Item 1A. Risk Factors
We operate in rapidly changing economic and technological environments that present numerous risks, many of which are driven by factors that we cannot control or predict. The following discussion, as well as our discussion in Item 7 Management's Discussion and Analysis of Financial Condition and Results of Operations, highlights some of these risks. The risks described below are not exhaustive and you should carefully consider these risks and uncertainties before investing in our securities.
Business and Operational Risks
We may be unsuccessful in developing and selling new products and services, integrating acquired products and services and enhancing our existing products and services. Rapid technological advances, intense competition, changing delivery models and evolving standards in computer hardware and software development and communications infrastructure, changing and increasingly sophisticated customer needs and frequent new product introductions and enhancements characterize the industries in which we compete. If we are unable to develop new or sufficiently differentiated products and services, enhance and improve our product offerings and support services in a timely manner or position and price our products and services to meet demand, customers may not purchase or subscribe to our license, hardware or cloud offerings or renew license support, hardware support or cloud subscriptions contracts. Renewals of these contracts are important to our future success. In addition, we cannot provide any assurance that the standards on which we choose to develop new products will allow us to compete effectively for business opportunities in emerging areas.
We have continued to refresh and release new offerings of our cloud products and services. Machine learning and AI are increasingly driving innovations in technology, but if they fail to operate as anticipated or our other products do not perform as promised, our business and reputation may be harmed.
In addition, our business may be adversely affected if:
•we do not continue to develop and release new or enhanced products and services within the anticipated time frames;
•infrastructure costs to deliver new or enhanced products and services take longer or result in greater costs than anticipated;
•we are unable to increase our existing data center capacity or establish data centers in new geographic locations in a timely manner to meet current or expected customer demand;
•we fail to meet our contractual service level commitments;
•there is a delay in market acceptance of and difficulty in transitioning new and existing customers to new, enhanced or acquired product lines or services;
•sanctions, export controls or other regulatory, legislative or other barriers prevent us from serving certain customers or restrict our customers from operating in specific jurisdictions;
•there are changes in IT trends that we do not adequately anticipate or timely address with our product development efforts;
•we do not optimize complementary product lines and services in a timely manner; or
Index to Financial Statements
•we fail to adequately integrate, support or enhance acquired product lines or services.
In addition, our profitability and revenues could be adversely impacted if we lost one or more of our key customers for any reason, including as a result of any of the factors discussed above. Any such loss could also limit or reduce our growth in future periods.
If we do not successfully execute our Oracle Cloud strategy, including our offerings of Oracle Cloud Services, our revenues and profitability may decline. We provide our cloud and other offerings to customers worldwide via a variety of deployment models, including via our cloud-based SaaS and OCI offerings. As these business models continue to evolve, we may not be able to compete effectively, generate significant revenues or maintain the profitability of our cloud offerings. Additionally, the increasing prevalence of cloud and SaaS delivery models offered by us and our competitors may unfavorably impact the pricing of our cloud and license offerings. If we do not successfully execute our cloud computing strategy or anticipate the cloud computing needs of our customers, our reputation as a cloud services provider could be harmed and our revenues and profitability could decline.
As customer demand for our cloud offerings increases, we experience volatility in our reported revenues and operating results due to the differences in timing of revenue recognition between our cloud license and on-premise license, and hardware product arrangements relative to our cloud offering arrangements. Customers predominantly purchase our cloud offerings on a subscription basis and revenues from these offerings are generally recognized ratably or as services are consumed over the terms of the subscriptions. Consequently, any deterioration in sales activity associated with our cloud offerings may not be immediately observable in our consolidated statement of operations. This is in contrast to revenues associated with our license and hardware product arrangements, which are generally recognized in full at the time of delivery of the related licenses and hardware products. In addition, we may not be able to accurately anticipate customer transitions from or be able to sufficiently backfill reduced customer demand for our license, hardware and support offerings relative to the expected increase in customer adoption of and demand for our Oracle Cloud Services, which could adversely affect our revenues and profitability.
As a part of our Oracle Cloud strategy, we plan our investment levels based on estimates of future revenues and future anticipated rates of growth. In recent periods, our cloud services and license support expenses have grown to meet current and expected demand for our cloud offerings, including investments to increase our existing data center capacity and to establish data centers in new geographic locations. In connection with these investments, we entered, and expect to continue to enter, into long-term operating lease commitments with third party data center providers that generally require us to pay significant contract termination fees to early exit such obligations should our strategies change, which could adversely impact our profitability and cash flows. In addition, we outfit these data centers with equipment and improvements that we typically depreciate over their estimated useful lives, which could be shortened should our cloud strategies change, which could adversely affect our profitability.
Our products and services may not function properly if we experience significant coding, manufacturing or configuration errors in our cloud, license and hardware offerings. Despite testing prior to the release and throughout the lifecycle of a product or service, our cloud, license and hardware offerings sometimes contain coding, manufacturing or configuration errors that can impact their function, performance and security, and result in other negative consequences. The detection and correction of any errors in released cloud, license or hardware offerings can be time consuming and costly. Errors in our cloud, license or hardware offerings could affect their ability to properly function, integrate or operate with other cloud, license or hardware offerings, could result in service interruptions, delays or outages of our cloud offerings, could create security vulnerabilities in our products or services, could delay the development or release of new products or services or new versions of products or services, and could adversely affect market acceptance of our products or services. This includes third-party software products or services incorporated into our own. If we experience any of these errors, or if there are delays in releasing our cloud, license or hardware offerings or new versions of these offerings, our sales could be affected and revenues could decline. In addition, we run Oracle's business operations as well as cloud and other services that we offer to our customers on our products and networks. Therefore, any flaws could affect our and our customers' abilities to conduct business operations and to ensure accuracy in financial processes and reporting, and may result in unanticipated costs and interruptions. Enterprise customers rely on our cloud, license and hardware offerings and related services to run their businesses, and errors in our cloud, license and hardware offerings and related services
Index to Financial Statements
could expose us to product liability, performance and warranty claims as well as significant harm to our brand and reputation, which could impact our future sales.
If we are unable to compete effectively, the results of operations and prospects for our business could be harmed. We face intense competition in all aspects of our business. The nature of the IT industry creates a competitive landscape that is constantly evolving as firms emerge, expand or are acquired, as technology evolves and as delivery models change. Our enterprise cloud, license and hardware offerings compete directly with certain offerings from some of the largest and most competitive companies in the world. In addition, due to the low barriers to entry in many of our market segments, new technologies and new and growing competitors frequently emerge to challenge our offerings. We believe many vendors spend amounts in excess of what Oracle spends to develop and market applications and infrastructure technologies including databases, middleware products, application development tools, business applications, collaboration products and business intelligence, compute, storage and networking products, among others, which compete with Oracle applications and infrastructure offerings.
In addition, use of our competitors' technologies can influence a customer's purchasing decision or create an environment that makes it less efficient to utilize or migrate to Oracle products and services. For example, we offer our customers multicloud services whereby our customers can combine cloud services from multiple clouds with the goal of optimizing cost, functionality and performance. OCI's multicloud services work with a number of our competitors' products, including Microsoft Azure, Amazon Web Services and Google Cloud Platform. This multicloud strategy could lead our customers to migrate away from our cloud offerings to our competitors' products, which could adversely affect our revenues and profitability.
Our competitors may also adopt business practices that provide customers access to competing products and services on terms that we may not generally find acceptable, which may convince customers to purchase competitor products and services. We could lose customers if our competitors introduce new competitive products, add new functionality, acquire competitive products, reduce prices, better execute on their sales and marketing strategies, offer more flexible business practices, provide debt or equity financing to customers or form strategic alliances with other companies. Mergers, consolidations or alliances among our competitors, or acquisitions of our competitors by large companies may result in increased competition.
If our competitors offer deep discounts on certain products or services or develop products that the marketplace considers more valuable, we may need to lower prices, introduce pricing models and offerings or offer other terms that are less favorable to us, in order to compete successfully. Any such changes may reduce revenues and margins and could adversely affect operating results. Additionally, the increasing prevalence of cloud delivery models offered by us and our competitors may unfavorably impact the pricing of our other cloud and license, hardware and services offerings, and we may also incur increased cloud delivery expenses as we expand our cloud operations and update our infrastructure, all of which could reduce our revenues and profitability. Our license support fees and hardware support fees are generally priced as a percentage of our net license fees and net new hardware products fees, respectively. Our competitors may offer lower pricing on their support offerings, which could put pressure on us to further discount our offerings.
Changes to our prices and pricing policies could cause our revenues to decline or be delayed as our sales force implements and our customers adjust to the new pricing policies. Some of our competitors may bundle products for promotional purposes or as a long-term pricing strategy, commit to large customer deployments at prices that are unprofitable, or provide guarantees of prices and product implementations. These practices could, over time, significantly constrain the prices that we can charge for certain of our products. If we do not adapt our pricing models to reflect changes in customer use of our products or changes in customer demand, our revenues could decrease. The increase in open source software distribution may also cause us to change our pricing models.
Any failure to offer high-quality technical support services may adversely affect our relationships with our customers and our financial results. Our customers depend on our support organization to resolve technical issues relating to our applications and infrastructure offerings. We may be unable to respond quickly enough to accommodate short-term increases in customer demand for support services or may be inefficient in our resolution of customer support issues. Increased customer demand for these services, without corresponding revenues, could increase costs and adversely affect our operating results. Any failure to maintain high-quality technical support, or a market perception that we do not maintain high-quality technical support, could adversely affect our reputation,
19
our ability to sell and renew our applications and infrastructure offerings to existing and prospective customers, and our business, operating results, and financial position.
Our cloud offerings and hardware offerings are complex, and if we cannot successfully manage this complexity, including the sourcing of technologies and components, the results of these businesses will suffer. We depend on suppliers to develop, manufacture and deliver on a timely basis the necessary technologies and components for our hardware products that we market and sell to our customers and that we use as a part of our cloud infrastructure to deliver our cloud offerings, and there are some technologies and components that can only be purchased from a single vendor due to price, quality, technology, availability or other business constraints. Our supply chain operations could be disrupted by industry consolidation and component constraints or shortages, natural disasters, political unrest, public health crises, changes to trade laws or regulations, port stoppages or other transportation disruptions or slowdowns, or other factors affecting the countries or regions where these single source component vendors are located or where the products are being shipped (such as the tensions between China and Taiwan). If one or more of the risks described above occurs, our cloud and license business and hardware business and related operating results could be materially and adversely affected.
Supply chain shortages have in some instances resulted in increases to the costs of production of our hardware products that we may not be able to pass on to our customers. In addition, we have in some instances responded to such shortages by committing to higher purchases and balances of hardware products that we market and sell to our customers and that we use as a part of our cloud infrastructure to deliver our cloud offerings, relative to our historical positions. While this permits us to secure manufacturing capacity, it has increased excess and obsolescence risk of such hardware products and could adversely impact our profitability and cash flows. We expect these factors will continue to impact us in the future.
We outsource a majority of our manufacturing, assembly, delivery and technology of, and certain component designs for, our hardware products to a variety of companies, many of which are located outside the U.S. From time to time, these partners experience production problems, delays or cannot meet our demand for products. Ongoing or future delays in manufacturing could cause the loss of additional sales, delayed revenue recognition or an increase in our hardware products expenses, all of which could adversely affect the margins of our cloud and license business and hardware business. These challenges could arise if we alter our manufacturing strategies, suppliers, or locations.
Our periodic workforce restructurings and reorganizations can be disruptive. We are currently restructuring our workforce and in the past we have restructured or made other adjustments to our workforce in response to management changes, product changes, performance issues, changes in strategies, acquisitions and other internal and external considerations. These types of restructurings have resulted, and may in the future result, in increased restructuring costs and temporary reduced productivity while the employees adjusted to their new roles and responsibilities. These types of restructurings may also lead to a shortage of sufficiently skilled employees in certain roles. In addition, we may not achieve or sustain the expected growth, resource redeployment or cost savings benefits of these restructurings, or may not do so within the expected timeframe. These effects could recur in connection with future acquisitions and other restructurings, and our revenues and other results of operations could be negatively affected.
We may lose key employees or may be unable to hire enough qualified employees. We rely on hiring qualified employees and the continued service of our senior management, including our Chairman of the Board of Directors, Chief Technology Officer and founder; our Chief Executive Officer; other members of our executive team; and other key employees. In the technology industry, there is substantial and continuous competition for highly skilled business, product development, technical and other personnel. Hiring freezes or slowdowns may result in decreased productivity while existing employees take on additional roles and responsibilities, and may also lead to a shortage of sufficiently skilled employees in certain roles.
We recently updated our on-site attendance expectations, which may vary by line of business and location. A transition away from our hybrid work model to on-site work requirements could result in employee dissatisfaction and attrition, and could also lead to increased employee burnout or negatively impact employee productivity. Many of our employees will continue to work from home some or all of the time. While we believe this has helped us engage with a wider pool of talent and may help to retain employees who want or need more flexibility, it may fail
20
to yield these desired benefits and it may present cybersecurity risks and additional risks for our real estate portfolio and strategy. Despite our efforts to reopen our offices in a safe manner, our employees who have opted to return to the office may nevertheless be exposed to health risks, which may expose us to potential liability.
We may also experience increased compensation costs that are not offset by either improved productivity or higher sales. We may not be successful in recruiting new personnel and in retaining and motivating existing personnel. With rare exceptions, we do not have long-term employment or non-competition agreements with our employees. Members of our senior management team have left Oracle over the years for a variety of reasons, and any future departures may be disruptive to our operations.
We continually focus on improving our cost structure by hiring personnel in countries where advanced technical expertise and other expertise are available at lower costs. When we make adjustments to our workforce, we may incur expenses associated with workforce reductions that delay the benefit of a more efficient workforce structure. We are experiencing increased competition for employees in these countries as the trend toward globalization continues, which has affected our employee retention efforts and increased our expenses in an effort to offer a competitive compensation program. In addition, changes to immigration and labor law policies may adversely impact our access to technical and professional talent.
Our general compensation program includes restricted stock units and performance-based equity, which are important tools in attracting and retaining employees in our industry. If our stock price performs poorly, it may adversely affect our ability to retain or attract employees. We continually evaluate our compensation practices and consider changes from time to time, such as reducing the number of employees granted equity awards or the number of equity awards granted per employee and granting alternative forms of stock-based compensation, which may have an impact on our ability to retain employees and the amount of stock-based compensation expense that we record. Any changes in our compensation practices or those of our competitors could affect our ability to retain and motivate existing personnel and recruit new personnel.
There are risks associated with our cloud and license and hardware indirect sales channels which could affect our future operating results. Our cloud and license, and hardware indirect channel networks are comprised primarily of resellers, system integrators/implementers, consultants, education providers, internet service providers, network integrators and independent software vendors. Our relationships with these channel participants are important elements of our cloud, software and hardware marketing and sales efforts. Our financial results could be adversely affected if:
•our contracts with channel participants were terminated or our relationships with channel participants were to deteriorate;
•any of our competitors enter into strategic relationships with or acquire a significant channel participant;
•the financial condition or operations of our channel participants were to weaken; or
•the level of demand for our channel participants' products and services were to decrease.
There can be no assurance that we will be successful in maintaining, expanding or developing our relationships with channel participants. If we are not successful, we may lose sales opportunities, customers and revenues.
Acquisitions present many risks and we may not achieve the financial and strategic goals that were contemplated at the time of a transaction. We review and consider strategic acquisitions of companies, products, services and technologies. We have a selective and active acquisition program and we expect to continue to make acquisitions in the future because acquisitions have been an important element of our overall corporate strategy. Risks we may face in connection with our acquisition program include:
•our ongoing business may be disrupted and our management's attention may be diverted by acquisition, transition or integration activities;
•we may have difficulties (1) managing an acquired company's technologies or lines of business; (2) entering new markets where we have no, or limited, direct prior experience or where competitors may have stronger market positions; or (3) retaining key personnel from the acquired companies;
•an acquisition may not further our business strategy as we expected, we may not integrate an acquired company or technology as successfully as we expected, we may impose our business practices or alter
21
go-to-market strategies that adversely impact the acquired business or we may overpay for, or otherwise not realize the expected return on our investments, each or all of which could adversely affect our business or operating results and potentially cause impairment to assets that we recorded as a part of an acquisition, including intangible assets and goodwill;
•our operating results or financial condition may be adversely impacted by (1) claims or liabilities that we assume from an acquired company or technology or that are otherwise related to an acquisition; (2) pre-existing contractual relationships that we assume from an acquired company, the termination or modification of which may be costly or disruptive to our business; and (3) unfavorable revenue recognition or other accounting treatment as a result of an acquired company's business practices;
•we may fail to identify or assess the magnitude of certain liabilities, shortcomings or other circumstances prior to acquiring a company or technology;
•we may not realize any anticipated increase in our revenues from an acquisition for a number of reasons, including (1) if a larger than predicted number of customers decline to renew or terminate their contracts with the acquired company; (2) if we are unable to sell the acquired products or service offerings to our customer base; (3) if acquired customers do not elect to purchase our technologies due to differing business practices; or (4) if contract models utilized by an acquired company do not allow us to recognize revenues in a manner that is consistent with our current accounting practices;
•we may have difficulty integrating acquired technologies, products, services and their related supply chain operations with our existing lines of business and related infrastructures;
•we may have multiple product lines or services offerings as a result of our acquisitions that are offered, priced, delivered and supported differently, which could cause customer confusion and delays;
•we may incur higher than anticipated costs (1) to support, develop and deliver acquired products or services; (2) for general and administrative functions that support new business models; or (3) to comply with regulations applicable to an acquired business that are more complicated than we had anticipated;
•we may be unable to obtain timely approvals from, or may otherwise have certain limitations, restrictions, penalties or other sanctions imposed on us by worker councils or similar bodies under applicable employment laws as a result of an acquisition;
•we may be unable to obtain required approvals from governmental authorities under competition and antitrust laws on a timely basis, if at all, and we may need to divest or dispose of assets or businesses or take other actions in order to obtain such approvals;
•our use of cash to pay for acquisitions may limit other potential uses of our cash;
•we incurred additional debt to finance our acquisition of Cerner in fiscal 2023 and in the future, we may have to incur additional debt to pay for other acquisitions or have to delay or not proceed with an acquisition if we cannot obtain the necessary funding to complete the acquisition in a timely manner or on favorable terms; and
•we may experience additional or unexpected changes in how we are required to account for our acquisitions pursuant to U.S. generally accepted accounting principles, including arrangements that we may assume in an acquisition.
The occurrence of any of these risks could have a material adverse effect on our business, results of operations, financial condition or cash flows, particularly in the case of a larger acquisition or several concurrent acquisitions.
If we or our customers are unable to operate our respective businesses as a result of the COVID-19 pandemic (or any resurgence of the pandemic), our future results of operations could be harmed. The COVID-19 pandemic and efforts to control its spread have affected, and any spread or resurgence of COVID-19 variants may in the future affect, how we and our customers, partners and suppliers operate our businesses. Our operations have been and may in the future be negatively affected by a range of external factors related to the COVID-19 pandemic that are not within our control, including preventative measures and other related governmental measures. If we are not able to respond to and manage future impacts of the COVID-19 pandemic effectively, our business will be harmed. In addition, the long-term impact of the COVID-19 pandemic on the broader global economy and related impacts on our business and our customers' business operations remains uncertain and cannot be predicted. Additional impacts and risks that we are not currently aware of may arise, and the COVID-19 pandemic may also heighten other risks described in this Risk Factors section.
22
Data Privacy, Cybersecurity and Intellectual Property Risks
If our security measures for our products and services are compromised and as a result, our data, our customers' data or our IT systems are accessed improperly, made unavailable, or improperly modified, our products and services may be perceived as vulnerable, our brand and reputation could be damaged, the IT services we provide to our customers could be disrupted, and customers may stop using our products and services, any of which could reduce our revenue and earnings, increase our expenses and expose us to legal claims and regulatory actions. Our products and services, including Oracle Cloud Services, store, retrieve, manipulate and manage third-party data, such as our customers' information and data, as well as our own data. We believe that Oracle in particular is a target for computer hackers and other bad actors because Oracle stores and processes large amounts of data, including in customer sectors involving particularly sensitive data such as health sciences (including patient health information), financial services, retail, hospitality and the government. We and our third-party vendors are regularly subject to attempts by third parties (which may include individuals or groups of hackers and sophisticated organizations, such as state-sponsored organizations, nation-states and individuals sponsored by them) to identify and exploit product and service vulnerabilities, penetrate or bypass our security measures, and gain unauthorized access to our or our customers', partners' and suppliers' software, hardware and cloud offerings, networks and systems. Successful attempts by one of these malicious actors can lead to the compromise of personal information or the confidential information or data of Oracle or our customers. Attempts of this nature typically involve IT-related viruses, worms, and other malicious software programs that attack networks, systems, products and services, exploit potential security vulnerabilities of networks, systems, products and services, create system disruptions and cause shutdowns or denials of service. Third parties may attempt to fraudulently induce customers, partners, employees or suppliers into disclosing sensitive information such as user names, passwords or other information in order to gain access to our data, our customers', suppliers' or partners' data or the IT systems of Oracle, our customers, suppliers or partners. Our products and services, including our Oracle Cloud Services, may also be accessed or modified improperly as a result of customer, partner, employee, contractor or supplier error or malfeasance.
If a cyber-attack or other security incident results in unauthorized access to or modification of our customers' or suppliers' data, other external data, our own data or our IT systems, or if the services we provide to our customers are disrupted, or if our products or services are reported to have (or are perceived as having) security vulnerabilities, we could incur significant expenses and suffer substantial damage to our brand and reputation. If our customers lose confidence in the security and reliability of our products and services, including our cloud offerings, and perceive them to not be secure, they may decide to reduce or terminate their spend with us. In addition, cyber-attacks and other security incidents could lead to considerable investigation and remediation costs, loss or destruction of information, interruption of our operations, inappropriate use of proprietary and sensitive data, lawsuits, indemnity obligations, regulatory investigations and financial penalties, and claims and increased legal liability, including in some cases contractual costs related to customer notification and fraud monitoring. Our remediation efforts may not be successful.
Because the techniques used to obtain unauthorized access to, or sabotage IT systems, change frequently, grow more complex over time, and often are not recognized until launched against a target, we may be unable to anticipate or implement adequate measures to prevent such techniques. Our internal IT systems continue to evolve and we are often early adopters of new technologies. However, our business policies and internal security controls may not keep pace with these changes as new threats emerge. We may not discover any security breach and loss of information for a significant period of time after the security breach.
Our products operate in conjunction with and are dependent on a wide variety of third-party products, components and services. If there is a security vulnerability in one of these components, and if there is a security exploit targeting it, we could face increased costs, liability claims, customer dissatisfaction, reduced revenue, or harm to our reputation or competitive position. We also have an active acquisition program and have acquired a number of companies, products, services and technologies over the years. While we make significant efforts to address any IT security issues with respect to our acquired companies, we may still inherit such risks when we integrate these companies within Oracle.
23
Our business practices with respect to data could give rise to operational interruption, liabilities or reputational harm as a result of governmental regulation, legal requirements or industry standards relating to privacy and data protection. As regulatory focus on privacy issues continues to increase and worldwide laws and regulations concerning the handling of personal information expand and become more complex, potential risks related to data collection and use within our business will intensify. In addition, U.S. and foreign governments have enacted or are considering enacting legislation or regulations, or may in the near future interpret existing legislation or regulations, in a manner that could significantly impact our ability, as well as the ability of our customers, partners and data providers, to collect, augment, analyze, use, transfer (including across national borders) and share personal and other information that is integral to certain services we provide. Our acquisition of Cerner during fiscal 2023 also subjects us to additional data privacy and other related regulations governing the healthcare industry and patient information, including but not limited to regulations governing electronic health data transmissions, the processing of patient information, healthcare fraud and healthcare information sharing.
Following the European Union's (EU) General Data Protection Regulation (GDPR), the rate of global consideration and adoption of privacy laws has increased, giving rise to more global jurisdictions in which regulatory inquiries and audits may be requested of Oracle, and if we are not deemed to be in compliance, could result in enforcement actions and/or fines. This is true in the U.S. where, for example, California, Colorado, Connecticut, Utah and Virginia have enacted privacy laws, the U.S. Congress is considering several privacy and security-related bills at the federal level, the federal government is pursuing a range of cybersecurity initiatives pertaining to critical infrastructure companies and government contractors, and a number of other state legislatures are considering privacy laws. Regulators globally are also imposing greater monetary fines for privacy violations. The GDPR provides for monetary penalties of up to 4% of an organization's worldwide revenue. These penalties can be significant. For example, multiple U.S.-based technology companies have been fined between €225 million and €1.2 billion for alleged GDPR violations. The U.S. Federal Trade Commission continues to fine companies for unfair and deceptive data protection practices, and these fines may increase in size. Taken together, the laws or regulations associated with the enhanced protection of personal and other types of data could greatly increase the size of potential fines related to data protection, and our cost of providing our products and services could result in changes to our business practices or even prevent us from offering certain services in jurisdictions in which we operate. Although we have implemented contracts, diligence programs, policies and procedures designed to ensure compliance with applicable laws and regulations, there can be no assurance that our employees, contractors, partners, suppliers, data providers or agents will not violate such laws and regulations or our contracts, policies and procedures. Additionally, public perception and standards related to the privacy of personal information can shift rapidly, in ways that may affect our reputation or influence regulators to enact regulations and laws that may limit our ability to provide certain products and services.
We make statements about our use and disclosure of personal information through our privacy policy, information provided on our website and press statements. Any failure, or perceived failure, by us to comply with these public statements or with U.S. federal, state, or foreign laws and regulations, including laws and regulations regulating privacy, data security, or consumer protection, public perception, standards, self-regulatory requirements or legal obligations, could result in lost or restricted business, proceedings, actions or fines brought against us or levied by governmental entities or others, or could adversely affect our business and harm our reputation.
Third parties have claimed, and in the future may claim, infringement or misuse of intellectual property rights and/or breach of license agreement provisions. We periodically receive notices from, or have lawsuits filed against us by, third parties claiming infringement or other misuse of their intellectual property rights and/or breach of our agreements with them. These third parties include entities that do not design, manufacture, or distribute products or services or that acquire intellectual property for the sole purpose of monetization through infringement assertions. We expect to continue to receive such claims as:
•we continue to expand into new businesses and acquire companies;
•the number of products and competitors in our industry segments grows;
•the use and support of third-party code (including open source code) becomes more prevalent in the industry;
•the volume of issued patents continues to increase; and
24
•non-practicing entities continue to assert intellectual property infringement in our industry segments.
Responding to any such claim, regardless of its validity, could:
•be time consuming, costly and result in litigation;
•divert management's time and attention from developing our business;
•require us to pay monetary damages or enter into royalty and licensing agreements that we would not normally find acceptable;
•require us to stop selling or to redesign certain of our products;
•require us to release source code to third parties, possibly under open source license terms;
•require us to satisfy indemnification obligations to our customers; or
•otherwise adversely affect our business, results of operations, financial condition or cash flows.
We may not be able to protect our intellectual property rights. We rely on copyright, trademark, patent and trade secret laws, confidentiality procedures, controls and contractual commitments to protect our intellectual property. Despite our efforts, these protections may be limited. Unauthorized third parties may try to copy or reverse engineer our products or otherwise use our intellectual property. Our patents may be invalidated or circumvented. Any of our pending or future patent applications may not be issued with the claim scope we seek, if at all. In addition, the laws of some countries do not provide the same level of intellectual property protection as U.S. laws and courts. If we cannot protect our intellectual property against unauthorized copying or use, or other misappropriation, we may not remain competitive.
We may not receive significant revenues from our current research and development efforts for several years, if at all. Developing our various product offerings is expensive and the investment in the development of these offerings often involves a long return on investment cycle. An important element of our corporate strategy is to continue to dedicate a significant amount of resources to research and development and related product and service opportunities, both through internal investments and the acquisition of intellectual property from acquired companies. Accelerated product and service introductions and short lifecycles require high levels of expenditures for research and development that could adversely affect our operating results if not offset by revenue increases. We believe that we must continue to dedicate a significant amount of resources to our research and development efforts to maintain our competitive position. However, we do not expect to receive significant revenues from these investments for several years, if at all.
Legal and Regulatory Risks
Adverse litigation results could affect our business. We are subject to various legal proceedings. Litigation can be lengthy, expensive and disruptive to our operations, and can divert our management's attention away from running our core business. The results of our litigation also cannot be predicted with certainty. Even a favorable judgment may be subject to appeals leading to protracted litigation, additional costs and the prospect that our desired outcome will be overturned. An adverse decision could result in monetary damages or injunctive relief that could affect our business, operating results or financial condition. Additional information regarding certain of the lawsuits we are involved in is discussed under Note 16 of Notes to Consolidated Financial Statements included elsewhere in this Annual Report.
We may be subjected to increased taxes due to changes in U.S. or international tax laws or from adverse resolutions of tax audits and controversies. As a multinational corporation, we incur income taxes as well as non-income based taxes (such as payroll, sales, use, property and value-added taxes) in both the U.S. and various foreign jurisdictions. Significant uncertainties exist with respect to the application of the various taxes to the businesses in which we engage, often requiring that we make judgments in determining our tax liabilities and worldwide provision for income taxes. We are regularly under audit by tax authorities in the U.S. and internationally, which has led to disagreements regarding our treatment of various items, including our intercompany transfer prices and calculations and the applicability of withholding taxes to our cross-border transactions. Any unfavorable resolution of these tax audits and controversies could cause our tax liabilities to increase and may have a material and adverse impact on our provision for income taxes and effective tax rate. Although we believe that our income and non-income based
25
tax estimates are reasonable, there is no assurance that the final determination of tax audits or disputes will not be different from what is reflected in our historical income tax provisions and tax accruals.
Countries around the world continually consider and make changes to relevant tax, accounting and other laws, treaties, regulations, guidance and interpretations. In the U.S., certain enacted and proposed legislation may substantially raise U.S. income taxes on our domestic and international profits. Such unfavorable tax legislation resulting from the shifting U.S. political landscape and economic environment create the potential for added volatility in our quarterly provision for income taxes and could have a material adverse impact on our future income tax provisions and effective tax rate.
Other countries also continue to consider changes to their tax laws that could negatively affect us by increasing taxes imposed on our international revenue streams, operations and cross-border transactions, including the imposition of taxes targeted at digital technology businesses and changes in withholding tax rules. The Organization for Economic Cooperation and Development (OECD) and the G20 have developed a two-pillar framework that would provide greater taxing rights to market jurisdictions where customers or users are located and implement a 15% global minimum tax on multinational corporate groups. On December 12, 2022, the European Union member states agreed to implement the OECD's global corporate minimum tax rate of 15%. Other countries are also actively considering changes to their tax laws to adopt certain parts of the OECD's two-pillar framework. These changes may materially increase the level of income tax on our international profits.
Our future income tax provisions and effective tax rate could materially increase under the tax changes discussed above or if other changes are made to applicable tax laws and rules in the U.S. or in other countries in which we do business. Our provision for income taxes also could be adversely affected by changes in the mix of income earned or losses incurred in jurisdictions with differing statutory tax rates, fluctuations in our stock price and level of stock-based compensation expense, changes in the valuation of our deferred tax assets or liabilities and by other factors.
Our international sales and operations and global customer base subject us to additional risks that can adversely affect our operating results. We derive a substantial portion of our revenues from, and have significant operations, outside of the U.S., and in both our U.S. and non-U.S. operations we serve customers based in or with ties to numerous jurisdictions around the world. Compliance with international and U.S. laws and regulations that apply to our international operations increases our cost of doing business. These laws and regulations include data privacy requirements, labor relations laws, tax laws, foreign currency-related regulations, competition/antitrust regulations, anti-bribery laws and other laws prohibiting payments to governmental officials such as the U.S. Foreign Corrupt Practices Act (FCPA), market access regulations, tariffs, and import, export and general trade regulations, including but not limited to economic sanctions and embargos. Violations of these laws and regulations could result in monetary fines, civil and/or criminal penalties, enforcement actions against us, our officers or our employees, and prohibitions on the conduct of our business, including disgorgement, the loss of trade privileges, and other remedial measures. Any such violations could result in prohibitions on our ability to offer our products and services in one or more countries or territories or to certain entities, could delay or prevent potential acquisitions and could also materially damage our reputation, our brand, our international expansion efforts, our ability to attract and retain employees, our business and our operating results.
Changes to sanctions or export control regulations in the U.S. and the other jurisdictions where we currently operate or have dealings, or in the future may operate or have dealings, can require suspension or termination of business, including financial transactions, in certain countries, territories or with certain customers and any such action in the future could adversely affect our business, financial condition and results of operations. For example, in March 2022, following Russia's invasion of Ukraine and the imposition of economic sanctions and export controls targeting Russia by the U.S., EU and other countries, we withdrew our operations from the Russian Federation and the Republic of Belarus. We continue to monitor relations between the U.S. and the Russian Federation, the Republic of Belarus and the People's Republic of China, among others. It is difficult to anticipate the effect such relations may have on us. Compliance with any further economic sanctions, export controls or other regulatory restrictions (and any retaliatory responses thereto) taken by the U.S. or other countries could prevent us from serving certain customers or restrict our customers from operating in specific jurisdictions, which could have an adverse effect on our operations and results of operations. Compliance with these laws may increase our expenses as we engage specialized or other additional resources to assist us with our compliance efforts.
26
Our success depends, in part, on our ability to anticipate these risks and manage these difficulties. We monitor our operations and investigate allegations of improprieties relating to transactions and the way in which such transactions are recorded. Where circumstances warrant, we provide information and report our findings to government authorities, and in some circumstances such authorities conduct their own investigations and we respond to their requests or demands for information. No assurance can be given that action will not be taken by such authorities or that our compliance program will prove effective.
We are also subject to a variety of other risks and challenges in managing an organization operating globally, including those related to:
•general economic conditions in each country or region;
•political unrest, terrorism and war, including but not limited to the current Russia-Ukraine war, the economic impact thereof and the potential to subject our business to materially adverse consequences should the situation escalate beyond its current scope, including, among other potential impacts, the geographic proximity of the situation relative to the rest of Europe, where a material portion of our business is carried out;
•the potential for other hostilities, including but not limited to escalating tensions between China and Taiwan;
•public health risks, social risks and supporting infrastructure stability risks, particularly in areas in which we have significant operations;
•fluctuations in currency exchange rates and related impacts on customer demand and our operating results;
•difficulties in accessing or transferring funds from or converting currencies in certain countries that could lead to a devaluation of our net assets, in particular our cash assets, in that country's currency;
•regulatory changes, including government austerity measures in certain countries that we may not be able to sufficiently plan for or avoid that may unexpectedly impair bank deposits or other cash assets that we hold in these countries or that impose additional taxes that we may be required to pay in these countries;
•common local business behaviors or regulatory requirements that conflict with our business ethics, practices and conduct policies;
•longer payment cycles and difficulties in collecting accounts receivable;
•overlapping tax regimes; and
•reduced protection for intellectual property rights in some countries.
The variety of risks and challenges listed above could also disrupt or otherwise negatively impact our supply chain operations and sales of our products and services in affected countries or regions.
As the majority shareholder of Oracle Financial Services Software Limited, a publicly traded company in India, and Oracle Corporation Japan, a publicly traded company in Japan, we face several additional risks, including being subject to local securities regulations and being unable to exert full control that we would otherwise have if these entities were wholly-owned subsidiaries.
Our sales to local, state, federal and foreign government customers expose us to business volatility and risks, including government budgeting cycles and appropriations, procurement regulations, governmental policy shifts, early termination of contracts, audits, investigations, sanctions and penalties. We derive revenues from contracts with the U.S. government, state and local governments, and foreign governments and are subject to procurement laws relating to the award, administration and performance of those contracts.
Governmental entities are variously pursuing policies that affect our ability to sell our products and services. Changes in government procurement policy, priorities, regulations, technology initiatives and/or requirements may negatively impact our potential for growth in the government sector. For example, the U.S. government imposes evolving cybersecurity requirements, including, for example, the FedRAMP authorization process and the Department of Defense (DoD) Cybersecurity Maturity Model Certification. These requirements may impact our lines of business in the U.S. federal government market. Compliance with these cybersecurity requirements is complex and costly, and failure to meet, or delays in meeting, the required security controls could limit our ability to sell
27
products and services, directly or indirectly, to the DoD and other federal and state government entities that implement similar cybersecurity requirements.
We are also subject to early termination of our contracts. Many governmental entities have the right to terminate contracts at any time for a variety of reasons, including without cause. For example, the U.S. federal government may terminate any of our government contracts and subcontracts at its convenience, or for default based on our performance. U.S. federal, state and local government and foreign government contracts are generally subject to government funding authorizations/appropriations. Contracts may also be terminated due to a lack of government funds.
There is increased pressure on governments and their agencies, both domestically and internationally, to reduce spending as governments continue to face significant deficit reduction pressures. This may adversely impact spending on government programs.
Government contracts laws and regulations impose certain risks, and contracts are generally subject to audits and investigations. If violations of law are found, they could result in civil and criminal penalties and administrative sanctions, including termination of contracts, refund of a portion of fees received, forfeiture of profits, suspension of payments, fines and suspensions or debarment from future government business.
Environmental and other related laws and regulations subject us to a number of risks and could result in significant liabilities and costs. Our cloud and hardware operations are subject to state, federal and international laws governing protection of the environment, proper handling and disposal of materials used for these products, human health and safety, the use of certain chemical substances and the labor practices of suppliers, as well as local testing and labeling requirements. Compliance with these ever-changing environmental and other laws in a timely manner could increase our product design, development, procurement, manufacturing, delivery, cloud operations and administration costs, limit our ability to manage excess and obsolete non-compliant inventory, change our sales activities, or otherwise impact future financial results of our cloud and hardware businesses. Any violation of these laws can subject us to significant liability, including fines, penalties and possible prohibition of sales of our products and services into one or more states or countries and result in a material adverse effect on the financial condition or results of operations of our cloud and hardware businesses. Regulatory, market, and competitive pressures regarding the greenhouse gas emissions and energy mix for our data center operations may also grow.
A significant portion of our hardware revenues come from international sales. Environmental legislation, such as the EU Directive on Restriction of Hazardous Substances (RoHS), the EU Waste Electrical and Electronic Equipment Directive (WEEE Directive) and China's regulation on Management Methods for Controlling Pollution Caused by Electronic Information Products, among others, may increase our cost of doing business internationally and impact our hardware revenues from the EU, China and other countries with similar environmental legislation as we endeavor to comply with and implement these requirements.
We have an Environmental Steering Committee (ESC) comprised of senior individuals from a wide range of Oracle business units, including our Chief Sustainability Officer who oversees our overall sustainability strategy, including climate related risk mitigation. The ESC evaluates if climate or environmental risks have the potential for significant chronic or acute impact on our core and/or strategic business functions, including service delivery and support, product development and deployment, supply chain management, facility operations, employee recruitment and retention, or brand reputation. A failure by the ESC to identify and assess these risks could adversely affect our reputation, business, financial performance and growth.
We publish an annual Social Impact Report, which includes disclosure of our Environmental, Social and Governance (ESG) matters and goals. Our disclosures on these matters, and standards we set for ourselves or a failure to meet these standards, may potentially harm our reputation and brand. By electing to set and share publicly these corporate ESG standards, our business may also face increased scrutiny related to ESG activities.
Further, new laws, regulations, policies, and international accords relating to ESG matters, including sustainability, climate change, human capital, and diversity, are being developed and formalized in the U.S., Europe and elsewhere, which may require specific, target-driven frameworks or disclosure requirements. For example, in the U.S., the SEC has proposed rules requiring, among other things, disclosure of public companies' climate-related strategies, costs,
28
impacts and targets. Standards for reporting ESG metrics, including ESG-related disclosures that may be required by the SEC or other regulators, are complex and evolving, and the implementation and oversight of controls to comply with applicable reporting and disclosure standards could impose significant compliance costs. In addition, such disclosure requirements could result in revisions to our previous ESG-related disclosure or challenges in meeting evolving and varied regulatory and other stakeholder expectations and standards, which could expose us to liability or harm our reputation and prospects.
Financial Risks
Our operations can be difficult for us to predict because our quarterly results of operations may fluctuate significantly based on a number of factors. Our revenues, particularly certain of our cloud license and on-premise license revenues and hardware revenues, can be difficult to forecast. A substantial portion of our cloud license, on-premise license and hardware contracts is completed in the latter part of a quarter. Because a significant portion of our cost structure is largely fixed in the short term, sales and revenue shortfalls tend to have a disproportionately negative impact on our profitability. The number of large license transactions and, to a lesser extent, hardware products transactions increases the risk of fluctuations in our quarterly results because a delay in even a small number of these transactions could cause our quarterly sales, revenues and profitability to fall significantly short of our predictions. In addition, sudden shifts in regional or global economic or political activity may cause our sales forecasts to be inaccurate.
In addition, we hold a portfolio of publicly traded and privately held equity investments. Changes in the fair values of these investments are recorded as unrealized gains or losses as a component of consolidated net income in each period. The timing and amount of changes in fair value, if any, of these investments depends on factors beyond our control, including the perceived and actual performance of the companies or funds in which we invest. Changes in the fair values of these investments are also subject to the general conditions of public and private equity markets, which are uncertain and have in the past varied, and may in the future vary, materially by period. Changes in the fair values of these investments have contributed, and may in the future contribute, to volatility in our net income that is not reflective of our core businesses.
Changes in currency exchange rates can adversely affect customer demand and our revenue and profitability. We conduct a significant number of transactions and hold cash in currencies other than the U.S. Dollar. Changes in the values of major foreign currencies, particularly the Australian Dollar, British Pound, Brazilian Real, Canadian Dollar, Euro, Indian Rupee, Japanese Yen and Saudi Riyal, relative to the U.S. Dollar can significantly affect our total assets, revenues, operating results and cash flows, which are reported in U.S. Dollars. Fluctuations in foreign currency rates, including the strengthening of the U.S. Dollar against the Euro and most other major international currencies, adversely affects our revenue growth in terms of the amounts that we report in U.S. Dollars after converting our foreign currency results into U.S. Dollars and in terms of actual demand for our products and services as certain of these products may become relatively more expensive for foreign currency-based enterprises to purchase. In addition, currency variations can adversely affect margins on sales of our products in countries outside of the U.S. Generally, our reported revenues and operating results are adversely affected when the dollar strengthens relative to other currencies and are positively affected when the dollar weakens. In addition, our reported assets generally are adversely affected when the dollar strengthens relative to other currencies as a portion of our consolidated cash and bank deposits, among other assets, are held in foreign currencies and reported in U.S. Dollars.
In addition, we incur foreign currency transaction gains and losses, primarily related to sublicense fees and other intercompany agreements among us and our subsidiaries that we expect to cash settle in the near term, which are charged to earnings in the period incurred. We have a program which primarily utilizes foreign currency forward contracts designed to offset the risks associated with certain foreign currency exposures. We may suspend the program from time to time. As part of this program, we enter into foreign currency forward contracts so that increases or decreases in our foreign currency exposures are offset at least in part by gains or losses on the foreign currency forward contracts in an effort to mitigate the risks and volatility associated with our foreign currency transaction gains or losses. A large portion of our consolidated operations are international, and we expect that we will continue to realize gains or losses with respect to our foreign currency exposures, net of gains or losses from our foreign currency forward contracts, including the cost to obtain such contracts. For example, we will experience
29
foreign currency gains and losses in certain instances if it is not possible or cost-effective to hedge our foreign currency exposures, if our hedging efforts are ineffective, or should we suspend our foreign currency forward contract program. Our ultimate realized loss or gain with respect to currency fluctuations will generally depend on the size and type of cross-currency exposures that we enter into, the currency exchange rates associated with these exposures and changes in those rates, whether we have entered into foreign currency forward contracts to offset these exposures and any related fees paid to purchase such contracts, and other factors. All of these factors could materially impact our results of operations, financial position and cash flows.
We have incurred foreign currency losses associated with the devaluation of currencies in certain highly inflationary economies relative to the U.S. Dollar. We could incur future losses in emerging market countries and other countries where we do business should their currencies become designated as highly inflationary.
There are risks associated with our outstanding and future indebtedness. As of May 31, 2023, we had an aggregate of $90.5 billion of outstanding indebtedness that will mature between calendar year 2023 and calendar year 2061. Our ability to pay interest and repay the principal for our indebtedness is dependent upon our ability to manage our business operations, generate sufficient cash flows to service such debt and the other factors discussed in this Risk Factors section. There can be no assurance that we will be able to manage any of these risks successfully.
We may also need to refinance a portion of our outstanding debt as it matures. There is a risk that we may not be able to refinance existing debt or that the terms of any refinancing may not be as favorable as the terms of our existing debt. Furthermore, if prevailing interest rates or other factors at the time of refinancing result in higher interest rates upon refinancing, then the interest expense relating to that refinanced indebtedness would increase.
Should we incur future increases in interest expense, our ability to utilize certain of our foreign tax credits to reduce our U.S. federal income tax could be limited, which could unfavorably affect our provision for income taxes and effective tax rate. In addition, changes to our outlook or credit rating or a withdrawal by any rating agency could negatively affect the value of both our debt and equity securities and increase the interest amounts we pay on certain outstanding or future debt. These risks could adversely affect our financial condition and results of operations.
Risks Related to Our Common Stock
Our stock price could become more volatile and your investment could lose value. All of the factors discussed within this Risk Factors section could affect our stock price. The timing of announcements in the public market by us or by our competitors regarding new cloud services, products, product enhancements, technological advances, acquisitions or major transactions could also affect our stock price. Changes in the amounts and frequency of stock repurchases or dividends could affect our stock price. Our stock price could also be affected by factors, some of which are beyond our control, including, among others: speculation in the press, social media and the analyst community; changes in recommendations or earnings related estimates by financial analysts; changes in investors' or analysts' valuation measures for our stock; negative analyst surveys or channel check surveys; earnings announcements where our financial results differ from our guidance or investors' expectations; our credit ratings and market trends unrelated to our performance. The stock market in general, and the market for technology companies in particular, has experienced extreme price and volume fluctuations that have often been unrelated or disproportionate to the operating performance of those companies. A significant drop in our stock price could also expose us to the risk of securities class action lawsuits, which could result in substantial costs and divert management's attention and resources, which could adversely affect our business.
We cannot guarantee that our stock repurchase program will be fully implemented or that it will enhance long-term stockholder value. Our repurchase program does not have an expiration date and we are not obligated to repurchase a specified number or dollar value of shares. Further, our stock repurchase program may be accelerated, suspended, delayed or discontinued at any time. However, we do not expect to increase the amount of stock repurchases until our gross debt is reduced below certain thresholds. Even if fully implemented, our stock repurchase program may not enhance long-term stockholder value. In addition, the Inflation Reduction Act, signed into law on August 16, 2022, imposes an excise tax of 1% (potentially increasing to 4% under certain U.S. tax proposals) on certain corporate stock repurchases.
30
General Risks
Economic, political and market conditions can adversely affect our business, results of operations and financial condition, including our revenue growth and profitability, which in turn could adversely affect our stock price. Our business is influenced by a range of factors that are beyond our control and that we have no comparative advantage in forecasting. These include:
•general economic and business conditions;
•overall demand for enterprise cloud, license and hardware products and services;
•governmental budgetary constraints or shifts in government spending priorities; and
•general legal, regulatory and political developments.
Macroeconomic developments such as the global or regional economic effects resulting from increasing inflation rates, limited liquidity, adverse developments affecting financial institutions, the current Russia-Ukraine war and related economic curtailment initiatives, evolving trade policies between the U.S. and international trade partners, or the occurrence of similar events in other countries that lead to uncertainty or instability in economic, political or market conditions could negatively affect our business, operating results, financial condition and outlook, which, in turn, could adversely affect our stock price. Any general weakening of, and related declining corporate confidence in, the global economy or the curtailment of government or corporate spending could cause current or potential customers to reduce or eliminate their IT budgets and spending, which could cause customers to delay, decrease or cancel purchases of our products and services or cause customers not to pay us or to delay paying us for previously purchased products and services. If any parties with whom we conduct business or invest our cash or cash equivalents are unable to meet their obligations to us, our business could be adversely affected. Bank failures or issues in the broader U.S. or global financial systems may have an impact on the broader capital markets and, in turn, our ability to access those markets.
In addition, international, regional or domestic political unrest and the related potential impact on global stability, terrorist attacks and the potential for other hostilities in various parts of the world, public health crises and natural disasters continue to contribute to a climate of economic and political uncertainty that could adversely affect our results of operations and financial condition, including our revenue growth and profitability. These factors generally have the strongest effect on our sales of cloud license and on-premise license, hardware and related services and, to a lesser extent, also may affect our renewal rates for license support and our subscription-based cloud offerings.
Business disruptions could adversely affect our operating results. A significant portion of our critical business operations are concentrated in a few geographic areas, some of which include emerging market international locations that may be less stable relative to running such business operations solely within the U.S. We are a highly automated business and a disruption or failure of our systems, supply chains and processes could cause delays in completing sales, providing services, including some of our cloud offerings, and enabling a seamless customer experience with respect to our customer facing back-office processes. A major natural disaster, political, social or other disruption to infrastructure that supports our operations or other catastrophic event or the effects of climate change (such as increased storm severity, drought and pandemics) that results in the destruction or disruption of any of our critical business operations, supply chains or IT systems could severely affect our ability to conduct normal business operations and, as a result, our future operating results could be materially and adversely affected.