UNITED STATES

SECURITIES AND EXCHANGE COMMISSION

Washington, D.C. 20549

FORM 10-K

(Mark One)

For the fiscal year ended December 31, 2021

OR

Commission File Number 001-40430

FLYWIRE CORPORATION

(Exact name of Registrant as specified in its Charter)

Registrant’s telephone number, including area code: (617) 329-4524

Securities registered pursuant to Section 12(b) of the Act:

Securities registered pursuant to Section 12(g) of the Act: None

Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act. Yes ☐ No ☒

Indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or 15(d) of the Act. Yes ☐ No ☒

Indicate by check mark whether the registrant: (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days. Yes ☒ No ☐

Indicate by check mark whether the registrant has submitted electronically every Interactive Data File required to be submitted pursuant to Rule 405 of Regulation S-T (§232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit such files). Yes ☒ No ☐

Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, smaller reporting company, or an emerging growth company. See the definitions of “large accelerated filer,” “accelerated filer,” “smaller reporting company,” and “emerging growth company” in Rule 12b-2 of the Exchange Act.

If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. ☐

Indicate by check mark whether the registrant has filed a report on and attestation to its management’s assessment of the effectiveness of its internal control over financial reporting under Section 404(b) of the Sarbanes-Oxley Act (15 U.S.C. 7262(b)) by the registered public accounting firm that prepared or issued its audit report. ☐

Indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Exchange Act). Yes ☐ No ☒

As of June 30, 2021, the last business day of the registrant’s mostly recently completed second fiscal quarter, the aggregate market value of the voting and non-voting common stock held by non-affiliates of the registrant was $2,418,170,478 based upon the closing sale price of our voting common stock of $36.74 on that date. The voting and non-voting common stock held by each officer and director and by each person known to own in excess of 5% of aggregate outstanding shares of our voting and non-voting common stock has been excluded in that such persons may be deemed to be affiliates. The determination of affiliate status in not necessarily a conclusive determination for other purposes.

As of March 25, 2022, the registrant had 101,017,602 shares of voting common stock, $0.0001 par value per share, outstanding and 5,988,378 shares of non-voting common stock $0.0001 par value per share, outstanding.

DOCUMENTS INCORPORATED BY REFERENCE

Table of Contents

i

SPECIAL NOTE REGARDING FORWARD-LOOKING STATEMENTS

This Annual Report on Form 10-K, as well as information included in oral statements or other written statements made or to be made by us, contains forward-looking statements within the meaning of Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities Exchange Act of 1934, as amended, that involve substantial risks and uncertainties. All statements other than statements of historical fact contained in this report, including statements regarding our future results of operations and financial condition, business strategy, and plans and objectives of management for future operations, are forward-looking statements. In some cases, forward-looking statements may be identified by words such as “believe,” “may,” “will,” “potentially,” “estimate,” “continue,” “anticipate,” “intend,” “could,” “would,” “project,” “target,” “plan,” “expect,” or the negative of these terms or other similar expressions. These forward-looking statements include, but are not limited to, statements concerning the following:

2

Forward-looking statements are based on our management’s beliefs and assumptions and on information currently available. These forward-looking statements are subject to a number of known and unknown risks, uncertainties and assumptions, including risks described in the section titled “Risk Factors” and elsewhere in this Form 10-K. Other sections of this Form 10-K may include additional factors that could harm our business and financial performance. Moreover, we operate in a very competitive and rapidly changing environment. New risk factors emerge from time to time, and it is not possible for our management to predict all risk factors nor can we assess the impact of all factors on our business or the extent to which any factor, or combination of factors, may cause actual results to differ from those contained in, or implied by, any forward-looking statements.

You should not rely upon forward-looking statements as predictions of future events. Although we believe that the expectations reflected in the forward-looking statements are reasonable, we cannot guarantee future results, levels of activity, performance, achievements, events, or circumstances. Except as required by law, we undertake no obligation to update publicly any forward-looking statements for any reason after the date of this report or to conform these statements to actual results or to changes in our expectations. You should read this Annual Report on Form 10-K and the documents that we have filed as exhibits to this report with the understanding that our actual future results, levels of activity, performance, and achievements may be materially different from what we expect. We qualify all of our forward-looking statements by these cautionary statements.

In addition, statements that “we believe” and similar statements reflect our beliefs and opinions on the relevant subject. These statements are based upon information available to us as of the date of this report, and while we believe such information forms a reasonable basis for such statements, such information may be limited or incomplete, and our statements should not be read to indicate that we have conducted an exhaustive inquiry into, or review of, all potentially available relevant information. These statements are inherently uncertain and you are cautioned not to unduly rely upon these statements.

Unless otherwise noted or unless the context provides otherwise, all references in this Annual Report on Form 10-K to our “common stock” refers to our voting common stock.

3

PART I

Item 1. Business

Our Mission

Our mission is to deliver the most important and complex payments. In an increasingly digital world, getting paid means Flywire.

Our Company

Flywire is a leading global payments enablement and software company. Our next-gen payments platform, proprietary global payment network and vertical-specific software help our clients get paid and help their customers pay with ease—no matter where they are in the world. Our clients rely on us for our integrated solutions that are both global and local, combine tailored invoicing with flexible payment options, and deliver highly personalized omni-channel experiences. We believe we make generational advances for our clients by transforming payments into a source of value and growth for their organizations while delighting their customers with payment experiences that are engaging, secure, fast, and transparent.

There have been substantial strides made in payments technology in the retail and e-commerce industries; however, massive sectors of our global economy—including education, healthcare, travel, and business to business (B2B) payments—are still in the early stages of digital transformation. We estimate the annual addressable volume for these sectors alone to be approximately $11.7 trillion, as more fully described in “Our Market Opportunity”. We believe Flywire is well-positioned to capture a meaningful share of this global payment volume given our ability to provide deeply-integrated digital solutions that address both domestic and cross-border payments.

Our clients, and the types of organizations we serve in education, healthcare, travel, and B2B, require payment processes and experiences that can deliver high-stakes, high-value payments and are specifically tailored to their industry, their business, and their customers. Often, payment solutions have a “one size fits all” approach, without regard for the particular nuances and detailed operations of specific verticals. Without Flywire, organizations often invest substantial resources in building their own payment offerings or rely on disparate legacy systems, which not only fail to meet their or their customers’ needs but also divert meaningful resources away from revenue-generating work. When core payment capabilities like invoicing, diverse payment offerings and reconciliation are inefficient, organizations miss the opportunity to use payments to scale and grow their business.

Flywire was founded to solve these challenges. We aim to power the transformation of our clients’ accounts receivable functions by automating paper and check-based business processes in addition to creating interactive, digital payment experiences for their customers. As a result, clients who implement our cross-border and in-country domestic payments and software solutions can experience improved accounts receivable, higher enrollment in payment plans, and a reduction in customer support inquiries. We help our clients turn their accounts receivable functions into strategic, value-enhancing areas of their organizations.

Over the last decade, we have invested significant resources to build a global network of bank, payment and technology partners that enable us to provide end-to-end connectivity between our clients and their customers in many countries around the world. We have engineered our software-driven payments technology stack to meet enterprise-level standards and functionality while delivering simplicity, convenience and ease of use for our clients and their customers. In addition, we have developed personalized communication channels (e.g., short message service (sms), chat, email, text, or phone) to enhance our clients’ ability to engage with their customers through a digital-first user experience. The result of these investments is our Flywire Advantage.

Our Flywire Advantage is derived from three core elements: (i) our next-gen payments platform; (ii) our proprietary global payment network; and (iii) our vertical-specific software backed by our deep industry expertise.

4

5

These three core elements of our business fuel a powerful and accelerating flywheel. When we started Flywire, we built a robust payments platform that solved pain points for cross-border payments and delivered simplicity, transparency, and cost-effective solutions. Continued adoption of our payments platform has enabled us to enhance engagement with our clients, create more personalized connections for our clients’ customers and extend our reach. Adding new clients and their customers builds our global scale and deepens our knowledge and expertise, enabling us to streamline and automate complex accounts receivable functions. As shown in the illustration below, as the number of clients using our next-gen payments platform grows, we are able to continue to enhance our end-to-end solutions, tailor our vertical-specific software and expand our global payment network to support more local payment types.

The benefits of our flywheel are visible in the significant scale we have achieved to date. Today, we serve over 2,500 clients around the world. In education alone, we serve more than 2,000 institutions and 2.0 million students globally. In healthcare, we serve more than 80 healthcare systems, including four of the top 10 healthcare systems in the United States ranked by hospital size. In our newer payment verticals of travel and B2B, we have a growing portfolio of more than 300 clients.

Our business model is designed to encourage rapid, widespread utilization of our solutions. We enable our clients to scale the use of Flywire to an unlimited number of customers with favorable unit economics. For the year ended December 31, 2021, we enabled over $13.2 billion of total payment volume across more than 140 currencies. For the year ended December 31, 2020, we enabled over $7.5 billion of total payment volume across more than 130 currencies.

The value of our Flywire Advantage has been recognized, with global financial institutions and technology providers choosing to form channel partnerships with us. Our channel partners include financial institutions such as Bank of America Corporation; payment providers such as China UnionPay Co. Ltd. and Adyen N.V.; and software companies that serve as the core systems in our verticals such as Ellucian Company, L.P. in education and Cerner Corporation in healthcare. These partnerships promote organic referral and lead generation opportunities and enhance our indirect sales strategy.

6

We also reach clients through our direct channel. Our domain-experienced sales and relationship management teams bring vertical expertise and regional and local reach that drives high dollar-based net retention. For the year ended December 31, 2021, our annual net dollar-based retention rate was approximately 140%. For the year ended December 31, 2020, despite the impact of the COVID-19 pandemic on our clients and the industries we serve, our annual net dollar-based retention rate was approximately 100%. For the year ended December 31, 2019, our annual net dollar-based retention rate was approximately 128%. In addition, our client and customer service combines high-tech and high-touch functions backed by 24x7 multilingual customer support, resulting in high client and customer satisfaction. For the year ended December 31, 2020, we had a net promoter score (NPS) of 64, which exceeds the average NPS of traditional financial institutions.

The chart below illustrates the year-over-year increases in aggregate revenue less ancillary services from our clients by cohorts that consist of (1) all clients as of December 31, 2017, which we refer to as the pre-2018 cohort, and (2) new clients that we added during the particular year ended December 31 for each year thereafter, which comprise the cohort for that particular year. We believe that this analysis illustrates that our services can continue to provide value to our clients on an ongoing basis and also demonstrates our ability to grow our business with clients over time. A client is included in a particular cohort based on the year in which a client first receives a payment from their customer using our services. We expect cohort revenue less ancillary services will fluctuate from one period to another depending on, among other factors, our ability to increase revenue less ancillary services from our clients within a given cohort and other changes to products and services we offer to such clients. While we believe these cohorts are a fair representation of our overall client base, there is no assurance that they will be representative of any future group of clients or periods.

We have grown rapidly since our founding. We generated revenue of $201.1 million, $131.8 million and $94.9 million for the years ended December 31, 2021, 2020 and 2019, respectively, and incurred net losses of $28.1 million, $11.1 million and $20.1 million, respectively for those same years. In December 2021, we acquired WPM Group Ltd. (WPM), a leading software provider that enables seamless and secure payment experiences for universities and colleges across the U.K. In February 2020, we acquired Simplificare Inc. (Simplee), a provider of healthcare payment and collections software. Pro forma revenue and pro forma net loss for the year ended December 31, 2020, as if our acquisition of Simplee had occurred on January 1, 2020, was $136.3 million and $13.4 million, respectively.

Benefits of the Flywire Advantage to Our Clients and Their Customers

Flywire sits in between our clients, which include educational institutions, hospitals, travel providers, businesses, and their customers: students, patients, travelers, and businesses. We believe this two-sided relationship makes us

7

strategically important for our clients–who rely on us for their complex accounts receivable needs, and for our clients’ customers–who rely on us to deliver their most important payments.

Benefits of the Flywire Advantage to Our Clients

We continuously apply our knowledge and domain expertise in education, healthcare, travel, and B2B payments to expand upon our solutions and meet the specific needs of our clients, while freeing them from cumbersome and legacy financial processes. For our clients, key benefits of our solutions include:

Benefits of the Flywire Advantage to Our Clients’ Customers

Our digital-first customer experience is designed to make the process of paying invoices simple. For our clients’ customers, key benefits of our solutions include:

8

How Our Flywire Advantage Works

Our clients’ needs extend beyond simple payment processing. Enabling our clients to use enhanced payment functionality to drive business value as well as streamlining and automating their domestic and cross-border payment operations, requires a specialized approach that combines a secure, reliable, and robust suite of payments and software solutions with a seamless customer experience.

To achieve this, we leverage our Flywire Advantage and its three core elements: (i) our next-gen payments platform; (ii) our proprietary global payment network; and (iii) our vertical-specific software backed by our deep industry expertise.

Next-Gen Payments Platform

Our next-gen payments platform is designed for payment processes and experiences that can deliver high-stakes, high-value payments. Through a single connection to our platform, we support the entire lifecycle of a domestic or cross-border transaction across online, mobile or in-person channels. This eliminates the need to work with multiple vendors and payment providers.

For the years ended December 31, 2021 and 2020, we enabled over $13.2 billion and $7.5 billion, respectively in payment volume across multiple payment types, including local bank transfer, credit, debit and other alternative payment methods such as Alipay, Boleto, PayPal / Venmo, and Trustly. The majority of our payment volume is not card related and is completed over our global payment network. This reflects the myriad of payment options enabled by our global payment network that are critical for the larger, more complex payments that we handle.

We designed our next-gen payments platform to be:

By utilizing predictive analytics, ML and AI, we handle the complexities of money movement across borders while providing fast, compliant, and transparent receipt of payments. Our AI and ML enabled fraud detection risk engine has trained against millions of automated clearing House (ACH), check, card, and wire transactions. As a result, the enhanced power of our risk engine enables us to mitigate fraud.

Our comprehensive payments offering enables our clients to provide their customers a choice of cost-effective payment methods, currencies, and terms while enjoying a seamless digital experience. Our offering, supported by Flywire’s security, risk, and compliance monitoring tools, includes:

9

Below is a sample funds flow for a traveler from Australia taking a ski vacation in Japan paying in their local currency and with their preferred method of payment, such as a bank transfer of Australian Dollars to Japanese Yen, without incurring hidden fees, and with exchange rate protection. The illustration shows how our next-gen payments platform can be configured and activated at the client level, and deliver a seamless experience from any country of payment or receipt.

In addition to international expansion, we are accelerating the growth of our in-country domestic accounts receivable business, both by selling new solutions to existing clients and gaining new clients. Many of our clients who successfully use our payments platform to process cross-border payments require a similar solution for in-country domestic payments, which have similar challenges: they are reliant on home-grown or legacy solutions with limited or inflexible capabilities and often require time consuming manual updates. With our payments platform, clients are able to streamline payment processes and offer their customers flexible payment options, without the expense of building their own systems—for both in-country domestic and cross-border transactions.

Proprietary Global Payment Network

Our proprietary global payment network is comprised of global, regional and local banks and technology and payment partners around the world. We believe the extensive global reach and breadth of our network, serving more than 240 countries and territories, provides a strong competitive advantage. Additionally, we have local market knowledge and expertise to enable funds flow in some of the hardest to reach markets. We have also assembled redundant payment rails, wherever possible.

With Flywire’s network, our clients can take advantage of our “local-in / local-out strategy”—providing access to pay-in options, such as local bank transfers, card-based payments, and alternative payment methods, while enabling pay-out capabilities in our clients’ preferred local payment methods.

We believe our receive-side network sets us apart. Flywire clients, no matter the vertical or market they are in, can receive a single daily payment in their preferred currency that aggregates and reconciles all their customer payments made via Flywire from around the globe—across approximately 3,400 geographic corridors for 2021 representing transaction flows between payers and payees. The illustration below shows our top payment corridors, with a scale of connections denoting the relative payment volume originating from the applicable country.

10

Once our clients are connected to our global payment network, they can leverage an extended range of services and capabilities, including:

11

Vertical-Specific Software Backed by Deep Industry Expertise

We tailor our software to meet the needs of each vertical market we serve. We do so by leveraging our industry expertise and knowledge to develop a comprehensive view of our clients’ complex business challenges. We learn to “speak our clients’ language” and tailor their invoicing processes and payment options to their specific situations.

We offer deep integration within our clients’ existing apps and workflows for seamless payment acceptance and reconciliation. Our integrations, supported by our application programming interfaces (APIs), include some of the largest and most recognized accounting and enterprise resource planning (ERP) systems, such as Ellucian Company, L.P. in education, Epic Systems Corporation in healthcare, Rezdy Pty Ltd in travel, and Oracle Corporation in B2B payments. Through these integrations, our clients are able to reduce the number of banks and technology and payment providers on which they rely, while achieving faster settlements and lower wire and transaction fees.

Specific features of our vertical-specific software include:

Below is an illustration of how a large hospital client utilizes our software to personalize patient engagement with payment options and billing conversations. We solve capacity to pay for our clients’ customers (with payment plans or other intelligent promotional financing) and we engage with them through their preferred communication methods (e.g., sms, chat, email, text, or phone). In turn, our clients are able to maximize yield on their accounts receivable potential, resulting in higher net payments, lower call volume, lower debt outstanding and most importantly, lower costs and happier patients.

12

Our Industry

We believe Flywire plays a critical role in helping digitize transactions in traditionally underserved markets, facilitating in-country domestic and cross-border invoicing and payments, automating reconciliation, and providing a seamless experience for our clients’ customers. Our ability to deliver the most important and complex payments both domestically and internationally has become increasingly valued by our clients due to the following trends:

Globalization—and the rise of a “borderless” economy—requires global, cross-border and local payment and regulatory expertise

As the world becomes more connected, it is both easier and harder to do business. Consumers want to make payments across borders with ease and want to have a personalized experience in their language and in their local currency. Businesses are attempting to satisfy this demand, but we believe they often struggle to deliver truly global capabilities. Providing a solution that meets the needs of our global client base extends beyond simple payment processing. Enabling, streamlining, and automating our clients’ in-country domestic and cross-border payment operations requires a specialized approach that combines a secure, reliable, and robust suite of payments and software solutions with a seamless customer experience. We believe we can deliver extensive global reach and bring local market knowledge and expertise to keep up with the rapidly changing payments landscape.

Globalization has also increased the complexity of the regulatory landscape that our clients need to navigate. Consumers and businesses are required to understand and adhere to extensive and often incongruous sets of laws and regulations in both local and cross-border regimes. For example, many countries with significant cross-border flows require distinct paperwork to be collected, validated and recorded as part of currency export compliance for high-value payments. Furthermore, we believe that clients often lack the policies, procedures and systems in order to implement and monitor strict compliance. We believe that the result is often costly and manual review processes, which can also increase the client’s risk of penalties and fines. We endeavor to actively manage the global complexities of regulation for our clients’ payments while implementing innovative solutions intended to make the entire process more efficient and user-friendly.

The shift to software-integrated digital payments is accelerating

As business and consumer transaction expectations shift with digitization, providers of modern payments platforms with industry-specific software have begun to displace legacy systems. Businesses and consumers have come to expect that all payment flows, especially for high-value services, are settled with the same ease as typical e-commerce purchases. Additionally, we believe the COVID-19 pandemic will serve as a catalyst in accelerating digital transaction volumes as customer preferences continue to shift to contactless, online and mobile. We expect these trends will impact all industries and force many businesses to accept new digital payment methods. We believe fully integrated payments

13

and software solutions, including those provided by us, enable businesses to offer seamless payment experiences, minimize friction at the point-of-sale and respond to evolving customer preferences.

Legacy payment and accounts receivable management infrastructure has significant limitations and is ripe for innovation

Even in some of the largest industries in the world, such as education, healthcare, and travel, legacy payment and accounts receivable infrastructure has not evolved to streamline complexities nor enhance efficiency as demanded by organizations or their customers. This legacy infrastructure has the following limitations:

Accelerating digitization of B2B payments

We believe the B2B payments market remains one of the largest untapped opportunities in the payments industry. For the year ended December 31, 2021, only 51% of invoices were electronic according to Ardent Partners, and more than one-third of B2B / government to business payments were made by cash or check according to Mastercard. Few payments and software companies have end-to-end integrated payments solutions including accounts receivable software, omni-channel offerings, cross-border capabilities and other value-added services. Most often, providers only offer one or two of these capabilities and require clients to employ other piecemeal point solutions. The unique combination of our next-gen payments platform, proprietary global payment network, and vertical-specific software enables us to design and deliver a comprehensive suite of solutions that help our business clients get paid by their customers.

Our Market Opportunity

We believe the trend of digitizing payments is inevitable across all industries. When businesses and consumers make payments, they expect a quick and easy process. On the receiving end, businesses expect to accept payments from different sources and countries, and reconcile them from within one system, but without added complexity or additional costs.

14

Many industries still lack the digital payments infrastructure that is necessary to meet customer demand and solve operational inefficiencies. For example, the majority of healthcare payments are still made by check. Likewise, in education, budget shortfalls and jobs impacted by the COVID-19 pandemic, along with rising tuition costs, have added financial strain and created collections problems.

These inefficiencies are costly. According to a study by Deloitte, middle-market businesses incur $3.3 trillion in operational costs when reconciling invoices as a result of inadequate legacy solutions, such as disparate file formats and lack of back-office support for automated remittances.

Despite these shortfalls, the demand for domestic and cross-border money movement continues to accelerate and global payments present one of the largest market opportunities. For the primary industries we currently serve, we estimate the current addressable market for our solutions to be approximately $1.7 trillion in global payment volume, including education ($660 billion)(1), healthcare ($500 billion)(2) and travel (approximately $530 billion).(3)

Additionally, our B2B payments offering expands the addressable market for our solutions, which we estimate to be over $10 trillion in addressable B2B payment volume(4). Given Flywire’s existing penetration of key verticals, ability to integrate with a broad range of core systems and continued investments in our next-gen payments platform, proprietary global payment network, and vertical-specific software, we believe we have the opportunity to capture a meaningful share of this payment volume.

Our Growth Strategy

We believe we have a significant opportunity to build on our success and momentum to date. The key elements of our growth strategy include:

Expand Our Client Reach

Expand Our Ecosystem Through Channel Partnerships

While the majority of our clients to date have been acquired by our direct sales team, we expect that continued engagement with channel partners, including financial institutions and providers of enterprise software solutions in our key verticals, will enhance our client acquisition efforts and drive continued growth. We also believe our channel partners, which include consultants specialized in our industry verticals, will help amplify the reach and visibility of our solutions to clients worldwide.

15

Expand to New Verticals and Geographies

We leverage our Flywire Advantage to scale into new verticals and geographic markets. We have a strong track record of expanding efficiently into new verticals and geographic markets, as we have shown in healthcare, travel, and B2B payments and in the expanded reach of our global payment network. We see a large and significantly underserved opportunity for clients domestically and internationally to benefit from our payments platform, global payment network and vertical-specific software. Additionally, there are other industries, including real estate and government taxes, that we believe are poorly digitized and could benefit from our solutions.

Pursue Strategic and Value-Enhancing Acquisitions

We intend to continue to complement and accelerate our organic growth strategies through acquisitions. We have a successful record of identifying, executing, and integrating acquisitions, and we intend to continue to pursue acquisitions through a highly disciplined approach. We also have the scale to be an attractive and reputable consolidator in the payments markets as evidenced by our ability to retain nearly all of the clients and employees from our UniPay, OnPlan, and Simplee acquisitions. We believe our approach and breadth of experience in integrating culturally-aligned businesses position us to maximize the value we derive from future acquisitions.

Our Flywire Culture and Team

As an organization, our culture is founded on our shared experiences, unique and diverse backgrounds, and belief in our mission to deliver on the most important and complex payments. As a collective team of 665 FlyMates, we strive for excellence as one team, guided by our core values, including:

Our leadership team defines our culture and strategy and collectively has decades of experience leading companies through rapid growth at scale. Representing approximately 40 nationalities and spoken languages, our diverse team of FlyMates deliver critical domain expertise and regionally tailored skill sets to our clients 24x7. We believe our team’s relentless client focus and adherence to our shared values are evident in our 2020 NPS of 64, and will continue to define our future success.

Our Business Model

We derive revenue from transactions and platform and usage-based fees. Each new student tuition bill, patient visit, travel journey and business invoice, is an opportunity for us to generate fees.

Our revenue is highly re-occurring in nature due to the mission-critical nature of our solutions that are deeply integrated within our clients’ existing operating workflows and IT infrastructure. We believe the depth and breadth of our solutions help our clients get paid faster and with less friction. This enables us to develop long-standing relationships with our clients, which in turn also drive strong retention and significant cross-selling opportunities.

An Illustration of Our Solution

We simplify domestic and cross-border payment transactions for our clients by eliminating the need to work with disparate vendors for invoicing, global pay-in and pay-out, compliance and risk management and more. Through a single connection to Flywire, we enable our clients to securely accept and reconcile payments and engage with their customers.

16

The illustrations below depict how Flywire manages both international and domestic payments for a representative education client.

International Payment Example: In the first example below, a Chinese student paying their tuition to a Canadian university experiences a seamless process from start to finish—choosing their preferred payment method and currency. For our client, the accounts receivable process is automated and streamlined from invoice to receipt and to reconciliation and real-time ERP updates. For our cross-border payments, we have short term foreign exchange exposure, typically between one and four days; we leverage our in-house currency hedging algorithms, and enter into non-deliverable forward foreign currency contracts, to mitigate the volatility related to fluctuations in the foreign exchange rates. For additional discussion about our foreign exchange exposure, please see “Management’s Discussion and Analysis of Financial Condition and Results of Operations - Quantitative and Qualitative Disclosures About Market Risk”.

Domestic Payment Example: The example below illustrates the process of offering payment plans to domestic students, which can be set up by either the school or the student.

17

From the same payments platform, we manage the entire payment process for our clients with the only difference being the type of payment offering selected to meet the needs of their customers, whether that be international or domestic.

Our Go-To-Market Strategy

Our direct sales channel is core to our go-to-market strategy. We believe that regional, vertical, and broader domain expertise, as well as continued client management, are critical to our sales success. Our regional sales teams are located in the United States, Canada, Latin America, Europe, and the Asia Pacific region including Singapore, Japan, and Australia. Our relationship management team augments direct sales capabilities by cultivating existing relationships and identifying cross-sell and up-sell opportunities of additional solutions, contributing to our strong dollar-based net retention rate. We believe that our ability to understand the nuanced pain points of education, healthcare, and travel accounts receivable is a strategic advantage enabling us to gain clients in those verticals, while our broader domain expertise in payments, treasury, and banking is critical to executing on our broader B2B payments expansion.

We focus our sales and marketing efforts on generating leads to develop our sales pipeline, building brand and vertical awareness, scaling our network of partners, and growing our business from our existing client base. Our sales leads primarily come through inbound digital channels including our website, content marketing efforts, lead generation and account-based marketing tactics, virtual events, and industry trade shows and associations.

We typically follow a “land-and-expand” strategy as our clients engage with us on more than one solution as we grow our partnership. For example, in education we have a high success rate expanding beyond solving cross-border payments needs, with clients also adopting our domestic solutions or full-suite enterprise solution. Once our clients experience the depth of our ability to handle their multi-faceted accounts receivable and payments needs, our relationship managers are able to successfully cross-sell and up-sell other solutions, creating a large avenue of revenue generation with minimal incremental acquisition cost.

We also reach clients indirectly through our channel partnerships, integrations with workflow software, and other technology providers. Our channel partners include financial institutions, such as Bank of America Corporation, as well as a number of referral partners such as Tribal Group and Cerner Corporation. Additionally, Flywire has integrations with leading accounting and ERP systems, such as Oracle Corporation, Ellucian Company, L.P., Epic Systems Corporation and Rezdy Pty Ltd.

Our Technology and Architecture

Our unified technology is at the core of our Flywire Advantage. The scale and complexity of the product implementation challenges that we address for our clients and their customers cannot easily be addressed through today’s legacy systems and outdated infrastructure. Instead, it requires our combination of a modern technology stack, cloud-native infrastructure, and investment in product and engineering management talent.

Our engineering approach includes a DevOps culture, microservice architecture, continuous delivery, and the use of containers to enable shorter development lifecycles. We also operate independently-deployable services that are critical to supporting verticals and reliability across operating environments. Our product and engineering leadership team has a long history of payments and payments technology experience, with domain expertise across our verticals.

18

Our technology stack is comprised of the following:

Payments-as-a-Service

Our next-gen payments platform includes the infrastructure required to support more than just simple money flows:

Software-as-a-Service

Our vertical-specific software leverages our payments platform to provide industry specific solutions and deliver “last mile” connectivity to our clients’ operating systems and their customers. Our applications address complex billing and domestic and cross-border payment processes, while delivering a near seamless payment experience. Additionally, our personalization engine, delivered as a software solution and leverages our AI and ML and deep analytics systems.

Public Application Programming Interface (API)

We recently launched a direct public API that sits on top of our payments platform. For organizations of all sizes, from smaller businesses to larger enterprises who want to control the customer experience, we can expose our API for easy integration, significantly reducing the time to realize advantages from the use of our solution. This public API capability significantly enhances our ability to scale and to execute on our growth strategies.

Our technology is designed for speed, resilience and reliability. We believe we demonstrated our ability to scale when we entered the broader B2B market and were able to leverage engineering solutions and APIs in our other verticals, including a native module integrated into NetSuite. Our technology enables us to process transactions in real-time, regardless of origin, destination or amount. For example, in education, our deep, customized integrations within our clients’ systems can lead to the difference between on-time enrollment or missed registrations—a difference that cannot be delivered through batch processes that are not posted instantaneously. We leverage Amazon Web Services (AWS) for our cloud redundancy, and tools such as Site24x7, Pingdom, Cloudflare, and PagerDuty for an uninterrupted experience for our clients.

19

Our Compliance and Risk Management Foundation

We have a dedicated compliance and risk management function. We have implemented the practices to help us protect our business and assure our clients and payment partners that our processes are compliant and meet or exceed their exacting standards, including advanced and agile practices for risk governance and a monitoring program that leverages key data inputs and software. We have robust AML, suspicious activity reports (SARs) and client KYC procedures. We also devote considerable resources to our data and cyber security. In addition, we possess key certifications across the verticals we serve, which we believe is an important aspect of why our clients choose to work with us. These audit-tested certifications and risk program features, which in many cases apply with specificity to the verticals we serve, include: third party certifications for Service Organization Control 2, Payment Card Industry Data Security Standard (PCI DSS), and Americans with Disabilities Act (ADA) compliance, as well as systems and processes designed to ensure compliance with the General Data Protection Regulation (GDPR) in Europe, the Data Security Law and Personal Information Protection Law in China, the California Consumer Protection Act (CCPA), the Personal Information Protection and Electronic Documents Act in Canada, Family Educational Rights and Privacy Act (FERPA), and Health Insurance Portability and Accountability Act (HIPAA), among others.

Our experienced team, coupled with our advanced technology and software tools, helps us navigate the challenges of global payments in a compliant manner:

Locally, we often work with licensed and regulated payment service providers (PSPs) to bring more familiar solutions to our clients’ customers and to leverage their regulatory insight. This insight can be a valuable tool to deliver differentiated services to our clients to help them stay in front of laws that may impact their business. For example, in India, we addressed new tax withholding requirements for our clients’ customers and deployed a solution to help with their education-related payments.

In addition, we have FlyMates in the compliance and risk management function located around the world where we have operations to address the needs of the business in real-time.

Competition

Our primary competition consists of legacy payment methods such as traditional bank wires provided by local, regional and global banks and money transfers from remittance companies. Other competitors include integrated payment providers focused on cross-border payments; B2B payments platforms; and vertical-specific software solutions offered by local niche players.

We believe many legacy payment providers are hindered by limitations such as antiquated technology systems, insufficient solution and service offerings, poor user experiences, and unsatisfactory client and customer support. Our modern technology stack, combined with our innovative and flexible suite of solutions, addresses many of the issues that clients face today, including:

20

We believe that we compete favorably on the basis of these factors.

Intellectual Property

We protect our intellectual property through a combination of trademark, copyright, and trade secret laws, as well as confidentiality procedures and contractual restrictions, to establish and protect our proprietary rights both domestically and abroad. These laws, procedures and restrictions provide only limited protection. We endeavor to enter into agreements with our employees, consultants and contractors and with parties with whom we do business in order to acquire intellectual property rights developed as a result of service to Flywire, as well as to limit access to and disclosure of our proprietary information.

We actively pursue registration of our trademarks, logos, service marks, trade dress, and domain names in the United States and in other jurisdictions. As of December 31, 2021, we had 106 registered trademarks and trademark applications, and were the registered holder of a variety of U.S. and international domain names.

From time to time, we also incorporate certain intellectual property licensed from third parties. Even if any such third-party technology was not available to us on commercially reasonable terms, we believe that alternative technologies would be available as needed.

For additional information about our intellectual property and associated risks, see the section titled “Risk Factors–If we fail to adequately protect our proprietary rights, our competitive position could be impaired and we may lose valuable assets, generate less revenue and incur costly litigation to protect our rights.”

Regulation and Industry Standards

Various aspects of our business and service areas operate in a quickly evolving regulatory environment, and are subject to U.S. federal, state, and local regulation, as well as regulation outside the United States. Certain of our services also are subject to rules promulgated by various card networks and other authorities, as more fully described below. These descriptions are not exhaustive, and these laws, regulations and rules frequently change, are subject to differing interpretations or enforcement, and are increasing in number.

We are registered as a Money Service Business (MSB) with the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) and are subject to the Bank Secrecy Act of 1970, as amended by the USA PATRIOT Act of 2001, and its implementing regulations, collectively, the BSA, and certain obligations contained therein, including, among other things, certain record-keeping and reporting requirements, and examinations by FinCEN.

The BSA is the primary compendium of U.S. laws and regulations regarding AML and countering the financing of terrorism (CFT). As required under the BSA, we have implemented and continue to expand an AML and CFT program designed to prevent our payments platform from being used to facilitate money laundering, terrorist financing, and other financial crimes. Our program is also designed to prevent our payments platform and global payment network from being used to facilitate business with certain individuals, entities, countries, and territories that are subject to economic or trade sanctions that the U.S. Department of the Treasury’s Office of Foreign Assets Controls (OFAC) and various foreign authorities administer or enforce. Our AML and CFT compliance programs include policies, procedures, and controls that are designed to address these legal and regulatory requirements and to assist in detecting and preventing the use of our payments platform to engage in money laundering or terrorist financing activity. Program elements include, without limitation, the designation of a BSA/AML Officer to oversee the programs, KYC procedures, processes to detect and report suspicious activity, sanctions screening, employee training, annual third-party independent testing, and risk-based procedures for conducting ongoing customer due diligence.

If our compliance programs are found to be deficient, we could lose key relationships with banks, merchant acquirers, and other payment partners on which we rely to carry out our business. Fines, penalties or sanctions for the violation of AML and CFT laws and regulations may be severe and our efforts to remediate issues may be costly, may result in diversion of management and staff time and effort, and may still not guarantee compliance.

21

Most states in the United States require a license to offer money transmission services. We have taken the position that Flywire’s business to date is exempt from licensure under various state money transmission laws, either expressly as a payment processor or agent of the payee, or pursuant to common law as an agent of the payee. We actively work to evaluate, and if applicable, comply with new license or regulatory requirements as they arise. Although we believe we have defensible arguments in support of our positions under the state money transmission statutes, we have not expressly obtained confirmation of such positions from all of the state banking departments who administer the state money transmission statutes. It is possible that certain state banking departments may determine that our activities are not exempt from licensure. In the past, certain competitors have been found to violate laws and regulations related to money transmission, and they have been subject to fines and other penalties by regulatory authorities. Regulators and third-party auditors have also identified gaps in how similar businesses have implemented AML and CFT programs. The adoption of new money transmitter or MSB statutes, or changes in regulators’ interpretation of existing state and federal money transmitter or MSB statutes or regulations, could subject Flywire to new registration, licensing or other requirements. Any determination that Flywire is in fact required to be licensed under such state money transmission or MSB statutes may require substantial expenditures of time and money and could lead to liability in the nature of penalties or fines, as well as cause us to be required to cease operations in some of the U.S. jurisdictions we serve.

We are in the process of procuring money transmitter licenses (or the statutory equivalent) in those U.S. jurisdictions that require them in order to be able to offer additional business lines in the future. We have procured and maintain money transmitter licenses in 41 U.S. jurisdictions, and actively work to comply with new license requirements as they arise. These licenses subject us, among other things, to record-keeping requirements, reporting requirements, bonding requirements, limitations on the investment of customer funds, and examination by state regulatory agencies. Any actual or perceived failure to comply with legal and regulatory requirements related to our money transmitter licenses may result in, among other things, revocation of required licenses, regulatory or governmental investigations, administrative enforcement actions, civil and criminal liability, and constraints on our ability to continue to operate.

Similar regulatory requirements exist in other markets where we do business. For example, local Flywire entities are licensed as Authorised Payments Institutions in each of the United Kingdom (U.K.) (regulated by the Financial Conduct Authority (FCA)) and Lithuania (regulated by the Bank of Lithuania (BOL)), and Australia (regulated by the Australian Securities & Investments Commission (ASIC)). When serving clients in these regulated markets, we are generally required to implement governance structures, AML and CFT programs and KYC standards that are different from those in the U.S., and which incorporate local or European Economic Area (EEA) requirements. The FCA in particular has been an active regulator, and as a result of Brexit, we were able to both obtain a license from the BOL and continue to serve our EEA clients through the “passporting” principle without any interruption of service. In other non-U.S. markets, we are able to serve clients in locations that either do not require Flywire to obtain a license or pursuant to a specific exemption issued by the applicable regulator.

In addition, several jurisdictions where our clients’ customers reside impose currency export controls (e.g., China and India), taxation at source or other documentation requirements before money can be converted into destination currency and sent abroad. Generally, our local payment partners in these locations will assist in ensuring the customers meet these requirements, but it is often the case that we need to ensure that the Flywire payment experience accommodates the unique and ever-changing regulatory environments where our clients’ customers are located.

There are also a number of U.S. federal and state consumer finance and consumer protection laws that may impact Flywire’s business. States have a myriad of statutes and case law precedent addressing when credit card surcharges or convenience fees may be imposed by third-party service providers and under what circumstances they are prohibited. In addition, Dodd-Frank created the Consumer Financial Protection Bureau (CFPB), which has assumed responsibility for implementing and enforcing most federal consumer financial protection laws and a prohibition on unfair, deceptive and abusive acts and practices. Several of these laws apply to some of Flywire’s clients, and in some cases, Flywire is contractually obligated to ensure its services do not violate these laws, even though Flywire is not directly subject to them. For example, the Truth in Lending Act of 1968 (TILA) is a U.S. federal law that applies to creditors and is designed to promote the informed use of consumer credit. Although Flywire is not in the business of extending credit or charging interest on the payments it helps its clients collect, when Flywire clients extend credit subject to TILA, TILA may require our clients to provide disclosures to their customers about consumer credit terms and costs in a format specified by the CFPB. Our payment installment plan functionality utilized by our clients in healthcare and education often requires that our payment experience accommodate these disclosure obligations that attach to our clients. Our business may also be subject to the Fair Credit Reporting Act (FCRA) which regulates the use and reporting of consumer credit information and imposes disclosure requirements on entities that take adverse action based on information obtained from credit reporting agencies. We could be liable if our practices governed under the FCRA are not in compliance with the FCRA or its regulations.

22

The Electronic Fund Transfer Act (EFTA) also imposes substantive disclosure and error resolution obligations on entities that facilitate electronic fund transfers and international remittance transfers. We could be liable for violating EFTA if we fail to comply with these requirements when they apply to us. We do not believe other laws that are implemented by the CFPB, including the Equal Credit Opportunity Act and the Fair Debt Collection Practices Act apply to us. If these determinations are wrong, interpretations of these statutes change, or we expand or change our solutions, we may be subject to the restrictions imposed by these laws. Should our business or solutions change in a way that did subject us to the CFPB’s jurisdiction, we would be subject to increased scrutiny of our business and consumer compliance practices.

Separately, the Telephone Consumer Protection Act of 1991 (TCPA) and similar state and federal laws contain extensive rules relating to communication by telephone, such as detailed requirements relating to granting and revocation of consent and “opt-in” or “opt-out” thresholds for receipt of communications, and these requirements are often changing and the subject of high-profile litigation. Our services include features regulated by the TCPA and similar laws (e.g., calls made from automated dialing systems, texts confirming receipt of payment, status updates or due dates, appointment reminders) and we can be liable for penalties, or subject to litigation or contractual indemnification obligations, if we do not comply with them.

Flywire is also required to navigate card network rules and other requirements of self-regulatory organizations, such as ACH payment networks. We rely on our varied network of merchant acquirer relationships to access the payment card networks such as Visa and Mastercard, which enable our acceptance of credit cards and debit cards. We pay fees to our merchant acquirers for such services.

Visa, Mastercard and other card networks set complex and evolving rules and standards with which we must comply—often referred to as “card network rules”. We also have relationships with American Express, Japan Credit Bureau (JCB) and China Unionpay, which impose similar obligations on us. The payment networks and their member financial institutions routinely update, generally expand and modify requirements applicable to merchant acquirers and their customers, including rules regulating data integrity, third-party relationships, merchant chargeback standards and compliance with the PCI DSS. PCI DSS is a set of requirements designed to ensure that all companies that process, store, or transmit payment card information maintain a secure environment to protect cardholder data. Under certain circumstances, we are required to report incidents to the card networks and other authorities within a specified time frame. Any changes in card network rules or standards that increase the cost of doing business or limit our ability to provide processing services to our merchants will adversely affect the operation of our business.

If we or our merchant acquirers fail to comply with the card network rules or other applicable rules and requirements of the card payment networks, Visa or Mastercard or our other card providers could suspend or terminate our registration. Further, our transaction processing capabilities, including with respect to settlement processes, could be delayed or otherwise disrupted, and recurring non-compliance could result in the payment networks seeking to fine us, or suspend or terminate our registrations which allow us to process transactions on their networks, which would make it impossible for us to conduct our business on its current scale.

Under certain circumstances specified in the card network rules, we may be required to submit to periodic audits, self-assessments, or other assessments of our compliance with the PCI DSS. Such activities may reveal that we have failed to comply with the PCI DSS. In addition, even if we comply with the PCI DSS, there is no assurance that we will be protected from a security breach or other cybersecurity incident.

The termination of our registration with the payment networks, or any changes in payment network or issuer rules that limit our ability to provide card payment alternatives to our clients’ customers could have an adverse effect on our payment processing volumes, revenues and operating costs. If we are unable to comply with the requirements applicable to our settlement activities, the payment networks may no longer allow us to provide these services and we would lose a substantial portion of our revenues.

We are also subject to the National Automated Clearing House Association (NACHA) operating rules. NACHA is a self-regulatory organization which administers and facilitates private-sector operating rules for ACH payments and defines the roles and responsibilities of financial institutions and other ACH network participants. The NACHA Rules and Operating Guidelines impose obligations on us and our partner financial institutions particularly when we instruct our partner institutions to debit a third party’s account. These obligations include audit and oversight by the financial institutions and the imposition of mandatory corrective action, including termination, for serious violations. If an audit or self-assessment of PCI DSS or NACHA compliance identifies any deficiencies that we need to remediate, the remediation efforts may distract our management team and other staff and be expensive and time consuming.

Similarly, our ACH sponsor banks have the right to audit our compliance with NACHA’s rules and guidelines and are given wide discretion to approve certain aspects of our business practices. Like the payment networks, NACHA may

23

update its operating rules and guidelines at any time, which could require us to take more costly compliance measures or to develop more complex monitoring systems. The NACHA rules permit transactions to be returned under certain circumstances. If too many of our transactions are returned, our ability to access the ACH system could be impaired by our partner financial institutions. Our partner financial institutions could similarly change their interpretation of NACHA requirements, which could require costly remediation efforts and could prevent us from continuing to provide services through such partner financial institutions until we remediate issues to their satisfaction.

We collect and use a wide variety of information (including personal information) for various purposes in our business, including: (i) to help ensure the integrity of our services, (ii) to meet KYC, transaction monitoring, AML and CFT standards, and (iii) to provide features and functionality to our clients and their customers. This aspect of our business, including the collection, use, disclosure, and protection of personal information we acquire in connection with the use of our services, is subject to numerous laws and regulations in the United States and globally. Regulation and proposed regulation in this area has increased significantly in recent years and is expected to continue to do so.

In addition to numerous privacy and data protection laws already in place, U.S. states are increasingly adopting laws modeled on the GDPR that impose comprehensive privacy and data protection obligations. For example, the CCPA, which became effective on January 1, 2020, gives California residents expanded rights to access and delete their personal information, opt out of certain personal information sharing and receive detailed information about how their personal information is used, and it imposes other requirements as well. The CCPA provides for civil penalties for violations, as well as a private right of action for data breaches. Colorado, Virginia and Utah have recently joined California in enacting privacy and data protection legislation that impose additional obligations on businesses related to the collection, storage and utilization of third party information, as well as the reporting of data breaches. All 50 states, Puerto Rico, and the U.S. Virgin Islands (similar to many of the other countries where we do business), have passed laws regulating the actions that a business must take if it experiences a data breach, such as prompt disclosure to affected individuals, consumer reporting agencies, or governmental agencies. In addition, we are subject to laws in the U.S. and abroad restricting or placing conditions on our ability to collect and utilize certain specific types of information, such as Social Security and driver’s license numbers.

Many of the foreign jurisdictions where we or our customers do business, including the European Union (E.U.), have laws and regulations dealing with the processing of personal information, which in some cases are more restrictive than those in the United States. In addition to regulating the processing of personal information within the relevant jurisdictions, these legal requirements often also apply to the processing of personal information outside these jurisdictions, where there is some specified link to the relevant jurisdiction. For example, Flywire has multiple offices in Europe and serves clients and their customers throughout the E.U., where GDPR went into effect in 2018. The GDPR, which also is the law in Iceland, Norway, Liechtenstein, and—to a large degree—the U.K., has an extensive global reach and imposes robust obligations relating to the processing of personal information, including documentation requirements, greater control for data subjects (e.g., the “right to be forgotten” and data portability), security requirements, notice requirements, restrictions on sharing personal information, data governance obligations, data breach notification requirements, and restrictions on the export of personal information to most other countries. Fines of up to 20 million Euros or up to 4% of the annual global revenue of a noncompliant corporate family, whichever is greater, could be imposed for violations of certain of the GDPR’s requirements, and private claims also are possible.

Recent legal developments have created compliance uncertainty regarding some transfers of personal information from the U.K. and EEA to locations where we or our customers operate or conduct business, including the United States and potentially Singapore. Under the GDPR, such transfers can take place only if certain conditions apply or if certain data transfer mechanisms are in place. In July 2020, the Court of Justice of the E.U. ruled in its “Schrems II” decision (C-311/18), that the Privacy Shield, a transfer mechanism used by thousands of companies to transfer data between those jurisdictions and the United States (and also used by Flywire), was invalid and could no longer be used due to the strength of United States surveillance laws. In September 2020, the Federal Data Protection and Information Commissioner of Switzerland (where the law has a similar restriction on the export of personal information) issued an opinion concluding that the Swiss-U.S. Privacy Shield Framework does not provide an adequate level of protection for data transfers from Switzerland to the United States pursuant to Switzerland’s Federal Act on Data Protection. We and our customers continue to use alternative transfer strategies including the European Commission’s Standard Contractual Clauses (SCCs) while the authorities interpret the Schrems II decision and the validity of alternative data transfer mechanisms. The SCCs, though previously approved by the European Commission, have faced challenges in European courts (including being called into question in the Schrems II decision), and may be further challenged, suspended or invalidated for transfers to some or all countries. For example, guidance regarding Schrems II issued by the European Data Protection Board (which is comprised of representatives from every E.U. member state’s top data protection authority) have cast serious doubt on the validity of SCCs for most transfers of personal information to the United States. The Schrems II decision and related enforcement actions or other legal developments in this area could subject us to

24

negative financial consequences, such as fines, penalties, loss of customers, and the need to engage in costly restructuring of our business and IT operations and restructuring of our relationships with service providers and other partners.

In Asia, there has been an increase in both regulation and enforcement of privacy laws. The Act on Protection of Personal Information originally enacted in June 2020 by the Japanese government, was amended and will come into effect on April 1, 2022 (Amended APPI). Since the passage of the Amended APPI, a number of implementing regulations and supporting documents have been released, addressing the requirements for transferring personal data outside Japan, notifying security breaches and creating pseudonymous information exempt from certain obligations under the Amended APPI.

China passed its new Data Security Law (DSL) in June 2021 and its new Personal Information Protection Law (PIPL) in August 2021. Both new laws impact every business operating in or doing business with China, coupling extensive obligations with respect to the processing of all types of data, with potentially significant penalties for noncompliance. With the promulgation of the DSL and PIPL, China has tightened up regulation on collection, processing, sharing and cross-border transfer of personal data and important data such as financial data. The new data security regime has an extraterritorial effect and imposes additional compliance obligations with respect to processing (in and outside China) of personal data of Chinese individuals and other data which may be viewed sensitive or important. These regulations apply not only to our client’s payers who are Chinese nationals (such as students seeking to study abroad) but also China-based employees as well as third party business partners.

We have taken steps to address compliance obligations that apply to us under the Amended APPI, the DSL and PIPL but cannot assure you that such steps will be effective, and we may face the risk of increased costs, liability and loss of business.

There are also regulations that require that access to websites be safe and accessible for people with disabilities. The ADA contains certain standards (most commonly referred to as Section 508 Standards) that apply to federal government websites as well as to websites that may be provided by institutions that are recipients of federal funding. Many of our clients (principally higher education clients in the U.S.) receive support from U.S. federal agencies, and require that our payment experience be accessible and conform to the Section 508 Standards and the World Wide Web Consortium (W3C) Web Content Accessibility Guidelines 2.0 Level AA. Our payment experience is ADA-compliant, and we arrange for third-party audits to ensure that we continually conform to these standards. As we modify our user interface to improve or add features and functionality to our payment experience, we must continue to account for ADA compliance when required.

Human Capital and Employees

As of December 31, 2021, we had 665 full-time employees. We also engage part-time and temporary employees, as well as consultants as needed to support our operations. As an organization, our culture is founded on our shared experiences, unique and diverse backgrounds, and belief in our mission to deliver on the most important and complex payments. We strive for excellence as one team, guided by our core values, including, global collaboration, authenticity, fulfillment, execution, ambitious innovation and evolved learning. Representing approximately 40 nationalities and spoken languages, our diverse team of FlyMates deliver critical domain expertise and regionally tailored skill sets to our clients 24x7. Our leadership team defines our culture and strategy and collectively has decades of experience leading companies through rapid growth at scale.

None of our employees are represented by a labor union or covered by a collective bargaining agreement. We have not experienced any work stoppages and we consider our relations with our employees to be good.

Our human capital resources objectives include, as applicable, identifying, recruiting, retaining, incentivizing and integrating our existing and additional employees. The principal purposes of our equity incentive plans are to attract, retain and motivate selected employees, consultants and directors through the granting of stock-based compensation awards and cash-based performance bonus awards.

Corporate Information

We were initially formed in July 2009 as peerTransfer Corporation, a Delaware corporation. We changed our name to Flywire Corporation in December 2016. Our principal executive offices are located at 141 Tremont St., #10, Boston, MA 02111. Our telephone number is (617) 329-4524. Our internet address is www.flywire.com. The information contained on, or that can be accessed through, our website is not a part of this Annual Report on Form 10-K. We have included our website address as an inactive textual reference only.

25

Flywire, the Flywire logo, and other registered or common law trade names, trademarks, or service marks of Flywire appearing in this Annual Report on Form 10-K are the property of Flywire. This Annual Report on Form 10-K contains additional trade names, trademarks, and service marks of ours and of other companies. We do not intend our use or display of other companies’ trade names, trademarks, or service marks to imply a relationship with, or endorsement or sponsorship of us, by these other companies. Other trademarks appearing in this Annual Report on Form 10-K are the property of their respective holders. Solely for convenience, our trademarks and tradenames referred to in this Annual Report on Form 10-K appear without the ® and ™ symbols, but those references are not intended to indicate, in any way, that we will not assert, to the fullest extent under applicable law, our rights, or the right of the applicable licensor, to these trademarks and tradenames.

Available Information

Investors, the media, and others should note that we intend to announce material information to the public through filings with the SEC, the investor relations page on our website, blog posts on our website (www.flywire.com), press releases, public conference calls, webcasts, and our Twitter feed (@flywire). The information disclosed by the foregoing channels could be deemed to be material information. As such, we encourage investors, the media, and others to follow the channels listed above and to review the information disclosed through such channels. Any updates to the list of disclosure channels through which we will announce information will be posted on the investor relations page on our website. The contents of our website are not incorporated into this filing. We have included our investor relations website address only as an inactive textual reference and do not intend it to be an active link to our website.

26

Item 1A. Risk Factors

Investing in our common stock involves a high degree of risk. Before deciding whether to invest in shares of our common stock, you should consider carefully the risks and uncertainties described below, together with all of the other information in this Annual Report on Form 10-K, including “Management’s Discussion and Analysis of Financial Condition and Results of Operations” and our consolidated financial statements and the accompanying notes included elsewhere in this Annual Report on Form 10-K. The risks and uncertainties described below are not the only ones we face. Additional risks and uncertainties that we are unaware of or that we deem immaterial may also become important factors that adversely affect our business. If any of the following risks actually occur, our business, financial condition, liquidity, operating results, and prospects could be materially and adversely affected. In that event, the market price of our common stock could decline, and you could lose part or all of your investment. See “Special Note Regarding Forward-Looking Statements.”

Risk Factors Summary

Our business operations are subject to numerous risks and uncertainties, including those outside of our control, that could cause our actual results to be harmed, including risks regarding the following:

Risks Related to Our Business and Industry

27

Risks Related to Our Operations

Risks Related to Our Legal, Regulatory and Compliance Landscape

Risks Related to Being a Public Company

Risks Related to Ownership of Our Common Stock

Risks Related to Our Business and Industry

We have a history of operating losses and may not achieve or sustain profitability in the future.

We were incorporated in 2009 and have experienced net losses from our operations since inception. We generated net losses of $28.1 million, $11.1 million and $20.1 million for the years ended December 31, 2021, 2020 and 2019, respectively. In addition, as of December 31, 2021, we had an accumulated deficit of $125.9 million. We have experienced significant revenue growth in recent periods and we are not certain whether or when we will obtain a high enough volume of revenue to sustain or increase our growth or achieve or maintain profitability in the future. We also expect our costs and expenses to increase in future periods, which could negatively affect our future operating results if our revenue does not increase. In particular, we intend to continue to expend significant funds to further develop our solutions, including introducing new functionality, and to expand our marketing programs and sales teams to drive new client adoption, expand strategic partner integrations, and support international and industry expansion. Our operating results are also impacted by the mix of our revenue generated from our different revenue sources, which include transaction revenue and platform and usage-based fee revenue. Changes in our revenue mix from quarter to quarter, including those derived from cross-border or domestic currency transactions, will impact our margins, and we may not be able to grow our revenue margin adequately to achieve or sustain profitability. In addition, the mix of payment methods utilized by our clients’ customers may have an impact on our margins given that our costs associated with certain

28

payment methods, such as credit cards, are higher than other payment methods accepted by our solutions, such as bank transfers. We will also face increased compliance and security costs associated with growth, the expansion of our client base, and being a public company. Our efforts to grow our business may be costlier than we expect, and we may not be able to increase our revenue enough to offset our increased operating expenses. We may incur significant losses in the future for several reasons, including the other risks described herein, and unforeseen expenses, difficulties, complications, delays, and other unknown events. If we are unable to achieve and sustain profitability, the value of our business and common stock may significantly decrease.

If the assumptions we use to plan our business are incorrect or change in reaction to changes in our markets, or if we are unable to maintain consistent revenue or revenue growth, it may be difficult to achieve and maintain profitability. Our revenue from any prior quarterly or annual periods should not be relied upon as an indication of our future revenue or revenue growth or growth in volume of payments processed.

In addition, we expect to continue to expend substantial management time, financial and other resources on:

These investments may not result in increased revenue growth in our business. If we are unable to increase our revenue at a rate sufficient to offset the expected increase in our costs, our business, financial position and operating results will be harmed, and we may not be able to achieve or maintain profitability over the long term.

We have a short operating history at our current scale in a rapidly evolving industry and, as a result, our past results may not be indicative of future operating performance.

We have a short history operating at our current scale in a rapidly evolving industry that may not develop in a manner favorable to our business. This relatively short operating history makes it difficult to assess our future performance with certainty. You should consider our business and prospects in light of the risks and difficulties we may encounter.

Our future success will depend in large part upon our ability to, among other things:

29

If we fail to address the risks and difficulties that we face, including those associated with the challenges listed above as well as those described elsewhere in this section titled “Risk Factors”, our business and operating results will be adversely affected.

If we are unable to retain our current clients, attract new clients and increase the number of our clients’ customers that use our solutions or sell additional functionality to our clients, our revenue growth and operating results will be adversely affected.

To increase our revenue, in addition to acquiring new clients, we must continue to retain existing clients, increase the volume of payments made by our clients’ customers and sell additional functionality to our clients. We expect to derive a significant portion of our revenue from renewal of existing clients’ contracts and sales of additional features and solutions to existing clients. As the market for our solutions matures, solutions evolve, and competitors introduce lower cost or differentiated products or services that are perceived to compete with our solutions, our ability to attract (and our clients’ ability to attract) new customers and maintain our current client base and clients’ customer usage could be hindered. As a result, we may be unable to retain existing clients or increase the usage of our solutions by them or their customers, which would have an adverse effect on our business, revenue, gross margins, and other operating results, and accordingly, on the trading price of our common stock.

As the market for our solutions matures, or as new or existing competitors introduce new products or services that compete with our solutions, we may experience pricing pressure. This competition and pricing pressure could have an adverse effect on our ability to retain existing clients or attract new clients at prices that are consistent with our pricing model, operating budget and expected operating margins. In particular, it has become more common in the education sector for competitors to offer generous revenue sharing arrangements for clients we target. Our business could be adversely affected if clients or their customers perceive that features incorporated into alternative products reduce the need for our solutions or if they prefer to use competitive services. If we are unable to attract new clients and increase the number of our clients’ customers that use our solutions, our revenue growth and operating results will be adversely affected. Further, in an effort to attract new clients and increase usage by their customers, we may need to offer simpler, lower-priced payment options, which may reduce our revenue.

Our ability to sell additional functionality to our existing clients may require more sophisticated and costly sales efforts, especially for our larger clients with more senior management and established accounts receivable solutions. Similarly, the rate at which our clients deploy additional solutions from us depends on several factors, including general economic conditions, the availability of client technical personnel to implement our solutions, and the pricing of additional functionality. If our efforts to sell additional functionality to our clients are not successful, our business and growth prospects would suffer.

30

Contracts with our clients generally have a stated initial term of three years, are not subject to termination for convenience and automatically renew for one-year subsequent terms. Our clients may negotiate terms less advantageous to us upon renewal, which may reduce our revenue. If our clients fail to renew their contracts, renew their contracts upon terms less favorable to us or at lower fee levels or fail to purchase new solutions from us, our revenue may decline or our future revenue growth may be constrained. Should any of our clients terminate their relationship with us after implementation has begun, we would not only lose our time, effort and resources invested in such implementation, but we would also have lost the opportunity to leverage those resources to build a relationship with other clients over that same period of time.

We may experience quarterly fluctuations in our operating results, as well as our key metrics, due to a number of factors which make our future results difficult to predict and could cause our operating results to fall below expectations or our guidance.

Our operating results, and key metrics, may fluctuate due to a variety of factors, many of which are outside of our control. As a result, comparing our operating results on a period-to-period basis may not be meaningful. Our past results should not be relied on as an indication of our future performance. If our revenue or operating results fall below the expectations of investors or securities analysts or below any guidance we may provide to the market, the price of our common stock could decline substantially.

Our operating results have varied in the past and are expected to continue to do so in the future. In addition to other risk factors listed in this section titled “Risk Factors”, factors that may affect our quarterly operating results, business and financial condition include the following:

31

In addition, we may in the future experience fluctuations in our gross and operating margins due to changes in the mix of our domestic and international payments and the mix of payment methods, including an increase in the use of credit cards, and currencies used by our clients’ customers to make payments.

Based upon the factors described above and those described elsewhere in this section titled “Risk Factors”, we have a limited ability to forecast the amount and mix of future revenues and expenses, which may cause our operating results to fall below our estimates or the expectations of public market analysts and investors.

The COVID-19 global pandemic and related government, private sector and individual consumer responsive actions may adversely impact our employees, strategic partners, and clients, which could adversely and materially impact our business, financial condition and results of operations.

The global impacts of the COVID-19 pandemic and related government actions taken to reduce the spread of the virus, including the variants of the virus, have significantly increased economic uncertainty and reduced economic activity. The pandemic has resulted in authorities implementing numerous measures to try to contain the virus, such as travel bans and restrictions, quarantines, shelter-in-place or total lock-down orders and business limitations and shutdowns that began in the second quarter of fiscal year 2020.

In addition, the spread of COVID-19 has caused us to modify our business practices, including restricting employee travel, implementing office closures, having our employees, who we call FlyMates, work remotely and cancelling physical participation in meetings, events and conferences. We may take further actions in response to the continuing effects of the global pandemic as may be required by government authorities or as we determine are in the best interests of our FlyMates, clients and business partners. This has caused us to make modifications to some of our planned activities and has impacted some of our business development and marketing initiatives.

During the year ended December 31, 2020, we experienced periods of reduced payment volume in some of the industries we serve, including travel and education. Cross-border payment volumes were heavily impacted by the decline in travel as a result of the COVID-19 pandemic. During the year ended December 31, 2021 we observed a recovery in payment volumes in the industries we serve, including travel and education. The introduction of COVID-19 vaccines allowed for reopening of many higher education institutions to foreign students, and borders began to open for travel. The emergence of variants (most notably Delta and Omicron) and sub-variants has periodically slowed the reopening, and we will monitor new strains of COVID-19 as they are discovered. International cross-border transaction revenue represents a significant part of our revenue; international regulations and restrictions that inhibit cross-border travel and relocation of international students have had and may continue to have a material impact on our business. In addition, we may experience financial losses due to a number of operational factors, including:

We adopted measures to modify our business practices and reduce operating expenses during the first half of 2020 in response to the COVID-19 pandemic, including a reduction in our workforce, delaying hiring plans, restricting travel, lowering marketing spend and the use of external resources. These measures, while in effect, may have slowed our growth. Although we began increasing our operating expenses since such time, the impact from the COVID-19 pandemic on our business, results of operations and financial condition in the longer term remains difficult to predict.

32

Our offices are currently open for optional use by FlyMates, in some instances at limited capacity, as allowed under national, state and local orders. While we have implemented what we believe to be a comprehensive protocol to ensure the safety and wellbeing of employees returning to the office, including as required health screenings, physical changes to our floor layout, periodic testing and required proper personal protection equipment, these protocols may not be sufficient to mitigate the risks posed by the virus or otherwise be satisfactory to government authorities.

Our clients and their customers who are affected by the ongoing COVID-19 pandemic may continue to demonstrate changed behavior even after the COVID-19 outbreak has subsided. For example, colleges and universities may continue to rely on virtual courses as students may be hesitant to return to full social interaction, and we may continue to see reduced payment volume as economic worries continue, all of which may have adverse implications for our business. In addition, many of our clients who have historically depended upon a steady flow of international students (e.g., language schools) may have curtailed or suspended operations, or permanently closed. In our business model, we function as a merchant of record in connection with the receipt of payments by our clients’ customers, which subjects us to chargeback risk in the event a client’s customer cancels or otherwise does not receive the services for which such customer paid. Although our client contracts allow us to pass such chargeback risk to our client, if the client has gone out of business, we may be unable to collect on the chargeback and will bear the economic loss, which will negatively impact our business.

As a result, we may continue to experience materially adverse impacts to our business as a result of the global economic impact of the COVID-19 pandemic, including lower domestic and cross border spending trends, the availability of credit, adverse impacts on our liquidity, and any recessionary conditions that persist, and exacerbate many of the other known risks described in this section titled “Risk Factors”.

If our efforts to attract new clients and increase the number of our clients’ customers that use our solutions are unsuccessful, our revenue growth and operating results will be adversely affected.

Our future growth and profitability will depend in large part upon the effectiveness and efficiency of our efforts to attract new clients and increase the number of our clients’ customers that use our solutions. While we intend to dedicate resources to attracting new clients and increasing the number of our clients’ customers that use our solutions, our ability to do so depends in large part on the success of these efforts and the success of the marketing channels we use to promote our solutions. Our marketing channels include search engine optimization, search engine marketing, account-based direct marketing campaigns, industry events and association marketing relationships. If any of our current marketing channels become less effective, if we are unable to continue to use any of these channels, if the cost of using these channels were to significantly increase or if we are not successful in generating new channels, we may not be able to attract new clients in a cost-effective manner or increase the number of our clients’ customers that use our solutions. If we are unable to recover our marketing costs through increases in the number of clients and in the number of our clients’ customers that use our solutions, or if we discontinue our marketing efforts, it could have a material adverse effect on our business, prospects, results of operations, and financial condition.

If we are unable to expand our direct and channel sales capabilities, grow our marketing reach and increase sales productivity, we may not be able to generate increased revenues.

We believe that our future growth will depend on the continued development of our direct sales force and its ability to obtain new clients and to manage our existing client base. Our ability to increase our client base and achieve broader market acceptance of our solutions will depend to a significant extent on our ability to expand our sales and marketing organizations, and to deploy our sales and marketing resources efficiently. We intend to continue to increase our number of direct sales professionals and to expand our relationships with new strategic channel partners. These efforts will require us to invest significant financial and other resources. New hires require training and take time to achieve full productivity. Similarly, new channel partnerships often take time to develop and may never yield results, as they require new partners to understand the services and solutions we offer, and how to position our value within the market. We cannot be certain that recent and future new hires or partner relationships will become as productive as necessary or that we will be able to hire enough qualified individuals or build effective channel sales in the future. If we are unable to hire, develop, integrate, and retain talented and effective sales personnel, if our new and existing sales personnel are unable to achieve desired productivity levels, or if our sales, channel strategy and marketing programs and advertising are not effective, we may not be able to expand our business and grow our revenue, which may harm our business, operating results and financial condition.

We expect our revenue mix to vary over time, which could affect our gross margin and results of operations.

We expect our revenue mix to vary over time due to a number of factors. Shifts in our business mix from quarter to quarter could produce substantial variation in revenue recognized. Further, our gross margins and results of operations could be affected by changes in revenue mix and costs, together with numerous other factors, including payment methods

33

and currencies, pricing pressure from competitors, increases in credit card usage on our solutions and associated network fees, changes in payment volume across verticals and the portion of such payment volume for which we perform foreign exchange. Any one of these factors or the cumulative effects of certain of these factors may result in significant fluctuations in our gross margin and results of operations. This variability and unpredictability could result in our failure to meet internal expectations or those of securities analysts or investors for a particular period. If we fail to meet or exceed such expectations for these or any other reasons, the market price of our common stock could decline.

Our business could be adversely affected if our clients or their customers are not satisfied with the timing or quality of implementation services provided by us or our partners.

Our business depends on our ability to satisfy our clients and their customers with respect to our solutions as well as the services that are performed to help our clients and their customers use the features and functions of our solutions. Services are usually performed by us, and are also on occasion provided together with a third-party partner. If our clients or their customers are not satisfied with the functionality of our solutions or the services that we or a third-party partner provide, such dissatisfaction could damage our ability to retain our current clients or expand our clients’ or their customers’ use of our solutions. In addition, any negative publicity and reviews that we may receive which is related to our client relationships may further damage our business and may invite enhanced regulatory scrutiny at the federal and state level in the United States as well as internationally.

Our financial and operating results are subject to seasonality and cyclicality.

Our financial and operating results are subject to seasonal trends. For example, the volume of education tuition processed typically increases in the northern hemisphere during the summer and early fall months, as well as at year end, as students and their families seek to pay tuition costs for the fall semester, the spring semester, or the entire academic year, respectively. We expect this seasonality of education tuition processing to continue and expect it to impact the amount of processing fees that we earn and the level of expenses we incur to generate tuition payment volume and process the higher volume activity in a particular fiscal quarter. During the COVID-19 pandemic, we initially observed an increasing trend of education institutions delaying tuition invoicing or extending dates for payment due to uncertainties in the academic calendar, on-campus classes or remote learning planning, as well as relief being offered to families experiencing financial challenges. However, with the increase in availability of vaccines, educational institutions have, for the most part, returned to their normal billing cycles and payment due dates. Many higher education institutions are mandating full vaccination to promote normal operations and allowing students from abroad to return to their facilities. Similarly, subsectors of our travel client portfolio will experience increased seasonality as many of our travel clients depend upon advance planning for vacation or holiday travel, which has been hampered by the ongoing COVID-19 pandemic and related governmental and regulatory responses.

Certain of our key performance indicators are subject to inherent challenges in measurement, and real or perceived inaccuracies in such metrics may harm our reputation and negatively affect our business.

We track certain key performance indicators, including metrics such as total payment volume, revenue less ancillary services, adjusted gross margin and adjusted EBITDA, with internal systems and tools and which may differ from estimates or similar metrics published by third parties due to differences in sources, methodologies, or the assumptions on which we rely. Our internal systems and tools have a number of limitations, and our methodologies for tracking these metrics may change over time, which could result in unexpected changes to our key performance indicators, including the metrics we publicly disclose, or our estimates. If the internal systems and tools we use to track these metrics undercount or overcount performance or contain algorithmic or other technical errors, the data we report may not be accurate. While these numbers are based on what we believe to be reasonable estimates for the applicable period of measurement, there are inherent challenges in measuring these metrics across our growing client base. If our key performance indicators are not accurate representations of our business, or if investors do not perceive our operating metrics to be accurate, or if we discover material inaccuracies with respect to these figures, our reputation may be significantly harmed, and our operating and financial results could be adversely affected.

Our business depends, in large part, on our proprietary network of global, regional and local banking partners.

To grow our business, we will need to maintain and expand our network of global, regional and local banking partners. Our proprietary network of strategic relationships with global, regional and local banking partners is a material asset to our business, which took more than a decade to build. Establishing our strategic partner relationships, particularly with our banking partners entails extensive and highly specific efforts, with little predictability and various ancillary requirements. These partners and suppliers have contractual and regulatory requirements and conditions that we must satisfy and continue to comply with in order to continue and grow the relationships. For example, our financial institution partners generally require us to submit to an exhaustive security audit including adherence to AML policies and KYC

34

procedures. If we are not able to comply with those obligations or if our agreements with our banking partners or our network partners are terminated for any reason, we could experience service interruptions as well as delays and additional expenses in arranging new services, potentially interfering with our existing client relationships or making us less attractive to potential new clients.

We may not be able to attract new network partners to our existing network of global, regional and local banking partners, which could adversely affect our ability to expand to additional countries and territories and transact in additional currencies. In addition, our potential partners may choose to work with our competitors’ or choose to compete with our solutions directly, which could have an adverse effect on our business, financial position, and operating results. Further, many of our network partners have greater resources than we do and could choose to develop their own solutions to replace or compete with ours. If we are unsuccessful in establishing, growing, or maintaining our relationships with network partners, our ability to compete or to grow our revenue could be impaired, and our results of operations may suffer.

Our growth depends in part on the success of our relationships with other (non-banking) third parties.

We have established relationships with a number of other companies, including financial institutions, processors, other financial services suppliers, channel sales partners, providers of electronic health records (EHR) services, implementation partners, technology and cloud-based hosting providers, and others. In order to grow our business, we will need to continue to establish and maintain relationships with these types of third parties, and negotiating and documenting relationships with them requires significant time and resources. Our competitors may be more effective in providing incentives to third parties to favor their products or services. If we are unsuccessful in establishing or maintaining our relationships with third parties, our ability to compete in the marketplace or to grow our revenues could be impaired and our operating results could suffer. Even if our strategic relationships are successful, we cannot assure you that these relationships will result in increased client usage of our solutions or increased revenues.

The markets in which we participate are competitive, and if we do not compete effectively, our operating results could be harmed.

The market for payments solutions is fragmented, competitive, and constantly evolving. Our competitors range from legacy payment methods, such as traditional bank wires, to integrated payment providers that focus on cross-border payments. With the introduction of new technologies and market entrants, we expect that the competitive environment will remain intense going forward. Our competitors that offer legacy payment methods or integrated cross-border payment platforms may develop products that compete with ours. Financial institutions that choose to enter into and compete in our market may have the operating flexibility to bundle competing solutions with other offerings, including offering them at a lower price or for no additional cost to clients as part of a larger sale. In addition, new entrants not currently considered to be competitors may enter the market through acquisitions, partnerships, or strategic relationships. Many of our domestic and foreign competitors have greater resources, experience or more developed customer relationships than we do. For example, foreign competitors may seek to leverage local or common language relationships to cater to potential customers of our clients. There are new market entrants with innovative revenue sharing and other pricing arrangements that are able to attract customers that we compete to serve. Our competitors vary in size, breadth, and scope of the solutions offered. Some of our competitors and potential competitors have greater name recognition, longer operating histories, more established client relationships, larger marketing budgets, and greater resources than us. Our competitors may be able to respond more quickly and effectively than we can to new or changing opportunities, technologies, standards, and client requirements. For example, an existing competitor or new entrant could introduce new technology that reduces demand for our solutions.

For these reasons, we may not be able to compete successfully against our current or future competitors, and this competition could result in the failure of our solutions to continue to achieve or maintain market acceptance, any of which would harm our business, operating results, and financial condition.

Our estimates of market opportunity and our ability to capture a meaningful share of this payment volume may prove to be inaccurate, and even if the market in which we compete achieves the forecasted growth, our business could fail to grow at similar rates, if at all.

Our market opportunity estimates, including those we have generated ourselves and our ability to capture a meaningful share of this payment volume, are subject to significant uncertainty and are based on assumptions and estimates that may not prove to be accurate. The variables that go into the calculation of our market opportunity are subject to change over time, and there is no guarantee that any payment volumes covered by our market opportunity estimates will materialize in clients using our solutions as anticipated or generate any particular level of revenue for us. Any expansion in our market depends on a number of factors, including the cost, performance, and perceived value

35

associated with our business and those of our competitors. Even if the market in which we compete meets the size estimates and growth forecasted, our business could fail to grow at similar rates, if at all. Our growth is subject to many factors, including our success in implementing our business strategy, which is subject to many risks and uncertainties.

Our clients in the education sector may be adversely affected by decreases in enrollment, pressure on tuition costs, or increased operating expenses, which may reduce demand for our solutions.

We are reliant on our education clients, including colleges, universities and other education-related organizations that include language schools, boarding schools, summer programs, and others, to drive enrollment at their schools and maintain tuition costs. Factors outside of our control will affect enrollments and tuition costs, including the following:

In addition, some clients’ customers may find that higher education is an unnecessary investment during uncertain economic times and defer enrollment in educational institutions until the economy grows at a stronger pace, or they may turn to less costly forms of secondary education, thus decreasing our education payment volumes. A significant decrease in the payment volume and resulting revenue from clients and their customers in this market, which represents, and is expected to continue to represent for the foreseeable future, a majority of our total payment volume and revenue, would have an adverse effect on our business, operating results and financial condition.

The healthcare industry is rapidly evolving and the market for technology-enabled payment services that empower healthcare clients and their customers is relatively immature and unproven. If we are not successful in promoting the benefits of our solutions, our growth may be limited.

The market for our payment solutions is subject to rapid and significant changes. The market for technology-enabled payment services that empower healthcare clients and their customers is characterized by rapid technological change, new product and service introductions, increasing patient financial responsibility, consumerism and engagement, the ongoing shift to value-based care and reimbursement models, and the entrance of non-traditional competitors. In addition, there may be a limited-time opportunity to achieve and maintain a significant share of this market due in part to the rapidly evolving nature of the healthcare and technology industries and the substantial resources available to our existing and potential competitors. The market for technology-enabled payment services that empower healthcare clients and their customers is relatively new and unproven, and it is uncertain whether this market will achieve and sustain high levels of demand and market adoption.

In order to remain competitive, we are continually involved in a number of projects to compete with these new market entrants by developing new solutions, growing our client base and penetrating new markets. Some of these projects include the expansion of our integration capabilities and the expansion of our mobile solutions. These projects carry risks, such as cost overruns, delays in delivery, performance problems and lack of acceptance by our clients. Our

36

integration partners may also decide to develop and offer their own patient engagement solutions that are similar to our solutions.

Our success depends on providing high-quality payment solutions that healthcare clients use to improve their financial and operational performance, allowing them to collect payments and enhance their revenue lifecycle management objectives. If we cannot adapt to rapidly evolving industry standards and technology and increasingly sophisticated and varied healthcare client and customer payment needs, our existing technology could become undesirable, obsolete or harm our reputation. We must continue to invest significant resources in our personnel and technology in a timely and cost-effective manner in order to enhance our existing solutions and introduce new high-quality solutions that existing clients and potential new clients will want. Our operating results would also suffer if our innovations are not responsive to the needs of our existing clients or potential new clients, are not appropriately timed with market opportunity, are not effectively brought to market or significantly increase our operating costs. If our new or modified product and service innovations are not responsive to the preferences of healthcare clients and their customers, emerging industry standards or regulatory changes, are not appropriately timed with market opportunity or are not effectively brought to market, we may lose existing clients or be unable to obtain new clients and our results of operations may suffer.

We believe demand for our payment solutions in the healthcare industry has been driven in large part by more patient responsibility for out-of-pocket spend, a trend towards higher deductibles for health care services, increased digitization in payments, and the tailoring of payment offers and increased patient engagement. Our success also depends to a substantial extent on the ability of our solutions to increase the volume of our clients’ customers payments, and our ability to demonstrate the value of our solutions to our clients. If our existing clients do not recognize or acknowledge the benefits of our solutions or our solutions do not drive payment volume, then the market for our solutions might not develop at all, or it might develop more slowly than we expect, either of which could adversely affect our operating results. A significant decrease in the payment volume and resulting revenue from our clients and their customers in the healthcare industry, which represents, and is expected to continue to represent for the foreseeable future, our second largest vertical by total payment volume and revenue, may have an adverse effect on our business, operating results and financial condition.

In addition, we have limited insight into trends that might develop and affect our healthcare business. We might make errors in predicting and reacting to relevant business, legal and regulatory trends and healthcare reform, which could harm our business. If any of these events occur, it could materially adversely affect our business, financial condition or results of operations.

Finally, our competitors, including major EHR providers, may have the ability to devote more financial and operational resources than we can to developing new technologies and services, including services that provide improved operating functionality, and adding features to their existing service offerings. Relationships with companies in the EHR space and business focused on revenue lifecycle management are critical to leverage if we are to add to our healthcare customer portfolio. Many of these companies may offer products and services similar to ours. If successful, their development efforts could render our solutions less desirable, resulting in the loss of our existing clients or a reduction in the fees we generate from our solutions.

Our business serving clients in the travel sector may be sensitive to events affecting the travel industry in general.

Events like regional or larger scale conflicts, war or other military conflict, including an escalation of the conflict between Russia and Ukraine, terrorist attacks, mass shooting incidents, natural disasters, such as hurricanes, earthquakes, fires, droughts, floods and volcanic activity, and travel-related health events, such as the COVID-19 pandemic, have a negative impact on the travel industry and affect travelers’ behavior by limiting their ability or willingness to visit certain locations. We are not in a position to evaluate the net effect of these circumstances on our business as these events are largely unpredictable; however, we believe there has been negative impact to our business due to such events. Furthermore, in the longer term, our business might be negatively affected by financial pressures on or changes to the travel industry. For example, certain jurisdictions, particularly in Europe, are considering regulations intended to address the issue of “overtourism” including by restricting access to city centers or popular tourist destinations or limiting accommodation offerings in surrounding areas, such as by restricting construction of new hotels or the renting of homes or apartments. Such regulations could adversely affect travel and the volume of travel related payments that we process for our clients. The United States has implemented or proposed, or is considering, various travel restrictions and actions that could affect U.S. trade policy or practices, which could also adversely affect travel to or from the United States. If such events result in a long-term negative impact on the travel industry, such impact could have a material adverse effect on our business. The payment volume and resulting revenue from our travel vertical represents, and is expected for the

37

foreseeable future to represent, less than 10% of our total payment volume and revenue. Because we seek to grow the payment volume and the revenue from this vertical in the future, failure to grow our payment volume and resulting revenue from this industry, may have an adverse effect on our business, operating results and financial condition.

In addition, the U.K’s withdrawal from the E.U. (Brexit), including uncertainty, delays or practical difficulties in the implementation of Brexit, could continue to lead to economic uncertainty, sluggish growth or economic retraction, and have a negative impact on the travel industry and our European business. The U.K. could lose access to the single E.U. market, travel between the U.K and E.U. countries could be restricted, and we could face new regulatory costs and challenges, the scope of which is presently unknown.

With respect to the COVID-19 pandemic specifically, our 2020 financial results related to serving our existing travel clients and growing our client base in the travel sector were negatively impacted. During the year ended December 31, 2021, we witnessed recoveries in our financial results and growth in revenue and payment volumes in our travel payment vertical. While improvements have been noted, we are still experiencing impacts to our travel clients. We expect the continued effects of the COVID-19 pandemic, including the emergence and spread of variants or sub-variants of COVID-19, will continue to negatively impact our business into 2022, but the extent and duration of such impact in the long term is largely uncertain as it is dependent on future developments that cannot be accurately predicted at this time, including but not limited to the severity and transmission rate of the virus, global availability of vaccines and administration of vaccination, the rate of “herd immunity” and the extent and effectiveness of containment actions taken, including mobility restrictions, and the impact of these and other factors on travel behavior.

If we are unable to enter or expand new client verticals, including our relatively new B2B payment vertical, or if our solutions for any new vertical fail to achieve market acceptance, our operating results could be adversely affected and we may be required to reconsider our growth strategy.

Our growth strategy is influenced, in part, on our ability to expand into new client verticals, including our relatively new B2B payment vertical. The B2B payment vertical represents a relatively new market for us, and we have limited prior experience with the key ERP platforms that are critical to the B2B payment vertical. Accordingly, our lack of experience in the B2B payment vertical and with the key ERP platforms may result in operational difficulties, which could cause a delay or failure to integrate and realize the benefits of entering into this vertical. In addition, B2B payments carry a higher risk profile than education or healthcare receivables, and we will be required to devote more resources to manage the increased risk inherent in these payments. The payment volume and resulting revenue from our B2B payment vertical represents, and is expected for the foreseeable future to represent, less than 10% of our total payment volume and revenue. We expect both the payment volume and the revenue from this vertical to grow over time. As such, failure to grow our payment volume and resulting revenue from our B2B payment vertical may have an adverse effect on our business, operating results and financial condition.

We may be unable to identify new verticals that meet our criteria for selecting industries that our solutions are ideally suited to address. In addition, our market validation process may not support entry into selected verticals due to our perception of the overall market opportunity or of the willingness of market participants within those verticals to adopt our solutions.

Even if we choose to enter new verticals, our market validation process does not guarantee our success. We may be unable to tailor our solutions for a new vertical or, in the event that we enter a new vertical by way of a strategic acquisition, we may be unable to leverage the acquired platform in time to take advantage of the identified market opportunity, and any delay in our time-to-market could expose us to additional competition or other factors that could impede our success. In addition, any solution we develop or acquire for a new vertical may not provide the functionality required by potential clients or their customers and, as a result, may not achieve widespread market acceptance within the new vertical. To the extent we choose to enter new verticals, whether organically or via strategic acquisition, we may invest significant resources to develop and expand the functionality of our solutions to meet the needs of customers in those verticals, which investments will occur in advance of our realization of revenue from them.

Consolidation in the payment processing or enablement industry could have a material adverse effect on our business, financial condition and results of operations.

Many payment processing or enablement industry participants are consolidating to create larger and more integrated financial processing systems with greater market power. We expect regulatory and economic conditions to result in additional consolidation in the healthcare industry in the future. As consolidation accelerates, the economies of scale of our clients’ organizations may grow. If a client experiences sizable growth following consolidation, it may determine that it no longer needs to rely on us and may reduce its demand for our solutions. In addition, as payment processing providers consolidate to create larger and more integrated systems with greater market power, these providers

38

may try to use their market power to negotiate fee reductions for our solutions. Finally, consolidation may also result in the acquisition or future development by our clients of products and services that compete with our solutions. Any of these potential results of consolidation could have a material adverse effect on our business, financial condition and results of operations.

Risks Related to Our Operations

We may not be able to scale our business quickly enough to meet our growing client base, and if we are not able to grow efficiently, our operating results could be harmed.

As usage of our solutions grows and we sign additional clients and technology partners, we will need to devote additional resources to improving and maintaining our infrastructure and global payments network and integrating with third-party applications to maintain the performance of our solutions. In addition, we will need to appropriately scale our internal business systems, including client support, our 24x7 assistance to clients’ customers and risk and compliance operations, to serve our growing client base.

Any failure of or delay in these efforts could result in interruptions to our solutions, impaired system performance, and reduced client satisfaction, resulting in decreased sales to clients, lower renewal rates by existing clients, the issuance of service credits, or requested refunds, all of which could hurt our revenue growth. If sustained or repeated, these performance issues could reduce the attractiveness of our solutions to clients and their customers and could result in lost client opportunities and lower renewal rates, any of which could hurt our revenue growth, client loyalty, and our reputation. Even if we are successful in these efforts to scale our business, they will be expensive and complex, and require the dedication of significant management time and attention. We could also face inefficiencies or service disruptions as a result of our efforts to scale our internal infrastructure. We cannot be sure that the expansion and improvements to our internal infrastructure will be effectively implemented on a timely basis, if at all, and such failures could adversely affect our business, operating results, and financial condition.

We enable the transfer of large sums of funds to our clients daily, and are subject to the risk of errors, which could result in financial losses, damage to our reputation, or loss of trust in our brand, which would harm our business and financial results.

For the year ended December 31, 2021, we processed over $13.2 billion in payments on our solutions, compared to approximately $7.5 billion for the year ended December 31, 2020. For the year ended December 31, 2020, we processed over $7.5 billion in payments on our solutions, compared to approximately $5.8 billion for the year ended December 31, 2019. We have grown rapidly and seek to continue to grow, and our business is subject to the risk of financial losses as a result of chargebacks for client-related losses, credit losses, operational errors, software defects, service disruption, employee misconduct, security breaches, or other similar actions or errors in our solutions. As a provider of accounts receivable and other payment solutions, we enable the transfer of funds to our clients from their customers. Software errors in our solutions and operational errors by our FlyMates and business partners may also expose us to losses.

Moreover, our trustworthiness and reputation are fundamental to our business. As a global payments enablement and software company, the occurrence of any credit losses, operational errors, software defects, service disruption, employee misconduct, security breaches, or other similar actions or errors in our solutions could result in financial losses to our business and our clients, loss of trust, damage to our reputation, or termination of our agreements with strategic partners, each of which could result in:

There can be no assurance that the insurance we maintain to cover losses resulting from our errors and omissions will cover all losses or our coverage will be sufficient to cover our losses. If we suffer significant losses or reputational harm as a result, our business, operating results, and financial condition could be adversely affected.

39

If we are unable to maintain or expand our ability to offer a variety of local and international payment methods for our clients to make available to their customers, or if we fail to continue to grow and develop preferred payment choices, our business may be materially and adversely affected.

The continued growth and development of our proprietary global payments network will also depend on our ability to anticipate and adapt to changes in client and customer behavior. For example, behavior may change regarding the use of credit and debit card transactions, including the relative increased use of cash, crypto-currencies, other emerging or alternative payment methods and credit card systems that may include strong regional preferences that we or our processing partners do not adequately support. Any failure to timely integrate emerging payment methods into our solutions, anticipate behavior changes, or contract with payment processing partners that support such emerging payment technologies could cause our clients to use our solutions less, resulting in a corresponding loss of revenue, in the event such methods become popular among their customers.

The number and variety of the payment methods we offer or currencies we are able to service may not meet client expectations, or the costs borne by our clients’ customers in completing payments may become unsuitable. Accordingly, we may need to change our pricing strategies or reduce our prices, which could harm our revenue, gross profits, and operating results.

We utilize a number of payment providers to clear and settle transactions for our clients, including payments providers such as China UnionPay Co. Ltd. and Adyen N.V. If the services provided by these partners become unavailable due to extended outages or interruptions or because they are no longer available on commercially reasonable terms or prices, or for any other reason, our expenses could increase and our ability to process certain payments could be materially interrupted, all of which could harm our business, financial condition, and results of operations. In addition, our agreements with these providers include certain terms and conditions. These providers have broad discretion to change their terms of service and other policies with respect to our business, and those changes may be unfavorable to us. Therefore, we believe that maintaining successful partnerships with these payment providers is critical to our success.

We, our strategic partners and our clients obtain and process large amounts of personal and sensitive data. Any real or perceived improper or unauthorized use of, disclosure of, or access to such data could harm our reputation as a trusted brand, as well as have a material adverse effect on our business.

We, our strategic partners and our clients, and the third-party vendors that we use, obtain and process large amounts of sensitive data, including personally identifiable information, also referred to as “personal data,” and other potentially sensitive data related to our clients, their customers and each of their transactions, as well as a variety of such data relating to our own workforce and internal operations. We face risks, including to our reputation as a trusted brand, in the handling and protection of this data, and these risks will increase as our business continues to expand to include new solutions and technologies.

We are responsible for data security for ourselves and for third parties with whom we partner and under the rules and regulations established by the payment networks, such as Visa, Mastercard and American Express, and debit card networks and by industry regulations and standards that may be promulgated by organizations such as NACHA, which manages the governance of the ACH network in the United States. These third parties include our distribution partners and other third-party service providers and agents. We and other third parties collect, process, store and/or transmit personal and sensitive data, such as names, addresses, social security numbers, credit or debit card numbers and expiration dates, driver’s license numbers and bank account numbers. We have ultimate liability to the payment networks and to our customers for our failure or the failure of third parties with whom we contract to protect this data in accordance with PCI DSS and network requirements. The loss, destruction or unauthorized modification or disclosure of merchant or cardholder data by us or our contracted third parties could result in significant fines, sanctions and proceedings or actions against us by the payment networks, governmental entities, clients, client customers or others and damage our reputation.

Similarly, there are existing regulatory regimes designed to protect the privacy of categories of personal or otherwise sensitive data. Relevant U.S. federal privacy laws include the FERPA, the Gramm-Leach-Bliley Act (GLBA), and HIPAA. We also are subject to stringent contractual obligations relating to the handling of such data, including obligations that are more restrictive than legally required. For example, under HIPAA, the information we collect during the payment experience may include protected health Information (PHI), and as such, we are considered a “business associate” of the U.S. healthcare clients we serve, and we are required to enter into a business associate agreement (BAA) with these clients. The BAAs largely mirror some of the statutory obligations contained in HIPAA, but many contain additional contractual undertakings that give these clients additional remedies in the event of a breach of our obligations to protect the confidentiality of the client’s PHI or otherwise meet our contractual obligations. Privacy laws impose a variety of compliance burdens on us and our clients, such as requiring notice to individuals of privacy practices, providing individuals with certain rights to prevent the use and disclosure of protected information, and also imposing requirements

40

for safeguarding and proper destruction of personal information through the issuance of data security standards or guidelines. Privacy laws grant audit rights to our regulators and those of our clients. Any unauthorized disclosure of PHI or other data we are obligated to protect by regulation or contract could result in significant fines, sanctions, or requirements to take corrective action that could materially adversely affect our reputation and business.

Threats may derive from human error, fraud, or malice on the part of employees or third parties, or from accidental technological failure. For example, certain of our employees have access to personal and sensitive data that could be used to commit identity theft or fraud. Concerns about security increase when we transmit information electronically because such transmissions can be subject to attack, interception, or loss. Also, computer viruses can be distributed and spread rapidly over the Internet and could infiltrate our systems or those of our contracted third parties. Denial of service or other attacks could be launched against us for a variety of purposes, including interfering with our solutions or to create a diversion for other malicious activities. These and other types of actions and attacks could disrupt our delivery of solutions or make them unavailable. Any such actions or attacks against us or our contracted third parties could impugn our reputation, force us to incur significant expenses in remediating the resulting impacts, expose us to uninsured liability, result in the loss of our bank sponsors or our ability to participate in the payment networks, increase our risk of regulatory scrutiny and the costs associated with such scrutiny, subject us to lawsuits, fines or sanctions, distract our management, or increase our costs of doing business.

We and our contracted third parties could be subject to security breaches by hackers. Our encryption of data and other protective measures may not prevent unauthorized access to or use of personal and sensitive data. A breach of a system may subject us to material losses or liability, including payment network fines, assessments and claims for unauthorized purchases with misappropriated credit, debit or card information, impersonation, or other similar fraud claims. A misuse of such data or a cybersecurity breach could harm our reputation and deter clients and their customers from using electronic payments generally and our solutions specifically, thus reducing our revenue. In addition, any such misuse or breach could cause us to incur costs to correct the breaches or failures, expose us to uninsured liability, increase our risk of regulatory scrutiny and the costs associated with such scrutiny, subject us to lawsuits, and result in the imposition of material penalties and fines under state and federal laws or by the payment networks. The insurance coverage we maintain to cover cyber risks may be insufficient to cover all losses. In addition, a significant cybersecurity breach of our systems or communications could result in payment networks prohibiting us from processing transactions on their networks or the loss of our bank sponsors that facilitate our participation in the payment networks, either of which could materially impede our ability to conduct business.

Cyber incidents have been increasing in sophistication and frequency and can include third parties gaining access to employee or customer data using stolen or inferred credentials, computer malware, viruses, spamming, phishing attacks, ransomware, card skimming code, and other deliberate attacks and attempts to gain unauthorized access. Providers of payment and accounts receivable software have frequently been targeted by such attacks and due to the war in the Ukraine and continued political uncertainty involving Russia and Ukraine and potentially other regions of Europe, there is an increased likelihood that escalation of tensions could result in cyber-attacks that could either directly or indirectly impact our operations. Because of this, we face additional cybersecurity challenges, including threats to our own IT infrastructure or those of our clients, our customers’ clients, and/or third-party providers, that may take a variety of forms ranging from stolen bank accounts, business email compromise, client employee fraud, account takeover, or check fraud, to “mega breaches” targeted against payment and accounts receivable software, which could be initiated by individual or groups of hackers or sophisticated cyber criminals using any of the methods described above. A cybersecurity incident or breach could result in disclosure of confidential information and intellectual property, or cause production downtimes and compromised data. We have in the past experienced cybersecurity incidents of limited scale, and we may in the future experience other data security incidents or breaches affecting personally identifiable information or other confidential business information. We may be unable to anticipate or prevent techniques used in the future to obtain unauthorized access or to sabotage systems because they change frequently and often are not detected until after an incident has occurred. As we increase our client base and our brand becomes more widely known and recognized, third parties may increasingly seek to compromise our security controls or gain unauthorized access to our sensitive corporate information or our clients’ (or our clients’ customers’) data.

Additionally, it is also possible that unauthorized access to sensitive customer and business data may be obtained through inadequate use of security controls by our customers, suppliers or other vendors. While we are still not currently aware of any impact that the SolarWinds supply chain attack had on our business, this is a relatively recent event, and the scope of the attack is still undetermined. Therefore, there is residual risk that we could experience a security breach arising from the SolarWinds supply chain attack.

We have administrative, technical, and physical security measures in place, and we have policies and procedures in place to both evaluate the security protocols and practices of our vendors and to contractually require service providers to

41

whom we disclose personal data to implement and maintain privacy and security measures. However, we cannot provide assurance that the contractual requirements related to security and privacy that we impose on our service providers will be followed, or that those requirements, or our internal measures, will be adequate to prevent the unauthorized use or disclosure of data. If our privacy protection or security measures or those of the previously mentioned third parties are inadequate or are breached as a result of third-party action, employee or contractor error, malfeasance, malware, phishing, hacking attacks, system error, software bugs or defects in our solutions, trickery, process failure, or otherwise, and, as a result, there is improper disclosure of, or someone obtains unauthorized access to or extract funds or sensitive information, including personally identifiable information, on our systems or our partners’ systems, or if we suffer a ransomware or advanced persistent threat attack, or if any of the foregoing is reported or perceived to have occurred, our reputation and business could be damaged. Recent high-profile security breaches and related disclosures of personal and sensitive data by large institutions suggest that the risk of such events is significant, even if privacy protection and security measures are implemented and enforced. If personal or sensitive information is lost or improperly disclosed or threatened to be disclosed, we could incur significant costs associated with remediation and the implementation of additional security measures, including costs to deploy additional personnel and protection technologies, train employees, and engage third-party experts and consultants. In addition, we may incur significant liability and financial loss and may be subject to regulatory scrutiny, investigations, proceedings, and penalties.

Under our terms of service and our contracts with strategic partners and clients, if there is a breach of payment information that we store, we could be liable for their losses and related expenses. Additionally, if our own confidential business information were improperly disclosed, our business could be materially and adversely affected. A core aspect of our business is the reliability and security of our solutions. Any perceived or actual breach of security, regardless of how it occurs or the extent of the breach, could have a significant impact on our reputation as a trusted brand, cause us to lose existing partners or clients, prevent us from obtaining new partners, clients or customers, require us to expend significant funds to remedy problems caused by breaches and implement measures to prevent further breaches, and expose us to legal risk and potential liability including those resulting from governmental or regulatory investigations, class action litigation, and costs associated with remediation, such as fraud monitoring and forensics. Any actual or perceived security breach at a company providing services to us or our clients could have similar effects.

We cannot be certain that our insurance coverage will be adequate for data handling or data security liabilities actually incurred, that insurance will continue to be available to us on economically reasonable terms, or at all, or that any insurer will not deny coverage as to any future claim. The successful assertion of one or more large claims against us that exceed available insurance coverage, or the occurrence of changes in our insurance policies, including premium increases or the imposition of large deductible or co-insurance requirements, could have a material adverse effect on our business, including our financial condition, operating results, and reputation.

Our risk management efforts may not be effective to prevent fraudulent activities by our customers, employees or other third parties, which could expose us to material financial losses and liability and otherwise harm our business.

Our software provides payment facilitation solutions for a large number of our clients and their customers. We are responsible for performing KYC reviews of our clients, sanctions screening their customers, and monitoring transactions for fraud. We have been and may continue to be targeted by parties who seek to commit acts of financial fraud using techniques such as stolen identities and bank accounts, compromised business email accounts, employee or insider fraud, account takeover, false applications, and fake invoicing. We may suffer losses from acts of financial fraud committed by our clients, our clients’ customers and purported customers, our employees and payment partners or third parties.

The techniques used to perpetrate fraud are continually evolving and we may not be able to identify all risks created by new solutions or functionality. Our risk management policies, procedures, techniques, and processes may not be sufficient to identify all of the risks to which we are exposed, to enable us to prevent or mitigate the risks we have identified, or to identify additional risks to which we may become subject in the future. Furthermore, our risk management policies, procedures, techniques, and processes may contain errors or our employees or agents may commit mistakes or errors in judgment as a result of which we may suffer large financial losses. The software-driven and highly automated nature of our solutions could enable criminals and those committing fraud to steal significant amounts of money accessing our solutions. As greater numbers of our clients' customers use our solutions, and we serve clients in industries that are at higher risk for fraudulent activity, our exposure to material risk losses from a single client, or from a small number of clients, will increase. In addition, our clients or their customers may suffer losses from acts of financial fraud by third parties posing as us through account takeover, credential harvesting, use of stolen identities and various other techniques, which could harm our reputation, consume significant time of our compliance, security and client relations

42

teams to investigate and remediate, or prompt us to reimburse our clients for such losses in order to maintain client business relationships.

Our current business and anticipated growth will continue to place significant demands on our risk management efforts, and we will need to continue developing and improving and investing in our existing risk management infrastructure, policies, procedures, techniques, and processes. As techniques used to perpetrate fraud on our solutions evolve, we may need to modify our solutions to mitigate fraud risks. As our business grows and becomes more complex, we may be less able to forecast and carry appropriate reserves in our books for fraud related losses. Further, these types of fraudulent activities targeting our solutions can also expose us to civil and criminal liability, governmental and regulatory sanctions as well as potentially cause us to be in breach of our contractual obligations to our clients and partners.

We are exposed to fluctuations in foreign currency exchange rates that could materially and adversely affect our results of operations.

A majority of the total payment volume we have historically processed is cross-border payments denominated in many foreign currencies, which subjects us to foreign currency risk. The strengthening or weakening of the U.S. dollar versus these foreign currencies impacts the translation of our net revenues generated in these foreign currencies into the U.S. dollar. In connection with providing our solutions in multiple currencies, we may face financial exposure if we are unable to implement appropriate hedging strategies, negotiate beneficial foreign exchange rates, or as a result of fluctuations in foreign exchange rates between the times that we set them. We also have foreign exchange risk on our assets and liabilities denominated in currencies other than the functional currency of our subsidiaries. We also incur expenses for employee compensation and other operating expenses at our non-U.S. locations in the local currency. Fluctuations in the exchange rates between the U.S. dollar and other currencies, including the recent depreciation of the Russian ruble, could result in the dollar equivalent of our expenses being higher which may not be offset by additional revenue earned in the local currency. This could have a negative impact on our reported results of operations.

Periods of instability in the Eurozone, including fears of sovereign debt defaults, and stagnant growth generally, and of certain Eurozone member states in particular, have resulted in concerns regarding the suitability of a shared currency for the region, which could lead to the reintroduction of individual currencies for member states. If this were to occur, Euro-denominated assets and liabilities would be re-denominated to such individual currencies, which could result in a mismatch in the values of assets and liabilities and expose us to additional currency risks.

As our international operations continue to grow, our risks associated with fluctuation in currency rates will become greater, and we will continue to reassess our approach to managing this risk, such as using foreign currency forward and option contracts to hedge certain exposures to fluctuations in foreign currency exchange rates. In addition, currency fluctuations or a weakening U.S. dollar can increase the costs of our international operations, and the strengthening U.S. dollar could slow international demand as solutions priced in the U.S. dollar become more expensive.

If we fail to adapt and respond effectively to rapidly changing technology, evolving industry standards, changing regulations, and changing business needs, requirements, or preferences, or if we fail to continue to grow and develop our payments solutions, our business may be materially and adversely affected.

Our future success depends in large part on the continued growth and development of our payments solutions. If such activities are limited, restricted, curtailed or degraded in any way, or if we fail to continue to grow and develop our payments solutions, our business may be materially and adversely affected. The market for payments enablement solutions is relatively new and subject to changes in technology, regulatory regimes, industry standards, payment methods, regulations and client and customer needs. The success of our business will depend, in part, on our ability to adapt and respond effectively to these changes through methods which include launching new solutions.

The success of any new product and service, or any enhancements or modifications to existing solutions, depends on several factors, including the timely completion, introduction, and market acceptance of such solutions, enhancements, and modifications. Our engineering and software development teams operate in different locations across the globe (including teams in Valencia, Spain, Cluj, Romania, Chicago and Tel Aviv, Israel), which can create logistical challenges. If we are unable to effectively coordinate with our global technology and development teams to enhance our solutions, add new payment methods or develop new solutions that keep pace with technological and regulatory changes to achieve market acceptance, or if new technologies emerge that are able to deliver competitive solutions that are more effective, secure, convenient or cost effective than our solutions, our business, operating results, and financial condition would be adversely affected. Furthermore, modifications to our existing solutions or technology will increase our technology and development expenses. Any failure of our solutions to operate effectively with existing or future network solutions and technologies could reduce the demand for our solutions, result in clients or clients' customer dissatisfaction and adversely affect our business.

43

Changes to payment card networks fees or rules could harm our business.

We are required to comply with Mastercard, American Express, and Visa payment card network operating rules and the rules of other regional card (such as China Unionpay or JCB) or payment providers, in connection with our solutions. We have agreed to reimburse our merchant acquirers for any fines they are assessed by payment card networks as a result of any rule violations by us. We may also be directly liable to the payment card networks for rule violations. The payment card networks set and interpret the card operating rules. The payment card networks could adopt new operating rules or interpret or reinterpret existing rules that we or our processors might find difficult or even impossible to follow, or costly to implement. For example, the card networks could adopt new rules or reinterpret existing rules to substantially modify how we offer credit card payment methods to our clients, or impose new fees or costs that could negatively impact our margins. Card networks also could modify security or fraud detection methodologies that could have a downstream impact on our business, and force us to change our solutions, payment experience or security protocols, which may increase our operating costs. We also may seek to introduce other card-related solutions in the future, which would entail additional operating rules. As a result of any violations of rules, new rules being implemented, or increased fees, we could lose our ability to offer certain cards as a payment method to our clients’ customers, or such payments could become prohibitively expensive for us or for our clients. Additionally, from time to time, card networks, including Visa and Mastercard, increase the fees that they charge processors. We could attempt to pass these increases along to our clients and their customers, but this strategy might result in the loss of clients to our competitors who do not pass along the increases. If competitive practices prevent us from passing along the higher fees to our clients and their customers in the future, we may have to absorb all or a portion of such increases, which may increase our operating costs and reduce our profit margins. If we are unable to offer credit cards as a payment method to our clients’ customers, our business would be adversely affected.

If we do not or cannot maintain the compatibility of our solution with evolving software solutions used by our clients, or the interoperability of our solutions with those of our third-party payment providers, payment networks and key software vendors, our business may be materially and adversely affected.

Our solutions integrate with ERP systems, such as Ellucian Company, L.P. in education, Epic Systems Corporation in healthcare, Rezdy Pty Ltd in travel and Oracle Corporation in B2B payments. We automatically synchronize suppliers, clients, client customers, invoices, and payment transactions between our solutions and these systems. This two-way sync eliminates duplicate data entry and provides the basis for managing cash-flow through an integrated solution for accounts receivable, and payments.

In addition, we are subject to certain standard terms and conditions with these partners. These partners have broad discretion to change their terms of service and other policies, and those changes may be unfavorable to us. Therefore, we believe that maintaining successful partnerships with these providers is critical to our future success.

We also rely on our proprietary global payment network comprised of leading global, regional and local banks and technology and payment partners. If we do not or cannot maintain the interoperability of their products or services or the products or our key software vendors that are integral to our solutions, our business may be materially and adversely affected. These third parties periodically update and change their systems, and although we have been able to adapt our solutions to their evolving needs in the past, there can be no guarantee that we will be able to do so in the future. In particular, if we are unable to adapt to such changes, we may not be able to utilize these strategic partners and we may lose access to large numbers of clients as a result.

If any of the third party software providers change the features of their APIs, discontinue their support of such APIs, restrict our access to their APIs, or alter the terms governing their use in a manner that is adverse to our business, we will not be able to provide synchronization capabilities, which could significantly diminish the value of our solutions and harm our business, operating results, and financial condition.

If we fail to maintain and enhance our brand, our ability to expand our client base will be impaired and our business, operating results, and financial condition may suffer.

We believe that further developing, maintaining and enhancing our brand domestically and on a global basis is important to support the marketing and sale of our existing and future solutions to new clients and to attracting additional and strategic partners. Successfully further developing, maintaining and enhancing our brand will depend largely on the effectiveness of our marketing and demand generation efforts, our ability to provide reliable and seamless solutions that continue to meet the needs of our clients and their customers at competitive prices, our ability to maintain our clients’ trust, our ability to continue to develop new functionality, solutions, and our ability to successfully differentiate solutions from competitive solutions. Our brand promotion activities may not generate client awareness or yield increased revenue,

44

and even if they do, any increased revenue may not offset the expenses we incur in building our brand. If we fail to successfully promote and maintain our brand, our business could suffer.

If we lose key members of our management team or are unable to attract and retain executives and employees we need to support our operations and growth, our business may be harmed.

Our success and future growth depend upon the continued services of our management team and other key employees. Our Chief Executive Officer, Michael Massaro, and our President and Chief Operating Officer, Rob Orgel, are critical to our overall management, as well as the continued development of our solutions, strategic partnerships, culture, relationships with financial institutions, and strategic direction. From time to time, there may be changes in our management team resulting from the hiring or departure of executives and key employees, which could disrupt our business. Our senior management and key employees are employed on an at-will basis. We currently have “key person” insurance on our Chief Executive Officer, Michael Massaro, but not for any of the other members of our management team. Certain of our key employees have been with us for a long period of time and have fully vested stock options or other long-term equity incentives that may become valuable and are publicly tradable subject to Rule 144 limitations, which may reduce the incentive for each of these key employees to remain at our Company. We cannot ensure that we will be able to retain the services of any members of our senior management or other key employees or that we would be able to timely replace members of our senior management or other key employees should any of them depart. The loss of our Chief Executive Officer, or our President and Chief Operating Officer, or one or more of our senior management, or other key employees could harm our business, and we may not be able to find adequate replacements.

The failure to attract and retain additional qualified personnel could prevent us from executing our business strategy and growth plans.

To execute our business strategy, we must attract and retain highly qualified personnel. Competition for executive officers, software developers, compliance and risk management personnel and other key employees in our industry and locations is intense and increasing, especially in the U.S., where wage inflation has been increasing. We compete with many other companies for software developers with high levels of experience in designing, developing, and managing payment systems, as well as for skilled legal and compliance and risk operations professionals. Many of the companies with which we compete for experienced personnel have greater resources than we do and can frequently offer such personnel substantially greater compensation than we can offer. If we fail to identify, attract, develop and integrate new personnel, or fail to retain and motivate our current personnel, our growth prospects would be adversely affected.

If we cannot maintain our company culture as we grow, our success and our business may be harmed.

We believe our culture has been a key contributor to our success to date and that the critical nature of the solutions that we provide promotes a sense of greater purpose and fulfillment in our FlyMates. Any failure to preserve our culture could negatively affect our ability to retain and recruit personnel, which is critical to our growth, and to effectively focus on and pursue our corporate objectives. As we grow and develop the infrastructure of a public company, we may find it difficult to maintain these important aspects of our culture. If we fail to maintain our culture, our business and competitive position may be adversely affected.

Our sales cycles may be long and vary.

We devote significant resources to establish relationships with new clients and deepen relationships with existing clients. The sales cycles of our solutions tend to vary depending on the client industry sector which may make forecasting more complex and uncertain.

As a result of the ongoing COVID-19 pandemic, many enterprises have limited travel, prohibited in person meetings and implemented other restrictions that could make the sales process more lengthy and difficult. Mid-market and large enterprises tend to have more complex operating environments than smaller businesses, making it often more difficult and time-consuming for us to demonstrate the value of our solutions to prospective clients. The decision to use our solutions may also be an enterprise-wide decision, and require us to provide greater levels of education regarding the use and benefits of our solutions, which may result in additional time, effort, and money spent on our sales cycle without any assurance that our efforts will be successful in generating any sales. Often, major hospital systems and national or state higher education systems will solicit service offers by issuing requests for proposals (RFPs), which are generally a time- and resource-intensive process, with no assurances of being selected as a vendor after the RFP process is completed. Finally, large enterprises typically have longer implementation cycles, especially hospital and education systems, require greater product functionality and scalability and a broader range of services, demand that vendors take on a larger share of risks, sometimes require longer testing periods that delay general availability of our solutions, and expect greater payment flexibility from vendors. All of these factors can add further risk to business conducted with these clients. If we fail

45

to realize an expected sale from a large end-client in a particular quarter or at all, our business, operating results, and financial condition could be materially and adversely affected.

In addition, we may face unexpected deployment challenges with enterprise clients. It may be difficult to deploy our software solutions if a client has unexpected database, hardware or software technology issues, or if a client insists on a more customized or unique solution that is time intensive or that we have little prior experience in delivering. Decisions on timing of deployments may also be impacted by cost and availability of personnel. Any difficulties or delays in the initial implementation could cause clients to reject our solutions or lead to the delay or non-receipt of future orders, in which case our business, operating results and financial condition would be harmed.

Our operating results depend in substantial part on our ability to deliver a successful client experience and persuade our clients to grow their relationship with us over time. As we expect to grow rapidly, our client acquisition costs could outpace our build-up of recurring revenue, and we may be unable to reduce our total operating costs through economies of scale such that we are unable to achieve profitability. Any increased or unexpected costs or unanticipated delays, including delays caused by factors outside of our control, could cause our operating results to suffer.

We typically incur significant upfront costs in our client relationships, and if we are unable to develop or grow these relationships over time, we are unlikely to recover these costs and our operating results may suffer.

We devote significant resources to establish relationships with new clients and deepen relationships with existing clients. Our sales cycle for our solutions can be variable, typically ranging from three to nine months from initial contact to contract execution. However, there is potential for our sales cycle to extend beyond three to nine months as a result of the COVID-19 pandemic and other factors. During the period of our sales cycle, our efforts involve educating our clients about the use, technical capabilities and benefits of our solutions. Our operating results depend in substantial part on our ability to deliver a successful client experience and persuade our clients to grow their relationship with us over time. As we expect to grow rapidly, our client acquisition costs could outpace our build-up of recurring revenue, and we may be unable to reduce our total operating costs through economies of scale such that we are unable to achieve profitability. Any increased or unexpected costs or unanticipated delays, including delays caused by factors outside of our control, could cause our operating results to suffer.

If we fail to offer high-quality client support, or if our support is more expensive than anticipated, our business and reputation could suffer.

Our clients and their customers rely on our support services to resolve issues and realize the full benefits provided by our solutions. High-quality support is also important for the expansion of the use of our solutions with existing clients and their customers. We provide multilingual support over chat, email or via telephone. The number of our clients, and the number of their customers utilizing our solutions, has grown significantly and such growth, as well as any future growth, will put additional pressure on our client service organization. If we do not help our clients and their customers quickly resolve issues and provide effective ongoing support, or if our support personnel or methods of providing support are insufficient to meet the needs of our clients and their customers, our ability to retain clients and their customers and acquire new clients and customers could suffer, and our reputation with existing or potential clients could be harmed. Providing an exceptional client experience requires significant time and resources from our client service team. Therefore, failure to scale our client service organization adequately may adversely impact our business results and financial condition.

In addition, as we continue to grow our operations and continue to expand to new jurisdictions, we need to be able to provide efficient client service that meets our clients’ needs globally at scale. In geographies where we sell through our channel partners, if we are unable to provide a high quality client experience tailored to the language and culture of the applicable jurisdiction, our business operations and reputation may suffer.

We may require additional capital to support the growth of our business, and this capital might not be available on acceptable terms, if at all.

We have funded our operations since inception primarily through equity and debt financings, sales of our solutions, and fees. We cannot be certain when or if our operations will generate sufficient cash to fully fund our ongoing operations or the growth of our business. We intend to continue to make investments to support our business, which may require us to engage in equity or debt financings to secure additional funds. Additional financing may not be available on terms favorable to us, if at all. If adequate funds are not available on acceptable terms, we may be unable to invest in future growth opportunities, which could harm our business, operating results, and financial condition. If we incur additional debt, the debt holders would have rights senior to holders of common stock to make claims on our assets, and the terms of any debt could restrict our operations, including our ability to pay dividends on our common stock. Furthermore, if we issue

46

additional equity securities, stockholders will experience dilution, and the new equity securities could have rights senior to those of our common stock. Because our decision to issue securities in the future will depend on numerous considerations, including factors beyond our control, we cannot predict or estimate the amount, timing, or nature of any future issuances of debt or equity securities. As a result, our stockholders bear the risk of future issuances of debt or equity securities reducing the value of our common stock and diluting their interests.

Our business could be harmed as a result of the risks associated with our acquisitions.

As part of our business strategy, we have in the past and intend to continue to seek to acquire or invest in businesses, products or technologies that could complement or expand our business, enhance our technical capabilities or otherwise offer growth opportunities by providing us with additional intellectual property, client relationships and geographic coverage. The pursuit of potential acquisitions may divert the attention of management and cause us to incur various expenses in identifying, investigating, and pursuing suitable acquisitions, whether or not such acquisitions are completed. In addition, we can provide no assurances that we will be able to find and identify desirable acquisition targets or that we will be successful in entering into a definitive agreement with any one target. In addition, even if we reach a definitive agreement with a target, there is no assurance that we will complete any future acquisition or if we do acquire additional businesses, we may not be able to integrate them effectively following the acquisition or effectively manage the combined business following the acquisition.

Any acquisitions we undertake or have recently completed, including the acquisition of WPM in December 2021 and Simplee in February 2020, will likely be accompanied by business risks which may include, among other things:

These factors could harm our business, results of operations or financial condition.

In addition to the risks commonly encountered in the acquisition of a business or assets as described above, we may also experience risks relating to the challenges and costs of closing a transaction. The risks described above may be exacerbated as a result of managing multiple acquisitions at once.

Systems failures and resulting interruptions in the availability of our solutions could harm our business.

Our systems and those of our service providers and partners have experienced from time to time, and may experience in the future, service interruptions or degradation because of hardware and software defects or malfunctions, distributed denial-of-service and other cyberattacks, insider threats, human error, earthquakes, hurricanes, floods, fires, and other natural disasters, war or other military conflict, including an escalation of the conflict between Russia and Ukraine, power losses, disruptions in telecommunications services, fraud, computer viruses or other malware, or other events. Some of our systems are not fully redundant, and our disaster recovery planning may not be sufficient for all

47

possible outcomes or events. In addition, as a provider of payments solutions targeted to highly regulated clients in industries such as education and healthcare, we are subject to heightened scrutiny by regulators that may require specific business continuity, resiliency and disaster recovery plans, and more rigorous testing of such plans, which may be costly and time-consuming to implement, and may divert our resources from other business priorities.

A prolonged interruption in the availability, speed, or functionality of our solutions or payment methods could materially harm our business. Frequent or persistent interruptions in our solutions could cause current or potential clients and their customers to believe that our systems are unreliable, leading them to switch to our competitors or to avoid or reduce the use of our solutions, and could permanently harm our reputation and brand. Moreover, if any system failure or similar event results in damages to our clients or their customers and business partners, these clients, customers or partners could seek significant compensation or contractual penalties from us for their losses, and those claims, even if unsuccessful, would likely be time-consuming and costly for us to address.

We have undertaken and continue to make certain technology and network upgrades and redundancies which are designed to improve the reliability of our solutions. These efforts are costly and time-consuming, involve significant technical risk and may divert our resources from new features and solutions, and there can be no guarantee that these efforts will succeed. Because we are a regulated payments institution in certain jurisdictions, frequent or persistent interruptions could lead to regulatory scrutiny, significant fines and penalties, and mandatory and costly changes to our business practices, and ultimately could cause us to lose existing licenses that we need to operate or prevent or delay us from obtaining additional licenses that may be required for our business.

We use public cloud hosting with AWS and depend on AWS’ ability to protect their data centers against damage or interruption from natural disasters, power or telecommunications failures, criminal acts, and similar events. Our operations depend on protecting the cloud infrastructure hosted by AWS by maintaining the configuration, architecture, and interconnection specifications, as well as the information stored in these virtual data centers and transmitted by third-party internet service providers. In limited occasions, we have experienced service disruptions in the past, and may experience interruptions or delays in our solutions in the future. We may also incur significant costs for using alternative equipment or taking other actions in preparation for, or in reaction to, events that damage the data storage services we use. Although we have disaster recovery plans that utilize various data storage locations, any incident affecting our data storage or internet service providers’ infrastructure that may be caused by fire, flood, severe storm, earthquake, power loss, telecommunications failures, unauthorized intrusion, computer viruses and disabling devices, natural disasters, war or other military conflict, including an escalation of the conflict between Russia and Ukraine, terrorist attacks, negligence, and other similar events beyond our control could negatively affect our solutions. Any prolonged service disruption affecting our solutions could damage our reputation with current and potential clients, expose us to liability, cause us to lose clients, or otherwise harm our business. In the event of damage or interruption to our solutions, our insurance policies may not adequately compensate us for any losses that we may incur. System failures or outages, including any potential disruptions due to significantly increased global demand on certain cloud-based systems during the COVID-19 pandemic, could compromise our ability to provide our solutions in a timely manner, which could harm our ability to conduct business or delay our financial reporting. Such failures could adversely affect our operating results and financial condition.

Our solutions are accessed by many of our clients and their customers, often at the same time. As we continue to expand the number of clients that we serve and solutions that we are able to offer to our clients and their customers, we may not be able to scale our technology to accommodate the increased capacity requirements, which may result in interruptions or delays in service. In addition, the failure of data centers, internet service providers, or other third-party service providers to meet our capacity requirements could result in interruptions or delays in access to our solutions or impede our ability to grow our business and scale our operations. If our third-party infrastructure service agreements are terminated, or there is a lapse of service, interruption of internet service provider connectivity, or damage to data centers, we could experience interruptions in access to our solutions as well as delays and additional expense in arranging new facilities and services.

We also rely on components, applications, and services supplied by third parties, including payment service providers and merchant acquirer partners which subjects us to risks. If these third parties experience operational interference or disruptions, breach their agreements with us, fail to perform their obligations and meet our expectations, or experience a cybersecurity incident, our operations could be disrupted or otherwise negatively affected, which could result in client dissatisfaction, regulatory scrutiny, and damage to our reputation and brand, and materially and adversely affect our business.

In addition, we are continually improving and upgrading our systems and technologies. Implementation of new systems and technologies is complex, expensive, and time-consuming. If we fail to timely and successfully implement new systems and technologies, or improvements or upgrades to existing information systems and technologies, or if such

48

systems and technologies do not operate as intended, this could have an adverse impact on our business, internal controls (including internal controls over financial reporting), results of operations, and financial condition.

Risks Related to Our Legal, Regulatory and Compliance Landscape

We currently handle cross-border and domestic payments and plan to expand our solutions to new clients, to accept and settle payments in new countries and in new currencies, and to increase our global network to allow us to offer local and alternative payment methods, creating a variety of operational challenges; additionally, our domestic and international operations subject us to increased risks, which could harm our business.

Our business is subject to risks inherent in conducting business globally, including cross-border payments and domestic payments in the United States and certain other markets. Our handling of domestic and cross-border payments to our clients generates a significant portion of our revenues, with a substantial portion of such revenues coming from payments processed from Asia (including India, China and Korea). We expect that international revenues will continue to account for a significant percentage of total net revenues for the foreseeable future, and that in particular, the proportion of our revenue from Asia will continue to increase. Current events, including the possibility of renegotiated trade deals and international tax law treaties, and the recent escalation of the conflict between Russia and Ukraine, create a level of uncertainty, and potentially increased complexity, for multinational companies. These uncertainties could have a material adverse effect on our business and our results of operations and financial condition. In addition, international operations are subject to various risks which could have a material adverse effect on those operations or our business as a whole, including:

49

Foreign operations may also expose us to political, social, regulatory and economic uncertainties affecting a country or region, or to political hostility to investments by foreign or private equity investors. Many financial markets are not as developed or as efficient as those in the United States, and as a result, liquidity may be reduced and price volatility may be higher in those markets than in more developed markets. The legal and regulatory environment may also be different, particularly with respect to bankruptcy and reorganization, and may afford us less protection as a creditor than we may be entitled to under U.S. law. Financial accounting standards and practices may differ, and there may be less publicly available information in respect of such companies.

Restrictions imposed or actions taken by foreign governments could include exchange controls, seizure or nationalization of foreign deposits and adoption of other governmental restrictions which adversely affect the prices of securities or the ability to repatriate profits. For instance, we process a substantial amount of payments from China. The Chinese government imposes controls on the convertibility of the Renminbi the currency of China, into foreign currencies and, in certain cases, the remittance of currency out of China. The Chinese government may at its discretion further restrict access in the future to foreign currencies for current account transactions. In addition, income received by us from sources in some countries may be reduced by withholding and other taxes. Any such taxes paid by us will reduce the net income or return from such investments. While we will take these factors into consideration in making investment decisions, including when hedging positions, no assurance can be given that we will be able to fully avoid these risks or generate sufficient risk-adjusted returns.

Violations of the complex foreign and U.S. laws, rules and regulations that apply to our cross-border operations may result in fines, criminal actions, or sanctions against us, our officers, or FlyMates; prohibitions on the conduct of our business; and damage to our reputation. Although we have implemented policies and procedures designed to promote compliance with these laws, there can be no assurance that our FlyMates, contractors, or agents will not violate our policies. These risks are inherent in our cross-border operations and expansion, may increase our costs of doing business internationally, and could harm our business.

Payments and other financial services-related regulations and oversight are material to our business. Our failure to comply could materially harm our business.

The local, state, and federal laws, rules, regulations, licensing schemes, and industry standards in the United States and other jurisdictions in which we operate that govern our business include, or may in the future include, those relating to consumer finance and consumer protection, cross-border and domestic money transmission, foreign exchange, payments services (such as money transmission, payment processing, and settlement services), AML and CFT, escheatment, international sanctions regimes, and compliance with the PCI DSS. These laws, rules, regulations, licensing schemes, and standards are enforced by multiple authorities and governing bodies in the United States, including the Department of the Treasury, the Federal Deposit Insurance Corporation, the SEC, CFPB, the Federal Trade Commission, self-regulatory organizations, and numerous state and local regulators and law enforcement agencies. Our clients also have their own regulatory obligations, and they expect our solutions to comply with the regulatory requirements that are applicable to their businesses. For additional discussion about the regulatory environment that we and our clients operate in, please see “Business–Regulation and Industry Standards”. As we expand into new jurisdictions, the number of foreign laws, rules, regulations, licensing schemes, and standards governing our business will expand as well. In addition, as our business and solutions continue to develop and expand, we may become subject to additional laws, rules, regulations, licensing schemes, and standards. We may not always be able to accurately predict the scope or applicability of certain laws, rules, regulations, licensing schemes, or standards to our business, particularly as we expand into new areas of operations, which could have a significant negative effect on our existing business and our ability to pursue future plans.

50

Certain of our subsidiaries are registered with FinCEN. Our subsidiary Flywire Global Corp. has obtained licenses to operate as a money transmitter (or the statutory equivalent) in 41 U.S. jurisdictions, and is in the process of applying for a license in, to the best of our knowledge, all U.S. states and territories where such licensure or registration is required in order to be able to offer additional business lines in the future. As a licensed money transmitter, we are (and in the states where we are awaiting licensure, will be) subject to obligations and restrictions with respect to the investment of client funds, reporting requirements, bonding requirements, minimum capital requirements, and inspection by state regulatory agencies concerning various aspects of our business. Evaluation of our compliance efforts, as well as the questions of whether and to what extent our solutions are considered money transmission, are matters of regulatory interpretation and could change over time. In addition, there are substantial costs involved in maintaining and renewing our licenses, certifications, and approvals, and we could be subject to fines or other enforcement action if we are found to violate disclosure, reporting, AML, CFT, capitalization, corporate governance, or other requirements of such licenses.

If we fail to predict how a U.S. law or regulation or a law or regulation from another jurisdiction in which we operate will be applied to us, we could be subject to additional licensure requirements and/or administrative enforcement actions. This could also require changes to the manner in which we conduct some aspects of our business or potential product changes, and require us to pay fines, penalties, or compensation to clients for past non-compliance. At the federal level, we are registered as a MSB with FinCEN. For additional discussion of the requirements of our MSB registration, please see “Business – Regulation and Industry Standards.” At the state level, we rely on various exemptions from state money transmitter licensing requirements, and regulators may find that we have violated applicable laws or regulations because we are not licensed or registered as a money transmitter in all of the U.S. jurisdictions we service. We believe, based on our business model, that we have valid exemptions from licensure under various state money transmission laws, either expressly as a payment processor or agent of the payee, or pursuant to common law as an agent of the payee. While we believe we have defensible arguments in support of our positions under the state money transmission statutes, we have not expressly obtained confirmation of such positions from the state banking departments who administer the state money transmission statutes. It is possible that certain state banking departments may determine that our activities are not exempt. Any determination that we are in fact required to be licensed under the money transmission statute of a state where we are not yet licensed may require substantial expenditures of time and money to remediate and could lead to liability in the nature of penalties or fines, costs, legal fees, reputational damage or other negative consequences. We could be required to cease operations in some or all of the U.S. jurisdictions we service and where we are not yet licensed, which determination would have a materially adverse effect on our business, including our financial condition, operating results, and reputation. In the past, certain competitors have been found to violate laws and regulations related to money transmission, and they have been subject to fines and other penalties by regulatory authorities.

The adoption of new money transmitter or MSB statutes in jurisdictions or changes in regulators’ interpretation of existing state and federal money transmitter or MSB statutes or regulations could subject us to new registration or licensing requirements. There can be no assurance that we will be able to obtain or maintain any such licenses in all of the jurisdictions we service, and, even if we were able to do so, there could be substantial costs and potential product changes involved in maintaining such licenses, which could have a material and adverse effect on our business. These factors could impose substantial additional costs, involve considerable delay to the development or provision of our solutions, require significant and costly operational changes, or prevent us from providing our solutions in any given market.

The regulatory environment in which we operate is subject to constant change, and new regulations could make aspects of our business as currently conducted no longer possible.

In the future, as a result of the regulations applicable to our business, we could be subject to investigations and resulting liability, including governmental fines, restrictions on our business, or other sanctions, and we could be forced to cease conducting certain aspects of our business with residents of certain jurisdictions, be forced to change our business practices in certain jurisdictions, or be required to obtain additional licenses or regulatory approvals. For example, because a majority of voters in the U.K. approved an exit from the E.U. (commonly referred to as Brexit), we were required to obtain a license from a member state of the EEA which would allow us to continue to provide our solutions to clients located in the EEA under a principle known as “passporting”. We were able to obtain a license as an authorized payment institution from the Bank of Lithuania in September 2019 and subsequently obtained the right to passport our solutions to other EEA member states.

Government agencies may impose new or additional rules on money transmission, including regulations that:

51

We are subject to governmental laws and requirements regarding economic and trade sanctions, AML and CFT that could impair our ability to compete in international markets or subject us to criminal or civil liability if we violate them.

We are currently required to comply with U.S. economic and trade sanctions administered by OFAC and we have processes in place to comply with the OFAC regulations as well as similar requirements in the foreign jurisdictions in which we already operate. As part of our compliance efforts, we scan our clients against watch lists promulgated by OFAC and certain other international agencies. Our application can be accessed from anywhere in the world, and if our service is accessed from a sanctioned country in violation of applicable trade and economic sanctions, we could be subject to fines or other enforcement actions. We are also subject to various AML and CFT laws and regulations around the world that prohibit, among other things, our involvement in transferring the proceeds of criminal or terrorist activities. In the United States, most of our solutions are subject to AML laws and regulations, including the BSA, and similar laws and regulations. The BSA, among other things, requires MSBs to develop and implement risk-based AML programs, to report large cash transactions and suspicious activity, and in some cases, to collect and maintain information about clients who use their services and maintain other transaction records. Regulators and third-party auditors have identified gaps in how similar businesses have implemented AML programs, and we could likewise be subject to significant fines, penalties, inquiries, audits, investigations, enforcement actions, and criminal and civil liability if our AML program is found to be insufficient by a regulator.

Our business operations in other parts of the world such as the U.K., Lithuania, Australia and Singapore are subject to similar laws and requirements. Regulators in the United States and globally continue to increase their scrutiny of compliance with these obligations, which may require us to further revise or expand our compliance program, including the procedures we use to verify the identity of our clients and to monitor transactions on our system, including payments to persons outside of the United States. Regulators regularly re-examine the transaction volume thresholds at which we must obtain and keep applicable records or verify identities of clients, and any change in such thresholds could result in greater costs for compliance. Similarly, as a condition to doing business with us, our banking and other strategic partners also impose ongoing obligations on us related to AML and CFT and sanctions screening. Any failure on our part to maintain the necessary processes and policies to comply with these regulations and requirements, or to adapt our processes and policies to changes in laws, would subject us to penalties, fines, or loss of key relationships which would have a material adverse effect on our business and results of operations. Furthermore, government sanctions imposed with respect to Russia's invasion of Ukraine in February and March 2022 are impacting our ability to offer our services in the region, and additional sanctions could be imposed in the future. Further instability or tension in Russia, Ukraine, and the surrounding region could also cause us to adjust our operating model, which would increase our costs of operations.

52

Any actual or perceived failure to comply with governmental regulation and other legal obligations, particularly those related to privacy, data protection, and information security, could harm our business. Compliance with such laws could also result in additional costs and liabilities to us or inhibit sales of our solutions.

Our clients and their customers store personal and business information, financial information and other sensitive information through our solutions. In addition, we collect, store, and process personal and business information and other data from and about actual and prospective clients, their customers, our FlyMates and our service providers and other business partners, as well as their personnel. Our handling of data is subject to a variety of laws and regulations, including regulation by various government agencies, such as the U.S. Federal Trade Commission (FTC), and various state, local, and foreign agencies. Our data handling is also subject to contractual obligations and industry standards.

The U.S. federal and various state and foreign governments have adopted or proposed limitations on the collection, distribution, use, and storage of data relating to individuals and businesses, including the use of contact information and other data for marketing, advertising, and other communications with individuals and businesses. In the United States, various laws and regulations apply to the collection, processing, disclosure, and security of certain types of data, including the Electronic Communications Privacy Act, the Computer Fraud and Abuse Act, the Gramm Leach Bliley Act, FERPA, HIPAA, and the now in question E.U.-U.S. and Swiss—U.S. Privacy Shield protections, as well as state laws relating to privacy and data security. Additionally, the FTC and many state attorneys general are interpreting federal and state consumer protection laws as imposing standards for the online collection, use, dissemination, and security of data. For example, California enacted the CCPA, which took effect on January 1, 2020 and became enforceable by the California Attorney General on July 1, 2020, and broadly defines personal information. The CCPA creates new individual privacy rights for consumers (as that term is broadly defined) and places increased privacy and security obligations on entities handling personal data of consumers or households. The CCPA requires covered companies to provide certain disclosures to California consumers about its data collection, use and sharing practices, provide such consumers with ways to opt-out of certain sales or transfers of personal information, provides for civil penalties for violations, and allows for a new private right of action for data breaches that has resulted in an increase in data breach litigation. It remains unclear, however, how the CCPA will be interpreted. As currently written, it will likely impact our business activities and exemplifies the vulnerability of our business to not only cyber threats but also the evolving regulatory environment related to personal data and protected health information.

Additionally, a new California ballot initiative, the California Privacy Rights Act (CPRA) was passed in November 2020. Effective starting on January 1, 2023, the CPRA imposes additional obligations on companies covered by the legislation and will significantly modify the CCPA, including by expanding consumers’ rights with respect to certain sensitive personal information. The CPRA also creates a new state agency that will be vested with authority to implement and enforce the CCPA and the CPRA. The effects of the CCPA and the CPRA are potentially significant and may require us to modify our data collection or processing practices and policies and to incur substantial costs and expenses in an effort to comply and increase our potential exposure to regulatory enforcement and/or litigation.

The laws and regulations relating to privacy and data security are evolving, can be subject to significant change, and may result in ever-increasing regulatory and public scrutiny and escalating levels of enforcement and sanctions. The CCPA, in particular, has prompted a number of proposals for new federal and state-level privacy legislation, which could increase our potential liability and adversely affect our business. Virginia became the second state after California to enact a broad privacy law with the passage of the Virginia Consumer Data Protection Act (CDPA) on March 2, 2021. The CDPA contains several new requirements for covered companies that may add operational challenges, including a greater emphasis on transparency, broader affirmative consent or opt-in requirements to process sensitive personal data, broader opt-out rights and data protection assessment requirements for certain sales of personal data as well as targeted advertising and profiling, and an appeal process for denials of consumer rights requests. The law will take effect January 1, 2023, the same day as the CPRA. Colorado became the third state with the passage of the Colorado Privacy Act (CPA) on July 8, 2021. Like the CDPA, the CPA provides consumers the right to opt out of processing for sales of personal data, targeted advertising, and profiling, provides the right to appeal a business’ denial to take action, among other new consumer rights, requires data protection assessments for certain processing activities, and, unlike the CDPA, grants the Attorney General rulemaking powers. The law will take effect on July 1, 2023. Unlike in California, neither law provides for a private right of action. We anticipate that more states may enact legislation similar to the CCPA, which provides consumers with new privacy rights and increases the privacy and security obligations of entities handling certain personal information of such consumers. For example, the Utah state legislature passed the Utah Consumer Privacy Act in March 2022. The Utah legislation most closely mirrors Virginia’s CDPA, and if signed the law will go into effect on December 31, 2023. Such proposed legislation, if enacted, may add additional complexity, variation in requirements, restrictions and potential legal risk, require additional investment of resources in compliance programs, impact strategies and the availability of previously useful data and could result in increased compliance costs and/or changes in business practices and policies.

53

Many of the foreign jurisdictions where we or our clients operate or conduct business, including the E.U., have laws and regulations dealing with the collection, use, storage, and disclosure and other handling (collectively, processing) of personal information, which in some cases are more restrictive than those in the U.S. In addition to regulating the processing of personal information within the relevant jurisdictions, these legal requirements often also apply to the processing of personal information outside these jurisdictions, where there is some specified link to the relevant jurisdiction. For example, we have multiple offices in Europe and serves clients and their customers throughout the E.U., where the GDPR went into effect in 2018. The GDPR, which is also the law in Iceland, Norway, Liechtenstein, and—to a large degree—the U.K., has an extensive global reach and imposes robust obligations relating to the processing of personal information, including documentation requirements, greater control for data subjects (e.g., the “right to be forgotten” and data portability), security requirements, notice requirements, restrictions on sharing personal information, data governance obligations, data breach notification requirements, and restrictions on the export of personal information to most other countries. The solutions that we currently offer subject us to many of these laws and regulations in many of the foreign jurisdictions where we operate or conduct business, and these laws and regulations may be modified or subject to new or different interpretations, and new laws and regulations may be enacted in the future.

Recent legal developments have created compliance uncertainty regarding some transfers of personal information from the U.K. and EEA to locations where we or our clients operate or conduct business, including the United States and potentially Singapore, particularly with respect to cross-border transfers. Under the GDPR, such transfers can take place only if certain conditions apply or if certain data transfer mechanisms are in place. In July 2020, the Court of Justice of the E.U. ruled in its “Schrems II” decision (C-311/18), that the Privacy Shield, a transfer mechanism used by thousands of companies to transfer data between those jurisdictions and United States (and also used by us), was invalid and could no longer be used due to the strength of United States surveillance laws. In September 2020, the Federal Data Protection and Information Commissioner of Switzerland (where the law has a similar restriction on the export of personal information) issued an opinion concluding that the Swiss-U.S. Privacy Shield Framework does not provide an adequate level of protection for data transfers from Switzerland to the United States pursuant to Switzerland’s Federal Act on Data Protection. We and our clients continue to use alternative transfer strategies, including SCCs, while the authorities interpret the Schrems II decision and the validity of alternative data transfer mechanisms. The SCCs, though previously approved by the European Commission, have faced challenges in European courts (including being called into question in the Schrems II decision), and may be further challenged, suspended or invalidated for transfers to some or all countries. For example, guidance regarding Schrems II issued by the European Data Protection Board (which is comprised of representatives from every E.U. member state’s top data protection authority) have cast serious doubt on the validity of SCCs for most transfers of personal information to the United States. At present, there are few if any viable alternatives to the Privacy Shield and the SCCs, so such developments may necessitate further expenditures on local infrastructure, changes to internal business processes, changes to clients and clients' customer facing solutions, or may otherwise affect or restrict our sales and operations.

On June 4, 2021, the European Commission released the final Implementing Decision on SCCs (New SCCs) for the transfer of personal data from the E.U. to “third countries” such as the US. The New SCCs will repeal and replace the existing SCCs (dating from 2001, 2004 and 2010) and address the entry into force of the GDPR) and the July 2020 decision of the CJEU in Schrems II, which invalidated the E.U.-U.S. Privacy Shield. The New SCCs broadly follow the draft implementing decision on standard contractual clauses (Draft SCCs) issued by the European Commission on November 12, 2020, but there are some material differences. The Draft SCCs’ significant and extensive new requirements for data importers that act as controllers (for example, obligations to give notice to data subjects and to notify personal data breaches to EU authorities) remain, but have been aligned more closely with the GDPR requirements. While the New SCCs are not immediately in force, compliance with them will be required for new transfer agreements entered into from late September 2021. SCCs currently in effect must be replaced with the New SCCs by late December 2022.

E.U. data protection authorities have the power to impose administrative fines for violations of the GDPR of up to a maximum of €20 million or 4% of a corporate family’s total worldwide global turnover for the preceding fiscal year, whichever is higher. Such penalties are in addition to any civil litigation claims by clients, data subjects or other third parties. We believe that the solutions that we currently offer subject us to the GDPR and other laws and regulations relating to privacy, data protection, and information security, and these may be modified or subject to new or different interpretations in the future. We will need to take steps to address compliance obligations in this rapidly evolving legal environment, but we cannot assure you that we will be able to implement changes in a timely manner or without significant disruption to our business, or that such steps will be effective, and we may face the risk of liability and loss of business.

In addition, further to the U.K. exit from the E.U. on January 31, 2020, the GDPR ceased to apply in the U.K. at the end of the transition period on December 31, 2020. However, as of January 1, 2021, the U.K.’s European Union (Withdrawal) Act 2018 incorporated the GDPR (as it existed on December 31, 2020 but subject to certain U.K. specific

54

amendments) into U.K. law (referred to as the U.K. GDPR). The U.K. GDPR and the U.K. Data Protection Act 2018 set out the U.K.’s data protection regime, which is independent from but aligned to the E.U.’s data protection regime. Non-compliance with the U.K. GDPR may result in monetary penalties of up to £17.5 million or 4% of worldwide revenue, whichever is higher. Like the GDPR, the U.K. GDPR restricts personal data transfers outside the U.K. to countries not regarded by the U.K. as providing adequate protection (this means that personal data transfers from the U.K. to the EEA remain free flowing).

On June 28, 2021, the European Commission adopted an adequacy decision under the GDPR, thereby recognizing that the U.K.’s data protection system continues to provide the same protections with respect to personal data as when it was an EU member state, and enabling the continued exchange of personal data between the E.U. and the U.K. The adequacy decision facilitates the implementation of the E.U.-U.K. Trade Cooperation Agreement, which foresaw the need for bilateral data flow and continued cooperation. The adequacy decision does, however, include a ‘sunset clause’, limiting its duration to four years, at which point the European Commission will need to once again review the safeguards in place in the U.K.’s post-Brexit legal system and decide if the adequacy decision may be renewed.

This lack of clarity on future U.K. laws and regulations and their interaction with E.U. laws and regulations could add legal risk, uncertainty, complexity and cost to our handling of E.U. personal information and our privacy and data security compliance programs. It is possible that over time the U.K. Data Protection Act 2018 could become less aligned with the GDPR, which could require us to implement different compliance measures for the U.K. and the E.U. and result in potentially enhanced compliance obligations for E.U. personal data.

In Asia, there has been an increase in both regulation and enforcement of privacy laws. The Act on Protection of Personal Information originally enacted in June 2020 by the Japanese government, was amended and will come into effect on April 1, 2022 (Amended APPI). Since the passage of the Amended APPI, a number of implementing regulations and supporting documents have been released, addressing the requirements for transferring personal data outside Japan, notifying security breaches and creating pseudonymous information exempt from certain obligations under the Amended APPI. We have taken steps to address compliance obligations that apply to us under the Amended APPI, but cannot assure you that such steps will be effective, and we may face the risk of increased costs, liability and loss of business.

The People’s Republic of China (home to the most online users in the world), is one of the latest countries to pass a new omnibus privacy law. China passed its new Data Security Law (DSL) in June 2021 and its new Personal Information Protection Law (PIPL) in August 2021. The DSL applies to a wide range of data processing activities including, but not limited to, processing personal information. With extraterritorial scope and severe fines and penalties, these laws are set to impose an increasingly complex and comprehensive legal framework for processing personal information when doing business in China. The PIPL is enforced and administered by the Cyberspace Administration of China and relevant state and local government departments. The law draws from the GDPR, with heavy penalties up to the greater of 5% of the previous year’s revenue (possibly global) or $7.7 million.

We have taken steps to address compliance obligations that apply to us under the Amended APPI, the DSL and PIPL but cannot assure you that such steps will be effective, and we may face the risk of increased costs, liability and loss of business.

In addition to government regulation, privacy advocates and industry groups may propose new and different self-regulatory standards that, if adopted, may apply to us, or which clients or clients' customers may require us to adopt. Because the interpretation and application of privacy and data protection laws, regulations, rules, and other standards are still uncertain, it is possible that these laws, rules, regulations, and other actual or alleged legal obligations, such as contractual or self-regulatory obligations, may be interpreted and applied in a manner that is inconsistent with our existing data management practices or the functionality of our solutions. If so, in addition to the possibility of fines, lawsuits and other claims, we could be required to fundamentally change our business activities and practices or modify our software, which could have an adverse effect on our business. Any failure or perceived failure by us to comply with laws, regulations, policies, legal, or contractual obligations, industry standards, or regulatory guidance relating to privacy or data security, may result in governmental investigations and enforcement actions, litigation, fines and penalties, or adverse publicity, and could cause our clients and partners to lose trust in us, which could have an adverse effect on our reputation and business. We expect that there will continue to be new proposed laws, regulations, and industry standards relating to privacy, data protection, marketing, consumer communications, and information security, and we cannot determine the impact such future laws, regulations, and standards may have on our business. Future laws, regulations, standards, and other obligations or any changed interpretation of existing laws or regulations could impair our ability to develop and market new functionality and maintain and grow our client base and increase revenue. Future restrictions on the collection, use, sharing, or disclosure of data, or additional requirements for express or implied consent of our clients,

55

partners, or end users for the use and disclosure of such information could require us to incur additional costs or modify our solutions, possibly in a material manner, and could limit our ability to develop new functionality.

If we are not able to comply with these laws or regulations, or if we become liable under these laws or regulations, we could be directly harmed, and we may be forced to implement new measures to reduce our exposure to this liability. This may require us to expend substantial resources or to discontinue certain solutions, which would negatively affect our business, financial condition, and operating results. In addition, the increased attention focused upon liability issues as a result of lawsuits and legislative proposals could harm our reputation or otherwise adversely affect the growth of our business. Furthermore, any costs incurred as a result of this potential liability could harm our operating results.

We are subject to anti-corruption, anti-bribery, and similar laws, and non-compliance with such laws can subject us to criminal or civil liability and harm our business.

We are subject to the FCPA, the U.K. Bribery Act, U.S. domestic bribery laws, and other anti-corruption laws. Anti-corruption and anti-bribery laws have been enforced aggressively in recent years and are interpreted broadly to generally prohibit companies, their employees, and their third-party intermediaries from authorizing, offering, or providing, directly or indirectly, improper payments or benefits to recipients in the public sector. These laws also require that we keep accurate books and records and maintain internal controls and compliance procedures designed to prevent any such actions. We maintain operations and serve clients in several countries around the world. Although we do not target government entities as clients, some of our clients may receive funding or other support from local, state, provincial or national governments. As we maintain and seek to increase our international cross-border business and expand operations abroad, we may engage with business partners and third-party intermediaries to market our services and to obtain necessary permits, licenses, and other regulatory approvals. In addition, we or our third-party intermediaries may have direct or indirect interactions with officials and employees of government agencies or state-owned or affiliated entities. We can be held liable for the corrupt or other illegal activities of these third-party intermediaries, our FlyMates, representatives, contractors, partners, and agents, even if we do not explicitly authorize such activities.

While we maintain policies and training programs for our FlyMates related to anti-corruption, anti-bribery and gift giving, and include representations regarding legal compliance in our contracts with vendors and strategic partners, there can be no assurances that these policies, training programs or contractual provisions will be observed or enforceable. We cannot assure you that all of our FlyMates and agents will not take actions in violation of our policies and applicable law, for which we may be ultimately held responsible. As we increase our international business, our risks under these laws may increase.

Detecting, investigating, and resolving actual or alleged violations of anti-corruption laws can require a significant diversion of time, resources, and attention from senior management. In addition, noncompliance with anti-corruption or anti-bribery laws could subject us to whistleblower complaints, investigations, sanctions, settlements, prosecution, enforcement actions, fines, damages, other civil or criminal penalties, injunctions, suspension or debarment from contracting with certain persons, reputational harm, adverse media coverage, and other collateral consequences. If any subpoenas are received or investigations are launched, or governmental or other sanctions are imposed, or if we do not prevail in any possible civil or criminal proceeding, our business, operating results, and financial condition could be materially harmed. In addition, responding to any action will likely result in a materially significant diversion of management’s attention and resources and significant defense costs and other professional fees.

In February 2022, following Russia’s invasion of Ukraine, the United States and other countries announced sanctions against Russia. The sanctions announced by the United States and other countries against Russia to date include restrictions on selling or importing goods, services or technology in or from affected regions, travel bans and asset freezes impacting connected individuals and political, military, business and financial organizations in Russia, severing Russia’s largest bank from the U.S. financial system, barring some Russian enterprises from raising money in the U.S. market and blocking the access of Russian banks to financial markets. The United States and other countries could impose wider sanctions and take other actions should the conflict further escalate. While it is difficult to anticipate the impact the sanctions announced to date may have on us, any further sanctions imposed or actions taken by the United States or other countries, and any retaliatory measures by Russia in response, could increase our costs, reduce our sales and earnings or otherwise have an adverse effect on our operations.

New or revised tax regulations, unfavorable resolution of tax contingencies or changes to enacted tax rates could adversely affect our tax expense.

Changes in tax laws or their interpretations could result in changes to enacted tax rates and may require complex computations to be performed that were not previously required, significant judgments to be made in interpretation of the new or revised tax regulations and significant estimates in calculations, as well as the preparation and analysis of

56

information not previously relevant or regularly produced. Future changes in enacted tax rates could negatively affect our results of operations.

The vast majority of states have considered or adopted laws that impose tax collection obligations on out-of-state companies. States where we have nexus may require us to calculate, collect, and remit taxes on sales in their jurisdiction. Additionally, the Supreme Court of the United States recently ruled in South Dakota v. Wayfair, Inc. et al (Wayfair) that online sellers can be required to collect sales and use tax despite not having a physical presence in the buyer’s state. In response to Wayfair, or otherwise, states or local governments may enforce laws requiring us to calculate, collect, and remit taxes on sales in their jurisdictions. We may be obligated to collect and remit sales and use tax in states in which we have not collected and remitted sales and use tax. A successful assertion by one or more states requiring us to collect taxes where we historically have not or presently do not do so could result in substantial tax liabilities, including taxes on past sales, as well as penalties and interest. The imposition by state governments or local governments of sales tax collection obligations on out-of-state sellers could also create additional administrative burdens for us, put us at a perceived competitive disadvantage if they do not impose similar obligations on our competitors, and decrease our future sales, which could adversely affect our business and operating results.

Relevant foreign taxing authorities may disagree with our determinations as to the income and expenses attributable to specific jurisdictions. If disagreements with relevant taxing authorities on other unknown matters were to occur, and our position was not sustained, we could be required to pay additional taxes, interest and penalties, which could result in one-time tax charges, higher effective tax rates, reduced cash flows and lower overall profitability of our operations.

Our tax returns and positions are subject to review and audit by federal, state, local and international taxing authorities. An unfavorable outcome to a tax audit could result in higher tax expense, thereby negatively affecting our results of operations and cash flows. We have recognized estimated liabilities on the balance sheet for material known tax exposures relating to deductions, transactions and other matters involving some uncertainty as to the proper tax treatment of the item. These liabilities reflect what we believe to be reasonable assumptions as to the likely final resolution of each issue if raised by a taxing authority. While we believe that the liabilities are adequate to cover reasonably expected tax risks, there can be no assurance that, in all instances, an issue raised by a tax authority will be finally resolved at a financial amount no more than any related liability. An unfavorable resolution, therefore, could negatively affect our financial position, results of operations and cash flows in the current and/or future periods.

If we fail to adequately protect our proprietary rights, our competitive position could be impaired and we may lose valuable assets, generate less revenue and incur costly litigation to protect our rights.

Our success is dependent, in part, upon protecting our proprietary technology. We rely on a combination of copyrights, trademarks, service marks, trade secret laws, the domain name dispute resolution mechanism, confidentiality procedures, and contractual provisions to establish and protect our proprietary rights. However, effective protection of intellectual property rights is expensive, both in terms of application and maintenance costs, as well as the costs of defending and enforcing those rights, and the steps we take to protect our intellectual property may be inadequate. We do not have patents covering any of our technology and do not actively pursue patents. Any of our trademarks, or other intellectual property rights may be challenged or circumvented by others, or narrowed or invalidated through administrative process or litigation. There can be no guarantee that others will not independently develop similar solutions or duplicate any of our solutions. Furthermore, legal standards relating to the validity, enforceability, and scope of protection of intellectual property rights are uncertain. Despite our precautions, it may be possible for unauthorized third parties to copy our solutions and use information that we regard as proprietary to create solutions that compete with ours.

We pursue registration of copyrights, trademarks, and domain names in the United States and in certain jurisdictions outside of the United States, but doing so may not always be successful or cost-effective. We may be unable or, in some instances, choose not to obtain legal protection for our intellectual property, and our existing and future intellectual property rights may not provide us with competitive advantages or distinguish our solutions from those of our competitors. The laws of some foreign countries may not protect our intellectual property rights to the same extent as the laws of the United States, and effective intellectual property protection and mechanisms may be uncertain or unavailable in those jurisdictions. We may need to expend additional resources to defend our intellectual property in such countries, and the inability to do so could impair our business or adversely affect our international expansion. Particularly given the international nature of the Internet, the rate of growth of the Internet, and the ease of registering new domain names, we may not be able to detect unauthorized use of our intellectual property or take prompt enforcement action.

We endeavor to enter into agreements with our employees, consultants and contractors and with parties with whom we do business in order to acquire intellectual property rights developed as a result of service to us, as well as to limit access to and disclosure of our proprietary information. No assurance can be given that our intellectual property related agreements with our employees, consultants, contractors clients, their customers, or strategic partners and others will be

57

effective in controlling access to and distribution of our solutions and proprietary information, potentially resulting in the unauthorized use or disclosure of our trade secrets and other intellectual property, including to our competitors, which could cause us to lose any competitive advantage resulting from this intellectual property. Further, these agreements do not prevent our competitors or partners from independently developing technologies that are substantially equivalent or superior to our solutions. In addition, individuals not subject to invention assignment agreements may make adverse ownership claims to our current and future intellectual property.

To protect our intellectual property rights, we may be required to spend significant resources to monitor, protect and defend these rights. Litigation may be necessary in the future to enforce our intellectual property rights and to protect our trade secrets. Such litigation could be costly, time consuming, and distracting to management and could result in the impairment or loss of portions of our intellectual property. Furthermore, our efforts to enforce our intellectual property rights may be met with defenses, counterclaims, and countersuits attacking the validity and enforceability of our intellectual property rights. Our inability to protect our proprietary technology against unauthorized copying or use, as well as any costly litigation or diversion of our management’s attention and resources, could delay further sales or the implementation of our solutions, impair the functionality of our solutions, delay introductions of new features, integrations, and capabilities, result in our substituting inferior or more costly technologies into our solutions, or injure our reputation. In addition, we may be required to license additional technology from third parties to develop and market new features, integrations, and capabilities, and we cannot be certain that we could license that technology on commercially reasonable terms or at all, and our inability to license this technology could harm our ability to compete.

We may in the future be subject to intellectual property disputes, which are costly and may subject us to significant liability and increased costs of doing business.

We may in the future become subject to intellectual property disputes. Lawsuits are time-consuming and expensive to resolve and they divert management’s time and attention. We cannot predict the outcome of lawsuits and cannot assure you that the results of any such actions will not have an adverse effect on our business, operating results, or financial condition. During litigation, we may become subject to provisional rulings, including preliminary injunctions requiring us to cease some or all of our operations. We may decide to settle legal disputes on terms that are unfavorable to us. Furthermore, such disputes, even those without merit, may subject us to an unfavorable judgment that we may not choose to appeal or that may not be reversed upon appeal. In such a situation, we could be required to pay substantial damages or license fees to third party patent owners. In addition, we may also be required to modify, redesign, reengineer, or rebrand our solutions, or stop making, licensing, or providing solutions that incorporate the asserted intellectual property. Alternatively, we may enter into a license agreement to continue practices found to be in violation of a third party’s rights. If we are required, or choose to enter into, royalty or licensing arrangements, such arrangements may not be available on reasonable terms or at all. In addition, we may also be contractually obligated to indemnify our clients in the event of infringement of a third party’s intellectual property rights.

Our use of “open source” software could negatively affect our ability to offer and sell access to our solutions and subject us to possible litigation.

We use open source software in our solutions and expect to continue to use open source software in the future. There are uncertainties regarding the proper interpretation of and compliance with open source licenses, and there is a risk that such licenses could be construed in a manner that imposes unanticipated conditions or restrictions on our ability to use such open source software, and consequently to provide or distribute our solutions. Although use of open source software has historically been free, recently several open source providers have begun to charge license fees for use of their software. If our current open source providers were to begin to charge for these licenses or increase their license fees significantly, this would increase our research and development costs and have a negative impact on our results of operations and financial condition.

Additionally, we may from time to time face claims from third parties claiming ownership of, or seeking to enforce the terms of, an open source license, including by demanding release of source code for the open source software, derivative works or our proprietary source code that was developed using, or that is distributed with, such open source software. These claims could also result in litigation and could require us to make our proprietary software source code freely available, require us to devote additional research and development resources to change our solutions or incur additional costs and expenses, any of which could result in reputational harm and would have a negative effect on our business and operating results. In addition, if the license terms for the open source software we utilize change, we may be forced to reengineer our solutions or incur additional costs to comply with the changed license terms or to replace the affected open source software. Further, use of certain open source software can lead to greater risks than use of third-party commercial software, as open source licensors generally do not provide warranties or controls on the origin of software or indemnification for third party infringement claims. Although we have implemented policies to regulate the use and

58

incorporation of open source software into our solutions, we cannot be certain that we have not incorporated open source software in our solutions in a manner that is inconsistent with such policies.

Indemnity and liability provisions in various agreements potentially expose us to substantial liability for intellectual property infringement, data protection, and other losses.

Our agreements with some of our technology partners and certain clients include indemnification provisions under which we agree to indemnify them for losses suffered or incurred as a result of claims of intellectual property infringement, data protection, damages caused by us to property or persons, or other liabilities relating to or arising from our solutions or other contractual obligations. Some of these indemnity agreements provide for uncapped liability and some indemnity provisions survive termination or expiration of the applicable agreement. Large indemnity payments could harm our business, operating results, and financial condition. We may incur substantial liability, and we may be required to cease use of certain functions of our solutions, as a result of intellectual property related claims. Any dispute with a client or technology partner with respect to these obligations could have adverse effects on our relationship with that client or technology partner and other existing or new clients or technology partners, and harm our business and operating results. In addition, although we carry insurance, our insurance may not be adequate to indemnify us for all liability that may be imposed, or otherwise protect us from liabilities or damages with respect to claims alleging compromises of client or clients' customer data, and any such coverage may not continue to be available to us on acceptable terms or at all.

The U.K.’s departure from the E.U. could adversely affect us.

The U.K. formally exited the E.U. on January 31, 2020 and a transition period was in place until December 31, 2020 during which time the U.K. remained in both the E.U. customs union and single market and was subject to E.U. rules. There continues to be a significant lack of clarity over the terms of the U.K.’s future relationship with the E.U. in the future.

Brexit could therefore adversely affect U.K., regional (including European), and worldwide economic and market conditions and could contribute to instability in global financial and foreign currency exchange markets, including volatility in the value of the British Pound and Euro, which in turn could adversely affect us or our clients and companies with which we do business, particularly in the U.K. Brexit could lead to greater restrictions on travel between the U.K. and the EEA region, with the potential inability of students to travel or relocate for purposes of seeking foreign educational opportunities. Brexit could also trigger a general deterioration in credit conditions, a downturn in consumer sentiment, and overall negative economic growth. Any of these scenarios could have an adverse effect on our business or our clients.

In addition, Brexit could lead to legal uncertainty and increased complexity for financial services firms as national laws and regulations in the U.K. start to diverge from E.U. laws and regulations. In particular, depending on the terms of Brexit, we may face new regulatory costs and challenges, including the following:

These and other factors related to Brexit could, individually or in the aggregate, have a material adverse impact on our business, financial condition, and results of operations.

Our ability to use our net operating losses to offset future taxable income may be subject to certain limitations.

As of December 31, 2021, we had U.S. federal net operating loss (NOL) carryforwards of approximately $122.1 million and state NOL carryforwards of approximately $164.9 million. The federal and material state NOL carryforwards will begin to expire in 2030 and 2022, respectively. In general, under Sections 382 and 383 of the United States Internal

59

Revenue Code of 1986, as amended (Code), a corporation that undergoes an “ownership change” is subject to limitations on its ability to utilize its pre-change NOLs and other tax attributes such as research tax credits to offset future taxable income. An “ownership change” pursuant to Section 382 of the Code generally occurs if one or more stockholders or groups of stockholders who own at least 5% of the company’s stock increase their ownership by more than 50 percentage points over their lowest ownership percentage within a rolling three-year period. If it is determined that we have in the past experienced an ownership change, or if we undergo one or more ownership changes as a result of our initial public offering (IPO) or future transactions in our stock, then our ability to utilize NOLs and other pre-change tax attributes could be limited by Sections 382 and 383 of the Code. Future changes in our stock ownership, many of which are outside of our control, could result in an ownership change under Sections 382 or 383 of the Code. We are in the process of completing a Section 382 study. Furthermore, our ability to utilize NOLs of companies that we may acquire in the future may be subject to limitations. For these reasons, we may not be able to utilize a material portion of the NOLs, even if we were to achieve profitability.

Under the Tax Cuts and Jobs Act enacted in 2017 (Tax Act) as modified by the Coronavirus Aid, Relief, and Economic Security Act enacted in 2020 (CARES Act), U.S. federal NOL carryforwards generated in taxable periods beginning after December 31, 2017 may be carried forward indefinitely, but the deductibility of such NOL carryforwards in taxable years beginning after December 31, 2020 is limited to 80% of taxable income. In addition, federal NOLs arising in tax years ending after December 31, 2017 can be carried forward indefinitely, but carryback is generally prohibited. NOLs generated in tax years beginning before January 1, 2018 will not be subject to the taxable income limitation, and NOLs generated in tax years ending before January 1, 2018 will continue to have a two-year carryback and twenty-year carryforward period. Deferred tax assets for NOLs will need to be measured at the applicable tax rate in effect when the NOL is expected to be utilized. Similar rules may apply under state tax laws. The changes in the carryforward/carryback periods as well as the new limitation on use of NOLs may significantly impact our valuation allowance assessments for NOLs generated after December 31, 2017.

Risks Related to Being a Public Company

As a public company, we are obligated to develop and maintain proper and effective internal control over financial reporting, and if we fail to develop and maintain an effective system of disclosure controls and internal control over financial reporting, our ability to produce timely and accurate financial statements or comply with applicable laws and regulations could be impaired.

As a public company, we are subject to the reporting requirements of the Securities Exchange Act of 1934, as amended (Exchange Act), the Sarbanes-Oxley Act of 2002 (Sarbanes-Oxley Act), the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (Dodd-Frank), the listing requirements of The Nasdaq Global Select Market (Nasdaq), and other applicable securities rules and regulations. Compliance with these rules and regulations will increase our legal and financial compliance costs, make some activities more difficult, time consuming, or costly, and increase demand on our systems and resources, particularly after we are no longer an emerging growth company. The Exchange Act requires, among other things, that we file annual, quarterly, and current reports with respect to our business and operating results. The Sarbanes-Oxley Act requires, among other things, that we maintain effective disclosure controls and procedures and internal control over financial reporting. It may require significant resources and management oversight to maintain and, if necessary, improve our disclosure controls and procedures and internal control over financial reporting to meet this standard. As a result, management’s attention may be diverted from other business concerns, which could adversely affect our business and operating results. To comply with these requirements, we may need to hire more employees in the future or engage outside consultants, which would increase our costs and expenses.

As a public company, we are required, pursuant to Section 404 of the Sarbanes-Oxley Act (Section 404), to furnish a report by management on, among other things, the effectiveness of our internal control over financial reporting commencing with our Annual Report on Form 10-K for the year ending December 31, 2022. Effective internal control over financial reporting is necessary for us to provide reliable financial reports and, together with adequate disclosure controls and procedures, are designed to prevent fraud. Any failure to implement required new or improved controls, or difficulties encountered in their implementation, could cause us to fail to meet our reporting obligations. Ineffective internal controls could also cause investors to lose confidence in our reported financial information, which could have a negative effect on the trading price of our common stock.

This assessment will need to include disclosure of any material weaknesses identified by our management in our internal control over financial reporting, as well as a statement that our independent registered public accounting firm has issued an opinion on the effectiveness of our internal control over financial reporting, provided that our independent registered public accounting firm will not be required to attest to the effectiveness of our internal control over financial reporting until our first annual report required to be filed with the SEC following the later of the date we are deemed to be

60

an “accelerated filer” or a “large accelerated filer,” each as defined in the Exchange Act, or the date we are no longer an emerging growth company, as defined in the JOBS Act, which could be as early as our annual report on Form 10-K for the year ending December 31, 2022. We expect to incur significant expenses and devote substantial management effort toward ensuring compliance with the auditor attestation requirements of Section 404. Furthermore, if and when we are deemed to be a “large accelerated filer”, we will also have to file a more expansive proxy statement and be subject to shorter filing deadlines, which will require additional time and expense as well.

An independent assessment of the effectiveness of our internal controls could detect problems that our management’s assessment might not. Undetected material weaknesses in our internal controls could lead to financial statement restatements and require us to incur the expense of remediation. We will be required to disclose changes made in our internal control and procedures on a quarterly basis. To comply with the requirements of being a public company, we have undertaken and may need to continue to undertake various actions, such as implementing new internal controls and procedures, hiring risk professionals, accounting and internal audit staff, and engaging outside consultants, which will increase our operating expenses.

We are in the early stages of the costly and challenging process of compiling the system and processing documentation necessary to perform the evaluation needed to comply with Section 404. We may not be able to complete our evaluation, testing, and any required remediation in a timely fashion. During the evaluation and testing process, if we identify material weaknesses in our internal control over financial reporting, we will be unable to assert that our internal control over financial reporting is effective.

If we are unable to assert that our internal control over financial reporting is effective, or if our independent registered public accounting firm is unable to express an opinion on the effectiveness of our internal control, including as a result of a material weakness, we could lose investor confidence in the accuracy and completeness of our financial reports, which could cause the price of our common stock to decline, and we may be subject to investigation or sanctions by the SEC. In addition, if we are unable to continue to meet these requirements, we may not be able to remain listed on Nasdaq.

Increased scrutiny from investors and others regarding our environmental, social, governance, or sustainability responsibilities could result in additional costs or risks and adversely impact our reputation, employee retention, and willingness of partners, clients or our clients’ customers to do business with us.

Investor advocacy groups, certain institutional investors, investment funds, other market participants, stockholders, and consumer groups have focused increasingly on the environmental, social and governance (ESG) or “sustainability” practices of companies. These parties have placed increased importance on the implications of the social cost of their investments. We have convened a cross-functional working group to further enhance our commitment to sustainability and ESG, and recognize the importance of communicating our progress on ESG to our stakeholders. As part of its responsibilities, our ESG working group is assessing opportunities for communicating progress on our priority initiatives. However, if our ESG practices do not meet (or are viewed as not meeting) investor or other industry stakeholder expectations and standards, which continue to evolve, our brand, reputation and employee retention may be negatively impacted, including based on an assessment of our ESG practices. Any sustainability report that we publish or sustainability disclosure we make may include our policies and practices on a variety of social and ethical matters, including corporate governance, community involvement, environmental compliance, employee health and safety practices, cybersecurity and privacy, human capital management, and workforce equity, inclusion and diversity. It is possible that stakeholders may not be satisfied with our ESG practices or the speed of their adoption. We could also incur additional costs and require additional resources to monitor, report, and comply with various ESG practices. Also, our failure, or perceived failure, to meet the standards included in any sustainability disclosure could negatively impact our reputation, employee retention, and the willingness of our partners, clients or our clients’ customers to do business with us.

We will incur increased costs as a result of operating as a public company, and our management will be required to devote substantial time to compliance with our public company responsibilities and corporate governance practices.

As a public company, we will continue to incur significant legal, accounting, and other expenses that we did not incur as a private company, which we expect to further increase after we are no longer an “emerging growth company.” The Sarbanes-Oxley Act, Dodd-Frank, the listing requirements of the Nasdaq, and other applicable securities rules and regulations impose various requirements on public companies. Our management and other personnel devote a substantial amount of time to compliance with these requirements and interacting with public company investors and securities analysts. These new obligations and constituents require significant attention from our management team and could divert their attention away from the day-to-day management of our business, which could harm our business,

61

operating results, and financial condition. Moreover, these rules and regulations will increase our legal and financial compliance costs and will make some activities more time-consuming and costly. We cannot predict or estimate the amount of additional costs we will incur as a public company or the specific timing of such costs.

Risks Related to Ownership of Our Common Stock

The price of our common stock may be volatile or may decline regardless of our operating performance and you may not be able to resell your shares at or above the price you paid for them.

An active or liquid market in our common stock may not be sustainable. The market price of our common stock may fluctuate significantly in response to numerous factors, many of which are beyond our control, including:

In addition, the stock markets have experienced extreme price and volume fluctuations that have affected and continue to affect the market prices of equity securities of many companies.

Concerns over economic recession, the COVID-19 pandemic, interest rate increases and inflation, supply chain delays and disruptions, policy priorities of the U.S. presidential administration, trade wars, unemployment, or prolonged

62

government shutdown may contribute to increased volatility and diminished expectations for the economy and markets. Additionally, concern over geopolitical issues may also contribute to prolonged market volatility and instability. For example, the conflict between Russia and Ukraine could lead to disruption, instability and volatility in global markets and industries. The U.S. government and other governments in jurisdictions have imposed severe economic sanctions and export controls against Russia and Russian interests, have removed Russia from the SWIFT system, and have threatened additional sanctions and controls. The impact of these measures, as well as potential responses to them by Russia, is unknown.

Stock prices of many companies, and technology companies in particular, have fluctuated in a manner unrelated or disproportionate to the operating performance of those companies. In the past, stockholders have filed securities class action litigation following periods of market volatility. If we were to become involved in securities litigation, it could subject us to substantial costs, divert resources and the attention of management from our business and adversely affect our business.

We are an “emerging growth company,” and we cannot be certain if the reduced reporting and disclosure requirements applicable to emerging growth companies will make our common stock less attractive to investors.

We are an “emerging growth company,” as defined in the JOBS Act, and we may take advantage of certain exemptions from various reporting requirements that are applicable to other public companies that are not “emerging growth companies,” including the auditor attestation requirements of Section 404 reduced disclosure obligations regarding executive compensation in our periodic reports and proxy statements, and exemptions from the requirements of holding a non-binding advisory vote on executive compensation and stockholder approval of any golden parachute payments not previously approved. Pursuant to Section 107 of the JOBS Act, as an emerging growth company, we have elected to use the extended transition period for complying with new or revised accounting standards until those standards would otherwise apply to private companies. As a result, our consolidated financial statements may not be comparable to the financial statements of issuers who are required to comply with the effective dates for new or revised accounting standards that are applicable to public companies, which may make our common stock less attractive to investors. In addition, if we cease to be an emerging growth company, we will no longer be able to use the extended transition period for complying with new or revised accounting standards.

We will remain an emerging growth company until the earliest of (i) December 31, 2026, (ii) the last day of the first fiscal year in which our annual gross revenue is $1.07 billion or more, (iii) the date on which we have, during the previous rolling three-year period, issued more than $1 billion in non-convertible debt securities, and (iv) the date on which we are deemed to be a “large accelerated filer,” which will occur as of the end of any fiscal year in which we (x) have an aggregate market value of our common stock held by non-affiliates of $700 million or more as of the last business day of our most recently completed second fiscal quarter, (y) have been required to file annual and quarterly reports under the Exchange Act for a period of at least 12 months, and (z) have filed at least one annual report pursuant to the Exchange Act.

We cannot predict if investors will find our common stock less attractive if we continue to choose to rely on these exemptions. For example, if we do not adopt a new or revised accounting standard, our future operating results may not be as comparable to the operating results of certain other companies in our industry that adopted such standards. If some investors find our common stock less attractive as a result, there may be a less active trading market for our common stock, and our stock price may be more volatile.

Raising additional capital may cause dilution to our existing stockholders, restrict our operations or require us to relinquish rights to our intellectual property on unfavorable terms to us.

Until such time, if ever, as we can generate substantial revenue, we may finance our cash needs through a combination of equity offerings, government or private party grants, debt financings and strategic partnership agreements. We may seek additional capital through a variety of means, including through strategic partnership arrangements, public or private equity or debt financings, third-party funding and marketing and distribution arrangements, as well as other strategic alliances and licensing arrangements or any combination of these approaches. However, disruptions in the capital markets could make any financing more challenging, and there can be no assurance that we will be able to raise capital on commercially reasonable terms or at all. To the extent that we raise additional capital through the sale of equity or convertible debt securities, your ownership interest will be diluted, and the terms may include liquidation preferences or other rights, powers or preferences that may adversely affect your rights as a stockholder. To the extent that debt financing is available, and we choose to raise additional capital in the form of debt, such debt financing may involve agreements that include covenants limiting or restricting our ability to take certain actions, such as incurring additional debt, making capital expenditures or declaring dividends. If we raise additional capital pursuant to collaborations, licensing arrangements or other strategic partnerships, such agreements may require us to relinquish rights to our technologies.

63

If we are unable to raise additional funds through equity or debt financing or through collaborations or strategic partnerships when needed, we may be required to delay, limit, reduce or terminate the development of our solutions or commercialization efforts.

We may allocate our cash and cash equivalents in ways that you and other stockholders may not approve.

Our management has broad discretion in the application of our cash and cash equivalents. Because of the number and variability of factors that determine our use of our cash and cash equivalents, their ultimate use may vary substantially from their currently intended use. Our management might not apply cash and cash equivalents in ways that ultimately increase the value of your investment. The failure by our management to apply these funds effectively could harm our business. Pending their use, we may invest our cash and cash equivalents in short-term, investment-grade, interest-bearing securities. These investments may not yield a favorable return to our stockholders. If we do not invest or apply our cash and cash equivalents in ways that enhance stockholder value, we may fail to achieve expected financial results, which could cause our stock price to decline.

If securities or industry analysts do not publish research or publish inaccurate or unfavorable research about our business, our stock price and trading volume could decline.

The trading market for our common stock depends in part on the research and reports that securities or industry analysts publish about us or our business. If industry analysts cease coverage of us, the trading price for our common stock would be negatively affected. If one or more of the analysts who cover us downgrade our common stock or publish inaccurate or unfavorable research about our business, our common stock price would likely decline. If one or more of these analysts cease coverage of us or fail to publish reports on us regularly, demand for our common stock could decrease, which might cause our common stock price and trading volume to decline.

Sales of substantial amounts of our common stock in the public markets could cause the market price of our common stock to decline.

The price of our common stock could decline if there are substantial sales of our common stock, particularly sales by our directors, executive officers and significant stockholders, or if there is a large number of shares of our common stock available for sale and the market perceives that sales will occur. We had a total of 100,454,177 shares of our voting common stock and 5,988,378 shares of our non-voting common stock outstanding as of December 31, 2021. Other than shares held by directors, executive officers and other affiliates that are subject to volume limitations under Rule 144 under the Securities Act and various vesting agreements, these shares of common stock generally are freely tradable without restrictions or further registration under the Securities Act.

Certain of our stockholders will have rights, subject to some conditions, to require us to file registration statements covering their shares or to include their shares in registration statements that we may file for ourselves or our stockholders, subject to market standoff and lock-up agreements. We registered shares of common stock that we have issued and may issue under our employee equity incentive plans. These shares will be able to be sold freely in the public market upon issuance, subject to securities laws.

The market price of the shares of our common stock could decline as a result of the sale of a substantial number of our shares of common stock in the public market or the perception in the market that the holders of a large number of shares intend to sell their shares.

The concentration of our stock ownership will likely limit your ability to influence corporate matters, including the ability to influence the outcome of director elections and other matters requiring stockholder approval.

As of December 31, 2021, our executive officers, directors and the holders of more than 5% of our outstanding voting and non-voting common stock, in the aggregate, beneficially owned approximately 46.9% of our voting and non-voting common stock. As a result, these stockholders, acting together, will have significant influence over all matters that require approval by our stockholders, including the election of directors and approval of significant corporate transactions. Corporate actions might be taken even if other stockholders oppose them. This concentration of ownership might also have the effect of delaying or preventing a change of control of our company that other stockholders may view as beneficial.

64

We do not intend to pay dividends on our common stock and, consequently, your ability to achieve a return on your investment will depend on appreciation in the price of our common stock.

We have never declared or paid any cash dividend on our common stock and do not currently intend to do so for the foreseeable future. We currently anticipate that we will retain future earnings for the development, operation and expansion of our business and do not anticipate declaring or paying any cash dividends for the foreseeable future. In addition, our loan and security agreement currently prohibits us from paying dividends on our equity securities, and any future debt financing arrangement may contain terms prohibiting or limiting the amount of dividends that may be declared or paid on our common stock. Any return to stockholders will therefore be limited to the appreciation of their stock. Therefore, the success of an investment in shares of our common stock will depend upon any future appreciation in their value. There is no guarantee that shares of our common stock will appreciate in value or even maintain the price at which our stockholders have purchased their shares.

Delaware law and provisions in our amended and restated certificate of incorporation and amended and restated bylaws could make a merger, tender offer or proxy contest difficult, thereby depressing the trading price of our common stock.

Our status as a Delaware corporation and the anti-takeover provisions of the Delaware General Corporation Law (DGCL) may discourage, delay or prevent a change in control by prohibiting us from engaging in a business combination with an interested stockholder for a period of three years after the person becomes an interested stockholder, even if a change of control would be beneficial to our existing stockholders. In addition, our amended and restated certificate of incorporation and amended and restated bylaws contain provisions that may make the acquisition of our company more difficult, including the following:

In addition, as a Delaware corporation, we are subject to Section 203 of the DGCL. These provisions may prohibit large stockholders, in particular those owning 15% or more of our outstanding voting stock, from merging or combining with us for a certain period of time. A Delaware corporation may opt out of this provision by express provision in its original certificate of incorporation or by amendment to its certificate of incorporation or bylaws approved by its stockholders. However, we have not opted out of this provision.

These and other provisions in our amended and restated certificate of incorporation, amended and restated bylaws and Delaware law could make it more difficult for stockholders or potential acquirors to obtain control of our board of directors or initiate actions that are opposed by our then-current board of directors, including delay or impede a merger,

65

tender offer or proxy contest involving our company. The existence of these provisions could negatively affect the price of our common stock and limit opportunities for you to realize value in a corporate transaction.

Our amended and restated certificate of incorporation provides that the Court of Chancery of the State of Delaware and the federal district courts of the United States will be the exclusive forum for substantially all disputes between us and our stockholders, which could limit our stockholders’ ability to obtain a favorable judicial forum for disputes with us or our directors, officers or employees.

Our amended and restated certificate of incorporation provides that the Court of Chancery of the State of Delaware is the exclusive forum for any derivative action or proceeding brought on our behalf, any action asserting a breach of fiduciary duty, any action asserting a claim against us arising pursuant to the DGCL, our certificate of incorporation or our bylaws or any action asserting a claim against us that is governed by the internal affairs doctrine. This provision would not apply to claims brought to enforce a duty or liability created by the Exchange Act or any other claim for which the federal courts have exclusive jurisdiction. Our amended and restated certificate of incorporation provides further that the federal district courts of the United States will be the exclusive forum for resolving any complaint asserting a cause of action arising under the Securities Act. These choices of forum provisions may limit a stockholder’s ability to bring a claim in a judicial forum that it finds favorable for disputes with us or our directors, officers or other employees and may discourage these types of lawsuits. Furthermore, the enforceability of similar choice of forum provisions in other companies’ certificates of incorporation has been challenged in legal proceedings, and it is possible that a court could find these types of provisions to be inapplicable or unenforceable. While the Delaware courts have determined that such choice of forum provisions are facially valid, a stockholder may nevertheless seek to bring a claim in a venue other than those designated in the exclusive-forum provisions, and there can be no assurance that such provisions will be enforced by a court in those other jurisdictions. If a court were to find the exclusive-forum provision contained in our amended and restated certificate of incorporation to be inapplicable or unenforceable in an action, we may incur additional costs associated with resolving such action in other jurisdictions, which could harm our business.

66

Item 1B. Unresolved Staff Comments

None.

Item 2. Properties

Our corporate headquarters are located in Boston, Massachusetts, where we occupy facilities totaling approximately 16,419 square feet under a lease that expires in March 2024. We use these facilities for administration, finance, legal, compliance, human resources, global payments, IT, sales and marketing, engineering, and customer success.

We maintain other leased locations in the U.S. and throughout the world. We intend to procure additional space as we add employees and expand geographically. We believe that our facilities are adequate to meet our needs for the immediate future, and that, should it be needed, suitable additional space will be available to accommodate any such expansion of our operations.

Item 3. Legal Proceedings

From time to time, we may be subject to legal proceedings and claims in the ordinary course of business, including patent, commercial, product liability, employment, class action, whistleblower, and other litigation and claims, as well as governmental and other regulatory investigations and proceedings. In addition, third parties may from time to time assert claims against us in the form of letters and other communications. We are not currently a party to any legal proceedings that we believe to be material to our business or consolidated financial statements. The results of any future litigation cannot be predicted with certainty, and regardless of the outcome, litigation can have an adverse impact on us because of defense and settlement costs, diversion of management resources, and other factors.

Item 4. Mine Safety Disclosures

Not applicable.

67

PART II

Item 5. Market for Registrant’s Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities

Market Information

Our voting common stock began trading on the Nasdaq Global Select Market under the symbol “FLYW” on May 26, 2021. Prior to that date, there was no public trading market for our common stock.

Our non-voting common stock is not listed on any stock exchange nor traded on any public market.de

Holders of Record

As of March 25, 2022, there were 71 holders of record of our voting common stock. This number does not include beneficial owners whose shares are held by nominees in street name. As of March 25, 2022, there were 2 holders of record of our non-voting common stock.

Dividend Policy

We have never declared nor paid any cash dividends on our capital stock. We currently intend to retain all available funds and any future earnings for use in the operation of our business and do not expect to pay any dividends on our capital stock in the foreseeable future. Any future determination relating to our dividend policy will be at the discretion of our board of directors, subject to applicable laws, and will depend on our financial condition, results of operations, capital requirements, general business conditions, and other factors that our board of directors considers relevant. In addition, the terms of our Revolving Credit Agreement restrict our ability to pay dividends.

Securities Authorized for Issuance under Equity Compensation Plans

The following table provides information as of December 31, 2021, with respect to shares of our common stock that may be issued, subject to certain vesting requirements, under our existing equity compensation plans, including our 2009 Equity Incentive Plan, which was adopted in 2009 and amended and restated in 2011 (as amended and restated, the 2009 Plan), our 2018 Stock Incentive Plan (2018 Plan), 2021 Equity Incentive Plan (2021 Plan) and Employee Stock Purchase Plan (ESPP).

(1) Of these shares, 161,470 were underlying then outstanding restricted stock units and 507,050 were subject to options then outstanding under the 2021 Plan; 51,651 were underlying then outstanding restricted stock awards and 4,216,996 were subject to options then outstanding under the 2009 Plan; and 10,131,246 were subject to options then outstanding under the 2018 Plan.

(2) Does not take into account restricted stock units, which have no exercise price.

(3) Represents 9,420,270 shares of common stock available for issuance under our 2021 Plan and 1,639,810 shares of common stock available for issuance under our ESPP. No shares are available for future issuance under our 2009 Plan or 2018 Plan. Our 2021 Plan provides for annual increases in the number of shares available for issuance thereunder on the first day of each fiscal year equal to the lower of: (a) 5% of the total number of shares of common stock and non-voting common stock outstanding on the last business day of the prior fiscal year; or (b) such other amount as our board of directors may determine. Our ESPP provides for annual increases in the number of shares available for issuance thereunder on the first day of each fiscal year equal to the least of: (x) 2,000,000 shares; (y) 1% of the shares of common stock and non-voting common stock issued and outstanding on the last business day of the prior fiscal year; or (z) the number of shares determined by our board of directors. On January 1, 2022, an additional 5,322,128 shares became available for future issuance under the 2021 Plan and an additional 1,064,426 shares became available for future issuance under the ESPP. The additional shares from the annual increase on January 1, 2022 are not included in the table above.

68

Stock Performance Graph

The following performance graph and related information shall not be deemed “soliciting material” or to be “filed” with the SEC for purposes of Section 18 of the Exchange Act, nor shall such information be incorporated by reference into any future filing under the Securities Act or the Exchange Act, whether made before or after the date hereof and irrespective of any general incorporation language in any such filing, or otherwise subject to the liabilities under the Securities Act or Exchange Act, except to the extent that we specifically incorporate it by reference into such filing.

The following graph depicts the total cumulative stockholder return on our common stock from May 26, 2021, the first day of trading of our common stock on the Nasdaq Global Select Market, through December 31, 2021, relative to the performance of the S&P 500 Index and S&P 500 IT Index. The graph assumes an initial investment of $100.00 at the close of trading on May 26, 2021 and that all dividends paid by companies included in these indices have been reinvested. The performance shown in the graph below is not intended to forecast or be indicative of future stock price performance.

Recent Sales of Unregistered Equity Securities

The following sets forth information regarding all unregistered securities sold by us during the year ended December 31, 2021. No underwriters were involved in the sales and the certificates representing the securities sold and issued contain legends restricting transfer of the securities without registration under the Securities Act or an applicable exemption from registration.

(1) We granted stock options to employees, directors, and other service providers to purchase an aggregate of 4,434,200 shares of common stock under our 2018 Plan, with weighted average per share exercise price of $12.59.

(2) We issued 5,910,974 shares of common stock upon exercise of stock options under our 2009 Plan and 2018 Plan.

(3) In February 2021, we issued and sold an aggregate of 2,571,936 shares of our Series F preferred stock at a purchase price of approximately $23.3287 per share for an aggregate purchase price of approximately $60 million to 14 purchasers that each represented to the Registrant that it was an accredited investor.

(4) In May 2021, we issued 182,467 shares of our Series C convertible preferred stock upon the net exercise of warrants to purchase shares of Series C convertible preferred stock.

The offers, sales and issuances of the securities described in Items (1) and (2) above were exempt from registration under the Securities Act under either (1) Rule 701 in that the transactions were under compensatory benefit plans and contracts relating to compensation as provided under Rule 701 or (2) Section 4(a)(2) of the Securities Act or Regulation D promulgated thereunder as transactions by an issuer not involving any public offering. The recipients of such securities were the registrant’s directors, officers, employees, consultants or other service providers and received the securities under our 2009 Plan or 2018 Plan. The recipients of securities in each of these transactions represented their intention to acquire the securities for investment only and not with view to or for sale in connection with any distribution thereof and appropriate legends were affixed to the securities issued in these transactions.

69

The offers, sales and issuances of the securities described in Items (3) and (4) above were exempt from registration under the Securities Act under Section 4(a)(2) of the Securities Act or Regulation D promulgated thereunder as transactions by an issuer not involving a public offering. The recipients of securities in each of these transactions acquired the securities for investment only and not with a view to or for sale in connection with any distribution thereof and appropriate legends were affixed to the securities issued in these transactions. Each of the recipients of securities in these transactions was an accredited person and had adequate access, through employment, business or other relationships, to information about the registrant.

Use of Proceeds from IPO

In May 2021, we closed our IPO in which we issued and sold 12,006,000 shares of our voting common stock, including 1,566,000 shares of voting common stock sold pursuant to the underwriters’ full exercise of their option to purchase additional shares, at a public offering price of $24.00 per share, for aggregate net proceeds of $263.8 million, after deducting underwriting discounts and commissions of $19.4 million and other offering costs of $4.9 million. Goldman Sachs & Co. LLC, J.P. Morgan Securities LLC and Citigroup Global Markets Inc. acted as representatives of the underwriters for our IPO. No payments for such expenses were made directly or indirectly to (i) any of our officers or directors or their associates, (ii) any persons owning 10% or more of any class of our equity securities or (iii) any of our affiliates. All of the shares issued and sold in the IPO were registered under the Securities Act pursuant to a Registration Statement on Form S-1 (File No. 333- 255706), which was declared effective by the SEC on May 25, 2021, and a Registration Statement on Form S-1 MEF (File No. 333-256471) filed pursuant to Rule 462(b) of the Securities Act.

The IPO terminated after the sale of all securities registered pursuant to the Registration Statements. As of December 31, 2021, the net proceeds of our IPO are in non-interest bearing accounts, but are expected to be invested in investment grade, interest-bearing instruments in the second quarter of 2022. There has been no material change in the expected use of the net proceeds from our IPO as described in our final prospectus, dated May 25, 2021, filed with the SEC pursuant to Rule 424(b) relating to our IPO.

Issuer Purchases of Equity Securities

None.

Item 6. [Reserved]

70

Item 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations

You should read the following discussion and analysis of our financial condition and results of operations together with our consolidated financial statements and the related notes appearing elsewhere in this Annual Report on Form 10-K. Some of the information contained in this Annual Report on Form 10-K includes forward-looking statements that involve risks and uncertainties. You should read the sections titled “Special Note Regarding Forward-Looking Statements” and “Risk Factors” for a discussion of important factors that could cause actual results to differ materially from the results described in or implied by the forward-looking statements contained in the following discussion and analysis. Our fiscal year end is December 31, and our fiscal quarters end on March 31, June 30, September 30, and December 31.

Overview

Flywire is a leading global payments enablement and software company. Our next-gen payments platform, proprietary global payment network and vertical-specific software help our clients get paid and help their customers pay with ease—no matter where they are in the world. Our clients rely on us for integrated solutions that are both global and local, and combine tailored invoicing, flexible payment options, and highly personalized omni-channel experiences. We believe we make generational advances for our clients by transforming payments into a source of value and growth for their organizations while delighting their customers with payment experiences that are engaging, secure, fast, and transparent.

Our Flywire Advantage is derived from three core elements: (i) our next-gen payments platform; (ii) our proprietary global payment network; and (iii) our vertical-specific software backed by our deep industry expertise. With our Flywire Advantage, we aim to power the transformation of our clients’ accounts receivable functions by automating paper and check-based business processes in addition to creating interactive, digital payment experiences for their customers. As a result, clients who implement our payments and software solutions can see increased digital payments and improved accounts receivable, higher enrollment in payment plans, and a reduction in customer support inquiries. We help our clients turn their accounts receivable functions into strategic, value-enhancing areas of their organizations.

We reach clients through various channels, with our direct channel being our primary go-to-market strategy. Our industry-experienced sales and relationship management teams bring expertise and local reach, and our solution combines high-tech and high-touch functions backed by 24x7 multilingual customer support, resulting in high client and customer satisfaction. In addition, the value of our Flywire Advantage has been recognized, with global financial institutions and technology providers choosing to form channel partnerships with us. These partnerships promote organic referral and lead generation opportunities and enhance our indirect sales strategy.

71

The combination of our differentiated solution and efficient go-to-market strategy has resulted in strong and consistent client growth.

As of December 31, 2021, we serve over 2,500 clients around the world. In education, we serve more than 2,000 institutions and 2.0 million students globally. In healthcare, we power more than 80 healthcare systems, including four of the top 10 healthcare systems in the United States ranked by hospital size as of December 31, 2021. In our newer payment verticals of travel and B2B payments, we have a growing portfolio of more than 300 clients as of December 31, 2021.

72

Our success in building our client base around the world and expanding utilization by our clients’ customers has allowed us to achieve significant scale. We enabled more than $13.2 billion in TPV during the year ended December 31, 2021 and 7.5 billion in TPV during the year ended December 31, 2020. We generated revenue of $201.1 million, $131.8 million and $94.9 million for the years ended December 31, 2021, 2020 and 2019, respectively, and incurred net losses of $28.1 million, $11.1 million, and $20.1 million for those same years. Pro forma revenue and pro forma net loss for the year ended December 31, 2020, as if our acquisition of Simplee had occurred on January 1, 2020, was $136.3 million and $13.4 million, respectively.

We believe that the growth of our business and our operating results will be dependent upon many factors, including our ability to add new clients, expand the usage of our solutions by our existing clients and their customers, and increase the breadth and depth of our payments and software capabilities by adding new solutions. While these areas present significant opportunities for us, they also pose challenges and risks that we must successfully address in order to sustain the growth of our business and improve our operating results.

While we have experienced significant growth and increased demand for our solutions over recent periods, we expect to continue to incur losses in the short term and may not be able to achieve or maintain profitability in the future. Our marketing is focused on generating leads to develop our sales pipeline, building our brand and market awareness, scaling our network of partners and growing our business from our existing client base. We believe that these efforts will result in an increase in our client base, revenues, and improved margins in the long term. To manage any future growth effectively, we must continue to improve and expand our IT and financial infrastructure, our operating and administrative systems and controls, and our ability to manage headcount, capital, and processes in an efficient manner. Additionally, we face intense competition in our market, and to succeed, we need to innovate and offer solutions that are differentiated from legacy payment solutions. We must also effectively hire, retain, train, and motivate qualified personnel and senior management. If we are unable to successfully address these challenges, our business, operating results, and prospects could be adversely affected.

Initial Public Offering

On May 28, 2021, we completed our IPO, in which we issued and sold 12,006,000 shares of common stock at a public offering price of $24.00 per share, which included 1,566,000 shares of common stock issued pursuant to the exercise in full of the underwriters' option to purchase additional shares. We received $263.8 million in net proceeds from the IPO, after deducting underwriting discounts and commissions of $19.4 million and other offering costs of $4.9 million.

Recent Acquisition

In December 2021, we acquired all of the issued and outstanding shares of WPM for a purchase price of $59.6 million including $56.1 million of cash consideration, net of cash acquired and the estimated fair value of contingent consideration of $3.5 million. Contingent consideration represents additional payments that we may be required to make in the future in the form of restricted stock units, which totals up to $7.9 million depending on our achievement of specified minimum payment volume targets and integration targets established for the years ended December 31, 2022 and 2023. WPM is a leading software provider that enables seamless and secure payment experiences for universities and colleges across the U.K. The acquisition of WPM is intended to build on our existing education payments business and is expected to further accelerate our market share in the U.K. education sector. WPM contributed $0.3 million in platform revenue during the year ended December 31, 2021.

In February 2020, we acquired all of the issued and outstanding shares of Simplee for a purchase price of $86.5 million including $79.4 million of cash consideration, net of cash acquired and the estimated fair value of contingent consideration of $7.1 million. Contingent consideration represents additional payments that we may be required to make in the future, which totals up to $20.0 million, depending on our reaching certain revenue and integration targets established for the years ended December 31, 2020 and 2021, as well as retaining key clients. Simplee is a provider of healthcare payment and collection software. The Simplee acquisition brings a highly complementary client base with whom we can further expand our capabilities, and additional platform and healthcare specific software capabilities with which we believe we can acquire additional clients in the healthcare market.

Our Revenue Model

We derive revenue from transactions and platform and usage-based fees.

Transaction revenue is earned from payment processing services provided to our clients. The fee earned on each transaction consists of a rate applied to the total payment value of the transaction, which can vary based on the payment method currency pair conversion and the geographic region in which our client and the clients’ customer resides. We also

73

earn revenue from marketing fees from credit card service providers for marketing arrangements in which we perform certain marketing activities which we consider to be ancillary to the solutions we provide to our clients.

Platform and usage-based fee revenue includes (i) fees earned for the utilization of our payment platform to optimize cash collections, (ii) fees collected on payment plans established by our clients on our payment platform, (iii) subscription fees and (iv) fees related to printing and mailing services which we consider to be ancillary to the solutions we provide to our clients.

Key Operating Metrics and Non-GAAP Financial Measures

The following table sets forth our key operating metrics and non-GAAP measures for the periods presented:

For the year ended December 31, 2021, transaction revenue and platform and usage-based fee revenue represented 73.6% and 26.4% of our revenue, respectively. For the year ended December 31, 2021 transaction revenue and platform and usage-based fee revenue represented 80.7% and 19.3% of our total revenue less ancillary services, respectively.

For the year ended December 31, 2020, transaction revenue and platform and usage-based fee revenue represented 68.0% and 32.0% of our revenue, respectively. For the year ended December 31, 2020, transaction revenue and platform and usage-based fee revenue represented 77.0% and 23.0% of our total revenue less ancillary services, respectively.

For the year ended December 31, 2019, transaction revenue and platform and usage-based fee revenue represented 91.3% and 8.7% of our revenue, respectively. For the year ended December 31, 2019 transaction revenue and platform and usage-based fee revenue represented 92.0% and 8.0% of our total revenue less ancillary services, respectively.

For the year ended December 31, 2021, our total payment volume was approximately $13.2 billion, consisting of $8.4 billion of total payment volume from transactions included in transaction revenue and $4.8 billion of total payment volume from transactions included in platform and usage-based fee revenue. For the year ended December 31, 2020, our total payment volume was approximately $7.5 billion, consisting of $4.7 billion of total payment volume from transactions included in transaction revenue and $2.8 billion of total payment volume from transactions included in platform and usage-based fee revenue. For the year ended December 31, 2019, our total payment volume was approximately $5.8 billion, consisting of $4.7 billion of total payment volume from transactions included in transaction revenue and $1.1 billion of total payment volume from transactions included in platform and usage-based fee revenue.

Total Payment Volume

To grow revenue from clients we must facilitate the use of our payment platform by our clients to process the amounts paid to them by their customers. The more our clients use our platform and rely upon our features to automate their payments, the more payment volume is processed on our solution. This metric provides an important indication of the value of the transactions that our clients’ customers are completing on our payment platform and is an indicator of our ability to generate revenue from our clients. We define total payment volume as the total amount paid to our clients on our payments platform in a given period.

Revenue Less Ancillary Services, Adjusted Gross Margin and Adjusted EBITDA

We use non-GAAP financial measures to supplement financial information presented on a GAAP basis. We believe that excluding certain items from our GAAP results allows management to better understand our consolidated financial performance from period to period and better project our future consolidated financial performance as forecasts are developed at a level of detail different from that used to prepare GAAP-based financial measures. Moreover, we believe

74

these non-GAAP financial measures provide our stakeholders with useful information to help them evaluate our operating results by facilitating an enhanced understanding of our operating performance and enabling them to make more meaningful period to period comparisons. There are limitations to the use of the non-GAAP financial measures presented here. Our non-GAAP financial measures may not be comparable to similarly titled measures of other companies. Other companies, including companies in our industry, may calculate non-GAAP financial measures differently than we do, limiting the usefulness of those measures for comparative purposes.

We use supplemental measures of our performance which are derived from our consolidated financial information, but which are not presented in our consolidated financial statements prepared in accordance with GAAP. These non-GAAP financial measures include the following:

These non-GAAP financial measures are not meant to be considered as indicators of performance in isolation from or as a substitute for revenue, gross margin or net loss prepared in accordance with GAAP and should be read only in conjunction with financial information presented on a GAAP basis. Reconciliations of Revenue Less Ancillary Services, Adjusted Gross Margin and Adjusted EBITDA to the most directly comparable GAAP financial measure are presented below. We encourage you to review these reconciliations in conjunction with the presentation of the non-GAAP financial measures for each of the periods presented. In future fiscal periods, we may exclude such items and may incur income and expenses similar to these excluded items.

Reconciliations of Non-GAAP Financial Measures

The tables below provide reconciliations of Revenue Less Ancillary Services, Adjusted Gross Margin and Adjusted EBITDA to the most comparable GAAP figure on a consolidated basis for the periods presented.

75

Revenue Less Ancillary Services and Adjusted Gross Margin: