UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
Washington, D.C. 20549
____________________
FORM 10-Q
____________________
(Mark One)
| | | | | |
☒ | QUARTERLY REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934 |
For the quarterly period ended September 30, 2023
OR
| | | | | |
☐ | TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934 |
For the transition period from to
Commission File Number: 000-23593
VERISIGN, INC.
(Exact name of registrant as specified in its charter)
| | | | | | | | | | | |
Delaware | | 94-3221585 |
(State or other jurisdiction of incorporation or organization) | | (I.R.S. Employer Identification No.) |
| | | |
12061 Bluemont Way, | | |
Reston, | Virginia | | 20190 |
(Address of principal executive offices) | | (Zip Code) |
Registrant’s telephone number, including area code: (703) 948-3200
Securities registered pursuant to Section 12(b) of the Act:
| | | | | | | | |
Title of each class | Trading Symbol(s) | Name of each exchange on which registered |
Common Stock, $0.001 par value per share | VRSN | Nasdaq Global Select Market |
Indicate by check mark whether the registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days. Yes ☒ No ☐
Indicate by check mark whether the registrant has submitted electronically every Interactive Data File required to be submitted pursuant to Rule 405 of Regulation S-T (§232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit such files). Yes ☒ No ☐
Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, a smaller reporting company, or an emerging growth company. See the definitions of “large accelerated filer,” “accelerated filer,” “smaller reporting company,” and “emerging growth company” in Rule 12b-2 of the Exchange Act.
| | | | | | | | | | | | | | |
Large accelerated filer | ☒ | | Accelerated filer | ☐ |
Non-accelerated filer | ☐ | | Smaller reporting company | ☐ |
| | | Emerging growth company | ☐ |
If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. ☐
Indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Exchange Act). Yes ☐ No ☒
Indicate the number of shares outstanding of each of the issuer’s classes of common stock, as of the latest practicable date:
| | | | | | | | |
Class | | Shares Outstanding as of October 20, 2023 |
Common stock, $0.001 par value per share | | 102.1 million |
TABLE OF CONTENTS
PART I—FINANCIAL INFORMATION
ITEM 1. FINANCIAL STATEMENTS
VERISIGN, INC.
CONDENSED CONSOLIDATED BALANCE SHEETS
(In millions, except par value)
(Unaudited)
| | | | | | | | | | | |
| September 30, 2023 | | December 31, 2022 |
ASSETS | | | |
Current assets: | | | |
Cash and cash equivalents | $ | 157.7 | | | $ | 373.6 | |
Marketable securities | 785.8 | | | 606.8 | |
Other current assets | 63.5 | | | 58.3 | |
Total current assets | 1,007.0 | | | 1,038.7 | |
Property and equipment, net | 238.2 | | | 232.0 | |
Goodwill | 52.5 | | | 52.5 | |
Deferred tax assets | 224.1 | | | 234.6 | |
Deposits to acquire intangible assets | 145.0 | | | 145.0 | |
Other long-term assets | 29.1 | | | 30.6 | |
Total long-term assets | 688.9 | | | 694.7 | |
Total assets | $ | 1,695.9 | | | $ | 1,733.4 | |
LIABILITIES AND STOCKHOLDERS’ DEFICIT | | | |
Current liabilities: | | | |
Accounts payable and accrued liabilities | $ | 232.2 | | | $ | 226.5 | |
Deferred revenues | 941.4 | | | 890.4 | |
Total current liabilities | 1,173.6 | | | 1,116.9 | |
Long-term deferred revenues | 320.7 | | | 328.7 | |
Senior notes | 1,789.6 | | | 1,787.9 | |
Long-term tax and other liabilities | 45.4 | | | 62.1 | |
Total long-term liabilities | 2,155.7 | | | 2,178.7 | |
Total liabilities | 3,329.3 | | | 3,295.6 | |
Commitments and contingencies | | | |
Stockholders’ deficit: | | | |
Preferred stock—par value $.001 per share; Authorized shares: 5.0; Issued and outstanding shares: none | — | | | — | |
Common stock and additional paid-in capital—par value $.001 per share; Authorized shares: 1,000; Issued shares: 354.8 at September 30, 2023 and 354.5 at December 31, 2022; Outstanding shares: 102.4 at September 30, 2023 and 105.3 at December 31, 2022 | 12,020.7 | | | 12,644.5 | |
Accumulated deficit | (13,651.1) | | | (14,204.0) | |
Accumulated other comprehensive loss | (3.0) | | | (2.7) | |
Total stockholders’ deficit | (1,633.4) | | | (1,562.2) | |
Total liabilities and stockholders’ deficit | $ | 1,695.9 | | | $ | 1,733.4 | |
See accompanying Notes to Condensed Consolidated Financial Statements.
VERISIGN, INC.
CONDENSED CONSOLIDATED STATEMENTS OF COMPREHENSIVE INCOME
(In millions, except per share data)
(Unaudited)
| | | | | | | | | | | | | | | | | | | | | | | |
| Three Months Ended September 30, | | Nine Months Ended September 30, |
| 2023 | | 2022 | | 2023 | | 2022 |
Revenues | $ | 376.3 | | | $ | 356.9 | | | $ | 1,112.7 | | | $ | 1,055.7 | |
Costs and expenses: | | | | | | | |
Cost of revenues | 48.6 | | | 50.0 | | | 148.8 | | | 150.2 | |
Research and development | 21.7 | | | 21.0 | | | 68.1 | | | 64.2 | |
Selling, general and administrative | 51.7 | | | 49.1 | | | 151.5 | | | 143.7 | |
Total costs and expenses | 122.0 | | | 120.1 | | | 368.4 | | | 358.1 | |
Operating income | 254.3 | | | 236.8 | | | 744.3 | | | 697.6 | |
Interest expense | (18.8) | | | (18.8) | | | (56.5) | | | (56.5) | |
Non-operating income, net | 13.1 | | | 4.9 | | | 37.1 | | | 6.8 | |
Income before income taxes | 248.6 | | | 222.9 | | | 724.9 | | | 647.9 | |
Income tax expense | (60.1) | | | (53.4) | | | (172.0) | | | (153.6) | |
Net income | 188.5 | | | 169.5 | | | 552.9 | | | 494.3 | |
Other comprehensive income (loss) | 0.4 | | | 0.2 | | | (0.3) | | | 0.1 | |
Comprehensive income | $ | 188.9 | | | $ | 169.7 | | | $ | 552.6 | | | $ | 494.4 | |
| | | | | | | |
Earnings per share: | | | | | | | |
Basic | $ | 1.83 | | | $ | 1.58 | | | $ | 5.32 | | | $ | 4.55 | |
Diluted | $ | 1.83 | | | $ | 1.58 | | | $ | 5.32 | | | $ | 4.55 | |
Shares used to compute earnings per share | | | | | | | |
Basic | 102.9 | | | 107.1 | | | 103.9 | | | 108.7 | |
Diluted | 103.0 | | | 107.1 | | | 104.0 | | | 108.7 | |
See accompanying Notes to Condensed Consolidated Financial Statements.
VERISIGN, INC.
CONDENSED CONSOLIDATED STATEMENTS OF STOCKHOLDERS’ DEFICIT
(In millions)
(Unaudited)
| | | | | | | | | | | | | | | | | | | | | | | |
| Three Months Ended September 30, | | Nine Months Ended September 30, |
| 2023 | | 2022 | | 2023 | | 2022 |
Total stockholders’ deficit, beginning of period | $ | (1,617.9) | | | $ | (1,455.0) | | | $ | (1,562.2) | | | $ | (1,260.5) | |
| | | | | | | |
Common stock and additional paid-in capital | | | | | | | |
Beginning balance | 12,225.1 | | | 13,100.9 | | | 12,644.5 | | | 13,620.1 | |
Repurchase of common stock | (222.4) | | | (277.9) | | | (675.8) | | | (834.0) | |
Stock-based compensation | 15.8 | | | 16.7 | | | 45.8 | | | 45.4 | |
Issuance of common stock under stock plans | 4.3 | | | 4.1 | | | 12.3 | | | 12.3 | |
Excise tax on repurchase of common stock | (2.1) | | | — | | | (6.1) | | | — | |
Balance, end of period | 12,020.7 | | | 12,843.8 | | | 12,020.7 | | | 12,843.8 | |
| | | | | | | |
Accumulated deficit | | | | | | | |
Beginning balance | (13,839.6) | | | (14,553.0) | | | (14,204.0) | | | (14,877.8) | |
Net income | 188.5 | | | 169.5 | | | 552.9 | | | 494.3 | |
Balance, end of period | (13,651.1) | | | (14,383.5) | | | (13,651.1) | | | (14,383.5) | |
| | | | | | | |
Accumulated other comprehensive loss | | | | | | | |
Beginning balance | (3.4) | | | (2.9) | | | (2.7) | | | (2.8) | |
Other comprehensive income (loss) | 0.4 | | | 0.2 | | | (0.3) | | | 0.1 | |
Balance, end of period | (3.0) | | | (2.7) | | | (3.0) | | | (2.7) | |
| | | | | | | |
Total stockholders’ deficit, end of period | $ | (1,633.4) | | | $ | (1,542.4) | | | $ | (1,633.4) | | | $ | (1,542.4) | |
See accompanying Notes to Condensed Consolidated Financial Statements.
VERISIGN, INC.
CONDENSED CONSOLIDATED STATEMENTS OF CASH FLOWS
(In millions)
(Unaudited)
| | | | | | | | | | | |
| Nine Months Ended September 30, |
| 2023 | | 2022 |
Cash flows from operating activities: | | | |
Net income | $ | 552.9 | | | $ | 494.3 | |
Adjustments to reconcile net income to net cash provided by operating activities: | | | |
Depreciation of property and equipment | 33.7 | | | 35.2 | |
Stock-based compensation expense | 45.0 | | | 44.2 | |
Other, net | (15.6) | | | 0.7 | |
Changes in operating assets and liabilities: | | | |
Other assets | (3.7) | | | (2.5) | |
Accounts payable and accrued liabilities | (16.2) | | | (40.1) | |
Deferred revenues | 43.0 | | | 82.1 | |
Net deferred income taxes | 10.5 | | | 0.3 | |
Net cash provided by operating activities | 649.6 | | | 614.2 | |
Cash flows from investing activities: | | | |
Proceeds from maturities and sales of marketable securities | 750.8 | | | 1,475.0 | |
Purchases of marketable securities | (911.5) | | | (909.3) | |
Purchases of property and equipment | (40.8) | | | (19.7) | |
Net cash (used in) provided by investing activities | (201.5) | | | 546.0 | |
Cash flows from financing activities: | | | |
Repurchases of common stock | (675.8) | | | (834.0) | |
Proceeds from employee stock purchase plan | 12.3 | | | 12.3 | |
Net cash used in financing activities | (663.5) | | | (821.7) | |
Effect of exchange rate changes on cash, cash equivalents, and restricted cash | (0.6) | | | (1.4) | |
Net (decrease) increase in cash, cash equivalents, and restricted cash | (216.0) | | | 337.1 | |
Cash, cash equivalents, and restricted cash at beginning of period | 379.0 | | | 228.8 | |
Cash, cash equivalents, and restricted cash at end of period | $ | 163.0 | | | $ | 565.9 | |
Supplemental cash flow disclosures: | | | |
Cash paid for interest | $ | 49.5 | | | $ | 49.6 | |
Cash paid for income taxes, net of refunds received | $ | 178.8 | | | $ | 159.6 | |
| | | |
See accompanying Notes to Condensed Consolidated Financial Statements.
VERISIGN, INC.
NOTES TO CONDENSED CONSOLIDATED FINANCIAL STATEMENTS
(Unaudited)
Note 1. Basis of Presentation
Interim Financial Statements
The accompanying unaudited Condensed Consolidated Financial Statements have been prepared by VeriSign, Inc. (“Verisign” or the “Company”) in accordance with the instructions to Form 10-Q pursuant to the rules and regulations of the Securities and Exchange Commission (“SEC”) and, therefore, do not include all information and notes normally provided in audited financial statements. In the opinion of management, all adjustments (consisting of normal recurring accruals and other adjustments) considered necessary for a fair presentation have been included. The results of operations for any interim period are not necessarily indicative of, nor comparable to, the results of operations for any other interim period or for a full fiscal year. These unaudited Condensed Consolidated Financial Statements should be read in conjunction with the Consolidated Financial Statements and related notes contained in Verisign’s Annual Report on Form 10-K for the year ended December 31, 2022 (the “2022 Form 10-K”) filed with the SEC on February 17, 2023.
Reclassifications
Certain reclassifications have been made to prior period amounts to conform to current period presentation. Such reclassifications have no effect on net income as previously reported.
Note 2. Financial Instruments
Cash, Cash Equivalents, and Marketable Securities
The following table summarizes the Company’s cash, cash equivalents, and marketable securities and the fair value categorization of the financial instruments measured at fair value on a recurring basis:
| | | | | | | | | | | |
| September 30, | | December 31, |
| 2023 | | 2022 |
| (In millions) |
Cash | $ | 22.4 | | | $ | 27.0 | |
Time deposits | 4.3 | | | 4.1 | |
Money market funds (Level 1) | 136.3 | | | 178.6 | |
Debt securities issued by the U.S. Treasury (Level 1) | 785.8 | | | 776.1 | |
Total | $ | 948.8 | | | $ | 985.8 | |
| | | |
Cash and cash equivalents | $ | 157.7 | | | $ | 373.6 | |
Restricted cash (included in Other long-term assets) | 5.3 | | | 5.4 | |
Total Cash, cash equivalents, and restricted cash | 163.0 | | | 379.0 | |
Marketable securities | 785.8 | | | 606.8 | |
Total | $ | 948.8 | | | $ | 985.8 | |
The gross and net unrealized gains and losses included in the fair value of the debt securities were not significant for the periods presented. All of the debt securities held as of September 30, 2023 are scheduled to mature in less than one year.
Fair Value Measurements
The fair value of the Company’s investments in money market funds approximates their face value. Such instruments are included in Cash and cash equivalents. The fair value of the debt securities consisting of U.S. Treasury bills is based on their quoted market prices. Debt securities purchased with original maturities in excess of three months are included in Marketable securities. The fair value of all of these financial instruments are classified as Level 1 in the fair value hierarchy.
The Company’s other financial instruments include cash, accounts receivable, restricted cash, and accounts payable. As of September 30, 2023, the carrying value of these financial instruments approximated their fair value. The aggregate fair value of the Company’s senior notes is $1.62 billion and $1.65 billion as of September 30, 2023 and December 31, 2022, respectively. The fair values of these debt instruments are based on available market information from public data sources and are classified as Level 2.
Note 3. Selected Balance Sheet Items
Other Current Assets
Other current assets consist of the following:
| | | | | | | | | | | |
| September 30, | | December 31, |
| 2023 | | 2022 |
| (In millions) |
Prepaid expenses | $ | 27.4 | | | $ | 24.3 | |
Prepaid registry fees | 24.6 | | | 24.3 | |
Accounts receivable, net | 4.6 | | | 6.2 | |
Unrealized gain on foreign currency forward contracts | 4.5 | | | 0.2 | |
Other | 2.4 | | | 3.3 | |
Total other current assets | $ | 63.5 | | | $ | 58.3 | |
Other Long-Term Assets
Other long-term assets consist of the following:
| | | | | | | | | | | |
| September 30, | | December 31, |
| 2023 | | 2022 |
| (In millions) |
Operating lease right-of-use asset | $ | 8.8 | | | $ | 7.2 | |
Long-term prepaid registry fees | 8.6 | | | 9.1 | |
Restricted cash | 5.3 | | | 5.4 | |
Long-term prepaid expenses | 4.1 | | | 6.6 | |
Other | 2.3 | | | 2.3 | |
Total other long-term assets | $ | 29.1 | | | $ | 30.6 | |
The prepaid registry fees in the tables above relate to the fees the Company pays to ICANN for each annual term of .com domain name registrations and renewals which are deferred and amortized over the domain name registration term.
Accounts Payable and Accrued Liabilities
Accounts payable and accrued liabilities consist of the following:
| | | | | | | | | | | |
| September 30, | | December 31, |
| 2023 | | 2022 |
| (In millions) |
Accounts payable and accrued expenses | $ | 9.4 | | | $ | 9.8 | |
Customer deposits | 75.3 | | | 72.0 | |
Accrued employee compensation | 50.8 | | | 59.0 | |
Taxes payable | 43.2 | | | 37.4 | |
Interest payable | 24.6 | | | 19.5 | |
Accrued registry fees | 13.3 | | | 12.7 | |
Customer incentives payable | 7.4 | | | 7.1 | |
Current operating lease liabilities | 5.6 | | | 5.5 | |
Other accrued liabilities | 2.6 | | | 3.5 | |
Total accounts payable and accrued liabilities | $ | 232.2 | | | $ | 226.5 | |
The balance of customer deposits varies from period to period due to the timing of payments from certain large customers. Accrued employee compensation primarily consists of liabilities for employee leave, salaries, payroll taxes, employee contributions to the employee stock purchase plan, and incentive compensation. Accrued employee incentive compensation as of December 31, 2022 was paid during the nine months ended September 30, 2023. Taxes payable reflects amounts accrued for the income tax provision and payments made during the period. This balance fluctuates from period to period due to the timing of income tax payments in the Company’s major tax jurisdictions. Interest payable varies at each period-end based on the payment due dates for each senior note issuance.
Property Plant and Equipment, net
The following table presents the detail of property and equipment, net:
| | | | | | | | | | | |
| September 30, | | December 31, |
| 2023 | | 2022 |
| (In millions) |
Computer equipment and software | $ | 411.7 | | | $ | 402.7 | |
Buildings and building improvements | 260.2 | | | 257.5 | |
Land | 37.9 | | | 31.1 | |
Office equipment and furniture | 11.0 | | | 10.4 | |
Capital work in progress | 15.3 | | | 3.6 | |
Leasehold improvements | 1.6 | | | 1.5 | |
Total cost | 737.7 | | | 706.8 | |
Less: accumulated depreciation | (499.5) | | | (474.8) | |
Total property and equipment, net | $ | 238.2 | | | $ | 232.0 | |
In July 2023, the Company purchased a building in Reston, Virginia to be used as its future corporate headquarters for $19.8 million. Based on a valuation of the property, $13.0 million of the total purchase price was allocated to the building which is included in capital work in progress in the table above due to ongoing construction. The remaining $6.8 million was allocated to land.
Long-term Tax and Other Liabilities
Long-term tax and other liabilities consist of the following:
| | | | | | | | | | | |
| September 30, | | December 31, |
| 2023 | | 2022 |
| (In millions) |
Long-term tax liabilities | $ | 42.5 | | | $ | 60.5 | |
Long-term operating lease liabilities | 2.9 | | | 1.6 | |
Long-term tax and other liabilities | $ | 45.4 | | | $ | 62.1 | |
Long-term tax liabilities as of September 30, 2023 reflects a $19.3 million reclassification to current liabilities of the next installment of the transition tax liability on accumulated foreign earnings resulting from the 2017 Tax Cuts and Jobs Act.
Note 4. Share Repurchases
Effective July 27, 2023, the Company’s Board of Directors authorized the repurchase of its common stock in the amount of $1.14 billion, in addition to the $356.1 million that remained available for repurchases under the share repurchase program, for a total repurchase authorization of up to $1.50 billion under the program. The program has no expiration date. Purchases made under the program could be effected through open market transactions, block purchases, accelerated share repurchase agreements or other negotiated transactions. As of September 30, 2023 there was approximately $1.34 billion remaining available for repurchases under the program.
The Company’s share repurchases are as following. Amounts may not add up due to rounding:
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
| Three Months Ended September 30, 2023 | | Nine Months Ended September 30, 2023 | | | |
| Shares | | Total Costs | | Average Price | | Shares | | Total Costs | | Average Price | | | |
| (In millions, except average price amounts) | | | |
Total repurchases under the repurchase plans | 1.1 | | | $ | 219.9 | | | $ | 208.41 | | | 3.1 | | | $ | 659.8 | | | $ | 211.10 | | | | |
Total repurchases for tax withholdings | — | | | 2.6 | | | $ | 206.42 | | | 0.1 | | | 16.0 | | | $ | 212.08 | | | | |
Total repurchases | 1.1 | | | $ | 222.4 | | | $ | 208.39 | | | 3.2 | | | $ | 675.8 | | | $ | 211.13 | | | | |
Since inception, the Company has repurchased 252.5 million shares of its common stock for an aggregate cost of $13.43 billion, which is recorded as a reduction of Additional paid-in capital. The Inflation Reduction Act of 2022, which was enacted into law on August 16, 2022, imposed a nondeductible 1% excise tax on the net value of certain stock repurchases made after December 31, 2022. In the nine months ended September 30, 2023, the Company reflected the applicable excise tax in treasury stock as part of the cost basis of the stock repurchased and recorded a corresponding liability for the excise taxes payable in
Accounts payable and accrued liabilities on our Condensed Consolidated Balance Sheet as of September 30, 2023. The share repurchase and authorization amounts disclosed in this Form 10-Q exclude the excise tax.
Note 5. Calculation of Earnings per Share
The following table presents the computation of weighted-average shares used in the calculation of basic and diluted earnings per share:
| | | | | | | | | | | | | | | | | | | | | | | |
| Three Months Ended September 30, | | Nine Months Ended September 30, |
| 2023 | | 2022 | | 2023 | | 2022 |
| (In millions) |
Weighted-average shares of common stock outstanding | 102.9 | | 107.1 | | 103.9 | | 108.7 |
Weighted-average potential shares of common stock outstanding: | | | | | | | |
Unvested RSUs and ESPP | 0.1 | | — | | 0.1 | | — |
Shares used to compute diluted earnings per share | 103.0 | | 107.1 | | 104.0 | | 108.7 |
The calculation of diluted weighted average shares outstanding excludes performance-based RSUs granted by the Company for which the relevant performance criteria have not been achieved and any awards that are antidilutive. The number of potential shares excluded from the calculation was not significant in any period presented.
Note 6. Revenues
The Company generates revenues in the U.S.; Europe, the Middle East and Africa (“EMEA”); China; and certain other countries, including Canada, Japan, and Singapore.
The following table presents our revenues disaggregated by geography, based on the billing addresses of our customers:
| | | | | | | | | | | | | | | | | | | | | | | |
| Three Months Ended September 30, | | Nine Months Ended September 30, |
| 2023 | | 2022 | | 2023 | | 2022 |
| (In millions) |
U.S. | $ | 250.8 | | | $ | 236.3 | | | $ | 741.2 | | | $ | 691.8 | |
EMEA | 57.7 | | | 55.0 | | | 169.4 | | | 170.0 | |
China | 22.0 | | | 26.8 | | | 71.0 | | | 79.3 | |
Other | 45.8 | | | 38.8 | | | 131.1 | | | 114.6 | |
Total revenues | $ | 376.3 | | | $ | 356.9 | | | $ | 1,112.7 | | | $ | 1,055.7 | |
Revenues in the table above are attributed to the country of domicile and the respective regions in which registrars are located; however, this may differ from the regions where the registrars operate or where registrants are located. Revenues for each region may be impacted by registrars reincorporating, relocating, or from acquisitions or changes in affiliations of resellers. Revenues for each region may also be impacted by registrars domiciled in one region, registering domain names in another region.
Deferred Revenues
As payments for domain name registrations and renewals are due in advance of our performance, we record these amounts as deferred revenues. The increase in the deferred revenues balance for the nine months ended September 30, 2023 was primarily driven by amounts billed in the nine months ended September 30, 2023 for domain name registrations and renewals to be recognized as revenues in future periods, offset by refunds for domain name renewals deleted during the 45-day grace period, and $755.4 million of revenues recognized that were included in the deferred revenues balance at the beginning of the period. The balance of deferred revenues as of September 30, 2023 represents our aggregate remaining performance obligations. Amounts included in current deferred revenues are all expected to be recognized in revenues within 12 months, except for a portion of deferred revenues that relates to domain name renewals that are deleted in the 45-day grace period following the transaction. The long-term deferred revenues amounts will be recognized in revenues over several years and in some cases up to 10 years.
Note 7. Stock-based Compensation
Stock-based compensation is classified in the Condensed Consolidated Statements of Comprehensive Income in the same expense line items as cash compensation. The following table presents the classification of stock-based compensation:
| | | | | | | | | | | | | | | | | | | | | | | |
| Three Months Ended September 30, | | Nine Months Ended September 30, |
2023 | | 2022 | | 2023 | | 2022 |
| (In millions) |
Cost of revenues | $ | 1.9 | | | $ | 1.8 | | | $ | 5.2 | | | $ | 5.3 | |
Research and development | 2.5 | | | 2.5 | | | 7.5 | | | 7.2 | |
Selling, general and administrative | 11.1 | | | 12.0 | | | 32.3 | | | 31.7 | |
Stock-based compensation expense | 15.5 | | | 16.3 | | | 45.0 | | | 44.2 | |
Capitalization (included in Property and equipment, net) | 0.3 | | | 0.4 | | | 0.8 | | 1.2 |
Total stock-based compensation | $ | 15.8 | | | $ | 16.7 | | | $ | 45.8 | | | $ | 45.4 | |
The following table presents the nature of the Company’s total stock-based compensation:
| | | | | | | | | | | | | | | | | | | | | | | |
| Three Months Ended September 30, | | Nine Months Ended September 30, |
| 2023 | | 2022 | | 2023 | | 2022 |
| (In millions) |
RSUs | $ | 13.4 | | | $ | 12.3 | | | $ | 35.9 | | | $ | 33.2 | |
Performance-based RSUs | 1.3 | | | 3.3 | | | 6.6 | | | 9.0 | |
ESPP | 1.1 | | | 1.1 | | | 3.3 | | | 3.2 | |
Total stock-based compensation | $ | 15.8 | | | $ | 16.7 | | | $ | 45.8 | | | $ | 45.4 | |
Note 8. Non-operating Income, Net
The following table presents the components of Non-operating income, net:
| | | | | | | | | | | | | | | | | | | | | | | |
| Three Months Ended September 30, | | Nine Months Ended September 30, |
| 2023 | | 2022 | | 2023 | | 2022 |
| (In millions) |
Interest income | $ | 11.6 | | | $ | 4.6 | | | $ | 33.8 | | | $ | 6.4 | |
Other, net | 1.5 | | | 0.3 | | | 3.3 | | | 0.4 | |
Total non-operating income, net | $ | 13.1 | | | $ | 4.9 | | | $ | 37.1 | | | $ | 6.8 | |
Interest income is earned principally from the Company’s surplus cash balances and marketable securities. The increase in interest income during the three and nine months ended September 30, 2023 reflects higher interest rates on the Company’s investments in debt securities. The increase in other non-operating income, net, during the three and nine months ended September 30, 2023 primarily reflects net gains and losses from the Company’s foreign currency exposure and related hedges.
Note 9. Income Taxes
The following table presents Income tax expense and the effective tax rate:
| | | | | | | | | | | | | | | | | | | | | | | |
| Three Months Ended September 30, | | Nine Months Ended September 30, |
| 2023 | | 2022 | | 2023 | | 2022 |
| (Dollars in millions) |
Income tax expense | $ | 60.1 | | | $ | 53.4 | | | $ | 172.0 | | | $ | 153.6 | |
Effective tax rate | 24 | % | | 24 | % | | 24 | % | | 24 | % |
The effective tax rate for each of the periods in the table above was higher than the statutory federal rate of 21%, due to state income taxes and U.S. taxes on foreign earnings, net of foreign tax credits, partially offset by a lower foreign effective tax rate.
ITEM 2. MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS
You should read the following discussion in conjunction with the 2022 Form 10-K and the interim unaudited Condensed Consolidated Financial Statements and related notes included in Part I, Item I of this Quarterly Report on Form 10-Q.
This Quarterly Report on Form 10-Q contains forward-looking statements within the meaning of Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities Exchange Act of 1934, as amended (the “Exchange Act”). These forward-looking statements are based on current expectations and assumptions and involve risks and uncertainties, including, among other things, statements regarding our expectations about the sufficiency of our existing cash, cash equivalents and marketable securities, and funds generated from operations, together with our borrowing capacity under the unsecured revolving credit facility. Forward-looking statements include, among others, those statements including the words “expects,” “anticipates,” “intends,” “believes” and similar language. Our actual results may differ significantly from those projected in the forward-looking statements. Factors that might cause or contribute to such differences include, but are not limited to, those discussed in the section titled “Risk Factors” in Part II, Item 1A of this Quarterly Report on Form 10-Q. You should also carefully review the risks described in other documents we file from time to time with the Securities and Exchange Commission, including the Quarterly Reports on Form 10-Q or Current Reports on Form 8-K that we file in 2023. You are cautioned not to place undue reliance on the forward-looking statements, which speak only as of the date of this Quarterly Report on Form 10-Q. We undertake no obligation to update publicly or revise such statements, whether as a result of new information, future events, or otherwise, except as required by law.
For purposes of this Quarterly Report on Form 10-Q, the terms “Verisign,” “the Company,” “we,” “us,” and “our” refer to VeriSign, Inc. and its consolidated subsidiaries.
Overview
We are a global provider of critical internet infrastructure and domain name registry services, enabling internet navigation for many of the world’s most recognized domain names. We help enable the security, stability, and resiliency of the Domain Name System and the internet by providing root zone maintainer services, operating two of the 13 global internet root servers, and providing registration services and authoritative resolution for the .com and .net generic top-level domains (“gTLDs”), which support the majority of global e-commerce.
As of September 30, 2023, we had 173.9 million .com and .net registrations in the domain name base. The number of domain names registered is largely driven by continued growth in online advertising, e-commerce, and the number of internet users, which is partially driven by greater availability of internet access, as well as marketing activities carried out by us and our registrars. Growth in the number of domain name registrations under our management may be hindered by certain factors, including overall economic conditions, competition from country code top-level domains (“ccTLDs”), other gTLDs, services that offer alternatives for an online presence, such as social media, and ongoing changes in the internet practices and behaviors of consumers and businesses. Factors such as the evolving practices and preferences of internet users, and how they navigate the internet, as well as the motivation of domain name registrants and how they will manage their investment in domain names, can negatively impact our business and the demand for new domain name registrations and renewals.
Business Highlights and Trends
•We recorded revenues of $376.3 million and $1,112.7 million during the three and nine months ended September 30, 2023, an increase of 5% compared to the same periods in 2022.
•We recorded operating income of $254.3 million and $744.3 million during the three and nine months ended September 30, 2023, an increase of 7% compared to the same periods in 2022.
•As of September 30, 2023, we had 173.9 million .com and .net registrations in the domain name base, which represents a 0.1% decrease from September 30, 2022, and a net decrease of 0.5 million domain name registrations from June 30, 2023.
•During the three months ended September 30, 2022 and 2023, we processed 9.9 million new domain name registrations for .com and .net.
•The final .com and .net renewal rate for the second quarter of 2023 was 73.4% compared to 73.8% for the second quarter of 2022. Renewal rates are not fully measurable until 45 days after the end of the quarter.
•Effective July 27, 2023, our Board of Directors authorized the repurchase of our common stock in the amount of $1.14 billion, in addition to the $356.1 million that remained available for repurchases under the share repurchase program, for a total repurchase authorization of up to $1.50 billion under the program.
•During the three months ended September 30, 2023, we repurchased 1.1 million shares of our common stock for an aggregate cost of $219.9 million. As of September 30, 2023, there was approximately $1.34 billion remaining available for future share repurchases under our share repurchase program.
•We generated cash flows from operating activities of $649.6 million during the nine months ended September 30, 2023, compared to $614.2 million for the same period in 2022.
•On July 27, 2023, we announced that we will increase the annual registry-level wholesale fee for each new and renewal .net domain name registration from $9.92 to $10.91, effective February 1, 2024.
Pursuant to our agreements with ICANN, we make available files containing all active domain names registered in the .com and .net registries. Further, we also make available a summary of the active zone count registered in the .com and .net registries and the number of .com and .net domain name registrations in the domain name base. The zone counts and information on how to obtain access to the zone files can be found at https://www.Verisign.com/zone. The domain name base is the active zone plus the number of domain names that are registered but not configured for use in the respective top-level domain zone file plus the number of domain names that are in a client or server hold status. The domain name base may also reflect compensated or uncompensated judicial or administrative actions to add or remove from the active zone an immaterial number of domain names. These files and the related summary data are updated daily. The update times may vary each day. The number of domain names provided in this Form 10-Q are as of midnight of the date reported.
Results of Operations
The following table presents information regarding our results of operations as a percentage of revenues:
| | | | | | | | | | | | | | | | | | | | | | | |
| | | | | |
| Three Months Ended September 30, | | Nine Months Ended September 30, |
| 2023 | | 2022 | | 2023 | | 2022 |
Revenues | 100.0 | % | | 100.0 | % | | 100.0 | % | | 100.0 | % |
Costs and expenses: | | | | | | | |
Cost of revenues | 12.9 | | | 14.0 | | | 13.4 | | | 14.2 | |
Research and development | 5.8 | | | 5.9 | | | 6.1 | | | 6.1 | |
Selling, general and administrative | 13.7 | | | 13.8 | | | 13.6 | | | 13.6 | |
| | | | | | | |
Total costs and expenses | 32.4 | | | 33.7 | | | 33.1 | | | 33.9 | |
Operating income | 67.6 | | | 66.3 | | | 66.9 | | | 66.1 | |
Interest expense | (5.0) | | | (5.3) | | | (5.1) | | | (5.4) | |
Non-operating income, net | 3.4 | | | 1.5 | | | 3.3 | | | 0.7 | |
Income before income taxes | 66.0 | | | 62.5 | | | 65.1 | | | 61.4 | |
Income tax expense | (15.9) | | | (15.0) | | | (15.4) | | | (14.6) | |
Net income | 50.1 | % | | 47.5 | % | | 49.7 | % | | 46.8 | % |
| | | | | | | |
| | | | | | | |
Revenues
Our revenues are primarily derived from registrations for domain names in the .com and .net domain name registries. We also derive revenues from operating domain name registries and technical systems for several other gTLDs and ccTLDs, all of which are not significant in relation to our consolidated revenues. For domain names registered in the .com and .net registries we receive a fee from registrars per annual registration that is determined pursuant to our agreements with ICANN. Individual customers, called registrants, contract directly with registrars or their resellers, and the registrars, who are our direct customers, in turn register the domain names with Verisign. Changes in revenues are driven largely by changes in the number of new domain name registrations and the renewal rate for existing registrations as well as the impact of new and prior price increases, to the extent permitted by ICANN and the Department of Commerce (“DOC”). New registrations and the renewal rate for existing registrations are impacted by continued growth in online advertising, e-commerce, and the number of internet users, as well as marketing activities carried out by us and our registrars. We also offer promotional incentive-based discount programs to registrars based upon market conditions and the business environment in which the registrars operate.
Under the .com Registry Agreement, we are permitted to increase the price of a .com domain name by up to 7% in each of the final four years of each six-year period beginning on October 26, 2018. We increased the annual registry-level wholesale fee for each new and renewal .com domain name registration from $8.39 to $8.97 effective September 1, 2022, and from $8.97 to $9.59, effective September 1, 2023. Effective February 1, 2023, we increased the annual registry-level wholesale fee for each new and renewal .net domain name registration from $9.02 to $9.92. In June 2023, we entered into a renewal of the .net Registry Agreement with ICANN, pursuant to which we will remain the sole registry operator for the .net registry through June 30, 2029. We have the contractual right to increase the fees for .net domain name registrations by up to 10% each year during
the term of our agreement with ICANN, through June 30, 2029. On July 27, 2023, we announced that we will increase the annual registry-level wholesale fee for each new and renewal .net domain name registration from $9.92 to $10.91, effective February 1, 2024. All fees paid to us for .com and .net registrations are in U.S. dollars.
A comparison of revenues is presented below: | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
| Three Months Ended September 30, | | Nine Months Ended September 30, |
| 2023 | | % Change | | 2022 | | 2023 | | % Change | | 2022 |
| (Dollars in millions) |
Revenues | $ | 376.3 | | | 5% | | $ | 356.9 | | | $ | 1,112.7 | | | 5% | | $ | 1,055.7 | |
The following table compares the .com and .net domain name registrations in the domain name base:
| | | | | | | | | | | | | | | | | |
| September 30, 2023 | | % Change | | September 30, 2022 |
.com and .net domain name registrations in the domain name base | 173.9 million | | —% | | 174.2 million |
Revenues increased during the three and nine months ended September 30, 2023, as compared to the same periods last year, primarily due to an increase in revenues from the operation of the registry for the .com gTLD supported by the price increases that became effective September 1, 2022 and 2021. This increase in revenue was partially offset by the elimination of revenue from the operation of the .tv ccTLD which was transitioned to another service provider in the fourth quarter of 2022.
Demand for domain names has been primarily driven by continued internet growth and marketing activities carried out by us and our registrars. However, competitive pressure from ccTLDs, other gTLDs, services that offer alternatives for an online presence, such as social media, ongoing changes in internet practices and behaviors of consumers and business, as well as the motivation of existing domain name registrants managing their investment in domain names, such as for resale at increased prices or for revenue generation through website advertising, and global economic uncertainty, has limited the demand for domain names and may do so in the remainder of 2023 and beyond. While the core value proposition for domain names remains strong, softness in demand primarily in China has recently limited the overall growth in our domain name base.
Geographic revenues
We generate revenues in the U.S.; Europe, the Middle East and Africa (“EMEA”); China; and certain other countries, including Canada, Japan, and Singapore.
The following table presents a comparison of our geographic revenues:
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
| Three Months Ended September 30, | | Nine Months Ended September 30, |
| 2023 | | % Change | | 2022 | | 2023 | | % Change | | 2022 |
| (Dollars in millions) |
U.S. | $ | 250.8 | | | 6% | | $ | 236.3 | | | $ | 741.2 | | | 7% | | $ | 691.8 | |
EMEA | 57.7 | | | 5% | | 55.0 | | | 169.4 | | | —% | | 170.0 | |
China | 22.0 | | | (18)% | | 26.8 | | | 71.0 | | | (10)% | | 79.3 | |
Other | 45.8 | | | 18% | | 38.8 | | | 131.1 | | | 14% | | 114.6 | |
Total revenues | $ | 376.3 | | | | | $ | 356.9 | | | $ | 1,112.7 | | | | | $ | 1,055.7 | |
Revenues in the table above are attributed to the country of domicile and the respective regions in which our registrars are located; however, this may differ from the regions where the registrars operate or where registrants are located. Revenue growth for each region may be impacted by registrars reincorporating, relocating, or from acquisitions or changes in affiliations of resellers. Several such changes benefited revenues in the U.S. and negatively impacted revenues in EMEA during the three and nine months ended September 30, 2023. Revenue growth for each region may also be impacted by registrars domiciled in one region, registering domain names in another region. The majority of our revenue growth was generated from registrars based in the U.S. and certain other countries, while revenues from registrars based in China declined in both the three and nine months ended September 30, 2023 compared to the same periods of the prior year due to the lower demand noted above.
Cost of revenues
Cost of revenues consist primarily of salaries and employee benefits expenses for our personnel who manage the operational systems, depreciation expenses, operational costs associated with the delivery of our services, fees paid to ICANN, customer support and training, costs of facilities and computer equipment used in these activities, telecommunications expense and allocations of indirect costs such as corporate overhead.
A comparison of cost of revenues is presented below: | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
| Three Months Ended September 30, | | Nine Months Ended September 30, |
| 2023 | | % Change | | 2022 | | 2023 | | % Change | | 2022 |
| (Dollars in millions) |
Cost of revenues | $ | 48.6 | | | (3)% | | $ | 50.0 | | | $ | 148.8 | | | (1)% | | $ | 150.2 | |
Cost of revenues decreased slightly during the three months ended September 30, 2023, compared to the same period last year, due to a combination of individually insignificant factors.
Cost of revenues decreased slightly during the nine months ended September 30, 2023, compared to the same period last year, due to a decrease in registry fees that was partially offset by an increase in compensation and benefit expenses. Registry fees decreased by $3.7 million due to the transition of the operation of the registry for the .tv ccTLD to another service provider in the fourth quarter of 2022. Compensation and benefit expenses increased by $3.1 million due to salary increases and an increase in average headcount.
Research and development
Research and development expenses consist primarily of costs related to research and development personnel, including salaries and other personnel-related expenses, consulting fees, facilities costs, computer and communications equipment, support services used in our service and technology development, and allocations of indirect costs such as corporate overhead.
A comparison of research and development expenses is presented below:
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
| Three Months Ended September 30, | | Nine Months Ended September 30, |
| 2023 | | % Change | | 2022 | | 2023 | | % Change | | 2022 |
| (Dollars in millions) |
Research and development | $ | 21.7 | | | 4% | | $ | 21.0 | | | $ | 68.1 | | | 6% | | $ | 64.2 | |
Research and development expenses increased slightly during the three months ended September 30, 2023, compared to the same period last year, due to a combination of individually insignificant factors.
Research and development expenses increased during the nine months ended September 30, 2023, compared to the same period last year, primarily due to a $2.3 million decrease in capitalized labor as a result of a shift in work from capital projects to certain non-capital projects and maintenance of existing software products.
Selling, general and administrative
Selling, general and administrative expenses consist primarily of salaries and other personnel-related expenses for our executive, administrative, legal, finance, information technology, human resources, sales, and marketing personnel, travel and related expenses, trade shows, costs of computer and communications equipment and support services, consulting and professional service fees, costs of marketing programs, costs of facilities, management information systems, support services, and certain tax and license fees, offset by allocations of indirect costs such as facilities and shared services expenses to other cost types.
A comparison of selling, general and administrative expenses is presented below: | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
| Three Months Ended September 30, | | Nine Months Ended September 30, |
| 2023 | | % Change | | 2022 | | 2023 | | % Change | | 2022 |
| (Dollars in millions) |
Selling, general and administrative | $ | 51.7 | | | 5% | | $ | 49.1 | | | $ | 151.5 | | | 5% | | $ | 143.7 | |
Selling, general and administrative expenses increased during the three months ended September 30, 2023, compared to the same period last year, due to a combination of individually insignificant factors.
Selling, general and administrative expenses increased during the nine months ended September 30, 2023, compared to the same period last year, due to increases in compensation and benefit expenses and other individually insignificant factors. Compensation and benefit expenses increased by $3.9 million due to salary increases and an increase in average headcount.
Interest expense
Interest expense remained consistent during the three and nine months ended September 30, 2023 compared to the same periods last year.
Non-operating income, net
See Note 8, “Non-operating Income, Net” of our Notes to Consolidated Financial Statements in Item 1 of this Form 10-Q.
Income tax expense
The following table presents Income tax expense and the effective tax rate:
| | | | | | | | | | | | | | | | | | | | | | | |
| Three Months Ended September 30, | | Nine Months Ended September 30, |
| 2023 | | 2022 | | 2023 | | 2022 |
| (Dollars in millions) |
Income tax expense | $ | 60.1 | | | $ | 53.4 | | | $ | 172.0 | | | $ | 153.6 | |
Effective tax rate | 24 | % | | 24 | % | | 24 | % | | 24 | % |
The effective tax rate for each of the periods in the table above differed from the statutory federal rate of 21%, due to state income taxes and U.S. taxes on foreign earnings, net of foreign tax credits, offset by a lower foreign effective tax rate.
Liquidity and Capital Resources
The following table presents our principal sources of liquidity: | | | | | | | | | | | |
| September 30, | | December 31, |
| 2023 | | 2022 |
| (In millions) |
Cash and cash equivalents | $ | 157.7 | | | $ | 373.6 | |
Marketable securities | 785.8 | | | 606.8 | |
Total | $ | 943.5 | | | $ | 980.4 | |
The marketable securities primarily consist of debt securities issued by the U.S. Treasury meeting the criteria of our investment policy, which is focused on the preservation of our capital through investment in investment grade securities. The cash equivalents consist of amounts invested in money market funds, time deposits and U.S. Treasury bills purchased with original maturities of three months or less. As of September 30, 2023, all of our debt securities have contractual maturities of less than one year. Our cash and cash equivalents are readily accessible. For additional information on our investment portfolio, see Note 2, “Financial Instruments,” of our Notes to Condensed Consolidated Financial Statements in Part I, Item I of this Quarterly Report on Form 10-Q.
Effective July 27, 2023, our Board of Directors authorized the repurchase of our common stock in the amount of $1.14 billion, in addition to the $356.1 million that remained available for repurchases under the share repurchase program, for a total repurchase authorization of up to $1.50 billion under the program. During the three months ended September 30, 2023, we repurchased 1.1 million shares of our common stock for an aggregate cost of $219.9 million. As of September 30, 2023, there was approximately $1.34 billion remaining available for future share repurchases under our share repurchase program.
As of September 30, 2023, we had $750.0 million principal amount outstanding of 2.70% senior unsecured notes due 2031, $550.0 million principal amount outstanding of 4.75% senior unsecured notes due 2027, and $500.0 million principal amount outstanding of 5.25% senior unsecured notes due 2025. As of September 30, 2023, there were no borrowings outstanding under our $200.0 million credit facility that will expire in 2024.
We believe existing cash, cash equivalents and marketable securities, and funds generated from operations, together with our ability to arrange for additional financing should be sufficient to meet our working capital, capital expenditure requirements, and to service our debt for the next 12 months and beyond. We regularly assess our cash management approach and activities in view of our current and potential future needs. Our cash requirements have not changed materially since the 2022 Form 10-K.
In summary, our cash flows for the nine months ended September 30, 2023 and 2022 were as follows:
| | | | | | | | | | | |
| Nine Months Ended September 30, |
| 2023 | | 2022 |
| (In millions) |
Net cash provided by operating activities | $ | 649.6 | | | $ | 614.2 | |
Net cash (used in) provided by investing activities | (201.5) | | | 546.0 | |
Net cash used in financing activities | (663.5) | | | (821.7) | |
Effect of exchange rate changes on cash, cash equivalents, and restricted cash | (0.6) | | | (1.4) | |
Net (decrease) increase in cash, cash equivalents, and restricted cash | $ | (216.0) | | | $ | 337.1 | |
Cash flows from operating activities
Our largest source of operating cash flows is cash collections from our customers. Our primary uses of cash from operating activities are for personnel-related expenditures, and other general operating expenses, as well as payments related to taxes, interest and facilities.
Net cash provided by operating activities increased during the nine months ended September 30, 2023, compared to the same period last year, primarily due to increases in cash received from customers and cash received from interest on investments, partially offset by increases in cash paid for income taxes and cash paid to employees and vendors. Cash received from customers increased primarily due to the .com price increase that became effective on September 1, 2022 and September 1, 2023, changes in customer deposit balances, and the .net price increase that became effective on February 1, 2023. Cash received from interest on investments increased due to higher interest rates on our investments in debt securities. Cash paid for income taxes increased primarily due to comparatively higher taxable income and higher transition tax payments on accumulated foreign earnings resulting from the 2017 Tax Cuts and Jobs Act. Cash paid to employees and vendors increased primarily due to an increase in operating expenses.
Cash flows from investing activities
The changes in cash flows from investing activities primarily relate to purchases, maturities and sales of marketable securities, and purchases of property and equipment.
We had net cash outflows from investing activities in the nine months ended September 30, 2023, compared to net cash inflows from investing activities during the same period last year, primarily due to a decrease in proceeds from maturities and sales of marketable securities, net of purchases of marketable securities and an increase in purchases of property and equipment, primarily related to the purchase of a building to be used as our future corporate headquarters.
Cash flows from financing activities
The changes in cash flows from financing activities primarily relate to share repurchases and proceeds from our employee stock purchase plan.
Net cash used in financing activities decreased during the nine months ended September 30, 2023, compared to the same period last year, primarily due to a decrease in share repurchases.
ITEM 3. QUANTITATIVE AND QUALITATIVE DISCLOSURES ABOUT MARKET RISK
There have been no significant changes in our market risk exposures since December 31, 2022.
ITEM 4. CONTROLS AND PROCEDURES
Evaluation of Disclosure Controls and Procedures
Our management, with the participation of our Chief Executive Officer (our principal executive officer) and our Chief Financial Officer (our principal financial officer), evaluated the effectiveness of our disclosure controls and procedures. Based on this evaluation, as of September 30, 2023, our principal executive officer and principal financial officer have concluded that our disclosure controls and procedures (as defined in Rules 13a-15(e) and 15d-15(e) under the Exchange Act) are effective to ensure that information required to be disclosed by us in reports that we file or submit under the Exchange Act is recorded, processed, summarized and reported within the time periods specified in SEC rules and forms and is accumulated and communicated to our management, including our principal executive officer and principal financial officer, as appropriate, to allow timely decisions regarding required disclosure.
Changes in Internal Control over Financial Reporting
There was no change in our internal control over financial reporting (as such term is defined in Rules 13a-15(f) and 15d-15(f) under the Exchange Act) during the three months ended September 30, 2023 that has materially affected, or is reasonably likely to materially affect, the Company’s internal control over financial reporting.
Inherent Limitations of Disclosure Controls and Internal Control over Financial Reporting
Because of their inherent limitations, our disclosure controls and procedures and our internal control over financial reporting may not prevent material errors or fraud. A control system, no matter how well conceived and operated, can provide only reasonable, not absolute, assurance that the objectives of the control system are met. The effectiveness of our disclosure controls and procedures and our internal control over financial reporting is subject to risks, including that the control may become inadequate because of changes in conditions or that the degree of compliance with our policies or procedures may deteriorate.
PART II—OTHER INFORMATION
ITEM 1. LEGAL PROCEEDINGS
We are involved in various investigations, claims and lawsuits arising in the normal conduct of our business, none of which, in our opinion, will have a material adverse effect on our financial condition, results of operations, or cash flows. We cannot assure you that we will prevail in any litigation. Regardless of the outcome, any litigation may require us to incur significant litigation expense and may result in significant diversion of management attention.
ITEM 1A. RISK FACTORS
Please carefully consider the following discussion of significant factors, events and uncertainties that make an investment in our securities risky. In addition to other information in this Form 10-Q, the following risk factors should be carefully considered in evaluating us and our business. When the factors, events and contingencies described below or elsewhere in this Form 10-Q materialize, our business, operating results, financial condition, reputation, cash flows or prospects can be materially adversely affected. In such case, the trading price of our common stock could decline and you could lose part or all of your investment. Additional risks and uncertainties not currently known to us or that we currently deem immaterial may also materially adversely affect our business, operating results, financial condition, reputation, cash flows and prospects. Actual results could differ materially from those projected in the forward-looking statements contained in this Form 10-Q as a result of the risk factors discussed below and elsewhere in this Form 10-Q and in other filings we make with the SEC.
Cybersecurity and Technology Risk Factors
Attempted security breaches, including from the exploitation of vulnerabilities, cyber-attacks and Distributed Denial of Service (“DDoS”) attacks against our systems and services increase our costs, expose us to potentially material liability, and could materially harm our business and reputation.
As an operator of critical internet infrastructure, we experience a high rate of cyber-attacks and attempted security breaches targeting our systems and services, including the most sophisticated forms of attacks, such as advanced persistent threat attacks, exploitation of zero-day vulnerabilities, ransomware attacks, and social engineering attacks. The forms of these attacks are constantly evolving and may involve methods, tools, and strategies that may not have been previously identified and may not have been observed until the moment of launch, or until sometime after, making these attacks virtually impossible to anticipate and difficult to defend against. In addition to external threats, our systems and services are subject to insider threat risks, including physical or electronic break-ins, sabotage, and risks from suppliers, such as consultants and advisors, SaaS providers, hardware, software, and network systems manufacturers, regional internet registries, and other vendors, or from current or former contractors or employees. These threats and any resulting security breaches can arise from intentional or unintentional actions. Our continued exposure to these threats and the potential that they could lead to material liability claims against us requires us to expend significant financial and other resources. We have developed policies, standards, and procedures to identify, protect, detect, respond, and recover from threats posed by cybersecurity risks, and failure to comply with these policies, standards, and procedures by our employees or suppliers could limit our ability to effectively manage threats from these cybersecurity risks. In addition, we must ensure that our employees stay focused on protecting the Company against cybersecurity threats especially in our hybrid work environment, or our ability to effectively manage cybersecurity risks could be impacted. Our failure to effectively manage these security risks, including insider threats, could result in material harm to our business, including loss of or delay in revenues, failure to meet service level agreements, material liability claims, failure to maintain market acceptance, injury to our reputation, and increased costs, and could call into question our ability to preserve the security and stability of the internet.
Security vulnerabilities in our systems and our vendors’ systems, including vulnerabilities in third party software and hardware, pose a material risk to our operations. We use externally-developed technology, systems, and services, including both hardware and software, for a variety of purposes, including compute, storage, encryption and authentication, back-office support, and other functions. We have developed policies, standards, and procedures to reduce the impact of security vulnerabilities in system components, as well as at any vendors where our data is stored or processed. However, such measures cannot provide absolute security. While we strive to remediate known vulnerabilities on a timely basis, such vulnerabilities could be exploited before a vulnerability has been disclosed or before our remediation is effective and if so, could cause systems and service interruptions, data loss and other damages. Our failure to identify, remediate and mitigate security vulnerabilities, including any potential failure to timely replace and upgrade hardware, software, or other technology assets, could result in material harm to our business, including loss of or delay in revenues, failure to meet service level agreements, material liability claims, failure to maintain market acceptance, injury to our reputation, increased costs, and call into question our ability to preserve the security and stability of the internet.
In addition, our networks have been, and likely will continue to be, subject to DDoS attacks. Recent industry experience has demonstrated that DDoS attacks continue to grow in size and sophistication and have the ability to widely disrupt internet services. While we have adopted mitigation techniques, procedures, and strategies to defend against DDoS attacks, and have successfully mitigated DDoS attacks to date, there can be no assurance that we will be able to defend against every attack,
especially as the attacks increase in size and sophistication. Any attack, even if only partially successful, could disrupt our networks, increase response time, negatively impact our ability to meet our service level agreements, and generally impede our ability to provide reliable service to our customers and the broader internet community. We have historically incurred, and will continue to incur, significant costs to enable our infrastructure to process levels of attack traffic that can be substantially larger than our normal transaction volume. We are employing new technologies and new and different services and capabilities to help mitigate DDoS attacks. If these new technologies, services and capabilities are not effective, our infrastructure could be disrupted, our response times could increase, our ability to meet our service level agreements could be negatively impacted, and our ability to provide reliable service to our customers and the broader internet community could be impeded.
In addition, we are subject to social engineering attacks including phishing, spear phishing, whaling, vishing, smishing, and domain spoofing, which are designed to entice people to divulge sensitive information or take actions that, if successful, could pose a material risk to our operations. The number of such attacks is increasing. Recent advances in artificial intelligence have increased the sophistication of these types of attacks as attackers are able to create more personalized and targeted communications using information derived from people’s relationships, online behavior and preferences. Social engineering attacks have occurred in concert with ransomware attacks. While we deploy advanced tools and conduct continuous security awareness training to address social engineering attacks, such measures cannot provide absolute security. Similarly, although we implement redundant architecture and multiple recovery solutions, and conduct periodic exercises to mitigate the threat of ransomware, we still may be subject to successful ransomware attacks. Our failure to prevent such attacks, including any successful social engineering attack, could result in our inability to meet our service legal agreements and could otherwise materially harm our business, including from legal claims, governmental investigations and scrutiny, injury to our reputation, and increased costs.
We do not maintain specific reserves for security breaches, cyber-attacks and DDoS attacks against our systems and the amount of insurance coverage we maintain may be inadequate to cover claims or liabilities relating to such attacks.
We may introduce undetected or unknown defects into our systems or services, which could materially harm our business and harm our vendors or our customers.
Despite testing, services as complex as those we offer or develop could contain undetected defects or errors, which could result in service outages or disruptions, compromised customer data, including DNS data, diversion of development resources, injury to our reputation, legal claims, increased insurance costs or increased service costs. Performance of our services, whether or not defective, could have unforeseen or unknown adverse effects on the networks over which they are delivered, on internet users and consumers, and on third-party applications and services that use our services, any of which could result in legal claims against us. While we strive to prevent, detect and remediate defects or errors, they can and do occur and they could result in our inability to meet customer expectations in a timely manner, failure to meet our service level agreements, injury to our reputation, and increased costs.
Our infrastructure and services are subject to vulnerabilities in the global routing system for the internet, as well as risks arising from internet services providers’ increasing adoption of the Resource Public Key Infrastructure system.
Routing on the internet depends on the Border Gateway Protocol (“BGP”), which is a protocol that relies on networks within the internet infrastructure acting in a trustworthy manner when sharing information about destinations for connectivity and the routing of internet traffic. As a trust-based protocol, BGP has a number of vulnerabilities that may lead to outages or disrupt our services, including as a result of “route hijacks” that involve accidental or malicious rerouting of internet traffic, or “route leaks” that involve the malicious or unintentional propagation of routing information beyond the intended scope of the originator, receiver, and/or one of the networks along the route’s path. Both route hijacks and route leaks can result in partial or full rerouting of internet traffic for the impacted destinations. These types of events, which are generally beyond our control, could enable an array of attack conditions or service disruptions, and could result in adverse publicity and adversely affect the public’s perception of the security of e-commerce and communications over the internet, as well as of the security or reliability of our services.
To address internet routing system vulnerabilities, many internet service providers have adopted and apply internet reachability policies based on a system known as the Resource Public Key Infrastructure (“RPKI”) operated by the regional internet registries (“RIRs”). The RIRs allocate internet number resources, such as internet protocol addresses, to enterprises and network operators. We have limited visibility into the maturity of and investment in the RIRs’ operational and security controls, which are outside of our control. When the availability, integrity, or confidentiality of any of the information in the RPKI system, or systems used to maintain and administer RPKI data and systems, are impacted or otherwise compromised in any of the RIRs, or any network operator that is a relying party of the RPKI system, or the operations or ingestion of data from the RPKI system are otherwise impacted by a known or unknown vulnerability, our services may be negatively impacted. Such impacts may include degraded or full loss of reachability of service addresses in the global internet routing system, resulting in degradation or complete loss of availability of our registration and resolution services. A compromise of the RPKI system and related services, or unintentional or unauthorized manipulation of data therein, may also result in other denial of service attack conditions for our infrastructure and services. The systemic dependencies introduced by RPKI and the relying parties of the
RPKI system, including network service providers, are outside of our control, and systems that depend upon the RPKI may be only as secure as the weakest elements of the RPKI system. Contracting with RIRs for the provision of and access to RPKI services carries material operational risks, as described above, as well as material contractual risks, which may expose us to service disruptions and material liability.
We could encounter system interruptions or systems failures resulting from activities beyond our direct control that could materially harm our business.
We depend on the uninterrupted operation of our various systems, secure data centers, points of presence around the world and other computer and communication networks. Our systems and operations are vulnerable to damage or interruption from power loss, transmission cable cuts and other telecommunications failures, damage or interruption caused by fire, earthquake, and other natural disasters, intentional acts of vandalism, terrorist attacks, unintentional mistakes, or errors. Our systems and operations also face risks inherent in, or arising from, the terms and conditions of our agreements with service providers to operate our networks and data centers. We are also subject to the risk of state suppression of internet operations. Any of these scenarios could create potential liability and exposure, including from a failure to meet our service level agreements, and could decrease customer satisfaction, harming our business, or resulting in adverse publicity and damage to our reputation or call into question our ability to preserve the security and stability of the internet.
Our data centers, our data center systems, including the Shared Registration Systems located at our data centers, and our resolution systems are vulnerable to damage or interruption, which could impede our ability to provide our services, expose us to material liability, and materially harm our reputation.
Most of the computing infrastructure for our Shared Registration System is located at, and most of our customer information is stored in, data centers we own or lease and operate. In 2019, we expanded some of our data center services to a leased data center facility. These data centers are vulnerable to damage or interruption, including from natural disasters, such as fires, earthquakes, hurricanes, and floods, power loss, hardware or system failures, physical or electronic break-ins, human error or interference. We are also regularly updating and enhancing our network architecture in several of our new and existing data centers and globally distributed resolution systems. If our data center facilities or the updated network architectures, hardware or software upgrades, or security controls do not operate as expected, including the ability to quickly switch over between sites, we could experience service interruptions or outages. A failure in the operation of our Shared Registration System could result in the inability of one or more registrars to register or manage domain names for a period of time. If such a registrar has not implemented robust services in a manner that preserves transactions until processed by the registry, then the failure in the operation of our Shared Registration System could result in permanent loss of transactions at the registrar during that period. A failure in the operation of our Shared Registration System could also impact our ability to provide up-to-date information in our globally distributed resolution systems, which could result in breaches of our service level agreements pertaining to our resolution services and impact the resolution of domain names on the internet. Although we carry insurance, we do not carry insurance or designated financial reserves for such interruptions.
In addition, our services depend on the secure and efficient operation of the internet connections to and from customers to our Shared Registration System residing in our secure data centers as well as our globally distributed resolution systems. These connections depend upon the secure and efficient operation of internet service providers, internet exchange point operators, and internet backbone service providers. Such providers have encountered periodic operational problems or experienced outages in the past beyond our scope of control and may continue to encounter problems and outages or may choose to discontinue their service. If the providers that our connections depend upon do not protect, maintain, improve, and reinvest in their networks or present inconsistent, incorrect, or invalid data regarding routing information or DNS responses through their networks, our business could be harmed.
A failure in the operation or update of the root zone servers, the root zone file, the Root Zone Management System, the TLD name servers, the TLD zone files that we operate, or other network functions, could result in, among other problems, (1) a DNS resolution or other service outage or degradation, (2) the deletion of one or more gTLDs or ccTLDs from the internet, (3) the deletion of one or more second-level domain names from the internet, or (4) a misdirection of one or more domain names to different servers. A failure in the operation or update of the supporting cryptographic and other operational infrastructure that we maintain could result in similar consequences. Any of these problems or outages could create potential material liability and exposure from litigation and investigations, could result in a failure to meet our service level agreements, and could decrease customer satisfaction, harming our business. These problems could also result in adverse publicity, decrease the public’s trust in the security of e-commerce, or call into question our ability to preserve the security and stability of the internet.
We retain certain customer and employee information in our data centers and various domain name registration systems. Any physical or electronic break-in or other security breach or compromise of the information stored at our data centers or domain name registration systems may jeopardize the security of information we retain or that is retained in the computer systems and networks of our customers. In such an event, we could face material liability and exposure from litigation and investigations, fail to meet service level agreements, or be at risk of losing various security and standards-based compliance certifications needed for operation of our businesses, and customers could be reluctant to use our services. Any such outcomes
could also adversely affect our reputation and harm our business or cause financial losses that are either not insured against or not fully covered through any insurance.
We face risks from the operation of the root server system and our performance of the Root Zone Maintainer functions under the RZMA.
Although the overall root server system is redundant and dispersed, a failure or interruption in the operation of the root server system could impact the effectiveness of our .com and .net authoritative servers and therefore negatively impact directory services necessary for the operation of the internet. We also have an important operational role in support of a key Internet Assigned Numbers Authority (“IANA”) function as the Root Zone Maintainer. In this role, we provision and publish the authoritative root zone data and make it available to all root server operators under the RZMA with ICANN. If we make errors in the publication of the root zone or experience operational issues that impact the timeliness of updates to the root zone data, we may be subject to material claims challenging the RZMA or our performance under it, including tort claims, and we may not have immunity from, or sufficient indemnification or insurance for, such claims.
Contractual, Regulatory, Legal and Compliance Risk Factors
Any loss or modification of our right to operate the .com and .net gTLDs could have a material adverse impact on our business and result in loss of revenues.
Substantially all of our revenues are derived from our operation of the .com gTLD under our Cooperative Agreement with the DOC and our .com Registry Agreement as well as our operation of the .net gTLD under our .net Registry Agreement. Any loss or modification of our right to operate the .com and .net gTLDs could materially and adversely impact our ability to conduct our business and result in loss of revenues. Our .com and .net Registry Agreements contain “presumptive” rights of renewal upon the expiration of their current terms on November 30, 2024 and June 30, 2023, respectively. ICANN could refuse to renew upon expiration or terminate our .com Registry Agreement or our .net Registry Agreement if, upon proper notice, (1) we fail to cure a fundamental and material breach of certain specified obligations, and (2) we fail to timely comply with a final decision of an arbitrator or court. Additionally, each of the .com and .net Registry Agreements provide that if certain terms of these agreements are not similar to such terms generally in effect in the registry agreements of the five largest gTLDs, then a renewal of these agreements would be upon terms reasonably necessary to render such terms to be similar to the registry agreements for those other gTLDs. Any such terms, if they apply, could be unfavorable to us and have a material adverse impact on our business.
Standard renewals of the .com Registry Agreement do not require further DOC approval, although the prior written approval of the DOC is required for the removal of, or any changes to the pricing section (other than as approved in Amendment 35 to the Cooperative Agreement), and for changes to certain other specified terms whether such removal or changes are made at a renewal or otherwise. We can provide no assurances that DOC approval would be provided upon our request for any of these changes.
In addition, under Amendment 35 to the Cooperative Agreement, we have agreed to continue to operate the .com gTLD in a content-neutral manner and to work within ICANN processes to promote the development of content-neutral policies for the operation of the DNS, and under our binding letter of intent with ICANN, we have agreed to work with the ICANN community to develop certain best practices and other commitments for the security, stability and resiliency of the DNS and the internet. Such policies and processes could expose us to compliance costs and substantial liability and result in costly and time-consuming investigations or litigation.
Changes or challenges to the pricing provisions in the .com Registry Agreement could have a material adverse impact on our business.
Under the terms of the .com Registry Agreement, we may increase the annual fee of each .com domain name registration or renewal by up to 7% over the previous year in each of the final four years of each six-year period. We can provide no assurance that we will exercise such right to increase the annual fee. In addition to this contractual right, we are entitled to increase the annual fee of each .com domain name registration or renewal by up to 7% due to the imposition of any new specifications or policies adopted by ICANN pursuant to the procedures set forth in its bylaws and due process (“Consensus Policies”) or documented extraordinary expense resulting from an attack or threat of attack on the security and stability of the DNS (an “Extraordinary Expense”). In addition, our ability to increase the price for .com domain name registrations and renewals due to a Consensus Policy or Extraordinary Expense may occur only in years in which we do not increase the price for .com domain name registrations and renewals as described above. It is uncertain whether circumstances would arise that would permit us to take a price increase due to a Consensus Policy or Extraordinary Expense, or if they do, whether we would seek to increase the price for .com domain name registrations for this reason. A failure to seek and obtain a price increase due to a Consensus Policy or Extraordinary Expense, when available, could negatively affect our operating results. We also have the right under the Cooperative Agreement to seek the removal of these pricing restrictions on the .com gTLD if we demonstrate to the DOC that market conditions no longer warrant these restrictions. However, we can provide no assurances whether we will seek the removal of these restrictions, or whether the DOC would approve the removal of these restrictions.
Our .com Registry Agreement, including its pricing provisions, has faced, and could face in the future, challenges, including possible legal challenges, or challenges under ICANN’s accountability mechanisms, from ICANN, registrars, registrants, and others, and any adverse outcome from these challenges could have a material adverse effect on our business.
Government regulation and the application of new and existing laws in the U.S. and internationally may slow business growth, increase our costs of doing business, create potential material liability and could have a material adverse effect on our business.
Application of new and existing laws and regulations in the U.S. or internationally to the internet or the domain name industry have imposed and may in the future impose new costs and new restrictions on our business. Laws and regulations, including those designed to restrict who can register and who can distribute domain names or to require registrants to provide additional documentation to register domain names, have, and may in the future, impose significant additional costs on our business and subject us to additional liabilities or could prevent us from operating in certain jurisdictions. For example, the government of China has indicated that it will issue, and has issued, new regulations, and it has begun to enforce existing regulations differently, including by directing certain implementation models for registry services, that impose additional costs on, and risks to, our provision of registry services in China. These regulations are impacting the demand for domain name registrations in China. These regulations require registries, including us, and China-based registrars, to obtain a government-issued license for each gTLD or ccTLD operating in China. Any failure to obtain or renew the required licenses, or to comply with any license requirements or any updates thereto, or any failure to comply with these regulations or directives, by us or our China-based registrars, could result in significant harm to our business in China including the suspension of some or all of our registry services in China.
We are also subject to changing laws and regulations that impact whether, how, and under what circumstances we may transfer, process and/or receive certain data that is critical to our operations, including data shared between countries or regions in which we operate and data shared among our products and services. For example, following the invalidation of the U.S.-EU Safe Harbor by the European Court of Justice (“EUCJ”) in 2015, the European Union and United States agreed to an alternative framework for data transferred from the European Union to the United States, called Privacy Shield. In 2018, Privacy Shield was also invalidated by the EUCJ. In 2022, the United States and European Union announced a new, but undefined data transfer framework, which once finalized, also could be subject to further legal challenges.
New laws, regulations, directives or ICANN polices that require us to obtain and maintain personal information of registrants of domain names in the .com and .net gTLDs could impose material compliance costs and could create new, material legal and others risks to our business.
If we are required to, or choose to, obtain and maintain personal information of registrants of domain names in the .com and .net gTLDs we could be required to incur significant compliance and legal costs as a result of GDPR and other similar regulations. For example, we could incur material costs to protect such information from unauthorized disclosure and, under GDPR, to ensure authorized disclosures are permitted. Failure to properly protect such information, or failure to comply with GDPR, could expose the Company to material costs and penalties. In addition, new obligations to obtain and maintain personal information of registrants in the .com and .net gTLDs could conflict with certain laws and regulations that may require such personal information be maintained solely within the jurisdiction of the data subject. In addition, any such new obligations could increase the cost and risks associated with complying with regulations that require verification of registrant personal information, including for purposes of complying with the economic and trade sanctions programs administered by the Office of Foreign Assets Control (“OFAC”).
Such laws, regulations, directives or ICANN policies, could give rise to significant claims, inquiries, investigations or other actions against us, which could result in significant costs, damages, fines or penalties and could delay the development of new products, change our current business practices, result in negative publicity, require significant management time and attention, all or any of which could materially harm our business.
Our international operations expose us and our business to additional economic, legal, regulatory and political risks that could have a material adverse impact on our revenues and business.
A significant portion of our revenues is derived from customers outside the U.S. Our business operations in international locations have required, and will continue to require, significant management attention and resources. We may also need to tailor some of our services for a particular location and to enter into international distribution and operating relationships. We may fail to maintain our ability to conduct business, including potentially material business operations in some international locations, or we may not succeed in expanding our services into new international locations or expand our presence in existing locations. Failure to do so could materially harm our business. Moreover, local laws and customs in many countries differ significantly from those in the U.S. In many foreign countries, particularly in those with developing economies, it is common for others to engage in business practices that are prohibited by our internal policies and procedures or U.S. law or regulations applicable to us. There can be no assurance that our employees, contractors and agents will not take actions in violation of such policies, procedures, laws and/or regulations. Violations of laws, regulations or internal policies and procedures by our employees, contractors or agents could result in financial reporting problems, investigations, fines, penalties, or prohibition on
the importation or exportation of our products and services and could have a material adverse effect on our business. In addition, we face risks inherent in doing business internationally, including:
•competition with companies in international locations or other domestic companies entering international locations in which we operate, as well as local governments actively promoting ccTLDs that we do not operate;
•political and economic tensions between governments and changes in international trade policies and/or the economic and trade sanctions programs administered by OFAC of the U.S. Department of the Treasury;
•tariffs and other trade barriers and restrictions;
•difficulties in staffing and managing international operations;
•potential problems associated with adapting our services to technical conditions existing in different countries;
•additional vulnerability from terrorist groups targeting U.S. interests abroad;
•potentially conflicting or adverse tax consequences;
•reliance on third parties in international locations in which we only recently started doing business; and
•potential concerns of international governments or customers and prospects regarding doing business with U.S. technology companies due to alleged U.S. government data collection policies.
Political tensions between the United States and China in particular may pose additional risks to our business in China. The U.S. government has imposed restrictions on certain Chinese companies and on trading in certain technologies. The Chinese government has announced actions that, if implemented, could impose additional restrictions on the operations of non-Chinese companies in China. These and future government actions could impact our ability to operate in China and may cause our management’s attention to be diverted, our reputation to be damaged, or our business in China to be adversely affected.
Changes in, or interpretations of, tax rules and regulations or our tax positions may materially and adversely affect our income taxes.
We are subject to income taxes in both the U.S. and numerous international jurisdictions. Significant judgment is required in determining our worldwide provision for income taxes. In the ordinary course of our business, there are many transactions and calculations where the ultimate tax determination is uncertain. Our effective tax rates may fluctuate significantly on a quarterly basis because of a variety of factors, including changes in the mix of earnings and losses in countries with differing statutory tax rates, changes in our business or structure, changes in tax laws that could adversely impact our income or non-income taxes or the expiration of or disputes about certain tax agreements in a particular country. We are subject to audit by various tax authorities. In accordance with U.S. GAAP, we recognize income tax benefits, net of required valuation allowances and accrual for uncertain tax positions. Although we believe our tax estimates are reasonable, the final determination of tax audits and any related litigation could be materially different than that which is reflected in historical income tax provisions and accruals. Should additional taxes be assessed as a result of an audit or litigation, an adverse effect on our results of operations, financial condition and cash flows in the period or periods for which that determination is made could result.
The Organization for Economic Cooperation and Development (“OECD”) continues to issue guidance that will provide a long-term, multilateral proposal on the taxation of the digital economy. Similarly, some international tax jurisdictions, independent of the OECD, have enacted or may enact new tax regimes aimed at income resulting from digital services. Although we cannot predict the nature or outcome of such changes or the likelihood of such legislative proposals being adopted in the U.S. or throughout the world, any or all of these changes in tax laws could increase our taxes and adversely impact our financial condition and cash flow.
Our business faces risks arising from ICANN’s consensus and temporary policies, technical standards and other processes.
Our Registry Agreements with ICANN require us to implement Consensus Policies and changes mandated by ICANN through temporary specifications or policies (“Temporary Policies”). ICANN could adopt Consensus Policies or Temporary Policies that (1) are unfavorable to us as the registry operator of .com, .net and other gTLDs we operate, (2) are inconsistent with our current or future plans, (3) impose substantial costs on our business, (4) subject the Company to additional legal risks, or (5) affect our competitive position. These Consensus Policies or Temporary Policies could have a material adverse effect on our business.
Our Registry Agreements with ICANN require us to implement and comply with various technical standards and specifications published by the Internet Engineering Task Force (“IETF”). ICANN could impose requirements on us through changes to these IETF standards, or new standards, that are inconsistent with our current or future plans, that impose substantial costs on our business, that subject the Company to additional legal risks, or that affect our competitive position. Any such changes to the IETF standards, or new standards, could have a material adverse effect on our business.
Weakening of, or changes to, the multi-stakeholder form of internet governance could materially and adversely impact our business.
The internet is governed under a multi-stakeholder model comprising civil society, the private sector, including for-profit and not-for-profit organizations such as ICANN, governments, including the U.S. government, academia, non-governmental organizations and international organizations. If ICANN fails to uphold, or if the multi-stakeholder model is significantly redefined, it could harm our business. For example, certain governments, governmental organizations, and private actors continue to express dissatisfaction with the multi-stakeholder form of internet governance and have proposed alternatives including oversight by the United Nations or by international treaties. Furthermore, national legislation has been proposed on topics such as information security and access to personal information that effectively supplants the multi-stakeholder process for policy development in the DNS. Substantially weakening or replacing the multi-stakeholder form of internet governance could materially harm our business.
In addition, in 2016 the U.S. government transferred key internet functions to ICANN, who adopted new and enhanced accountability mechanisms in its bylaws such as the creation of the Empowered Community. There can be no assurance that the removal of the U.S. government oversight of these key functions, or the changes to ICANN’s bylaws, will not negatively impact our business.
Claims, lawsuits, audits or investigations in which we are or could become involved may result in material adverse outcomes to our business.
We are, and may in the future become, involved in claims, lawsuits, audits, and investigations, including intellectual property litigation and infringement claims. Litigation is inherently unpredictable, and unexpected judgments or excessive verdicts do occur. In addition, proceedings that we initially view as immaterial could prove to be material. Adverse outcomes in lawsuits, audits and investigations, could result in significant monetary damages, including indemnification payments, or injunctive relief that could adversely affect our ability to conduct our business, and may have a material adverse effect on our financial condition, results of operations and cash flows. For example, we are engaged in activities to help mitigate security threats and other forms of DNS abuse in the gTLDs and ccTLDs we operate and we are involved in community efforts that could increase and expand such activities including potential new contractual obligations. Such activities include, for example, receiving reports of suspected threats and abuse from appropriate “trusted notifiers” (typically involving national and international law enforcement) and notifying registrars or others of domain names associated with suspected malicious or illegal activity. Our activities may also include disabling one or more domain names in the gTLDs or ccTLDs we operate including in response to governmental directives and orders in those jurisdictions in which we operate. Activities such as these have resulted in, and could in the future result in, significant litigation and could harm our reputation. Given the inherent uncertainties in litigation, even when we are able to reasonably estimate the amount of possible loss or range of loss and therefore record an aggregate litigation accrual for probable and reasonably estimable loss contingencies, the accrual may change in the future due to new developments or changes in approach. In addition, such claims, lawsuits, audits and investigations could involve significant expense and diversion of management’s attention and resources from other matters.
Strategic, Business and Operating Risk Factors
Deterioration of economic conditions could materially harm our business.
Our business is, and could continue to be, adversely affected by the deterioration in national or global economic conditions, including high inflation rates, increasing interest rates, disruption in the supply chain, and currency fluctuations, resulting from the continuing economic effects of the COVID-19 pandemic, war and civil unrest, and other political and economic developments. The severity and duration of a these economic conditions, as well as the timing, strength, and sustainability of any recovery, are unknown and are not within the Company’s control and may have an adverse effect on our results of operations, financial condition and cash flows.
The business environment is highly competitive and, if we do not compete effectively, we may suffer material adverse impact to our business, including lower demand for our products, reduced gross margins, and loss of market share.
We face competition from services that provide an online identity or presence, including other gTLDs and ccTLDs. In order to remain competitive, we must continually demonstrate the security, stability, and resiliency of our services and must adopt and support new technologies to adapt our services to changing technologies, market conditions, and our customers’ and internet users’ preferences and practices. Also to remain competitive, we have undertaken important initiatives such as our efforts to acquire the .web gTLD, and we may in the future undertake other important initiatives. Any of these initiatives require significant resources, can subject us to regulatory scrutiny and/or negative publicity, and divert management attention from our existing business. Such undertakings, including our efforts to acquire the .web gTLD, may be unsuccessful and costly. In addition, competing technologies developed by others or the emergence of new industry standards may adversely affect our competitive position or render our services or technologies noncompetitive or obsolete. Finally, consolidation within our industry has occurred and is likely to continue to occur. Our ability to participate and benefit from such consolidations may be limited and consolidation within our industry among our competitors could harm our competitive position and adversely impact our business.
We have been designated as the registry operator for certain new gTLDs, including certain IDN gTLDs. Our new gTLDs may not be as or more successful than the new gTLDs obtained by our competitors. In addition, our new gTLDs may face additional universal acceptance and usability challenges and it is possible that resolution of domain names within some of these new gTLDs may be blocked within certain state or organizational environments, challenging universal resolvability of these strings and their general acceptance and usability.
See the “Competition” section in Part I, Item 1 of the 2022 Form 10-K for further information.
The evolution of technologies or internet practices and behaviors, the adoption of substitute technologies, or wholesale price increases of domain names in the gTLDs we operate may materially and negatively impact the demand for the domain names for which we are the registry operator.
Technologies relating to online presence, including social media, mobile devices, apps, and search engines, have evolved and continue to evolve, changing the internet practices and behaviors of consumers and businesses. These ongoing changes can negatively impact the demand for our domain names. In addition, registrants purchase domain names for a variety of reasons, including personal, commercial, and investment reasons. Changes in the motivation of domain name registrants can negatively impact our business.
Technology changes to web browser or internet search technologies could reduce demand for domain names. Similarly, if internet users’ preferences or practices shift away from recognizing and relying on web addresses or if internet users were to significantly decrease the use of web browsers in favor of applications to locate and access content, demand for domain names in the gTLDs we operate could be negatively impacted. Demand for domain names in the gTLDs we operate could be negatively impacted by new technologies that significantly decrease the use of traditional domain names to present and protect an online identity. New technologies that encourage internet users to expand the use of third-level domains or alternate identifiers, such as identifiers from social networking, e-commerce platforms and microblogging sites, could also negatively impact the demand for domain names in the gTLDs we operate. In addition, the demand for domain names in the gTLDs we operate could be impacted by alternative namespaces with domain-name-like identifiers that are operated outside the single authoritative DNS root zone, including blockchain namespaces. To the extent that web browsers, applications, DNS registrars and DNS resolvers recognize and support such namespaces, and that internet users are able to perform online operations with identifiers from such namespaces, demand for domain names in gTLDs and ccTLDs in the single authoritative DNS root zone, including the gTLDs we operate, could be negatively impacted.
Some registrars and registrants purchase and resell domain names at an increased price in a secondary market. Adverse changes in the resale value of domain names, changes in the business models for such domain name registrars and registrants, or other factors, including regulations limiting the resale of domain names, could result in a decrease in the demand and/or renewal rates for domain names in the gTLDs we operate.
Some registrars and registrants seek to generate revenues by registering domain names specifically for website advertising. Changes in the way these registrars and registrants are compensated (including changes in methodologies and metrics) by advertisers and advertisement placement networks, such as Google, Baidu and Bing, have adversely affected, and may continue to adversely affect the market for domain names used for this purpose, which has resulted in, and may continue to result in, a decrease in demand and/or the renewal rate for such domain names. In addition, if spending on online advertising and marketing is reduced, this may result in a further decline in the demand for domain names used for this purpose.
Under the terms of the .com and .net Registry Agreements, as amended, we are permitted to increase the annual fee of each .com and .net domain name registration or renewal according to the provisions in these agreements. To the extent we increase our prices, there could be a decrease in the demand and/or renewal rates for .com or .net domain names.
If we fail to expand our services into developing and emerging economies in international locations, our business may not grow.
We seek to serve new, developing, and emerging economies in international locations to grow our business. These economies are rapidly evolving and may not grow or even if they do grow, our services may not be widely used or accepted there. Accordingly, the demand for our services in these locations is uncertain. Factors that may affect acceptance or adoption of our services in these locations include:
•regional internet infrastructure development, expansion, penetration and adoption, and the development, maturity and depth of our sales channels;
•acceptance and adoption of substitute products and services that enable online presence without a domain name, including social media, e-commerce platforms, website builders and mobile applications;
•increased acceptance and adoption of other substitute products and services, including ccTLDs or other gTLDs;
•public perception of the security of our products and services;
•the use of mobile applications as the primary engagement mechanism for navigating the internet; and
•government regulations affecting the internet, internet access and availability, domain name registrations or the provision of registry services, data security, privacy, or data localization, e-commerce or telecommunications.
If our services are not widely accepted or adopted in these locations, our business may not grow.
Our business depends on registrars and their resellers maintaining their focus on marketing our products and services.
All of the domain name registrations and renewals for the registries we operate occur through registrars. Registrars and their resellers engage in substantial marketing efforts to increase the demand and/or renewal rates for domain names as well as their own associated offerings. Consolidation in the registrar or reseller industry or changes in ownership, management, or strategy among individual registrars or resellers, including vertical integration by registrar or reseller industry participants, could result in significant changes to their businesses, operating models, and cost structures. These changes could include reduced marketing efforts for the gTLDs we operate or other operational changes that could adversely impact the demand and/or the renewal rates for the domain names for which we are the registry operator.
With the introduction of new gTLDs, many of our registrars and resellers have chosen to, and may continue to choose to, focus their short- or long-term marketing efforts on these new offerings and/or reduce the prominence or visibility of our products and services on their e-commerce platforms. Our registrars and resellers sell domain name registrations of other competing registries, including new gTLDs, and some also sell and support their own services for websites such as email, website hosting, and other services. Our registrars and resellers may be more motivated to sell to registrants to whom they can also market their own services. To the extent that registrars and resellers focus more on selling and supporting their services and less on the registration and renewal of domain names in the gTLDs we operate, our revenues could be adversely impacted. Our ability to successfully market our services to, and build and maintain strong relationships with, new and existing registrars or resellers is a factor upon which successful operation of our business is dependent. If we are unable to keep a significant portion of their marketing efforts focused on selling registrations of domain names in the gTLDs we operate, as opposed to other competing gTLDs, including the new gTLDs, or their own services, our business could be harmed.
We depend on highly skilled employees to maintain and provide innovative solutions for our business, and our business could be materially harmed if we are not able to attract and retain such qualified talent.
Our business is highly technical and requires individuals skilled and knowledgeable in unique technologies, configurations, operating systems, and software development tools. We depend on the knowledge, experience, and performance of these employees and leaders to effectively manage and provide innovative solutions for our business. For example, we require employees with expertise in DNS operations and with certain cybersecurity specialties. Because such employees are in high demand by our competitors and other companies, we must be able to attract, integrate, retain and motivate such highly skilled employees and leaders. Failure to attract and retain such employees and to effectively implement succession plans for these employees could harm our business.
Intellectual Property Risk Factors
We rely on our intellectual property rights to protect our proprietary assets, and any failure by us to protect or enforce, or any misappropriation of, our intellectual property could materially harm our business.
Our success depends in part on our internally developed technologies and related intellectual property. Despite our precautions, it may be possible for an external party to copy or otherwise obtain and use our intellectual property without authorization. Furthermore, the laws of other countries may not protect our proprietary rights in those countries to the same extent U.S. law protects these rights in the U.S. In addition, it is possible that others may independently develop substantially equivalent intellectual property. If we do not effectively protect our intellectual property, our business could suffer. Additionally, we have filed patent applications with respect to some of our technology in the U.S. Patent and Trademark Office and patent offices outside the U.S. Patents may not be awarded with respect to these applications and even if such patents are awarded, third parties may seek to oppose or otherwise challenge our patents, and such patents’ scope may differ significantly from what was requested in the patent applications and may not provide us with sufficient protection of our intellectual property. In the future, we may have to resort to litigation to enforce and protect our intellectual property rights, to protect our trade secrets or to determine the validity and scope of the proprietary rights of others. This type of litigation is inherently unpredictable and, regardless of its outcome, could result in substantial costs and diversion of management attention and technical resources. Some of the software and protocols used in our business are based on standards set by standards setting organizations such as the IETF. To the extent any of our patents are considered “standards essential patents,” in some cases we may be required to license such patents to our competitors on reasonable and non-discriminatory terms or otherwise be limited in our ability to assert such patents.
We also license externally developed technology that is used in some of our products and services to perform key functions. These externally developed technology licenses may not continue to be available to us on commercially reasonable terms or at all. The loss of, or our inability to obtain or maintain, any of these technology licenses could hinder or increase the cost of our services, launching new products and services, entering into new markets and/or otherwise harm our business. Some
of the software and protocols used in our business are in the public domain or may otherwise become publicly available, which means that such software and protocols are or may become equally available to our competitors.
We rely on the strength of our Verisign brand to help differentiate Verisign in the marketing of our products. Dilution of the strength of our brand could harm our business. We are at risk that we will be unable to fully register, build equity in, or enforce the Verisign logo in all markets where Verisign products and services are sold.
ITEM 2. UNREGISTERED SALES OF EQUITY SECURITIES AND USE OF PROCEEDS
The following table presents the share repurchase activity during the three months ended September 30, 2023:
| | | | | | | | | | | | | | | | | | | | | | | |
| Total Number of Shares Purchased | | Average Price Paid per Share | | Total Number of Shares Purchased as Part of Publicly Announced Plans or Programs (1) | | Approximate Dollar Value of Shares That May Yet Be Purchased Under the Plans or Programs (1) (2) |
| (Shares in thousands) |
July 1 - 31, 2023 | 321 | | | $ | 217.25 | | | 321 | | | $ | 1,493.0 | million |
August 1 - 31, 2023 | 390 | | | $ | 205.83 | | | 390 | | | $ | 1,412.8 | million |
September 1 - 30, 2023 | 344 | | | $ | 203.08 | | | 344 | | | $ | 1,342.9 | million |
| 1,055 | | | | | 1,055 | | | |
(1) Effective July 27, 2023, our Board of Directors authorized the repurchase of our common stock in the amount of $1.14 billion, in addition to the $356.1 million that remained available for repurchases under the share repurchase program, for a total repurchase authorization of up to $1.50 billion under the program. The share repurchase program has no expiration date. Purchases made under the program could be effected through open market transactions, block purchases, accelerated share repurchase agreements or other negotiated transactions.
(2) Amounts presented are exclusive of the excise tax on share repurchases.
ITEM 5. OTHER INFORMATION
Insider Trading Arrangements
Our directors and executive officers may from time to time enter into plans or other arrangements for the purchase or sale of our shares that are intended to satisfy the affirmative defense conditions of Rule 10b5-1(c) or may represent a non-Rule 10b5-1 trading arrangement under the Exchange Act.
On August 11, 2023, D. James Bidzos, the Company's Executive Chairman and Chief Executive Officer, adopted a trading plan intended to satisfy Rule 10b5-1(c) to sell up to 144,000 shares of Company common stock between November 14, 2023 and October 17, 2024, subject to certain conditions.
On September 1, 2023, Thomas Indelicarto, the Company's Executive Vice President, General Counsel and Secretary, adopted a trading plan intended to satisfy Rule 10b5-1(c) to sell up to 13,500 shares of Company common stock between January 2, 2024 and November 29, 2024, subject to certain conditions.
No other directors or executive officers adopted, terminated or modified plans or other arrangements during the quarter ended September 30, 2023.
ITEM 6. EXHIBITS
As required under Item 6—Exhibits, the exhibits filed as part of this report are provided in this separate section. The exhibits included in this section are as follows:
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
Exhibit Number | | Exhibit Description | Incorporated by Reference | | |
| | | Form | | Date | | Number | | Filed Herewith |
31.01 | | | | | | | | | X |
| | | | | | | | | |
31.02 | | | | | | | | | X |
| | | | | | | | | |
32.01 | | | | | | | | | X |
| | | | | | | | | |
32.02 | | | | | | | | | X |
| | | | | | | | | |
101 | | Interactive Data File. The instance document does not appear in the Interactive Data File because its XBRL tags are embedded within the Inline XBRL document. | | | | | | | X |
104 | | Cover Page Interactive Data File (formatted as Inline XBRL and contained in Exhibit 101). | | | | | | | X |
| | | | | |
* | As contemplated by SEC Release No. 33-8212, these exhibits are furnished with this Quarterly Report on Form 10-Q and are not deemed filed with the SEC and are not incorporated by reference in any filing of VeriSign, Inc. under the Securities Act of 1933 or the Securities Exchange Act of 1934, whether made before or after the date hereof and irrespective of any general incorporation language in such filings. |
SIGNATURES
Pursuant to the requirements of the Securities Exchange Act of 1934, the registrant has duly caused this report to be signed on its behalf by the undersigned thereunto duly authorized.
| | | | | | | | |
| | VERISIGN, INC. |
| | |
Date: October 26, 2023 | By: | /S/ D. JAMES BIDZOS |
| | D. James Bidzos |
| | Chief Executive Officer |
| | | | | | | | |
Date: October 26, 2023 | By: | /S/ GEORGE E. KILGUSS, III |
| | George E. Kilguss, III |
| | Chief Financial Officer |