Priority Technology Holdings, Inc. 10-K Cybersecurity GRC - 2025-03-06

Page last updated on March 6, 2025

Priority Technology Holdings, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-06 08:22:46 EST.

Filings

10-K filed on 2025-03-06

Priority Technology Holdings, Inc. filed a 10-K at 2025-03-06 08:22:46 EST
Accession Number: 0001653558-25-000039

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C., Cybersecurity Risk Related to Our Capital Structure We face risks related to our substantial indebtedness. We have a substantial amount of indebtedness and may incur other debt in the future. Our level of debt and the covenants to which we agreed could have negative consequences on us, including, among other things, (i) requiring us to dedicate a large portion of our cash flow from operations to servicing and repayment of the debt; (ii) limiting funds available for strategic initiatives and opportunities, working capital and other general corporate needs and (iii) limiting our ability to incur certain kinds or amounts of additional indebtedness, which could restrict our ability to react to changes in our business, our industry and economic conditions. Substantially all of our indebtedness is variable rate debt, primarily based on SOFR, which replaced LIBOR effective June 30, 2023. As a result of this variable rate debt, an increase in interest rates generally, such as those we have recently experienced, would adversely affect our profitability. We may enter into pay-fixed interest rate swaps or other derivative transactions to limit our exposure to changes in floating interest rates. Such instruments may result in economic losses should interest rates decline to a point lower than our fixed rate commitments. We would be exposed to credit-related losses, which could impact the results of operations in the event of fluctuations in the fair value of the interest rate swaps due to a change in the credit worthiness or non-performance by the counterparties to the interest rate swaps. The credit agreements governing our existing credit facilities and any other debt instruments we may issue in the future will contain restrictive covenants that may impair our ability to conduct business. The credit agreements governing our existing credit facilities contain operating covenants and financial covenants that may limit management’s discretion with respect to certain business matters. In addition, any debt instruments we may issue in the future will likely contain similar operating and financial covenants restricting our business. Among other things, these covenants will limit our ability to: - pay dividends, or redeem or purchase equity interests; - incur additional debt; - incur liens; - change the nature of our business; - engage in transactions with affiliates; - sell or otherwise dispose of assets; - make acquisitions or other investments; and - merge or consolidate with other entities. In addition, the credit agreement governing our revolving credit facility contains a total net leverage ratio financial covenant that is applicable when 35% or more of the revolving credit facility is drawn at quarter end. A breach of any of these covenants (or any other covenant in the documents governing our Credit and Guaranty Agreement) could result in a default or event of default under our Credit and Guaranty Agreement. If an event of default occurred, the applicable lenders or agents could elect to terminate borrowing commitments and declare all borrowings and loans outstanding thereunder, together with accrued and unpaid interest and any fees and other obligations, to be immediately due and payable. In addition, or in the alternative, the applicable lenders or agents could exercise their rights under the security documents entered into in connection with our Credit and Guaranty Agreement. Any acceleration of amounts due under the Credit and Guaranty Agreement would likely have a material adverse effect on us. Risks Related to Ownership of Our Stock Because we have no current plans to pay cash dividends on our Common Stock for the foreseeable future, you may not receive any return on investment unless you sell your Common Stock for a price greater than that which you paid for it. We intend to retain future earnings, if any, for future operations, expansion, and debt repayment and have no current plans to pay any cash dividends for the foreseeable future. The declaration, amount, and payment of any future dividends on shares of Common Stock will be at the sole discretion of our Board of Directors. Our Board of Directors may take into account general and economic conditions, our financial condition, and results of operations, our available cash and current and anticipated cash needs, capital requirements, contractual, legal, tax, and regulatory restrictions, implications on the payment of dividends by us to our shareholders or by our subsidiaries to us, and such other factors as our Board of Directors may deem relevant. In addition, our ability to pay dividends is limited by covenants of our existing and outstanding indebtedness and may be limited by covenants of any future indebtedness we or our subsidiaries incur. As a result, you may not receive any return on an investment in our Common Stock unless you sell our Common Stock for a price greater than that which you paid for it. Mr. Thomas Priore, our Chief Executive Officer and Chairman, controls the Company, and his interests may conflict with ours or yours in the future. Thomas Priore and his affiliates have the ability to elect all of the members of our Board of Directors and thereby control our policies and operations, including the appointment of management, future issuances of our Common Stock or other securities, the payment of dividends, if any, on our Common Stock, the incurrence or modification of debt by us, amendments to our Amended and Restated Certificate of Incorporation and our Amended and Restated Bylaws, and the entering into of extraordinary transactions, and their interests may not in all cases be aligned with your interests. In addition, Thomas Priore may have an interest in pursuing acquisitions, divestitures, and other transactions that, in his judgment, could enhance his investment, even though such transactions might involve risks to you. For example, he could cause us to make acquisitions that increase our indebtedness or cause us to sell revenue-generating assets. Additionally, in certain circumstances, acquisitions of debt at a discount by purchasers that are related to a debtor can give rise to cancellation of indebtedness income to such debtor for U.S. federal income tax purposes. Our Amended and Restated Certificate of Incorporation provides that neither he nor any of his affiliates, or any director who is not employed by us (including any non-employee director who serves as one of our officers in both his director and officer capacities) will have any duty to refrain from engaging, directly or indirectly, in the same business activities or similar business activities or lines of business in which we operate. So long as Thomas Priore continues to own a significant amount of our combined voting power, even if such amount is less than 50%, he will continue to be able to strongly influence or effectively control our decisions. Furthermore, so long as Thomas Priore and his respective affiliates collectively own at least 50% of all outstanding shares of our Common Stock entitled to vote generally in the election of directors, they will be able to appoint individuals to our Board of Directors. In addition, given his level of control, Thomas Priore will be able to determine the outcome of all matters requiring shareholders’ approval and will be able to cause or prevent a change of control of the Company or a change in the composition of our Board of Directors and could preclude any unsolicited acquisition of the Company. The concentration of ownership could deprive you of an opportunity to receive a premium for your shares of Common Stock as part of a sale of the Company and ultimately might affect the market price of our Common Stock. Future sales of common stock by our directors and officers, or their pledgees, as a result of foreclosure could adversely affect the price of common stock and could, in the future, result in a loss of control of our company. Upon the approval of our Board, our directors and officers may pledge shares of common stock as collateral for personal loans or investments in favor of third parties. Depending on the status of the various loan obligations for which the stock would ultimately serve as collateral and the trading price of our common stock, our directors and/or officers, and their affiliates, may experience foreclosure that could result in the sale of the pledged stock, in the open market or otherwise. Sales by these pledgees may not be subject to the volume limitations of Rule 144 of the Securities Act. Even in the absence of shares being sold, the act of pledging shares and the risk of sales of shares may create a misalignment of interests between insider pledgors and the Company’s shareholders, as the insider may be incentivized to take actions that limit his or her exposure to such sales. Either scenario could potentially subject the Company and its insiders to shareholder lawsuits, particularly in an environment of declining share prices. As of the date of this Form 10-K, no officer or director that has pledged shares of common stock. We have identified a material weakness in our internal control over financial reporting, and if our remediation of such material weakness is not effective, or if we fail to develop and maintain an effective system of disclosure controls and internal control over financial reporting, our ability to produce timely and accurate financial statements or comply with applicable laws and regulations could be impaired. In the course of preparing our financial statements for the year ended December 31, 2024, we identified a material weakness in our internal control over financial reporting. A material weakness is a deficiency, or combination of deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of the annual or interim financial statements will not be prevented or detected on a timely basis. The material weakness identified pertains to certain tools or applications involved in the transformation and ingestion of third-party processors’ data in the Company’s control environment. If we are unable to further implement and maintain effective internal control over financial reporting or disclosure controls and procedures, our ability to record, process and report financial information accurately, and to prepare financial statements within required time periods could be adversely affected, which could subject us to litigation or investigations requiring management resources and payment of legal and other expenses, negatively affect investor confidence in our financial statements and adversely impact our stock price. If we are unable to assert that our internal control over financial reporting is effective, or if our independent registered public accounting firm is unable to express an unqualified opinion as to the effectiveness of our internal control over financial reporting, investors may lose confidence in the accuracy and completeness of our financial reports, the market price of our common stock could be adversely affected and we could become subject to litigation or investigations by Nasdaq, the SEC or other regulatory authorities, which could require additional financial and management resources. Furthermore, we cannot assure you that the measures we have taken to date, and actions we may take in the future, will be sufficient to remediate the control deficiencies that led to our material weakness in our internal control over financial reporting or that they will prevent or avoid potential future material weaknesses. Our current controls and any new controls that we develop may become inadequate because of changes in conditions in our business. Further, weaknesses in our disclosure controls and internal control over financial reporting may be discovered in the future. Any failure to develop or maintain effective controls or any difficulties encountered in their implementation or improvement could harm our operating results or cause us to fail to meet our reporting obligations and may result in a restatement of our financial statements for prior periods. Any failure to implement and maintain effective internal control over financial reporting could adversely affect the results of periodic management evaluations and annual independent registered public accounting firm attestation reports regarding the effectiveness of our internal control over financial reporting that we are required to include in our periodic reports that are filed with the SEC. Ineffective disclosure controls and procedures and internal control over financial reporting could also cause investors to lose confidence in our reported financial and other information, which would likely have a negative effect on the trading price of our common stock. In addition, if we are unable to continue to meet these requirements, we may not be able to remain listed on the Nasdaq. Item 1B. Unresolved Staff Comments N/A Item 1C. Cybersecurity Risk Management and Strategy We recognize the importance of maintaining the trust and confidence of the customers we serve, our business partners, employees and our shareholders and are committed to protecting the confidentiality, integrity and reliance of our business operations and systems. Effective data protection and cyber security practices, including responsible stewardship of our intellectual property and the secure processing, storage, maintenance and transmission of critical information by us and other third parties with whom we do business is vital to our operations. We have adopted policies and procedures with an intended design to identify, assess and manage risks associated with cybersecurity threats. - We perform risk assessments periodically at both an enterprise level and system level in addition to assessments performed by third parties ; - Our information security team performs threat monitoring services; - Our Internal Audit function performs annual reviews of selected systems and applications to test certain controls; - Independent consultants evaluate selected systems and applications on an annual basis; - We perform risk assessments of third-party vendors and perform ongoing risk-based monitoring of those third parties ; and - We maintain a business continuity plan for execution in the event of a cybersecurity incident. We have not experienced any material cybersecurity incidents in the past calendar years and the expenses we have incurred from cybersecurity incidents during that time were immaterial. We have not identified risks from known cybersecurity threats that have materially affected us, including our operations, business strategy, results of operations or financial condition. Governance Our Board considers cybersecurity risk as part of its risk oversight function. The Board oversees the Company’s overall risk framework including management’s implementation of our cybersecurity risk management program. The Board receives reports from the Chief Risk Officer on a regular basis on cybersecurity and information technology risk management. Our Company’s cybersecurity team, overseen by our Chief Information Security Officer (“CISO”) is responsible for assessing and managing our risks from cybersecurity threats, including defining our security policy and furnishing related information for Board reporting. The CISO approves all security policies and oversees the identification, assessment, and management of security risks. The CISO regularly reports to management’s SOX Committee which may elevate cybersecurity issues to the Board at any time.
Item 1C. Cybersecurity Risk Management and Strategy We recognize the importance of maintaining the trust and confidence of the customers we serve, our business partners, employees and our shareholders and are committed to protecting the confidentiality, integrity and reliance of our business operations and systems. Effective data protection and cyber security practices, including responsible stewardship of our intellectual property and the secure processing, storage, maintenance and transmission of critical information by us and other third parties with whom we do business is vital to our operations. We have adopted policies and procedures with an intended design to identify, assess and manage risks associated with cybersecurity threats. - We perform risk assessments periodically at both an enterprise level and system level in addition to assessments performed by third parties ; - Our information security team performs threat monitoring services; - Our Internal Audit function performs annual reviews of selected systems and applications to test certain controls; - Independent consultants evaluate selected systems and applications on an annual basis; - We perform risk assessments of third-party vendors and perform ongoing risk-based monitoring of those third parties ; and - We maintain a business continuity plan for execution in the event of a cybersecurity incident. We have not experienced any material cybersecurity incidents in the past calendar years and the expenses we have incurred from cybersecurity incidents during that time were immaterial. We have not identified risks from known cybersecurity threats that have materially affected us, including our operations, business strategy, results of operations or financial condition. Governance Our Board considers cybersecurity risk as part of its risk oversight function. The Board oversees the Company’s overall risk framework including management’s implementation of our cybersecurity risk management program. The Board receives reports from the Chief Risk Officer on a regular basis on cybersecurity and information technology risk management. Our Company’s cybersecurity team, overseen by our Chief Information Security Officer (“CISO”) is responsible for assessing and managing our risks from cybersecurity threats, including defining our security policy and furnishing related information for Board reporting. The CISO approves all security policies and oversees the identification, assessment, and management of security risks. The CISO regularly reports to management’s SOX Committee which may elevate cybersecurity issues to the Board at any time.

Company Information