Neumora Therapeutics, Inc. (NMRA) Risk Factors

Developing biopharmaceutical products, including conducting preclinical studies and clinical trials, is a very time-consuming, expensive and uncertain process that takes years to complete. We expect our expenses to continue to increase in connection with our ongoing activities, particularly as we conduct clinical trials of, and seek regulatory and marketing approval for, our product candidates. Even if one or more of our product candidates is approved for commercial sale, we anticipate incurring significant costs associated with commercializing any approved product candidate. To date, we have funded our operations principally through private financings. We expect our expenses to increase in connection with our ongoing activities, particularly as we continue the clinical and preclinical development of our product candidates, continue to develop and deploy our precision neuroscience approach, commence additional preclinical studies and clinical trials, and continue to identify and develop additional product candidates either through internal development or through acquisitions or in-licensing product candidates. In addition, if we obtain regulatory approval for any of our product candidates, we expect to incur significant commercialization expenses related to product manufacturing, marketing, sales and distribution. Accordingly, we will need to obtain substantial additional funding in order to support our continuing operations. If we are unable to raise capital when needed or on attractive terms, we could be forced to delay, reduce or eliminate our research and development programs or any future regulatory approval or commercialization efforts. We expect to continue to expend significant resources for the foreseeable future. In addition, we may seek additional capital due to favorable market conditions or strategic considerations even if we believe we have sufficient funds for our current or future operating plans. Attempting to secure additional financing may divert our management from our day-to-day activities, which may adversely affect our ability to develop our product candidates. Our future capital requirements will depend on many factors, including but not limited to: - the scope, timing, progress, costs and results of discovery, preclinical development and clinical trials for our current or future product candidates;- the number of clinical trials required for regulatory approval of our current or future product candidates;- the costs, timing and outcome of regulatory review of any of our current or future product candidates;- the costs associated with acquiring or licensing additional product candidates, technologies or assets, including the timing and amount of any milestones, royalties or other payments due in connection with our acquisitions and licenses;- the cost of manufacturing clinical and commercial supplies of our current or future product candidates;- the costs and timing of preparing, filing and prosecuting patent applications, maintaining and enforcing our intellectual property rights and defending any intellectual property-related claims, including any claims by third parties that we are infringing upon their intellectual property rights;- the effectiveness of our precision neuroscience approach at identifying target patient populations and utilizing our approach to enrich our patient population in our clinical trials;- our ability to maintain existing, and establish new, strategic collaborations or other arrangements and the financial terms of any such agreements, including the timing and amount of any future milestone, royalty or other payments due under any such agreement;- our ability to access additional multimodal patient datasets;- the costs and timing of future commercialization activities, including manufacturing, marketing, sales and distribution, for any of our product candidates for which we receive marketing approval;- the revenue, if any, received from commercial sales of our product candidates for which we receive marketing approval;- expenses to attract, hire and retain skilled personnel;- the costs of operating as a public company;- our ability to establish a commercially viable pricing structure and obtain approval for coverage and adequate reimbursement from third-party and government payers;- the effect of macroeconomic trends including inflation and rising interest rates;- addressing any potential supply chain interruptions or delays;- the effect of competing technological and market developments; and - the extent to which we acquire or invest in business, products and technologies. Our ability to raise additional funds will depend on financial, economic, political and market conditions and other factors, over which we may have no or limited control. Additional funds may not be available when we need them, on terms that are acceptable to us, or at all. If we fail to obtain necessary capital when needed on acceptable terms, or at all, it could force us to delay, limit, reduce or terminate our product development programs, future commercialization efforts or other operations. Because of the numerous risks and uncertainties associated with research, product development and commercialization of product candidates, we are unable to predict the timing or amount of our working capital requirements or when or if we will be able to achieve or maintain profitability. Accordingly, we will need to continue to rely on additional financing to achieve our business objectives and adequate additional financing may not be available to us on acceptable terms, or at all.

The ability of the FDA to review and approve new products can be affected by a variety of factors, including government budget and funding levels, statutory, regulatory, and policy changes, the FDA's ability to hire and retain key personnel and accept the payment of user fees, and other events that may otherwise affect the FDA's ability to perform routine functions. Average review times at the FDA have fluctuated in recent years as a result. In addition, government funding of other government agencies that fund research and development activities is subject to the political process, which is inherently fluid and unpredictable. Disruptions at the FDA and other agencies may also slow the time necessary for new drugs or modifications to approved drugs to be reviewed and/or approved by necessary government agencies, which would adversely affect our business. For example, over the last several years, the U.S. government has shut down several times and certain regulatory agencies, such as the FDA, have had to furlough critical FDA employees and stop critical activities. In addition, during the COVID-19 pandemic, the FDA postponed most inspections of domestic and foreign manufacturing facilities at various points. Even though the FDA has resumed standard inspection operations of domestic facilities where feasible, and any resurgence of COVID-19 or emergence of new variants may lead to inspectional or administrative delays. If a prolonged government shutdown occurs, or if global health concerns prevent the FDA or other regulatory authorities from conducting their regular activities, it could significantly impact the ability of the FDA or other regulatory authorities to timely review and process our regulatory submissions, which could have a material adverse effect on our business.

The global data protection landscape is rapidly evolving and we and our partners and vendors are, or may become, subject to various federal, state, and foreign data protection laws and regulations (i.e., laws and regulations that address personal information, data privacy and security). Implementation standards and enforcement practices are likely to remain uncertain for the foreseeable future, and we cannot yet determine the impact future laws, regulations, standards, or perception of their requirements may have on our business. This evolution may create uncertainty in our business, affect our ability to operate in certain jurisdictions or to collect, store, transfer use and share personal information, necessitate the acceptance of more onerous obligations in our contracts, result in liability or impose additional costs on us. The cost of compliance with these laws, regulations and standards is high and is likely to increase in the future. If we fail to comply with these laws and regulations, we may be subject to litigation, regulatory investigations, enforcement notices, enforcement actions, fines, and criminal or civil penalties, as well as adverse publicity and a potential loss of business. In the United States, numerous federal and state laws and regulations, including state data breach notification laws, state health information privacy laws, and federal and state consumer protection laws and regulations that govern the collection, use, disclosure, and protection of health-related and other personal information could apply to our operations or the operations of our partners. For example, most healthcare providers, including research institutions from which we obtain patient health information, are subject to privacy and security regulations promulgated under HIPAA, as amended by the Health Information Technology for Economic and Clinical Health Act of 2009. HIPAA imposes obligations on "covered entities," including certain healthcare providers, health plans and healthcare clearinghouses, as well as their respective "business associates" that create, receive, maintain or transmit individually identifiable health information for or on behalf of a covered entity, with respect to safeguarding the privacy, security and transmission of individually identifiable health information. We could potentially face substantial criminal or civil penalties if we violate HIPAA. For example, we could be subject to significant penalties if we knowingly receive individually identifiable health information from a HIPAA-covered healthcare provider or research institution that has not satisfied HIPAA's requirements for disclosure of individually identifiable health information, or otherwise violate applicable HIPAA requirements related to the protection of such information. Furthermore, the Federal Trade Commission (FTC) also has authority to initiate enforcement actions against entities that mislead customers about HIPAA compliance, make deceptive statements about privacy and data sharing in privacy policies, fail to limit third-party use of personal health information, fail to implement policies to protect personal health information or engage in other unfair practices that harm customers or that may violate Section 5 of the FTC Act. Even when HIPAA does not apply, according to the Federal Trade Commission (FTC) violating consumers' privacy rights or failing to take appropriate steps to keep consumers' personal information secure may constitute a violation of the FTC Act. The FTC expects a company's data security measures to be reasonable and appropriate in light of the sensitivity and volume of consumer information it holds, the size and complexity of its business, and the cost of available tools to improve security and reduce vulnerabilities. Additionally, federal and state consumer protection laws are increasingly being applied by FTC and states' attorneys general to regulate the collection, use, storage, and disclosure of personal or personally identifiable information, through websites or otherwise, and to regulate the presentation of website content. We may maintain certain sensitive information about individuals, including health-related information, that we receive throughout the clinical trial process, in the course of our research collaborations, and directly from individuals (or their healthcare providers) who enroll in our patient assistance programs. As such, we may be subject to state laws and regulations governing the privacy and security of personal information or requiring notification of affected individuals and state regulators in the event of a breach of personal information. Such laws and regulations will be subject to interpretation by various courts and other governmental authorities, thus creating potentially complex compliance issues for us and our future customers and strategic partners. For example, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the CCPA) requires covered businesses that process the personal information of California residents to, among other things: (i) provide certain disclosures to California residents regarding the business's collection, use, and disclosure of their personal information; (ii) receive and respond to requests from California residents to access, delete, and correct their personal information, or to opt out of certain disclosures of their personal information; and (iii) enter into specific contractual provisions with service providers that process California resident personal information on the business's behalf. Although there are limited exemptions for health-related information, including clinical trial data, the CCPA may increase our compliance costs and potential liability. Similar laws have been passed in other states, and are continuing to be proposed at the state and federal level, reflecting a trend toward more stringent privacy legislation in the United States. The enactment of such laws could have potentially conflicting requirements that would make compliance challenging. Complying with U.S. federal and state data privacy and security laws, regulations, amendments to or re-interpretations of existing data privacy and security laws and regulations and contractual or other obligations relating to privacy, data protection, data transfers, data localization or information security may require us to make changes to our processes, incur substantial operational costs, modify our data practices and policies and restrict our business operations. Any actual or perceived failure by us to comply with these laws, regulations or other obligations may lead to significant fines, penalties, regulatory investigations, lawsuits, significant costs for remediation, damage to our reputation or other liabilities. We are also or may become subject to rapidly evolving data protection laws, rules and regulations in foreign jurisdictions. Any clinical trial programs and research collaborations that we engage in outside the United States may implicate international data protection laws, including, in the European Economic Area (EEA), the General Data Protection Regulation (GDPR), which became effective in 2018. The GDPR imposes stringent operational requirements for processors and controllers of the personal data of individuals within the EEA. Among other things, the GDPR requires detailed notices for clinical trial subjects and investigators, as well as requirements regarding the security of personal data and notification of data processing obligations or security incidents to appropriate data protection authorities or data subjects. If our privacy or data security measures fail to comply with the GDPR requirements, we may be subject to litigation, regulatory investigations, enforcement notices, and/or enforcement actions requiring us to change the way we use personal data and/or fines. In addition to statutory enforcement, a personal data breach can lead to adverse publicity and a potential loss of business. Further, from January 1, 2021, companies have had to comply with both the GDPR and the United Kingdom GDPR (UK GDPR), which, together with the amended UK Data Protection Act 2018, imposes separate but similar obligations to those under the GDPR. The UK GDPR mirrors the fines under the GDPR, imposing fines up to the greater of €20 million (£17.5 million) or 4% of global turnover. Among other requirements, the GDPR regulates transfers of personal data subject to the GDPR to third countries that have not been found to provide adequate protection to such personal data, including the United States, and the efficacy and longevity of current transfer mechanisms between the EEA and the United States remains uncertain. Case law from the Court of Justice of the European Union (CJEU) states that reliance on the standard contractual clauses - a standard form of contract approved by the European Commission as an adequate personal data transfer mechanism - alone may not necessarily be sufficient in all circumstances and that transfers must be assessed on a case-by-case basis. On July 10, 2023, the European Commission adopted its Adequacy Decision in relation to the new EU-US Data Privacy Framework (DPF) rendering the DPF effective as an EU GDPR transfer mechanism to U.S. entities self-certified under the DPF. On October 12, 2023, the UK Extension to the DPF also came into effect (as approved by the UK Government), as data transfer mechanism to U.S. entities self-certified under the DPF. As the regulatory guidance and enforcement landscape in relation to data transfers continue to develop, we could suffer additional costs, complaints, and/or regulatory investigations or fines, and/ or if we are otherwise unable to transfer personal data between and among countries and regions in which we operate, it could affect the manner in which we provide our services, the geographical location or segregation of our relevant systems and operations, and could adversely affect our financial results. These laws and regulations may apply, not only to us, but also to vendors that store or otherwise process data on our behalf, such as information technology vendors. If such a vendor misuses data we have provided to it, or fails to safeguard such data, we may be subject to litigation, regulatory investigations, enforcement notices, and/or enforcement actions, as well as adverse publicity and a potential loss of business. We are likely to be required to expend significant capital and other resources to ensure ongoing compliance with applicable privacy and data security laws. Claims that we have violated individuals' privacy rights or breached our contractual obligations, even if we are not found liable, could be expensive and time-consuming to defend, and could result in adverse publicity that could harm our business. Moreover, even if we take all necessary action to comply with regulatory requirements, we could be subject to a hack or data breach, which could subject us to fines and penalties, as well as reputational damage. Further, we use artificial intelligence (AI), machine learning, and automated decision-making technologies (collectively, AI Technologies) throughout our business. The regulatory framework for AI Technologies is rapidly evolving as many federal, state and foreign government bodies and agencies have introduced or are currently considering additional laws and regulations. Additionally, existing laws and regulations may be interpreted in ways that would affect the operation of our AI Technologies. As a result, implementation standards and enforcement practices are likely to remain uncertain for the foreseeable future, and we cannot yet determine the impact future laws, regulations, standards, or market perception of their requirements may have on our business and may not always be able to anticipate how to respond to these laws or regulations. Already, certain existing legal regimes (e.g., relating to data privacy) regulate certain aspects of AI Technologies, and new laws regulating AI Technologies are expected to enter into force in the United States and the EU in 2024. In the United States, the Biden administration issued a broad Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (2023 AI Order), that sets out principles intended to guide AI design and deployment for the public and private sector and signals the increase in governmental involvement and regulation over AI Technologies. The 2023 AI Order established certain new requirements for the training, testing and cybersecurity of sophisticated AI models and large scale computer centers used to train AI models. The 2023 AI Order also instructed several other federal agencies to promulgate additional regulations within specific timeframes from the date of the 2023 AI Order regarding the use and development of AI Technologies. Agencies such as the Department of Commerce and the Federal Trade Commission have issued proposed rules governing the use and development of AI Technologies. Legislation related to AI Technologies has also been introduced at the federal level and is advancing at the state level. For example, on March 13, 2024, Utah passed the Utah AI Policy Act, which took effect in May 2024, imposing certain disclosure requirements on the use of AI, and on May 17, 2024, Colorado enacted the Colorado AI Act, which will take effect in February 2026. Further, the California Privacy Protection Agency is currently in the process of finalizing regulations under the CCPA regarding the use of automated decision-making. Such additional regulations may impact our ability to develop, use and commercialize AI Technologies in the future. In Europe, on May 21, 2024, the European Union legislators approved the EU Artificial Intelligence Act (the "EU AI Act"), which establishes a comprehensive, risk-based governance framework for artificial intelligence in the EU market. The EU AI Act enters into force on August 2, 2024 and the majority of the substantive requirements will apply from August 2, 2026. The EU AI Act will apply to companies that develop, use and/or provide AI in the EU and includes requirements around transparency, conformity assessments and monitoring, risk assessments, human oversight, security, accuracy, general purpose AI and foundation models, and proposes fines for breach of up to 7% of worldwide annual turnover. In addition, on September 28, 2022, the European Commission proposed two Directives seeking to establish a harmonized civil liability regime for AI in the EU in order to facilitate civil claims in respect of harm caused by AI and to include AI-enabled products within the scope of the EU's existing strict product liability regime. Once fully applicable, the EU AI Act and the Liability Directives will have a material impact on the way AI is regulated in the EU. Recent case law from the CJEU has taken an expansive view of the scope of the GDPR's requirements around automated decision making and introduced uncertainty in the interpretation of these rules. The EU AI Act, and developing interpretation and application of the GDPR in respect of automated decision making, together with developing guidance and/or decisions in this area, may affect our use of AI Technologies and our ability to provide, improve or commercialize our business, require additional compliance measures and changes to our operations and processes, result in increased compliance costs and potential increases in civil claims against us, and could adversely affect our business, operations and financial condition. It is possible that further new laws and regulations will be adopted in the United States and in other non-U.S. jurisdictions, or that existing laws and regulations, including competition and antitrust laws, may be interpreted in ways that would limit our ability to use AI Technologies for our business, or require us to change the way we use AI Technologies in a manner that negatively affects the performance of our business and the way in which we use AI Technologies. We may need to expend resources to adjust our operations in certain jurisdictions if the laws, regulations, or decisions are not consistent across jurisdictions. Further, the cost to comply with such laws, regulations, or decisions and/or guidance interpreting existing laws, could be significant and would increase our operating expenses (such as by imposing additional reporting obligations regarding our use of AI Technologies). Such an increase in operating expenses, as well as any actual or perceived failure to comply with such laws and regulations, could adversely affect our business, financial condition and results of operations.

The biotechnology and biopharmaceutical industries are highly competitive and subject to significant and rapid technological change. Our success is highly dependent on our ability to discover, develop and obtain marketing approval for new and innovative products on a cost-effective basis and to market them successfully. In doing so, we face and will continue to face intense competition from a variety of businesses, including large biopharmaceutical and biotechnology companies, academic institutions, government agencies and other public and private research organizations. These organizations may have significantly greater resources than we do and conduct similar research, seek patent protection and establish collaborative arrangements for research, development, manufacturing, and marketing of products that compete with our product candidates. Mergers and acquisitions in the biotechnology and biopharmaceutical industries may result in even more resources being concentrated in our competitors. Competition may increase further as a result of advances in the commercial applicability of technologies and greater availability of capital for investment in these industries. With the proliferation of new drugs and therapies for our target indications, we expect to face increasingly intense competition as new technologies become available. If we fail to stay at the forefront of technological change, we may be unable to compete effectively. Any product candidates that we successfully develop and commercialize will compete with existing therapies and new therapies that may become available in the future. The highly competitive nature of and rapid technological changes in the biotechnology and biopharmaceutical industries could render our product candidates or our technology obsolete, less competitive or uneconomical. Our competitors may, among other things: - have significantly greater financial, manufacturing, marketing, drug development, technical, and human resources than we do;- develop and commercialize products that are safer, more effective, less expensive, more convenient or easier to administer, or have fewer or less severe side effects;- obtain quicker regulatory approval;- establish superior proprietary positions covering our products and technologies;- implement more effective approaches to sales and marketing; or - form more advantageous strategic alliances. Should any of these factors occur, our business, financial condition and results of operations could be materially adversely affected. In addition, any collaborators may decide to market and sell products that compete with the product candidates that we have agreed to license to them, and any competition by our collaborators could also have a material adverse effect on our future business, financial condition, and results of operations. Smaller and other early-stage companies may also prove to be significant competitors, particularly through collaborative arrangements with large and established companies. These third parties compete with us in recruiting and retaining qualified scientific and management personnel, establishing clinical trial sites and patient registration for clinical trials, as well as in developing or acquiring technologies complementary to, or necessary for, our programs.

Our operations could be subject to earthquakes, power shortages, telecommunications failures, water shortages, floods, hurricanes, typhoons, fires, extreme weather conditions, medical epidemics and other natural or manmade disasters or business interruptions, for which we are predominantly self-insured. We rely on third-party manufacturers to produce our product candidates. Our ability to obtain clinical supplies of our product candidates could be disrupted if the operations of these suppliers were affected by a man-made or natural disaster or other business interruption. The occurrence of any of these business disruptions could seriously harm our operations and financial condition and increase our costs and expenses.