacy, yield, and manufacturing batch size, minimize costs and achieve consistent quality and results. For example, the manufacturing process being used to produce clinical material for our planned clinical trials is different than that used in prior trials of lorundrostat. There can be no assurance that such changes will achieve these intended objectives. These changes and any future changes we may make to lorundrostat or any future product candidates may also cause such candidates to perform differently and affect the results of future clinical trials conducted with the altered materials. Such changes or related unfavorable clinical trial results could delay initiation or completion of additional clinical trials, require the conduct of bridging studies or clinical trials or the repetition of one or more studies or clinical trials, increase development costs, delay or prevent potential marketing approval, and jeopardize our ability to commercialize lorundrostat or any future product candidates, if approved, and generate revenue.

We do not carry insurance for all categories of risk that our business may encounter. Some of the policies we currently maintain include property, general liability, employment benefits liability, business automobile, workers' compensation, products liability, malicious invasion of our electronic systems, directors' and officers', and employment practices insurance. We do not know, however, if we will be able to maintain insurance with adequate levels of coverage. No assurance can be given that an insurance carrier will not seek to cancel or deny coverage after a claim has occurred. Any significant uninsured liability may require us to pay substantial amounts, which would adversely affect our financial position and results of operations.

The biopharmaceutical industry is characterized by rapidly advancing technologies, intense competition, and a strong emphasis on proprietary and novel products and product candidates. Our competitors have developed, are developing, or may develop products, product candidates and processes competitive with lorundrostat. Lorundrostat and any future product candidates that we successfully develop and commercialize will compete with existing therapies and new therapies that may become available in the future. Our competitors include larger and better-funded pharmaceutical, biopharmaceutical, biotechnological, and therapeutics companies. Moreover, we may also compete with universities and other research institutions that may be active in research in our target indications and could be in direct competition with us. We also compete with these organizations to recruit management, scientists, and clinical development personnel, and our inability to compete successfully could negatively affect our level of expertise and our ability to execute our business plan. We will also face competition in establishing clinical trial sites, enrolling subjects for clinical trials, and identifying and in-licensing intellectual property related to new product candidates, as well as entering into collaborations, joint ventures, license agreements, and other similar arrangements. For example, Boehringer Ingelheim International and AstraZeneca have recently initiated large-scale clinical trials for the treatment of hypertension and CKD, which could impact our ability to enroll patients in our clinical trials for the same indications. Smaller or early-stage companies may also prove to be significant competitors, particularly through collaborative arrangements with large and established companies. We believe that our current and future competition for resources and eventually for customers can be grouped into three broad categories: - companies working to develop ASIs, including AstraZeneca, Boehringer Ingelheim, Damian Pharma, and JIXING;- companies with product candidates with other mechanisms of action, such as non-steroidal MRAs and angiotensinogen directed therapies, including Alnylam, Idorsia, IONIS, Novo Nordisk, Quantum Genomics, and Sihuan Pharmaceutical Holdings Group, Roche; and - companies commercializing standard-of-care antihypertensive agents, such as ACE inhibitors, ARBs, thiazide diuretics, calcium channel blockers, and MRAs, many of which are available as generic medicines at very low prices including AstraZeneca, Bayer, Johnson & Johnson, Merck, Novartis, and Pfizer. Many of our competitors have significantly greater financial, technical, manufacturing, marketing, sales, and supply resources or experience than we do. If we successfully obtain approval for lorundrostat or any future product candidate, we will face competition based on many different factors, including the safety and effectiveness of our products, the ease with which our products can be administered, the timing and scope of regulatory approvals for these products, the availability and cost of manufacturing, marketing and sales capabilities, price, reimbursement coverage, and patent position. Competing products could present superior treatment alternatives, including by being more effective, safer, more convenient, less expensive, or marketed and sold more effectively than any products we may develop. Competing products may render lorundrostat or any future product candidates we develop obsolete or noncompetitive before we recover the expense of developing and commercializing our product candidates. If we are unable to compete effectively, our opportunity to generate revenue from the sale of the products we may develop, if approved, could be adversely affected.

Our future growth may depend, in part, on our ability to develop and commercialize lorundrostat and any future product candidates in foreign markets. We are not permitted to market or promote any product candidate before we receive regulatory approval from applicable regulatory authorities in foreign markets, and we may never receive such regulatory approvals for lorundrostat or any future product candidates. To obtain separate regulatory approval in many other countries we must comply with numerous and varying regulatory requirements regarding safety and efficacy and governing, among other things, clinical trials, commercial sales, pricing, and distribution of lorundrostat and any future product candidates. Approval procedures may be more onerous than those in the United States and may require that we conduct additional preclinical studies or clinical trials. If we obtain regulatory approval of product candidates and ultimately commercialize our products in foreign markets, we would be subject to additional risks and uncertainties, including: - different regulatory requirements for approval of drugs in foreign countries;- reduced protection for intellectual property rights;- the existence of additional third-party patent rights of potential relevance to our business;- unexpected changes in tariffs, trade barriers, and regulatory requirements;- economic weakness, including inflation, or political instability in particular foreign economies and markets;- compliance with export control and import laws and regulations;- compliance with tax, employment, immigration, and labor laws for employees living or traveling abroad;- foreign currency fluctuations, which could result in increased operating expenses and reduced revenue, and other obligations incident to doing business in another country;- foreign reimbursement, pricing, and insurance regimes;- workforce uncertainty in countries where labor unrest is common;- differing regulatory requirements with respect to manufacturing of products;- production shortages resulting from any events affecting raw material supply or manufacturing capabilities abroad;- business interruptions resulting from geopolitical actions, including war and terrorism, or natural disasters including earthquakes, typhoons, floods, and fires; and - disruptions resulting from the impact of public health pandemics, epidemics, or other public health concerns.

Our operations and the operations of our suppliers, CROs, CMOs, and clinical sites could be subject to earthquakes, power shortages, telecommunications or infrastructure failures, cybersecurity incidents, physical security breaches, water shortages, floods, hurricanes, typhoons, blizzards, and other extreme weather conditions, fires, public health pandemics or epidemics, and other natural or man-made disasters or business interruptions, for which we are predominantly self-insured. We rely on third-party manufacturers or suppliers to produce lorundrostat and its components and on CROs and clinical sites to conduct our clinical trials and do not have a redundant source of supply for all components of our product candidate. Our ability to obtain clinical or, if approved, commercial, supplies of lorundrostat or any future product candidates could be disrupted if the operations of these suppliers were affected by a man-made or natural disaster or other business interruption, and our ability to commence, conduct, or complete our clinical trials in a timely manner could be similarly adversely affected by any of the foregoing. The occurrence of any of these business disruptions could seriously harm our operations and financial condition and increase our costs and expenses.