Booz Allen (BAH) Risk Analysis

Our business operates in a highly competitive industry, and we generally compete with a wide variety of U.S. government contractors, including large defense contractors, diversified service providers, and small businesses. We also face competition from entrants into our markets including companies divested by large prime contractors in response to increasing scrutiny of organizational conflicts of interest issues. There is also a significant industry trend towards consolidation, which may result in the emergence of companies that are better able to compete against us. Some of these companies possess greater financial resources and larger technical staffs, and others have smaller and more specialized staffs. These competitors could, among other things: - make acquisitions of businesses, or establish teaming or other agreements among themselves or third parties, that allow them to offer more competitive and comprehensive solutions;- divert sales from us by winning very large-scale government contracts, a risk that is enhanced by the recent trend in government procurement practices to bundle services into larger contracts;- force us to charge lower prices in order to win or maintain contracts;- seek to hire our employees; or - adversely affect our relationships with current customers, including our ability to continue to win competitively awarded engagements where we are the incumbent. If we lose business to our competitors or are forced to lower our prices or suffer employee departures, our revenue and our operating profits could decline. In addition, we may face competition from our subcontractors who, from time to time, seek to obtain prime contractor status on contracts for which they currently serve as a subcontractor to us. If our current subcontractors are awarded prime contractor status on such contracts in the future, it could divert sales from us and could force us to charge lower prices, which could have a material adverse effect on our revenue and profitability.

As a result of the Small Business Administration set-aside program, the U.S. government may decide to restrict certain procurements only to bidders that qualify as small or small disadvantaged businesses. As a result, we would not be eligible to perform as a prime contractor on those programs and would be restricted to a maximum of 49% of the work as a subcontractor on those programs. An increase in the amount of procurements under the Small Business Administration set-aside program may impact our ability to bid on new procurements as a prime contractor or restrict our ability to re-compete on incumbent work that is placed in the set-aside program.

As a U.S. government contractor, we must comply with laws and regulations relating to the formation, administration, and performance of U.S. government contracts, which affect how we do business with our customers. Such laws and regulations may potentially impose added costs on our business and our failure to comply with them may lead to civil or criminal penalties, termination of our U.S. government contracts, and/or suspension or debarment from contracting with federal agencies. Some significant laws and regulations that affect us include: - the FAR, and agency regulations supplemental to the FAR, which regulate the formation, administration, and performance of U.S. government contracts. For example, the FAR 52.203-13 requires contractors to establish a Code of Business Ethics and Conduct, implement a comprehensive internal control system, and report to the government when the contractor has credible evidence that a principal, employee, agent, or subcontractor, in connection with a government contract, has violated certain federal criminal laws, violated the civil False Claims Act, or has received a significant overpayment;- the False Claims Act, which imposes civil and criminal liability for violations, including substantial monetary penalties, for, among other things, presenting false or fraudulent claims for payments or approval;- the False Statements Act, which imposes civil and criminal liability for making false statements to the U.S. government;- the Truthful Cost or Pricing Data Statute (formerly known as the Truth in Negotiations Act), which requires certification and disclosure of cost and pricing data in connection with the negotiation of certain contracts, modifications, or task orders;- the Procurement Integrity Act, which regulates access to competitor bid and proposal information and certain internal government procurement sensitive information, and our ability to provide compensation to certain former government procurement officials;- laws and regulations restricting the ability of a contractor to provide gifts or gratuities to employees of the U.S. government;- post-government employment laws and regulations, which restrict the ability of a contractor to recruit and hire current employees of the U.S. government and deploy former employees of the U.S. government;- laws, regulations, contract requirements and executive orders, including those related to cybersecurity, restricting the handling, use and dissemination of information classified for national security purposes or determined to be "controlled unclassified information" or "for official use only" and the export of certain products, services, and technical data, including requirements regarding any applicable licensing of our employees involved in such work;- laws, regulations, and executive orders regulating the handling, use, and dissemination of personally identifiable information in the course of performing a U.S. government contract, performing work for our commercial customers or running the business;- international trade compliance laws, regulations and executive orders that prohibit business with certain sanctioned entities and require authorization for certain exports or imports in order to protect national security and global stability;- laws, regulations, and executive orders governing organizational conflicts of interest that may restrict our ability to compete for certain U.S. government contracts because of the work that we currently perform for the U.S. government or may require that we take measures such as firewalling off certain employees or restricting their future work activities due to the current work that they perform under a U.S. government contract;- laws, regulations and executive orders that impose requirements on us to ensure compliance with requirements and protect the government from risks related to our supply chain;- laws, regulations and mandatory contract provisions providing protections to employees or subcontractors seeking to report alleged fraud, waste, and abuse related to a government contract;- the Contractor Business Systems rule, which authorizes Department of Defense agencies to withhold a portion of our payments if we are determined to have a significant deficiency in our accounting, cost estimating, purchasing, earned value management, material management and accounting, and/or property management system; and - the FAR Cost Accounting Standards and Cost Principles, which impose accounting and allowability requirements that govern our right to reimbursement under certain cost-based U.S. government contracts and require consistency of accounting practices over time. In addition, considerable uncertainty exists regarding potential legal and regulatory changes from the recent U.S. administration transition. The U.S. government, U.S. states and other jurisdictions in which we do business may adopt new laws, rules, and regulations from time to time that could have a material impact on our results of operations. Adverse developments in legal or regulatory proceedings on matters relating to, among other things, cost accounting practices and compliance, contract interpretations and statutes of limitations, could also result in materially adverse judgments, settlements, withheld payments, penalties, or other unfavorable outcomes. Our performance under our U.S. government contracts and our compliance with the terms of those contracts and applicable laws and regulations are subject to periodic audit, review, and investigation by various agencies of the U.S. government and the current environment has led to increased regulatory scrutiny and sanctions for non-compliance by such agencies generally. In addition, from time to time we report potential or actual violations of applicable laws and regulations to the relevant governmental authority. Any such report of a potential or actual violation of applicable laws or regulations could lead to an audit, review, or investigation by the relevant agencies of the U.S. government. If such an audit, review, or investigation uncovers a violation of a law or regulation, or improper or illegal activities relating to our U.S. government contracts, we may be subject to civil or criminal penalties or administrative sanctions, including the termination of contracts, forfeiture of profits, triggering of price reduction clauses, withholding or suspension of payments, fines and suspension, or debarment from contracting with U.S. government agencies. Such penalties and sanctions are not uncommon in the industry and there is inherent uncertainty as to the outcome of any particular audit, review, or investigation. If we incur a material penalty or administrative sanction or otherwise suffer harm to our reputation, our profitability, cash position, and future prospects could be materially and adversely affected. Further, if the U.S. government were to initiate suspension or debarment proceedings against us or if we are indicted for or convicted of illegal activities relating to our U.S. government contracts following an audit, review, or investigation, we may lose our ability to be awarded contracts in the future or receive renewals of existing contracts for a period of time which could materially and adversely affect our results of operations or financial condition. We could also suffer harm to our reputation if allegations of impropriety were made against us, which would impair our ability to win awards of contracts in the future or receive renewals of existing contracts. See "Item 1. Business - Regulation."

We are subject to, and may become a party to, a variety of litigation or other claims and suits that arise from time to time in the ordinary course of our business. For example, our performance under U.S. government contracts and compliance with the terms of those contracts and applicable laws and regulations are subject to continuous audit, review, and investigation by the U.S. government which may include such investigative techniques as subpoenas or civil investigative demands. Given the nature of our business, these audits, reviews, and investigations may focus, among other areas, on various aspects of procurement integrity, labor time reporting, sensitive and/or classified information access and control, executive compensation, and post government employment restrictions. In addition, from time to time, we are also involved in legal proceedings and investigations arising in the ordinary course of business, including those relating to employment matters (such as matters involving alleged violations of civil rights, wage and hour, and worker's compensation laws), relationships with customers and contractors, intellectual property disputes, and other business matters. Any such claims, proceedings or investigations may be time-consuming, costly, divert management resources, or otherwise have a material adverse effect on our result of operations. The results of litigation and other legal proceedings, including the other claims described under "Item 3. Legal Proceedings," are inherently uncertain and adverse judgments or settlements in some or all of these legal disputes may result in materially adverse monetary damages or injunctive relief against us. Any claims or litigation, even if fully indemnified or insured, could damage our reputation and make it more difficult to compete effectively or obtain adequate insurance coverage in the future. The litigation and other legal proceedings described under "Item 3. Legal Proceedings" are subject to future developments and management's view of these matters may change in the future.

We are subject to taxation in the U.S. and certain other foreign jurisdictions. Any future changes in applicable federal, state and local, or foreign tax laws and regulations or their interpretation or application, including those that could have a retroactive effect, could result in the Company incurring additional tax liabilities in the future. In particular, effective starting in fiscal year 2023, the Tax Cuts and Jobs Act requires the capitalization of research and development costs for tax purposes, which can then be amortized over five or fifteen years. We generally expect to amortize these costs over five years. While the most significant impact of this provision was to cash tax liability for fiscal year 2023, the tax year in which the provision took effect, the impact is expected to decline annually over the five-year amortization period to an immaterial amount in the sixth year. The actual impact will depend on a number of factors, including the amount of research and development costs incurred by the Company, whether Congress modifies or repeals the provision requiring such capitalization, and whether new guidance and interpretive rules are issued by the U.S. Treasury, among other factors. For additional information, see "Item 7. Management's Discussion and Analysis of Financial Condition and Results of Operations". Additionally, we recognize liabilities for uncertainty in income taxes when it is more likely than not that a tax position will not be sustained on examination and settlement with various taxing authorities. We regularly assess the adequacy of our uncertain tax positions and other reserves, which requires a significant amount of judgment. Although we accrue for uncertain tax positions and other reserves, the results of regulatory audits and negotiations with taxing and customs authorities may be in excess of our accruals, resulting in the payment of additional taxes, duties, penalties and interest. As a result, any final determination of tax audits or related litigation may be materially different than our current provisional amounts, which could materially affect our tax obligations and effective tax rate. For example, during fiscal year 2025, we recorded additional uncertain tax positions related to research and development credits that we have claimed, or will soon claim. Any increase to the liability we established as of March 31, 2025 for these uncertain tax positions as a result of audits by taxing authorities, changes in tax laws and regulations or otherwise relating to this, or any other, tax matter could have a material effect on our results of operations. For a description of our related accounting policies, refer to Note 2, "Summary of Significant Accounting Policies," and Note 13, "Income Taxes," to the consolidated financial statements.

We have operations in select international locations and, therefore, our business operations are subject to a variety of risks associated with conducting business internationally, including: - Changes in or interpretations of laws or policies that may adversely affect the performance of our services;- Political instability in foreign countries and international security concerns, such as those relating to the geopolitical conflict, including the ongoing conflict between Russia and Ukraine, ongoing conflicts in the Middle East, and increased tensions in Asia, as well as trade tensions related to recent shifts in international trade policies, and potential actions or retaliatory measures taken in respect thereof;- Imposition of inconsistent or conflicting laws or regulations;- Reliance on the U.S. or other governments to authorize us to export products, technology, and services to customers and other business partners;- Reliance on foreign countries for critical parts in order to meet our technical delivery requirements;- Conducting business in places where laws, business practices, and customs are unfamiliar or unknown;- Failure to comply with U.S. government and foreign laws and regulations applicable to international business, sanctions, employment, privacy, data protection, information security, or data transfer could have an adverse impact on our business with the U.S. government and could expose us to risks and costs of non-compliance with such laws and regulations, in addition to administrative, civil, or criminal penalties;- Failure by third parties that we work with, including suppliers, subcontractors, and vendors, to comply with U.S. government and foreign laws and regulations applicable to international business, sanctions, employment, privacy, data protection, information security, or data transfer could expose Booz Allen to risks and costs of non-compliance with such laws and regulations, in addition to administrative, civil, or criminal penalties;- U.S. and foreign government import and export control requirements and regulations, including International Traffic in Arms Regulations and the anti-boycott provisions of the U.S. Export Administration Act, technology transfer restrictions and other administrative, legislative, or regulatory actions that could materially interfere with our ability to offer our products or services in certain countries;- Imposition of limitations on or increase of withholding and other taxes on payments by foreign subsidiaries or joint ventures;- Changes in state and federal regulations in state money transmission regulations, anti-money laundering regulations, economic and trade sanctions administered by the U.S. Treasury Department's Office of Foreign Asset Control;- Imposition of tariffs or embargoes, export controls, and other trade restrictions; and - Financial and operational implications associated with potential commercial customer data sovereignty requirements that require hosting data and systems locally. In addition, we are subject to the U.S. Foreign Corrupt Practices Act (the "FCPA") and other laws that prohibit improper payments or offers of payments to foreign government officials, political parties and commercial entities for the purpose of obtaining or retaining business. We have operations and deal with governmental customers and regulators in countries known to create heightened corruption risk, including certain developing countries. Our activities in these countries create the risk of unauthorized payments or offers of payments by one of our employees or third parties that we work with that could implicate Booz Allen for violations of various laws including the FCPA and other anti-corruption laws. Our operations in select international locations also involve activities involving the transmittal of information, which may include personal data, which may expose us to data privacy laws in the jurisdictions in which we operate. If our data protection practices become subject to new or different restrictions, and to the extent such practices are not compliant with the laws of the countries in which we process data, we could face increased compliance expenses and face penalties for violating such laws or be excluded from those markets altogether, in which case our operations could be adversely affected. We are also subject to import-export control regulations restricting the use and dissemination of information classified for national security purposes and the export of certain products, services, and technical data, including requirements regarding any applicable licensing of our employees involved in such work. We are also subject to applicable sanctions laws, regulations, embargoes, or restrictive measures intended to prevent unauthorized transactions with prohibited persons, entities, and countries, including, those administered and enforced by the U.S. Department of Treasury's Office of Foreign Assets Control, the Office of Financial Sanctions Implementation in the UK, and the competent authorities responsible for the administration and enforcement of Sanctions in individual EU Member States. If we were to fail to comply with the FCPA, other applicable anti-corruption laws, import-export control regulations, sanctions, data privacy laws, or other rules and regulations, we could be subject to substantial civil and criminal penalties, including fines for our Company and incarceration for responsible employees and managers, suspension or debarment, and the possible loss of export or import privileges which could have a material adverse effect on our business and results of operations.

We have significant operations located in regions that have been, and may in the future be, subject to a variety of physical risks related to changing weather patterns (including rising temperatures and sea levels, extreme heat, and other severe weather events), natural disasters (including hurricanes, typhoons, tsunamis, floods, earthquakes, fires or wildfires, water shortages and prolonged drought), or pandemics, epidemics and similar disease outbreaks. Such events could disrupt our operations or those of our customers and suppliers, including the inability of employees to work, destruction of facilities, loss of life, and adverse effects on supply chains (including materials shortages), power, infrastructure, and the integrity of information technology systems, all of which could materially increase our costs and expenses, delay or decrease revenue from our customers, and disrupt our ability to maintain business continuity. We could incur significant costs to improve the resiliency of our infrastructure and otherwise prepare for, respond to, and mitigate the effects of changing weather patterns, as well as increased compliance and operational costs and transition risks due to changes in future federal, state, local and foreign legislation and regulations applicable to our business or decisions we make to conduct or change our activities in response to considerations relating to changing weather patterns. Additionally, if insurance or other risk transfer mechanisms are unavailable or insufficient to recover all costs or if we experience a significant disruption to our business due to changing weather patterns, natural disasters, or disease outbreaks, our results of operations or financial condition could be adversely affected.

We develop, integrate, maintain, or otherwise support systems and provide services that include managing and protecting information involved in intelligence, national security, and other sensitive government functions. Our systems also store, process, and transmit sensitive Company and government and commercial customer information, including personally identifiable, health and financial information. The cybersecurity threats we, our customers, and third parties face have grown more frequent and sophisticated, including but not limited to bad actors looking to augment traditional cyber tools and tradecraft with artificial intelligence capabilities that increase the speed, scale, and intricacy of threats, which may not be recognized until after they have been launched. A security breach, including from insider threats, could result in the exfiltration of our or our customers' data and has the potential to do serious harm to our business, damage our reputation, prevent us from executing further work on sensitive systems for U.S. government or commercial customers, hinder future contract win rates, and/or cause us to incur significant expense to respond to and remediate the breach. Damage to our reputation or limitations on our eligibility for additional work or any liability resulting from a security breach in one of the systems we develop, install, maintain, or otherwise support could have a material adverse effect on our results of operations.

Maintaining strong relationships with other U.S. government contractors, who may also be our competitors, is important to our business and our failure to do so could have a material adverse effect on our business, prospects, financial condition, and operating results. To the extent that we fail to maintain good relations with our subcontractors or other prime contractors due to either perceived or actual performance failures or other conduct, or increased regulatory scrutiny or regulations governing information sharing and related practices, they may refuse to hire us as a subcontractor in the future or to work with us as our subcontractor. In addition, other contractors may choose not to use us as a subcontractor or choose not to perform work for us as a subcontractor for any number of additional reasons, including because they choose to establish relationships with our competitors or because they choose to directly offer services that compete with our business. As a prime contractor, we often rely on other companies to perform some of the work under a contract, and we expect to continue to depend on relationships with other contractors for portions of our delivery of services and revenue in the foreseeable future. If our subcontractors fail to perform their contractual obligations, our operating results and future growth prospects could be impaired. There is a risk that we may have disputes with our subcontractors arising from, among other things, the quality and timeliness of work performed by the subcontractor, customer concerns about the subcontractor, our failure to extend existing task orders or issue new task orders under a subcontract, or our hiring of a subcontractor's personnel. In addition, if any of our subcontractors fail to deliver the agreed-upon supplies or perform the agreed-upon services on a timely basis, our ability to fulfill our obligations as a prime contractor may be jeopardized. Material losses could arise in future periods and subcontractor performance deficiencies could result in a customer terminating a contract for default. A termination for default could expose us to liability and have an adverse effect on our ability to compete for future contracts and orders. As a subcontractor, we often lack control over fulfillment of a contract, and poor performance on the contract could tarnish our reputation, even when we perform as required, and could cause other contractors to choose not to hire us as a subcontractor in the future. If the U.S. government terminates or reduces other prime contractors' programs or does not award them new contracts, subcontracting opportunities available to us could decrease, which would have a material adverse effect on our financial condition and results of operations. In addition, as a subcontractor, we may be unable to collect payments owed to us by the prime contractor, even if we have performed our obligations under the contract, as a result of, among other things, the prime contractor's inability to fulfill the contract. Due to certain common provisions in subcontracts in certain countries, we could also experience delays in receiving payment if the prime contractor experiences payment delays, which could have an adverse effect on our financial condition and results of operations.

A significant portion of our business relates to designing, developing, and implementing advanced defense and technology systems and products, including cybersecurity products and services. New technologies may be untested or unproven, and insurance may not be available. We maintain insurance policies that mitigate against risk and potential liabilities related to our operations, including data breaches. This insurance is maintained in amounts that we believe are reasonable. However, our insurance coverage may not be adequate to cover those claims or liabilities, and we may be forced to bear significant costs from an accident or incident. The amount of the insurance coverage we maintain or indemnification to which we may be contractually or otherwise entitled may not be adequate to cover all claims or liabilities. Accordingly, we may be forced to bear substantial costs resulting from risks and uncertainties of our business which would negatively impact our results of operations, financial condition, or liquidity.