Willis Towers Watson (WTW) Risk Analysis

International conflicts and related geopolitical tensions increase the risk of sanctions impacting our business. In February 2022, Russia invaded Ukraine, which led to a series of economic and other sanctions on Russia imposed by the U.S., the E.U., the U.K., and other authorities. There also continue to be diplomatic and trade tensions between the U.S. and China, which have been exacerbated by Chinese military exercises around Taiwan, and which could lead to an increase in sanctions and the implementation of other trade measures. There has been an increase in U.S. sanctions designations in relation to Russia and China and counter-sanctions from both Russia and China in response to these sanctions. Additionally, in October 2023, conflict escalated in the Middle East between Israel and Hamas, and subsequently Hezbollah and Iran. Sanctions issued in response to these Middle East conflicts could have an adverse impact on our operations. Sanctions imposed by the U.S., the E.U., the U.K. and other authorities on Russia, as well as Russian counter-sanctions, are extensive. Russian actions and the resulting sanctions could adversely affect the global economy and financial markets and lead to instability and lack of liquidity in capital markets. The ramifications of the hostilities and sanctions, however, may not be limited to Russia and Russian companies but may spill over to and negatively impact other regional and global economic markets (including Europe and the United States), companies in other countries (particularly those that have done business with Russia) and various sectors, industries and markets for securities and commodities globally, such as oil and natural gas. Accordingly, the actions discussed above and the potential for a wider conflict could increase financial market volatility and could cause severe negative effects on regional and global economic markets, industries and companies. In addition, retaliatory actions and other countermeasures by Russia, including cyberattacks and espionage against other countries and companies around the world, including where we do business, may negatively impact such countries and companies like us. The extent and duration of the Russian actions or future escalation of such hostilities, the extent and impact of existing and future sanctions, market disruptions and volatility, and the result of any diplomatic negotiations cannot be predicted. Touchpoints with sanctioned individuals, entities or locations can be difficult to identify and, given the increased scope and complexity of sanctions and the manual and varied nature of some of our processes, there is an increased risk of non-compliance. A number of volatile geopolitical events are likely to affect the implementation of sanctions such as the escalation of sanctions towards Belarus, Russia's invasion of Ukraine, the Israel-Hamas conflict, negotiations between the E.U., U.S. and Iran over a new nuclear deal, as well as continuing tensions between the U.S. and China with their sanctions and subsequent counter-sanctions. Some of these jurisdictions, such as China, may include significant businesses for us. As a result, we cannot predict the impacts of any changes in the U.S., E.U., U.K. or other sanctions, and whether such changes could have a material adverse impact on our operations or financial results.

Many of our businesses are heavily dependent on the insurance industry. Any negative developments that occur in the insurance industry may have a material adverse effect on our business and our results of operations. In addition, if we fail to maintain good relationships with insurance carriers, it may have a material adverse effect on our business and results of operations. The private health insurance industry in the U.S. has experienced a substantial amount of consolidation over the past several years, resulting in a decrease in the number of insurance carriers. In the future, it may become necessary for us to offer insurance plans from a reduced number of insurance carriers or to derive a greater portion of our revenue from a more concentrated number of carriers as our business and the health insurance industry continue to evolve. The termination, amendment or consolidation of our relationships with our insurance carriers in the U.S. or in any other jurisdiction could harm our business, results of operations and financial condition.

We continue to expand our businesses and operations into new regions throughout the world, including emerging markets. In conducting our businesses and maintaining and supporting our global operations, we are subject to political, economic, legal, regulatory, compliance, cultural, market, operational and other risks. The possible effects of political, economic, financial and climate change related disruptions throughout the world could have an adverse impact on our businesses and financial results. These risks include: - the general economic and political conditions in the U.S. and foreign countries (including political and social unrest in certain regions);- the imposition of controls or limitations on the conversion of foreign currencies or remittance of dividends and other payments by foreign subsidiaries;- the imposition of sanctions by both the U.S. and foreign governments;- the imposition of withholding and other taxes on remittances and other payments from subsidiaries;- the imposition or increase of investment and other restrictions by foreign governments;- fluctuations in currency exchange rates or our tax rates;- difficulties in controlling operations and monitoring colleagues in geographically dispersed and culturally diverse locations; and - the practical challenges and costs of complying, or monitoring compliance, with a wide variety of foreign laws (some of which are evolving or are not as well-developed as the laws of the U.S. or U.K. or which may conflict with U.S. or other sources of law), and regulations applicable to insurance brokers and other business operations abroad (in more than 140 countries, including many in emerging markets), including laws, rules and regulations relating to the conduct of business, trade sanction laws administered by the U.S. Office of Foreign Assets Control, the E.U., the U.K. and the United Nations (‘U.N.'), and the requirements of the U.S. Foreign Corrupt Practices Act (‘FCPA'), as well as other anti-bribery and corruption rules and requirements in all of the countries in which we operate.

We are exposed to various risks arising out of disasters and business continuity problems, such as fires (such as the recent wildfires in southern California), earthquakes, hurricanes, terrorist attacks, acts of war or civil unrest, pandemics, security breaches, ransomware or destructive malware attacks, power loss, telecommunications failures or other natural or man-made disasters. Should we experience such an event, we may incur operational challenges, and our continued success will depend, in part, on the availability of our personnel, our office facilities, our outsourcing providers or other vendors, access to data, and the proper functioning of our computer, telecommunication and other related systems and operations. A disaster or business continuity problem of a significant scale or affecting certain of our key operating areas within or across regions, or our inability to successfully recover from such an event, particularly if any of these problems occur during peak times, could materially interrupt our business operations and cause material financial loss, loss of human capital, regulatory actions, reputational harm, damaged client relationships or legal liability.

A significant portion of our operations is conducted outside of the U.S. Accordingly, we are subject to legal, economic and market risks associated with operating in foreign countries, including devaluations and fluctuations in currency exchange rates; imposition of limitations on conversion of foreign currencies into Pounds sterling or U.S. dollars or remittance of dividends and other payments by foreign subsidiaries; hyperinflation in certain foreign countries; adverse or unexpected impacts of fiscal and monetary policies of foreign countries; imposition or increase of investment and other restrictions by foreign governments; and the requirement of complying with a wide variety of foreign laws. We report our operating results and financial condition in U.S. dollars. Our U.S. operations earn revenue and incur expenses primarily in U.S. dollars. In our London market operations however, we earn revenue in a number of different currencies, but expenses are almost entirely incurred in Pounds sterling. Outside of the U.S. and our London market operations, we predominantly generate revenue and expenses in local currencies. Because of devaluations and fluctuations in currency exchange rates or the imposition of limitations on conversion of foreign currencies into U.S. dollars, we are subject to currency translation exposure on the profits of our operations, in addition to economic exposure. Furthermore, the mismatch between Pounds sterling revenue and expenses, together with any net Pounds sterling balance sheet position we hold in our U.S. dollar-denominated London market operations, creates an exchange exposure. While we do utilize hedging strategies to attempt to reduce the impact of foreign currency fluctuations, there can be no assurance that our hedging strategies will be effective.

Our success depends, in part, on our ability to develop and implement innovative technology, data and analytic solutions that anticipate, lead, keep pace with or respond to rapid and continuing changes in technology both for internal operations, for maintaining industry standards, meeting client preferences and gaining competitive advantage. We may not be successful in anticipating or responding to these developments in a timely and cost-effective manner or in attracting and maintaining personnel with the necessary skills in this area. Our ideas may not lead to the desired internal efficiencies or be accepted in the marketplace. In addition, we may not be able to implement technology-based solutions as quickly as desired if, for example, greater resources are required than originally expected or resources are otherwise needed elsewhere. The effort to gain technological and data expertise and develop new technologies or analytic techniques in our business requires us to incur significant cost and attract qualified technical talent who are in high demand. Our competitors are seeking to develop competing or new technologies, and their success in this space may impact our ability to differentiate our services to our clients through the use of unique technological solutions. If we do not keep up with technological changes or execute effectively on our strategic initiatives, our business and results of operations could be adversely impacted. For example, incorporating artificial intelligence (‘AI') into certain product offerings is becoming more important in our operations, particularly as our competitors, including new entrants focused on using technology and innovation, such as generative AI, digital platforms, data analytics, robotics and blockchain, seek to simplify and improve the client experience, increase efficiencies, alter business models and effect other potentially disruptive changes in the industries in which we operate. If we fail to keep pace with rapidly evolving AI and other technological developments, our competitive position and business results may be negatively impacted. In certain cases, we may decide, based on perceived business needs, to make investments that may be greater than we currently anticipate. If we cannot offer new technologies or data and analytic services or solutions as quickly or effectively as our competitors, or if our competitors develop more cost-effective technologies or analytic tools, it could have a material adverse effect on our ability to obtain and complete client engagements. There are significant risks involved in our efforts to keep pace with technological developments and no assurance can be provided that the usage of such technology will enhance our business or assist us in being more efficient or profitable. While development and enhancement of our technology systems may improve the efficiency of data analytics and reduce certain costs, there is no assurance that the benefits related to such advancements will outweigh such investment costs or outweigh such risks. The enhancement and development of technology systems may enhance cybersecurity risks and operational and technological risks, as any latency, disruption or failure in such technological tools could result in errors in analyses and compromise the integrity, security or privacy of generated content. Additionally, the process of integrating technology systems of businesses we acquire is complex and exposes us to additional risk. We may not adequately identify weaknesses in the information systems or information handling, privacy and security policies and protocols of targets, which could expose us to unexpected liabilities or make our own systems and data more vulnerable to cybersecurity incidents. For further discussion of risks relating to these technology systems, please see ‘Data and cybersecurity breaches or improper disclosure of confidential company or personal data could result in material financial loss, regulatory actions, reputational harm and/or legal liability' below. We depend on our technology systems for conducting business, as well as for providing the data and analytics we use to manage and administer our business. As a result, our business success is dependent on maintaining the effectiveness of existing technology systems and on continuing to develop and enhance technology systems that support our business processes and strategic initiatives in a cost- and resource-efficient manner, particularly as our business processes become more digital. We have a number of strategic initiatives involving investments in technology and infrastructure to support our own systems as well as partnerships with technology companies. These investments can be costly and require significant capital expenditures, and such investment may not be profitable or may be less profitable than what we have experienced historically. In addition, investments in technology systems may not deliver the benefits or perform as expected or may be replaced or become obsolete more quickly than expected, which could result in operational difficulties or additional costs. In some cases, we also depend on our partners and key vendors to provide technology and other support for these and other strategic initiatives. If these partners or vendors fail to perform their obligations as we expect them to do or at all or such partners or vendors otherwise cease to work with us, our ability to execute on our strategic initiatives, and our business and results of operations, could be adversely impacted.

We cannot guarantee that trade secret, trademark, and copyright law protections, or our internal policies and procedures regarding our management of intellectual property, are adequate to deter misappropriation of our intellectual property (including our software, which may become an increasingly important part of our business). Existing laws of some countries in which we provide services or products may offer only limited protection of our intellectual property rights. Also, we may be unable to detect the unauthorized use of our intellectual property and take the necessary steps to enforce our rights, which may have a material adverse impact on our business, financial condition or results of operations. We cannot be sure that our services and products, or the products of others that we offer to our clients, do not infringe on the intellectual property rights of third parties, and we may have infringement claims asserted against us or our clients. These claims may harm our reputation, result in financial liability, consume financial resources to pursue or defend, and prevent us from offering some services or products. In addition, these claims, whether with or without merit, could be expensive, could require significant time and resource expenditure, and could divert management's focus from business operations. Successful challenges against us could require us to modify or discontinue our use of technology or business processes where such use is found to infringe or violate the rights of others, or require us to purchase licenses from third parties, any of which could adversely affect our business, financial condition and operating results.

We depend on information technology networks and systems to process, transmit and store electronic information and to communicate among our locations around the world and with our alliance partners, insurance carriers/markets, clients and third-party vendors. We also maintain our clients' confidential and proprietary information and the personal data of their customers and employees. Our information systems, and those of our third-party service providers and vendors, are vulnerable to an increasing threat of continually evolving cybersecurity risks. We regularly experience cyberattacks and are the target of computer viruses, hackers, distributed denial of service attacks, malware infections, ransomware attacks, phishing and spear-phishing campaigns, and other external hazards, as well as improper or inadvertent workforce behavior, which could expose confidential company and personal data systems and information, including information of our customers and employees, to security breaches. Further, the advance of generative AI may give rise to additional vulnerabilities and potential entry points for cyber threats. With generative AI tools, threat actors may have additional tools to automate breaches or persistent attacks, evade detection, or generate sophisticated phishing emails or other forms of digital impersonation. In addition, increasing use of generative AI models in our internal systems may create new attack methods for adversaries. Because generative AI is a new field, our understanding of cybersecurity risks resulting from generative AI and protection methods continues to develop, and features that rely on generative AI, including in services provided to us by third parties, may be susceptible to unanticipated cybersecurity threats from sophisticated adversaries and other cybersecurity incidents. Many of the software applications that we use in our business are licensed from, and supported, upgraded and maintained by, third-party vendors. Our third-party applications include, but are not limited to, enterprise cloud storage and cloud computing application services provided and maintained by third-party vendors. These third-party applications store or may afford access to confidential and proprietary data of the Company, our colleagues and our clients. We have processes designed to require third-party vendors that provide information technology (‘IT') outsourcing, offsite storage and other services to agree to maintain certain standards with respect to the storage, protection and transfer of confidential, personal and proprietary information, but our processes cannot eliminate all risk of compromise or unauthorized access or use of such information in the event of a breakdown of a vendor's data protection processes, a data breach due to the intentional or unintentional non-compliance by a vendor's employee or agent, or as a result of a cyber-attack on the product, software or information systems of a vendor in our software supply chain. Any compromise of the product, software, data or infrastructure of a Company vendor, including a software or IT vendor in our supply chain, has and could again, result in the compromise of Company data or infrastructure or result in material operational disruption, although no such known previous compromise has been material to our business or financial results. Further, the risk and potential impact of a data breach on our third-party vendors' products, software or systems increase as we move more of our data and our clients' data into our vendors' cloud storage, engage in IT outsourcing, and consolidate the group of third-party vendors that provide cloud storage or other IT services for the Company. Over time, the frequency, severity and sophistication of the attacks against us and our vendors have increased, including due to the use of AI for purposes of cybercrime, and the broader range of threat actors, including state-sponsored actors and hacker activists. We and our vendors regularly experience cybersecurity incidents, including successful attacks from time to time, and we expect that to continue going forward. While we have experienced successful attacks by various types of hacking groups in which personal and commercially sensitive information, belonging to the Company or its clients, has been compromised, none of these cybersecurity incidents or attacks to our knowledge have been material to our business or financial results. Cybersecurity incidents include those resulting from human error or malfeasance, implantation of malware and viruses, phishing and spear-phishing attacks, unauthorized access to our information technology networks and systems, and unauthorized access to data or individual account funds through fraud or other means of deceiving our colleagues, clients, third-party service providers and vendors. We cannot ensure that such cybersecurity incidents or attacks will not have a material impact on our business or financial results in the future. When required by law, we have notified individuals, clients and/or relevant regulatory authorities (such as insurance and financial services regulators and privacy regulators) of such cybersecurity incidents or attacks. We maintain policies, procedures and administrative, physical and technological safeguards and controls (such as, where in place, multifactor authentication and encryption of data in transit and at rest) designed to protect the security and privacy of the data in our custody and control. However, such safeguards are time-consuming and expensive to deploy broadly and are not necessarily always in place or effective, and we cannot entirely eliminate the risk of data security breaches, improper access to, takeover of or disclosure of confidential company or personally identifiable information. We may not be able to detect and assess such issues, or implement appropriate mitigation or remediation, in a timely manner. We are engaged in an ongoing effort to enhance our protections against such attacks; this effort will require significant expenditures, take time to execute and may not be successful. Our technology may fail to adequately secure the private information we hold and protect it from theft, computer viruses, hackers or inadvertent loss. As has happened in the past, if any person, including any of our current or former colleagues, intentionally or unintentionally fails to comply with, disregards or intentionally breaches our established controls with respect to such data or otherwise mismanages or misappropriates that data, we could be subject to monetary damages, fines, regulatory enforcement, and/or criminal prosecution. Prior instances of such activity have not been material to our business or financial results. Unauthorized disclosure of sensitive or confidential client, supplier or colleague data, whether through systems failure, accident, colleague negligence, fraud or misappropriation, could damage our reputation and cause us to lose clients. Similarly, unauthorized access to or through our information systems or those we develop for our clients, whether by our colleagues or third parties, could result in significant additional expenses (including expenses relating to incident response and investigation, remediation work, notification of data security breaches and costs of credit monitoring services), negative publicity, operational disruption, legal liability and/or damage to our reputation, as well as require substantial resources and effort of management, thereby diverting management's focus and resources from business operations. The methods used to obtain unauthorized access to, disable or degrade service or sabotage the Company's systems are also constantly evolving, are increasingly sophisticated, and may be difficult to anticipate or detect. For example, the U.S. Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency, and other U.S. federal agencies continue to issue warnings about trends in cybercriminal and nation-state activity and other threats that are consistent with some of the types of incidents we have experienced. To our knowledge, these incidents have not had a material impact on our business or operations thus far. However, our reputation could be harmed and our business and results of operations could be materially and adversely affected if we were to be the target of such attacks in the future, or if, despite our controls and efforts to detect breaches, we were to be the victim of an undetected breach. We have implemented and regularly review and update processes and procedures to protect against fraud and unauthorized access to and use of secured data and to prevent data loss. The ever-evolving threats mean that we and our third-party service providers and vendors must continually evaluate, adapt, enhance and otherwise improve our respective systems and processes, especially as we grow our mobile, cloud and other internet-based services. There is no guarantee that such efforts will be adequate to safeguard against all fraud, data security breaches, unauthorized access, operational impacts or misuses of data. For example, our policies, colleague training (including phishing prevention training), and procedures and technical safeguards have not prevented or detected all improper access to confidential, personal or proprietary information by colleagues, vendors or other third parties with otherwise legitimate access to our systems, although, to date, such known improper access has not been material to our business or financial results. In addition, we may not be able to implement such efforts as quickly as desired if, for example, greater resources are required than originally expected or resources and management's focus are insufficient. Any future significant compromise or breach of our data security or fraud, whether external or internal, or misuse of client, colleague, supplier or company data, could result in additional significant costs, lost revenue opportunities, disruption of operations and service, fines, lawsuits, and damage to our reputation with our clients and in the broader market. For further discussion of the commercial risks related to the cybersecurity and data protection technology we use, please see ‘Our business performance and growth plans could be negatively affected if we are not able to develop and implement improvements in technology and effectively apply technology, data and analytics to drive value for our clients through technology-based solutions or gain internal efficiencies through the effective application of technology, analytics and related tools' above. In addition, please see Part I, Item 1C Cybersecurity of this Form 10-K.

Our business and our capacity to serve our clients depend on effective information systems, including the effective storage, retrieval, processing and management of information. Maintaining and enhancing existing systems and developing and creating new systems and products in order to keep pace with evolving technologies and evolving industry and regulatory standards requires significant financial and other resources. We aim to be at the forefront of a range of technology options relevant to our business and staying ahead of the technology offered by our competitors, and attracting, developing and retaining skilled individuals in the cybersecurity space. The market for such qualified individuals is competitive and we may be unable to hire the talent needed to mitigate the foregoing risks. In addition, many of the software applications, including enterprise cloud storage and cloud computing application services, that we use in our business are licensed from, and supported, upgraded and maintained by, third-party vendors. We are significantly increasing our use of such cloud services and expect this to continue over time. These third-party applications store confidential and proprietary data of the Company, our clients and our colleagues. A suspension or termination of certain of these licenses or the related support, upgrades and maintenance could cause temporary system delays or interruptions that could adversely impact our business. We also, from time to time, acquire other companies or divest certain of our existing businesses and companies, which requires us to manage complex integrations or dissolutions of information systems or the transfer of information from one system to another, and we may fail to identify, mitigate and address vulnerabilities in our targets' information systems or in integrated components of our respective information systems. These transactions may make us more susceptible to cyberattacks and could result in the theft of Company intellectual property, the compromise of Company, colleague, and client data or operational disruption. Any finding that the data we rely on to run our business is inaccurate or unreliable, that we fail to maintain effective and efficient systems (including through a telecommunications failure, failure to replace or update redundant or obsolete computer hardware, applications or software systems, or the loss of skilled people with the knowledge needed to operate our systems), or that we experience cost overruns, delays, or other disruptions, could result in material financial loss, regulatory action, reputational harm or legal liability.

The ways in which insurance intermediaries are compensated receive scrutiny from regulators in part because of the potential for anti-competitive behavior and conflicts of interest. We could suffer significant financial or reputational harm if we fail to properly identify and manage any such potential conflicts of interest or allegations of anti-competitive behavior. Conflicts of interest exist or could exist any time the Company or any of its colleagues have or may have an interest in a transaction or engagement that is inconsistent with our clients' interests. This could occur, for example, when the Company is providing services to multiple parties in connection with a transaction. In addition, as we provide more solutions-based services, there is greater potential for conflicts with advisory services. Managing conflicts of interest is an important issue for the Company which can be a challenge for a large and complex company such as ours. Due to the broad scope of our businesses and our client base, we regularly address potential conflicts of interest, including, without limitation, situations where our services to a particular client or our own investments or other interests are in conflict, or are perceived to be in conflict, with the interests of another client. If conflicts of interest are not carefully managed, it could lead to failure or perceived failure to protect the client's interests, with attendant regulatory and reputational risks that could materially adversely affect us and our operations. There is no guarantee that all potential conflicts of interest will be identified, and undetected conflicts may result in damage to our professional reputation and result in legal liability, which may have a material adverse effect on our business. Identifying conflicts of interest may also prove difficult as we continue to bring systems and information together and integrate newly acquired businesses. We may not be able to adequately address such conflicts of interest. In addition, insurance intermediaries have traditionally been remunerated by base commissions paid by insurance carriers in respect of placements we make for clients, or by fees paid by clients. Intermediaries also obtain other revenue from insurance carriers. This revenue, when derived from carriers in their capacity as insurance markets (as opposed to as corporate clients of the intermediaries where they may be purchasing insurance or reinsurance or other non-market-related services), is commonly known as market derived income or ‘MDI'. MDI is another example of an area in which allegations of conflicts of interest may arise. MDI takes a variety of forms, including volume- or profit-based contingent commissions, facilities administration charges, business development agreements, and fees for providing certain data to carriers. MDI creates various risks. Intermediaries in many markets have a duty to act in the best interests of their clients and payments from carriers can incentivize intermediaries to put carriers' or their own interests ahead of their clients. Accordingly, MDI may be subject to scrutiny by various regulators under conflict of interest, anti-trust, unfair competition, conduct and anti-bribery laws and regulations. While accepting MDI is a lawful and acceptable business practice, and while we have established systems and controls to manage these risks, we cannot predict whether our position will result in regulatory or other scrutiny and our controls may not be effective. In addition, the Company offers affiliated investment funds, with plans to launch additional funds over time. Given that our Investments business may recommend affiliated investment funds or affirmatively invest such clients' assets in such funds under delegated authority, there may be a perceived conflict of interest. While the Company has processes, procedures, and controls in place intended to mitigate any such potential conflicts, such controls may not be effective and any public perception that our controls are not effective, regardless of whether such perception is based in fact, could trigger regulatory inquiries or could impact client demand and the business' financial performance. In addition, underperformance by our affiliated investment funds could lead to lawsuits by clients that were invested in such funds. The failure or perceived failure to adequately address actual or potential conflicts of interest or allegations of anti-competitive behavior could affect the willingness of clients to deal with us or give rise to litigation or enforcement actions. Conflicts of interest or anti-competitive activities may also arise in the future that could cause material harm to us.

The demand for our services may not grow or be maintained, and we may not be able to compete successfully with our existing competitors, new competitors or our clients' internal capabilities. Client demand for our services may change based on the clients' needs and financial conditions, among other factors. Our results of operations are affected directly by the level of business activity of our clients, which in turn is affected by the level of economic activity in the industries and markets that they serve. For example, any changes in U.S. trade policy (including any increases in tariffs or any retaliatory actions that result in a trade war), recessionary conditions in some of the markets where we do business, inflationary conditions, ongoing stock market volatility or an increase in, or unmet market expectations with respect to, interest rates could adversely affect the general economy. As a result, global financial markets may continue to experience disruptions, including increased volatility and reduced credit availability, which could substantially impact our results. While it is difficult to predict the consequences of any deterioration in global economic conditions on our business, any significant reduction or delay by our clients in purchasing our services or insurance or making payment of premiums could have a material adverse impact on our financial condition and results of operations. In addition, the potential for a significant insurer to fail, to be downgraded or to withdraw from writing certain lines of insurance coverage that we offer our clients could negatively impact overall capacity in the industry, which could then reduce the placement of certain lines and types of insurance and reduce our revenue and profitability. The potential for an insurer to fail or be downgraded could also result in errors and omissions claims by clients. In addition, the markets for our principal services are highly competitive. Our competitors include other insurance brokerage, human capital and risk management consulting and actuarial firms, and the human capital and risk management divisions of diversified professional services, insurance, brokerage and accounting firms and specialty, regional and local firms. Competition for business is intense in all of our business lines and in every insurance market, and some competitors have greater market share in certain lines of business than we do. Some of our competitors have greater financial, technical and marketing resources than us, which could enhance their ability to finance acquisitions, fund internal growth and respond more quickly to professional and technological changes. This gap in resources between us and some of our competitors has increased as they have made acquisitions. New competitors, as well as increasing and evolving consolidation or alliances among existing competitors, have created and could continue to create additional competition and could significantly reduce our market share further, resulting in a loss of business for us and a corresponding decline in revenue and profit margin. In order to respond to increased competition and pricing pressure, we may have to lower our prices, which would also have an adverse effect on our revenue and profit margin. In addition, existing and new competitors (whether traditional competitors or non-traditional competitors, such as technology companies) may continue to develop competing technologies or product or service offerings. Any new technology or product or service offering (including insurance companies selling their products directly to consumers or other insureds) that reduces or eliminates the need for intermediaries in insurance sales transactions could have a material adverse effect on our business and results of operations. Further, the increasing willingness of clients to either self-insure or maintain a captive insurance company, and the development of capital markets-based solutions and other alternative capital sources for traditional insurance needs, could also materially adversely affect us and our results of operations. See ‘Our business performance and growth plans could be negatively affected if we are not able to develop and implement improvements in technology and effectively apply technology, data and analytics to drive value for our clients through technology-based solutions or gain internal efficiencies through the effective application of technology, analytics and related tools' above for further discussion on the impact that technological developments have on our business, operations and financial condition. An example of a business that may be significantly impacted by changes in customer demand is our retirement consulting and actuarial business, which comprises a substantial portion of our revenue and profit. We provide clients with actuarial and consulting services relating to both defined benefit and defined contribution pension plans. Defined benefit pension plans generally require more actuarial services than defined contribution plans because defined benefit plans typically involve large asset pools, complex calculations to determine employer costs, funding requirements and sophisticated analysis to match liabilities and assets over long periods of time. If organizations shift to defined contribution plans more rapidly than we anticipate, or if we are unable to otherwise compensate for the decline in our business that results from employers moving away from defined benefit plans, our business, financial condition and results of operations could be materially adversely affected. Furthermore, large and complex consulting projects, often involving dedicated personnel, resources and expenses, comprise a significant portion of this business, which are based on our clients' discretionary needs and may be reduced based on a decline in a client's or an industry's financial condition or prospects. We also face the risk that certain large and complex project contracts may be reduced or terminated based on dissatisfaction with service levels, which could result in reduced revenue, write-offs of assets associated with the project, and disputes over the contract, all of which may adversely impact our results and business. In addition, the demand for many of our core benefit services, including compliance-related services, is affected by government regulation and taxation of employee benefit plans. Significant changes in tax or social welfare policy or other regulations could lead some employers to discontinue their employee benefit plans, including defined benefit pension plans, thereby reducing the demand for our services. A simplification of regulations or tax policy could also reduce the need for our services.

Maintaining a positive reputation is critical to our ability to attract and maintain relationships with clients and colleagues. Damage to our reputation could therefore cause significant harm to our business and prospects. Harm to our reputation can arise from numerous sources, including, among others: colleague misconduct; litigation or regulatory action; failure to deliver minimum standards of service and quality; compliance failures; and allegations of conflicts of interest and unethical behavior. Such harm could also arise from negative public opinion or political conditions arising from our association with third parties in any number of activities or circumstances. Negative perceptions or publicity, whether or not true, may result in harm to our prospects. In addition, the failure to deliver satisfactory service and quality performance, on time and within budget, in one line of business could cause clients to terminate the services we provide to those clients in many other lines of business. This risk has increased as the Company has become larger and more complex and as we take on increasingly complicated projects for our clients (such as complex outsourcing engagements and technology solutions development/implementation projects that require a significant amount of dedicated personnel, resources and expenses). In addition, as part of providing services to clients and managing our business, we not only depend on a number of third-party service providers and suppliers today, but we expect to engage the services of new third parties in the future as our strategy evolves. Our ability to perform effectively depends in part on the ability of these service providers to meet their obligations, as well as on our effective oversight of their performance. The quality of our services could suffer, or we could be required to incur unanticipated costs if our third-party service providers do not perform as expected or their services are disrupted. This could have a material adverse effect on our reputation as well as our business and results of operations.