We have risk management processes in place for identifying, assessing and mitigating cybersecurity and risks from potential unauthorized occurrences on or through our electronic information systems that could adversely affect the confidentiality, integrity, or availability of our information systems or the information residing on those systems. These include a wide variety of mechanisms, controls, technologies, methods, systems and other processes that are designed to detect, prevent or mitigate data loss, theft, misuse, unauthorized access, interference with operations, or other security incidents or vulnerabilities affecting the data. The data includes confidential, proprietary, and business and personal information that we collect, process, store, and transmit as part of our business, including on behalf of third parties. Cybersecurity concerns are an important consideration in our application development and the design of our infrastructure and operations technology. We also use systems and processes designed to reduce the impact of a security incident to our clients or their customers. Additionally, we use processes to oversee and identify material risks from cybersecurity threats associated with our use of third-party technology and systems, including: technology and systems that we use for encryption and authentication, employee email, communication to clients and their customers, operational support, and other functions.

Our corporate governance committee has oversight responsibility for risks and incidents relating to cybersecurity threats, including compliance with disclosure requirements, cooperation with law enforcement, and related effects on financial and other risks, and the committee is responsible to report any findings and recommendations, as appropriate, to the full board for consideration. Senior management regularly discusses cyber risks and trends and, should any issues arise, they review all material incidents with the corporate governance committee. Our corporate governance and audit committees discuss policies with respect to risk assessment and risk management, including risks associated with the reliability and security of the Company’s information technology and security systems, and the steps management has undertaken to monitor and control such exposures. Our board receives updates on the Company’s cybersecurity risk management programs from management.

Our business strategy, results of operations and financial condition have not been affected by risks from cybersecurity threats, however, we cannot provide assurance that they will not be materially affected in the future by such risks or any future material incidents. For more information on our cybersecurity related risks, see Item 1A Risk Factors under “Our solutions or products or our third-party cloud providers have experienced in the past, and could experience in the future, data security breaches, which could adversely impact our reputation, business, and ongoing operations”.