NerdWallet, Inc. Class A (NRDS) Risk Factors

Our substantial investments encompass the development of various products, technologies, and minority investments, including our mobile application, personal finance management tools, data infrastructure, and recommendation engine. We are committed to continuing substantial resource allocation for the creation of new technologies, tools, features, services, and product offerings. Anticipating an increase in investments in the near term, we acknowledge that this may impact our margins. Following the acquisition of On the Barrelhead (OTB) in the third quarter of 2022, we plan to continue investing in developing and expanding new offerings using the acquired technology. Moreover, we plan to allocate substantial resources to grow the verticals on our platform, increase our scale, and expand into additional geographic markets. However, the efficient and effective allocation of our development budget on commercially successful and innovative technologies is crucial for realizing the expected benefits of our strategy. The high degree of risk associated with our new initiatives includes limited or no prior development or operating experience in the strategies, technologies, and regulatory requirements involved. There is no assurance of sustained consumer demand or sufficient market acceptance to generate revenue that offsets new expenses or liabilities associated with these investments. Competitive dynamics pose a risk, as product offerings developed by others may render our offerings noncompetitive or obsolete. Furthermore, the development efforts for new product offerings and technologies could distract management attention from current operations and redirect capital and resources from our established products. Even if successful, regulatory authorities may impose new rules or restrictions in response to our innovations, potentially increasing expenses or hindering successful commercialization. The failure to realize the expected benefits of these investments may adversely impact our business, financial condition, and operating results.

Our continued success depends on our systems, applications, and software continuing to operate and to meet the changing needs of our users and financial services partners. We rely on our technology and engineering staff and third party services providers to successfully implement changes to and maintain our systems and services in an efficient and secure manner. Like all information systems and technology, our platform may contain or develop material errors, failures, vulnerabilities or bugs, particularly when new features or capabilities are released, and may be subject to computer viruses or malicious code, break-ins, phishing impersonation attacks, attempts to overload our servers with denial-of-service or other attacks, ransomware and similar incidents or disruptions from unauthorized use of our computer systems, as well as unintentional incidents causing data leakage, any of which could lead to interruptions, delays or shutdown of our platform. Operating our business and products involves the collection, storage, use and transmission of large volumes of sensitive, proprietary and confidential information, including financial and personal information, pertaining to our current, prospective and past users, as well as our personnel, contractors, and business partners. The security measures we take to protect this information may be breached as a result of computer malware, viruses, social engineering, ransomware attacks, account takeover attacks, hacking and cyberattacks, including by state-sponsored and other sophisticated organizations. Such incidents have become more prevalent in recent years. Our security measures could also be compromised by our personnel, theft or errors, or be insufficient to prevent exploitation of security vulnerabilities in software or systems on which we rely. Such incidents may in the future result in unauthorized, unlawful or inappropriate use, destruction or disclosure of, access to, or inability to access the sensitive, proprietary and confidential information that we handle. These incidents may remain undetected for extended periods of time allowing malfeasors to use time to their advantage. Because there are many different cybercrime and hacking techniques and such techniques continue to evolve, we may be unable to anticipate attempted security breaches, react in a timely manner or implement adequate preventative measures. While we have developed systems and processes designed to protect the integrity, confidentiality and security of our and our users' confidential and personal information under our control, we cannot assure you that any security measures that we or our third party service providers have implemented will be effective against current or future security threats. A security breach or other security incident, or the perception that one has occurred, could result in a loss of confidence by both our users and financial services partners and damage our reputation and brand; reduce demand for our products; disrupt normal business operations; require us to expend significant capital and resources to investigate and remedy the incident and prevent recurrence; and subject us to litigation, regulatory enforcement action, fines, penalties, and other liability, which could adversely affect our business, financial condition and results of operations. Even if we take steps that we believe are adequate to protect us from cyber threats, hacking against our competitors or other companies in our industry could create the perception among our users and financial services partners that our digital platform is not safe to use. Security incidents could also damage our IT systems and our ability to make the financial reports and other public disclosures required of public companies. These risks are likely to continue to increase as we continue to grow and process, store and transmit increasingly larger volumes of data.

We are subject to regular review and audit by both domestic and foreign tax authorities. Any adverse outcome of such a review or audit could have a negative effect on our operating results and financial condition. In addition, the determination of our provision for income taxes and other tax assets and liabilities requires significant judgment, and there are many transactions and calculations where the ultimate tax determination is uncertain at the present time. Although we believe our estimates and judgments are reasonable, the ultimate tax outcome may differ from the amounts recorded in our financial statements and may have a material effect on our operating results and financial condition.

We collect, store, use and process personal information and other user data, including financial information, credit report information and other sensitive information for our users. We rely on this data provided to us by users and third parties to offer, improve and innovate our products. If we are unable to maintain and grow such data we may be unable to provide consumers with a platform experience that is relevant, efficient and effective, which could adversely affect our business, financial condition and results of operations. There are numerous federal, state and local laws and regulations regarding data privacy and the storing, sharing, use, processing, disclosure and protection of personal information and other user data, the scope of which are changing and subject to differing interpretations. In addition, as we continue to expand internationally, we are subject to foreign data privacy and security laws and regulations. These data privacy laws and regulations are complex, continue to evolve, and on occasion may be inconsistent between jurisdictions leading to uncertainty in interpreting such laws. We are also subject to the terms of our privacy policies and privacy-related obligations to third parties, and, given the evolving regulatory environment, we expect a heightened level of scrutiny on the data we handle. It is possible that these laws, regulations, and other obligations may be interpreted and applied in a manner that is inconsistent from one regulatory body to another and may conflict with other rules or our practices. Most of the jurisdictions in which we operate have established their own data privacy and security legal frameworks. For example, in the U.S., we are subject to the Gramm–Leach–Bliley Act (GLBA) which governs non-public personal information of individuals who obtain financial products or services from financial institutions primarily for personal, family or household purposes, as well as the Fair Credit Reporting Act (FCRA) which generally governs the collection of credit information and access to credit reports. These laws restrict the collection, use, storage and disposal of information about individuals that we may collect during the provision of our products and impose certain disclosure obligations on us. Failure to comply with these laws can result in regulatory fines or penalties. Certain of our products that are not otherwise subject to the GLBA or FCRA may be subject to additional laws and regulations. For example, the California Consumer Privacy Act (CCPA) created new data privacy rights for California-resident users that were expanded when the California Privacy Rights Act (CPRA) went into effect in 2023. In addition, a growing number of states have passed or are expected to pass their own respective privacy laws. These laws, as well as any associated regulations, create a patchwork that poses challenges for our business and may increase our operating costs and potential liability (particularly in the event of a data breach), delay or impede the development of new products, and have a material adverse effect on our business, including how we use information about individuals, our financial condition and the results of our operations or prospects. As we expand internationally, we will also be subject to international laws regarding privacy and the storing, sharing, use, processing, disclosure and protection of personal information and other user data. For example, following our expansion into the UK market, we became subject to the privacy, data security, and data protection requirements of the UK's data protection regime, consisting primarily of the Data Protection Act 2018 and the Data Protection, Privacy and Electronic Communications Regulations 2019 as amended by the Data Protection, Privacy and Electronic Communications Regulations 2020, or the UK GDPR, and other data protection regulations. Among other stringent requirements, the UK GDPR (like its EU counterpart) restricts transfers of data from the UK to third countries deemed to lack adequate privacy protections (such as the U.S.), unless an appropriate safeguard is implemented. In the aftermath of the UK's withdrawal from the EU in January 2020 (an event commonly referred to as Brexit), there was uncertainty with regard to the regulation of data protection in the UK. Since then, the UK has undergone efforts to introduce post-Brexit data protection reform in the form of the Data Protection and Digital Information (No. 2) Bill (the "Bill") which is intended to supersede the UK's version of the GDPR. As of December 2023, the Bill was at the Committee Stage of the House of Lords and further progress is expected during the course of 2024. While the Bill has largely remained consistent with the spirit of the EU's GDPR, there are few instances where changes have been made, and more changes are possible during the course of the legislative process. As a result, we may face challenges in addressing and implementing the requirements of the proposed new law in light of uncertainty over its interpretation and application to data transfer, privacy, data protection, and information security in the UK, and may incur significant costs and expenses in an effort to do so. Any failure or perceived failure by us to comply with applicable laws and regulations or any of our other legal obligations relating to privacy, data protection, or information security may result in governmental investigations or enforcement actions, litigation, claims, or public statements against us. Any of the foregoing could result in significant liability or cause our users to lose trust in us, any of which could have an adverse effect on our reputation, operations, financial performance and business. Furthermore, the costs of compliance with, and other burdens imposed by, the laws, regulations, and policies that are applicable to the businesses of our customers may limit the adoption and use of, and reduce the overall demand for, our products and services. We are also subject to and actively taking steps to comply with evolving UK privacy laws on cookies and e-marketing. In the UK, informed consent is required for the placement of certain cookies or similar technologies on a user's device and for direct electronic marketing and valid consent is tightly defined, including, a prohibition on pre-checked consents and, in the context of cookies, a requirement to obtain separate consents for each type of cookie or similar technology. Strict enforcement of these requirements could lead to substantial costs, require significant systems changes, limit the effectiveness of our marketing activities, divert the attention of our technology personnel, adversely affect our margins, increase costs and subject us to additional liabilities. Regulation of cookies and similar technologies, and any decline of cookies or similar online tracking technologies as a means to identify and potentially target users, may negatively impact our efforts to understand users and match them with products. Any failure or perceived failure by us to comply with our privacy policies, our privacy-related obligations to users or other third parties, or our privacy-related legal obligations, or any compromise of security that results in the unauthorized release or transfer of personally identifiable information or other user data, may result in governmental enforcement actions, litigation or negative publicity and could cause our users and financial partners to lose trust in us, which would have a material and adverse effect on our business. We may also be subject to remedies that may harm our business, including fines, demands or orders that we modify or cease existing or planned business practices.

We believe our success depends on users finding our product offerings to be of value to them. Our ability to attract and engage users depends, in part, on our ability to successfully expand our product offerings and editorial articles. For example, we initially built our content and began matching consumers with financial services providers in the credit card market, we later expanded into loan products and have continued to add other verticals since then. To penetrate new verticals, we will need to develop a deep understanding of those new markets and the associated business challenges faced by participants in them. Developing this level of understanding may require substantial investments of time and resources, and we may not be successful. In addition to the need for substantial resources, government regulation could limit our ability to introduce new product offerings. If we fail to penetrate new verticals successfully, our revenue may grow at a slower rate than we anticipate, and our business, financial condition and results of operations could be materially adversely affected. We must also continue to innovate and improve on our technology and product offerings in order to continue future growth and successfully compete with other companies in our markets, or our brand and future growth could be materially adversely affected. In addition, the market for financial services products is rapidly evolving, fragmented and highly competitive. Competition in this market has intensified, and we expect this trend to continue as the list of financial services providers grows. There are many established and emerging technology centric financial services providers offering a multitude of products to consumers across all financial verticals. If we fail to successfully anticipate and identify new trends, products and emerging financial services providers, and provide up-to-date educational content, tools and other relevant resources timely, our ability to engage consumers and financial services providers may suffer, which would harm our business, financial condition and results of operations.

We currently compete with a number of companies that market financial services online, as well as with more traditional sources of financial information, and with financial institutions offering their products directly, and we expect that competition will intensify. Our online competitors include marketplaces such as Bankrate, Credit Karma, LendingTree, and Zillow, and we also face direct or indirect competition from providers of consumer personal finance guidance and online search engines. Some of these existing competitors may have more capital or complementary products or services than we do, and they may leverage their greater capital or diversification in a manner that adversely affects our competitive position, including by making strategic acquisitions. In addition, we also face the possibility of new competitors. New competitors may enter the market and may be able to innovate and bring products and services to market faster, or anticipate and meet consumer or financial services partner demand before we do. Other newcomers, including major search engines and content aggregators, may be able to leverage their existing products and services or access to data to our disadvantage. We may be forced to expend significant resources to remain competitive with current and potential competitors. If any of our competitors are more successful than we are at attracting and engaging users or financial services partners, our business, financial condition and results of operations could be materially and adversely affected.

We believe that the growth of our business and revenue depends upon our ability to engage our existing users and to add new users in our current as well as new verticals. If we lose users or user engagement diminishes, our business and financial condition will be negatively impacted. If we fail to remain competitive on customer experience, editorial articles and product offerings, our ability to grow our business may also be adversely affected. While a key part of our business strategy is to engage users in our existing verticals, we also intend to expand our operations into new verticals. In doing so, we may incur losses or otherwise fail to enter new verticals successfully. Our expansion into new verticals may place us in unfamiliar competitive environments and involve various risks, including competition, government regulation, the need to invest significant resources and the possibility that returns on such investments will not be achieved for several years or at all. There are many factors that could negatively affect our ability to grow our user base and engagement, including if: - we lose users to new market entrants and/or existing competitors;- we do not obtain regulatory approvals necessary for expansion into new verticals, geographies or to launch new products, product features or tools;- we fail to effectively use search engines, social media platforms, digital app stores, content-based online advertising, and other online sources for generating traffic to our platform;- our platform experiences disruptions or outages;- we suffer reputational harm to our brand including from negative publicity, whether accurate or inaccurate;- we fail to expand geographically;- we fail to offer new and competitive products, to provide effective updates to our existing products or to keep pace with technological improvements in our industry;- technical or other problems frustrate the user experience;- we are unable to address user concerns regarding the content, privacy, and security of our digital platform;- we are unable to continue to innovate and improve our platform by generating compelling content and tools;- existing or new financial services providers use incentives to directly cross-sell their products, reducing consumer benefits of using multiple providers; or - we are unable to successfully launch new verticals. Our inability to overcome these challenges could impair our ability to engage users, and could harm our business, operating results and financial condition.

Our ability to earn revenue is dependent on referring users of our site to our financial services partners and our users seeking to transact with such partners. However, having obtained the information they were looking for in our editorial articles, tools and other product offerings, users may leave our platform and transact directly with a financial services partner or with another party. When users transact directly with financial services partners or another party, we are not able to earn revenue on these users' transactions, limiting our ability to realize a return on our investments in product features and editorial articles which could harm our business, revenue and financial results. Because we do not have exclusive relationships with our financial services partners, users may obtain financial products without having to use our platform. Our financial services partners may offer and market their products to prospective customers online directly through their own marketing campaigns or via other methods of distribution, including through our competitors. If a significant number of users seek financial products and services directly from our financial services partners or from our online competitors, as opposed to through our platform, our business, financial condition and results of operations could be adversely affected.

Historically, all of our business has been generated in the U.S. and we have little experience operating internationally. In 2020, we entered the UK market with our acquisition of Notice Media Ltd. (doing business as Know Your Money), an online provider of financial guidance and tools based in the UK. We entered the Canadian and Australian markets organically in the third quarter of 2021 and the fourth quarter of 2022, respectively. We believe part of our growth strategy depends on our continued international expansion. We continue to adapt to and develop strategies to address international markets, but there is no guarantee that such efforts will be successful. Our existing international operations and further international expansion are subject to a number of difficulties and risks, including: - challenges inherent to efficiently recruiting and retaining talented and capable employees in foreign countries and maintaining our company culture and employee programs across all of our offices, including those resulting from cultural differences and geographic dispersion;- required compliance with existing and changing foreign regulatory requirements and laws that are or may be applicable to our business in the future, such as the European Union's General Data Protection Regulation (GDPR) and other data privacy requirements; labor and employment regulations; anti-competition regulations; regulatory laws and requirements for licenses and authorizations; and the UK Bribery Act of 2010 and other anti-corruption laws;- required compliance with U.S. laws such as the Foreign Corrupt Practices Act, and other U.S. federal laws and regulations established by the office of Foreign Asset Control and other governmental entities;- difficulties identifying, obtaining, and maintaining the government approvals, authorizations, or licensures required to conduct our business in foreign markets;- financial risks, such as longer payment cycles, difficulty collecting accounts receivable, and the impact of local and regional financial crises on demand and payment for our products;- difficulties obtaining intellectual property protection, enforcing our intellectual property rights, and defending against third-party intellectual property infringement claims;- challenges successfully addressing novel sources of competition, including in the context of foreign laws and business practices that may favor local companies;- difficulties managing fluctuations in currency exchange rates and foreign exchange controls; and - potentially adverse tax consequences, including multiple and possibly overlapping tax regimes, the complexities of foreign value-added tax systems, and changes in tax rates. As we continue to expand our international operations, our success will depend in large part on our ability to anticipate and effectively manage these risks, which in turn will require significant management attention and financial resources. In addition, certain international markets where we do business are subject to significant economic uncertainty. Significant economic developments in these markets, or the perception that any of them could occur, creates further challenges for operating in these markets. If we are unable to successfully manage any of these risks, our existing international operations and any future international expansion could be compromised, which could harm our business, financial condition and results of operations.

Our operations are geographically limited and primarily dependent upon consumers and economic conditions in the U.S. As a result of this geographical concentration, we are more vulnerable to downturns or other conditions that affect the U.S. economy. Any downturn or other adverse conditions in the U.S. economy could harm our business and financial results. We have entered the UK, Canadian and Australian markets, and we believe our growth strategy depends, in part, on our continued international expansion. As we expand internationally, we will be vulnerable to economic downturns or other conditions that affect the domestic markets in the countries where we expand. However, until our international operations grow significantly, we will continue to be primarily dependent on U.S. consumers and U.S. economic conditions.

The loan market, including student loans, business loans, mortgages and personal loans, is an important part of our business. Fluctuations and constraints in the loan markets in the past have harmed, and may in the future, harm our business, financial condition and results of operations. Economic factors such as increased interest rates, slow economic growth or recessionary conditions, the pace of home price appreciation or the lack of it, changes in household debt levels, and increased unemployment or stagnant or declining wages can affect the loan markets by impacting the number of loan applications and loan approval rates which can adversely affect our business. In 2022 and 2023 the U.S. Federal Reserve increased the benchmark federal funds rate many times in an attempt to rein in inflation. This policy change has led to a softening of the housing market and reduced consumer demand for mortgage refinancings and originations on our platform. At the same time, increased conservatism by our financial services partners following the regional bank failures in the spring of 2023 led to a tightening of underwriting standards by our financial services partners. Further interest rate increases and continued conservatism by our financial services partners would negatively impact our loans and SMB product verticals by both reducing demand for loan products and reducing the supply of credit available, making it more difficult for us to match consumers and small and mid-sized businesses with financial services products.