SuRo Capital (SSSS) Risk Analysis

Our business (including that of our portfolio companies) faces increasing public scrutiny related to environmental, social, and governance ("ESG") activities. A variety of organizations measure the performance of companies on ESG topics, and the results of these assessments are widely publicized. If our ESG ratings or performance do not meet the standards set by such investors or our stockholders, they may choose to exclude our securities from their investments. In addition, investment in funds that specialize in companies that perform well in such assessments remain popular, and major institutional investors have publicly discussed their consideration of such ESG ratings and measures in making their investment decisions. We risk damage to our brand and reputation if we fail to act responsibly in a number of areas, including, but not limited to, human rights, climate change and environmental stewardship, support for local communities, corporate governance and transparency, or consideration of ESG factors in our investment processes. Adverse incidents with respect to ESG activities could impact the value of our brand, our relationship with existing and future portfolio companies, the cost of our operations and relationships with investors, all of which could adversely affect our business and results of operations. Conversely, "anti-ESG" sentiment has gained momentum across the U.S., with a growing number of states, federal agencies, the executive branch and Congress having enacted, proposed or indicated an intent to pursue "anti-ESG" policies, legislation or issued related legal opinions and engaged in related investigations and litigation. If investors subject to "anti-ESG" legislation view our investment activities as being in contradiction of such "anti-ESG" policies, legislation or legal opinions, such investors may not invest in us and it could negatively impact the price of our common stock. In addition, corporate diversity, equity and inclusion ("DEI") practices have recently come under increasing scrutiny. For example, some advocacy groups and federal and state officials have asserted that the U.S. Supreme Court's decision striking down race-based affirmative action in higher education in June 2023 should be analogized to private employment matters and private contract matters and several media campaigns and cases alleging discrimination based on such arguments have been initiated since the decision. Additionally, in January 2025, President Trump signed a number of Executive Orders focused on DEI, which indicate continued scrutiny of DEI initiatives and potential related investigations of certain private entities with respect to DEI initiatives, including publicly traded companies. If we do not successfully manage expectations across varied stakeholder interests, it could erode stakeholder trust, impact our reputation and constrain our investment opportunities. Such scrutiny of both ESG and DEI related practices could expose our investment adviser to the risk of litigation, investigations or challenges by federal or state authorities or result in reputational harm. There is also regulatory interest across jurisdictions in improving transparency regarding the definition, measurement and disclosure of ESG factors in order to allow investors to validate and better understand sustainability claims. For example, the SEC sometimes reviews compliance with ESG commitments in examinations and has taken enforcement actions against registered investment advisers for not establishing adequate or consistently implementing ESG policies and procedures to meet ESG commitments to investors. In March 2024, the SEC adopted rules aimed at enhancing and standardizing climate-related disclosures; however, these rules are stayed pending the outcome of consolidated legal challenges in the Eighth Circuit Court of Appeals. At the state level, in October 2023, California enacted legislation that will ultimately require certain companies that do business in California to publicly disclose their Scopes 1, 2, and 3 greenhouse gas emissions, with third party assurance of such data, and issue public reports on their climate-related financial risk and related mitigation measures. Compliance with any new laws or regulations increases our regulatory burden and could result in increased legal, accounting and compliance costs, make some activities more difficult, time-consuming and costly, affect the manner in which we or our portfolio companies conduct our businesses and adversely affect our profitability.

Terrorist acts, acts of war or natural disasters, including as a result of global climate change, may disrupt our operations, as well as the operations of the businesses in which we invest. Such acts have created, and may continue to create, economic and political uncertainties and have contributed to global economic instability. Terrorist activities, military or security operations, global health emergencies, or extreme weather conditions or other natural disasters, including as a result of global climate change, could further weaken domestic and/or global economies and create additional uncertainties, which may negatively impact the businesses in which we invest directly or indirectly and, in turn, could have a material adverse impact on our business, operating results and financial condition. Losses from terrorist attacks, global health emergencies, and extreme weather conditions or other natural disasters are generally uninsurable. The nature and level of extreme weather conditions or other natural disasters cannot be predicted and may be exacerbated by global climate change.

From time to time, capital markets may experience periods of disruption and instability, including during portions of the last three fiscal years. Since 2020, the U.S. capital markets have experienced extreme volatility and disruption. Despite actions of the U.S. federal government and foreign governments, these types of events contribute to unpredictable general economic conditions that materially and adversely impact the broader financial and credit markets and reduce the availability of debt and equity capital for the market as a whole. These conditions could continue for a prolonged period of time or worsen in the future. Given the ongoing and dynamic nature of recent market disruption and instability, it is difficult to predict the full impact of these conditions on our business. The extent of any such impact will depend on future developments, which are highly uncertain, including the duration or reoccurrence of any potential business or supply chain disruption, changes in interest rates and inflation rates, global conflicts, health epidemics and pandemics and the actions taken by governments in response to these conditions. During any such periods of market disruption and instability, we and other companies in the financial services sector may have limited access, if available, to alternative markets for debt and equity capital. Equity capital may be difficult to raise because, subject to some limited exceptions which will apply to us as a BDC, we will generally not be able to issue additional shares of our common stock at a price less than NAV without first obtaining approval for such issuance from our stockholders and our independent directors. Volatility and dislocation in the capital markets can also create a challenging environment in which to raise or access debt capital, and our ability to incur indebtedness (including by issuing preferred stock) is limited by applicable regulations such that our asset coverage (as defined in the 1940 Act) must equal at least 200% (or 150% if certain requirements are met) immediately after each time we incur indebtedness. The continuance or reappearance of market conditions similar to those experienced during portions of the last three fiscal years for any substantial length of time could make it difficult to extend the maturity of or refinance our existing indebtedness or obtain new indebtedness with similar terms and any failure to do so could have a material adverse effect on our business. The debt capital that will be available to us in the future, if at all, may be at a higher cost and on less favorable terms and conditions than what we currently experience, including being at a higher cost in rising rate environments. If we are unable to raise or refinance debt, then our equity investors may not benefit from the potential for increased returns on equity resulting from leverage and we may be limited in our ability to make new commitments or to fund existing commitments to our portfolio companies. An inability to extend the maturity of, or refinance, our existing indebtedness or obtain new indebtedness could have a material adverse effect on our business, financial condition or results of operations. Significant volatility and disruption, has had, and in the future may have, a negative effect on the valuations of our investments and on the potential for liquidity events involving these investments. While most of our investments are not publicly traded, applicable accounting standards require us to assume, as part of our valuation process, that our investments are sold in orderly mark-to-market transactions between market participants. As a result, volatility in the capital markets can adversely affect our investment valuations. Significant disruption or volatility in the capital markets may also affect the pace of our investment activity and the potential for liquidity events involving our investments. The illiquidity of our investments may make it difficult for us to sell such investments to access capital if required and to value such investments. Consequently, we may realize significantly less than the value at which we carry our investments. An inability to raise capital, and any required sale of our investments for liquidity purposes, could have a material adverse impact on our business, financial condition or results of operations. In addition, a prolonged period of market illiquidity may cause us to reduce the volume of loans and debt securities we originate and/or fund and adversely affect the value of our portfolio investments, which could have a material and adverse effect on our business, financial condition, results of operations and cash flows.

A large number of entities compete with us to make the types of direct equity investments that we target as part of our business strategy. We compete for such investments with a large number of private equity and venture capital funds, other equity and non-equity based investment funds, investment banks and other sources of financing, including traditional financial services companies such as commercial banks and specialty finance companies. Many of our competitors are substantially larger than us and have considerably greater financial, technical and marketing resources than we do. For example, some competitors may have a lower cost of funds and access to funding sources that are not available to us. In addition, some of our competitors may have higher risk tolerances or different risk assessments, which could allow them to consider a wider variety of investments and establish more relationships than us. Furthermore, many of our competitors are not subject to the regulatory restrictions that the 1940 Act imposes on us as a BDC or to the distribution and other requirements we must satisfy to maintain our ability to subject to tax as a RIC. These characteristics could allow our competitors to consider a wider variety of investments, establish more relationships and offer financing at more attractive terms than we are able to offer. There can be no assurance that the competitive pressures we face will not have a material adverse effect on our business, financial condition and results of operations. Also, as a result of this competition, we may not be able to take advantage of attractive investment opportunities from time to time, and we can offer no assurance that we will be able to identify and make direct equity investments that are consistent with our investment objective.

Our portfolio may be exposed in part to one or more specific industries. A downturn in any particular industry in which we are invested could significantly impact the aggregate returns we realize. If an industry in which we have significant investments suffers from adverse business or economic conditions, a material portion of our investment portfolio could be adversely affected, which, in turn, could adversely affect our financial position and results of operations. Given the experience of our executive officers and investment professionals within the technology space, a number of the companies in which we have invested and intend to invest operate in technology-related sectors, and as of December 31, 2024, our largest industry concentrations of our total investments at fair value were in the artificial intelligence infrastructure & applications sector, which represented approximately 27.7% of our portfolio, and the software-as-a-service ("SaaS") sector, which represented approximately 23.5% of our portfolio. Additionally, our investments in the consumer goods & services sector represented approximately 14.5% of our portfolio, our investments in the educational technology sector represented approximately 13.1% of our portfolio, and our investments in the logistics & supply chain sector represented approximately 11.0% of our portfolio. Therefore, we are susceptible to the economic circumstances and market conditions in these industries, and a downturn in one or more of these industries could have a material adverse effect on our business and results of operations. Our investment in the artificial intelligence infrastructure & applications sector is subject to substantial risks due to rapid technological evolution, regulatory uncertainty, and operational vulnerabilities. Companies in this sector-including generative artificial intelligence infrastructure & application companies-are frequently subject to unpredictable revenue, profitability, and valuations, as many such companies are in their startup or emerging stages and face challenges such as competitive pressures and technical hurdles. Additionally, emerging and evolving legal frameworks and regulatory compliance in this sector may increase such companies' costs and, accordingly, constrain their operations. Our equity investments in such companies may be limited, and because we may not control these companies, we may be limited in our ability to influence their risk mitigation approaches. Founders and larger shareholders may prioritize growth over compliance or ethical safeguards, heightening these companies' exposure to regulatory actions, reputational damage, and economic penalties, any or all of which could negatively impact our investment. Artificial intelligence infrastructure & application companies may also face monetization challenges, which could threaten their returns. These companies may struggle to commercialize prototypes amid customer skepticism, pricing model uncertainties, and high operational costs upon startup. Further, rapid technological advancements, including breakthroughs in quantum machine learning, may render existing models obsolete. Additionally, certain of these companies may experience semiconductor supply chain vulnerabilities, causing operational delays as they execute on their go-to-market strategies. Any or all of these phenomena may impact such companies' business, financial condition, or results of operations, thereby negatively impacting the value of our investments. Our investment in the SaaS sector is subject to substantial risks. For example, such portfolio companies may be subject to consumer protection laws that are enforced by regulators such as the Federal Trade Commission and private parties, and include statutes that regulate the collection and use of information for marketing purposes. Any new legislation or regulations regarding the Internet, mobile devices, software sales or export and/or the cloud or SaaS industry, and/or the application of existing laws and regulations to the Internet, mobile devices, software sales or export and/or the cloud or SaaS industry, could create new legal or regulatory burdens on these portfolio companies that could have a material adverse effect on their respective operations. In addition, our SaaS portfolio companies may incur significant operating losses and negative cash flows during certain times of their respective life cycles, resulting in an adverse impact on their operations. Because our SaaS portfolio companies are generally investments that are underwritten and valued on "recurring revenue" rather than EBITDA, the fair value determinations of such companies are inherently uncertain and may fluctuate over short periods of time. They are also subject to the risks that their customers have financial difficulties that make them unable or unwilling to pay for the software and services that drive a portfolio company's recurring revenue projections. For these reasons, our financial results could be materially adversely affected if our portfolio companies in the SaaS industry encounter financial difficulty. Our investment in the consumer goods and services sector is subject to substantial risks. Companies in the consumer goods and services sector frequently experience fluctuations in their earnings due to consumer cyclicality, and are extremely sensitive to economic downturns or recessions as well as currency fluctuations. These companies are also subject to changing consumer tastes, extensive competition, product liability litigation and increased government regulation. Generally, spending on consumer goods and services is affected by the health of consumers. Companies in the consumer goods and services sectors are subject to government regulation affecting the permissibility of using various food additives and production methods, which regulations could affect company profitability. A weak economy and its effect on consumer spending would adversely affect companies in the consumer products and services sector and, in turn, the value of our investments in companies in that sector. Our investment in the education technology industry is subject to substantial risks. The revenue, income (or losses) and valuations of technology-related companies can and often do fluctuate suddenly and dramatically. In addition, because of rapid technological change, the average selling prices of products and some services provided by companies in technology-related sectors have historically decreased over their productive lives. In addition, our portfolio companies in these sectors face intense competition since their businesses are rapidly evolving, intensely competitive and subject to changing technology, shifting user needs and frequent introductions of new products and services. For example, new technologies, including those based on artificial intelligence, can provide students with more immediate responses to inquiries than traditional tools, and over time, the accuracy of these tools and their ability to handle complex questions may improve, all of which may be disruptive to education technology businesses. Potential competitors to our portfolio companies in the education technology industry range from large and established companies to emerging start-ups. Further, such companies may be subject to laws that were adopted prior to the advent of the Internet and related technologies and, as a result, may not contemplate or address the unique issues of the Internet and related technologies. The laws that do reference the Internet are being interpreted by the courts, but their applicability and scope remain uncertain. Claims have been threatened and filed under both U.S. and foreign laws for defamation, invasion of privacy and other tort claims, unlawful activity, copyright and trademark infringement, or other theories based on the nature and content of the materials searched and the ads posted by a company's users, a company's products and services, or content generated by a company's users. Further, the growth of technology-related companies into a variety of new fields implicate a variety of new regulatory issues and may subject such companies to increased regulatory scrutiny, particularly in the U.S. and Europe. Education technology has been a subject of particular scrutiny; for example, in 2019, certain members of the United States Senate circulated letters to education technology companies regarding their concerns about the amount of data being collected on students utilizing such technologies and the potential safety and security risks to children related to such data collection. Evolving regulatory landscapes and our portfolio companies' mandated compliance with new laws and regulations could add new challenges to their operations and negatively affect such companies' results of operations and, in turn, our business. Our investment in the supply chain and logistics sector is subject to substantial risks. Geopolitical conflicts, trade restrictions, and regional instability can disrupt critical shipping lanes and cross-border commerce, while reliance on international suppliers heightens vulnerability to customs delays, tariff fluctuations, and sudden regulatory changes, all of which could impact the business, financial condition, and results of operations of such companies. Additionally, prolonged port congestion, container shortages, and labor disputes at key transit hubs may further impede delivery timelines, eroding customer trust and such companies' contractual compliance, thus impacting these companies' business and, accordingly, our investment. Natural disasters, including hurricanes, floods, wildfires, and public health emergencies, as well as climate-related events, can necessitate rapid supply chain reconfiguration and disrupt essential infrastructure such as warehouses and transportation corridors. Companies must also navigate complex regulatory frameworks across jurisdictions governing emissions, labor practices, and safety protocols; for instance, stricter carbon disclosure requirements and evolving fuel efficiency standards may require costly compliance measures. Moreover, labor shortages in trucking, warehousing, and dock operations-as well as potential disruptions from unionization or collective bargaining-could further impact operational efficiency and profit margins. Any or all of these considerations or circumstances could distract these companies' attention from their effective management, thereby potentially negatively impacting their financial condition and results of operations and, in turn, the value of our investment in such companies. Common to all of the artificial intelligence infrastructure & applications, SaaS, consumer goods & services, education technology, and supply chain & logistic sectors are risks related to cybersecurity. Any of the portfolio companies in these sectors could be required to make a significant investment to remedy the effects of any cybersecurity incident, harm to their reputations, legal claims that they and their respective affiliates may be subjected to, regulatory action or enforcement arising out of applicable privacy and other laws, adverse publicity, and other events that may affect their business and financial performance. The increased use of mobile and cloud technologies can heighten these and other operational risks. Any of these factors could materially and adversely affect the business and operations of a portfolio company in these industries and, in turn, adversely affect the value of these portfolio companies and the value of any securities that we may hold.

We have significant flexibility in applying the proceeds of our offerings and may use the net proceeds from such offerings in ways with which you may not agree, or for purposes other than those contemplated at the time of the offering. We cannot assure you that we will be able to successfully utilize the proceeds within the time frame contemplated. We will also pay operating expenses, and may pay other expenses such as due diligence expenses of potential new investments, from the net proceeds of any offering. Our ability to achieve our investment objective may be limited to the extent that the net proceeds of an offering, pending full investment, are used to pay operating expenses. In addition, we can provide you no assurance that any such offerings will be successful, or that by increasing the size of our available equity capital our aggregate expenses, and correspondingly, our expense ratio, will be lowered.

Cybersecurity incidents and cyber-attacks have been occurring globally at a more frequent and severe level, and will likely continue to increase in frequency in the future. The occurrence of a disaster, such as a cyber-attack against us or against a third party that has access to our data or networks, a natural catastrophe, an industrial accident, failure of our disaster recovery systems, or consequential employee error, could have an adverse effect on our ability to communicate or conduct business, negatively impacting our operations and financial condition. This adverse effect can become particularly acute if those events affect our electronic data processing, transmission, storage, and retrieval systems, or impact the availability, integrity, or confidentiality of our data. Our business operations rely upon secure information technology systems for data processing, storage and reporting. Despite careful security and controls design, implementation and updating, our information technology systems could become subject to cyber-attacks. Network, system, application and data breaches could result in operational disruptions or information misappropriation, which could have a material adverse effect on our business, results of operations and financial condition. The occurrence of a disaster such as a cyber-attack, a natural catastrophe, an industrial accident, a terrorist attack or war, events unanticipated in our disaster recovery systems, or a support failure from external providers, could have an adverse effect on our ability to conduct business and on our results of operations and financial condition, particularly if those events affect our computer-based data processing, transmission, storage, and retrieval systems or destroy data. If a significant number of the members of our management team are unavailable in the event of a disaster, our ability to effectively conduct our business could be severely compromised. We depend heavily upon computer systems to perform necessary business functions. Despite our implementation of a variety of security measures, our computer systems could be subject to cyber-attacks and unauthorized access, such as physical and electronic break-ins or unauthorized tampering. Like other companies, we may experience threats to our data and systems, including malware and computer virus attacks, unauthorized access, system failures and disruptions. If one or more of these events occurs, it could potentially jeopardize the confidential, proprietary and other information processed and stored in, and transmitted through, our computer systems and networks, or otherwise cause interruptions or malfunctions in our operations, which could result in damage to our reputation, financial losses, litigation, increased costs, regulatory penalties and/or customer dissatisfaction or loss, reputational damage, and increased costs associated with mitigation of damages and remediation. If unauthorized parties gain access to such information and technology systems, they may be able to steal, publish, delete or modify private and sensitive information, including nonpublic personal information related to stockholders (and their beneficial owners) and material non-public information. The systems we have implemented to manage risks relating to these types of events could prove to be inadequate and, if compromised, could become inoperable for extended periods of time, cease to function properly or fail to adequately secure private information. Breaches such as those involving covertly introduced malware, impersonation of authorized users and industrial or other espionage may not be identified even with sophisticated prevention and detection systems, potentially resulting in further harm and preventing them from being addressed appropriately. The failure of these systems or of disaster recovery plans for any reason could cause significant interruptions in our operations and result in a failure to maintain the security, confidentiality or privacy of sensitive data, including personal information relating to stockholders, material non-public information and other sensitive information in our possession. A disaster or a disruption in the infrastructure that supports our business, including a disruption involving electronic communications or other services used by us or third parties with whom we conduct business, or directly affecting our headquarters, could have a material adverse impact on our ability to continue to operate our business without interruption. Our disaster recovery programs may not be sufficient to mitigate the harm that may result from such a disaster or disruption. In addition, insurance and other safeguards might only partially reimburse us for our losses, if at all. Third parties with which we do business may also be sources of cybersecurity or other technological risk. We outsource certain functions and these relationships allow for the storage and processing of our information, as well as client, counterparty, employee, and borrower information. While we engage in actions to reduce our exposure resulting from outsourcing, ongoing threats may result in unauthorized access, loss, exposure, destruction, or other cybersecurity incident that affects our data, resulting in increased costs and other consequences as described above. In addition, cybersecurity has become a top priority for regulators around the world, and some jurisdictions have enacted laws requiring companies to notify individuals of data security breaches involving certain types of personal data. If we fail to comply with the relevant laws and regulations, we could suffer financial losses, a disruption of our businesses, liability to investors, regulatory intervention or reputational damage. Finally, the increased use of mobile and cloud technologies due to the proliferation of remote work could heighten these and other operational risks as certain aspects of the security of such technologies may be complex and unpredictable. Reliance on mobile or cloud technology or any failure by mobile technology and cloud service providers to adequately safeguard their systems and prevent cyber-attacks could disrupt our operations, the operations of a portfolio company or the operations of our or their service providers and result in misappropriation, corruption or loss of personal, confidential or proprietary information or the inability to conduct ordinary business operations. In addition, there is a risk that encryption and other protective measures may be circumvented, particularly to the extent that new computing technologies increase the speed and computing power available. An extended period of remote working, whether by us, our portfolio companies, or our third-party providers, could strain technology resources and introduce operational risks, including heightened cybersecurity risk. Remote working environments may be less secure and more susceptible to hacking attacks, including phishing and social engineering attempts. Accordingly, the risks described above are heightened under current conditions.

Our business is highly dependent on our and third parties' communications and information systems. Any failure or interruption of those systems, including as a result of the termination of an agreement with any third-party service providers, could cause delays or other problems in our activities. Our financial, accounting, data processing, backup or other operating systems and facilities may fail to operate properly or become disabled or damaged as a result of a number of factors including events that are wholly or partially beyond our control and may adversely affect our business. There could be: - sudden electrical or telecommunications outages;         - natural disasters such as earthquakes, tornadoes and hurricanes;         - disease pandemics;         - events arising from local or larger scale political or social matters, including terrorist acts; and         - cyber-attacks. These events, in turn, could have a material adverse effect on our operating results and negatively affect the market price of our common stock and our ability to pay dividends to our stockholders.

As an internally managed BDC, our ability to achieve our investment objectives and to make distributions to our stockholders depends upon the performance of our management team and investment professionals. We depend upon the expertise, skill and network of members of our management and our investment professionals for the identification, diligence, final selection, structuring, closing and monitoring of our investments. These employees have critical industry experience and relationships on which we rely to implement our business plan. If we lose the services of key members of our team, we may not be able to operate the business as we expect, and our ability to compete could be harmed, which could cause our operating results to suffer. We believe our future success will depend, in part, on our ability to identify, attract and retain sufficient numbers of highly skilled employees. If we do not succeed in identifying, attracting and retaining such personnel, we may not be able to operate our business as we expect. As an internally managed BDC, our compensation structure is determined and set by our Board of Directors and its Compensation Committee. This structure currently includes salary, bonus and incentive compensation. We are not generally permitted by the 1940 Act to employ an incentive compensation structure that directly ties performance of our investment portfolio and results of operations to incentive compensation. Members of our team may receive offers of more flexible and attractive compensation arrangements from other companies, particularly from investment advisers to externally managed BDCs that are not subject to the same limitations on incentive-based compensation that we are subject to as an internally managed BDC. A departure by one or more members of our team or competing demands on their time could have a negative impact on our business, financial condition and results of operations.