ITEM 1A. RISK FACTORS
The risks and uncertainties described below are not the only ones facing us. Other events that we do not currently anticipate or that we currently deem immaterial also may affect our business, financial condition, results of operations, cash flows, other key metrics and the trading price of our common stock.
Risk Factor Summary
Operational and Execution Risks
•Any breaches in our security measures or those of our third-party data center hosting facilities, cloud computing platform providers or third-party service partners, or the underlying infrastructure of the Internet that cause unauthorized access to a customer’s data, our data or our IT systems, or the blockage or disablement of authorized access to our services.
•Any defects or disruptions in our services that diminish demand for our services.
•Any interruptions or delays in services from third parties, including data center hosting facilities, cloud computing platform providers and other hardware and software vendors, or from our inability to adequately plan for and manage service interruptions or infrastructure capacity requirements.
•An inability to realize the expected business or financial benefits of company and technology acquisitions and investments.
•Strain on our personnel resources and infrastructure from supporting our existing and growing customer base or an inability to scale our operations and increase productivity.
•Customer attrition, or our inability to accurately predict subscription renewals and upgrade rates.
•Disruptions caused by periodic changes to our sales organization.
•Dependency of our services on the development and maintenance of the infrastructure of the Internet by third parties.
•Exposure to risks inherent in international operations from sales to customers outside the United States.
•A more time-consuming and expensive sales cycle, pricing pressure and implementation and configuration challenges as we target more of our sales efforts at larger enterprise customers.
•Any loss of key members of our management team or development and operations personnel, or inability to attract and retain employees necessary to support our operations and growth.
•Any failure in our delivery of high-quality professional and technical support services.
Strategic and Industry Risks
•An inability to compete effectively in the intensely competitive markets in which we participate.
•Any failure to expand our services and to develop and integrate our existing services in order to keep pace with technological developments.
•An inability to maintain and enhance our brands.
•Partial or complete loss of invested capital, or significant changes in the fair value, of our strategic investment portfolio.
•Any discontinuance by third-party developers and providers in embracing our technology delivery model and enterprise cloud computing services, or customers asking us for warranties for third-party applications, integrations, data and content.
•Social and ethical issues, including the use or capabilities of AI in our offerings.
•Risks related to our aspirations and disclosures related to ESG matters.
Legal and Regulatory Risks
•Privacy concerns and laws as well as evolving regulation of cloud computing, increased restriction of cross-border data transfers and other regulatory developments.
•Evolving or unfavorable industry-specific regulations, requirements, interpretive positions or standards.
•Lawsuits against us by third parties for various claims, including alleged infringement of proprietary rights.
•Any failure to obtain registration or protection of our intellectual property rights.
•Risks related to government contracts and related procurement regulations.
•Governmental sanctions and export and import controls that could impair our ability to compete in international markets and may subject us to liability.
Financial Risks
•Downturns or upturns in new business may not be immediately reflected in our operating results because we generally recognize revenue from subscriptions for our services over the term of the subscription.
•Significant fluctuations in our rate of anticipated growth and any failure to balance our expenses with our revenue forecasts.
•Unanticipated changes in our effective tax rate and additional tax liabilities and global tax developments.
•Fluctuations in currency exchange rates, particularly the U.S. Dollar versus local currencies.
•Our debt service obligations, lease commitments and other contractual obligations.
•Accounting pronouncements and changes in other financial and non-financial reporting standards.
Risks Related to Owning Our Common Stock
•Fluctuations in our quarterly results.
•Volatility in the market price of our common stock and associated litigation.
•Provisions in our certificate of incorporation and bylaws and Delaware law that might discourage, delay or prevent a change of control of the Company or changes in our management.
General Risks
•The effects of the COVID-19 pandemic and related public health measures on how we and our customers are operating our businesses.
•Volatile and significantly weakened global economic conditions.
•The occurrence of natural disasters and other events beyond our control.
•The long-term impact of climate change on our business.
Operational and Execution Risks
If our security measures or those of our third-party data center hosting facilities, cloud computing platform providers or third-party service partners, or the underlying infrastructure of the Internet are breached, and unauthorized access is obtained to a customer’s data, our data or our IT systems, or authorized access is blocked or disabled, our services may be perceived as not being secure, customers may curtail or stop using our services, and we may incur significant reputational harm, legal exposure and liabilities, or a negative financial impact.
Our services involve the storage and transmission of our customers’ and our customers’ customers’ proprietary and other sensitive data, including financial, health and other personal information. We can provide no assurances that our security measures designed to protect our customers’ and our customers’ customers’ data will be effective. Our services and underlying infrastructure may in the future be materially breached or compromised as a result of the following:
•third-party attempts to fraudulently induce our employees, partners or customers to disclose sensitive information such as user names, passwords or other information to gain access to our customers’ data or IT systems, or our data or our IT systems;
•efforts by individuals or groups of hackers and sophisticated organizations, such as state-sponsored organizations or nation-states, to launch coordinated attacks, including ransomware, destructive malware and distributed denial-of-service attacks;
•third-party attempts to abuse our marketing, advertising, messaging or social products and functionalities to impersonate persons or organizations and disseminate information that is false, misleading or malicious;
•cyberattacks on our internally built infrastructure on which many of our service offerings operate, or on third-party cloud-computing platform providers;
•vulnerabilities resulting from enhancements and updates to our existing service offerings;
•vulnerabilities in the products or components across the broad ecosystem that our services operate in conjunction with and are dependent on;
•vulnerabilities existing within new technologies and infrastructures, including those from acquired companies;
•attacks on, or vulnerabilities in, the many different underlying networks and services that power the Internet that our products depend on, most of which are not under our control or the control of our vendors, partners or customers; and
•employee or contractor errors or intentional acts that compromise our security systems.
These risks are mitigated, to the extent possible, by our ability to maintain and improve business and data governance policies, enhanced processes and internal security controls, including our ability to escalate and respond to known and potential risks. Our Board of Directors, Cybersecurity and Privacy Committee and executive management are regularly briefed on our cybersecurity policies and practices and ongoing efforts to improve security, as well as updates on cybersecurity events. We can provide no assurances that our implemented systems and processes designed to protect our customers’ and our customers’ customers’ proprietary and other sensitive data will provide absolute security or otherwise be effective or that a material breach will not occur. For example, our ability to mitigate these risks may be impacted by the following:
•frequent changes to, and growth in complexity of, the techniques used to breach, obtain unauthorized access to, or sabotage IT systems and infrastructure, which are generally not recognized until launched against a target, and could result in our being unable to anticipate or implement adequate measures to prevent such techniques;
•the continued evolution of our internal IT systems as we early adopt new technologies and new ways of sharing data and communicating internally and with partners and customers, which increases the complexity of our IT systems;
•the acquisition of new companies, requiring us to incorporate and secure different or more complex IT environments;
•authorization by our customers to third-party technology providers to access their customer data, which may lead to our customers’ inability to protect their data that is stored on our servers; and
•our limited control over our customers or third-party technology providers, or the processing of data by third-party technology providers, which may not allow us to maintain the integrity or security of such transmissions or processing.
In the normal course of business, we are and have been the target of malicious cyberattack attempts and have experienced other security incidents. Although, to date, such identified security events have not been material or significant to us, including to our reputation or business operations, or had a material financial impact, there can be no assurance that future cyberattacks will not be material or significant. Additionally, as our market presence grows, we may face increased risks of cyberattack attempts or security threats.
A security breach or incident could result in unauthorized parties obtaining access to, or the denial of authorized access to, our IT systems or data, or our customers’ systems or data, including intellectual property and proprietary, sensitive or other confidential information. A security breach could also result in a loss of confidence in the security of our services, damage our reputation, negatively impact our future sales, disrupt our business and lead to increases in insurance premiums and legal, regulatory and financial exposure and liability. Finally, the detection, prevention and remediation of known or potential security vulnerabilities, including those arising from third-party hardware or software, may result in additional financial burdens due to additional direct and indirect costs, such as additional infrastructure capacity spending to mitigate any system degradation and the reallocation of resources from development activities.
For example, in April 2022, we learned a threat actor had obtained unauthorized access to several databases on Heroku, a Salesforce platform-as-a-service. The threat actor downloaded stored customer security credentials and passwords for logging into GitHub, a third-party code hosting service used by both Heroku and Heroku customers. The threat actor also was able to download passwords for a subset of customer user accounts and access the encryption key. While we do not believe this incident materially affected our business or financial results, there is no assurance that such circumstances or other similar incidents in the future could not result in a material adverse effect on our business.
Defects or disruptions in our services could diminish demand for our services and subject us to substantial liability.
Because our services are complex and incorporate a variety of hardware, proprietary software, third-party and open-source software, our services may have errors or defects that could result in unanticipated downtime for our subscribers and harm to
our reputation and our business. Our customers may also use our services in unanticipated ways that may cause a disruption in services for other customers attempting to access their data. Cloud services frequently contain undetected errors when first introduced or when new versions or enhancements are released. We may also encounter difficulties integrating acquired technologies into our services and in augmenting the technologies to meet the quality standards that are consistent with our brand and reputation. As a result, our services may have errors or defects resulting from the complexities of integrating acquisitions.
We have from time to time found defects in, and experienced disruptions to, our services and new defects or disruptions may occur in the future. Such defects could be the result of employee, contractor or other third-party acts or inaction, and could negatively affect our brand and reputation. We have experienced and may in the future experience defects in our products that created vulnerabilities that inadvertently permitted access to protected customer data. For example, in December 2021, a vulnerability in a widely-used open-source software application, known as Apache Log4j, was identified that could have allowed bad actors to remotely access a target, potentially stealing data or taking control of a target’s system. While this issue did not materially affect our business, reputation or financial results, there is no assurance that such circumstances or other incidents could not occur in the future that have a material adverse effect on our business or subject us to substantial liability. Vulnerabilities in open source or any proprietary or third-party product can persist even after security patches have been issued if customers have not installed the most recent updates, or if the attackers exploited the vulnerabilities before patching was complete. In some cases, vulnerabilities may not be immediately detected, which may make it difficult to recover critical services and lead to damaged assets.
Since our customers use our services for important aspects of their business, any errors, defects, disruptions in service or other performance problems could hurt our reputation and may damage our customers’ businesses. As a result, customers could elect to not renew our services or delay or withhold payment to us. We could also lose future sales or customers may make warranty or other claims against us, which could result in an increase in our allowance for doubtful accounts, an increase in collection cycles for accounts receivable or the expense and risk of litigation.
Any interruptions or delays in services from third parties, including data center hosting facilities, cloud computing platform providers and other hardware and software vendors, or from our inability to adequately plan for and manage service interruptions or infrastructure capacity requirements, could impair the delivery of our services and harm our business.
We currently serve our customers from third-party data center hosting facilities and cloud computing platform providers located in the United States and other countries. We also rely on computer hardware purchased or leased from, software licensed from, and cloud computing platforms provided by, third parties in order to offer our services, including database software, hardware and data from a variety of vendors. Any disruption or damage to, or failure of our systems generally, including the systems of our third-party platform providers, could result in interruptions in our services and harm our business. We have from time to time experienced interruptions in our services and such interruptions may occur in the future. The COVID-19 pandemic disrupted and continues to disrupt the supply chain of hardware needed to maintain these third-party systems or to run our business, which affects our and our suppliers’ operations. In addition, supply chain disruptions due to geopolitical developments in Europe and indirect effects have further complicated existing supply chain constraints. As we increase our reliance on these third-party systems, particularly with respect to third-party cloud computing platforms, our exposure to damage from service interruptions may increase. Interruptions in our services may cause us to issue credits or pay penalties, cause customers to make warranty or other claims against us or to terminate their subscriptions, and adversely affect our attrition rates and our ability to attract new customers, all of which would reduce our revenue. Our business and reputation would also be harmed if our customers and potential customers believe our services are unreliable.
For many of our offerings, our production environment and customers’ data are replicated in near real time in a separate facility located elsewhere. Certain offerings, including some offerings of companies added through acquisitions, may be served through alternate facilities or arrangements. We do not control the operation of any of these facilities, and they may be vulnerable to damage or interruption from earthquakes, floods, fires, power loss, telecommunications failures and similar events. They may also be subject to break-ins, sabotage, intentional acts of destruction or vandalism or similar misconduct, as well as local administrative actions (including shelter-in-place or similar orders), changes to legal or permitting requirements and litigation to stop, limit or delay operation. In addition, supply chain disruptions due to geopolitical developments in Europe may also lead to power disruptions in regions where our facilities are located. Despite precautions taken at these facilities, such as disaster recovery and business continuity arrangements, the occurrence of any of the foregoing events or risks, or a natural disaster or public health emergency, an act of terrorism, a decision to close the facilities without adequate notice or other unanticipated problems or operational failures at these facilities could result in lengthy interruptions in our services, and no assurance can be provided that any such interruptions would be remediated without significant cost or in a timely manner or at all.
The hardware, software, data and cloud computing platforms that we rely on may not continue to be available at reasonable prices, on commercially reasonable terms or at all. Any loss of the right to use any of these hardware, software, data or cloud computing platforms could significantly increase our expenses and disrupt or otherwise result in delays in the
provisioning of our services until equivalent technology is either developed by us, or, if available, is identified, obtained through purchase or license and integrated into our services, and no assurance can be provided that such equivalent technology would be developed or obtained in a timely manner or at all.
If we do not accurately plan for our infrastructure capacity requirements and we experience significant strains on our data center capacity, our customers could experience performance degradation or service outages that may subject us to financial liabilities, result in customer losses and harm our reputation and business. As we add data centers and capacity and continue to move to cloud computing platform providers, we move or transfer our data and our customers’ data from time to time. Despite precautions taken during this process, any unsuccessful data transfers may impair the delivery of our services, which may damage our business.
As we acquire and invest in companies or technologies, we may not realize the expected business or financial benefits and the acquisitions could prove difficult to integrate, disrupt our business, dilute stockholder value and adversely affect our operating results and the market value of our common stock.
As part of our business strategy, we periodically make investments in, or acquisitions of, complementary businesses, joint ventures, services and technologies and intellectual property rights. We continue to evaluate such opportunities and expect to continue to make such investments and acquisitions in the future.
Acquisitions and other transactions, arrangements and investments involve numerous risks and could create unforeseen operating difficulties and expenditures, including:
•potential failure to achieve the expected benefits on a timely basis or at all;
•potential identified or unknown security vulnerabilities in acquired products that expose us to additional security risks or delay our ability to integrate the product into our service offerings;
•difficulties in increasing or maintaining the security standards for acquired technology consistent with our other services, and related costs;
•difficulty of transitioning the acquired technology onto our existing platforms and customer acceptance of multiple platforms on a temporary or permanent basis;
•augmenting the acquired technologies and platforms to the levels that are consistent with our brand and reputation;
•brand or reputational harm associated with our investments or acquired companies;
•challenges converting the acquired company’s revenue recognition policies and forecasting the related revenues, including subscription-based revenues and software license revenue, as well as appropriate allocation of the customer consideration to the individual deliverables;
•division of financial and managerial resources from existing operations;
•challenges entering into new markets in which we have little or no experience or where competitors may have stronger market positions;
•currency and regulatory risks associated with foreign countries and potential additional cybersecurity and compliance risks resulting from entry into new markets;
•difficulties and strain on resources in integrating acquired operations, technologies, services, platforms and personnel;
•regulatory challenges from antitrust or other regulatory authorities that may block, delay or impose conditions (such as divestitures, ownership or operational restrictions or other structural or behavioral remedies) on the completion of transactions or the integration of acquired operations;
•failure to fully assimilate, integrate or retrain acquired employees, which may lead to retention risk with respect to both key acquired employees and our existing key employees or disruption to existing teams;
•differences between our values and those of our acquired companies, as well as disruptions to our workplace culture;
•inability to generate sufficient revenue to offset acquisition or investment costs;
•challenges with the acquired company’s customers and partners, including the inability to maintain such relationships and changes to perception of the acquired business as a result of the acquisition;
•challenges with the acquired company’s third-party service providers, including those that are required for ongoing access to third-party data;
•potential for acquired products to impact the profitability of existing products;
•unanticipated expenses related to acquired technology and its integration into our existing technology;
•known and potential unknown liabilities associated with the acquired businesses, including due to litigation;
•difficulties in managing, or potential write-offs of, acquired assets or investments, and potential financial and credit risks associated with acquired customers;
•negative impact to our results of operations because of the depreciation and amortization of acquired intangible assets, fixed assets and operating lease right-of-use assets;
•the loss of acquired unearned revenue and unbilled unearned revenue;
•challenges relating to the structure of an investment, such as governance, accountability and decision-making conflicts that may arise in the context of a joint venture or other majority ownership investments;
•difficulties in and financial costs of addressing acquired compensation structures inconsistent with our compensation structure;
•additional stock-based compensation issued or assumed in connection with the acquisition, including the impact on stockholder dilution and our results of operations;
•delays in customer purchases due to uncertainty related to any acquisition;
•ineffective or inadequate controls, procedures and policies at the acquired company;
•in the case of foreign acquisitions, challenges caused by integrating operations over distance, and across different languages, cultures and political environments; and
•the tax effects of any such acquisitions including related integration and business operation changes, and assessment of the impact on the realizability of our future tax assets or liabilities.
Any of these risks could harm our business or negatively impact our results of operations. In addition, to facilitate acquisitions or investments, we may seek additional equity or debt financing, which may not be available on terms favorable to us or at all, which may affect our ability to complete subsequent acquisitions or investments, and which may affect the risks of owning our common stock. For example, if we finance acquisitions by issuing equity or convertible or other debt securities or loans, our existing stockholders may be diluted, or we could face constraints related to the terms of, and repayment obligation related to, the incurrence of indebtedness that could affect the market price of our common stock.
Our ability to acquire other businesses or technologies, make investments or integrate acquired businesses effectively may be impaired by trade tensions and increased global scrutiny of foreign investments and acquisitions and investments in the technology sector. For example, several countries, including the United States and countries in Europe and the Asia-Pacific region, are considering or have adopted restrictions of varying kinds of transactions involving foreign investments and acquisitions. Antitrust authorities in a number of countries have also reviewed acquisitions and investments in the technology industry with increased scrutiny. Governments may continue to adopt or tighten restrictions of this nature, some of which may apply to acquisitions, investments or integrations of businesses by us, and such restrictions or government actions could negatively impact our business and financial results.
Supporting our existing and growing customer base could strain our personnel resources and infrastructure, and if we are unable to scale our operations and increase productivity, we may not be able to successfully implement our business plan.
We continue to experience significant growth in our customer base, including through acquisitions, which has placed a strain on and in the future may stress the capabilities of our management, administrative, operational and financial infrastructure. We anticipate that significant additional investments, including in human capital software, will be required to scale our operations and increase productivity, to address the needs of our customers, to further develop and enhance our services, to expand into new geographic areas, and to scale with our overall growth. The additional investments we are making will increase our cost base, which will make it more difficult for us to offset any future revenue shortfalls by reducing expenses in the short term. We may not be able to make these investments as quickly or effectively as necessary to successfully scale our operations.
We regularly upgrade or replace our various software systems and processes. If the implementations of these new applications are delayed, or if we encounter unforeseen problems with our new systems and processes or in migrating away from our existing systems and processes, our operations and our ability to manage our business could be negatively impacted. For example, our efforts to further automate our processes for customer contracts may be complicated by unanticipated operating difficulties.
Our success will depend in part upon the ability of our senior management to manage our projected growth effectively. To do so, we must continue to increase the productivity of our existing employees and to hire, train and manage new employees as needed. Additionally, changes in our work environment and workforce in the wake of the COVID-19 pandemic could adversely affect our operations. In particular, we have offered a significant percentage of our employees the flexibility in the amount of time they work in an office. Our new office model and any adjustments made to our current and future office environments or work-from-home policies, including changes from the Restructuring Plan, may not meet the needs and expectations of our workforce, which could negatively impact our ability to increase productivity of our existing workforce and to attract and retain our employees. To manage the expected domestic and international growth of our operations and personnel, we will need to continue to improve our operational, financial and management controls, our reporting systems and procedures, and our
utilization of real estate. If we fail to successfully scale our operations and increase productivity, we may be unable to execute our business plan and the value of our common stock could decline.
If our customers do not renew their subscriptions for our services or if they reduce the number of paying subscriptions at the time of renewal, our revenue and current remaining performance obligation could decline and our business may suffer. If we cannot accurately predict subscription renewals or upgrade rates, we may not meet our revenue targets, which may adversely affect the market price of our common stock.
Our customers have no obligation to renew their subscriptions for our services after the expiration of their contractual subscription period, which is typically 12 to 36 months, and in the normal course of business, some customers have elected not to renew. In addition, our customers may renew for fewer subscriptions, renew for shorter contract lengths or switch to lower cost offerings of our services, particularly in times of general economic uncertainty. It is difficult to predict attrition rates given our varied customer base and the number of multi-year subscription contracts. Historically, our subscription and support revenues primarily consisted of subscription fees; however, with the acquisitions of MuleSoft and Tableau, subscription and support revenues also now include term software license sales. We have less experience forecasting the renewal rates of such term software license sales. Our attrition rates may increase or fluctuate as a result of various factors, including customer dissatisfaction with our services, customers’ spending levels, mix of customer base, decreases in the number of users at our customers, competition, pricing increases or changes and deteriorating general economic conditions.
Our future success also depends in part on our ability to sell additional features and services, more subscriptions or enhanced editions of our services to our current customers. This may also require increasingly sophisticated and costly sales efforts that are targeted at senior management. Similarly, the rate at which our customers purchase new or enhanced services depends on a number of factors, including general economic conditions and customer receptiveness to any price changes related to these additional features and services.
If customers do not renew their subscriptions, do not purchase additional features or enhanced subscriptions or if attrition rates increase, we may not meet our revenue targets and our business could be harmed, which may adversely affect the market price of our common stock.
Periodic changes to our sales organization can be disruptive and may reduce our rate of growth.
We periodically change and make adjustments to our sales organization in response to market opportunities, competitive threats, management changes, product introductions or enhancements, acquisitions, sales performance, increases in sales headcount, cost levels and other internal and external considerations. Such sales organization changes have in some periods resulted in, and may in the future result in, a reduction of productivity, which could negatively impact our rate of growth in the current and future quarters and operating results, including revenue. For example, the Restructuring Plan involved such changes to our sales organization, which could negatively impact our productivity, growth rate and operating results, which may adversely affect the market price of our common stock. In addition, any significant change to the way we structure our compensation of our sales organization may be disruptive and may affect our revenue growth.
Our ability to deliver our services is dependent on the development and maintenance of the infrastructure of the Internet by third parties.
The Internet’s infrastructure comprises many different networks and services that are highly fragmented and distributed by design. This infrastructure is run by a series of independent third-party organizations that work together to provide the infrastructure and supporting services of the Internet under the governance of the Internet Corporation for Assigned Numbers and Names (“ICANN”) and the Internet Assigned Numbers Authority, now under the stewardship of ICANN.
The Internet has experienced a variety of outages and other delays as a result of damages to portions of its infrastructure, denial-of-service attacks or related cyber incidents, and it could face outages and delays in the future, potentially reducing the availability of the Internet to us or our customers for delivery of our Internet-based services. Any resulting interruptions in our services or the ability of our customers to access our services could result in a loss of potential or existing customers and harm our business.
In addition, certain countries have implemented, or may implement, legislative and technological actions that either do or can effectively regulate access to the Internet, including the ability of Internet service providers to limit access to specific websites or content. Other countries have attempted, are attempting or may attempt to change or limit the legal protections available to businesses that depend on the Internet for the delivery of their services. These actions could potentially limit or interrupt access to our services from certain countries or Internet service providers, increase our risk or add liabilities, impede our growth, productivity and operational effectiveness, result in the loss of potential or existing customers and harm our business.
Sales to customers outside the United States expose us to risks inherent in international operations.
We sell our services throughout the world and are subject to risks and challenges associated with international business. We intend to seek to continue to expand our international sales efforts. The risks and challenges associated with sales to customers outside the United States or those that can affect international operations generally, include:
•regional economic and political conditions, natural disasters, acts of war, terrorism and actual or threatened public health emergencies;
•localization of our services, including translation into foreign languages and associated expenses;
•regulatory frameworks or business practices favoring local competitors;
•pressure on the creditworthiness of sovereign nations, where we have customers and a balance of our cash, cash equivalents and marketable securities;
•foreign currency fluctuations and controls, which may make our services more expensive for international customers and could add volatility to our operating results;
•compliance with multiple, conflicting, ambiguous or evolving governmental laws and regulations, including employment, tax, privacy, anti-corruption, import/export, customs, anti-boycott, sanctions and embargoes, antitrust, data transfer, storage and protection and industry-specific laws and regulations, including rules related to compliance by our third-party resellers and our ability to identify and respond timely to compliance issues when they occur;
•liquidity issues or political actions by sovereign nations, including nations with a controlled currency environment, which could result in decreased values of these balances or potential difficulties protecting our foreign assets or satisfying local obligations;
•vetting and monitoring our third-party resellers in new and evolving markets to confirm they maintain standards consistent with our brand and reputation;
•treatment of revenue from international sources, evolving domestic and international tax environments, and changes to tax codes, including being subject to foreign tax laws and being liable for paying withholding taxes in foreign jurisdictions;
•impacts of or uncertainties regarding the United Kingdom’s exit from the European Union (“EU”) on regulations, currencies, taxes and operations, including possible disruptions to the sale of our services or the movement of our people between the United Kingdom, EU and other locations;
•uncertainty regarding the imposition of and changes in the United States’ and other governments’ trade regulations, trade wars, tariffs, other restrictions or other geopolitical events, including the evolving relations between the United States and China, the United States and Russia and conflict in Europe;
•changes in the public perception of governments in the regions where we operate or plan to operate;
•regional data privacy laws and other regulatory requirements that apply to outsourced service providers and to the transmission of our customers’ data across international borders, which grow more complex as we scale, expand into new markets and enhance the breadth of our service offerings;
•different pricing environments;
•difficulties in staffing and managing foreign operations;
•different or lesser protection of our intellectual property, including increased risk of theft of our proprietary technology and other intellectual property, and more prevalent cybersecurity risks, particularly in jurisdictions in which we have historically chosen not to operate; and
•longer accounts receivable payment cycles and other collection difficulties.
Any of these factors could negatively impact our business and results of operations. The above factors may also negatively impact our ability to successfully expand into emerging market countries, where we have little or no operating experience, where it can be costly and challenging to establish and maintain operations, including hiring and managing required personnel, and difficult to promote our brand, and where we may not benefit from any first-to-market advantage or otherwise succeed.
As more of our sales efforts are targeted at larger enterprise customers, our sales cycle may become more time-consuming and expensive, we may encounter pricing pressure and implementation and configuration challenges, and we may have to delay revenue recognition for some complex transactions, all of which could harm our business and operating results.
As we target more of our sales efforts at larger enterprise customers, including governmental entities, and specific industries, such as financial services and healthcare and life sciences, we may face greater costs, longer sales cycles, greater competition and less predictability in completing some of our sales. In these market segments, the customer’s decision to use our services is often an enterprise-wide decision and, if so, may require us to provide greater levels of education regarding the use and benefits of our services, as well as addressing concerns regarding privacy and data protection laws and regulations of prospective customers with international operations or whose own customers operate internationally.
In addition, larger customers and governmental entities often demand more configuration, integration services and features. As a result of these factors, these sales opportunities often require us to devote greater sales support and professional
services resources to individual customers, driving up costs and time required to complete sales and diverting our own sales and professional services resources to a smaller number of larger transactions, while potentially requiring us to delay revenue recognition on some of these transactions until the technical or implementation requirements have been met.
Pricing and packaging strategies for enterprise and other customers for subscriptions to our existing and future service offerings may not be widely accepted by other new or existing customers. Our adoption of such new pricing and packaging strategies may harm our business.
For large enterprise customers, professional services are often performed by us, a third party, or a combination of our own staff and a third party. Our strategy is to work with third parties to increase the breadth of capability and depth of capacity for delivery of these services to our customers. If a customer is not satisfied with the quality of work performed by us or a third party or with the type of services or solutions delivered, we could incur additional costs to address the situation, the profitability of that work might be impaired, and the customer’s dissatisfaction with our services could damage our ability to obtain additional work from that customer. In addition, negative publicity related to our customer relationships, regardless of its accuracy, may further damage our business by affecting our ability to compete for new business with current or prospective customers.
We may lose key members of our management team or development and operations personnel, and may be unable to attract and retain employees we need to support our operations and growth.
Our success depends substantially upon the continued services of our executive officers and other key members of management, particularly our chief executive officer. From time to time, there may be changes in our management team resulting from the hiring, departure or realignment of executives. For example, in January 2023, Bret Taylor, our former co-CEO and Vice Chair of our board of directors, resigned from these positions with our company. Such changes may be disruptive to our business. We are also substantially dependent on the continued service of our existing development and operations personnel because of the complexity of our services and technologies. Our executive officers, key management, development or operations personnel could terminate their employment with us at any time. Effective succession planning for management is important to our long-term success. If we do not develop adequate succession planning for our key personnel, the loss of one or more of our key employees or groups of employees could seriously harm our business.
The technology industry is subject to substantial and continuous competition for engineers with high levels of experience in designing, developing and managing software and Internet-related services, as well as competition for sales executives, data scientists and operations personnel. We have experienced, and currently experience, challenges with significant competition in talent recruitment and retention, and may not in the future be successful in recruiting or retaining talent or achieving the workforce diversity goals we have set publicly. We have from time to time experienced, and we expect to continue to experience, difficulty in hiring, developing, integrating and retaining highly skilled employees with appropriate qualifications. These difficulties may be amplified by evolving restrictions on immigration, travel, or availability of visas for skilled technology workers. If we fail to attract new personnel or fail to retain and motivate our current personnel, our business and future growth prospects could be severely harmed.
In January 2023, we announced the Restructuring Plan, which is intended to reduce operating costs, improve operating margins and continue advancing our ongoing commitment to profitable growth. The Restructuring Plan includes a reduction of our workforce and select real estate exits and office space reductions within certain markets. The actions associated with the employee restructuring under the Restructuring Plan are expected to be substantially complete by the end of fiscal 2024, subject to local law and consultation requirements. This Restructuring Plan, or any similar actions taken in the future, could negatively impact our ability to attract, integrate, retain and motivate key employees.
In addition, we believe in the importance of our corporate culture, which fosters dialogue, collaboration, recognition, equality and a sense of family. As our organization has grown and expanded globally, and as our workplace plans have developed, including, for example, the Restructuring Plan, we have in the past and may in the future find it increasingly difficult to maintain the beneficial aspects of our corporate culture globally, including managing the complexities of communicating with all employees. Our inability to maintain our corporate culture could negatively impact our ability to attract and retain employees, harm our reputation with customers, or negatively impact our future growth.
Any failure in our delivery of high-quality professional and technical support services may adversely affect our relationships with our customers and our financial results.
Our customers depend on our support organization to resolve technical issues relating to our applications. We may be unable to respond quickly enough to accommodate short-term increases in customer demand for support services across our varying and diverse offerings. Outsourced provision of technical support may be suddenly and adversely impacted by unforeseen events, for example, as occurred when certain business process outsourced service providers were delayed in effectively servicing our customers due to conditions related to the COVID-19 pandemic. Increased customer demand for these services, without corresponding revenues, could increase costs and adversely affect our operating results. In addition, our sales process is highly dependent on our applications and business reputation and on positive recommendations from our existing
customers. Any failure to maintain high-quality technical support, or a market perception that we do not maintain high-quality support, could adversely affect our reputation, our ability to sell our service offerings to existing and prospective customers, and our business, operating results and financial position.
Strategic and Industry Risks
The markets in which we participate are intensely competitive, and if we do not compete effectively, our operating results could be harmed.
The market for enterprise applications and platform services is highly competitive, rapidly evolving, fragmented and subject to changing technology, low barriers to entry, shifting customer needs and frequent introductions of new products and services. Many prospective customers have invested substantial personnel and financial resources to implement and integrate their current enterprise software into their businesses and therefore may be reluctant or unwilling to migrate away from their current solution to an enterprise cloud computing application service. Additionally, third-party developers may be reluctant to build application services on our platform since they have invested in other competing technology platforms.
Our current competitors include:
•internally developed enterprise applications by our potential customers’ IT departments;
•vendors of packaged business software, as well as companies offering enterprise apps delivered through on-premises offerings from enterprise software application vendors and cloud computing application service providers, either individually or with others;
•software companies that provide their product or service free of charge as a single product or when bundled with other offerings, or only charge a premium for advanced features and functionality, as well as companies that offer solutions that are sold without a direct sales organization;
•vendors who offer software tailored to specific services as opposed to our full suite of service offerings, including suppliers of traditional business intelligence and data preparation products, integration software vendors, marketing vendors or e-commerce solutions vendors;
•productivity tool and email providers, unified communications providers and consumer application companies that have entered the business software market; and
•traditional platform development environment companies and cloud computing development platform companies who may develop toolsets and products that allow customers to build new apps that run on the customers’ current infrastructure or as hosted services.
In addition, we may face more competition as we expand our product offerings. Some of our current and potential competitors may have competitive advantages, such as greater name recognition, longer operating histories, more significant installed bases, broader geographic scope, broader suites of service offerings and larger marketing budgets, as well as substantially greater financial, technical, personnel and other resources. In addition, many of our current and potential competitors have established marketing relationships and access to larger customer bases, and have major distribution agreements with consultants, system integrators and resellers. We also experience competition from smaller, younger competitors that may be more agile in responding to customers’ demands and offer more targeted and simplified solutions. These competitors may be able to respond more quickly and effectively than we can to new or changing opportunities, technologies, standards or customer requirements, or provide competitive pricing, more flexible contracts or faster implementations. As a result, even if our services are more effective than the products and services that our competitors offer, potential customers might select competitive products and services in lieu of purchasing our services. For all of these reasons, we may not be able to compete successfully against our current and future competitors, which could negatively impact our future sales and harm our business.
Our efforts to expand our service offerings and to develop and integrate our existing services in order to keep pace with technological developments may not succeed and may reduce our revenue growth rate and harm our business.
We derive a significant portion of our revenue from subscriptions to our CRM enterprise cloud computing application services, and we expect this will continue for the foreseeable future. Our efforts to expand our current service offerings may not succeed and may reduce our revenue growth rate. In addition, the markets for certain of our offerings remain relatively new and it is uncertain whether our efforts, and related investments, will ever result in significant revenue for us. Further, the introduction of significant platform changes and upgrades may not result in long term revenue growth.
In July 2021, we completed our acquisition of Slack, our largest acquisition to date. Slack is a relatively new category of business technology in a rapidly evolving market for software, programs and tools used by knowledge workers. We may not succeed in enhancing and improving the features, integrations and capabilities of Slack, or effectively introduce compelling new features, integrations and capabilities that reflect or anticipate the changing nature of the market which may result in an inability to attract new users and organizations and increase revenue from existing paid customers.
If we are unable to develop enhancements to, and new features for, our existing or new services that keep pace with rapid technological developments, our business could be harmed. For example, we may be required to continuously enhance our AI offerings to improve the quality of recommendations provided to our customers. The success of enhancements, new features and services depends on several factors, including the timely completion, introduction and market acceptance of the feature, service or enhancement by customers, administrators and developers, as well as our ability to integrate all of our product and service offerings and develop adequate selling capabilities in new markets. Failure in this regard may significantly impair our revenue growth as well as negatively impact our operating results if the additional costs are not offset by additional revenues. In addition, because our services are designed to operate over various network technologies and on a variety of mobile devices, operating systems and computer hardware and software platforms using a standard browser, we will need to continuously modify and enhance our services to keep pace with changes in Internet-related hardware, software, communication, browser, app development platform and database technologies, as well as continue to maintain and support our services on legacy systems. We may not be successful in either developing these modifications and enhancements or in bringing them to market timely.
Additionally, if we fail to anticipate or identify significant Internet-related and other technology trends and developments early enough, particularly in the AI space, or if we do not devote appropriate resources to adapting to such trends and developments, our business could be harmed. Uncertainties about the timing and nature of new network platforms or technologies, modifications to existing platforms or technologies, including text messaging capabilities, or changes in customer usage patterns thereof could increase our research and development or service delivery expenses or lead to our increased reliance on certain vendors. Any failure of our services to operate effectively with future network platforms and technologies could reduce the demand for our services, result in customer dissatisfaction and harm our business.
Our continued success depends on our ability to maintain and enhance our brands.
We believe that the brand identities we have developed, including associations with trust, customer success, innovation, performance and equality and sustainability have significantly contributed to the success of our business. Maintaining and enhancing the Salesforce brand and our other brands is critical to expanding our base of customers, partners and employees. Our brand strength, particularly for our core services, depends largely on our ability to remain a technology leader and to continue to provide high-quality innovative products, services and features in a secure, reliable manner that enhances our customers’ success even as we scale and expand our services. In order to maintain and enhance the strength of our brands, we have made and may in the future make substantial investments to expand or improve our product offerings and services, or we may enter new markets that may be accompanied by initial complications or ultimately prove to be unsuccessful.
In addition, we have secured the naming rights to facilities controlled by third parties, such as office towers and a transit center, and any negative events or publicity arising in connection with these facilities could adversely impact our brand.
Further, entry into markets with weaker protection of brands or changes in the legal systems in countries we operate may impact our ability to protect our brands. If we fail to maintain, enhance or protect our brands, or if we incur excessive expenses in our efforts to do so, our business, operating results and financial condition may be materially and adversely affected.
We are subject to risks associated with our strategic investments, including partial or complete loss of invested capital. Significant changes in the fair value of this portfolio, including changes in the valuation of our investments in publicly traded and privately held companies, could negatively impact our financial results.
We manage a portfolio of strategic investments in both privately held and publicly traded companies focused primarily on enterprise cloud companies, technology startups and system integrators. Our investments range from early to late stage companies, including investments made concurrent with a company’s initial public offering. We invest in companies that we believe are digitally transforming their industries, improving customer experiences, helping us expand our solution ecosystem or supporting other corporate initiatives. We continually evaluate our investments in privately held and publicly traded companies. In certain cases, our ability to sell these investments may be impacted by contractual obligations to hold the securities for a set period of time after a public offering. In addition, the financial success of our investment in any company is typically dependent on a liquidity event, such as a public offering, acquisition or other favorable market event reflecting appreciation to the cost of our initial investment. All of our investments are therefore subject to a risk of partial or total loss of invested capital.
We anticipate additional volatility to our condensed consolidated statements of operations due to changes in market prices, observable price changes and both temporary and permanent impairments to our investments. These changes could be material based on market conditions and events. While historically our strategic investment portfolio has had a positive impact on our financial results, we have had periods where our investment portfolio has recorded net losses and may have losses again in future periods, particularly in periods of significant market fluctuations that affect our equity securities within our strategic investments portfolio. Volatility in global market conditions, including recent economic disruptions, inflation and ongoing volatility in the public equity markets, may impact our strategic investment portfolio and our financial results may fluctuate from historical results and expectations.
If third-party developers and providers do not continue to embrace our technology delivery model and enterprise cloud computing services, or if our customers seek warranties from us for third-party applications, integrations, data and content, our business could be harmed.
Our success depends on the willingness of a growing community of third-party developers and technology providers to build applications and provide integrations, data and content that are complementary to our services. Without the continued development of these applications and provision of such integrations, data and content, both current and potential customers may not find our services sufficiently attractive, which could impact future sales. In addition, for those customers who authorize a third-party technology partner to access their data, we do not provide any warranty related to the functionality, security or integrity of the data access, transmission or processing. Despite contract provisions to protect us, customers may look to us to support and provide warranties for the third-party applications, integrations, data and content, even though not developed or sold by us, which may expose us to potential claims, liabilities and obligations, all of which could harm our reputation and our business.
Social and ethical issues, including the use or capabilities of AI in our offerings, may result in reputational harm and liability.
Policies we adopt or choose not to adopt on social and ethical issues, especially regarding the use of our products, may be unpopular with some of our employees or with our customers or potential customers, and have in the past impacted and may in the future impact our ability to attract or retain employees and customers. We also may choose not to conduct business with potential customers or discontinue or not expand business with existing customers due to these policies. Further, actions taken by our customers and employees, including through the use or misuse of our products or new technologies for illegal activities or improper information sharing, may result in reputational harm or possible liability, particularly in light of upcoming regulatory requirements like the Digital Services Act (“DSA”) from the EU. For example, we have been subject to allegations in legal proceedings that we should be liable for the use of certain of our products by third parties. Although we believe that such claims lack merit, legal proceedings can be lengthy, expensive and disruptive to our operations and the outcome of any claims or litigation, regardless of the merits, is inherently uncertain. Regardless of outcome, these types of claims could cause reputational harm to our brand or result in liability.
We are increasingly building AI into many of our offerings, including generative AI. As with many innovations, AI and our Customer 360 platform present additional risks and challenges that could affect their adoption and therefore our business. For example, the development of AI and Customer 360, the latter of which provides information regarding our customers’ customers, presents emerging ethical issues. If we enable or offer solutions that draw controversy due to their perceived or actual impact on human rights, privacy, employment, or in other social contexts, we may experience brand or reputational harm, competitive harm or legal liability. Data practices by us or others that result in controversy could also impair the acceptance of AI solutions. This in turn could undermine the decisions, predictions or analysis AI applications produce, subjecting us to competitive harm, legal liability and brand or reputational harm. The rapid evolution of AI will require the application of resources to develop, test and maintain our products and services to help ensure that AI is implemented ethically in order to minimize unintended, harmful impact. Uncertainty around new and emerging AI applications such as generative AI content creation will require additional investment in the development of proprietary datasets, machine learning models and systems to test for accuracy, bias and other variables, which are often complex, may be costly and could impact our profit margin. Moreover, the move from AI content classification to AI content generation through our development of Einstein GPT and other generative AI products brings additional risks and responsibility. Known risks of generative AI currently include accuracy, bias, toxicity, privacy, and security and data provenance. Developing, testing and deploying AI systems may also increase the cost profile of our offerings due to the nature of the computing costs involved in such systems. If we are unable to mitigate these risks, or if we incur excessive expenses in our efforts to do so, our reputation, business, operating results and financial condition may be harmed.
Our aspirations and disclosures related to ESG matters expose us to risks that could adversely affect our reputation and performance.
We have established and publicly announced ESG goals, including our commitments to advancing racial and gender equality within our workforce and reducing greenhouse gas emissions. These statements reflect our current plans and aspirations and are not guarantees that we will be able to achieve them. Our failure to accomplish or accurately track and report on these goals on a timely basis, or at all, could adversely affect our reputation, financial performance and growth, and expose us to increased scrutiny from the investment community as well as enforcement authorities.
Our ability to achieve any ESG objective is subject to numerous risks, many of which are outside of our control. Examples of such risks include:
•the availability and cost of low- or non-carbon-based energy sources;
•the evolving regulatory requirements affecting ESG practices and/or disclosures;
•the availability of suppliers that can meet our sustainability, diversity and other ESG standards;
•our ability to recruit, develop and retain diverse talent in our labor markets; and
•the success of our organic growth and acquisitions, dispositions or restructuring of our businesses or operations.
Standards for tracking and reporting ESG matters continue to evolve. Our use of disclosure frameworks and standards, and the interpretation or application of those frameworks and standards, may change from time to time or differ from those of others. This may result in a lack of consistent or meaningful comparative data from period to period or between Salesforce and other companies in the same industry. In addition, our processes and controls may not comply with evolving standards for identifying, measuring and reporting ESG metrics, including ESG-related disclosures that may be required of public companies by the SEC and other regulators, and such standards may change over time, which could result in significant revisions to our current goals, reported progress in achieving such goals, or ability to achieve such goals in the future.
If our ESG practices do not meet evolving investor or other stakeholder expectations and standards, then our reputation, our ability to attract or retain employees, and our attractiveness as an investment, business partner, acquiror or service provider could be negatively impacted. Further, our failure or perceived failure to pursue or fulfill our goals and objectives or to satisfy various reporting standards on a timely basis, or at all, could have similar negative impacts or expose us to government enforcement actions and private litigation.
Legal and Regulatory Risks
Privacy concerns and laws as well as evolving regulation of cloud computing, cross-border data transfer restrictions and other domestic or foreign regulations may limit the use and adoption of our services and adversely affect our business.
Regulation related to the provision of services over the Internet is evolving, as federal, state and foreign governments continue to adopt new, or modify existing, laws and regulations addressing data privacy, cybersecurity, data protection, data sovereignty and the collection, processing, storage, hosting, transfer and use of data, generally. In some cases, data privacy laws and regulations, such as the EU’s General Data Protection Regulation (“GDPR”), impose obligations directly on Salesforce as both a data controller and a data processor, as well as on many of our customers. In addition, new domestic data privacy laws, such as the California Consumer Privacy Act (“CCPA”) as amended by the California Privacy Rights Act (“CPRA”), and laws that have recently passed and/or gone into effect in Virginia, Colorado, Connecticut, Utah, Montana, Tennessee, Iowa, Indiana and Washington, similarly impose new obligations on us and many of our customers, potentially as both businesses and service providers. These laws continue to evolve, and as various states introduce similar proposals, we and our customers could be exposed to additional regulatory burdens. Further, laws and legislative proposals such as the EU’s proposed e-Privacy Regulation are increasingly aimed at the use of personal information for marketing purposes, and the tracking of individuals’ online activities. The EU has been developing new requirements related to the use of data, including in the Digital Services Act, that may impose additional rules and restrictions on the use of the data in our products and services.
In addition, various safe harbors have historically been provided to those who hosted content provided by others, such as safe harbors from monetary damages for copyright infringement arising from copyrighted content provided by customers and others and for defamation and other torts arising from information provided by customers and others. There is an increasing demand for repealing or limiting these safe harbors by either judicial decision or legislation, and we have active legal proceedings that have been impacted by the repeal or limiting of safe harbors that were previously available to us. Loss of these safe harbors may require altering or limiting some of our services or may require additional contractual terms to avoid liabilities for our customers’ misconduct.
Although we monitor the regulatory, judicial and legislative environment and have invested in addressing these developments, these laws may require us to make additional changes to our practices and services to enable us or our customers to meet the new legal requirements, and may also increase our potential liability exposure through new or higher potential penalties for noncompliance, including as a result of penalties, fines and lawsuits related to data breaches. Furthermore, privacy laws and regulations are subject to differing interpretations and may be inconsistent among jurisdictions. These and other requirements are causing increased scrutiny among customers, particularly in the public sector and highly regulated industries, and may be perceived differently from customer to customer. These developments could reduce demand for our services, require us to take on more onerous obligations in our contracts, restrict our ability to store, transfer and process data or, in some cases, impact our ability or our customers' ability to offer our services in certain locations, to deploy our solutions, to reach current and prospective customers, or to derive insights from customer data globally. For example, on July 16, 2020, the Court of Justice of the European Union (“CJEU”) invalidated the EU-US Privacy Shield Framework, one of the mechanisms that allowed companies, including Salesforce, to transfer personal data from the European Economic Area (“EEA”) to the United States. Even if the CJEU decision upheld the Standard Contractual Clauses (“SCCs”) as an adequate transfer mechanism, the data exporters are now also required when relying on SCCs to conduct a transfer risk assessment to verify if anything in the law and/or practices of the destination country may impinge on the effectiveness of the SCCs in the context of the transfer at stake and, if so, to identify and adopt supplementary measures that are necessary to bring the level of protection of the data transferred to the EU standard of essential equivalence. Where no supplementary measure is suitable, the data exporter should
avoid, suspend or terminate the transfer. Depending on how the CJEU’s decision is enforced, the cost and complexity of providing our services in certain markets may increase. While the EU and U.S. governments have recently advanced the EU-U.S. Data Privacy Framework to foster EU-to-U.S. data transfers and address the concerns raised in the aforementioned CJEU decision, it is uncertain whether this framework will be overturned in court like the previous two EU-U.S. bilateral cross-border transfer frameworks. As a result, regulators may be inclined to continue to interpret the CJEU’s decision, and the logic behind it, as significantly restricting certain cross-border transfers. Certain countries outside of the EEA (e.g., China and India) have also passed or are considering passing laws requiring varying degrees of local data residency. By way of further example, statutory damages available through a private right of action for certain data breaches under the CPRA and potentially other states’ laws, may increase our and our customers’ potential liability and the demands our customers place on us.
The costs of compliance with, and other burdens imposed by, privacy laws, regulations and standards may limit the use and adoption of our services, reduce overall demand for our services, make it more difficult to meet expectations from our commitments to customers and our customers’ customers, lead to significant fines, penalties or liabilities for noncompliance, impact our reputation, or slow the pace at which we close sales transactions, in particular where customers request specific warranties and unlimited indemnity for noncompliance with privacy laws, any of which could harm our business. In September 2021, Salesforce announced the Hyperforce EU Operating Zone, which is expected to enable storage and processing of customer data solely within the EU. This EU service may enhance our ability to attract and retain customers operating in the EU, but may also increase the cost and complexity of supporting those customers, and our customers may request similar offerings in other territories.
In addition to government activity, privacy advocates and other industry groups have established or may establish new self-regulatory standards that may place additional burdens on our ability to provide our services globally. Our customers expect us to meet voluntary certification and other standards established by third parties. If we are unable to maintain these certifications or meet these standards, it could adversely affect our ability to provide our solutions to certain customers and could harm our business. In addition, we have seen a trend toward the private enforcement of data protection obligations, including through private actions for alleged noncompliance, which could harm our business and negatively impact our reputation. For example, in 2020 we were made a party to a legal proceeding brought by a Dutch privacy advocacy group (the Privacy Collective) on behalf of certain Dutch citizens that claims we violated the GDPR and Dutch Telecommunications Act through the processing and sharing of data in connection with our Audience Studio and Data Studio products. In December 2021, the Amsterdam District Court declared the Privacy Collective inadmissible in its claims against us and dismissed the case, however this is currently being appealed by the Privacy Collective. We were also named as a defendant in a similar lawsuit brought in the UK, which has subsequently been dismissed. Although we believe that these claims lack merit, these or similar future claims could cause reputational harm to our brand or result in liability. In addition, the economic slowdown could increase the regulatory enforcement of privacy regulations, which could require our cooperation and or increase the cost of our compliance with the imposed regulations.
Furthermore, the uncertain and shifting regulatory environment and trust climate may raise concerns regarding data privacy and cybersecurity, which may cause our customers or our customers’ customers to resist providing the data necessary to allow our customers to use our services effectively. In addition, new products we develop or acquire in connection with changing events may expose us to liability or regulatory risk. Even the perception that the privacy and security of personal information are not satisfactorily protected or do not meet regulatory requirements could inhibit sales of our products or services and could limit adoption of our cloud-based solutions.
Industry-specific regulations and other requirements and standards are evolving and unfavorable industry-specific laws, regulations, interpretive positions or standards could harm our business.
Our customers and potential customers conduct business in a variety of industries, including financial services, the public sector, healthcare and telecommunications. Regulators in certain industries have adopted and may in the future adopt regulations or interpretive positions regarding the use of cloud computing and other outsourced services. The costs of compliance with, and other burdens imposed by, industry-specific laws, regulations and interpretive positions may limit our customers’ use and adoption of our services and reduce overall demand for our services. Compliance with these regulations may also require us to devote greater resources to support certain customers, which may increase costs and lengthen sales cycles. For example, some financial services regulators have imposed guidelines for use of cloud computing services that mandate specific controls or require financial services enterprises to obtain regulatory approval prior to outsourcing certain functions. In the United States, a cybersecurity Executive Order released in May 2021 may heighten future compliance and incident reporting standards in order to obtain certain public sector contracts. If we are unable to comply with these guidelines or controls, or if our customers are unable to obtain regulatory approval to use our services where required, our business may be harmed. In addition, an inability to satisfy the standards of certain voluntary third-party certification bodies that our customers may expect, such as an attestation of compliance with the Payment Card Industry (“PCI”) Data Security Standards, may have an adverse impact on our business and results. If in the future we are unable to achieve or maintain industry-specific certifications or other requirements or standards relevant to our customers, it may harm our business and adversely affect our results.
Further, in some cases, industry-specific, regionally-specific or product-specific laws, regulations or interpretive positions may impact our ability, as well as the ability of our customers, partners and data providers, to collect, augment, analyze, use, transfer and share personal and other information that is integral to certain services we provide. The interpretation of many of these statutes, regulations and rulings is evolving in the courts and administrative agencies and an inability to comply may have an adverse impact on our business and results. This impact may be particularly acute in countries that have passed or are considering passing legislation that requires data to remain localized “in country,” as this may impose financial costs on companies required to store data in jurisdictions not of their choosing and to use nonstandard operational processes that add complexity and are difficult and costly to integrate with global processes. This is also true with respect to the global proliferation of laws regulating the financial services industry, including its use of cloud services. In Europe, the Digital Operational Resilience Act (DORA), which aims to ensure the resilience of the EU financial sectors, including through mandatory risk management, incident reporting, resilience testing and third-party outsourcing restrictions, was formally adopted by the Council of the EU in November 2022. The UK is advancing similar legislation and other countries may follow. Further, countries are applying their data protection laws to AI, and particularly generative AI, and/or are considering legal frameworks on AI. Any failure or perceived failure by Salesforce to comply with such requirements could have an adverse impact on our business.
There are various statutes, regulations and rulings relevant to direct email marketing and text-messaging industries, including the Telephone Consumer Protection Act (“TCPA”) and related Federal Communication Commission orders, which impose significant restrictions on the ability to utilize telephone calls and text messages to mobile telephone numbers as a means of communication, when the prior consent of the person being contacted has not been obtained. We have been, and may in the future be, subject to one or more class-action lawsuits, as well as individual lawsuits, containing allegations that one of our businesses or customers violated the TCPA. A determination that we or our customers violated the TCPA or other communications-based statutes could expose us to significant damage awards that could, individually or in the aggregate, materially harm our business. In addition, many jurisdictions across the world are currently considering, or have already begun implementing, changes to antitrust and competition laws, regulations or interpretative positions to enhance competition in digital markets and address practices by certain digital platforms that they perceive to be anticompetitive. These regulatory efforts could result in laws, regulations or interpretative positions that may require us to change certain of our business practices, undertake new compliance obligations or otherwise may have an adverse impact on our business and results.
We have been and may in the future be sued by third parties for various claims, including alleged infringement of proprietary rights.
We are involved in various legal matters arising from the normal course of business activities. These include claims, suits, government investigations and other proceedings involving alleged infringement of third-party patents and other intellectual property rights, as well as commercial, corporate and securities, labor and employment, class actions, wage and hour, antitrust, data privacy and other matters.
The software and Internet industries are characterized by the existence of many patents, trademarks, trade secrets and copyrights and by frequent litigation based on allegations of infringement or other violations of intellectual property rights. We have received in the past and may receive in the future communications from third parties, including practicing entities and non-practicing entities, claiming that we have infringed their intellectual property rights. We have also been, and may in the future be, sued by third parties for alleged infringement of their claimed proprietary rights. Our technologies may be subject to injunction if they are found to infringe the rights of a third party or we may be required to pay damages, or both. Further, many of our subscription agreements require us to indemnify our customers for third-party intellectual property infringement claims, which would increase the cost to us of an adverse ruling on such a claim.
In addition, we have in the past been, and may in the future be, sued by third parties who seek to target us for actions taken by our customers, including through the use or misuse of our products. For example, we have been subject to allegations in legal proceedings that we should be liable for the use of certain of our products by third parties. Although we believe that such claims lack merit, such claims could cause reputational harm to our brand or result in liability.
Our exposure to risks associated with various claims, including claims related to the use of intellectual property as well as securities and related stockholder derivative claims, may be increased as a result of acquisitions of other companies. For example, we are subject to ongoing securities class action litigation and related stockholder derivative claims brought against Tableau and Slack that remain outstanding, and as to which we may ultimately be subject to liability or settlement costs. Additionally, we may have a lower level of visibility into the development process with respect to intellectual property or the care taken to safeguard against infringement risks with respect to acquired companies or technologies. In addition, third parties have made claims in connection with our acquisitions and may do so in the future, and they may also make infringement and similar or related claims after we have acquired technology that had not been asserted prior to our acquisition.
The outcome of any claims or litigation, regardless of the merits, is inherently uncertain. Any claims or lawsuits, and the disposition of such claims and lawsuits, whether through settlement or licensing discussions, or litigation, could be time-consuming and expensive to resolve, divert management attention from executing our business plan, result in efforts to enjoin
our activities, lead to attempts on the part of other parties to pursue similar claims and, in the case of intellectual property claims, require us to change our technology, change our business practices, pay monetary damages or enter into short- or long-term royalty or licensing agreements.
Any adverse determination or settlement related to intellectual property claims or other litigation could prevent us from offering our services to others, could be material to our financial condition or cash flows, or both, or could otherwise adversely affect our operating results, including our operating cash flow in a particular period. In addition, depending on the nature and timing of any such dispute, an unfavorable resolution of a legal matter could materially affect our current or future results of operations or cash flows in a particular period.
Any failure to obtain registration or protection of our intellectual property rights could impair our ability to protect our proprietary technology and our brand, causing us to incur significant expenses and harm our business.
If we fail to protect our intellectual property rights adequately, our competitors may gain access to our technology, affecting our brand, causing us to incur significant expenses and harming our business. Any of our patents, trademarks or other intellectual property rights may be challenged by others or invalidated through administrative process or litigation. While we have many U.S. patents and pending U.S. and international patent applications, we may be unable to obtain patent protection for the technology covered in our patent applications or the patent protection may not be obtained quickly enough to meet our business needs. In addition, our existing patents and any patents issued in the future may not provide us with competitive advantages, or may be successfully challenged by third parties. Similar uncertainty applies to our U.S. and international trademark registrations and applications. Furthermore, legal standards relating to the validity, enforceability and scope of protection of intellectual property rights are uncertain, and we also may face proposals to change the scope of protection for some intellectual property rights in the U.S. and elsewhere. Effective patent, trademark, copyright and trade secret protection may not be available to us in every country in which our services are available and legal changes and uncertainty in various countries’ intellectual property regimes may result in making conduct that we believe is lawful to be deemed violative of others’ rights. The laws of some foreign countries may not be as protective of intellectual property rights as those in the U.S., and mechanisms for enforcement of intellectual property rights may be inadequate. Also, our involvement in standard-setting activity, our contribution to open source projects, various competition law regimes or the need to obtain licenses from others may require us to license our intellectual property in certain circumstances. Accordingly, despite our efforts, we may be unable to prevent third parties from using our intellectual property.
We may be required to spend significant resources and expense to monitor and protect our intellectual property rights. We may initiate claims or litigation against third parties for infringement of our proprietary rights or to establish the validity of our proprietary rights. If we fail to protect our intellectual property rights, it could impact our ability to protect our technology and brand. Furthermore, any litigation, whether or not it is resolved in our favor, could result in significant expense to us, cause us to divert time and resources from our core business, and harm our business.
We may be subject to risks related to government contracts and related procurement regulations.
Our contracts with federal, state, local and foreign government entities are subject to various procurement regulations and other requirements relating to their formation, administration and performance. We are from time to time subject to audits and investigations relating to our government contracts, and any violations could result in various civil and criminal penalties and administrative sanctions, including termination of contracts, refunding or suspending of payments, forfeiture of profits, payment of fines, and suspension or debarment from future government business. In addition, such contracts may provide for termination by the government at any time, without cause. Any of these risks related to contracting with governmental entities could adversely impact our future sales and operating results.
We are subject to governmental sanctions and export and import controls that could impair our ability to compete in international markets and may subject us to liability if we are not in full compliance with applicable laws.
Our solutions are subject to export and import controls where we conduct our business activities, including the U.S. Commerce Department’s Export Administration Regulations, U.S. Customs regulations, U.S. supply chain regulations and various economic and trade sanctions regulations established by the U.S. Treasury Department’s Office of Foreign Assets Control. If we fail to comply with applicable trade laws, we and certain of our employees could be subject to substantial civil or criminal penalties, including the possible loss of trade privileges; fines, which may be imposed on us and responsible employees or managers; and, in extreme cases, the incarceration of responsible employees or managers. Obtaining necessary authorizations, including any required licenses, may be time-consuming, requires expenditure of corporate resources, is not guaranteed, and may result in the delay or loss of sales opportunities or the ability to realize value from certain acquisitions or engagements. Acquisitions may also subject us to successor liability and other integration compliance risks. Furthermore, U.S. export control laws and economic sanctions may prohibit or limit the transfer of certain products and services to U.S. embargoed or sanctioned countries, governments and parties. We can provide no assurance that any of the precautions we take to prevent our solutions from being provisioned or provided to U.S. sanctions targets in violation of applicable regulations will be effective, and, accordingly, our solutions could be provisioned or provided to those targets, including by our resellers or
other third parties, which could have negative consequences for our business, including government investigations, penalties and reputational harm. Changes in our solutions or trade regulations may create delays in the introduction, sale and deployment of our solutions in international markets or prevent the export or import of our solutions to certain countries, governments or persons altogether. Any decreased use of our solutions or limitation on our ability to export or sell our solutions may adversely affect our business, financial condition and results of operations. Import and export control regulations in the United States and other countries are subject to change and uncertainty, including as a result of geopolitical developments and relations between the United States and China, the United States and Russia and war in Europe. Regulators in the United States and elsewhere have signaled an increased emphasis on sanctions and export control enforcement, including several recent high-profile enforcement actions and increased pressure for companies to self-disclose potential violations.
Financial Risks
Because we generally recognize revenue from subscriptions for our services over the term of the subscription, downturns or upturns in new business may not be immediately reflected in our operating results.
We generally recognize revenue from customers ratably over the terms of their subscription and support agreements, which are typically 12 to 36 months. As a result, most of the revenue we report in each quarter is the result of subscription and support agreements entered into during previous quarters. Consequently, a decline in new or renewed subscriptions in any one quarter may not be reflected in our revenue results for that quarter but will negatively impact our revenue in future quarters. Accordingly, the effect of significant downturns in sales and market acceptance of our services, and changes in our attrition rate, may not be fully reflected in our results of operations until future periods. Our subscription model also makes it difficult for us to rapidly increase our revenue through additional sales in any period, as revenue from new customers must be recognized over the applicable subscription and support term.
If we experience significant fluctuations in our rate of anticipated growth and fail to balance our expenses with our revenue forecasts, our business could be harmed and the market price of our common stock could decline.
Due to the unpredictability of future general economic and financial market conditions, including from the global economic impact of geopolitical conflict in Europe, the pace of change and innovation in enterprise cloud computing services, the impact of foreign currency exchange rate fluctuations, the growing complexity of our business, including the use of multiple pricing and packaging models and the increasing amount of revenue from software license sales, and our increasing focus on enterprise cloud computing services, we may not be able to realize our projected revenue growth plans. We plan our expense and investment levels based on estimates of future revenue and future anticipated rate of growth. We may not be able to adjust our spending appropriately if the addition of new subscriptions or the renewals of existing subscriptions fall short of our expectations, and unanticipated events may cause us to incur expenses beyond what we anticipated. A portion of our expenses may also be fixed in nature for some minimum amount of time, such as with costs capitalized to obtain revenue contracts, data center and infrastructure service contracts or office leases, so it may not be possible to reduce costs in a timely manner, or at all, without the payment of fees to exit certain obligations early. As a result, our revenues, operating results and cash flows may fluctuate significantly on a quarterly basis and revenue growth rates may not be sustainable and may decline in the future. In some periods, we have not been able to, and may not be able in the future to provide continued operating margin expansion, which could harm our business and cause the market price of our common stock to decline.
Unanticipated changes in our effective tax rate and additional tax liabilities and global tax developments may impact our financial results.
We are subject to income taxes in the United States and various other jurisdictions. Significant judgment is often required in the determination of our worldwide provision for income taxes. Our effective tax rate could be impacted by changes in our earnings and losses in countries with differing statutory tax rates, changes in operations, changes in non-deductible expenses, changes in the tax effects of stock-based compensation expense, changes in the valuation of deferred tax assets and liabilities and our ability to utilize them, the applicability of withholding taxes, effects from acquisitions and changes in accounting principles and tax laws. Any changes, ambiguity or uncertainty in taxing jurisdictions’ administrative interpretations, decisions, policies and positions could also materially impact our income tax liabilities.
We may also be subject to additional tax liabilities and penalties due to changes in non-income based taxes resulting from changes in federal, state, local or international tax laws, changes in taxing jurisdictions’ administrative interpretations, decisions, policies and positions, results of tax examinations, settlements or judicial decisions, changes in accounting principles, or changes to our business operations, including as a result of acquisitions. Any resulting increase in our tax obligation or cash taxes paid could adversely affect our cash flows and financial results.
We are also subject to tax examinations or engaged in alternative resolutions in multiple jurisdictions. While we regularly evaluate new information that may change our judgment resulting in recognition, derecognition or changes in measurement of a tax position taken, there can be no assurance that the final determination of any examinations will not have an adverse effect on our operating results or financial position.
As our business continues to grow, increasing our brand recognition and profitability, we may be subject to increased scrutiny and corresponding tax disputes, which may impact our cash flows and financial results. Furthermore, our growing prominence may bring public attention to our tax profile, and if perceived negatively, may cause brand or reputational harm.
As we utilize our remaining tax credits and net operating loss carryforwards, we may be unable to mitigate our tax obligations to the same extent as in prior years, which could have a material impact to our future cash flows. In addition, changes to our operating structure, including changes related to acquisitions, may result in cash tax obligations.
Global tax developments applicable to multinational businesses may have a material impact to our business, cash flows from operating activities, or financial results. Such developments, for example, may include certain new provisions introduced by the Inflation Reduction Act, certain Organization for Economic Co-operation and Development’s proposals including the implementation of the global minimum tax under the Pillar Two model rules, and the European Commission’s and certain major jurisdictions’ heightened interest in and taxation of companies participating in the digital economy. Furthermore, governments’ responses to macroeconomic factors such as shrinking gross domestic product or increased inflation rates may lead to tax rule changes that could materially and adversely affect our cash flows and financial results.
We are exposed to fluctuations in currency exchange rates that have in the past and could in the future negatively impact our financial results and cash flows from changes in the value of the U.S. Dollar versus local currencies.
We primarily conduct our business in the following regions: the Americas, Europe and Asia Pacific. The expanding global scope of our business exposes us to risk of fluctuations in foreign currency markets, including in emerging markets. This exposure is the result of selling in multiple currencies, growth in our international investments, additional headcount in foreign locations, and operating in countries where the functional currency is the local currency. Specifically, our results of operations and cash flows are subject to currency fluctuations primarily in Euro, British Pound Sterling, Japanese Yen, Canadian Dollar, Australian Dollar, Brazilian Real and Israeli Shekel against the U.S. Dollar. These exposures may change over time as business practices evolve, economic and political conditions change and evolving tax regulations come into effect. The fluctuations of currencies in which we conduct business can both increase and decrease our overall revenue and expenses for any given fiscal period. Furthermore, fluctuations in foreign currency exchange rates, combined with the seasonality of our business, could affect our ability to accurately predict our future results and earnings.
Additionally, global events as well as geopolitical developments, including conflict in Europe, fluctuating commodity prices, trade tariff developments and inflation have caused, and may in the future cause, global economic uncertainty and uncertainty about the interest rate environment, which has and could in the future amplify the volatility of currency fluctuations. Although we attempt to mitigate some of this volatility and related risks through foreign currency hedging, our hedging activities are limited in scope and may not effectively offset the adverse financial impacts that may result from unfavorable movements in foreign currency exchange rates, which could adversely impact our financial condition or results of operations.
Our debt service obligations, lease commitments and other contractual obligations may adversely affect our financial condition, results of operations and cash flows.
As of April 30, 2023, we had a substantial level of outstanding debt, including our Senior Notes. We are also party to the Revolving Loan Credit Agreement, which provides for our $3.0 billion Credit Facility. Although there were no outstanding borrowings under the Credit Facility as of April 30, 2023, we may use the proceeds of future borrowings under the Credit Facility for general corporate purposes, which may include, without limitation, financing the consideration for and fees, costs and expenses related to any acquisition.
In addition to the outstanding and potential debt obligations above, we have also recorded substantial liabilities associated with noncancellable future payments on our long-term lease agreements. We also have significant other contractual commitments, such as commitments with infrastructure service providers, which are not reflected on our condensed consolidated balance sheets.
Maintenance of our indebtedness and contractual commitments and any additional issuances of indebtedness could:
•impair our ability to obtain additional financing in the future for working capital, capital expenditures, acquisitions, general corporate or other purposes;
•cause us to dedicate a substantial portion of our cash flows from operations toward debt service obligations and principal repayments; and
•make us more vulnerable to downturns in our business, our industry or the economy in general.
Our ability to meet our expenses and debt obligations will depend on our future performance, which will be affected by financial, business, economic, regulatory and other factors. We will not be able to control many of these factors, such as economic conditions and governmental regulations. Further, our operations may not generate sufficient cash to enable us to service our debt or contractual obligations resulting from our leases. If we fail to make a payment on our debt, we could be in default on such debt. If we are at any time unable to generate sufficient cash flows from operations to service our indebtedness when payment is due, we may be required to attempt to renegotiate the terms of the instruments relating to the indebtedness,
seek to refinance all or a portion of the indebtedness or obtain additional financing. There can be no assurance that we would be able to successfully renegotiate such terms, that any such refinancing would be possible or that any additional financing could be obtained on terms that are favorable or acceptable to us. Any new or refinanced debt may be subject to substantially higher interest rates, which could adversely affect our financial condition and impact our business. In addition, we may seek debt financing to fund future acquisitions. We can offer no assurance that we can obtain debt financing on terms acceptable to us, if at all.
In addition, adverse changes by any rating agency to our credit ratings may negatively impact the value and liquidity of both our debt and equity securities, as well as the potential costs associated with a refinancing of our debt. Downgrades in our credit ratings could also affect the terms of any such refinancing or future financing or restrict our ability to obtain additional financing in the future.
The indentures governing our Senior Notes and the Revolving Loan Credit Agreement impose restrictions on us and require us to maintain compliance with specified covenants. Our ability to comply with these covenants may be affected by events beyond our control. A failure to comply with the covenants and other provisions of our outstanding debt could result in events of default under such instruments, which could permit acceleration of all of our debt and borrowings. Any required repayment of our debt as a result of a fundamental change or other acceleration would lower our current cash on hand such that we would not have those funds available for use in our business.
Lease accounting guidance requires that we record a liability for operating lease activity on our condensed consolidated balance sheet, which increases both our assets and liabilities and therefore may impact our ability to obtain the necessary financing from financial institutions at commercially viable rates or at all. Our lease terms may include options to extend or terminate the lease. Periods beyond the noncancellable term of the lease are included in the measurement of the lease liability and associated asset only when it is reasonably certain that we will exercise the associated extension option or waive the termination option. We reassess the lease term if and when a significant event or change in circumstances occurs within our control. The potential impact of these options to extend could be material to our financial position and financial results.
Current and future accounting pronouncements and other financial and nonfinancial reporting standards may negatively impact our financial results.
We regularly monitor our compliance with applicable financial and nonfinancial reporting standards and review new pronouncements and interpretations that are relevant to us. As a result of new financial or nonfinancial standards or pronouncements, changes to existing standards or pronouncements and changes in their interpretation, we may be required to change our accounting policies, to alter our operational policies, to implement new or enhance existing systems so that they reflect new or amended financial reporting standards, and to adjust our published financial statements. For example, proposed reporting requirements such as the SEC proposals related to the enhancement and standardization of climate-related disclosures may require us to change our accounting policies, to alter our operational policies and to implement new or enhance existing systems so that they reflect new or amended financial reporting standards, or to restate our published financial statements. Such changes may have an adverse effect on our business, financial position and operating results, or cause an adverse deviation from our revenue and operating profit targets, which may negatively impact our financial results.
Risks Related to Owning Our Common Stock
Our quarterly results are likely to fluctuate, which may cause the value of our common stock to decline substantially.
Our quarterly results are likely to fluctuate. Fluctuations have occurred due to known and unknown risks, such as the global economic impact of geopolitical conflict in Europe and rising interest rates. In addition, our fiscal fourth quarter has historically been our strongest quarter for new business and renewals, and the year-over-year compounding effect of this seasonality in billing patterns and overall new business and renewal activity causes the value of invoices that we generate in the fourth quarter to continually increase in proportion to our billings in the other three quarters of our fiscal year. As a result, our fiscal first quarter has typically in the past been our largest collections and operating cash flow quarter.
Additionally, some of the important factors that may cause our revenues, operating results and cash flows to fluctuate from quarter to quarter include:
•general economic or geopolitical conditions, including the impacts of the conflict in Europe, financial market conditions, increasing costs of operation and foreign currency exchange rates, any of which can adversely affect either our customers’ ability or willingness to purchase additional subscriptions or upgrade their services, or delay prospective customers’ purchasing decisions, reduce the value of new subscription contracts, or affect attrition rates;
•our ability to retain and increase sales to existing customers, attract new customers and satisfy our customers’ requirements;
•the attrition rates for our services;
•the rate of expansion and productivity of our sales force;
•the length of the sales cycle for our services;
•new product and service introductions by our competitors;
•our success in selling our services to large enterprises;
•changes in unearned revenue and remaining performance obligation, due to seasonality, the timing of and compounding effects of renewals, invoice duration, size and timing, new business linearity between quarters and within a quarter, average contract term, the collectability of invoices related to multi-year agreements, the timing of license software revenue recognition, or fluctuations due to foreign currency movements, all of which may impact implied growth rates;
•our ability to realize benefits from strategic partnerships, acquisitions or investments;
•our ability to execute and realize benefits from the Restructuring Plan, or any similar actions taken in the future;
•variations in the revenue mix of our services and growth rates of our subscription and support offerings, including the timing of software license sales and sales offerings that include an on-premise software element for which the revenue allocated to that deliverable is recognized upfront;
•the seasonality of our sales cycle, including software license sales, and timing of contract execution and the corresponding impact on revenue recognized at a point in time;
•changes in our pricing policies and terms of contracts, whether initiated by us or as a result of competition, customer preference or other factors;
•expenses associated with our pricing policies and terms of contracts, such as the costs of customer SMS text usage paid by us and the related impacts to our gross margin;
•the seasonality of our customers’ businesses, especially our Commerce service offering customers, including retailers and branded manufacturers;
•fluctuations in foreign currency exchange rates such as with respect to the U.S. Dollar against the Euro and British Pound Sterling;
•the amount and timing of operating costs and capital expenditures related to the operations and expansion of our business;
•the number of new employees, including the cost to recruit and train such employees;
•the timing of commission, bonus and other compensation payments to employees, including decisions to guarantee some portion of commissions payments in connection with extraordinary events;
•the cost, timing and management effort required for the introduction of new features to our services;
•the costs associated with acquiring new businesses and technologies and the follow-on costs of integration and consolidating the results of acquired businesses;
•expenses related to our real estate or changes in the nature or extent of our use of existing real estate, including our office leases and our data center capacity and expansion;
•timing of additional investments in our enterprise cloud computing application and platform services and in our consulting services;
•expenses related to significant, unusual or discrete events, which are recorded in the period in which the events occur;
•extraordinary expenses such as litigation or other dispute-related settlement payments;
•income tax effects resulting from, but not limited to, tax law changes, court decisions on tax matters, global tax developments applicable to multinational corporations, changes in operations or business structures and acquisition activity;
•the timing of payroll and other withholding tax expenses, which are triggered by the payment of bonuses and when employees exercise their vested stock options;
•technical difficulties or interruptions in our services;
•changes in interest rates and our mix of investments, which impact the return on our investments in cash and marketable securities;
•conditions, and particularly sudden changes, in the financial markets, which have impacted and may continue to impact the value and liquidity of our investment portfolio;
•changes in the fair value of our strategic investments in early-to-late-stage privately held and public companies, including temporary impairments, which could negatively and materially impact our financial results, particularly in periods of significant market fluctuations;
•equity or debt issuances, including as consideration in or in conjunction with acquisitions;
•the timing of stock awards to employees and the related adverse financial statement impact of having to expense those stock awards on a straight-line basis over their vesting schedules;
•evolving regulations of cloud computing and cross-border data transfer restrictions and similar regulations;
•regulatory compliance and acquisition costs; and
•the impact of new accounting pronouncements and associated system implementations.
Many of these factors are outside of our control, and the occurrence of one or more of them might cause our operating results to vary widely. If we fail to meet or exceed operating results expectations or if securities analysts and investors have estimates and forecasts of our future performance that are unrealistic or that we do not meet, the market price of our common stock could decline. In addition, if one or more of the securities analysts who cover us adversely change their recommendations regarding our stock, the market price of our common stock could decline.
The market price of our common stock is likely to be volatile and could subject us to litigation.
The trading prices of the securities of technology companies have historically been highly volatile. Accordingly, the market price of our common stock has been and is likely to continue to be subject to wide fluctuations. Factors affecting the market price of our common stock include:
•variations in our operating results, earnings per share, cash flows from operating activities, unearned revenue, remaining performance obligation, year-over-year growth rates for individual service offerings and other financial and non-financial metrics, and how those results compare to analyst expectations;
•variations in, and limitations of, the various financial and other metrics and modeling used by analysts in their research and reports about our business;
•forward-looking guidance to industry and financial analysts related to, for example, future revenue, current remaining performance obligation, cash flows from operating activities and earnings per share, the accuracy of which may be impacted by various factors, many of which are beyond our control, including general economic and market conditions and unanticipated delays in the integration of acquired companies as a result of regulatory review;
•our ability to meet or exceed forward-looking guidance we have given or to meet or exceed the expectations of investors, analysts or others; our ability to give forward-looking guidance consistent with past practices; and changes to or withdrawal of previous guidance or long-range targets;
•changes in the estimates of our operating results or changes in recommendations by securities analysts that elect to follow our common stock;
•announcements of technological innovations, new services or service enhancements, strategic alliances or significant agreements by us or by our competitors;
•announcements by us or by our competitors of mergers or other strategic acquisitions, or rumors of such transactions involving us or our competitors;
•announcements of customer additions and customer cancellations or delays in customer purchases;
•the coverage of our common stock by the financial media, including television, radio and press reports and blogs;
•recruitment or departure of key personnel, such as the recent departure of our former co-CEO;
•disruptions in our service due to computer hardware, software, network or data center problems;
•the economy as a whole, geopolitical conditions, including global trade and health concerns, market conditions in our industry and the industries of our customers, and financial institution instability;
•trading activity or positions by a limited number of stockholders who together beneficially own a significant portion of our outstanding common stock, as well as other institutional or activist investors;
•the issuance of shares of common stock by us, whether in connection with an acquisition or a capital-raising transaction;
•our ability to execute on our Share Repurchase Program as planned, including whether we meet internal or external expectations around the timing or price of share repurchases, and any reductions or discontinuances of repurchases thereunder;
•issuance of debt or other convertible securities;
•the inability to conclude that our internal controls over financial reporting are effective;
•changes to our credit ratings; and
•ESG and other issues impacting our reputation.
In addition, if the market for technology stocks or the greater securities market in general experience uneven investor confidence, the market price of our common stock has and could in the future decline for reasons unrelated to our business,
operating results or financial condition. The market price of our common stock has and might in the future also decline in reaction to events that affect other companies within, or outside, our industry even if these events do not directly affect us. Some companies that have experienced volatility in the trading price of their stock have been the subject of securities class action litigation, such as the securities litigation against Slack that was brought before our acquisition. Such litigation, whether against Salesforce or an acquired subsidiary, could result in substantial costs and a diversion of management’s attention and resources and liability resulting from or the settlement of such litigation could result in material adverse impacts to our operating cash flows or results of operations for a given period.
Provisions in our amended and restated certificate of incorporation and bylaws and Delaware law might discourage, delay or prevent a change of control of the Company or changes in our management and, therefore, depress the market price of our common stock.
Our amended and restated certificate of incorporation and bylaws contain provisions that could depress the market price of our common stock by acting to discourage, delay or prevent a change in control of the Company or changes in our management that the stockholders of the Company may deem advantageous. These provisions among other things:
•permit the board of directors to establish the number of directors;
•authorize the issuance of “blank check” preferred stock that our board could use to implement a stockholder rights plan (also known as a “poison pill”);
•prohibit stockholder action by written consent, which requires all stockholder actions to be taken at a meeting of our stockholders;
•provide that the board of directors is expressly authorized to make, alter or repeal our bylaws; and
•establish advance notice requirements for nominations for election to our board or for proposing matters that can be acted upon by stockholders at annual stockholder meetings.
In addition, Section 203 of the Delaware General Corporation Law may discourage, delay or prevent a change in control of our company. Section 203 imposes certain restrictions on merger, business combinations and other transactions between us and holders of 15 percent or more of our common stock.
General Risks
The effects of the COVID-19 pandemic and related public health measures have materially affected how we and our customers are operating our businesses, and have in the past materially affected our operating results and cash flows; the duration and extent to which this will impact our future results of operations and cash flows remain uncertain.
The COVID-19 pandemic and related public health measures have materially affected how we and our customers are operating our businesses, and have in the past materially affected our operating results and cash flows; the duration and extent to which this will impact our future results remain uncertain. We have in the past and may in the future deem it advisable to alter, postpone or cancel entirely additional customer, employee and industry events.
Changes in our work environment and workforce in the wake of the COVID-19 pandemic have and could in the future adversely affect our operations. In particular, although most of our offices have reopened, we have offered a significant percentage of our employees the flexibility in the amount of time they work in an office. This presents risks for our real estate portfolio and strategy and presents operational and workplace culture challenges that may adversely affect our business. Even as the pandemic moves into endemic stages, our employees may be exposed to health risks and government directives may require us to again close certain of our offices that have since been reopened.
Our operations were negatively affected by a range of external factors related to the COVID-19 pandemic that are not within our control, and COVID-19 remains a public health emergency in certain parts of the world, which could impact the operations of our business infrastructure and service providers in such parts of the world and delay our security measures, business processes, product development and foreign investments. As we continue to monitor the situation and public health guidance throughout the world, we may adjust our current policies and practices, and existing and new precautionary measures could negatively affect our operations.
The duration and extent of the long-term impact of the COVID-19 pandemic and related economic conditions on our financial condition or results of operations remains uncertain. Due to our subscription-based business model, these effects may not be fully reflected in our results of operations until future periods. If there is a substantial impact on our customers’ business or the productivity of our employees or partners, our results of operations and overall financial performance may be harmed. The global macroeconomic effects of the COVID-19 pandemic and related impacts on our customers’ business operations and their demand for our products and services may persist for an indefinite period, even after the COVID-19 pandemic has subsided. In addition, the effects of the COVID-19 pandemic may heighten other risks described in this “Risk Factors” section.
Volatile and significantly weakened global economic conditions have in the past and may in the future adversely affect our industry, business and results of operations.
Our overall performance depends in part on worldwide economic and geopolitical conditions. The United States and other key international economies have experienced significant economic and market downturns in the past, and are likely to experience additional cyclical downturns from time to time in which economic activity is impacted by falling demand for a variety of goods and services, restricted credit, poor liquidity, reduced corporate profitability, volatility in credit, equity and foreign exchange markets, inflation, bankruptcies and overall uncertainty with respect to the economy. These economic conditions can arise suddenly, as did the conditions associated with the COVID-19 pandemic, and the full impact of such conditions can be difficult to predict. In addition, geopolitical and domestic political developments, such as existing and potential trade wars and other events beyond our control, such as conflict in Europe, have increased levels of political and economic unpredictability globally and increase the volatility of global financial markets. Moreover, these conditions have affected and may continue to affect the rate of IT spending; could adversely affect our customers’ ability or willingness to attend our events or to purchase our enterprise cloud computing services; have delayed and may delay customer purchasing decisions; have reduced and may in the future reduce the value and duration of customer subscription contracts; and we expect these conditions will adversely affect our customer attrition rates. All of these risks and conditions could materially adversely affect our future sales and operating results.
Natural disasters and other events beyond our control have in the past and may in the future materially adversely affect us.
Natural disasters or other catastrophic events have in the past and may in the future cause damage or disruption to our operations, international commerce and the global economy, and thus could have a strong negative effect on us. Our business operations, the business operations of third-party providers or suppliers that we rely on to conduct our business and the business operations of our customers are subject to interruption by natural disasters, fire, power shutoffs or shortages, actual or threatened public health emergencies and other events beyond our control. Although we maintain crisis management and disaster response plans, such events could make it difficult or impossible for us to deliver our services to our customers, and could decrease demand for our services. Our corporate headquarters, and a significant portion of our personnel, research and development activities, IT systems and other critical business operations, are located near major seismic faults in the San Francisco Bay Area. Because we do not carry earthquake insurance for direct earthquake-related losses and significant recovery time could be required to resume operations, our financial condition and operating results could be materially and adversely affected in the event of a major earthquake or catastrophic event, and the adverse effects of any such catastrophic event would be exacerbated if experienced at the same time as another unexpected and adverse event. For example, wildfires have resulted in power shut-offs in the San Francisco Bay Area and are likely to occur in the future, and this could adversely affect the work-from-home operations of our employees in the San Francisco Bay Area.
Climate change may have an impact on our business.
While we seek to mitigate our business risks associated with climate change by establishing robust environmental programs and partnering with organizations who are also focused on mitigating their own climate-related risks, we recognize that there are inherent climate-related risks wherever business is conducted. Any of our primary locations may be vulnerable to the adverse effects of climate change. For example, our offices globally have historically experienced, and are projected to continue to experience, climate-related events at an increasing frequency, including drought, water scarcity, heat waves, cold waves, flooding, wildfires and resultant air quality impacts and power shutoffs associated with wildfire prevention. Furthermore, it is more difficult to mitigate the impact of these events on our employees to the extent they work from home. Changing market dynamics, global policy developments and the increasing frequency and impact of extreme weather events on critical infrastructure in the United States and elsewhere have the potential to disrupt our business, the business of third-party providers or suppliers that we rely on to conduct our business and the business of our customers, and may cause us to experience higher attrition, losses and additional costs to maintain or resume operations. Additionally, failure to uphold, meet or make timely forward progress against our public commitments and goals related to climate action could adversely affect our reputation with investors, suppliers and customers, our financial performance or our ability to recruit and retain talent.