Forge Global Holdings (FRGE) Risk Analysis

We operate in multiple jurisdictions and are subject to tax laws and regulations of the U.S. federal, state, and local and non-U.S. governments. U.S. federal, state, and local and non-U.S. tax laws and regulations are complex and subject to change (possibly with retroactive effect) and to varying interpretations. U.S. federal, state, and local and non-U.S. tax authorities may interpret tax laws and regulations differently than we do and challenge tax positions that we have taken. This may result in differences in the treatment of revenues, deductions, credits and/or differences in the timing of these items. The differences in treatment may result in payment of additional taxes, interest, or penalties that could have an adverse effect on our financial condition and results of operations. Further, future changes to U.S. federal, state, and local and non-U.S. tax laws and regulations could increase our tax obligations in jurisdictions where we do business or require us to change the manner in which we conduct some aspects of our business. In addition, we are required to file extensive informational returns and forms to various tax authorities in connection with our custodial and trading solutions. If such filings are incomplete or untimely, we may be subjected to fines or penalties if we do not meet the requirements of reasonable cause, safe harbor, or other relief as may be provided by the relevant tax authorities. In October 2024, we self-identified a failure to submit certain informational filings to the Internal Revenue Service ("IRS") in connection with our custodial solutions. We have submitted our reasonable cause letter to the IRS and do not expect any potential fine or penalty to be material to our financial condition and operations at this time. However, recent actions by the federal government, notably President Trump's establishment of the Department of Government Efficiency in January 2025 by executive order, have increased the difficulty of determining the timeline of resolving this matter given uncertainty at the IRS and federal government generally as a result of such actions. On August 16, 2022, the Inflation Reduction Act ("IRA") was enacted in the United States, which introduced, among other provisions, a new minimum corporate income tax on certain large corporations, an excise tax of 1% on certain share repurchases by corporations (which could increase the cost to us of implementing our share repurchase program), and increased funding for the IRS. The minimum corporate income tax does not currently apply to us, nor do we expect it to apply to us in the foreseeable future. However, changes in our business and any future regulations or other guidance on the interpretation and application of these provisions, may result in additional taxes payable by us, which could materially and adversely affect our financial results and operations. We have in the past recorded, and may in the future record, significant valuation allowances on our deferred tax assets, which may have a material impact on our results of operations and cause fluctuations in such results. As of December 31, 2024, we had a valuation allowance for deferred tax assets in the United States and in other countries. Our net deferred tax assets relate predominantly to the U.S. federal and state tax jurisdictions. The need for a valuation allowance requires an assessment of both positive and negative evidence when determining whether it is more likely than not that deferred tax assets are recoverable; such assessment is required on a jurisdiction-by-jurisdiction basis. In making such an assessment, significant weight is given to evidence that can be objectively verified. We continue to monitor the likelihood that we will be able to recover our deferred tax assets in the future. Future adjustments in our valuation allowance may be required. The recording of any future increases in our valuation allowance could have a material impact on our reported results, and both the recording and release of the valuation allowance could cause fluctuations in our quarterly and annual results of operations. In addition, under Section 382 and Section 383 of the Internal Revenue Code of 1986, as amended (the "Code"), a corporation that undergoes an "ownership change" is subject to limitations on its ability to utilize its net operating loss carryforwards ("NOLs") to offset future taxable income. An ownership change generally occurs if one or more stockholders or groups of stockholders who own at least 5% of our stock increase their ownership by more than 50 percentage points over their lowest ownership percentage (by value) within a rolling three-year period. We may have experienced an ownership change in the past. Future changes in our stock ownership as well as other changes that may be outside of our control, could result in additional ownership changes under Section 382 and Section 383 of the Code. Our NOLs may also be impaired under similar provisions of state law. Further, additional changes to federal or state tax laws or technical guidance relating to such laws that would further reduce the corporate tax rate could operate to effectively reduce or eliminate the value of any deferred tax asset.

We operate in a dynamic industry characterized by rapidly evolving technology, frequent product introductions, and competition based on pricing and other differentiators. Our scalability could be contingent on us successfully automating portions of our platform that rely on manual processes, which may be expensive and time consuming, and the success of which is not guaranteed. In addition, we may increasingly rely on technological innovation as we introduce new types of products, expand our current products into new markets, and continue to streamline our platform. The process of developing new technologies and products is complex, and if we are unable to successfully innovate and continue to deliver a superior experience, demand for our products may decrease and our growth and operations may be harmed.

We depend on digital technologies, including information systems, infrastructure, and cloud applications and services, including those of third parties. Like other companies in our industry, we and third parties related to us, have experienced and expect to continue to experience threats to our information technology systems. Sophisticated and deliberate attacks on, or security breaches in, our systems or infrastructure, or the systems or infrastructure of third parties or the cloud, could lead to corruption or misappropriation of our assets, proprietary information, and sensitive or confidential data. Our platform may make an attractive target for hacking and may be vulnerable to computer viruses, physical or electronic break-ins, and similar disruptions. We may not be able to anticipate or implement effective preventive measures against all security threats of these types, in which case there would be an increased risk of fraud or identity theft. Security incidents could occur from outside our company, and also from the actions of persons inside our company who may have authorized or unauthorized access to our technology systems. We may not have sufficient resources to adequately protect against, or to investigate and remediate any vulnerability to, cyber incidents. It is possible that any of these occurrences, or a combination of them, could have adverse consequences on our business, including, without limitation, financial loss, the disruption of operations, the misappropriation of protected information or confidential business information, including personal data, financial information, and trade secrets, and the disclosure of corporate strategic plans. Our contracts may not contain limitations of liability, and even where they do, there can be no assurance that limitations of liability in our contracts are sufficient to protect us from liabilities, damages, or claims related to our privacy and data security obligations. While we maintain cybersecurity insurance, the coverage may not be sufficient to cover all costs associated with a cybersecurity incident. Financial services providers like us, as well as our clients, colleagues, regulators, vendors, and other third parties, have experienced a significant increase in fraudulent activity and will likely continue to be the target of increasingly sophisticated criminal activity in the future given our dependence on digital technologies. We develop and maintain systems and processes aimed at detecting and preventing fraudulent activity, which require significant investment, maintenance, and ongoing monitoring and updating as technologies and regulatory requirements change and as efforts to overcome security and anti-fraud measures become more sophisticated. Despite our efforts, the possibility of fraudulent or other malicious activities and human error or malfeasance cannot be eliminated entirely and will evolve as new and emerging technology is deployed, including the increasing use of personal mobile and computing devices that are outside of our network and control environments. Risks associated with each of these include theft of funds and other monetary loss, the effects of which could be compounded if not detected quickly. Indeed, fraudulent activity may not be detected until well after it occurs and the severity and potential impact may not be fully known for a substantial period of time after it has been discovered. Additionally, if hackers were able to access our secure data, they might be able to gain access to the personal information of our clients. If we are unable to prevent such activity, we may be required to notify impacted stakeholders (including affected individuals, regulators, and investors) and subject to significant liability, negative publicity, and a material loss of clients, all of which may materially and adversely affect our business, financial condition, and results of operations.

Our products and internal systems rely on software, including software developed or maintained internally and by third parties, that is highly technical and complex. In addition, our platform and our internal systems depend on the ability of such software to collect, store, retrieve, transmit, manage, and otherwise process immense amounts of data. The software on which we rely may contain errors, bugs, or vulnerabilities, and our systems are subject to certain technical limitations that may compromise our ability to meet our objectives. Some errors, bugs, or vulnerabilities inherently may be difficult to detect and may only be discovered after code has been released for external or internal-use. Errors, bugs, vulnerabilities, design defects, or technical limitations within the software on which we rely may lead to negative client experiences (including the communication of inaccurate information to clients), compromised ability of our products to perform in a manner consistent with client expectations, delayed product introductions, compromised ability to protect the data (including personal information) of our clients and our intellectual property, or an inability to provide some or all of our services. Such errors, bugs, vulnerabilities, or defects could also be exploited by malicious actors and result in exposure of data of clients on our platform, or otherwise result in a security breach or other security incident. We may need to expend significant financial and development resources to analyze, correct, eliminate, or work around errors or defects or to address and eliminate vulnerabilities. Any failure to timely and effectively resolve any such errors, bugs, vulnerabilities, or defects in the software on which we rely, and any associated degradations or interruptions of service, could result in damage to our reputation, loss of clients, loss of revenue, regulatory or governmental inquiries, civil litigation, or liability for damages, any of which could have an adverse effect on our business, financial condition, and results of operations. Certain of our systems also rely on older programming languages and are dependent upon hardware that may soon be in need of replacement. A breakdown or shutdown of our operating systems could cause a major disruption to the business, and our attempts to modernize our systems or implement new hardware or software may not be successful, and may otherwise be costly and time-consuming.

We rely on third-party service providers to perform various functions relating to operational functions, cloud infrastructure services, and information technology. We do not have control over the operations of any of the third-party service providers that we utilize. In the event that a third-party service provider for any reason fails to perform functions properly, including through negligence, willful misconduct, or fraud, our ability to process billings and perform other operational functions for which we currently rely on such third-party service providers will suffer and our business, cash flows, and future prospects may be negatively impacted. Additionally, if one or more key third-party service providers were to cease to exist, or to terminate its relationship with us, there could be delays in our ability to process transactions and perform other operational functions for which we are currently relying on such third-party service providers for, and we may not be able to promptly replace such third-party service provider with a different third-party service provider that has the ability to promptly provide the same services in the same manner and on the same economic terms. In many cases, we rely on a single third party to provide such services, and we may not be able to replace that provider on the same terms or at all. As a result of any such delay or inability to replace such key third-party service provider, our ability to process investments and perform other business functions could suffer and our business, financial condition, and results of operations could be adversely affected. Because we rely on third parties to provide services, we could also be adversely impacted if they fail to fulfill their obligations or if our arrangements with them are terminated and suitable replacements cannot be found on commercially reasonable terms or at all.

Our systems and operations, as well as those of the third parties on whom we rely to conduct certain key functions, are vulnerable to disruptions from natural disasters, power outages, computer and telecommunications failures, software bugs, cyber-attacks, computer viruses, malware, distributed denial of service attacks, spam attacks, phishing or other social engineering, ransomware, security breaches, credential stuffing, technological failure, human error, terrorism, and other similar events. If our technology is disrupted, we may have to make significant investments to upgrade, repair, or replace our technology infrastructure and may not be able to make such investments on a timely basis, if at all. While we have made significant investments designed to enhance the reliability and scalability of our operations, we cannot assure that we will be able to maintain, expand, and upgrade our systems and infrastructure to meet future requirements and mitigate future risks on a timely basis. Disruptions in service and slower system response times could interrupt our business and result in substantial losses, decreased client service and satisfaction, client attrition, fines, litigation, and harm to our reputation. Our insurance coverage may be insufficient to protect us against all losses and costs stemming from operational and technological failures and we cannot be certain that such insurance will continue to be available to us on economically reasonable terms, or at all, or that any insurer will not deny coverage as to any future claim. The successful assertion of one or more large claims against us that exceed available insurance coverage, or the occurrence of changes in our insurance policies, including premium increases or the imposition of large deductible or co-insurance requirements, could have a material and adverse effect on our business, financial condition, and results of operations.

We expect our competition to continue to increase. In addition to established enterprises and global banks, we may also face competition from early-stage companies attempting to capitalize on the same, or similar, opportunities as we are. Some of our current and potential competitors have longer operating histories, significantly greater financial, technical, marketing, and other resources and a larger client base than we do. Any of these advantages would allow competitors to potentially offer more competitive pricing or other terms or features, a broader range of investment and financial products, or a more specialized set of specific products or services, as well as respond more quickly than we can to new or emerging technologies and changes in client preferences. Our existing or future competitors may develop products or services that are similar to our products and services or that achieve greater market acceptance than our products and services, which could attract new clients away from our services and reduce our market share. Additionally, when new competitors seek to enter our markets, or when existing market participants seek to increase their market share, these competitors sometimes undercut, or otherwise exert pressure on, the pricing terms prevalent in that market, which could adversely affect our revenues, market share, or ability to capitalize on new market opportunities.

Our continued business and revenue growth is dependent on our ability to cost-effectively attract new clients, retain existing clients, and increase usage of our products and services, and we cannot be sure that we will be successful in these efforts. As we expand our business operations and potentially enter new markets, new challenges in attracting and retaining clients will arise that we may not successfully address.

We believe we are developing a trusted brand that has contributed to the success of our business. We believe that maintaining and promoting our brand in a cost-effective manner is critical to achieving widespread acceptance of our products and services and expanding our base of clients. Maintaining, promoting, and positioning our brand and reputation will depend on our ability to continue providing useful, reliable, secure, and innovative products and services; to maintain trust and remain a financial services leader; and to provide a consistent, high-quality client experience. We may introduce, or make changes to, features, products, services, privacy practices, or terms of service that clients do not like, which may materially and adversely affect our brand. Our brand promotion activities may not generate client awareness or increase revenue, and even if they do, any increase in revenue may not offset the expenses we incur in building our brand. If we fail to successfully promote and maintain our brand or if we incur excessive expenses in this effort, our business could be materially and adversely harmed. Harm to our brand can arise from many sources, including failure by us or our partners and service providers to satisfy expectations of service and quality, inadequate protection or actual or perceived misuse of personally identifiable information, compliance failures and claims, regulatory inquiries and enforcement, rumors, litigation and other claims, misconduct by our partners, personnel or other counterparties, and actual or perceived failure to adequately address the environmental, social, and governance expectations of our various stakeholders, any of which could lead to a tarnished reputation and loss of clients. We may in the future be the target of incomplete, inaccurate, and misleading or false statements about our company and our business that could damage our brand and deter clients from adopting our services. Any negative publicity about our industry or our company, the quality and reliability of our products and services, our compliance and risk management processes, changes to our products and services, our privacy, data protection, and information security practices, litigation, regulatory licensing and infrastructure, and the experience of our clients with our products or services could adversely affect our reputation and the confidence in and use of our products and services. If we do not successfully maintain a strong and trusted brand, our business, financial condition, and results of operations could be materially and adversely affected.

As a financial services company, our business, results of operations and reputation are directly affected by elements beyond our control, such as macroeconomic and geopolitical conflicts that might affect the volatility in financial markets. In particular, market volatility can decrease investor appetite in the private market and increase liquidity risks to private equity valuations given uncertainty around settlement prices for illiquid assets. Weaknesses in public and private equity markets could also cause our existing clients to incur losses, which in turn could cause our brand and reputation to suffer.

We operate and serve investors in foreign jurisdictions, and our business is subject to the laws and requirements of each jurisdiction in which we operate. Issuers, buyers and sellers from over 80 jurisdictions have transacted on our platform since inception as of December 31, 2024 (including the historical business and companies we have acquired on a pro forma basis). While our operations are chiefly located in the United States and the majority of our trading revenues are derived from transactions involving U.S. issuers, we have and may continue to expand internationally in order to match the global demand for our products and services. These international expansion efforts include Forge Europe, which operates in Germany and the UK through our subsidiaries Forge Europe GmbH ("Forge GmbH") and Forge Europe UK Ltd ("Forge UK"), respectively. Forge GmbH has registered with the Federal Financial Supervisory Authority ("BaFin") as a tied agent to provide investment brokerage services in Germany exclusively under the license and liability of Effecta GmbH, an independent third-party which is registered with BaFin as an investment firm. In addition, Forge UK, a wholly owned subsidiary of Forge GmbH, is an appointed representative of Sapeno Partners LLC, an independent third-party which is authorized and regulated by the Financial Conduct Authority to facilitate transactions in securities. Accordingly, the ability of Forge GmbH and Forge UK to conduct their business is dependent on the good standing of the principal firms under whose license we operate in the respective jurisdiction, and any suspension or other restriction on their licenses may have a material adverse effect on our expansion efforts and restrict our ability to operate in the respective jurisdiction. There is risk that local regulators may determine we are not in compliance with applicable local laws and regulations. In such cases, we may be subject to material fines and penalties, and may need to materially modify, limit, or cease operations in that jurisdiction. In addition, if we change or expand our business activities, we may be required to obtain additional licenses or registrations before we can engage in those activities in each jurisdiction, which could cause us to incur substantial compliance costs. If we apply for a new license or registration, a regulator may determine that we were required to do so at an earlier point in time, and as a result, may impose penalties or refuse to issue the license, which could require us to materially modify, limit, or cease our activities in the relevant jurisdiction. We may be required to pay substantial penalties imposed by those regulators due to compliance errors, or we may lose our license or our ability to do business in the jurisdiction otherwise may be impaired. Fines and penalties incurred in one jurisdiction may cause investigations or other actions by regulators in other jurisdictions. This could be detrimental to our business, resulting in lost revenue, fines, or other adverse consequences. In addition, the jurisdictions that currently do not provide extensive regulation of our business may later choose to do so, and if such jurisdictions so act, we could incur substantial compliance costs and may not be able to obtain or maintain all requisite licenses and permits, which could require us to modify, limit, or cease our activities in the relevant jurisdiction or jurisdictions. In addition to regulatory risks, there are significant risks and costs inherent in doing business in international markets, including: - difficulty establishing and managing international operations and the increased operations, travel, infrastructure, and legal and compliance costs associated with locations in different countries or regions;- difficulties or delays in obtaining and/or maintaining the regulatory permissions, authorizations, licenses, or consents that may be required to offer certain products in one or more international markets;- difficulties in managing multiple regulatory relationships across different jurisdictions on complex legal and regulatory matters;- difficulties in identifying and obtaining appropriate local foreign counsel in the jurisdictions in which we operate or plan to operate;- if we were to engage in any merger or acquisition activity internationally, this is complex and would be new for us and subject to additional regulatory scrutiny;- the need to vary products, pricing, and margins to effectively compete in international markets;- the need to adapt and localize products for specific countries, including obtaining rights to third-party intellectual property used in each country;- increased competition from local providers of similar products and services;- the challenge of positioning our products and services to meet a demand in the local market;- the ability to obtain, maintain, protect, defend, and enforce intellectual property rights abroad;- the need to offer client support and other aspects of our offering (including websites, articles, blog posts, and client support documentation) in various languages;- compliance with anti-bribery laws and the potential for increased complexity due to the requirements on us as a group to follow multiple rule sets;- maintaining risk management frameworks, and adhering to appropriate global and local regulatory risk management guidelines, prudential rules, and control standards. - complexity and other risks associated with current and future legal requirements in other countries, including laws, rules, regulations, and other legal requirements related to cybersecurity and data privacy frameworks and labor and employment laws;- the need to enter into new business partnerships with third-party service providers in order to provide products and services in the local market, which we may rely upon to be able to provide such products and services or to meet certain regulatory obligations;- varying levels of internet technology adoption and infrastructure, and increased or varying network and hosting service provider costs and differences in technology service delivery in different countries;- fluctuations in currency exchange rates and the requirements of currency control regulations, which might restrict or prohibit conversion of other currencies into U.S. dollars;- taxation of our international earnings and potentially adverse tax consequences due to requirements of or changes in the income and other tax laws of the United States or the international jurisdictions in which we operate; and - political or social unrest or economic instability in a specific country or region in which we operate. We have limited experience with international regulatory environments and market practices, and we may not be able to penetrate or successfully operate in the markets we choose to enter. In addition, we may incur significant expenses as a result of our international expansion, and we may not be successful. We also may fail to sufficiently adapt our offerings in terms of language, culture, issuer operations, stockholder behaviors, investor preferences, or otherwise, which would limit or prevent our success in entering new markets.