Grid Dynamics Holdings (GDYN) Risk Analysis

We are subject to the U.S. Foreign Corrupt Practices Act of 1977 (the "FCPA"), the U.S. domestic bribery statute contained in 18 U.S.C. § 201, the United Kingdom Bribery Act 2010, as well as other anti-bribery, anti-corruption laws and anti-money laundering laws in countries where we conduct our activities. Anti-corruption and anti-bribery laws have been enforced aggressively in recent years and are interpreted broadly to generally prohibit companies, their employees, agents, and other third-party intermediaries from authorizing, offering, or providing, directly or indirectly, improper payments or benefits to recipients in the public or private sector. In many parts of the world, local business customs and practices may not strictly conform with anti-corruption laws and regulations to which we are subject. Through our employees, agents, and other third-party intermediaries, we may have direct or indirect interactions with government officials, state-owned or affiliated entities and we may be held liable for their corrupt or other illegal activities even if we do not explicitly authorize such activities. We cannot assure you that all of our employees, agents, or other third-party intermediaries will not take actions in violation of applicable law for which we may be ultimately held responsible. As we increase our international sales and business, our risks under these laws may increase. These laws also require that we keep accurate books, records, and maintain internal controls and compliance procedures designed to prevent any such actions. Our policies and procedures are designated to comply with such laws. Any violations of the FCPA, and other laws, regulations and sanctions, and our compliance policies and procedures by our employees, agents, or other third-party intermediaries may expose us to liability, including administrative, civil or criminal penalties, or fines, which may have an adverse effect on our reputation, business, results of operations, and prospects. Responding to any investigation or action may also result in a materially significant diversion of management's attention and resources, significant defense costs and other professional fees.

Wages and other compensation costs in the countries in which we maintain significant operations and delivery centers are lower than comparable wage costs in more developed countries. However, wages in the technology industry in these countries may increase at a faster rate than in the past, which may make us less competitive unless we are able to increase the efficiency and productivity of our people. If we increase operations and hiring in more developed economies, our compensation expenses will increase because of the higher wages demanded by technology professionals in those markets. Wage inflation, whether driven by competition for talent, ordinary course pay increases or otherwise, could increase our cost of services as well as selling, general and administrative expenses and reduce our profitability if we are not able to pass those costs on to our customers or charge premium prices when justified by market demand. In addition, we have granted certain equity-based awards under our equity incentive plans and expect to continue doing so. For the years ended December 31, 2024, 2023, and 2022 we recorded $34.2 million, $35.5 million, and $61.0 million respectively, of stock-based compensation expense related to the grant of equity-based awards. If we do not grant equity awards, or if we reduce the value of equity awards we grant, we may not be able to attract, hire and retain key personnel. If we grant more equity awards to attract, hire and retain key personnel, the expenses associated with such additional equity awards could materially adversely affect our results of operations. If the anticipated value of these equity awards does not materialize because of volatility or lack of positive performance in our stock price, we may be unable to retain our key personnel or attract and retain new key employees in the future, in which case our business may be severely disrupted and our ability to attract and retain personnel could be adversely affected. The issuance of equity-based compensation may also result in dilution of our common stock.

We receive, store and process personal information from and about customers, employees and contractors. Our handling of such information is subject to a variety of laws and regulations, including regulation by various government agencies and various state, local and foreign agencies, as well as contractual obligations and certain industry standards with which we undertake to comply. The privacy, data protection, and cybersecurity regulatory landscape is evolving rapidly, creating potentially conflicting legal obligations across jurisdictions; this may result in ever-increasing regulatory and public scrutiny and potentially escalating levels of enforcement and sanctions for failures to comply with applicable requirements. For example, the European Union's General Data Protection Regulation ("GDPR") has a significant impact on how businesses can collect, process, use and transfer the personal data of individuals in the European Economic Area ("EEA"), and it imposes significant penalties for non-compliance (up to the greater of €20 million or 4% of global annual turnover). We rely upon the European Union-approved standard contractual clauses ("EU SCCs") to legitimize transfers of EEA personal data to third countries, including the United States; however, the EU SCCs have been the subject of ongoing legal challenges and may in the future be modified or invalidated as a result of such challenges. In that event we may be unsuccessful in maintaining legitimate means for the transfer and receipt of personal data from the EEA, which could adversely impact our business operations and financial condition and potentially subject us to regulatory or other enforcement proceedings. Additionally, the United Kingdom has enacted legislation that substantially implements the GDPR, including similar penalties, and has issued UK-specific standard contractual clauses. We may experience additional costs or other operational challenges (e.g., contract renegotiation) associated with our efforts to comply with these new requirements relating to cross-border data transfers from the EEA, Switzerland, or the United Kingdom to the U.S., or otherwise to comply with GDPR. We may face the risk of enforcement action or other liabilities should our efforts in this regard fail. Any such enforcement action or liability could result in substantial costs and diversion of resources, distract management and technical personnel, require changes to our handling of personal data, and negatively affect our business, operating results, financial condition or reputation. In the U.S., California and other states have enacted so-called "comprehensive" privacy laws that impose detailed privacy and security obligations of entities handling certain personal information of state residents, including requiring covered companies to provide certain disclosures and to afford consumers certain rights - such as the right to request deletion of their personal information. California's law came into effect on January 1, 2020, and other states' laws, including laws in Virginia, Colorado, Utah, and Connecticut, have come into effect since. Numerous other states have enacted similar legislation that is set to become effective in 2024 through 2026. Other states have passed more data- or sector-specific types of privacy legislation. Aspects of these state laws, and their interpretations remain unclear, and their implementation or enforcement uncertain. We cannot fully predict the impact of these laws on our business or operations, but developments regarding these and other privacy and data protection laws and regulations around the world may require us to modify our data collection and processing practices and policies and to incur substantial additional costs and expenses in an effort to maintain compliance on an ongoing basis. Other countries and jurisdictions throughout the world are considering or enacting laws and regulations requiring the local storage of data. We have been undertaking measures in an effort to comply with these and other applicable privacy and data protection laws and regulations, and such efforts may require us to incur substantial operational costs. The costs of our measures designed to comply with, and other burdens imposed by, such laws, regulations and policies that are applicable to us may limit the use and adoption of our products and solutions, alter the way we conduct business and/or could otherwise have a material adverse impact on our results of operations. For example, we may find it necessary to establish systems to maintain data originated in certain jurisdictions within those jurisdictions, which may involve substantial expense and distraction from other aspects of our business. Further, the costs of compliance with, and other burdens imposed by, such laws, regulations and policies that are applicable to us, may limit the use and adoption of our products and solutions and could have a material adverse impact on our results of operations. Any failure or perceived failure (including as a result of deficiencies in our policies, procedures or measures relating to privacy, data protection, cybersecurity, marketing or client communications) by us to comply with laws, regulations, policies, legal or contractual obligations, industry standards, or regulatory guidance relating to privacy, data protection or cybersecurity may result in governmental investigations and enforcement actions, litigation, fines and penalties or adverse publicity and could cause our clients to lose trust in us, which could have a material adverse effect on our reputation, business, financial condition and results of operations. We expect that there will continue to be new proposed laws, regulations and industry standards relating to privacy, data protection, cybersecurity, marketing, consumer communications and information security in the U.S., the European Union, Russia and other jurisdictions, and we cannot determine the impact such future laws, regulations and standards may have on our business. Future laws, regulations, standards and other obligations or any changed interpretation or enforcement of existing laws or regulations could impair our ability to develop and market new services and maintain and grow our client base and increase revenue.

Our success largely depends on our ability to use and develop our technology, tools, code, methodologies and services without infringing the intellectual property rights of third parties, including patents, copyrights, trade secrets and trademarks. We may be subject to litigation involving claims of patent infringement or violation of other intellectual property rights of third parties. Our customer contracts often require us to indemnify clients who purchase our services and solutions against potential infringement of intellectual property rights, which subjects us to the risk of indemnification claims. These claims may require us to initiate or defend protracted and costly litigation on behalf of our clients, regardless of the merits of these claims and are often not subject to liability limits or exclusion of consequential, indirect or punitive damages. If any of these claims succeed, we may be forced to pay damages on behalf of our clients, redesign or cease offering the allegedly infringing services or solutions or obtain licenses for the intellectual property such services or solutions allegedly infringe. If we cannot obtain all necessary licenses on commercially reasonable terms or at all, our clients may be forced to stop using our services or solutions and may seek refunds of amounts they have paid us for such services or solutions. The holders of patents and other intellectual property rights potentially relevant to our service offerings may make claims that we infringe, misappropriate, or otherwise violate their intellectual property rights. There can be no assurance that we will be successful in defending against these allegations or reaching a business resolution that is satisfactory to us. Any intellectual property claim, with or without merit, could be very time-consuming and expensive to settle or litigate, could cause us to incur significant expenses, pay substantial amounts in damages, ongoing royalty or license fees, or other payments, require us to cease making, licensing or using our offerings that incorporate or use the challenged intellectual property, require us to re-engineer all or a portion of our business or require that we comply with other unfavorable terms. The costs of litigation are considerable, and such litigation may divert management and key personnel's attention and resources, which might seriously harm our business, financial condition and results of operations. Third parties making infringement claims may make it difficult for us to enter into royalty or license agreements which may not be available on commercially acceptable terms. Also, we may be unaware of intellectual property registrations or applications relating to our services that may give rise to potential infringement claims against us. There may also be technologies licensed to and relied on by us that are subject to infringement or other corresponding allegations or claims by third parties which may damage our ability to rely on such technologies. Parties making infringement claims may be able to obtain substantial damages for the infringement and an injunction to prevent us from delivering our services or using technology involving the allegedly infringing intellectual property if, as a result of a successful infringement claim, we are required to develop non-infringing technology or cease making, licensing or using products that have infringed a third party's intellectual property rights, all of which may be time-consuming and expensive. Protracted litigation could also result in existing or prospective clients deferring or limiting their purchase or use of our services or solutions until resolution of such litigation or could require us to indemnify our clients against infringement claims in certain instances. Any intellectual property claims or litigation, whether or not we ultimately win or lose, could damage our reputation and materially adversely affect our business, financial condition and results of operations.

Social and ethical issues relating to the use of new and evolving technologies such as AI in our offerings, particularly where the AI outputs may not align with our or our customers' expectations, may result in reputational harm and liability, and may cause us to incur additional research and development or other costs to resolve such issues. We are increasingly building AI into many of our offerings, including demand forecasting, and price, promotional, and supply chain optimization; we also use generative AI-based knowledge assistant and similar tools. As with many innovations, AI presents risks and challenges that could affect its adoption, and therefore our business. The use of AI presents emerging ethical issues and if we enable or offer solutions that draw controversy due to their perceived or actual impact on consumers or society, we may experience brand or reputational harm, competitive harm, or legal liability. Potential government regulation in the space of AI ethics may also increase the burden and cost of research and development in this area, subjecting us to brand or reputational harm, competitive harm or legal liability. Failure to address AI ethics issues by us or others in our industry could undermine public confidence in AI, in the use of AI within our industry, and slow adoption of AI in our services.

Our revenues have historically been highly dependent on a limited number of clients. For example, we generated approximately 55.7% and 56.1% of our revenues from our 10 largest clients during the years ended December 31, 2024 and 2023, respectively. During each of the years ended December 31, 2024 and 2023, we had one customer that accounted for 16.0% and 14.4% of our revenues, respectively. Since a substantial portion of our revenue is derived through time and materials contracts, which are mostly short-term in nature and cancellable by our customers on limited notice, a major client in one year may not provide the same level of revenues for us in any subsequent year. In addition, substantially all of our revenues is concentrated in our top four industry verticals: Retail; Technology, Media and Telecom; Finance; and CPG/Manufacturing. Our growth largely depends on our ability to diversify the industries in which we serve, continued demand for our services from clients in these industry verticals and other industries that we may target, and trends in these industries to outsource the type of services we provide. Our business is also subject to seasonal trends that impact our revenues and profitability between quarters, driven by the timing of holidays in the countries in which we operate and the U.S. retail cycle, which drives the behavior of several of our retail customers. A reduction in demand for our services and solutions caused by seasonal trends, downturns in any of our targeted industries, a slowdown or reversal of the trend to outsource IT services in any of these industries or the introduction of regulations that restrict or discourage companies from outsourcing IT services may result in a decrease in the demand for our services and could have a material adverse effect on our business, financial condition and results of operations.

Our clients are generally not obligated for any long-term commitments to us. Although a substantial majority of our revenues are generated from repeated business, which we define as revenues from a client that also contributed to our revenues during the prior year, our engagements with our clients are typically for projects that are singular in nature. In addition, our clients can terminate many of our master services agreements and work orders with or without cause, and in most cases without any cancellation charge. Therefore, we must continually seek to obtain new engagements with existing clients and secure new clients to expand our business. There are a number of factors relating to our clients that are outside of our control which might lead them to terminate a contract or project with us, including: - financial difficulties for the client;- a change in strategic priorities, resulting in elimination of the impetus for the project or a reduced level of technology spending;- a change in outsourcing strategy resulting in moving more work to the client's in-house technology departments or to our competitors;- the replacement by our clients of existing software with packaged software supported by licensors;- mergers, acquisitions and significant corporate restructurings; and - changes in the macroeconomic environment resulting in weak demand at our customers' business. Failure to perform or observe any contractual obligations could result in cancellation or nonrenewal of a contract, which could cause us to experience a higher than expected number of unassigned employees and an increase in our cost of revenues as a percentage of revenues, until we are able to reduce or reallocate our headcount. The ability of our clients to terminate agreements makes our future revenues uncertain. We may not be able to replace any client that elects to terminate or not renew its contract with us, which could materially adversely affect our revenues and our results of operations. In addition, some of our agreements specify that if a change of control of our company occurs during the term of the agreement, the client has the right to terminate the agreement. If any future event triggers any change-of-control provision in our client contracts, these master services agreements may be terminated, which would result in loss of revenues.

As most of our client projects are performed and invoiced on a time and materials basis, our management tracks and projects billable hours as an indicator of business volume and corresponding resource needs for IT professionals. To maintain our gross profit margins, we must effectively utilize our IT professionals, which depends on our ability to: - integrate and train new personnel;- efficiently transition personnel from completed projects to new assignments;- forecast customer demand for services; and - deploy personnel with appropriate skills and seniority to projects. If we experience a slowdown or stoppage of work for any client, or on any project for which we have dedicated personnel or facilities, we may be unable to reallocate these personnel or assets to other clients and projects to keep their utilization and productivity levels high. If we are unable to maintain appropriate resource utilization levels, our profitability may suffer.

Our success depends substantially upon the continued services of our senior executives and other key employees. If we lose the services of one or more of such senior executives or key employees, our business operations may be disrupted, and we may not be able to replace them easily or at all. In addition, competition for senior executives and key personnel in our industry is intense, and we may be unable to retain such personnel or attract and retain such personnel in the future, in which case our business may be severely disrupted.

In order for our contracts to be profitable, we must be able to accurately estimate our costs to provide the services required by the applicable contract and appropriately price our contracts. Such estimates and pricing structures used by us for our contracts are highly dependent on internal forecasts, assumptions and predictions about our projects, the marketplace, global economic conditions (including foreign exchange volatility) and the coordination of operations and personnel in multiple locations with different skill sets and competencies. Due to the inherent uncertainties that are beyond our control, we may underprice our projects, fail to accurately estimate the costs of performing the work or fail to accurately assess the risks associated with potential contracts. In select cases, we also offer volume discounts once a client reaches certain contractual spend thresholds, which may lower the reference price for a client or result in a loss of profits if we do not accurately estimate the number of discounts to be provided. We may not be able to recognize revenues from fixed-fee contracts in the period in which our services are performed, which may cause our margins to fluctuate. Any increased or unexpected costs, delays or failures to achieve anticipated cost savings, we encounter in connection with the performance of our contracts, including those caused by factors outside our control, could make these contracts less profitable or unprofitable.

We operate globally and as a result our business, revenues and profitability are impacted by global macroeconomic conditions. Our operations have been, and could be, affected by general economic and market conditions, including, among others, inflation rate fluctuations, interest rates, tax rates, economic downturns and uncertainty, market volatility, fluctuations in consumer spending, political instability, changes in laws and global trade policies, tariffs and sanctions. Further, a federal government shutdown resulting from failing to pass budget appropriations, adopt continuing funding resolutions, or raise the debt ceiling, and other budgetary decisions limiting or delaying deferral government spending, may negatively impact U.S. or global economic conditions, including corporate and consumer spending, and liquidity of capital markets. Such economic volatility could adversely affect our clients' business, as well as our business, financial condition, results of operations and cash flows, and future market disruptions could negatively impact us. Because of our concentration on our clients' capital-intensive digital transformation programs, our clients, and therefore our business, may be particularly sensitive to rising interest rates. Geopolitical destabilization could continue to impact global currency exchange rates, commodity prices, trade and movement of resources, which may adversely affect the technology spending of our clients and potential clients.