Priority Technology Holdings, Inc. 10-K Cybersecurity GRC - 2024-03-12

Page last updated on April 11, 2024

Priority Technology Holdings, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-12 08:31:33 EDT.

Filings

10-K filed on 2024-03-12

Priority Technology Holdings, Inc. filed an 10-K at 2024-03-12 08:31:33 EDT
Accession Number: 0001653558-24-000039

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C., Cybersecurity Risk Related to Our Capital Structure We face risks related to our substantial indebtedness. We have a substantial amount of indebtedness and may incur other debt in the future. Our level of debt and the covenants to which we agreed could have negative consequences on us, including, among other things, (i) requiring us to dedicate a large portion of our cash flow from operations to servicing and repayment of the debt (ii) limiting funds available for strategic initiatives and opportunities, working capital and other general corporate needs and (iii) limiting our ability to incur certain kinds or amounts of additional indebtedness, which could restrict our ability to react to changes in our business, our industry and economic conditions. Substantially all of our indebtedness is variable rate debt, primarily based on SOFR, which replaced LIBOR effective June 30, 2023. As a result of this variable rate debt, an increase in interest rates generally, such as those we have recently experienced, would adversely affect our profitability. We may enter into pay-fixed interest rate swaps or other derivative transactions to limit our exposure to changes in floating interest rates. Such instruments may result in economic losses should interest rates decline to a point lower than our fixed rate commitments. We would be exposed to credit-related losses, which could impact the results of operations in the event of fluctuations in the fair value of the interest rate swaps due to a change in the credit worthiness or non-performance by the counterparties to the interest rate swaps. The credit agreements governing our existing credit facilities and any other debt instruments we may issue in the future will contain restrictive covenants that may impair our ability to conduct business. The credit agreements governing our existing credit facilities contain operating covenants and financial covenants that may limit management’s discretion with respect to certain business matters. In addition, any debt instruments we may issue in the future will likely contain similar operating and financial covenants restricting our business. Among other things, these covenants will restrict our ability to: pay dividends, or redeem or purchase equity interests incur additional debt incur liens change the nature of our business engage in transactions with affiliates sell or otherwise dispose of assets make acquisitions or other investments and 25 Table of Contents merge or consolidate with other entities. In addition, the credit agreement governing our revolving credit facility contains a total net leverage ratio financial covenant that is applicable when 35% or more of the revolving credit facility is drawn at quarter end. A breach of any of these covenants (or any other covenant in the documents governing our Credit and Guaranty Agreement) could result in a default or event of default under our Credit and Guaranty Agreement. If an event of default occurred, the applicable lenders or agents could elect to terminate borrowing commitments and declare all borrowings and loans outstanding thereunder, together with accrued and unpaid interest and any fees and other obligations, to be immediately due and payable. In addition, or in the alternative, the applicable lenders or agents could exercise their rights under the security documents entered into in connection with our Credit and Guaranty Agreement. Any acceleration of amounts due under the Credit and Guaranty Agreement would likely have a material adverse effect on us. Because we have no current plans to pay cash dividends on our Common Stock for the foreseeable future, you may not receive any return on investment unless you sell your Common Stock for a price greater than that which you paid for it. We intend to retain future earnings, if any, for future operations, expansion, and debt repayment and have no current plans to pay any cash dividends for the foreseeable future. The declaration, amount, and payment of any future dividends on shares of Common Stock will be at the sole discretion of our Board of Directors. Our Board of Directors may take into account general and economic conditions, our financial condition, and results of operations, our available cash and current and anticipated cash needs, capital requirements, contractual, legal, tax, and regulatory restrictions, implications on the payment of dividends by us to our stockholders or by our subsidiaries to us, and such other factors as our Board of Directors may deem relevant. In addition, our ability to pay dividends is limited by covenants of our existing and outstanding indebtedness and may be limited by covenants of any future indebtedness we or our subsidiaries incur. As a result, you may not receive any return on an investment in our Common Stock unless you sell our Common Stock for a price greater than that which you paid for it. Mr. Thomas Priore, our President, Chief Executive Officer and Chairman, controls the Company, and his interests may conflict with ours or yours in the future. Thomas Priore and his affiliates have the ability to elect all of the members of our Board of Directors and thereby control our policies and operations, including the appointment of management, future issuances of our Common Stock or other securities, the payment of dividends, if any, on our Common Stock, the incurrence or modification of debt by us, amendments to our Amended and Restated Certificate of Incorporation and our Amended and Restated Bylaws, and the entering into of extraordinary transactions, and their interests may not in all cases be aligned with your interests. In addition, Thomas Priore may have an interest in pursuing acquisitions, divestitures, and other transactions that, in his judgment, could enhance his investment, even though such transactions might involve risks to you. For example, he could cause us to make acquisitions that increase our indebtedness or cause us to sell revenue-generating assets. Additionally, in certain circumstances, acquisitions of debt at a discount by purchasers that are related to a debtor can give rise to cancellation of indebtedness income to such debtor for U.S. federal income tax purposes. Our Amended and Restated Certificate of Incorporation provides that neither he nor any of his affiliates, or any director who is not employed by us (including any non-employee director who serves as one of our officers in both his director and officer capacities) will have any duty to refrain from engaging, directly or indirectly, in the same business activities or similar business activities or lines of business in which we operate. So long as Thomas Priore continues to own a significant amount of our combined voting power, even if such amount is less than 50%, he will continue to be able to strongly influence or effectively control our decisions. Furthermore, so long as Thomas Priore and his respective affiliates collectively own at least 50% of all outstanding shares of our Common Stock entitled to vote generally in the election of directors, they will be able to appoint individuals to our Board of Directors. In addition, given his level of control, Thomas Priore will be able to determine the outcome of all matters requiring stockholder approval and will be able to cause or prevent a change of control of the Company or a change in the composition of our Board of Directors and could preclude any unsolicited acquisition of the Company. The concentration of ownership could deprive you of an opportunity to receive a premium for your shares of Common Stock as part of a sale of the Company and ultimately might affect the market price of our Common Stock. 26 Table of Contents Item 1B. Unresolved Staff Comments N/A Item 1C. Cybersecurity Risk management and strategy We recognize the importance of maintaining the trust and confidence of the customers we serve, our business partners, employees and our stockholders and are committed to protecting the confidentiality, integrity and reliance of our business operations and systems. Effective data protection and cyber security practices, including responsible stewardship of our intellectual property and the secure processing, storage, maintenance and transmission of critical information by us and other third parties with whom we do business is vital to our operations. We have adopted policies and procedures with an intended design to identify, assess and manage risks associated with cybersecurity threats. We perform risk assessments periodically at both an enterprise level and system level in addition to assessments performed by third parties Our information security team performs threat monitoring services Our Internal Audit function performs annual reviews of selected systems and applications to test certain controls Independent consultants and auditors evaluate selected systems and applications on an annual basis We perform risk assessments of third-party vendors and perform ongoing risk-based monitoring of those third parties and We maintain a business continuity plan for execution in the event of a cybersecurity incident. We have not experienced any material cybersecurity incidents in the past calendar years and the expenses we have incurred from cybersecurity incidents during that time were immaterial. We have not identified risks from known cybersecurity threats that have materially affected us, including our operations, business strategy, results of operations or financial condition. Governance Our Board considers cybersecurity risk as part of its risk oversight function. The Board oversees the Company s overall risk framework including management s implementation of our cybersecurity risk management program. The Board receives reports from the Chief Risk Officer on a regular basis on cybersecurity and information technology risk management. Our Company s cybersecurity team, overseen by our Chief Information Security Officer ( CISO ) is responsible for assessing and managing our risks from cybersecurity threats, including defining our security policy and furnishing related information for Board reporting. The CISO approves all security policies and oversees the identification, assessment, and management of security risks. The CISO regularly reports to management s SOX Committee which may elevate cybersecurity issues to the Board at any time.
Item 1C. Cybersecurity Risk management and strategy We recognize the importance of maintaining the trust and confidence of the customers we serve, our business partners, employees and our stockholders and are committed to protecting the confidentiality, integrity and reliance of our business operations and systems. Effective data protection and cyber security practices, including responsible stewardship of our intellectual property and the secure processing, storage, maintenance and transmission of critical information by us and other third parties with whom we do business is vital to our operations. We have adopted policies and procedures with an intended design to identify, assess and manage risks associated with cybersecurity threats. We perform risk assessments periodically at both an enterprise level and system level in addition to assessments performed by third parties Our information security team performs threat monitoring services Our Internal Audit function performs annual reviews of selected systems and applications to test certain controls Independent consultants and auditors evaluate selected systems and applications on an annual basis We perform risk assessments of third-party vendors and perform ongoing risk-based monitoring of those third parties and We maintain a business continuity plan for execution in the event of a cybersecurity incident. We have not experienced any material cybersecurity incidents in the past calendar years and the expenses we have incurred from cybersecurity incidents during that time were immaterial. We have not identified risks from known cybersecurity threats that have materially affected us, including our operations, business strategy, results of operations or financial condition. Governance Our Board considers cybersecurity risk as part of its risk oversight function. The Board oversees the Company s overall risk framework including management s implementation of our cybersecurity risk management program. The Board receives reports from the Chief Risk Officer on a regular basis on cybersecurity and information technology risk management. Our Company s cybersecurity team, overseen by our Chief Information Security Officer ( CISO ) is responsible for assessing and managing our risks from cybersecurity threats, including defining our security policy and furnishing related information for Board reporting. The CISO approves all security policies and oversees the identification, assessment, and management of security risks. The CISO regularly reports to management s SOX Committee which may elevate cybersecurity issues to the Board at any time.

Company Information