EXPEDITORS INTERNATIONAL OF WASHINGTON INC · FY 2022 

Risk Factors

A multinational logistics provider has disclosed a material weakness in its internal controls related to ineffective information technology general controls, rendering financial reporting mechanisms unreliable as of late 2022. This critical internal finding comes amid an elevated external threat profile, including reliance on sophisticated IT systems that were recently subjected to a targeted cyber-attack leading to global system shutdowns and lost revenue. These developments underscore the heightened operational risks faced by companies navigating complex global regulatory demands alongside systemic technological vulnerabilities.

EXPD L1 Synthesis
  SYMBOLOGY.ONLINE · text diffs 

What changed in the Risk Factors.

escalated
The disclosure was significantly expanded to include specific operational risks stemming from the pandemic, detailing supply chain disruptions that resulted in historically high employee levels and subsequent financial pressures related to workforce reduction. Furthermore, the risk associated with remote work was made more concrete by linking it to post-pandemic return policies, predicting higher turnover and the potential need for additional significant expenses to hire third parties.
§1A.5 Open
de-emphasised
The current filing removes the concluding paragraph present in the prior period, which specifically outlined potential negative outcomes of regulatory failure, including increased operating costs, reputational damage, difficulty retaining personnel, operational restrictions, and fines.
§1A.14 Open
reworded
A new introductory paragraph was added to detail compliance risks, specifying that failure to adhere to regulations may result in increased operating costs, difficulty attracting and retaining key personnel, restrictions on operations, or fines and penalties. Additionally, the tax risk disclosure now includes a statement clarifying that the company cannot currently provide an estimate of the range of possible outcomes related to potential audit findings.
§1A.15 Open
reworded
The only substantive change is a minor wording adjustment in the labor costs bullet point, where "the potential impacts of inflation" was changed to simply "the impacts of inflation."
§1A.3 Open
reworded
The disclosure was updated to include "heightened cybersecurity and data privacy obligations" among the contractual terms that customers regularly solicit from competitors, replacing the previous list which did not mention these requirements.
§1A.4 Open
reworded
Future unfavorable economic conditions were expanded to specifically include rising interest rates, and the potential negative impacts of these conditions were broadened from only lower freight volumes to also encompass reduced sell rates and higher operating expenses.
§1A.2 Open
  SYMBOLOGY.ONLINE l1 SYNTHESIS 

Expeditors International Of Washington Inc Risk Factors Synthesis

Risk Factor Assessment Report: Expeditors International of Washington Inc. (2022 10-K)

Key Risk Categories

The risks facing Expeditors are highly diversified, spanning macro-economic forces, operational execution, regulatory compliance, and technological resilience. The primary categories identified in the filing include:

  • Macro/External Risks: Global economic uncertainty (recession, inflation), international trade disruptions, geopolitical conflicts, and climate change impacts.
  • Operational & Supply Chain Risks: Reliance on third-party carriers (air, ocean, ground), capacity shortages, difficulty forecasting demand, and catastrophic events (earthquakes).
  • Personnel & Technology Risks: Difficulty in retaining key employees post-pandemic, reliance on sophisticated IT systems, and vulnerability to cyber-attacks.
  • Regulatory & Compliance Risks: Complex global regulatory environment (trade compliance, anti-corruption), tax complexity across multiple jurisdictions, and litigation exposure.

Most Significant Risks

The most critical risks identified are those that pose immediate threats to financial stability or core operational continuity:

1. Cyber Security and IT System Failure
  • Evidence: The company explicitly notes reliance on sophisticated technology and the risk of significant disruptions from cyber-attacks, network failures, or power outages. A specific incident is cited: "In February 2022, we were the subject of a targeted cyber-attack," which required shutting down most operating systems globally, resulting in lost revenue and remediation costs.
  • Impact: Potential loss of revenue, business disruption (inability to process shipments), significant remediation costs, and reputational damage.
2. Global Economic Downturn and Inflation
  • Evidence: Future unfavorable economic conditions, rising interest rates, and high inflation could lead to "lower freight volumes, reduced sell rates, higher operating expenses," negatively affecting revenues and cash flows. Furthermore, deteriorating customer ability to pay increases the risk of credit losses.
  • Impact: Reduced margins, lower revenue streams, and increased financial exposure from customers.
3. Regulatory Non-Compliance (Global Operations)
  • Evidence: As a multinational corporation operating outside the U.S., Expeditors faces risks related to anti-corruption laws (U.S. Foreign Corrupt Practices Act and UK Bribery Act). Failure to comply could result in "substantial penalties and additional expenses, damage to our reputation and restrictions on our ability to conduct business."
  • Impact: Severe financial penalties, operational limitations, and reputational harm globally.

Risk Trend Analysis (Changes from Previous Years)

While the filing is for a single period (2022), it highlights significant shifts in risk profile stemming from the pandemic era:

1. Shift from Pandemic Disruption to Labor Retention Challenges
  • Trend: The initial COVID-19 risks focused on lockdowns, capacity shortages, and supply chain disruption. Post-pandemic, the focus has shifted to human capital management.
  • Evidence: Following the return-to-office mandate, the company notes a risk of "higher degree of turnover of key employees and lower employee satisfaction" among those preferring remote work, which could inhibit future hiring efforts.
2. Increased Focus on Cyber Risk Post-Pandemic
  • Trend: The pandemic highlighted systemic vulnerabilities in global operations. This has led to an elevated focus on technology risk.
  • Evidence: The filing details the targeted cyber-attack in February 2022, demonstrating that cybersecurity is no longer a theoretical risk but an active operational threat requiring immediate mitigation efforts.
3. Material Weakness in Internal Controls (New/Critical Finding)
  • Trend: This represents a critical internal control failure identified during the reporting period.
  • Evidence: Management disclosed identifying a "material weakness in our internal control related to an ineffective information technology general control" during Q4 2022, which rendered internal controls over financial reporting ineffective as of December 31, 2022.

Risk Mitigation Strategies

Expeditors employs several strategies to manage identified risks:

  • Technology and Systems: The company is "continually enhancing our systems," including significant upgrades to core operating and accounting systems. They are implementing specific enhancements to strengthen IT program change management processes following the material weakness discovery, expecting completion prior to the end of 2023.
  • Personnel Management: Mitigation includes focusing on effective succession planning and maintaining compensation programs designed to differentiate performance and attract/retain key personnel.
  • Operational Flexibility: The non-asset-based model provides flexibility, allowing the company "an ability to change locations, modes, and carriers based on evolving operating conditions" in response to climate or regulatory shifts.
  • Compliance: For global operations, compliance is managed through reliance on internal policies and procedures, though this relies heavily on the actions of service providers and agents.

Overall Risk Assessment

Weaknesses (Areas of High Vulnerability)

The company exhibits significant weaknesses in its control environment and external dependency management:

  • Control Deficiencies: The identification of a material weakness in IT general controls is a severe internal vulnerability that directly impacts the reliability of financial reporting and investor confidence.
  • External Dependency Risk: Expeditors' non-asset model makes it highly susceptible to volatility and instability among its service providers (air, ocean carriers), which can lead to reduced capacity or pricing volatility outside of the company’s control.
  • Uninsured Exposure: The reliance on insurance is limited; losses from major events like floods, earthquakes, cyber-attacks, and pandemics are generally not fully insured, exposing the company to "significant uninsured losses."
Strengths (Areas of Resilience)

The company demonstrates resilience through its operational structure and proactive risk management:

  • Operational Agility: The non-asset-based model grants flexibility in adapting logistics solutions based on evolving market conditions.
  • Proactive Remediation: Following the discovery of the material weakness, management has taken immediate steps, including a lookback review and implementing specific enhancements to IT change management processes.
  • Market Position: While competitive, the company maintains its ability to grow organically by adapting to constantly evolving supply chain requirements.