Oncolytics Biotech (ONCY) Risk Analysis

The Company is a Canadian company, with its principal place of business in Canada. At at December 31, 2024, some of the Company's directors and officers, including the Company's Chief Executive Officer and Chief Financial Officer, are residents outside the United States and a significant portion of the Company's assets are located outside the United States. Consequently, it may be difficult for U.S. investors to effect service of process within the United States upon the Company or these directors or officers who are not residents of the United States, or to realize in the United States upon judgments of courts of the United States predicated upon civil liabilities under the U.S. Securities Act of 1933, as amended. Investors should not assume that Canadian courts (1) would enforce judgments of U.S. courts obtained in actions against the Company or such directors or officers predicated upon the civil liability provisions of the U.S. federal securities laws or the securities or "blue sky" laws of any state within the United States or (2) would enforce, in original actions, liabilities against the Company or such directors or officers predicated upon the U.S. federal securities laws or any such state securities or "blue sky" laws. In addition, the protections afforded by Canadian securities laws may not be available to investors in the United States.

The Company has not declared or paid any dividends since its incorporation. The Company intends to retain earnings, if any, to finance the growth and development of its business and does not intend to pay cash dividends on the Common Shares in the foreseeable future. Any return on an investment in the common shares will come from the appreciation, if any, in the value of the Common Shares. The payment of future cash dividends, if any, will be reviewed periodically by the board of directors and will depend upon, among other things, conditions then existing including earnings, financial condition, and capital requirements, restrictions in financing agreements, business opportunities and conditions, and other factors.

As of December 31, 2024, we had cash and cash equivalents of $15.9 million. We anticipate that we will need additional financing in the future to fund research and development and to meet our ongoing capital requirements. The amount of future capital requirements will depend on many factors, including continued scientific progress in our drug discovery and development programs, progress in our preclinical and clinical evaluation of drug candidates, time and expense associated with filing, prosecuting, and enforcing our patent claims, and costs associated with obtaining regulatory approvals. In order to meet such capital requirements, we will consider contract fees, collaborative research and development arrangements, and additional public or private financings (including the incurrence of debt and the issuance of additional equity securities) to fund all or a part of particular programs as well as potential partnering or licensing opportunities. Oncolytics, from time to time, along with all other pharmaceutical research and development entities, may have restricted access to capital, bank debt, and equity and, from time to time, may face increased borrowing costs. Although our business and asset base have not changed, the lending capacity of all financial institutions fluctuates, causing a corresponding change in risk premiums. As future operations will be financed out of funds generated from financing activities, our ability to do so is dependent on, among other factors, the overall state of capital markets and investor appetite for investments in the pharmaceutical industry and our securities in particular. Should we elect to satisfy our cash commitments through the issuance of securities, by way of either private placement or public offering or otherwise, there can be no assurance that our efforts to raise such funding will be successful or achieved on terms favorable to us or our existing shareholders. If adequate funds are not available on terms favorable to us, we may have to reduce substantially or eliminate expenditures for research and development, testing, production, and marketing of our proposed product, or obtain funds through arrangements with corporate partners that require us to relinquish rights to certain of our technologies or product. There can be no assurance that we will be able to raise additional capital if our current capital resources are exhausted.

Because we have limited financial and managerial resources, we focus on research programs and therapeutic platforms that we identify for specific indications. As a result, we may forego or delay the pursuit of opportunities with other therapeutic platforms or for other indications that later prove to have greater commercial potential. Our resource allocation decisions may cause us to fail to capitalize on viable commercial products or profitable market opportunities. Our spending on current and future research and development programs and therapeutic platforms for specific indications may not yield any commercially viable products.

The regulatory process for pharmaceuticals, which includes preclinical studies and multiple phases of clinical trials of each compound to establish its safety and efficacy, takes many years and requires the expenditure of substantial resources. Moreover, if regulatory approval of a drug is granted, such approval may entail limitations on the indicated uses for which it may be marketed. Failure to comply with applicable regulatory requirements can, among other things, result in suspension of regulatory approvals, product recalls, seizure of products, operating restrictions, and criminal prosecution. Further, government policy may change, and additional government regulations may be established that could prevent or delay regulatory approvals for our products. In addition, a marketed drug and its manufacturer are subject to continual review. Later discovery of previously unknown problems with the product or manufacturer may result in restrictions on such product or manufacturer, including withdrawal of the product from the market. The United States Food and Drug Administration ("FDA") and similar regulatory authorities in other countries may deny approval of a new drug application if required regulatory criteria are not satisfied, or may require additional testing. Product approvals may be withdrawn if compliance with regulatory standards is not maintained or if problems occur after the product reaches the market. The FDA and similar regulatory authorities in other countries may require further testing and surveillance programs to monitor the pharmaceutical product that has been commercialized. Non-compliance with applicable requirements can result in fines and other judicially imposed sanctions, including product withdrawals, product seizures, injunction actions, and criminal prosecutions. The FDA and other governmental regulators have increased requirements for drug purity and have increased environmental burdens upon the pharmaceutical industry. Because pharmaceutical drug manufacturing is a highly regulated industry, requiring significant documentation and validation of manufacturing processes and quality control assurance prior to the approval of the facility to manufacture a specific drug, our manufacturing facilities may never become approved of, or there can be considerable transition time between the initiation of a contract to manufacture a product and the actual initiation of manufacture of that product. Any lag time in the initiation of a contract to manufacture product and the actual initiation of manufacture could cause us to lose profits or incur liabilities. The pharmaceutical regulatory regime in Europe and other countries is generally similar to that of the United States. We could face similar risks in these other jurisdictions as the risks described above.

In the past, companies that have experienced volatility in the market price of their securities have been subject to securities class action litigation. We may be the target of this type of litigation in the future. Regardless of the merits or the ultimate results of such litigation, securities litigation brought against us could result in substantial costs and divert our management's attention from other business concerns.

We are subject to complex laws and regulations that address privacy and data security. The legislative and regulatory landscape for data protection continues to evolve, and in recent years there has been an increasing focus on privacy and data security issues. In the U.S., numerous federal and state laws and regulations, including state data breach notification laws, state health information privacy laws, and federal and state consumer protection laws, govern the collection, use, disclosure, and protection of health-related and other personal information. For example, the State of California enacted the California Consumer Privacy Act of 2018 (the "CCPA"), which came into effect on January 1, 2020, and provides new data privacy rights for consumers and new operational requirements for companies, which may increase our compliance costs and potential liability. The CCPA gives California residents expanded rights to access and delete their personal information, opt out of certain personal information sharing, and receive detailed information about how their personal information is used. The CCPA provides for civil penalties for violations, as well as a private right of action for data breaches that is expected to increase data breach litigation. Further, the California Privacy Rights Act, or CPRA, generally went into effect on January 1, 2023, and significantly amends the CCPA. It imposes additional data protection obligations on covered companies doing business in California, including additional consumer rights processes, limitations on data uses, new audit requirements for higher risk data, and opt outs for certain uses of sensitive data. It also created a new California data protection agency specifically tasked to issue substantive regulations and enforce the CCPA and CPRA, which has increased regulatory scrutiny of covered businesses in the areas of data protection and security. Additional compliance investment and potential business process changes may also be required. Similar laws have passed in other states, and continue to be proposed at the state and federal level, reflecting a trend toward more stringent privacy legislation in the U.S. The enactment of such laws could have potentially conflicting requirements that would make compliance challenging. In addition, in the course of our business, we may obtain health information from third parties that are subject to privacy and security requirements under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), as amended by the Health Information Technology for Economic and Clinical Health Act ("HITECH"). Although we are not directly subject to HIPAA (other than potentially with respect to providing certain employee benefits) we could be subject to criminal penalties if we knowingly obtain or disclose individually identifiable health information maintained by a HIPAA-covered entity in a manner that is not authorized or permitted by HIPAA/HITECH. We could also be negatively impacted by existing and proposed laws and regulations, as well as government policies and practices related to cybersecurity, data privacy, data localization, and data protection outside of the U.S., such as the General Data Protection Regulation ("GDPR"), which took effect in the EU in May 2018. The GDPR extends the geographical scope of EU data protection law to non-EU entities under certain conditions, tightens existing EU data protection principles, and creates new obligations for companies and new rights for individuals. The GDPR may increase our responsibility and potential liability in relation to personal data that we process, expose us to substantial potential fines, and increase our compliance costs. The GDPR could also cause our development costs to increase in connection with clinical trials we are currently conducting and may conduct in the future in the EU for our product and product candidate. Further, recent legal developments in Europe have created complexity and uncertainty regarding transfers of personal data from the EU to the United States. As well, from January 1, 2021, the GDPR and the United Kingdom ("UK") GDPR, which, together with the amended UK Data Protection Act 2018, retains the GDPR in UK national law. In March 2022, the U.S. and EU announced a new regulatory regime intended to replace the invalidated regulations. In October 2022, President Biden signed an Executive Order on ‘Enhancing Safeguards for United States Signals Intelligence Activities' which introduced new redress mechanisms and binding safeguards to address the concerns raised by the Court of Justice of the EU in relation to data transfers from the EEA to the U.S. and which formed the basis of the new EU-US Data Privacy Framework, or DPF, as released in December 2022. The European Commission adopted its Adequacy Decision in relation to the DPF in July 2023, rendering the DPF effective as a GDPR transfer mechanism to U.S. entities self-certified under the DPF. To the extent we are unable to transfer personal data between and among regions in which we operate or intend to operate as a result of regulatory authorities issuing further guidance on personal data export mechanisms, including circumstances where the standard contractual clauses cannot be used, and/or start taking enforcement action, it could affect the manner in which we operate and could adversely affect our financial results. Failure to comply with data protection laws and regulations both within and outside of the U.S. could result in government enforcement actions (which could include civil or criminal penalties), private litigation, and/or adverse publicity and could negatively affect our operating results and business.

As pelareorep is developed through preclinical to late-stage clinical trials toward approval and commercialization, it is common that various aspects of the development program, such as manufacturing methods and formulation, are altered along the way in an effort to optimize processes and results. Such changes carry the risk that they will not achieve these intended objectives or be acceptable to the FDA or similar regulatory authorities in other countries. Any of these changes could cause pelareorep to perform differently and affect the results of planned clinical trials or other future clinical trials conducted with the altered materials. This could delay the completion of clinical trials, require the conduct of bridging clinical trials or the repetition of one or more clinical trials, increase clinical trial costs, delay approval of our product candidate and jeopardize our ability, or our strategic partners' ability, to commence product sales and generate revenue.

Our ability to develop the product will depend, to a great extent, on our ability to attract and retain highly qualified scientific personnel and to develop and maintain relationships with leading research institutions. Intense competition for attracting key skill-sets may limit our ability to retain and motivate key personnel on acceptable terms. We are highly dependent on the principal members of our management staff as well as our advisors and collaborators, the loss of whose services might impede the achievement of development objectives. The persons working with us are affected by a number of influences outside of our control. In the U.S., the SEC recently adopted mandatory clawback rules which requires listed companies to adopt a clawback policy providing for recovery of incentive-based compensation awarded to executive officers if we are required to prepare an accounting restatement resulting from material noncompliance with financial reporting requirements. There is the potential that new compensation rules will make it more difficult for us to attract and retain executive officers. The loss of key employees and/or key collaborators may affect the speed and success of product development.

We rely on entities outside of our control, which may include clinical and research consultants, academic institutions, and contract research organizations ("CROs"), to perform, monitor, support, conduct, and oversee preclinical studies and clinical trials of pelareorep. As a result, we have less control over the timing and cost of these studies and the ability to recruit trial subjects than if we conducted these trials with our own personnel. If we are unable to maintain or enter into agreements with these third parties on acceptable terms, or if any such engagement is terminated prematurely, we may be unable to enroll patients on a timely basis or otherwise conduct our trials in the manner we anticipate. In addition, there is no guarantee that these third parties will devote adequate time and resources to our studies or perform as required by our contract or in accordance with regulatory requirements, including maintenance of clinical trial information regarding our products. If these third parties fail to meet expected deadlines, fail to transfer to us any regulatory information in a timely manner, fail to adhere to protocols, or fail to act in accordance with regulatory requirements or our agreements with them, or if they otherwise perform in a substandard manner or in a way that compromises the quality or accuracy of their activities or the data they obtain, then clinical trials of our product candidate may be extended or delayed with additional costs incurred, or our data may be rejected by the FDA, EMA or other regulatory agencies. Ultimately, we are responsible for ensuring that each of our clinical trials is conducted in accordance with the applicable protocol, legal, regulatory, and scientific standards, and our reliance on third parties does not relieve us of our regulatory responsibilities. If we or any of our CROs fail to comply with applicable regulatory regulations, the clinical data generated in our clinical trials may be deemed unreliable, and our submission of marketing applications may be delayed, or we may be required to perform additional clinical trials before approving our marketing applications. Our failure to comply with these regulations may require us to repeat clinical trials, which would delay the regulatory approval process and increase our costs. Moreover, our business may be implicated if any of our CROs violates federal or state fraud and abuse or false claims laws and regulations or healthcare privacy and security laws. If any of our clinical trial sites terminate for any reason, we may experience the loss of follow-up information on patients enrolled in our ongoing clinical trials unless we are able to transfer the care of those patients to another qualified clinical trial site. Further, if our relationship with any of our CROs is terminated, we may be unable to enter into arrangements with alternative CROs on commercially reasonable terms, or at all. As a result, delays may occur, which can materially impact our ability to meet our desired clinical development timelines.

Government authorities and third-party payors, such as private health insurers and health maintenance organizations, decide which medications they will pay for and establish reimbursement levels. A primary trend in the U.S. healthcare industry and elsewhere is cost containment. Government authorities and these third-party payors have attempted to control costs by limiting coverage and the amount of reimbursement for particular medications. Uncertainty exists regarding the reimbursement status of newly-approved pharmaceutical products and reimbursement may not be available for pelareorep. Any reimbursements granted may not be maintained or limits on reimbursements available from third-party payors may reduce the demand for, or negatively affect the price of, these products. If pelareorep does not qualify for reimbursement, if reimbursement levels diminish, or if reimbursement is denied, our sales and profitability would be adversely affected.

We incur some of our research and development and general and administrative expenses in foreign currencies, primarily the U.S. dollar and Euro. We are, therefore, exposed to foreign currency rate fluctuations. Also, as we expand to other foreign jurisdictions, there may be an increase in our foreign exchange exposure.