BROADRIDGE FINANCIAL SOLUTIONS, INC.

“We provide technology solutions to financial services firms that are generally subject to extensive regulation globally. As a provider of products and services to financial institutions and issuers of securities, our products and services are provided in a manner designed to assist our clients in complying with the laws and regulations to which they are subject. Changes in laws and regulations could require changes in the services we provide, the manner in which we provide our services, and the fees we charge for our services, or they could result in a reduction or elimination of the demand fo…”

“In addition, new regulations governing our clients could result in significant expenditures that could cause them to reduce their use of our services, seek to renegotiate existing agreements, cease or curtail their operations, or otherwise alter their business relationship with us, all of which could adversely impact our business. Further, an adverse regulatory action that changes a client’s business or adversely affects its financial condition could decrease their ability to purchase, or their demand for our products and services. The loss, or significant reduction, of business from any of ou…”

“Due to the nature of our products and services, we are subject to the risk of information security incidents, including those impacting our clients and third-party vendors. Some of our clients and third-party vendors have experienced cybersecurity incidents. Failure by our clients or third-party vendors to notify us in a timely manner of cybersecurity incidents impacting their operations could result in unauthorized access to our systems and data and materially affect our business, operations and financial results. In certain circumstances, our third-party vendors may also have access to sensi…”

“If we fail to maintain an adequate information security program or implement sufficient security standards, technology or controls to protect against information security incidents or privacy breaches or fail to identify and adapt to emerging security threats and risks, it could cause us to lose revenues, lose clients and/or damage to our reputation.”

“As a provider of data and business processing solutions, our systems contain a significant amount of sensitive data, including personal information, related to our clients, customers of our clients, our employees, among others. We are, therefore, subject to compliance obligations under federal, state and foreign privacy and information security laws, including in the U.S., the GLBA, HIPAA, and the CPRA, and the GDPR in the European Union, and we are subject to compliance with various client industry standards such as PCI DSS as well as Medicare and Medicaid programs related to our clients. We …”