•Reductions in the federal income tax that investors are required to pay on long-term capital gains and on some dividends paid on stock that may provide an incentive for some of the Company’s customers and potential customers to shift assets into mutual funds and away from products, including life insurance and annuities, designed to defer taxes payable on investment returns;
•Changes in the availability of, or rules concerning the establishment, operation, and taxation of, Section 401, 403(b), 408, and 457 plans; and
•Repeal of the federal estate tax or changes in the tax treatment of life insurance death benefits.
Further, future changes in tax rates could impact the Company’s tax costs, which could affect the consolidated financial statements in several ways. For example, an increase in the federal corporate income tax rate could affect the consolidated financial statements as follows, and a decrease in the rate could have the opposite impacts:
•A higher effective tax rate could have an unfavorable impact on net income over the period that the higher rate remains in effect;
•An increase in certain deferred tax liabilities, which would have an immediate unfavorable impact on net income in the period during which the higher rate came into effect;
•An increase in certain deferred tax assets, which would have an immediate favorable impact on net income in the period during which the lower tax rate came into effect; and
•An increase in tax rates could affect the timing of recognizing tax benefits.
The Company cannot predict whether any legislation will be enacted, what the specific terms of any such legislation will be, or how, if at all, such legislation could have an adverse effect. However, should this risk materialize, it could have an adverse effect on the Company’s future results of operations and financial position, potentially through lower product sales, changes in investor preferences and behavior, and increased lapses of policies.
The Company’s risk management policies and procedures may leave it exposed to unidentified or unanticipated risk, which could adversely affect its business, results of operations, and financial condition.
Management of operational, legal, regulatory, and financial risks requires, among other things, policies and procedures to record properly and verify a large number of transactions and events. Management has devoted significant resources to develop the Company’s risk management and disaster recovery policies and procedures. However, policies and procedures may not be fully effective and may leave the Company exposed to unidentified and unanticipated risks. The Company may be subject to disruptions of its operating systems or its ability to conduct business from events that are wholly or partially beyond its control such as a natural catastrophe, act of terrorism, pandemic, or electrical/telecommunications outage.
A failure in cyber or information security systems could result in a loss or disclosure of confidential information, damage the Company’s reputation, and could impair its ability to conduct business effectively.
The Company depends heavily upon computer systems to provide reliable service, as a significant portion of the Company’s operations relies on the secure processing, storage, and transmission of confidential or proprietary information and complex transactions. Despite the implementation of a variety of security measures, the Company’s computer systems could be subject to physical and electronic break-ins, cyber attacks, and similar disruptions from unauthorized tampering, including threats that may come from external factors, such as governments, organized crime, hackers and other third parties, or may originate internally from within the Company.
If one or more of these events occurs, it could potentially jeopardize the confidential or proprietary information, including personally identifiable non-public information, processed and stored in, and transmitted through, the computer systems and networks. It could also potentially cause interruptions or malfunctions in the operations of the Company, its customers, or other third parties. This could result in damage to the Company’s reputation, financial losses, litigation, increased costs, regulatory penalties, and/or customer dissatisfaction or loss. Although steps have been taken to prevent and detect such attacks, it is possible that the Company may not become aware of a cyber incident for some time after it occurs, which could increase its exposure to these consequences.
In addition, the Company is subject to a variety of laws and regulations in the United States and abroad regarding privacy, data protection and data security, and may become subject to further such laws and regulations in the future. These laws and regulations are continuously evolving and developing. The scope and interpretation of the laws that are or may be applicable to the Company are often uncertain and may be conflicting, particularly with respect to foreign laws. For example, in April 2016 the European Commission adopted the General Data Protection Regulation (“GDPR”), which greatly increases the jurisdictional reach of its
