SoFi (SOFI) Risk Analysis

We are currently not deemed to be an "investment company" subject to regulation under the Investment Company Act of 1940, as amended (the "Investment Company Act"). No opinion or no-action position has been requested of the SEC on our status as an Investment Company. There is no guarantee we will continue to be exempt from registration under the Investment Company Act and were we to be deemed to be an investment company under the Investment Company Act, and thus subject to regulation under the Investment Company Act, the increased reporting and operating requirements could have an adverse impact on our business, operating results, financial condition and prospects. In addition, if the SEC or a court of competent jurisdiction were to find that we are in violation of the Investment Company Act for having failed to register as an investment company thereunder, possible consequences include, but are not limited to, the following: (i) the SEC could apply to a district court to enjoin the violation; (ii) we could be sued by investors in us and in our securities for damages caused by the violation; and (iii) any contract to which we are a party that is made in, or whose performance involves a, violation of the Investment Company Act would be unenforceable by any party to the contract unless a court were to find that under the circumstances enforcement would produce a more equitable result than nonenforcement and would not be inconsistent with the purposes of the Investment Company Act. Should we be subjected to any or all of the foregoing, our business would be materially and adversely affected.

The financial services industry is subject to extensive regulation and oversight under federal, state, and applicable international laws. From time to time, in the normal course of business, we have received and may receive or be subject to inquiries or investigations by state and federal regulatory or enforcement agencies and bodies, such as the CFPB, SEC, the Federal Reserve, the OCC, the FDIC, the FHFA, the VA, the state attorneys general, state financial regulatory agencies, other state or federal agencies and SROs like FINRA. We also have in the past and may in the future receive inquiries from state regulatory agencies regarding requirements to obtain licenses from or register with those states, including in states where we have previously determined that we are not required to obtain such a license or be registered with the state. In addition, we have been threatened with or named as a defendant in lawsuits, arbitrations and administrative claims involving securities, consumer financial services and other matters. We are also subject to periodic regulatory examinations and inspections. Compliance and trading problems or other deficiencies or weaknesses that are reported to regulators, such as the OCC, SEC, FINRA, the CFPB or state regulators, by dissatisfied customers or others, or that are identified by regulators themselves, are investigated by such regulators, and may, if pursued, result in formal claims being filed against us by customers or disciplinary action being taken against us or our employees by regulators or enforcement agencies. In addition, we could be required to disclose such federal, state, or local government actions or court orders to the CFPB's registry of corporate offenders that have broken consumer laws, which could be time-consuming and costly, increase our legal and compliance costs, increase demand on our systems and resources, and adversely impact our reputation. To resolve issues raised in examinations or other governmental actions, we may be required to take various corrective actions, including changing certain business practices, making refunds or taking other actions that could be financially or competitively detrimental to us. Any such inquiries, investigations, lawsuits, arbitrations, administrative claims or other inquiries have in the past and could in the future involve substantial time and expense to analyze and respond to, divert management's attention and other resources from running our business, and lead to fines, penalties, injunctive relief, and the need to obtain additional licenses that we do not currently possess. Our involvement in any such matters, whether tangential or otherwise and even if the matters are ultimately determined in our favor, could also cause significant harm to our reputation, lead to additional investigations and enforcement actions from other agencies or litigants, and further divert management attention and resources from the operation of our business. As a result, the outcome of legal and regulatory actions arising out of any state or federal inquiries we receive could have a material adverse effect on our business, financial condition or results of operations.

We operate in multiple jurisdictions and are subject to tax laws and regulations of the U.S. federal, state and local and non-U.S. governments. U.S. federal, state and local and non-U.S. tax laws and regulations are complex and subject to varying interpretations. U.S. federal, state and local and non-U.S. tax authorities may interpret tax laws and regulations differently than we do and challenge tax positions that we have taken. This may result in differences in the treatment of revenues, deductions, credits and/or differences in the timing of these items. The differences in treatment may result in payment of additional taxes, interest or penalties that could have an adverse effect on our financial condition and results of operations. Further, future changes to U.S. federal, state and local and non-U.S. tax laws and regulations could increase our tax obligations in jurisdictions where we do business or require us to change the manner in which we conduct some aspects of our business. Proposals to reform U.S. and foreign tax laws could significantly impact how U.S. multinational corporations are taxed on foreign earnings and could increase the U.S. corporate tax rate. Several of the proposals currently being considered, if enacted, could have an adverse impact on our future effective tax rate, income tax expense, and cash flows. Further, the Organisation for Economic Co-operation and Development (the "OECD") has issued guidelines that change long-standing tax principles and certain countries have adopted OECD guidelines. These guidelines create tax uncertainty as countries amend their tax laws to adopt certain parts of the guidelines.

We are subject to various privacy, information security and data protection laws, including requirements concerning security breach notification, and we could be negatively impacted by them. For example, we are subject to the GLBA and implementing regulations and guidance. Among other things, the GLBA (i) imposes certain limitations on the ability to share consumers' nonpublic personal information with nonaffiliated third parties and (ii) requires certain disclosures to consumers about our practices for the collection, sharing and safeguarding of their information and their right to "opt out" of the institution's disclosure of their personal financial information to nonaffiliated third parties (with certain exceptions). The GLBA and other state laws also require that we implement and maintain certain security measures, policies and procedures to protect personal information. Furthermore, legislators and/or regulators are increasingly adopting new and/or amending existing privacy, information security and data protection laws that potentially could have a significant impact on our current and planned privacy, data protection and information security-related practices; our policies and practices related to the collection, use, sharing, retention and safeguarding of consumer and/or employee information; and some of our current or planned business activities. New requirements, originating from new or amended laws, could also increase our costs of compliance and business operations and could reduce income from certain business initiatives. The CFPB, for example, finalized its Personal Financial Data Rights Rule, which could require us to build an application that allows our customers to obtain their personal financial information and for authorized third parties to obtain our customers' information. This could increase our compliance costs, volatility in our customer base, and the risk of fraudulent access to consumers' personal financial information. Compliance with current or future privacy, information security and data protection laws (including those regarding security breach notification) affecting customer and/or employee data to which we are subject could result in higher compliance and technology costs and could restrict our ability to provide certain products and services (such as products or services that involve sharing information with third parties or storing sensitive credit card information), which could materially and adversely affect our profitability. A failure by us or a third-party contractor providing services to us to comply with applicable data privacy and security laws, regulations, self-regulatory requirements or industry guidelines, or our terms of use with our users, may result in sanctions, statutory or contractual damages or litigation (including class actions) and may subject us to reputational harm. Additionally, there is always a danger that regulators can attempt to assert authority over our business in the area of privacy, information security and data protection. Furthermore, if our vendors and/or service providers are or become subject to laws and regulations in the jurisdictions that have enacted more stringent and expansive legislation applicable to privacy, information and/or data protection, the costs that these vendors and service providers must incur in becoming compliant may be passed along to us, resulting in increasing costs on our business. Concerns in our ability, perceived or otherwise, to protect the privacy and security of personal information may affect our ability to retain and engage new and existing members, clients, investors, and employees, and thereby affect our financial condition. Furthermore, failure to comply or perceived failure to comply with applicable privacy or data protection laws, rules, and regulations may subject us to examinations, investigations, and general heightened scrutiny that may cause us to modify or cease certain operations or practices, significant liabilities or regulatory fines, penalties or other sanctions. Any of these could damage our reputation and adversely affect our business, financial condition, and results of operations. Privacy requirements, including notice and opt-out requirements, under the GLBA and FCRA are enforced by the FTC, the OCC and by the CFPB through UDAAP and are a standard component of OCC and CFPB compliance and examinations. State entities also may initiate actions for alleged violations of privacy or security requirements under state law. Our failure to comply with privacy, information security and data protection laws could result in potentially significant regulatory investigations and government actions, litigation, fines or sanctions, consumer or merchant actions and damage to our reputation and brand, all of which could have a material adverse effect on our business. If we collect and process personal data relating to individuals in the EU or the United Kingdom (the "UK") as a result of either offering goods or services into the EU or UK, or monitoring the behavior of EU and UK individuals, we will be required to comply with stringent privacy and data protection laws. Within the EU, legislators have adopted the General Data Protection Regulation (the "EU GDPR"), which became effective in May 2018. The EU GDPR will impose additional obligations and risks upon our business when we collect and process personal data about individuals from the EU and UK, which may increase substantially the penalties to which we could be subject in the event of any noncompliance. For example, the EU GDPR imposes a broad range of strict requirements on companies subject to the EU GDPR, including requirements relating to having legal bases and conditions for processing personal data and transferring such personal data outside the European Economic Area ("EEA") or the UK, including to the U.S., providing details to those individuals regarding the processing of their personal data, keeping personal data secure, having data processing agreements with third parties who process personal data, responding to individuals' requests to exercise their rights in respect of their personal data, where required reporting security breaches involving personal data to the competent national data protection authority and affected individuals, where required, appointing data protection officers, where required conducting data protection impact assessments for high risk processing, and record-keeping. We may incur substantial expense in complying with obligations imposed by the EU GDPR and we may be required to make significant changes in our business operations, all of which may adversely affect our revenues and our business overall. In addition, further to the UK's exit from the EU on January 31, 2020, the EU GDPR ceased to apply in the UK at the end of the transition period on December 31, 2020. However, as of January 1, 2021, the UK's European Union (Withdrawal) Act 2018 incorporated the GDPR (as it existed on December 31, 2020 but subject to certain UK specific amendments) into UK law, referred to as the "UK GDPR". The UK GDPR and the UK Data Protection Act 2018 set out the UK's data protection regime, which is independent from but aligned to the EU's data protection regime. Noncompliance with the UK GDPR may result in significant monetary penalties. Although the UK is regarded as a third country under the EU GDPR, the EC has issued a decision recognizing the UK as providing adequate protection under the EU GDPR and, therefore, transfers of personal data originating in the EU to the UK remain unrestricted. The UK Government introduced a Data Protection and Digital Information Bill which failed in the UK legislative process. A new Data (Use and Access) Bill ("UK Bill") has been introduced into parliament. If passed, the final version of the UK Bill may have the effect of further altering the similarities between the UK and EEA data protection regime and threaten the UK Adequacy Decision from the EC. Further, this may lead to additional compliance costs and could increase our overall risk. Like the EU GDPR, the UK GDPR restricts personal data transfers outside the UK to countries not regarded by the UK as providing adequate protection. The UK government has confirmed that personal data transfers from the UK to the EEA remain free flowing. In addition, around the world many jurisdictions outside of Europe are also considering and/or have enacted comprehensive data protection legislation. For example, we are subject to stringent privacy and data protection requirements in Hong Kong. Also, many jurisdictions where we may seek to expand our business in the future are also considering and/or have enacted comprehensive data protection legislation. Additional jurisdictions with stringent data protection laws include Brazil and China. The regulatory framework governing the collection, processing, storage, use and sharing of certain information, particularly financial and other personal information, is rapidly evolving and is likely to continue to be subject to uncertainty and varying interpretations. It is possible that these laws may be interpreted and applied in a manner that is inconsistent with laws in other jurisdictions or with our existing data management practices or the features of our services and platform capabilities. We therefore cannot yet fully determine the impact existing and/or future laws, rules, regulations and industry standards may have on our business or operations. Any failure or perceived failure by us, or any third parties with which we do business, to comply with our posted privacy policies, changing consumer expectations, evolving laws, rules and regulations,industry standards, or contractual obligations to which we or such third parties are or may become subject, may result in actions or other claims against us by governmental entities or private actors, the expenditure of substantial costs, time and other resources or the imposition of significant fines, penalties or other liabilities. In addition, any such action, particularly to the extent we were found to be guilty of violations or otherwise liable for damages, would damage our reputation and adversely affect our business, financial condition and results of operations. Any such laws, rules, regulations and industry standards may be inconsistent among different jurisdictions, subject to differing interpretations or may conflict with our current or future practices. Additionally, our customers may be subject to differing privacy laws, rules and legislation, which may mean that they require us to be bound by varying contractual requirements applicable to certain other jurisdictions. Adherence to such contractual requirements may impact our collection, use, processing, storage, sharing and disclosure of various types of information including financial information and other personal information, and may mean we become bound by, or voluntarily comply with, self-regulatory or other industry standards relating to these matters that may further change as laws, rules and regulations evolve. Complying with these requirements and changing our policies and practices may be onerous and costly, and we may not be able to respond quickly or effectively to regulatory, legislative and other developments. These changes may in turn impair our ability to offer our existing or planned features, products and services and/or increase our cost of doing business. As we expand our customer base, these requirements may vary from customer to customer, further increasing the cost of compliance and doing business. We publicly post documentation regarding our practices concerning the collection, processing, use and disclosure of data. Although we endeavor to comply with our published policies and documentation, we may at times fail to do so or be alleged to have failed to do so. Any failure or perceived failure by us to comply with our privacy policies or any applicable privacy, security or data protection, information security or consumer-protection related laws, regulations, orders or industry standards could expose us to costly litigation, significant awards, fines or judgments, civil and/or criminal penalties or negative publicity, and could materially and adversely affect our business, financial condition and results of operations. The publication of our privacy policy and other documentation that provide promises and assurances about privacy and security can subject us to potential state and federal action if they are found to be deceptive, unfair, or misrepresentative of our actual practices, which could, individually or in the aggregate, materially and adversely affect our business, financial condition and results of operations.

We adjust our total number of members in the event a member is removed in accordance with our terms of service. This could occur for a variety of reasons-including fraud or pursuant to certain legal processes or if a member requests that we close their account in accordance with our terms of service-and, as our terms of service evolve together with our business practices, product offerings and applicable regulations, additional grounds for removing members from our total member count could occur. The determination that a member should be removed in accordance with our terms of service is subject to an evaluation process, following the completion, and based on the results, of which, relevant members and their associated products are removed from our total member count. However, depending on the length of the evaluation process, that removal may not take place in the same period in which the member was added to our member count or the same period in which the circumstances leading to their removal occurred. For this reason, our total member count in any one period may not yet reflect such adjustments. In any given period, we estimate that up to 10% of our members may be under evaluation for removal in accordance with our terms of service; however, we cannot assure you that this percentage in any period will not be more significant and have an adverse impact on our stock price or results of operations.

We service all of the personal loans we originate as well as certain loans originated by third parties and, in all material respects, all of the credit cards we issue, and we have limited experience with such servicing. We may begin servicing the student loans that we originate at some time in the future. We rely on sub-servicers to service all of our student loans and our home loans that we deliver to GSEs and do not sell servicing-released, and to perform certain back-up servicing functions with respect to our personal loans. In addition, we rely on third-party service providers to perform various functions relating to our loan origination and servicing business, including fraud detection, marketing, operational functions, cloud infrastructure services, information technology, telecommunications and processing remotely created checks. While we oversee these service providers to ensure they service our loans in accordance with our agreements and regulatory requirements, we do not have control over the operations of any of the third-party service providers that we utilize. In the event that a third-party service provider for any reason fails to perform such functions, including through negligence, willful misconduct or fraud, our ability to process payments and perform other operational functions for which we currently rely on such third-party service providers will suffer and our business, cash flows and future prospects may be negatively impacted. Such third-party service provider failures could also result in, among other things, increased regulatory scrutiny of our third-party service provider oversight, costly investigations, required corrective action and remediation, regulatory enforcement actions, class action lawsuits, and harm to our reputation. Any failure on our part or on the part of third parties on whom we rely to perform functions related to our servicing activities to properly service our loans or the loans originated by third parties could result in us being removed as the servicer on the loans, including loans financed by our warehouse facilities or sold into our whole loan sales channel and securitization transactions. If we fail to monitor our student loan sub-servicer and ensure that such sub-servicer complies with its obligations under state laws that require student loan servicers to be licensed, we may face civil claims for damages under such state laws. Because we receive revenue from such servicing activities, any such removal as the servicer or master servicer, could adversely affect our business, operating results, financial condition or prospects, as would the cost of onboarding a new servicer. Furthermore, we have agreed in our servicing agreements to service loans in accordance with the standards set forth therein and may be obligated to repurchase loans or indemnify the buyer of any such loans if we fail to meet those standards. Additionally, if one or more key third-party service providers were to cease to exist, to become a debtor in a bankruptcy or an insolvency proceeding or to seek relief under any debtor relief laws or to terminate its relationship with us, there could be delays in our ability to process payments and perform other operational functions for which we are currently relying on such third-party service provider, and we may not be able to promptly replace such third-party service provider with a different third-party service provider that has the ability to promptly provide the same services in the same manner and on the same economic terms. As a result of any such delay or inability to replace such key third-party service provider, our ability to process payments and perform other business functions could suffer and our business, cash flows and future prospects may be negatively impacted.

Galileo and Technisys revenue from clients is highly concentrated. There are inherent risks whenever a large percentage of net revenue is concentrated with a limited number of clients, including fluctuations in revenue, the loss of any one or more of those clients as a result of bankruptcy or insolvency proceedings involving the client, the loss of the client to a competitor, harm to that client's reputation or financial prospects or other reasons, including adverse general economic conditions affecting Galileo and Technisys clients many of which are fintechs and other financial services firms. Any reduction in the amount of revenues that we derive from these clients, without an offsetting increase in new sales to other clients, has had and could have a material adverse effect on our operating results in the future. A significant change in the liquidity or financial position of our clients could also have a material adverse effect on our liquidity and our future operating results. In addition, disruptions in the operations of certain of Galileo's key clients have had an adverse impact on Galileo, and any future disruptions in the operations of any key Galileo or Technisys clients could be material and have an adverse impact on our results of operations.

We have the option of pursuing a gain-on-sale origination model, the success of which is tied to our ability to finance the assets that we originate. Certain of our assets, however, are ineligible for sale to a whole loan buyer or securitization trust, or are ineligible for, or are subject to a lower advance rate under, warehouse funding, each of which has specific eligibility criteria for receivables it purchases or holds as collateral. Ineligible receivables include, among others, those in default or that are delinquent, receivables with defects in their origination or servicing, including fraud, or receivables generated under origination guidelines and credit policies that are no longer in effect. In addition, many of our warehouse funding sources contain excess concentration limits for loans in forbearance or with specific loan level characteristics such as time-to-maturity or loan type. Once these limits have been exceeded, the advance rate applied to those receivables becomes less advantageous to us. If we are unable to sell or reasonably fund these receivables, we are required to hold them on our consolidated balance sheet which, in sufficient volume, negatively impacts our financial condition. In addition to the receivables described above, we also hold on our consolidated balance sheet certain risk retention assets with respect to which we have a reduced ability to receive financing. These risk retention assets include residuals from our securitization trusts that are either ineligible for transfer or are subject to EU regulations. The illiquidity of these positions may negatively impact our financial condition.

We communicate certain ESG-related initiatives regarding our employees, climate-related commitments and goals, and other matters in our ESG Report, on our website, in our filings with the SEC, and elsewhere. These initiatives and commitments could be difficult to achieve and costly to implement. We could fail to achieve, or be perceived to fail to achieve, our ESG-related initiatives or commitments. In addition, we could be criticized for the timing, scope or nature of these initiatives, goals, or commitments, or for any revisions to them. To the extent that our required and voluntary disclosures about ESG matters change, we could be criticized for the accuracy, adequacy, or completeness of such disclosures. Our actual or perceived failure with respect to our ESG-related initiatives, goals, or commitments could negatively impact our reputation, result in ESG-focused investors not purchasing and holding our stock, or otherwise materially harm our business. We may be unable to satisfactorily meet evolving standards, regulations and disclosure requirements related to ESG. For example, a number of state legislators and regulators have adopted or are currently considering proposing or adopting other rules, regulations, directives, initiatives and laws requiring ESG-related disclosures or conduct, including California laws S.B. 253, S.B. 261 and A.B. 1305. The adoption of these and similar laws could require us to, among other things, expend material capital resources in connection with such compliance efforts. Furthermore, there continues to be a lack of consistent proposed climate change and ESG-related legislation and guidance, which creates regulatory and economic uncertainty. Such matters can affect the willingness or ability of investors to make an investment in our Company, as well as our ability to meet regulatory requirements. Any failure, or perceived failure, to meet evolving regulations and industry standards could have an adverse effect on us. In addition, in recent years "anti-ESG" sentiment has gained momentum across the U.S., with several states and Congress having proposed or enacted "anti-ESG" policies, legislation, or initiatives or issued related legal opinions, and President Trump having recently issued an executive order discouraging diversity equity and inclusion ("DEI") initiatives in the private sector. Such anti-ESG and anti-DEI-related policies, legislation, initiatives, litigation, legal opinions, and scrutiny could result in volatility of our stock price and the Company facing additional compliance obligations, becoming the subject of investigations and enforcement actions, or sustaining reputational harm.

Recent macroeconomic factors, such as elevated interest rates, global events and market volatility and general uncertainty, may cause the economy to enter into a period of slower economic growth or a recession, the length and severity of which cannot be predicted. Such uncertainty and negative trends in general economic conditions can have a significant negative impact on our ability to generate adequate revenue and to absorb expected and unexpected losses. Many factors, including factors that are beyond our control, may result in higher default rates by our members and non-payment by our technology platform clients, a decline in the demand for our products, and potentially impact our ability to make accurate credit assessments, lending decisions or technology platform client selections. Any of these factors could have a detrimental impact on our financial performance and liquidity. Our Lending and Financial Services segments may be particularly negatively impacted by worsening economic conditions that place financial stress on our members resulting in loan defaults or charge-offs. If a loan charges off while we are still the owner, the loan either enters a collections process or is sold to a third-party collection agency and, in either case, we will receive less than the full outstanding interest on, and principal balance of, the loan. Declining economic conditions may also lead to either decreased demand for our loans or demand for a higher yield on our loans, and consequently lower prices or a lower advance rate, from institutional whole loan purchasers, securitization investors and warehouse lenders on whom we rely for liquidity. The longevity and severity of a downturn or recession would also place pressure on lenders under our debt warehouses, whole loan purchasers and investors in our securitizations, each of whom may have less available liquidity to invest in our loans, and long-term market disruptions could negatively impact the securitization market as a whole. Although certain of our debt warehouses contain committed terms, there can be no assurance that our financing arrangements will remain available to us through any particular business cycle or be renewed on the same terms. The timing and extent of a downturn may also require us to change, postpone or cancel our strategic initiatives or growth plans to pursue shorter-term sustainability. The longer and more severe an economic downturn, the greater the potential adverse impact on us. Our Technology Platform segment is also susceptible to worsening economic conditions that place financial stress on our current clients using our platform as a service products and services and potential new clients interested in such services. These clients and potential clients may experience liquidity and other financial issues or strategically slowdown growth, any of which could lead them to decrease or terminate their use of our technology platform services or delay or reject implementation of new or expanded products and services. Any such actions with respect to our technology platform products and services could have an adverse impact on our business. There can be no assurance that economic conditions will be favorable for our business, that interest in purchasing our loans by financial institutions or investment by clients in our platform as a service products and services will remain at current levels, or that default rates by our members or instances of non-payment by our technology platform clients will not increase. Reduced demand, lower prices or a lower advance rate for our loan products from institutional whole loan purchasers, securitization investors and warehouse lenders, increased default rates by our members, and reduced demand, lower prices and increased non-payment by our technology platform clients, may limit our access to capital, including debt warehouse facilities, securitizations and secured and unsecured borrowing facilities, and negatively impact our profitability. These impacts, in addition to limiting our access to capital and negatively impacting our profitability, could also in turn increase the volatility of the mark-to-market methodology we use to determine the fair value of the loans and credit card receivables we hold on balance sheet and consequently have a material adverse effect on our revenues, results of operations, capital requirements, liquidity and cash flows.

Events beyond our control may damage our ability to maintain our platform and provide services to our members. Such events include, but are not limited to, hurricanes, earthquakes, fires, floods and other natural disasters, public health crises, power or other outages, telecommunications failures and similar events. Despite any precautions we may take, system interruptions and delays could occur if there is a natural disaster, if a third-party provider closes a facility we use without adequate notice for financial or other reasons, or if there are other unanticipated problems at our leased facilities. Because we rely heavily on our servers, computer and communications systems and the Internet to conduct our business and provide high-quality service to our members, disruptions could harm our ability to effectively run our business. Moreover, our members and customers face similar risks, which could directly or indirectly impact our business. We currently use AWS and would be unable to switch instantly to another system in the event of failure to access AWS. This means that an outage of AWS could result in our system being unavailable for a significant period of time. Terrorism, cyberattacks and other criminal, tortious or unintentional actions could also give rise to significant disruptions to our operations. In addition, the long-term effects of climate change on the global economy and our industry in particular are unclear, however we recognize that there are inherent climate-related risks wherever business is conducted. For example, our offices may be vulnerable to the adverse effects of climate change. We have large offices located in the San Francisco Bay Area and Salt Lake City, Utah, regions that are prone to events such as seismic activity and severe weather, that have experienced and may continue to experience, climate-related events and at an increasing rate. Examples include drought and water scarcity, warmer temperatures, wildfires and air quality impacts and power shut-offs associated with wildfire prevention. The increasing intensity of drought throughout California and Utah and annual periods of wildfire danger increase the probability of planned power outages. Although we maintain a disaster response plan and insurance, such events could disrupt our business, the business of our partners or third-party suppliers, and may cause us to experience losses and additional costs to maintain and resume operations. Our business interruption insurance may not be sufficient to compensate us for losses that may result from interruptions in our service as a result of system failures or other disruptions. Comparable natural and other risks may reduce demand for our products or cause our members to suffer significant losses and/or incur significant disruption in their respective operations, which may affect their ability to satisfy their obligations towards us. All of the foregoing could materially and adversely affect our business, results of operations and financial condition.

Our ability to deliver products and services to our members and clients, and otherwise operate our business and comply with applicable laws, depends on the efficient and uninterrupted operation of our computer systems and third-party data centers, as well as third-party service providers. Our computer systems and third-party providers may encounter service interruptions at any time due to system or software failure or errors, employee misconfiguration of resources or misdirected communications, natural disasters, severe weather conditions, health pandemics, terrorist attacks, cyberattacks or other events. For example, in September 2023, the SoFi Invest platform experienced a service interruption that resulted in some of our members being unable to view certain of their account information and unable to buy and sell securities and other financial products on our platform for a period of time. Any such events, including persistent interruptions or perceptions of such interruptions whether true or not, in our products and services could cause members to believe that our products and services are unreliable, leading them to switch to our competitors or to otherwise avoid our products and services, and otherwise have a negative effect on our business and technology infrastructure (including our computer network systems), which could lead to member dissatisfaction or long-term disruption of our operations. Additionally, our insurance policies might be insufficient to cover a claim made against us by any such members affected by any disruptions, outages, or other performance or infrastructure problems. Additionally, our reliance on third-party providers may mean that we will not be able to resolve operational problems internally or on a timely basis, as our operations will depend upon such third-party service providers communicating appropriately and responding swiftly to their own service disruptions through industry standard best practices in business continuity and/or disaster recovery. As a last resort, we may rely on our ability to replace a third-party service provider if it experiences difficulties that interrupt operations for a prolonged period of time or if an essential third-party service terminates. If these service arrangements are terminated for any reason without an immediately available substitute arrangement, our operations may be severely interrupted or delayed. If such interruption or delay were to continue for a substantial period of time, our business, prospects, financial condition and results of operations could be adversely affected. The implementation of technology changes and upgrades to maintain current and integrate new systems may cause service interruptions, transaction processing errors or system conversion delays and may cause us to fail to comply with applicable laws, all of which could have a material adverse effect on our business. We have made and expect to continue to make substantial and increasing investments in "observability", or the monitoring of our systems, but limitations or failures in those systems may exacerbate other problems by preventing us from anticipating or quickly detecting issues. In addition, our ability to monitor third party services and service providers is limited, and so our ability to anticipate, detect, and remediate anomalies in those services is also more limited when compared to our internal systems monitoring. Although our current use of artificial intelligence and machine learning is limited, our systems and those of our partners are increasingly reliant on artificial intelligence machine learning systems, which are complex and may have errors or inadequacies that are not easily detectable. These systems may inadvertently reduce the efficiency of our systems, or may cause unintentional or unexpected outputs that are incorrect, do not match our business goals, do not comply with our policies, or otherwise are inconsistent with our brands, guiding principles and mission. Errors or breakdowns in our machine learning systems could also result in damage to our reputation, loss of members, loss of revenue or liability for damages, any of which could adversely affect our growth prospects and our business. We expect that new technologies and business processes applicable to the financial services industry will continue to emerge and that these new technologies and business processes may be better than those we currently use. There is no assurance that we will be able to successfully adopt new technology as critical systems and applications become obsolete and better ones become available. A failure to maintain and/or improve current technology and business processes could cause disruptions in our operations or cause our solution to be less competitive, all of which could have a material adverse effect on our business.