Terns Pharmaceuticals (TERN) Risk Factors

Even if one or more of our product candidates receive FDA or other regulatory approvals, the commercial success of any of our current or future product candidates will depend significantly on the broad adoption and use of the resulting product by physicians and patients for approved indications. Given the number of drugs commercially available or in development for the treatment of CML, obesity, and other indications we pursue or may pursue, if we are unsuccessful in achieving a differentiated profile with our product candidates based on efficacy, safety and tolerability, dosing and administration, market acceptance may be limited. Our product candidates may not be commercially successful for a variety of reasons, including, among other things, competitive factors, pricing or physician preference, reimbursement by insurers, the degree and rate of physician and patient adoption of our current or future product candidates. If approved, the commercial success of our product candidates will depend on a number of factors, including: - the clinical indications for which the product candidate is approved and patient demand for approved drugs that treat those indications;- the safety and efficacy of our product candidates as compared to other available therapies;- the availability of coverage and adequate reimbursement from managed care plans, insurers and other healthcare payors for any of our product candidates that may be approved;- acceptance by physicians, operators of clinics and patients of the product candidate as a safe and effective treatment;- physician and patient willingness to adopt a new therapy over other available therapies to treat approved indications;- overcoming any biases physicians or patients may have toward particular therapies for the treatment of approved indications;- proper training and administration of our product candidates by physicians and medical staff;- public misperception regarding the use of our therapies, if approved for commercial sale;- patient satisfaction with the results and administration of our product candidates and overall treatment experience, including, for example, the convenience of any dosing regimen;- the cost of treatment with our product candidates in relation to alternative treatments and reimbursement levels, if any, and willingness to pay for the drug, if approved, on the part of insurance companies and other third-party payors, physicians and patients;- the revenue and profitability that our product candidates may offer a physician as compared to alternative therapies;- the prevalence and severity of side effects;- limitations or warnings contained in the approved labeling for our drugs;- the willingness of physicians, operators of clinics and patients to utilize or adopt our products as a solution;- any FDA requirement to undertake a REMS or similar foreign regulatory requirement;- the effectiveness of our sales, marketing and distribution efforts;- adverse publicity about our product candidates or favorable publicity about competitive drugs; and - potential product liability claims. We cannot assure you that our current or future product candidates, if approved, will achieve broad market acceptance among physicians and patients. Any failure by our product candidates that obtain regulatory approval to achieve market acceptance or commercial success would adversely affect our results of operations.

In the past, companies that have experienced volatility in the market price of their securities have been subject to securities class action litigation. We may be the target of this type of litigation in the future. Regardless of the merits or the ultimate results of such litigation, securities litigation brought against us could result in substantial costs and divert our management's attention from other business concerns.

The global data protection landscape is rapidly evolving, and we and our partners and vendors are or may become subject to various federal, state and foreign laws, regulations and requirements governing the collection, use, disclosure, retention and security of personal information, such as information that we may collect in connection with clinical trials. Implementation standards and enforcement practices are likely to remain uncertain for the foreseeable future, and we cannot yet determine the impact future laws, regulations, standards, or perception of their requirements may have on our business. This evolution may create uncertainty in our business, affect our ability to operate in certain jurisdictions or to collect, store, transfer use and share personal information, necessitate the acceptance of more onerous obligations in our contracts, result in liability or impose additional costs on us. The cost of compliance with these laws, regulations and standards is high and is likely to increase in the future. Any failure or perceived failure by us to comply with federal, state or foreign laws or regulations, our internal policies and procedures or our contracts governing our processing of personal information could result in negative publicity, government investigations and enforcement actions, claims by third parties and damage to our reputation, any of which could have a material adverse effect on our operations, financial performance and business. In the United States, numerous federal and state laws and regulations, including data breach notification laws, health information privacy laws and federal and state consumer protection laws and regulations that govern the collection, use, disclosure and protection of health-related and other personal information could apply to our operations or the operations of our partners. For example, most healthcare providers, including research institutions from which we obtain patient health information, are subject to privacy and security regulations promulgated under HIPAA, as amended by the Health Information Technology for Economic and Clinical Health Act of 2009. Under HIPAA, we could potentially face substantial criminal or civil penalties if we knowingly receive individually identifiable health information from a HIPAA-covered healthcare provider or research institution that has not satisfied HIPAA's requirements for disclosure of individually identifiable health information, or otherwise violate applicable HIPAA requirements related to the protection of such information. Even when HIPAA does not apply, failing to take appropriate steps to keep consumers' personal information secure may constitute a violation of the Federal Trade Commission Act. In addition, we may maintain sensitive personally identifiable information, including health information, that we receive throughout the clinical trial process, in the course of our research collaborations and directly from individuals (or their healthcare providers) who enroll in our patient assistance programs. As such, we may be subject to state laws requiring notification of affected individuals and state regulators in the event of a breach of personal information. In 2018 California passed into law the California Consumer Privacy Act, or CCPA, which took effect on January 1, 2020, and imposed many requirements on businesses that process the personal information of California residents. Many of the CCPA's requirements are similar to those found in the General Data Protection Regulation, or the GDPR, including requiring businesses to provide notice to data subjects regarding the information collected about them and how such information is used and shared, and providing data subjects the right to request access to such personal information and, in certain cases, request the erasure of such personal information. The CCPA also affords California residents the right to opt-out of "sales" of their personal information. The CCPA contains significant penalties for companies that violate its requirements. In November 2020 California voters passed a ballot initiative for the California Privacy Rights Act, or the CPRA, which went into effect on January 1, 2023, and significantly expanded the CCPA to incorporate additional GDPR-like provisions including requiring that the use, retention, and sharing of personal information of California residents be reasonably necessary and proportionate to the purposes of collection or processing, granting additional protections for sensitive personal information, and requiring greater disclosures related to notice to residents regarding retention of information. The CPRA also created a new enforcement agency – the California Privacy Protection Agency – whose sole responsibility is to enforce the CPRA and other California privacy laws, which will further increase compliance risk. The provisions in the CPRA may apply to some of our business activities. In addition, fourteen other states have passed their own versions of comprehensive privacy laws. Four of these laws are already in effect, and the others will go into effect in coming years. Other states will be considering these laws in the future, and Congress has also been debating passing a federal privacy law. On top of these comprehensive privacy laws, Washington, Nevada, and Connecticut have also passed laws specifically regulating consumer health data. The Washington law is particularly noteworthy because it includes a private right of action. These laws may impact our business activities, including our identification of research subjects, relationships with business partners and ultimately the marketing and distribution of our products. Our Phase 1 trial for TERN-701, the CARDINAL trial, includes sites from the United States, Europe and other countries. Any clinical trial programs and research collaborations, among other activities, that we engage in outside the United States may implicate international data protection laws, including, in the EEA, the GDPR, which became effective in 2018. The GDPR imposes stringent operational requirements for processors and controllers of personal data. Among other things, the GDPR requires covered companies to provide detailed notices and to abide by consent requirements for clinical trial subjects and other data subjects, to follow procedures regarding the security of personal data and notification of data processing obligations or security incidents to appropriate data protection authorities or data subjects, and to honor and provide certain privacy rights to individuals within the EEA, including the right to access, correct and delete their personal data. If our privacy or data security measures fail to comply with the requirements of the GDPR or other applicable laws or regulations, we may be subject to litigation, regulatory investigations, enforcement notices and/or enforcement actions requiring us to change the way we use personal data and/or fines. In addition to statutory enforcement, a personal data breach can lead to negative publicity and a potential loss of business. Companies that must comply with the GDPR face increased compliance obligations and risk, including more robust regulatory enforcement of data protection requirements and potential fines for noncompliance of up to €20 million or 4% of the annual global revenues of the noncompliant company, whichever is greater. Further, from January 1, 2021, we have had to comply with the GDPR and the United Kingdom GDPR, or UK GDPR, which, together with the amended UK Data Protection Act 2018, retains the GDPR in UK national law. The UK GDPR mirrors the fines under the GDPR, i.e. fines up to the greater of €20 million (£17.5 million) or 4% of global turnover. The relationship between the United Kingdom and the European Union in relation to certain aspects of data protection law remains unclear, and it is unclear how United Kingdom data protection laws and regulations will develop in the medium to longer term. The European Commission has adopted an adequacy decision in favor of the United Kingdom, enabling data transfers from EU member states to the United Kingdom without additional safeguards. However, the UK adequacy decision will automatically expire in June 2025 unless the European Commission re-assesses and renews or extends that decision. Among other requirements, the GDPR regulates transfers of personal data subject to the GDPR to third countries that have not been found to provide adequate protection to such personal data, including the United States; in July 2020, the Court of Justice of the European Union, or CJEU, invalidated the EU-US Privacy Shield Framework, or Privacy Shield for purposes of international transfers. The EU-US Privacy Shield has now been replaced with the EU-US Data Privacy Framework (DPF), which is intended to address the issues cited by the CJEU in its 2020 court decision. The European Commission issued an adequacy decision for the DPF on July 10, 2023, and it is now a valid mechanism to transfer data from the EU to the US for entities that have registered as part of the DPF. However, it is possible that the validity of the DPF will be challenged in court, which could further create instability related to international data transfers. The CJEU's decision in 2020 also imposed further restrictions on the use of SCCs. The European Commission issued revised SCCs on June 4, 2021 to account for the decision of the CJEU and recommendations made by the European Data Protection Board. The revised SCCs must be used for relevant new data transfers from September 27, 2021. There is also some uncertainty around whether the revised clauses can be used for all types of data transfers, particularly whether they can be relied on for data transfers to non-EEA entities subject to the GDPR. As supervisory authorities issue further guidance on personal data export mechanisms, including circumstances where the SCCs cannot be used, and/or start taking enforcement action, we could suffer additional costs, complaints and/or regulatory investigations or fines, and/or if we are otherwise unable to transfer personal data between and among countries and regions in which we operate, it could affect the manner in which we provide our services, the geographical location or segregation of our relevant systems and operations, and could adversely affect our financial results. The new SCCs apply only to the transfer of personal data outside of the EEA and not the United Kingdom. The United Kingdom has its own guidance for data transfers to other jurisdictions that are not covered by an "adequacy" decision (which includes the United States) and has adopted the International Data Transfer Agreement, which can serve as a basis for companies to lawfully transfer outside of the United Kingdom. The United Kingdom also has its own data privacy framework (called the "UK-US Data Bridge") that allows registered companies to transfer data from the UK to the US in accordance with the UK GDPR. Although we work to comply with applicable laws, regulations and standards, our contractual obligations and other legal obligations, these requirements are evolving and may be modified, interpreted and applied in an inconsistent manner from one jurisdiction to another, and may conflict with one another or other legal obligations with which we must comply. We will likely be required to expend significant capital and other resources to ensure ongoing compliance with applicable privacy and data security laws. Claims that we have violated individuals' privacy rights, failed to comply with applicable laws or breached our contractual obligations, even if we are not found liable, could be expensive and time-consuming to defend, and could result in adverse publicity that could harm our business. Moreover, even if we take all necessary action to comply with regulatory requirements, we could be subject to a hack or data breach, which could subject us to fines and penalties, as well as reputational damage. If we or our partners or vendors fail to comply with applicable federal, state, or local regulatory requirements, we could be subject to a range of regulatory actions that could affect our or any collaborators' ability to seek to commercialize our clinical candidates. Any threatened or actual government enforcement action could also generate adverse publicity and require that we devote substantial resources that could otherwise be used in other aspects of our business. Any of the foregoing could harm our competitive position, business, financial condition, results of operations and prospects.

We are an "emerging growth company," as defined in the JOBS Act, and we intend to take advantage of certain exemptions from various reporting requirements that are available to emerging growth companies including, but not limited to, not being required to comply with the auditor attestation requirements of Section 404, reduced disclosure obligations regarding executive compensation in our periodic reports and proxy statements and exemptions from the requirements of holding a nonbinding advisory vote on executive compensation and stockholder approval of any golden parachute payments not previously approved. In addition, as an "emerging growth company," the JOBS Act allows us to delay adoption of new or revised accounting pronouncements applicable to public companies until such pronouncements are made applicable to private companies. We have elected to use this extended transition period under the JOBS Act. As a result, our consolidated financial statements may not be comparable to the financial statements of issuers who are required to comply with the effective dates for new or revised accounting standards that are applicable to public companies, which may make comparison of our financials to those of other public companies more difficult. We cannot predict if investors will find our common stock less attractive because we will rely on these exemptions. If some investors find our common stock less attractive as a result, there may be a less active trading market for our common stock and our stock price may be more volatile. We may take advantage of these reporting exemptions until we are no longer an emerging growth company. We will remain an emerging growth company until the earlier of (1) the last day of the fiscal year following the fifth anniversary of the consummation of our IPO, (2) the last day of the fiscal year in which we have total annual gross revenue of at least $1.235 billion, (3) the last day of the fiscal year in which we are deemed to be a "large accelerated filer" as defined in Rule 12b-2 under the Securities Exchange Act of 1934, as amended, or the Exchange Act, which would occur if the market value of our common stock held by non-affiliates exceeded $700.0 million as of the last business day of the second fiscal quarter of such year, or (4) the date on which we have issued more than $1.0 billion in non-convertible debt securities during the prior three-year period.

Our quarterly and annual operating results may fluctuate significantly, which makes it difficult for us to predict our future operating results. These fluctuations may occur due to a variety of factors, many of which are outside of our control and may be difficult to predict, including but not limited to: - the timing and cost of, and level of investment in, research, development, pre-commercial and, if approved, commercialization activities relating to our product candidates, which may change from time to time;- the timing and status of enrollment for our clinical trials;- the cost of manufacturing our product candidates, as well as building out our supply chain, which may vary depending on the quantity of production and the terms of our agreements with manufacturers;- expenditures that we may incur to acquire, develop or commercialize additional product candidates and technologies;- timing and amount of any milestone, royalty or other payments due under any collaboration or license agreement;- future accounting pronouncements or changes in our accounting policies;- the timing and success or failure of preclinical studies and clinical trials for our product candidates or competing product candidates, or any other change in the competitive landscape of our industry, including consolidation among our competitors or partners;- the timing of receipt of approvals for, and the scope of or limitation on the marketing authorizations received on, our product candidates from regulatory authorities in the United States and internationally;- coverage and reimbursement policies with respect to our product candidates, if approved, and potential future drugs that compete with our single agent and combination therapies;- the level of demand for our product candidates, if approved, which may vary significantly over time; and - the impact from COVID-19, which may have the effect of magnifying many of the factors described above. The cumulative effects of these factors could result in large fluctuations and unpredictability in our quarterly and annual operating results. As a result, comparing our operating results on a period-to-period basis may not be meaningful. Investors should not rely on our past results as an indication of our future performance. This variability and unpredictability could also result in our failing to meet the expectations of industry or financial analysts or investors for any period. If our revenue or operating results fall below the expectations of analysts or investors or below any forecasts we may provide to the market, or if any forecasts we provide to the market are below the expectations of analysts or investors, the price of our common stock could decline substantially. Such a stock price decline could occur even when we have met any previously publicly stated revenue or earnings guidance we may provide.

As of December 31, 2023, we had 66 full-time employees. We will need to continue to expand our managerial, operational, finance and other resources in order to manage our operations and clinical trials, continue our development activities and, if approved, commercialize our preclinical and clinical-stage product candidates or any future product candidates. Our management and personnel, systems and facilities currently in place may not be adequate to support this future growth. Our need to effectively execute our growth strategy requires that we: - manage our preclinical studies and clinical trials effectively;- identify, recruit, retain, incentivize, train and integrate additional employees, including additional clinical development and sales personnel;- manage our internal development and operational efforts effectively while carrying out our contractual obligations to third parties; and - continue to improve our operational, financial and management controls, reports systems and procedures.

A significant portion of our manufacturing operations is currently conducted in China. Accordingly, our business, results of operations, financial condition and prospects may be influenced to a significant degree by economic, political, legal and social conditions in China as well as China's economic, political, legal and social conditions in relation to the rest of the world. China's economy differs from the economies of developed countries in many respects, including with respect to the amount of government involvement, level of development, growth rate, control of foreign exchange and allocation of resources. While China's economy has experienced significant growth in the past, growth has slowed down and has been uneven across different regions and among various economic sectors of China. China's government has implemented various measures to encourage economic development and guide the allocation of resources. Some of these measures may have a negative effect on us. For example, our financial condition and results of operations may be adversely affected by government control over capital investments or changes in tax regulations that are currently applicable to us. In addition, in the past, China's government implemented certain measures, including interest rate increases, to control the pace of economic growth. These measures may cause decreased economic activity in China, which may adversely affect our business and results of operation. More generally, if the business environment in China deteriorates from the perspective of domestic or international investment, our business in China may also be adversely affected.

Our corporate headquarters and other facilities are located in the San Francisco Bay Area, which has experienced both severe earthquakes and the effects of wildfires. We do not carry earthquake insurance. Earthquakes, wildfires or other natural disasters could severely disrupt our operations, and could materially and adversely affect our business, financial condition, results of operations and prospects. If a natural disaster, power outage or other event occurred that damaged critical infrastructure or that otherwise disrupted operations, it may be difficult or, in certain cases, impossible, for us to continue our business for a substantial period of time. The disaster recovery and business continuity plans we have in place currently are limited and are unlikely to prove adequate in the event of a serious disaster or similar event. We may incur substantial expenses as a result of the limited nature of our disaster recovery and business continuity plans, which, particularly when taken together with our lack of earthquake insurance, could have a material adverse effect on our business. Furthermore, integral parties in our supply chain are similarly vulnerable to natural disasters or other sudden, unforeseen and severe adverse events. If such an event were to affect our supply chain, it could have a material adverse effect on our business.

As is common in the pharmaceutical and biotechnology industries, in addition to our employees, we engage the services of consultants to assist us in the development of our product candidates. Many of these consultants, and many of our employees, were previously employed at, or may have previously provided or may be currently providing consulting services to, universities or other pharmaceutical or biotechnology companies including our competitors or potential competitors. These employees and consultants may have executed proprietary rights, non-disclosure and non-competition agreements, or similar agreements, in connection with such other current or previous employment. Although we try to ensure that our employees and consultants do not use the proprietary information or know-how of others in their work for us and seek assurances that they will not, we may become subject to claims that we, our employees or a consultant inadvertently or otherwise used or disclosed trade secrets or other information proprietary to their former employers or their former or current clients. Litigation may be necessary to defend against these claims. If we fail in successfully defending any such claims, in addition to paying monetary damages, we may lose valuable intellectual property rights, which could adversely affect our business. Such intellectual property could be awarded to a third party, and we could be required to obtain a license from such third party to commercialize our technology or drugs and combination therapies. Even if we are successful in defending against these claims, litigation could result in substantial costs and be a distraction to our management team. Any of the foregoing would have a material adverse effect on our business, financial condition, results of operations and prospects.

We currently do not have the ability to independently conduct preclinical studies that comply with the regulatory requirements known as good laboratory practice, or GLP, requirements. The FDA and regulatory authorities in other jurisdictions require us to comply with GCP requirements for conducting, monitoring, recording and reporting the results of clinical trials, in order to ensure that the data and results are scientifically credible and accurate and that the trial subjects are adequately informed of the potential risks of participating in clinical trials. We rely on medical institutions, clinical investigators, contract laboratories and other third parties, such as CROs, to conduct GLP-compliant nonclinical studies and GCP-compliant clinical trials on our product candidates properly and on time. While we will have agreements governing their activities, we control only certain aspects of their activities and have limited influence over their actual performance. The third parties with whom we contract for execution of our GLP nonclinical studies and our GCP clinical trials play a significant role in the conduct of these studies and trials and the subsequent collection and analysis of data. These third parties are not our employees and, except for restrictions imposed by our contracts with such third parties, we have limited ability to control the amount or timing of resources that they devote to our programs. Although we rely on these third parties to conduct GLP-compliant preclinical and nonclinical studies and GCP-compliant clinical trials for our product candidates, we remain responsible for ensuring that each of our GLP preclinical studies and clinical trials is conducted in accordance with its investigational plan and protocol and applicable laws and regulations, and our reliance on the CROs does not relieve us of our regulatory responsibilities. Many of the third parties with whom we contract may also have relationships with other commercial entities, including our competitors, for whom they may also be conducting clinical trials or other drug development activities that could harm our competitive position. If the third parties conducting our GLP preclinical or nonclinical studies or our clinical trials do not perform their contractual duties or obligations, experience work stoppages, do not meet expected deadlines, terminate their agreements with us or need to be replaced, or if the quality or accuracy of the clinical data they obtain is compromised due to their failure to adhere to our clinical trial protocols or to GCPs, or for any other reason, we may need to enter into new arrangements with alternative third parties. This could be difficult, costly or impossible, and our preclinical studies or clinical trials may need to be extended, delayed, terminated or repeated. As a result we may not be able to obtain regulatory approval in a timely fashion, or at all, for the applicable product candidate, our financial results and the commercial prospects for our product candidates would be harmed, our costs could increase and our ability to generate revenues could be delayed.