Syndax Pharmaceuticals (SNDX) Risk Analysis

As of December 31, 2024, our executive officers, directors, and holders of 5% or more of our capital stock and their respective affiliates beneficially owned approximately 36.5% of our outstanding voting stock and options. As a result, these stockholders will continue to have a significant influence over all matters requiring stockholder approval. For example, these stockholders may be able to influence elections of directors, amendments of our organizational documents, or approval of any merger, sale of assets or other major corporate transaction. This may prevent or discourage unsolicited acquisition proposals or offers for our common stock that you may feel are in your best interest as one of our stockholders. The interests of this group of stockholders may not always coincide with your interests or the interests of other stockholders and they may act in a manner that advances their best interests and not necessarily those of other stockholders, including seeking a premium value for their common stock, and might affect the prevailing market price for our common stock.

The Sarbanes-Oxley Act requires, among other things, that we maintain effective internal controls for financial reporting and disclosure controls and procedures. We are required, under Section 404 of the Sarbanes-Oxley Act, to furnish a report by management on, among other things, the effectiveness of our internal control over financial reporting. This assessment needs to include disclosure of any material weaknesses identified by our management in our internal control over financial reporting. A material weakness is a deficiency, or combination of deficiencies, in internal control over financial reporting that results in more than a reasonable possibility that a material misstatement of annual or interim financial statements will not be prevented or detected on a timely basis. Section 404 of the Sarbanes-Oxley Act also generally requires an attestation from our independent registered public accounting firm on the effectiveness of our internal control over financial reporting. We are required to get an attestation from our independent registered public accounting firm on the effectiveness of our internal control over financial reporting. Our compliance with Section 404 requires that we incur substantial expense and expend significant management efforts. We currently do not have an internal audit group, and we may need to hire additional accounting and financial staff with appropriate public company experience and technical accounting knowledge and compile the system and process documentation necessary to perform the evaluation needed to comply with Section 404. We may not be able to complete our evaluation, testing and any required remediation in a timely fashion. During the evaluation and testing process, if we identify one or more material weaknesses in our internal control over financial reporting, we will be unable to assert that our internal control over financial reporting is effective. We cannot assure you that there will not be material weaknesses or significant deficiencies in our internal control over financial reporting in the future. Any failure to maintain internal control over financial reporting could severely inhibit our ability to accurately report our financial condition, results of operations or cash flows. If we are unable to conclude that our internal control over financial reporting is effective, or if our independent registered public accounting firm determines we have a material weakness or significant deficiency in our internal control over financial reporting once that firm begin its Section 404 reviews, we could lose investor confidence in the accuracy and completeness of our financial reports, the market price of our common stock could decline, and we could be subject to sanctions or investigations by Nasdaq, the SEC or other regulatory authorities. Failure to remedy any material weakness in our internal control over financial reporting, or to implement or maintain other effective control systems required of public companies, could also restrict our future access to the capital markets.

Our operations have consumed substantial amounts of cash since our inception, primarily due to our research and development efforts as well as for the commercial launch of Revuforj and Niktimvo. We expect our research and development expenses to increase substantially in connection with our ongoing and development plans. We believe that our existing cash, cash equivalents and short-term investments will fund our projected operating expenses and capital expenditure requirements for at least the next 12 months. Unexpected circumstances may cause us to consume capital more rapidly than we currently anticipate, including as a result of the global economic slowdown, including any recessions that have occurred or may occur in the future. In addition, we may discover that we need to conduct additional activities that exceed our current budget to achieve appropriate rates of patient enrollment, which would increase our development costs. In any event, we may require additional capital to continue the development of, obtain regulatory approval for, and to commercialize our existing product candidates and any future product candidates. Any efforts to secure additional financing may divert our management from our day-to-day activities, which may adversely affect our ability to develop and commercialize our product candidates. While the long-term economic impacts associated with public health crises and global geopolitical tensions, like the ongoing wars between Russia and Ukraine and the Hamas-Israel wars as well as the conflicts in the Middle East, including between Israel and Hezbollah, are difficult to assess or predict, each of these events has caused significant disruptions to the global financial markets and contributed to a general global economic slowdown. Furthermore, inflation rates have increased recently to levels not seen in decades. Increased inflation may result in increased operating costs (including labor costs) and may affect our operating budgets. In addition, the U.S. Federal Reserve has raised and is expected to further raise, interest rates in response to concerns about inflation. Increases in interest rates, especially if coupled with reduced government spending and volatility in financial markets, may further increase economic uncertainty and heighten these risks. If the disruptions and slowdown deepen or persist, we may not be able to access additional capital on favorable terms, or at all, which could in the future negatively affect our financial condition and our ability to pursue our business strategy. We cannot guarantee that future financing will be available in sufficient amounts or on terms acceptable to us, if at all. If we do not raise additional capital when required or on acceptable terms, we may need to: - delay, scale back or discontinue the development or commercialization of our product candidates or cease operations altogether;- seek strategic alliances for our existing product candidates on terms less favorable than might otherwise be available; or - relinquish, or license on unfavorable terms, our rights to technologies or any future product candidates that we otherwise would seek to develop or commercialize ourselves. If we need to conduct additional fundraising activities and we do not raise additional capital in sufficient amounts or on terms acceptable to us, we may be unable to pursue development and commercialization efforts, which will harm our business, operating results and prospects. Our future funding requirements, both short- and long-term, will depend on many factors, including: - the initiation, progress, timing, costs and results of clinical trials of our product candidates;- the outcome, timing and cost of seeking and obtaining regulatory approvals from the FDA and comparable foreign regulatory authorities, including the potential for such authorities to require that we perform more trials than we currently expect;- the cost to establish, maintain, expand and defend the scope of our intellectual property portfolio, including the amount and timing of any payments we may be required to make, or that we may receive, in connection with licensing, preparing, filing, prosecuting, defending and enforcing any patents or other intellectual property rights;- market acceptance of our product candidates;- the cost and timing of selecting, auditing and developing manufacturing capabilities, and potentially validating manufacturing sites for commercial-scale manufacturing;- the cost and timing for obtaining pricing, and coverage and reimbursement by third-party payors, which may require additional trials to address pharmacoeconomic benefit;- the cost of establishing sales, marketing and distribution capabilities for our product candidates if any candidate receives regulatory approval and we determine to commercialize it ourselves;- the costs of acquiring, licensing or investing in additional businesses, products, product candidates and technologies;- the effect of competing technological and market developments;- our need to acquire and implement additional internal systems and infrastructure, including compliance and financial and reporting systems, as we grow our company; and - business interruptions resulting from geo-political actions, including war or the perception that hostilities may be imminent (such as the ongoing wars between Russia and Ukraine and the Hamas-Israel wars as well as the conflicts in the Middle East, including between Israel and Hezbollah), terrorism, natural disasters, including earthquakes, typhoons, floods and fires, or public health crises. If we cannot expand our operations or otherwise capitalize on our business opportunities because we cannot secure sufficient capital, our business, financial condition and results of operations could be materially adversely affected.

To market Revuforj and Niktimvo or any approved product candidate in the future, we must continue building our sales, marketing, distribution, managerial and other non-technical capabilities or make arrangements with third parties to perform these services, as we do not presently have all of these capabilities. To support the commercialization of Revuforj and Niktimvo in the United States, we have established a robust commercial field force comprising highly experienced professionals with extensive experience in hematology and oncology and new product launches. For Revuforj, we manage sales, marketing and distribution through internal resources and third-party relationships. In accordance with our agreement, Incyte leads the commercialization of axatilimab globally and we are co-commercializing Niktimvo in the United States. To further develop our internal sales, distribution and marketing capabilities, we must invest significant amounts of financial and management resources in the future. For drug products where we decide to perform sales, marketing and distribution functions ourselves, we could face a number of challenges, including that: owe may not be able to attract, build and retain an effective marketing or sales organization;othe cost of establishing, training and providing regulatory oversight for a marketing or sales force may not be justifiable in light of the revenue generated by any particular product;oour direct or indirect sales and marketing efforts may not be successful; and othere are significant legal and regulatory risks in drug marketing and sales that we have never faced, and any failure to comply with all legal and regulatory requirements for sales, marketing and distribution could result in enforcement action by the FDA or other authorities that could jeopardize our ability to market the product or could subject us to substantial liabilities. Alternatively, we may rely on third parties to launch and market our future product candidates, if approved. We may have limited or no control over the sales, marketing and distribution activities of these third parties and our future revenue may depend on the success of these third parties. Additionally, if these third parties fail to comply with all applicable legal or regulatory requirements, the FDA or another governmental agency could take enforcement action that could jeopardize their ability and our ability to market our product candidates.

In the ordinary course of business, we collect, receive, store, process, generate, use, transfer, disclose, make accessible, protect, secure, dispose of, transmit, and share, or collectively, process, personal data and other sensitive information, including proprietary and confidential business data, trade secrets, intellectual property, sensitive third-party data, business plans, transactions, clinical trial data and financial information or collectively, sensitive data. Our data processing activities subject us to numerous data privacy and security obligations, such as various laws, regulations, guidance, industry standards, external and internal privacy and security policies, contractual requirements, and other obligations relating to data privacy and security. In the United States, federal, state, and local governments have enacted numerous data privacy and security laws, including data breach notification laws, personal data privacy laws, consumer protection laws (e.g., Section 5 of the Federal Trade Commission Act), and other similar laws (e.g., wiretapping laws). For example, HIPAA as amended by HITECH, imposes specific requirements relating to the privacy, security, and transmission of individually identifiable protected health information. For more information regarding risks associated with HIPAA, please refer to the section above that discusses risks associated with healthcare laws and regulations. In the past few years, numerous U.S. states have enacted comprehensive privacy laws that impose certain obligations on covered businesses, including providing specific disclosures in privacy notices and affording residents with certain rights concerning their personal data. As applicable, such rights may include the right to access, correct, or delete certain personal data, and to opt-out of certain data processing activities, such as targeted advertising, profiling, and automated decision-making. The exercise of these rights may impact our business and ability to provide our products and services. Certain states also impose stricter requirements for processing certain personal data, including sensitive personal data, such as conducting data privacy impact assessments. These state laws allow for statutory fines for noncompliance. For example, the California Consumer Privacy Act, or CCPA, applies to personal data of consumers, business representatives, and employees who are California residents, and requires businesses to provide specific disclosures in privacy notices and honor requests of such individuals to exercise certain privacy rights. The CCPA provides for fines of up to $7,500 per intentional violation and allows private litigants affected by certain data breaches to recover significant statutory damages. Although there are limited exemptions for clinical trial data under the CCPA, the CCPA and other similar laws may impact (possibly significantly) our business activities depending on how it is interpreted, should we become subject to the CCPA in the future. Similar laws are being considered in several other states, as well as at the federal and local levels, and we expect more states to pass similar laws in the future. These developments further complicate compliance efforts and increase legal risk and compliance costs for us and the third parties with whom we work. Outside the United States, an increasing number of laws, regulations, and industry standards may govern data privacy and security. For example, the European Union's General Data Protection Regulation, or EU GDPR, and the United Kingdom's GDPR, or UK GDPR, impose strict requirements for processing personal data. For example, under GDPR, companies may face temporary or definitive bans on data processing and other corrective actions; fines of up to 20 million Euros under the EU GDPR, 17.5 million pounds sterling under the UK GDPR or, in each case, 4% of annual global revenue, whichever is greater; or private litigation related to processing of personal data brought by classes of data subjects or consumer protection organizations authorized at law to represent their interests. We are subject to new laws governing the privacy of consumer health data, including reproductive, sexual orientation, and gender identity privacy rights. For example, Washington's My Health My Data Act, or MHMD, broadly defines consumer health data, places restrictions on processing consumer health data (including imposing stringent requirements for consents), provides consumers certain rights with respect to their health data, and creates a private right of action to allow individuals to sue for violations of the law. Other states have proposed, enacted or are considering similar laws. Our employees and personnel may occasionally use generative artificial intelligence, or AI, technologies to perform their work, and the disclosure and use of personal data in generative AI technologies is subject to various privacy laws and other privacy obligations. Governments have passed and are likely to pass additional laws regulating generative AI. Our use of this technology could result in additional compliance costs, regulatory investigations and actions, and lawsuits. If we are unable to use generative AI, it could make our business less efficient and result in competitive disadvantages. In addition, we may be unable to transfer personal data from Europe and other jurisdictions to the United States or other countries due to data localization requirements or limitations on cross-border data flows. Europe and other jurisdictions have enacted laws requiring data to be localized or limiting the transfer of personal data to other countries. In particular, the European Economic Area, or EEA, and the United Kingdom, or UK, have significantly restricted the transfer of personal data to the United States and other countries whose privacy laws it generally believes are inadequate. Other jurisdictions may adopt or have already adopted similarly stringent data localization and cross-border data transfer laws. Although there are currently various mechanisms that may be used to transfer personal data from the EEA and UK to the United States in compliance with law, such as the EEA's standard contractual clauses, the UK's International Data Transfer Agreement / Addendum, and the EU-U.S. Data Privacy Framework and the UK extension thereto (which allows for transfers to relevant U.S.-based organizations who self-certify compliance and participate in the Framework), these mechanisms are subject to legal challenges, and there is no assurance that we can satisfy or rely on these measures to lawfully transfer personal data to the United States. If there is no lawful manner for us to transfer personal data from the EEA, the UK, or other jurisdictions to the United States, or if the requirements for a legally-compliant transfer are too onerous, we could face significant adverse consequences, including the interruption or degradation of our operations, the need to relocate part of or all of our business or data processing activities to other jurisdictions (such as Europe) at significant expense, increased exposure to regulatory actions, substantial fines and penalties, the inability to transfer data and work with partners,vendors and other third parties, and injunctions against our processing or transferring of personal data necessary to operate our business. Additionally, companies that transfer personal data out of the EEA and UK to other jurisdictions, particularly to the United States, are subject to increased scrutiny from regulators, individual litigants, and activities groups. Some European regulators have ordered certain companies to suspend or permanently cease certain transfers of personal data out of Europe for allegedly violating the GDPR's cross-border data transfer limitations. Regulators in the United States such as the Department of Justice are also increasingly scrutinizing certain personal data transfers and have proposed and may enact certain data localization requirements, for example, the Biden Administration's executive order Preventing Access to Americans' Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern. In addition to data privacy and security laws, we are bound by other contractual obligations related to data privacy and security, and our efforts to comply with such obligations may not be successful. We also publish privacy policies, marketing materials, and other statements concerning data privacy and security. Regulators are increasingly scrutinizing these statements and if these policies, materials, or statements are found to be deficient, lacking in transparency, deceptive, unfair, or misrepresentative of our practices, we may be subject to investigation, enforcement actions by regulators, or other adverse consequences. Our business is reliant on revenue from targeted advertising, but delivering targeted advertisements is becoming increasingly difficult due to changes to our ability to gather information about user behavior through third party platforms, new laws and regulations, and consumer resistance. As a result, we may be required to change the way we market our products, and any of these developments or changes could materially impair our ability to reach new or existing customers or otherwise negatively affect our operations. Obligations related to data privacy and security (and consumers' data privacy expectations) are quickly changing, becoming increasingly stringent, and creating uncertainty. Additionally, these obligations may be subject to differing applications and interpretations, which may be inconsistent or conflict among jurisdictions. Preparing for and complying with these obligations requires us to devote significant resources and may necessitate changes to our services, information technologies, systems, and practices and to those of any third parties with whom we work. We may at times fail (or be perceived to have failed) in our efforts to comply with our data privacy and security obligations. Moreover, despite our efforts, our personnel or third parties with whom we work may fail to comply with such obligations, which could negatively impact our business operations. If we or the third parties with whom we work fail, or are perceived to have failed, to address or comply with applicable data privacy and security obligations, we could face significant consequences, including but not limited to: government enforcement actions (e.g., investigations, fines, penalties, audits, inspections, and similar); litigation (including class-action claims) and mass arbitration demands; additional reporting requirements and/or oversight; bans on processing personal data (including clinical trial data); and orders to destroy or not use personal data. In particular, plaintiffs have become increasingly more active in bringing privacy-related claims against companies, including class claims and mass arbitration demands. Some of these claims allow for the recovery of statutory damages on a per violation basis, and, if viable, carry the potential for monumental statutory damages, depending on the volume of data and the number of violations. Any of these events could have a material adverse effect on our reputation, business, or financial condition, including but not limited to: loss of customers; inability to process personal data or to operate in certain jurisdictions; limited ability to develop or commercialize our products; expenditure of time and resources to defend any claim or inquiry; adverse publicity; or substantial changes to our business model or operations.

The market price of our common stock may be volatile, and in the past, companies that have experienced volatility in the market price of their stock have been subject to securities class action litigation. We may be the target of this type of litigation in the future. Securities litigation against us could result in substantial costs and divert our management's attention from other business concerns, which could seriously harm our business.

As social media continues to expand, it also presents us with new risks and challenges. Social media is increasingly being used to communicate information about us, our programs and the diseases our product candidates are being developed to treat. Social media practices in the biopharmaceutical industry are evolving, creating uncertainty and risk of noncompliance with regulations applicable to our business. For example, patients may use social media platforms to comment on the effectiveness of, or adverse experiences with, a product or a product candidate, which could result in reporting obligations or other consequences. Further, the accidental or intentional disclosure of non-public information by our workforce or others through media channels could lead to information loss. In addition, there is a risk of inappropriate disclosure of sensitive data or negative or inaccurate posts or comments about us, our products, or our product candidates on any social media platform. The nature of social media prevents us from having real-time control over postings about us on social media. We may not be able to reverse damage to our reputation from negative publicity or adverse information posted on social media platforms or similar mediums. If any of these events were to occur or we otherwise fail to comply with application regulations, we could incur liability, face restrictive regulatory actions or incur other harm to our business including quick and irreversible damage to our reputation, brand image and goodwill. Additionally, AI-based platforms are increasingly being used in the biopharmaceutical industry. Sensitive data of the Company or our customers could be leaked, disclosed, or revealed as a result of or in connection with our employees', personnel's, or vendors' potential use of generative AI technologies. Furthermore, the use of AI platforms by third parties, including our vendors, suppliers and contractors, with access to our proprietary and confidential information, including trade secrets, may continue to increase and may lead to the release of such information, which may negatively impact our company, including our ability to realize the benefit of our intellectual property.

We are exposed to the risk that our employees, consultants, distributors, and collaborators may engage in fraudulent or illegal activity. Misconduct by these parties could include intentional, reckless or negligent conduct or disclosure of unauthorized activities to us that violates the regulations of the FDA and non-U.S. regulators, including those laws requiring the reporting of true, complete and accurate information to such regulators, manufacturing standards, healthcare fraud and abuse laws and regulations in the United States and abroad or laws that require the true, complete and accurate reporting of financial information or data. In particular, sales, marketing and business arrangements in the healthcare industry, including the sale of pharmaceuticals, are subject to extensive laws and regulations intended to prevent fraud, misconduct, kickbacks, self-dealing and other abusive practices. These laws and regulations may restrict or prohibit a wide range of pricing, discounting, marketing and promotion, sales commission, customer incentive programs and other business arrangements. We have adopted a code of conduct applicable to all of our employees, officers, directors, agents and representatives, including consultants, but it is not always possible to identify and deter misconduct by our employees and other third parties, and the precautions we take to detect and prevent this activity may not be effective in controlling unknown or unmanaged risks or losses or in protecting us from governmental investigations or other actions or lawsuits stemming from a failure to comply with these laws or regulations. If any such actions are instituted against us and we are not successful in defending ourselves or asserting our rights, those actions could result in the imposition of significant fines or other sanctions, including the imposition of civil, criminal and administrative penalties, damages, monetary fines, disgorgement, individual imprisonment, possible exclusion from participation in Medicare, Medicaid and other federal healthcare programs, additional reporting obligations and oversight if we become subject to a corporate integrity agreement or other agreement to resolve allegations of non-compliance with these laws, contractual damages, reputational harm, diminished profits and future earnings and curtailment of operations, any of which could adversely affect our ability to operate our business and our results of operations. Whether or not we are successful in defending against such actions or investigations, we could incur substantial costs, including legal fees, and divert the attention of management in defending ourselves against any of these claims or investigations.

We do not currently have, nor do we plan to acquire, the infrastructure or capability to manufacture or distribute preclinical, clinical or commercial quantities of drug substance or drug product, including our existing product candidates. While we expect to continue to depend on third-party manufacturers and Incyte for the foreseeable future, we do not have direct control over the ability of these parties to maintain adequate manufacturing capacity and capabilities to serve our needs, including quality control, quality assurance and qualified personnel. In addition, public health crises, may impact the ability of our existing or future manufacturers to perform their obligations to us. We are dependent on our third-party manufacturers and Incyte for compliance with cGMPs and for manufacture of both active drug substances and finished drug products. Facilities used by our third-party manufacturers and Incyte to manufacture drug substance and drug product for commercial sale must be approved by the FDA or other relevant foreign regulatory agencies pursuant to inspections that will be conducted after we submit our NDA or relevant foreign regulatory submission to the applicable regulatory agency. If our third-party manufacturers or Incyte cannot successfully manufacture materials that conform to our specifications and/or the strict regulatory requirements of the FDA or foreign regulatory agencies, they will not be able to secure and/or maintain regulatory approval for their manufacturing facilities. Furthermore, these third-party manufacturers are engaged with other companies to supply and/or manufacture materials or products for such companies, which also exposes our third-party manufacturers to regulatory risks for the production of such materials and products. As a result, failure to meet the regulatory requirements for the production of those materials and products may also affect the regulatory clearance of a third-party manufacturers' facility. If the FDA or a foreign regulatory agency does not approve these facilities for the manufacture of our product candidates, or if it withdraws its approval in the future, we may need to find alternative manufacturing facilities, which would impede or delay our ability to develop, obtain regulatory approval for or market our product candidates, if approved.