Theravance Biopharma (TBPH) Risk Analysis

Prescription drug advertising and promotion are closely scrutinized by the FDA, including substantiation of promotional claims, disclosure of risks and safety information, and the use of themes and imagery in advertising and promotional materials. As with all companies selling and marketing products regulated by the FDA in the US, we are prohibited from promoting any uses of an approved product, such as YUPELRI, that are outside the scope of those uses that have been expressly approved by the FDA as safe and effective on the product's label. The manufacturing, labeling, packaging, adverse event reporting, advertising, promotion, and recordkeeping for an approved product remain subject to extensive and ongoing regulatory requirements. If we become aware of previously unknown problems with an approved product in the US or overseas or at a contract manufacturer's facilities, a regulatory authority may impose restrictions on the product, the contract manufacturers or on us, including requiring us to reformulate the product, conduct additional clinical studies, change the labeling of the product, withdraw the product from the market or require the contract manufacturer to implement changes to its facilities. We are also subject to regulation by regional, national, state, and local agencies, including the Department of Justice, the Federal Trade Commission, the Office of Inspector General of the US Department of Health and Human Services ("OIG") and other regulatory bodies with respect to any approved product, such as YUPELRI, as well as governmental authorities in those foreign countries in which any product is approved for commercialization. The Federal Food, Drug, and Cosmetic Act, the Public Health Service Act and other federal and state statutes and regulations govern to varying degrees the research, development, manufacturing, and commercial activities relating to prescription pharmaceutical products, including non-clinical and clinical testing, approval, production, labeling, sale, distribution, import, export, post-market surveillance, advertising, dissemination of information and promotion. If we or any third parties that provide these services for us are unable to comply, we may be subject to regulatory or civil actions or penalties that could significantly and adversely affect our business. Regulatory approval for our product candidates, if any, may include similar or other limitations on the indicated uses for which we can market our medicines or the patient population that may utilize our medicines, which may limit the market for our medicines or put us at a competitive disadvantage relative to alternative therapies. Failure to satisfy required post-approval requirements and/or commitments may have implications for a product's approval and may carry civil monetary penalties. Any failure to maintain regulatory approval will materially limit the ability to commercialize a product or any future product candidates and if we fail to comply with FDA regulations and requirements, the FDA could potentially take a number of enforcement actions against us, including the issuance of untitled letters, warning letters, preventing the introduction or delivery of the product into interstate commerce in the US, misbranding charges, product seizures, injunctions, and civil monetary penalties, which would materially and adversely affect our business and financial condition and may cause the price of our securities to fall. The risks identified in this risk factor relating to regulatory actions and oversight by agencies in the US and throughout the world also apply to the commercialization of any partnered products by our collaboration partners and those commercializing products with respect to which we have an economic interest or right to receive royalties, including GSK, and such regulatory actions and oversight may limit those parties' ability to commercialize such products, which could materially and adversely affect our business and financial condition, and which may cause the price of our securities to fall.

Prior to the sale of VIBATIV to Cumberland Pharmaceuticals Inc. ("Cumberland") in November 2018, we had certain price reporting obligations to the Medicaid Drug Rebate program and other governmental pricing programs, and we had obligations to report average sales price under the Medicare program. Following the consummation of the transaction with Cumberland, our price reporting obligations related to VIBATIV have been transitioned to Cumberland, and price reporting obligations for YUPELRI reside with Viatris. We retain certain obligations with respect to record retention for these programs. These programs included the following: - The Medicaid Drug Rebate program, under which a manufacturer is required to pay a rebate based on reported pricing data to each state Medicaid program for its covered outpatient drugs that are dispensed to Medicaid beneficiaries and paid for by a state Medicaid program as a condition of having federal funds made available to the states for the manufacturer's drugs under Medicaid and Medicare Part B. - The 340B Program, in which manufacturers must participate in order for federal funds to be available for the manufacturer's drugs under Medicaid and Medicare Part B. The 340B program requires participating manufacturers to agree to charge no more than the 340B "ceiling price" for the manufacturer's covered outpatient drugs to certain entities, and that price is calculated based on the information reported under the Medicaid Drug Rebate program. - Reporting of average sales price, which manufacturers report for certain categories of drugs that are paid under the Medicare Part B program to CMS on a quarterly basis and which CMS may use in determining payment rates for drugs under Medicare Part B. A manufacturer that becomes aware that its Medicaid reporting for a prior quarter was incorrect, or has changed as a result of recalculation of the pricing data, is obligated to resubmit the corrected data for up to three years after those data originally were due. Such restatements and recalculations increase the costs for complying with the laws and regulations governing the Medicaid Drug Rebate program and could result in an overage or underage in our rebate liability for past quarters. Price recalculations also may affect the 340B ceiling price and the average sales price. Manufacturers may need to make additional restatements beyond the three-year period. We may be liable for errors associated with our submission of pricing data for VIBATIV for historic periods, and we may retain some liability for price reporting by Cumberland for VIBATIV sold under our labeler code. In addition to retroactive rebates and the potential for 340B program refunds, if we are found to have knowingly submitted any false price information to the government, we may be liable for significant civil monetary penalties per item of false information. If we are found to have made a misrepresentation in the reporting of our average sales price, the Medicare statute provides for significant civil monetary penalties for each misrepresentation for each day in which the misrepresentation was applied. If we are found to have charged 340B covered entities more than the statutorily mandated ceiling price, we could be subject to significant civil monetary penalties and/or such failure also could be grounds for HRSA to terminate a manufacturer's agreement to participate in the 340B program, in which case covered outpatient drugs under our labeler code may no longer be eligible for federal payment under the Medicaid or Medicare Part B program. If we are found to have not submitted required price data on a timely basis, that could result in a significant civil monetary penalty per day for each day the information is late beyond the due date. In order to be eligible to have its products paid for with federal funds under the Medicaid and Medicare Part B programs and purchased by the Department of Veterans Affairs ("VA"), Department of Defense ("DoD"), Public Health Service, and Coast Guard (the "Big Four agencies") and certain federal grantees, a manufacturer is required to list its innovator products on a VA Federal Supply Schedule ("FSS") contract and charge a price to the Big Four agencies that is no higher than the Federal Ceiling Price ("FCP"), which is a price calculated pursuant to a statutory formula. In addition, manufacturers must submit to the VA quarterly and annual "non-federal average manufacturer price" ("Non-FAMP") calculations for each NDC-11 of their innovator drugs. Under Section 703 of the National Defense Authorization Act for FY 2008, the manufacturer is required to pay quarterly rebates to DoD on utilization of its innovator products that are dispensed through DoD's Tricare network pharmacies to Tricare beneficiaries. Individual states in the US, as noted, have also passed legislation and implemented regulations designed to control pharmaceutical and biological product pricing, including establishing Prescription Drug Affordability Boards (or similar entities) to review high-cost drugs and, in some cases, set upper payment limits and implementing marketing cost disclosure and transparency measures. Some states require the submission of reports related to pricing information, including based on the introduction of new prescription drugs, certain increases in wholesale acquisition cost of prescription drugs, marketing of prescription drugs within the state, and sales of prescription drugs in or into the state. Some states may pursue available enforcement measures, including imposition of civil monetary penalties, for a manufacturer's failure to report such information.

We are incorporated in the Cayman Islands, maintain subsidiaries in the Cayman Islands (until December 2020), the US, and Ireland, and effective July 1, 2015, we migrated our tax residency from the Cayman Islands to Ireland. Due to economic and political conditions, various countries are actively considering changes to existing tax laws. We cannot predict the form or timing of potential legislative changes that could have a material adverse impact on our results of operations. Ireland has implemented further tax law changes through the Finance Act 2021 to comply with the European Union Anti-Tax Avoidance Directives. Changes to date, including reverse-hybrid mismatch and interest limitation rules, are not expected to have a material impact on our tax position. In April 2020, we became aware of a withholding tax regulation that could be interpreted to apply to certain of our previous intra-group transactions. Additional draft guidance on this withholding tax regime was released in late 2020 and early 2021, and based on our analysis of this guidance, we do not believe the exposure to be material. We continue to monitor the evolving legislation relating to this matter and will consider its impact on our consolidated financial statements. In addition, significant judgment is required in determining our worldwide provision for income taxes. Various factors may have favorable or unfavorable effects on our income tax rate including, but not limited to the performance of certain functions and ownership of certain assets in tax-efficient jurisdictions such as the Cayman Islands and Ireland, together with intra-group transfer pricing agreements. Taxing authorities may challenge our structure and transfer pricing arrangements through an audit or lawsuit. Responding to or defending such a challenge could be expensive and consume time and other resources, and divert management's time and focus from operating our business. We cannot predict whether taxing authorities will conduct an audit or file a lawsuit challenging this structure, the cost involved in responding to any such audit or lawsuit, or the outcome. We may be required to pay taxes for prior periods, interest, fines or penalties, and may be obligated to pay increased taxes in the future which could result in reduced cash flows and have a material adverse effect on our business, financial condition and growth prospects.

We are subject to data protection laws and regulations (i.e., laws and regulations that address privacy and data security). In the US, numerous federal and state laws, and regulations, including state data breach notification laws, state health information and/or genetic privacy laws, and federal and state consumer protection laws (e.g., Section 5 of the FTC Act and the Health Breach Notification Rule), govern the collection, use, disclosure, and protection of health related and other personal information. In California, the California Consumer Privacy Act, as amended by the California Privacy Rights Act, ("CCPA") establishes certain requirements for data use and sharing transparency, and provides California consumers certain rights concerning the use, disclosure, and retention of their personal data. Virginia, Colorado, Utah, Indiana, Iowa, Tennessee, Montana, Texas, and Connecticut have enacted privacy laws similar to the CCPA that impose new obligations or limitations in areas affecting our business. Health-specific consumer privacy laws were also passed in multiple states, including Washington and Nevada. These laws and regulations are evolving and subject to interpretation and may impose limitations on our activities or otherwise adversely affect our business. The obligations to comply with the CCPA and evolving legislation involve, among other things, updates to our notices and the development of new processes internally and with our partners. We may be subject to fines, penalties, or private actions in the event of non-compliance with such laws. In addition, we may obtain health information from third parties (e.g., healthcare providers who prescribe our products) that are subject to privacy and security requirements under the Health Insurance Portability and Accountability Act of 1996, the Health Information Technology for Economic and Clinical Health Act, and their implementing regulations, (collectively, "HIPAA"). HIPAA imposes privacy and security obligations on covered entity health care providers, health plans, and health care clearinghouses, as well as their "business associates"-certain persons or entities that create, receive, maintain, or transmit protected health information in connection with providing a specified service or performing a function on behalf of a covered entity. Although we are not directly subject to HIPAA, we could be subject to criminal penalties if we knowingly receive individually identifiable health information maintained by a HIPAA covered entity in a manner that is not authorized or permitted by HIPAA. Further at the federal level, the Federal Trade Commission ("FTC") also sets expectations for failing to take appropriate steps to keep consumers' personal information secure, or failing to provide a level of security commensurate to promises made to individual about the security of their personal information (such as in a privacy notice) may constitute unfair or deceptive acts or practices in violation of Section 5(a) of the Federal Trade Commission Act ("FTC Act"). The FTC expects a company's data security measures to be reasonable and appropriate in light of the sensitivity and volume of consumer information it holds, the size and complexity of its business, and the cost of available tools to improve security and reduce vulnerabilities. Individually identifiable health information is considered sensitive data that merits stronger safeguards. With respect to privacy, the FTC also sets expectations that companies honor the privacy promises made to individuals about how the company handles consumers' personal information; any failure to honor promises, such as the statements made in a privacy policy or on a website, may also constitute unfair or deceptive acts or practices in violation of the FTC Act. While we do not intend to engage in unfair or deceptive acts or practices, the FTC has the power to enforce promises as it interprets them, and events that we cannot fully control, such as data breaches, may result in FTC enforcement. Enforcement by the FTC under the FTC Act can result in civil penalties or enforcement actions. The FTC also has the power to enforce the Health Breach Notification Rule, which imposes notification obligations on companies for breaches of certain health information contained in personal health records. The FTC has brought enforcement actions under both Section 5 of the FTC Act and the Health Breach Notification Rule. EU Member States and other jurisdictions where we operate, such as Switzerland and the UK, have adopted data protection laws and regulations, which impose significant compliance obligations. For example, the General Data Protection Regulation including the local implementation legislation in EU member states and the UK (collectively "GDPR"), imposes strict obligations and restrictions on the ability to collect, analyze, use, store, disclose. transfer or otherwise process personal data, including health data from clinical trials subjects and adverse event reporting. Switzerland has adopted laws that impose restrictions and obligations similar to the GDPR. The GDPR and Switzerland's data protection laws impose a broad range of requirements and obligations relating to the processing and protection of personal data, including obligations to having legal bases for processing personal data (which may result in some instances in obtaining the consent of the individuals to whom the personal data relate), providing detailed information about the processing activities to the individuals, ensuring that personal data is deleted or anonymized after they are no longer needed for the purposes for which they are collected, ensuring that personal data are adequately protected, ensuring that security incidents are detected, handled and reported to individuals and competent authorities where required, and allowing individuals to exercise their privacy rights. Other obligations relate to restrictions on sharing of personal data with third parties and transferring personal data out of the European Economic Area ("EEA"), Switzerland, or the UK to third countries including the US, having contracting arrangements in place where required (such as with clinical trial sites and vendors), appointing data protection officers, conducting data protection impact assessments, responding to privacy rights requests and keeping records of processing activities. Data protection authorities from the different EU Member States and the EEA may interpret the GDPR and applicable related national laws differently which could effectively result in requirements additional to those currently understood to apply under the GDPR. Further, the UK Government may amend/update UK data protection law, which may result in changes being required to our business operations and potentially incur commercial cost. In addition, guidance on implementation and compliance practices may be updated or otherwise revised, which adds to the complexity of processing personal data in the EEA and the UK. When processing personal data of subjects in the EU, we have to comply with applicable data protection and electronic communications laws. In particular, as we rely on service providers processing personal data of data subjects in the EU, we have to enter into suitable contract terms with such providers and receive sufficient guarantees that such providers meet the requirements of the applicable data protection laws, particularly the GDPR which imposes specific and relevant obligations. Enforcement by EU and UK regulators is active, and failure to comply with the GDPR or applicable Member State law may result in substantial fines. The GDPR increases substantially the penalties to which we could be subject in the event of any non-compliance, including fines of up to 10,000,000 Euros or up to 2% of our total worldwide annual turnover for certain comparatively minor offenses, or up to 20,000,000 Euros or up to 4% of our total worldwide annual turnover for more serious offenses. The GDPR also confers a private right of action on data subjects and consumer associations to lodge complaints with data protection authorities, seek judicial remedies, and obtain compensation for damages resulting from violations of the GDPR. With regard to transfer of personal data, the GDPR restricts the ability of companies to transfer personal data from the EU to the US and other countries, which may incur compliance costs for implementing lawful transfer mechanisms, conducting data transfer impact assessments, and implementing additional measures where necessary to ensure that personal data transferred are adequately protected in a manner essentially equivalent to the EU. The GDPR provides different transfer mechanisms we can use to lawfully transfer personal data from the EU to countries outside the EU. An example is relying on the EU Standard Contractual Clauses and the EU - US Data Privacy Framework. The suitability of Standard Contractual Clauses for data transfer in some scenarios has recently been the subject of legal challenge, and while the US and the EU reached agreement on the EU - US Data Privacy Framework, there are legal challenges to that data transfer mechanism as well. Compliance with EU data transfer obligations can be costly and time-consuming. Data importers must also expend resources in analyzing their ability to comply with transfer obligations, including implementing new safeguards and controls to further protect personal data. If we or our vendors fail to comply with applicable data privacy laws concerning, or if the legal mechanisms we or our vendors rely upon to allow, the transfer of personal data from the EEA or Switzerland to the US (or other countries not considered by the European Commission to provide an adequate level of data protection) are not considered adequate, we could be subject to government enforcement actions, including an order to stop transferring the personal data outside of the EEA and significant penalties against us. Moreover, our business could be adversely impacted if our ability to transfer personal data out of the EEA, the UK or Switzerland to the US is restricted, which could adversely impact our operating results. Failure to comply with data protection laws and regulations could result in unfavorable outcomes, including increased compliance costs, delays or impediments in the development of new products, increased operating costs, diversion of management time and attention, government enforcement actions and create liability for us (which could include civil, administrative, and/or criminal penalties), private litigation and/or adverse publicity that could negatively affect our operating results and business. These privacy and data protection laws and regulations increase our responsibility and liability in relation to personal data that we process and compliance has been and is expected to continue to be difficult, constantly evolving, costly and time-consuming. We may be required to expend significant capital and other resources to ensure ongoing compliance with applicable privacy and data protection laws, to protect against security incidents, or to alleviate issues caused by such incidents.

Our compounds in clinical trials are subject to the risks and failures inherent in the development of pharmaceutical products. These risks include, but are not limited to, the inherent difficulty in selecting the right drug and drug target and avoiding unwanted side effects, as well as unanticipated problems relating to product development, testing, enrollment, obtaining regulatory approvals, maintaining regulatory compliance, manufacturing, competition and costs and expenses that may exceed current estimates. Clinical studies involving our product candidate may reveal that it is ineffective, inferior to existing approved medicines, unacceptably toxic, or that they have other unacceptable side effects. In addition, the results of preclinical studies do not necessarily predict clinical success, and larger and later-stage clinical studies may not produce the same results as earlier-stage clinical studies. For example, despite promising early-stage studies, we previously announced that two late-stage clinical programs failed to meet their primary endpoints. There can be no assurance that our Phase 3 study for ampreloxetine will meet its primary endpoint, and developments and results from that study may be adverse or may be perceived to be adverse. Frequently, product candidates that have shown promising results in early preclinical or clinical studies have subsequently suffered significant setbacks or failed in later non-clinical or clinical studies. In some instances, there can be significant variability in safety and/or efficacy results between different trials of the same product candidate due to numerous factors, including changes in trial protocols, differences in size and type of the patient populations, varying levels of adherence to the dosing regimen and other trial protocols and the rate of dropout among clinical trial participants. Clinical and non-clinical studies of product candidates often reveal that it is not possible or practical to continue development efforts for these product candidates. In addition, the design of a clinical trial can determine whether its results will support regulatory approval and flaws in the design of a clinical trial may not become apparent until the clinical trial is well underway or completed. As our clinical studies for one of our prior product candidates suggested that our product candidate was not efficacious in the indications we were investigating, we chose to cease development of this product candidate. In addition, our product candidate may have undesirable side effects or other unexpected characteristics that could cause us or regulatory authorities to interrupt, delay or halt clinical trials and could result in a more restricted label or the delay or denial of regulatory approval by regulatory authorities.

The risks identified in the two preceding risk factors may also apply to the intellectual property protection efforts of our partners or future partners. To the extent the intellectual property protection of any partnered assets is successfully challenged or encounters problems with the US Patent and Trademark Office or other comparable agencies throughout the world, the future commercialization of these potential medicines could no longer be economically feasible. Any challenge to the intellectual property protection of a late-stage development or commercial-stage asset could harm our business and cause the price of our securities to fall.

We depend on independent clinical investigators, contract research and manufacturing organizations and other third-party service providers in the conduct of our non-clinical and clinical studies for our product candidates. We rely heavily on these parties for execution of our non-clinical and clinical studies, and control only certain aspects of their activities. Nevertheless, we are responsible for ensuring that our clinical studies are conducted in accordance with good clinical, laboratory and manufacturing practices ("GXPs") and other standards as required by the FDA and foreign regulatory authorities, and the applicable protocol. Failure by these parties to comply with applicable regulations and practices in conducting studies of our product candidates can result in a delay in our development programs or non-approval of our product candidates by regulatory authorities. The FDA, and equivalent authorities in other countries, enforce GXPs and other regulations through periodic inspections of trial sponsors, clinical research organizations ("CROs"), principal investigators and trial sites. If we or any of the third parties on which we have relied to conduct our clinical studies are determined to have failed to comply with GXPs (or other equivalent regulations outside the US), the study protocol or applicable regulations, the clinical data generated in our studies may be deemed unreliable. This could result in non-approval of our product candidates by the FDA, or equivalent authorities in other countries, or we, the FDA, or equivalent authorities in other countries may decide to conduct additional audits or require additional clinical studies, which would delay our development programs, could result in significant additional costs and cause the price of our securities to fall.

Our ability to succeed in the future depends on our ability to demonstrate and maintain a competitive advantage with respect to our approach to the development and commercialization of medicines. Our objective is to develop and commercialize new small molecule medicines with superior efficacy, convenience, tolerability and/or safety. We expect that any medicines that we commercialize with or without our collaborative partners will compete with existing or future market-leading medicines. Many of our current and potential competitors have substantially greater financial, technical and personnel resources than we have. In addition, many of these competitors have significantly greater commercial infrastructures than we have. Our ability to compete successfully will depend largely on our ability to leverage our experience in drug development and commercialization to: - develop medicines that are superior to other products in the market;- attract and retain qualified personnel;- obtain and enforce patent and/or other proprietary protection for our medicines and technologies;- conduct effective clinical trials and obtain required regulatory approvals;- develop and effectively implement commercialization strategies, with or without collaborative partners; and - successfully collaborate with pharmaceutical companies in the development and commercialization of new medicines. Pharmaceutical companies, including companies with which we collaborate, may invest heavily to quickly discover and develop or in-license novel compounds that could make our product or product candidate obsolete. Accordingly, other companies may succeed in obtaining patent protection, conducting clinical trials, receiving FDA or equivalent regulatory approval outside the US or discovering, developing and commercializing medicines before we do. Other companies are engaged in the discovery of medicines that would compete with the product candidate that we are developing or our existing product. Any new medicine that competes with a generic or proprietary market leading medicine must demonstrate compelling advantages in efficacy, convenience, tolerability and/or safety in order to overcome severe price competition and be commercially successful. For example, YUPELRI competes predominately with short acting nebulized bronchodilators that are dosed three to four times per day. Verona Pharma plc's ensifentrine, a selective inhaled dual inhibitor of PDE3 and PDE4, was launched in the US in June 2024 as a maintenance treatment for adults with COPD and Sanofi and Regeneron Pharmaceutical, Inc.'s IL-4/IL-13 monoclonal antibody (mAb) Dupixent (dupilumab) recently received approval in the US for COPD for maintenance treatment for patients with moderate-to-severe COPD, who are uncontrolled with current SOC triple therapy (LAMA + LABA + ICS) and have evidence of Type 2 inflammation and frequent exacerbation history. If successfully developed and approved, ampreloxetine would enter a market where generic droxidopa is currently the sole product approved for nOH patients and midodrine is approved for OH. If we are not able to compete effectively against our current and future competitors, our business will not grow, our financial condition and operations will suffer, and the price of our securities could fall.

We currently maintain a sales force in the US to support our co-promotion obligations for YUPELRI under our agreement with Viatris. The risks of fulfilling our US co-promotion obligations to Viatris include: - costs and expenses associated with maintaining an independent sales and marketing organization with appropriate technical expertise and supporting infrastructure, including third-party vendor logistics and consultant support, which costs and expenses could, depending on the scope and method of the marketing effort, exceed any product revenue;- our ability to retain effective sales and marketing personnel and medical science liaisons in the US;- the ability of our sales and marketing personnel to obtain access to, and educate adequate numbers of prescribers about prescribing YUPELRI, in appropriate clinical situations; and - the lack of complementary products to be offered by sales personnel, which may put us at a competitive disadvantage relative to companies with more extensive product lines. If we are not successful in maintaining a sales and marketing organization with appropriate experience, technical expertise, supporting infrastructure and the ability to obtain access to and educate adequate numbers of physicians about prescribing YUPELRI in appropriate clinical situations, we will have difficulty maintaining effective commercialization of YUPELRI in the hospital setting, which would adversely affect our business and financial results, and the condition and the price of our securities could fall.