Portillo's (PTLO) Risk Analysis

Our guests occasionally file complaints or lawsuits alleging we caused an illness or injury they suffered at or after a visit to our restaurants, or that we have problems with food quality or operations. We are also subject to a variety of other claims that could arise in the ordinary course of our business, including personal injury claims, contract claims and claims alleging violations of federal and state securities laws or law regarding workplace and employment matters, equal opportunity, harassment, discrimination and similar matters, and we could encounter class action or other lawsuits related to these or different matters in the future. In recent years, a number of restaurant companies have been subject to such claims, and some of these lawsuits have resulted in the payment of substantial damages by the defendants. Regardless of whether any claims against us are valid, or whether we are ultimately held liable, claims may be expensive to defend and may divert time, attention, and money away from our operations. A judgment in excess of our insurance coverage for any claims could have a material adverse effect on our Results. Allegations may also result in adverse publicity and negatively impact our reputation.

The restaurant industry is intensely competitive. We compete directly and indirectly with national, regional and local limited-service (e.g., quick service or fast casual) and full-service restaurants on food quality, brand recognition, service, price and value, convenience, design and location. Some competitors have significantly greater financial, marketing, personnel and other resources, and many are well-established in our target markets. Many of our competitors have greater name recognition locally, regionally, or nationally in these target markets. Our continued success also depends on the popularity of our menu and guest experience. Consumer tastes, nutritional and dietary trends, traffic patterns and the type, number, and location of competing restaurants often affect restaurant performance, and our competitors may react more effectively to changes. In the past, some of our competitors have implemented promotional programs that provide price discounts or reward programs, and they may continue to do so in the future. If we cannot compete effectively, our traffic, restaurant sales and restaurant operating profit margins could decline, which could have a material adverse effect on our Results. If our competitors increase spending on marketing and other initiatives or our marketing expenditures decrease, or our advertising, promotions, and restaurant designs and locations are less effective than our competitors, it could have a material adverse effect on our Results.

Our reputation and the perception of our brand are critical to our success. Any incident that erodes our consumer loyalty could significantly damage our business. We may be adversely affected by negative publicity relating to food quality, the safety, sanitation and welfare of our restaurant facilities, guest complaints or litigation, health inspection scores, integrity of our suppliers' food processing and other policies, practices and procedures, team member relationships and welfare, employment practices or other matters at one or more of our restaurants. Furthermore, similar negative publicity or occurrences with respect to other restaurants could also decrease our guest traffic and have a similar material adverse effect on our business. In addition, the volume of restaurant commentary has increased dramatically with the proliferation of social media platforms. Negative publicity may adversely affect us or some or all of our restaurants, regardless of whether allegations are valid, and we may not be able to respond effectively. For example, we, or other restaurant companies generally, have and could again come under criticism from animal rights and welfare activists for our business practices or those of our suppliers. We may also face scrutiny and criticism concerning sustainability matters, environmental stewardship, and other social issues. Such criticisms could impair our brand, our restaurant sales, our hiring, and our expansion plans. If we changed our practices because of concerns about animal welfare, or in response to such criticisms, our costs might increase, or we may have to change our suppliers or our menu. A similar risk exists with respect to food service businesses unrelated to us if customers mistakenly associate such unrelated businesses with our operations. Team member claims against us based on, among other things, alleged wage and hour violations, discrimination, harassment or wrongful termination may create not only legal and financial liability but negative publicity that could adversely affect us and divert our financial and management resources from more productive initiatives. A significant increase in the number of these claims or an increase in the number of successful claims could have a material adverse effect on our Results.

Due to the concentration of our suppliers and distributors ("our vendors"), the cancellation, disruption, delay or inability of these suppliers to deliver these products to our restaurants for any reason may materially and adversely affect our operations until we establish an alternative. We do not control our vendors' operations and our efforts to monitor their performance may be unsuccessful. If our vendors fail to comply with food safety or other laws and regulations, or face allegations of non-compliance, their operations may be disrupted and we may not be able to engage replacement suppliers on commercially reasonable terms or a timely basis, if at all. If our vendors do not fulfill their contractual obligations or we cannot identify alternative sources, we could encounter supply shortages and incur higher costs, which could have a material adverse effect on our results of operations. We have developed contingency plans to mitigate risks related to secondary supply, floor stocking arrangements, product diversification and inventory management, but there can be no assurance that we can obtain commercially reasonable terms or alternative product of equivalent quality.

Like other companies in the restaurant industry, we are dependent upon food and commodity availability and their costs impact our business and results. Food and commodity costs and availability can be volatile and are affected by factors outside of our control, including general economic conditions, inflation, labor shortages, seasonal fluctuations, weather and climate conditions, energy costs, global demand, trade protections and subsidies, food safety issues, infectious diseases, possible terrorist activity, cyberattacks, transportation issues, currency fluctuations, product recalls, and government regulations, among others. Food and commodity cost volatility has affected our profitability and reputation in the past and could do so in the future. While a portion of our commodities are subject to contract pricing, as our contracts expire we may unable to successfully (re)negotiate terms that protect us from inflation or the portion not covered by contract pricing might increase unexpectedly, creating unplanned price inflation. We experienced 4.2% and 5.5% commodity price inflation for the years ended December 29, 2024 and December 31, 2023, respectively. If the cost of our ingredients increase, we may suspend or permanently discontinue certain menu items rather than pay the increased cost for the ingredients. These changes to our menu could negatively impact our restaurant traffic and operational results during the shortage and thereafter. Additionally, we may be unable to offset all or even a portion of a future cost increase through menu price increases. Competitive conditions may limit our menu pricing flexibility and implementing menu price increases may change our guests' visit frequencies or purchasing patterns. Our industry depends on consumer discretionary spending and is affected by changes in consumer tastes, and macro- and micro-economic conditions (including economic downturns, consumer sentiment, inflation or increased food or energy costs). Factors such as traffic patterns, weather, fuel prices, local demographics, local regulations and the competitive landscape may adversely affect the performances of our individual locations. Our restaurants are primarily located in high-activity trade areas that often contain retail, lifestyle, and entertainment centers. We depend on high visitor rates in these trade areas to attract guests to our restaurants. A decline in traffic at these locations for a sustained period could have a material adverse effect on our business, financial condition and results of operations (collectively, "our Results").

The Company's business is dependent upon the availability of, among other things, agricultural commodities and other raw materials. U.S. relations with the rest of the world remain uncertain with respect to taxes, trade policies and tariffs, especially as the political landscape changes due to the recent U.S. presidential and congressional elections. Changes in U.S. administrative policy may lead to significant increases in tariffs for imported goods, which may impact prices for both domestic and imported goods, such as steel, lumber, and agricultural commodities. Imposition of tariffs may strain international trade relations and increase the risk that foreign governments implement retaliatory tariffs on goods imported from the United States. Similarly, interest rates may continue to rise and create further uncertainty and volatility in the market which would negatively impact our Results. These political and economic changes could have a material effect on global economic conditions and the stability of financial markets and could significantly reduce global trade. In addition to potential increases on tariffs, wars or conflicts could affect our ability to obtain raw materials, which could have a substantial impact on the costs associated with food, beverage and packaging of our menu items, as well as building construction materials and negatively impact our results.

The use of AI technologies within our business processes must be implemented and managed effectively and ethically to avoid outputs that are false, biased, or inconsistent with our values and strategies. Failure to properly manage AI and emerging technologies, could also lead to unauthorized access to sensitive information, of which could harm our reputation and competitive position. At the same time, if we fail to keep pace with the rapid evolution of AI technologies, particularly in our industry, our competitive position and business results could suffer. In addition, the evolving regulatory landscape for AI technologies requires continuous monitoring and adaptation to ensure compliance and mitigate potential legal and operational risks.

Our intellectual property includes our trademarks and service marks registered with the United States Patent and Trademark Office (including Portillo's), the trade dress of our restaurants, our websites and domain names (including our website at www.portillos.com) and other unregistered intellectual property (collectively, our "IP"). Our success depends on our continued ability to use our IP and licensed third-party intellectual property. We require continued use of our existing trademarks and service marks in order to increase brand awareness and develop our branded products. If our efforts to protect our IP are inadequate or if any third-party misappropriates, infringes, dilutes or otherwise violates our IP, the value of our IP may be harmed. For example, failure to register or enforce our trademarks, whether in print, on the Internet or through social media or other media, could prevent us from successfully challenging third parties who use trademarks similar to ours, which may cause consumer confusion, harm the public perception of our brand, prevent our brand and branded products from achieving and maintaining market acceptance and cause a material adverse effect on our Results. There can be no assurance that the steps we have taken to protect our IP in the United States will be adequate or will obtain or maintain any competitive advantage. It is possible that third parties will assert claims of infringement, misappropriation or other violations of intellectual property against us, or assert claims that a portion of our IP is invalid or unenforceable. Claims decided against us could invalidate or narrow our IP or allow competing uses, which could have a material adverse effect on our Results. Additionally, an infringement or misappropriation claim decided against us could result in us being required to pay damages, cease using our IP, develop or adopt non-infringing intellectual property or acquire a license to use the third-party intellectual property that is the subject of the asserted claim. Regardless of outcome, there could be significant expenses associated with the defense of such a claim. We may also from time to time have to assert claims against third parties and initiate litigation in order to defend our IP. Such litigation could result in substantial costs and diversion of resources, could be protracted with no certainty of success, or could fail to achieve an adequate remedy. Any of these occurrences could have a material adverse effect on our Results.

Our information technology systems, which in some cases rely on third-party providers, have in the past, and may in the future, experience service interruptions, degradation or other performance problems because of hardware and software defects or malfunctions, distributed denial-of-service and other cyberattacks, infrastructure changes, human error, natural/weather disasters, power losses, disruptions in telecommunications services, fraud, military or political conflicts, terrorist attacks, computer viruses, ransomware, malware, or other events. Our systems are also subject to break-ins, sabotage, theft, and intentional acts of vandalism perpetrated by criminal third parties, third parties we do business with, or team members. Our reliance on third parties increases our exposure to such risks as we cannot exercise direct control over such persons / entities. While we endeavor to keep all systems current, there can be no guarantee that we can update and maintain our systems at all times. In instances where we are unable to do so, our risk mitigation efforts may fail. Any such failure could lead to website downtime, disruptions to our information technology systems, or malicious behavior by threat actors. In 2024, we completed the implementation of our new ERP system, designed to accurately maintain the Company's financial records, enhance operational functionality, and provide timely information to the Company's management team related to the operation of the business. The ERP system implementation process has required, and will continue to require, the investment of personnel and financial resources as we support post-implementation efforts and system functionality. These post-implementation efforts could result in delays, increased costs, and other difficulties, and disruptions or difficulties in using our ERP system could result in harm to our business. Additionally, if the ERP system does not operate as intended, the effectiveness of our internal controls over financial reporting could be adversely affected or our ability to adequately assess those controls could be further delayed. We utilize technologies at our restaurants that support guest experience and transactions processes, including the processing of guest payments. We go to great lengths to vet the security capabilities of third parties that support these services. These services include retail technologies and related software applications. Although vendors similarly endeavor to maintain systems in a current and secure fashion, they are subject to the same implications as noted above, and these services can as a result be denigrated, compromised or otherwise impacted in a manner that disrupts our ability to operate. Although we will continue to take progressive steps to assess and promote the furthering security capabilities of third parties that support our restaurant operations, compromising events such as distributed denial of service, ransomware attack and other cyber attacks, natural / weather disasters or human error (and other events as noted above) may occur that will cause disruption to our vendors' system, that in turn may impact our ability to interact and transact with guests, on and off premise. Our business requires the collection, transmission, and retention of large volumes of guest and team member data, including personally identifiable information, through information technology systems maintained by us or vendors retained by us. In particular, our omni-channel approach relies in large part on our information technology systems to operate successfully and allow for capabilities like kiosk transactions, mobile order and pay, third-party delivery, and digital menu boards. Like many other companies, we have experienced, and will continue to experience, attempts to compromise our information technology systems, some of which have been successful but not material. As we expand our business channels, our risk exposure will increase proportionately. The techniques and sophistication used to conduct cyberattacks, as well as the sources and targets of these attacks, change frequently and may not be recognized until or after such attacks have occurred. We continue to make significant investment in physical and technological security measures, team member training, and third-party services to anticipate cyberattacks and prevent breaches, protect our information technology networks and infrastructure, and to identify vendors and service providers that could be vulnerable to damage, disruptions, shutdowns, data loss, or breaches due to criminal conduct, team member error, negligence or malfeasance, utility failures, natural disasters or other catastrophic events, we cannot guarantee that we will be successful in preventing every possible instance of cyberattacks, breach, or data loss, any of which could disrupt our operations, resulting in inefficiencies and a loss of profits. Additionally, the cybersecurity and privacy requirements, including the regulation of artificial intelligence, imposed by governmental regulations are evolving. Our systems may not be able to immediately satisfy applicable requirements, and may require significant additional investment and time to do so. A significant theft, loss or misappropriation of, or unauthorized access to, our guests' data or other proprietary data could result in fines, legal claims or proceedings, regulatory investigations and actions, or liability for failure to comply with privacy and information security laws, which could disrupt our operations, damage our reputation and expose us to claims from guests and team members, any of which could have a material adverse effect on our Results. Our cyber insurance and business interruption insurance may not be sufficient to cover all losses that may result from a cybersecurity incident. As a result, if we experience any outsized material impacts from a failure of our systems, our Results could be materially and adversely affected. Our reputation as a brand or as an employer could be adversely affected, which could impair our ability to attract and retain guests and qualified employees. There is also the question of interpretation of regulations that are implemented at a federal or state level, and our efforts to assess and validate the applicability of these measures, and if they apply in part or in full from a compliance standpoint. Although we strive to comply with regulations in the most timely manner possible, there may be instances in which an assessment that we deem to be valid and necessary is being conducted, in the face of a differing perspective from a governing agency. It is conceivable that we could be subjected to non-compliance penalties or similar circumstances, that would materially impact our Results.

We believe digital investments to be a critical differentiator for our business, driving greater and more frequent engagement with new and existing customers. As the digital space continues to evolve, our technology must also evolve to stay competitive. If we do not maintain and innovate competitive digital systems, including our growing use of artificial intelligence in our operations, our digital business and sales may be adversely affected as we lose guests to competitors. We rely on third-parties for our ordering and payment platforms. Services performed by these third-parties have been, and could be in the future, damaged or interrupted by technological issues or cyberattacks, which could negatively impact our sales and harm our reputation. As availability of food delivery services increase, we understand the importance of meeting our guests' needs. We have invested in marketing to promote our delivery partnerships, which could negatively impact our profitability if that channel does not continue to expand. We rely on third-parties to fulfill delivery orders in a timely and professional fashion. If these third-party delivery companies cease doing business with us, do not continue their relationship with us on favorable terms, or cannot make their scheduled deliveries (including a shortage of drivers), it may have a negative impact on our sales or revenue. Errors in providing adequate delivery services may result in guest dissatisfaction, which could also result in guest attrition, loss in sales and damage to our brand image. Additionally, as with any third-party handling food, such delivery services increase the risk of food tampering while in transit. We developed sealed packaging to provide some deterrence against such potential food tampering, but some risk remains. Third-party food delivery services are competitive. If our delivery partners fail to effectively compete with other third-party delivery providers, our delivery business may suffer, resulting in a loss of sales. If any third-party delivery provider we partner with experiences damage to their brand image, we may also see ramifications due to our partnership with them.