Attached files

file filename
EX-32.1 - EX-32.1 - GLOBALSCAPE INCex32-1.htm
EX-31.2 - EX-31.2 - GLOBALSCAPE INCex31-2.htm
EX-31.1 - EX-31.1 - GLOBALSCAPE INCex31-1.htm
EX-23.1 - EX-23.1 - GLOBALSCAPE INCex23-1.htm


UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
Washington, D.C.  20549
 


FORM 10-K
 


ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(D) OF THE SECURITIES EXCHANGE ACT OF 1934

For the fiscal year ended December 31, 2017

OR

TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(D) OF THE SECURITIES EXCHANGE ACT OF 1934

For the transition period from                  to                   
 
Commission File No. 001-33601

 
GlobalSCAPE, Inc.
(Exact name of registrant as specified in its charter)
 
Delaware
 
74-2785449
(State or other jurisdiction of incorporation or organization)
 
(I.R.S. Employer Identification No.)
     
4500 Lockhill-Selma, Suite 150
   
San Antonio, Texas
 
78249
(Address of Principal Executive Office)
 
(Zip Code)
 
(210) 308-8267
(Registrant’s Telephone Number, Including Area Code)
Securities registered pursuant to Section 12(b) of the Act:
 
Common Stock, par value $0.001 per share 
NYSE American, LLC
(Title of Class)
(Name of exchange on which registered)
 
Securities registered pursuant to Section 12(g) of the Act:
None

Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act.
Yes    No

Indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or Section 15(d) of the Act.
Yes    No

Indicate by check mark whether the registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days.
Yes    No

Indicate by check mark whether the registrant has submitted electronically and posted on its corporate Web site, if any, every
Interactive Data File required to be submitted and posted pursuant to Rule 405 of Regulation S-T (§232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit and post such files).
Yes    No
Indicate by check mark if disclosure of delinquent filers pursuant to Item 405 of Regulation S-K (§ 229.405 of this chapter) is not contained herein, and will not be contained, to the best of registrant’s knowledge, in definitive proxy or information statements incorporated by reference in Part III of this Form 10-K or any amendment to this Form 10-K.   Yes   No

Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, smaller reporting company, or an emerging growth company. See the definitions of “large accelerated filer,” “accelerated filer,” “smaller reporting company,” and “emerging growth company” in Rule 12b-2 of the Exchange Act.
 
Large accelerated filer ☐
Accelerated filer
Non-accelerated filer ☐ (Do not check if a smaller reporting company)
Smaller reporting company
Emerging growth company ☐
 
Indicate by check mark if the registrant is a shell company (as defined in Rule 12b-2 of the Act).
Yes    No

As of June 30, 2017, the last day of the registrant’s most recently completed second fiscal quarter, the aggregate market value of the common stock held by non-affiliates of the registrant was $91,805,263 based on the closing sale price as reported on the NYSE American.

As of March 31, 2018, there were 21,793,131 shares of common stock outstanding.



TABLE OF CONTENTS

   
Page
PART I
 
     
Item 1.
2
     
Item 1A.
20
     
Item 1B.
42
     
Item 2.
42
     
Item 3.
43
     
Item 4.
43
     
PART II
 
     
Item 5.
44
     
Item 6.
44
     
Item 7.
45
     
Item 8.
63
     
Item 9.
85
     
Item 9A.
87
     
Item 9B.
92
     
PART III
 
     
Item 10.
93
     
Item 11.
97
     
Item 12.
111
     
Item 13.
112
     
Item 14.
113
     
PART IV
 
     
Item 15.
114



Preliminary Notes

GlobalSCAPE®, CuteFTP®, CuteFTP Pro®, DMZ Gateway®,  EFT Cloud Services, ®GlobalSCAPE Securely Connected®, and Mail Express® are registered trademarks of GlobalSCAPE, Inc.  

Secure FTP Server™, Wide Area File Services™, WAFS™, CDP™, Advanced Workflow Engine™, AWE™, EFT Server™, EFT Workspaces™, EFT Insight™, Enhanced File Transfer™, Enhanced File Transfer Server™, Secure Ad Hoc Transfer™, SAT™, EFT Server Enterprise™, Enhanced File Transfer Server Enterprise ™, Desktop Transfer Client™, DTC™, Mobile Transfer Client™, MTC™, Web Transfer Client™, Workspaces™, Accelerate™,  WTC™,  Content Integrity Control™, Advanced Authentication™, AAM™ and scConnect™ are trademarks of GlobalSCAPE, Inc. 

TappIn® and design are registered trademarks of TappIn, Inc., our wholly-owned subsidiary. 

TappIn Secure Share ™, Social Share ™, Now Playing ™, and Enhanced A La Carte Playlist ™ are trademarks of TappIn, Inc., our wholly-owned subsidiary. 

Other trademarks and trade names in this Annual Report are the property of their respective owners.

In this report, we use the following terms:

“B2B” means business-to-business.

“BYOL” means bring your own license.

“Cloud” or “cloud computing” refers to pooled computing resources, delivered on-demand, over the Internet.  In the same manner that electricity is delivered on-demand from large scale power plants, cloud computing is delivered from centralized data centers to users all over the world.

“DMZ” or Demilitarized Zone refers to a computer host or perimeter network inserted between a trusted internal network and an untrusted public network such as the Internet.

“FTP” or File Transfer Protocol is a protocol used to exchange or manipulate files over a computer network such as the Internet.


“MFT” or Managed File Transfer refers to software solutions that facilitate the secure transfer of data from one computer to another through a network.

“RFC” or Request for Comment is a memorandum published by the Internet Engineering Task Force describing methods, research, or innovations applicable to the working of the Internet and Internet-connected systems.

“SaaS” or Software-as-a-Service uses hosted, cloud computing approaches in which the customer does not need to install the underlying software on its own computer systems to access the application.

 “SSL” or Secure Sockets Layer uses cryptography to encrypt data between the web server and the web browser.


Forward-Looking Statements

This Annual Report on Form 10-K contains “forward-looking statements” within the meaning of Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities Exchange Act of 1934, as amended.  “Forward-looking statements” are those statements that are not of historical fact but describe management’s beliefs and expectations.  We have identified many of the forward-looking statements in this Annual Report by using words such as “will”, “anticipate,” “believe,” “could,” “estimate,” “may,” “expect,” “potentially” and “intend.”  Although we believe these expectations are reasonable, our operations involve a number of risks and uncertainties, including those described in the “Risk Factors” section of this Annual Report and other documents filed with the Securities and Exchange Commission, or SEC.  Therefore, GlobalSCAPE’s actual results could differ materially from those discussed in this Annual Report.


EXPLANATORY NOTE
Investigation

On August 7, 2017, GlobalSCAPE, Inc. (together with its wholly-owned subsidiary, “GlobalSCAPE”, the “Company” or “we”)  announced that the Audit Committee (the “Audit Committee”) of our Board of Directors, assisted by outside legal counsel and independent forensic accountants, had been conducting an investigation (the “Investigation”) into certain transactions in the fourth quarter of 2016. We have since publicly disclosed multiple updates regarding the Investigation. The Investigation, which is now complete, identified  transactions which were recorded inconsistently with the Company’s stated revenue recognition policies and criteria as described in our discussion of our significant accounting policies in Note 2 to our consolidated financial statements in Part II, Item 8 below.

Subsequent to the announcement of the Investigation on August 7, 2017, the Audit Committee and management identified additional transactions which occurred during fiscal year 2016 in which revenue was recorded inconsistently with the Company’s stated revenue recognition policies and criteria including:

·
Transactions in which license activation keys did not appear to have been delivered to the customer in the period in which the sale was recorded;
·
Transactions appearing to contain side deal terms negotiated with customers but not reflected in the underlying sales documentation;
·
Transactions in which a sale was recorded although the customer had not yet responded to the Company’s request to provide a commitment to purchase;
·
Transactions in which a sale was made to a reseller whereby collection was not reasonably assured due to payment or other nonstandard terms not consistent with the Company’s revenue recognition policy;
·
Transactions in which there was either no purchase order or a purchase order dated after the date of the end of the period for which revenue had been previously recognized; and
·
One transaction which included incorrect vendor specific objective evidence allocation.

Additionally, management adjusted our consolidated financial statements as of and for the years ended December 31, 2016 and 2015 to account for immaterial misstatements. These changes in our consolidated financial statements as of and for the year ended December 31, 2015 were in addition to the changes previously disclosed in our original Annual Report on Form 10-K for the year ended December 31, 2016, filed March 27, 2017, as a result of changes in accounting methods and in the classification and presentation of our business activities in our consolidated financial statements.

As a result of the Investigation and management’s analysis, we restated (the “Restatement”) (i) our consolidated financial statements as of and for the years ended December 31, 2016 and 2015 and (ii) our condensed consolidated financial statements as of and for the three months ended March 31, 2017.  Our consolidated financial statements included within this Form 10-K reflect the Restatement.

Transition to Accelerated Filer

The Company met the “accelerated filer” requirements as of the end of its 2017 fiscal year pursuant to Rule 12b-2 of the Securities Exchange Act of 1934, as amended. However, pursuant to Rule 12b-2, SEC Release No. 33-8876 and applicable SEC guidance, the registrant (as a smaller reporting company transitioning to the accelerated filer larger reporting company system based on its public float as of June 30, 2017) is not required to satisfy the larger reporting company requirements until its first quarterly report on Form 10-Q for the 2018 fiscal year and thus is eligible to check the “smaller reporting company” box on the cover of this Form 10-K.




PART I
 
Item 1.          Business
 
Company Overview

We develop and sell computer software that provides secure information exchange, data transfer and sharing capabilities for enterprises and consumers. We have been in business for more than twenty years having sold our products to thousands of enterprises and more than one million individual consumers globally.

Our primary business is selling and supporting managed file transfer, or MFT, software for enterprises. MFT software facilitates the transfer of data from one location to another across a computer network within a single enterprise or between multiple computer networks in multiple enterprises.

Our MFT products are based upon our Enhanced File Transfer, or EFT, platform. This platform emphasizes secure and efficient data exchange for virtually any organization. It enables business partners, customers and employees to share information safely and securely. The EFT platform provides enterprise-level security while automating the integration of back-end systems which are features often missing from traditional file transfer software. The EFT platform features built-in regulatory compliance, governance, and visibility controls to maintain data safety and security. It can replace legacy systems, homegrown servers, expensive leased lines and virtual area networks, all of which can be insecure, with a top-performing, scalable alternative. The EFT platform promotes ease of administration while providing the detailed capabilities necessary for complete control of a file transfer system.

We earn most of our revenue from the sale of products and services that are part of our EFT platform. Our customers can purchase the capabilities of our EFT platform in two ways:

·
Under a perpetual software license for which they pay a one-time fee and under which they typically install our product on computers that they own and/or manage. Our brand name for this product is EFT. Almost all customers who purchase EFT also purchase a maintenance and support, or M&S, contract for which they pay us an annual recurring fee. Most of the revenue we have earned from our EFT platform products has been from sales of perpetual software licenses and related M&S.
·
As a software-as-a-service, or SaaS, under which they pay us ongoing fees to access the capabilities of the EFT platform in the cloud. Through the end of 2017, EFT Cloud was our SaaS offering of the EFT platform which users accessed for a flat monthly subscription fee. In January 2018, we introduced EFT Arcus, which will be our SaaS offering of the EFT platform going forward, for which users will pay a base monthly subscription fee plus an additional variable amount determined based upon their metered usage of EFT Arcus resources.

We sell other products that are synergistic to our EFT platform including Mail Express, WAFS, and CuteFTP. Collectively, these products constituted less than 5% of our total revenue in 2017. Customers pay a one-time fee to purchase these products under a perpetual software license. Some customers also purchase an M&S contract. We do not offer a SaaS version of these products and have no plans to do so.

We also earn revenue from professional services we provide to assist our customers in configuring and integrating our EFT platform products into their environments.

We focus on selling our EFT platform products in a business-to-business environment. The majority of the resources we will expend in the future for product research, development, marketing and sales will focus on our EFT platform products. We expect to expend minimal resources developing and selling our other products. We believe our EFT platform products and business capabilities are well-positioned to compete effectively in the market for these products.

In June 2017, we introduced a data integration product that we planned to sell under the brand name Kenetix. We licensed the technology for this product from a third party. This product is a cloud-based, integration-as-a-service, or iPaaS, solution used to connect applications, microservices, application program interfaces (or API’s), data and processes within and between organizations. We have experienced issues with the third-party technology and have determined to suspend marketing of the product as we evaluate options and determine whether the licensor can effectively address the issues.


For a more comprehensive discussion of the products we sell and the services we offer, see Software Products and Services below.

We have won multiple awards for performance and reputation, including:

·
In 2017:
-
Recognized by the San Antonio Express News as a Top Workplace in 2017, marking GlobalSCAPE’s seventh recognition as a Top Workplace in San Antonio.
-
Honored with the 2017 Total Rewards & Benefits Excellence Award by the HRO Today Services and Technology Association.
-
Named to the CRN 2017 Cloud Partner Program Guide which recognizes partner programs with distinguished margins, sales support and cloud resources.
-
Received three awards from the 2017 Golden Bridge Awards for distinguished technology achievements which included:
§
Cloud/SaaS Innovations (Gold Winner) – EFT on Amazon Web Services or Microsoft Azure.
§
Managed File Transfer Innovations (Gold Winner) – The EFT Accelerate module.
§
Governance, Risk and Compliance Innovations (Bronze Winner) – EFT platform.
-
Received two awards from the Network Product Guide 2017 IT World Awards for achievements in product excellence that included:
§
Governance, Risk and Compliance (Gold Winner) – EFT.
§
Cloud Security (Silver Winner) – EFT Cloud Services.
-
Recognized as a Best Place to Work in IT by Computerworld for the fourth consecutive year and sixth time overall.
-
Recognized for three Info Security Products Guide 2017 Global Excellence Awards for distinguished achievements in product innovation in categories that included:
§
Innovation in Compliance (Gold Winner) – Enhanced File Transfer.
§
Cloud/SaaS Solutions (Gold Winner) – EFT Cloud Services.
§
BYOD Security (Bronze Winner) – EFT Workspaces.
-
Honored as a Best Company to Work for in Texas by Best Companies Group (BCG), Texas Monthly, the Texas Association of Businesses (TAB), and Texas SHRM.
-
Received a 5-Star rating in The Channel Company’s CRN 2017 Partner Program Guide for the third year in a row.
-
Honored with the 2017 Total Rewards & Benefits Excellence Award by the HRO Today Services and Technology Association.
-
Selected as a finalist in the 2017 Cybersecurity Product Awards Secure File Transfer: EFT Enterprise.

·
In 2016:
-
Recognized as a 2016 Top Workplace by San Antonio Express-News, marking GlobalSCAPE’s sixth recognition as a Top Workplace in San Antonio.
-
Selected for CRN’s 2016 Cloud Computing Partner Program Guide.
-
Certified as a great workplace by the independent analysts at Great Place to Work.
-
Recognized for product excellence by the 2016 Golden Bridge Awards in several categories, including:
§
EFT – Gold Winner in Access Compliance and Risk Management.
§
EFT Cloud Services – Gold Winner in Managed File Transfer.
-
Recognized for distinguished product achievements by Network Products Guide’s 2016 IT World Awards in several categories, including:
§
The EFT Workspaces module, a part of EFT – Gold Winner in BYOD Security.
§
EFT – Bronze Winner in Compliance.
§
Mail Express – Bronze Winner in Email Security and Management.
-
Named by Computerworld as one of the best companies to work for in IT for the third consecutive year with a ranking of #3 in the small company category.
-
Recognized by the San Antonio Business Journal as a 2016 Best Place to Work, making this the fifth time GlobalSCAPE has received this honor.
-
Honored as the HR Employer of the Year and Excellence in Engagement Strategy in North America by the HRO Today Services and Technology Association.
-
Received a 5-Star rating in The Channel Company’s CRN 2016 Partner Program Guide for the second year in a row.

-
Named by Texas Monthly magazine as one of the best companies to work for in Texas for the sixth year in a row with a ranking of #16 in the medium size category.
-
Received Info Security Products Guide 2016 Global Excellence Awards for distinguished achievements in product innovation that included:
§
EFT Workspaces – Gold Winner in BYOD Security.
§
Enhanced File Transfer – Silver Winner in Compliance.
§
EFT Cloud Services – Bronze Winner in Cloud Security.
§
Mail Express – Bronze Winner in Email Security and Management.
-
Named as Leader in Secure Information Exchange Services 2016 – Texas by the Corp America 2016 Small Cap Awards.

GlobalSCAPE was incorporated in Delaware in 1996.  Our address is 4500 Lockhill-Selma Road, Suite 150, San Antonio, Texas 78249. Our phone number is (210) 308-8267.

Industry Background

Communication across private and public computer networks that facilitates the movement and sharing of information between central and remote locations and with associates, employees, partners, suppliers, and customers is an integral part of daily operations for enterprises of all sizes. Corporate information managers must protect business assets, ensure that policies and processes meet regulations governing the management of sensitive information, and ensure that the right people have access to the right information, at the right place and at the right time. Global operations, diverse business partners and networks further emphasize the need for software applications that ensure compatibility, scalability, privacy, and security. These requirements have created the need for maintaining the security of data and information in motion (for example, with traditional MFT solutions delivered as on-premises software or as a cloud service) and at rest (for example, through securely deleting or purging files or securely accessing stored data from mobile tablet or smartphone devices).

The increase in high-profile and large scale data breaches in corporate enterprises and government agencies involving access to information in an unauthorized manner have created a heightened awareness of the vulnerability of critical and confidential data. As a result, attention at an unprecedented level is being paid to the security and integrity of systems that store and transfer data electronically. In many cases, this emphasis involves assessing the adequacy of the security, reliability and visibility provided by existing MFT systems.

The need for secure MFT solutions is particularly strong for organizations faced with a daunting array of privacy, security, and remote accessibility challenges stemming from various regulatory and business requirements for data privacy and confidentiality. Regulatory requirements regarding privacy and security include federal legislation and regulations such as the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA), the Federal Trade Commission Red Flags Rules, as well as state legislation and regulations in the U.S., such as California Senate Bill (SB) 1386 and the data security regulations issued by the Massachusetts Office of Consumer Affairs and Business. In the European Union, the General Data Protection Regulation (GDPR) also places requirements on organizations who will have a need for our solutions. Some of these statutes and regulations impose severe penalties for improper disclosure of confidential information.  In addition to legal obligations, industry best-practices such as the Payment Card Industry Data Security Standard (PCI DSS) and self-imposed business requirements lead to the need to secure and protect consumer information, intellectual property and trade secrets. Use of secure MFT solutions offers protection against disclosure of proprietary information and also reduces corporate risks associated with the potentially devastating consequences of security breaches.

Our primary industry is known as managed file transfer. The MFT industry has its technical origin in the file transfer protocol, or FTP.  FTP dates back to 1980 (RFC 765, later superseded by RFC 959), with even earlier RFCs guiding prior attempts to establish standards for file transfer protocols. The use of file transfer protocols increased dramatically with the explosive growth of the Internet and the World Wide Web during the 1990s. The MFT industry arose from recognition that FTP alone does not provide adequate security and management capabilities for file transfers. MFT solutions offer a greater degree of security and control than FTP. Features available in MFT solutions include integrated security, auditing capabilities, performance monitoring, and reporting. The MFT industry includes low cost, or even free, solutions that offer basic capabilities. However, we believe businesses and even individuals require more advanced solutions that provide scalability, enhanced security options, automated workflow, dedicated maintenance and support, and other features that facilitate high-confidence, secure and cost effective file transfers.


Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned, released, and scaled to meet requirements.  We believe the continuing movement to cloud services is analogous to the telecommunications shift from dedicated point-to-point circuits to a delivery model in which the entire telecommunications infrastructure potentially can be used to establish, maintain, and manage individual connections on an as-needed basis.

Strategy

Our long-standing vision has been to simply and securely automate the flow of information between people, places and systems. Using that vision as a foundation, in 2018 we introduced a fundamentally new brand identity, logo and narrative that embodies our plan to evolve to being primarily a cloud software and services provider.  EFT Arcus is the foundation of that evolution. In addition, we adopted a new visual identity built upon a new tagline: “Make Business Flow Brilliantly”. Our visual theme now features a shifting background wave of colors representing the perpetual flow of data both within and between enterprises using our technology as a conduit through which the flow of business and the data it creates can be managed, monitored, controlled and viewed in a secure manner.

We intend to build upon our leadership position in the MFT market to provide businesses, other organizations, and individual users with the solutions necessary to meet their growing need for secure information exchange. We believe fully addressing this need for secure information exchange requires consideration of capabilities beyond traditional MFT, including the sharing of content between both people and businesses, work group collaboration, access to content outside the data center, business-to-business partner enablement, electronic data interchange, integration between systems and information, solution-wide governance, and advanced visibility including analytics, dashboards, and transaction-level control.

Going forward, we intend to focus on determining which areas of our business will contribute to our future growth in their current state, need additional investment to contribute in the desired manner or require further analysis to determine their place in our product offerings.  As we evolve our solution portfolio, we intend to maintain an appropriate balance between legacy and new solutions, including making choices about transitioning, sustaining, or retiring solutions as necessary to best operate under prevailing business conditions. Transitioning or sustaining solutions may involve consolidating capabilities within our solution portfolio, releasing upgrades in response to market or customer needs, or making bug fixes. We also may phase out solutions and earlier versions of our solutions periodically in accordance with our end-of-life, or EOL, policy.

In addition to expanding our products into areas adjacent to MFT, we also believe that we need to continue to expand the means of delivering our MFT products.  To that end, we intend to continue expanding our capability to deliver our EFT platform through our EFT Arcus SaaS delivery model which provides a flexible continuum of features and functions that provide the user the ability to pick and choose the extent to which they want to own or outsource the capabilities of our EFT platform. EFT Arcus also provides organizations the flexibility of deploying on-premises, in the cloud or in a hybrid cloud environment with all of the security, compliance, scalability, and visibility features of an on-premises managed file transfer solution. We seek to evolve our strategic focus based on our vision for product innovation and development, our assessment of visibility of and demand for our products in the marketplace, and our evaluation of desired approaches for selling and delivering our products.  Our strategic focus consists of:  

·
Ongoing innovation of our EFT platform to address the expanding needs of our existing customers and to enhance our products’ appeal to new customers.

·
Licensing, developing and/or acquiring technologies with features and functions that are complementary to and synergistic with our EFT platform so as to expand the breadth of our product offerings.

·
Enhancing our sales and marketing programs to improve identification of potential demand for our products and to increase the rate at which we are successful in selling our products.
 
Ongoing Innovation of Our EFT Platform to Address the Expanding Needs of Our Existing Customers and to Enhance Our Products’ Appeal to New Customers.

We seek to continue to improve and enhance our core technology, primarily in the MFT space, in both breadth and depth.  By focusing on the breadth of the product, we seek to pursue different segments of the market to ensure that we have products and services that meet the needs of small and medium businesses, or SMBs, but also scale to meet the demands of larger enterprises.  This will require new features and packages to be released to these audiences.  We believe that increasing the depth of our products by adding new features will allow us to increase sales to new customers as well as our existing client base by helping them solve additional problems within their organizations.


We believe customers in the markets we serve will increasingly begin assessing the viability of accessing and using MFT capabilities through cloud-based, SaaS offerings. Consistent with our new branding initiative, we intend to emphasize the development, marketing and sales of products with features and capabilities that support our customers accessing them through a SaaS offering hosted in the cloud such as EFT Arcus.

Licensing, Developing and/or Acquiring Technologies With Features and Functions that are Complementary to and Synergistic with Our EFT Platform so as to Expand the Breadth of Our Product Offerings.

The second area of strategic focus continues with product innovation but extends beyond pure MFT into adjacent segments and technologies such as data movement and data security.  We intend to continue to focus on determining which areas of our business will contribute to our future growth in their current state, need additional investment to contribute in the desired manner, or require further analysis to determine their future strategy.

Our solution portfolio may evolve over time, for example, through development of new offerings in adjacent markets or through acquisitions of technologies by licensing, partnering or by acquiring companies which own such technologies. We also maintain an active research and development program and work closely with partners and others in the industry to identify new solution opportunities. We also intend to remain alert for attractive opportunities to collaborate with others or perhaps combine other revenue-producing technologies with ours to expand our product offerings and reach.

We have allocated significant resources in recent years to enhancing our existing products and developing new solutions. This strategic focus has resulted in our adding features and functions to our EFT platform products and enhancing our ability to deliver those products to our customers in a variety of ways ranging from an on-premise, perpetual license to a full SaaS offering.

As we evolve our solution portfolio, we intend to maintain an appropriate balance between legacy and new solutions, including making choices about transitioning, sustaining, or retiring solutions as necessary to best operate under prevailing business conditions. Transitioning or sustaining solutions may involve consolidating capabilities within our solution portfolio, releasing upgrades in response to market or customer needs, making bug fixes, or phasing-out solutions periodically pursuant to our EOL policy.

Enhancing Our Sales and Marketing Programs to Improve Identification of Potential Demand for Our Products and to Increase the Rate at Which We are Successful in Selling Our Products.

We intend to sustain a high level of execution of our demand generation activities through our marketing group to provide a continuing flow of sales leads to our direct sales personnel and our channel sales partners.  During 2018, our sales and marketing efforts will continue to focus on enabling our channel partners and engaging their customers and prospects. We intend to continue to enhance our partner program to reward our partners who participate in our sales and technical certifications and drive new opportunities for us.  We believe that our marketing, sales and channel demand generation programs will continue to be a primary growth driver for the foreseeable future.
 
We also intend to continue to emphasize ongoing initiatives to elevate our product and corporate profiles and awareness under the GlobalSCAPE, EFT, and EFT Arcus brands. We believe that the transformation of our product lines into a more comprehensive solution architecture will continue to elevate this brand awareness with larger enterprises while still serving the needs of our traditional clients.  We intend to use internal resources as well as outside marketing and communications professionals to support this work.
 
We conduct business with thousands of organizations around the world. We provide solutions to some of the world’s largest manufacturers, distributors, banks, insurance companies, healthcare providers, automakers, film companies and technology providers. Given the breadth and depth of these market opportunities, we believe the effectiveness of a direct sales approach using only our in-house personnel to sell our products is limited by the number of qualified sales people we can hire and the number of prospective clients to whom they can present our products.  As a result, we plan to continue emphasizing expanding our third-party sales channel relationships.


We believe that utilizing and expanding our third-party sales channel relationships allow us to leverage the existing base of sales people in place in those companies and their existing customer relationships. In addition to exposing our products to hundreds, and potentially thousands, of sales people employed by those third-party resellers, our products can benefit from proven sales programs and methodologies in those organizations that are financed and supported by those selling partners.  We believe operating an aggressive channel reseller program provides an opportunity for our products to be presented to a notably larger number of potential buyers and in a more rapid fashion than if we attempted the same effort using only our direct salespersons.  We will continue to expand and enhance our existing channel relationships while at the same time identifying and engaging additional channel partners. Using this approach, we believe we can maintain and expand the exposure for our products in the marketplace in a manner that would probably take several years for us to accomplish on our own.
 
We believe this channel sales program helps us establish and maintain a lower-touch delivery model through which we train these partners to sell and distribute our solutions and provide them sales and marketing tools to support that effort. We utilize this approach to reduce our overall cost of marketing and selling our solutions in areas where it would be costly to establish a presence with our own employees.
 
Software Products and Services

We develop and sell computer software that provides secure information exchange, data transfer, and data sharing capabilities for enterprises and consumers. We have been in business for more than twenty years having sold our products to thousands of enterprises and more than one million individual consumers globally.

Our primary business is selling and supporting MFT software for enterprises. MFT software facilitates the transfer of data from one location to another across a computer network within a single enterprise or between multiple computer networks in multiple enterprises. These transfers may be ongoing, repetitive activities executed by automated software routines that occur without human intervention, or they may be transfers that people create and complete in the absence of automated routines or as a result of ad-hoc, special situations that arise from time-to-time. Examples of enterprise-level activities that rely on MFT software include:

·
Transfer of transactional information within an enterprise on a repetitive basis from one geographic location to another, such as a transfer of deposit and withdrawal information throughout the day from a branch of a bank to a central data processing center at another location.
·
Movement of accumulated information within an enterprise from one data processing application to another on a periodic basis, such as a transfer of bi-weekly payroll information from a payroll system that is used to pay employees to a job cost system that is used to manage the cost of a project.
·
Exchange of information between enterprises to facilitate the completion of one or more business transactions, such as a retailer transmitting inventory purchasing requirements produced by its material requirements planning system to an order entry system at a supplying vendor.

We earn over 90% of our revenue from the sale of MFT products and services that are part of our EFT platform. We have multiple revenue streams from the EFT platform that include:

·
Perpetual software licenses under which customers pay us a one-time fee for the right to install our products in their information systems environment on computers they manage and either own or otherwise procure from a cloud services provider, including deploying our products at a cloud services provider in a bring-your-own-license, or BYOL, environment. Our brand name for this product is EFT. Historically, most of the revenue we have earned from our EFT platform products has been from sales of EFT perpetual software licenses and related M&S.
·
Cloud-based, SaaS solutions that we sell on an ongoing subscription basis. Through the end of 2017, EFT Cloud was our SaaS offering of the EFT platform which users accessed for a flat monthly subscription fee. In January 2018, we introduced EFT Arcus, our SaaS offering of the EFT platform going forward, for which users will pay a base monthly subscription fee plus an additional variable amount based upon their metered usage of EFT Arcus resources.
·
M&S.
·
Professional services for product installation, integration and training.


We focus on selling our EFT platform products in a business-to-business environment. The majority of the resources we will expend in the future for product research, development, marketing and sales will focus on this product line. We expect to expend minimal resources developing and selling our other products. We believe our EFT platform products and business capabilities are well-positioned to compete effectively in the market for these products. For a more comprehensive discussion of the products we sell and the services we offer, see below.

We earn less than 5% of our revenue from selling other products that can be synergistic to our EFT platform. These products have capabilities that:

·
Support information sharing and exchange capabilities using traditional email systems.
·
Enable enterprise file synchronization and sharing.
·
Enhance the ability to replicate, share and backup files within a wide area network or local area network, thereby allowing users to access their data at higher speeds than possible with most alternate approaches.
·
Support file transfers by individuals and small businesses.

We earn most of our revenue from the sale of our EFT platform products that support business-to-business activities and are strategically focused on selling products in that environment. We intend to expend the majority of our resources in the future for product research and development, marketing, and sales in a manner that concentrates on the business-to-business market. We believe our products and business capabilities are well-positioned to compete effectively in that market.

Some of our products support consumer-oriented file transfers and file sharing. Even though these products are profitable on an overall basis, we anticipate the future resources we will expend related to products sold to consumers and the associated revenue we earn from those products will continue to be a minor part of our business.

Our long-standing vision has been to simply and securely automate the flow of information between people, places and applications. Using that vision as a foundation, in 2018 we introduced a fundamentally new brand identity, logo and narrative that embodies our plan to evolve to being primarily a cloud software and services provider.  EFT Arcus is the foundation of that evolution. In addition, we adopted a new visual identity built upon a new tagline: “Make Business Flow Brilliantly”. Our visual theme now features a shifting background wave of colors representing the perpetual flow of data both within and between enterprises using our technology as a conduit through which the flow of business and the data it creates can be managed, monitored, controlled and viewed in a secure manner.

The following discussion presents a summary description of our specific products and solutions.

Managed File Transfer–EFT Platform

Enhanced File Transfer, or EFT, is the brand name of our core MFT product platform. Our EFT platform products received multiple industry awards in compliance categories in 2017 including the 2017 Golden Bridge awards, the Network Product Guide’s 2017 IT World Awards, and the 2017 Info Security Products Guide Global Excellence Awards.

The EFT platform provides users the ability to securely transmit data from one location to another using any number of files of any size or configuration. It facilitates management, monitoring, and reporting on file transfers and delivers advanced data transfer workflow capabilities to move data and information into, out of, and throughout an enterprise.

The EFT platform provides a common, scalable MFT environment that accommodates a broad family of accompanying modules to provide enterprises with increased security, automation, and performance when compared to traditional FTP-based and email delivery systems. Various optional modules allow users to select the solution configuration most applicable to their requirements for auditing and reporting, encryption, ad hoc and web-based file transfers, operability in or through a DMZ network, and integration with back-end business processes, including workflow automation capabilities.

General features and capabilities of the EFT platform include:

·
State-of-the-art, enterprise-level security when transferring information within or between computer networks as well as for collaboration with business partners, customers, and employees. EFT provides automation that supports effective integration of back-end systems. It has built-in regulatory compliance, governance, and visibility controls to provide a means of safely maintaining information. EFT offers a high level of performance and scalability to support operational efficiency and maintain business continuity. Administrative tools are provided at various levels of granularity to allow for complete control and monitoring of file transfer activities.

·
Transmission of critical information such as financial data, medical records, customer files, vendor files, personnel files, transaction activity, and other similar documents between diverse and geographically separated network infrastructures while supporting a range of information protection approaches to meet privacy and other security requirements. In addition to enabling the secure, flexible transmission of critical information using servers, desktop, and notebook computers and a wide range of network-enabled mobile devices, our products also provide customers with the ability to monitor and audit file transfer activities.
·
Compliance with government regulations and industry standards relating to the protection of information while allowing users to reduce information systems and technologies costs, increase efficiency, track and audit transactions, and automate processes. Our solutions also provide data replication, acceleration of file transfer, sharing/collaboration, and continuous data backup and recovery.
 
Specific capabilities of the EFT platform that we currently highlight while marketing this product include:

·
Secure File Transfers – The EFT platform enables an organization to securely manage file transfers among worldwide offices, clients, and partners using industry-standard Internet protocols such as HTTP, HTTPS, FTP, FTPS, SFTP, and AS2. It provides the flexibility needed to meet the specific requirements of vendors, business partners, and customers.
·
Increased Efficiency of Information Technology Operations with File Transfer Automation - Automation allows data delivery without manual intervention thereby saving time and avoiding potential errors. The EFT platform streamlines business processes without limitations imposed by legacy systems and applications. Its automation capabilities set it apart from every other MFT solution on the market.
·
Transmission of Large Files over Large Distances with File Transfer Acceleration - High latency and bandwidth issues are often a major obstacle for organizations that need to transfer large files over great distances. Without solutions for these issues, organizations can fail to meet service level commitments, miss critical deadlines or be forced to travel with, or ship, hard copies of data. The EFT platform can increase the speed at which information is transmitted over large geographical distances.
·
Improved Uptime for Critical File Transfer Processes – The EFT platform can be deployed in an active-active, highly available cluster. The EFT platform is scalable so as to provide the flexibility to increase throughput or ensure non-stop uptime of business critical systems.
·
Integration with Popular Authentication Measures – The EFT platform provides support for easy-to-use authentication methods, including smart card, single sign-on, and multi-factor authentication options.
·
Meeting Compliance Mandates for MFT Systems – The EFT platform helps our customers achieve the highest levels of compliance with government and corporate security policies and privacy regulations, such as PCI DSS, FIPS 140-2, HIPAA, and the Sarbanes-Oxley Act of 2002 in a manner that can protect sensitive and mission-critical data.

During 2017, we continued to improve the features and capabilities of the EFT platform and announced several product upgrades that included:
 
·
EFT Insight, a new reporting platform to strengthen data governance and provide near real-time visibility into business critical data flows and exchanges.
·
Cloud storage support capabilities with the Remote Agent Module and Cloud Connector Module.
·
Expanded support for High Availability capabilities.
·
New Workspaces features.
·
Enhanced Web Transfer Client user access to improve user experience.
·
Improved SFTP security setting configuration to enable more visibility into security settings and help administrators ensure compliance.
·
New automation and security features.

We expect to continue enhancing the EFT platform with capabilities that improve its speed and responsiveness of performance, provide additional administration flexibility supporting cross-platform implementation with our DMZ Gateway solution, offer more robust reporting capabilities, and provide additional language support.


EFT Platform – Delivery Offerings

Our customers can purchase the capabilities of our EFT platform in two ways:

·
Under a perpetual software license for which they pay a one-time fee and under which they typically install our product on computers that they own and/or manage. The EFT platform purchased in this manner can also be used in a bring-your-own-license environment hosted by major cloud providers such as Amazon Web Services or Microsoft Azure. Almost all customers who purchase a perpetual license to use the EFT platform also purchase an M&S contract for which they pay us a recurring fee that is typically 20% to 30% of the perpetual license fee per year.
·
As a software-as-a-service, or SaaS, under which the customer pays us monthly subscription and usage fees to access the capabilities of the EFT platform in the cloud. Our brand name for this product is EFT Arcus. We introduced this product in January 2018. We have not yet earned significant revenue from the SaaS offering of our EFT platform.

EFT Arcus

While we currently earn most of our EFT platform revenue from sales of perpetual licenses combined with an M&S contract, we recognize that a major shift toward a SaaS environment is underway in the marketplace. For this reason, we are increasingly emphasizing the ongoing development, enhancement and marketing of EFT Arcus. Key features of EFT Arcus include:

·
Consumption-based pricing that allows customers to pay only for the capacity and throughput they use.
·
No long-term contractual commitment.
·
Automatic scalability to accommodate varying workloads to mitigate concerns about capacity planning.
·
A single tenant environment that allows each customer to have a private deployment.
·
On-the-fly upgrades.
·
Data encrypted while at rest.
·
A minimum service level commitment of 99.9%.

The features and functions of EFT Arcus are most similar to those of our EFT Enterprise product for which our customers can purchase a perpetual license for on-premise installation. With few exceptions, EFT Arcus offers the same features and functions as EFT Enterprise.

We host and deploy EFT Arcus on Microsoft Azure. It provides our customers with a global platform on which to use EFT Arcus and offers the infrastructure security, compliance and redundancy features required by many customers. Microsoft Azure provides our customers with geo-redundant storage which replicates data to a secondary region that is geographically distant from the primary region.

For the first 24 to 36 months that a customer subscribes to EFT Arcus, we believe that its cumulative cost of ownership will typically be less than its total cost of purchasing an EFT platform perpetual license combined with an M&S contract. Accordingly, we expect the revenue we earn during that period from an EFT Arcus customer will be less than the revenue we would earn from that same customer during that same period if it purchased a perpetual license with an M&S contract. However, we believe thereafter and over the long term, the cumulative, recurring revenue stream we will earn from an EFT Arcus customer will exceed what we would have otherwise earned from the sale of a perpetual license combined with an M&S contract.

Prior to the release of EFT Arcus, we delivered our EFT platform SaaS products under the EFT Cloud brand name. The primary difference between EFT Arcus and EFT Cloud is that EFT Arcus provides enhanced flexibility and scalability through a consumption-based billing model that allows customers to pay only for the capacity and through-put they use. EFT Cloud was based upon a flat-rate billing model. Legacy subscribers to our EFT Cloud service will be allowed to continue under that arrangement indefinitely while we introduce them to EFT Arcus.

Customers subscribing to EFT Arcus may deem that controls pertaining to EFT Arcus are relevant to their internal control over financial reporting. In that case, a customer may request us to provide them our management description of a service organization’s system and a service auditor’s report on that description and on the suitability of the design and operating effectiveness of controls (commonly referred to as a SOC Type 1 or SOC Type 2 report prescribed under SSAE 18 issued by the American Institute of Certified Public Accountants). Currently, we rely on our third-party service provider who hosts EFT Arcus for that report as it pertains to controls they have in place. We do not presently have this report in place with respect to controls that we design, implement and manage at GlobalSCAPE. We are currently assessing the work necessary to provide such a report. The absence of this report could cause certain potential customers to choose not to subscribe to EFT Arcus.


The revenue we earned from our EFT platform SaaS products was not a material part of our total revenue in 2017 and 2016.

EFT SMB and Enterprise

For customers who desire to purchase a perpetual license, we offer two product editions based on the EFT platform, EFT SMB and EFT Enterprise.

EFT SMB is the edition for small-to-medium businesses who need MFT capabilities with basic features and functions but still desire to take advantage of automated data exchange, military-proven security, and infrastructure stability. As the customer’s needs expand over time, it can purchase add-on modules as-needed to enhance the capabilities of its EFT SMB solution.

EFT Enterprise is suitable for organizations with complex and mission-critical file transfer requirements. This edition of the EFT platform provides access to additional capabilities including:

·
Business activity monitoring.
·
Content integrity control.
·
Advanced workflow to build automated actions.
·
Advanced authentication.
·
Remote agent.
·
Cloud connectivity.

Secure Information Sharing and Exchange Solution – Mail Express
 
Mail Express provides secure information sharing and exchange capabilities leveraging traditional email workflow. It is a stand-alone product installed in a client-server environment that allows users to send and receive secure, encrypted email and attachments of virtually unlimited size. Mail Express was a Bronze Winner in Email Security and Management by Network Products Guide’s 2016 IT World Awards.

To broaden the appeal and capabilities of Mail Express, we continue to develop and add functionality that integrates the features of Mail Express into the EFT platform through the Workspaces Outlook Plugin. This integration takes the superior control, visibility and monitoring capabilities of the EFT platform and makes them available to administrators and users in an email environment. The Workspaces Outlook Plugin combines the technology and features available in Mail Express with the functionality of Workspaces and integrates them directly into EFT Enterprise.

We will continue to offer Mail Express as a stand-alone product and provide M&S services to customers who purchased Mail Express in the past and who purchase it in the future. We do not expect to expend significant resources in the future expanding the features and capabilities of Mail Express as a standalone product.

Wide Area File Services Solution - WAFS
 
WAFS uses data synchronization to further enhance the ability to replicate, share and backup files within a wide area network or local area network, thereby allowing users to access their data at higher speeds than possible with most alternate approaches. The software uses byte-level differencing technology to update changes to files with minimal impact on network bandwidth while also ensuring that files are never overwritten, even if opened by other remote users. Other key features of WAFS include native file locking, replication to multiple locations simultaneously, adherence to access control list file permissions, and full UTF-8 support.

We will continue to offer WAFS as a stand-alone product and provide M&S services to customers who purchased WAFS in the past and who purchase it in the future. We do not expect to expend significant resources in the future expanding the features and capabilities of WAFS.

File Transfer Solution for Consumers - CuteFTP 

CuteFTP is our original product introduced in 1996. It is a file transfer program generally used by individuals and small businesses. It remains popular today and generates incremental revenue for us at a relatively low cost.
 

CuteFTP continues to have significant brand recognition in the market.  Our current CuteFTP Version 9 introduced several notable new features including:

·
Support for Unicode (UTF-8) characters that allows greater international use.
·
Web Distributed Authoring and Versioning (WebDAV) support to facilitate collaboration between users in editing and managing documents and files stored on World Wide Web servers.

Version 9 simplified our CuteFTP product line by consolidating all the features of our previous multi-product CuteFTP product line for Windows operating systems into this single version. We continue to offer CuteFTP Version 3.1 software for Mac platforms. We believe current versions of CuteFTP appeal to users wanting features more robust than offered in free alternatives such that it will be a product competitive in the marketplace for the foreseeable future.
 
We will continue selling CuteFTP as a stand-alone product and providing M&S services to customers who purchased CuteFTP in the past and who purchase it in the future but we will not invest significantly in marketing the product. We do not expect to expend significant resources in the future expanding the features and capabilities of CuteFTP.

Professional Services
 
We offer a range of professional services to complement our on-premises and SaaS solutions. These professional services include product configuration and system integration, solution “quickstart” implementations, business process and workflow refinement, policy development, education and training, and solution health checks. In addition, we may provide longer-term engineering services, including supporting multi-year contracts, if necessary, to support certain solution implementations and integrations. 
 
Maintenance and Support
 
We offer M&S contracts to licensees of all of our software products. These M&S contracts entitle the licensee to software upgrades and technical support services in accordance with the terms of our M&S contract.  Standard technical support services are provided via email and telephone during our regular business hours.  For certain of our products, we offer a Platinum M&S contract which provides access to emergency technical assistance 24 hours per day, 7 days a week.
 
Most of our M&S contracts are for one year although we also sell multi-year contracts. M&S is purchased by substantially all buyers of our EFT platform products as well as by many customers who purchase our other products. Customers with M&S contracts pay us a recurring, annual amount that is typically 20% to 30% of the software license price. A majority of our customers with M&S contracts renew them each year.
 
In 2017, we earned 61% of our revenue from M&S contracts. Sustaining that revenue stream is dependent upon our ability to continue selling new licenses for which customers purchase M&S services and to sustain a high renewal rate for existing M&S contracts.

Sales and Marketing

With the release of EFT Arcus, our next generation SaaS product, we continue to evolve towards becoming a cloud services company.  While we will continue to offer our products under perpetual licenses for our customers who want to install software on their premises and manage it themselves, we believe the market and the perspectives of our customers are quickly moving toward them demanding for their consideration the availability of a SaaS offering delivered from the cloud.

Our long-standing vision has been to simply and securely automate the flow of information between people, places and applications. Using that vision as a foundation, in 2018 we introduced a fundamentally new brand identity, logo and narrative that embodies our evolution to a cloud software and services provider. Our objective is to present ourselves as a cloud services company.

We conducted extensive interviews with and gathered feedback from customers in the marketplace as well as our own team members and shareholders. This input resulted in our adopting a new visual identity built upon a new tagline: “Make Business Flow Brilliantly”. We adopted a visual theme with a shifting background wave of colors representing the perpetual flow of data both within and between enterprises using our technology as a conduit through which the flow of business and the data it creates can be managed, monitored, controlled and viewed in a secure manner.


We emphasize developing our direct sales staff and reseller channel to capture sales through a high level of individual attention to the customer.  We provide our sales staff and resellers with training and professional development opportunities to ensure they are capable of meeting the needs of our prospects and customers. These sales team development activities focus on technical and process-oriented topical areas to enhance their ability to identify prospects, best position our solutions and develop pipeline opportunities into sales.

We believe our reseller and distributor channel relationships allow us to leverage those third-party resources to increase our market penetration. We have established such relationships throughout the world and across industry lines. In particular, we are focused on growing our domestic reseller channel.

Our marketing efforts focus on building brand awareness and capturing demand for our solutions. We take a two-pronged approach that includes a blend of digital and channel marketing. Through our digital marketing initiatives, we have invested heavily in content syndication programming, resulting in outbound targeted campaigns that more effectively reach the right audience with white papers, case studies and competitor comparisons. We also conduct ongoing search-engine optimization techniques and Pay Per Click advertising to enhance our ranking for particular key words in search results of major search engines. We continue to invest in channel marketing through programs designed to recruit and enable our target partners in a manner that creates joint initiatives that drive demand through them for our products. In addition, we are using our technology to meet the customer where they are shopping with placement in the Amazon Web Services and Azure marketplaces.

Our corporate website is www.globalscape.com . It provides a variety of sales and marketing information for our enterprise solutions as well as an ability to purchase some of our products online. We continually update the design of our websites to be responsive to the evolving marketplace and to provide a more solution-oriented perspective of our business, improve site navigation and provide additional opportunities for visitors to contact us through the websites.
 
Customers
 
We have sold our solutions throughout the world to individuals and enterprises ranging from SMBs to Fortune 100 companies. In order to leverage the resources of third parties, we make our products available for purchase by end users through third-party, channel resellers even though end users can also purchase those products directly from us. During 2017 and 2016, we earned a total of 29% and 39%, respectively, from resellers and approximately 14% of our revenue from such sales through our largest, third-party channel reseller. Although we believe that we are not substantially dependent on this distributor, if it were to experience a significant disruption of its business or if our relationship with it were to significantly deteriorate, it is possible that our ability to sell to end users would be, at least temporarily, negatively impacted. We believe that such termination would not have a material adverse effect on us because we have engaged, or believe that we would be able to engage, alternative distributors, resellers and other distribution channels to deliver our products to end-customers shortly following the termination of any agreement with any distributor.

We derive a significant portion of our revenue from risk averse and/or regulated commercial customers in North America and throughout the world. Our primary commercial vertical markets include finance, health care, energy, retail, manufacturing, and engineering. We also have a customer base in the local, state, and federal government spaces. We continue to pursue additional government business by leveraging our certifications and industry validations.
 
Seasonality
 
Our products are marketed to individuals, SMBs and large organizations. As a result of this mix within our customer base, we typically have not experienced significant seasonality in our sales other than a typical modest decline from time-to-time in first quarter sales as compared to sales in the preceding fourth quarter. We believe this sales profile is related to our continued growth as an enterprise solution provider operating in an environment where first quarter sales possibly slow as prospective customers begin to execute their business activities, including purchases of our solutions, in accordance with new-year budgets and plans.

As a result of customer buying patterns and the efforts of our sales force and channel partners to meet or exceed their sales objectives, we have historically received a substantial portion of orders from our customers and generated a substantial portion of revenue during the last few weeks of each quarter. If a delay in an expected order for our products occurs near the end of a quarter this could result in revenue we expected to earn in that period being delayed until a subsequent quarter.

Network and Equipment
 
We conduct business through various Tier 1 Internet services providers.  Our arrangements provide for redundancy in the event of a failure and for expansion of available bandwidth in the event there is a dramatic increase in demand.  To protect critical customer data, our online shopping cart utilizes SSL encryption. We maintain technical and physical measures and procedures compliant with the PCI DSS. We use a certified Approved Scanning Vendor for security scans and PCI scan attestation.

We have dedicated servers on and off site and expansion plans in place to allow rapid and cost effective scalability.  Our offsite servers and data backup procedures provide a warm backup to our onsite servers for contingency purposes.  The backups are performed in accordance with our disaster recovery plan.

We rely on unrelated third parties to host on their computers our EFT Arcus product that we deliver to our customers under a SaaS model. We have contracts and/or service agreements in place with those third parties that we believe provide us the ability to continue delivering those products without interruption.
 
Research and Development
 
The technology industry is characterized by rapid technological change in computer hardware, operating systems and software. Our customers’ requirements and preferences rapidly evolve, as do their expectations of the performance of our software. To keep pace with these changes, we maintain an ongoing program of new product development to remain competitive and to address demands in the marketplace for our products.

Our internal software engineers are responsible for creating and building our software products. They do so by combining their expertise with input from our sales, marketing and product management groups as to market trends and needs. Our software engineers design and write software and manage its testing and quality assurance. We utilize third-party software developers both domestically and overseas working under our supervision to supplement our software engineers. Using these external software developers in a strategic manner allows us to access highly-skilled labor pools, maintain a 24-hour development schedule, decrease time to market, and minimize programming costs.

All phases of research and development, or R&D, including scope approval, functional and implementation design, object modeling and programming, are subject to extensive internal quality assurance testing.  We maintain an ongoing focus on improving our quality assurance testing infrastructure and practices. Technical reporting and customer support feedback from customers confirm the continuing positive effect of our ongoing enhancement of research and development and quality assurance processes.

Our EFT Arcus product is hosted by third-party cloud services providers. We are reliant upon those third parties, such as Microsoft Azure, for the continued development and enhancement of their cloud services infrastructures on which our products are hosted. We do not perform significant research and development of cloud services infrastructures using our own personnel.

Our R&D expenditures profile has been as follows ($ in thousands):

   
Year ending December 31,
 
   
2017
   
2016
 
R&D expenditures expensed
 
$
3,128
   
$
2,571
 
R&D expenditures capitalized
   
1,926
     
1,538
 
Total R&D expenditures
 
$
5,054
   
$
4,109
 

Total resources expended for R&D (set forth above as total R&D expenditures) illustrate our total corporate efforts to improve our existing products and to develop new products regardless of whether our expenditures for those efforts were expensed or capitalized. Total resources expended for R&D is not a measure of financial performance under United States generally accepted accounting principles, or GAAP, and should not be considered a substitute for R&D expense (set forth above as R&D expenditures expensed) and capitalized software development costs (set forth above as R&D expenditures capitalized) individually. While we believe the non-GAAP, total resources expended for R&D amount provides useful supplemental information regarding our overall corporate product improvement and new product creation activities, there are limitations associated with the use of this non-GAAP measurement. Total resources expended for R&D is a non-GAAP measurement not prepared in accordance with GAAP and may not be comparable to similarly titled measures of other companies since there is no standard for preparing this non-GAAP measurement. As a result, this non-GAAP measurement of total resources expended for R&D has limitations and should not be considered in isolation from, or as a substitute for, R&D expense and capitalized software development cost individually.


Substantially all of our R&D expenditures relate to our EFT platform products with a relatively minor level of these expenditures being related to our other products. We expect to increase our research and development activities in future years as we focus on improving our current products and introduce new products.
 
Competition
 
The managed file transfer software market sector is highly competitive, subject to rapid change, and significantly affected by new product introductions and other activities of market participants.

The software industry has limited barriers to entry. The availability of computing power with continually expanding performance at progressively lower prices contributes to the ease of market entry. The software market is characterized by vigorous competition in each of the vertical markets in which we compete both from existing competitors and by entry of new competitors with innovative technologies. Competition is increasingly enhanced by consolidation of companies with complementary products and technologies and the possibility that competitors in one vertical segment may enter other vertical segments that we serve. Some of our competitors in certain markets have greater financial, technical, sales, marketing and other resources than we do. Because of these and other factors, competitive conditions in these industries are likely to continue to intensify in the future. Increased competition could result in price reductions, reduced net revenue and profit margins and loss of market share, any of which could harm our business. See “Risk Factors – Risks Related to Our Operations” for further discussion of risks regarding competition.

We believe that our future results depend largely upon our ability to better serve customers by offering new products whether by internal development or acquisition. We also believe we must continue to provide existing product offerings that compete favorably with respect to ease of use, reliability, performance, range of useful features, continuing product enhancements, reputation, price and training.

There is limited information regarding the market shares of our solutions in their respective categories.  Many of our competitors have substantially greater financial, technical, sales, marketing, personnel, and other resources, as well as greater name recognition and a larger customer base than we do. Significant competition characterizes the markets for our traditional MFT products. We anticipate we will continue to face increasing pricing pressures from competitors in the future. Given that there are low barriers to entry into the software market and that the market is subject to rapid technological change, we believe that competition will persist and intensify in the future.  For more discussion on the risks associated with our competition, see “Risk Factors — Risks Related to Our Operations”.

EFT Platform Products.  Our EFT Enterprise and EFT Arcus products compete against a number of secure, Windows-based FTP servers.  We believe our primary competitors are IBM, Axway, Accellion, Ipswitch, BMC, Cleo, Acronis, Signiant, Serv-U, and JSCAPE.  We believe the features and functions of our products are competitive with those of other MFT providers. In particular, we believe the ease of installation and use of our products combined with a competitive price well-position us to compete effectively in the MFT market.

We do not offer a Linux version of our EFT platform. Accordingly, we do not compete in environments in which the customer needs an MFT product that operates in a Linux operating system environment.

Delivering MFT products through a cloud-based, SaaS offering is a rapidly evolving sector of the markets in which we compete. Many of our MFT competitors are also introducing SaaS products. The nature of the SaaS delivery model lowers the barriers to entry into this market such that we expect competition in this area to intensify in the future.

CuteFTP.  CuteFTP exists in a highly competitive environment with numerous FTP software utilities available on the Internet for both the personal and professional user.  CuteFTP is positioned as one of the only secure FTP client programs that support a wide range of security standards related to the FTP protocol. We believe our primary competitors are consumer file transfer solutions sold by Ipswitch, Serv-U and Van Dyke Software, Inc.  CuteFTP was an early Windows-based FTP client to market and historically has been among the most frequently downloaded FTP clients on popular download sites.

WAFS.  WAFS competes in the wide area file services/storage market.  We believe our primary competitors are Panzura and Peer Sync, each of which is delivering proprietary appliances.  We believe that WAFS has the advantage of being a software-only solution which leverages corporate infrastructure and minimizes the total cost of ownership.


Mail Express.  Mail Express competes in areas of the file transfer market associated with email attachment offloading.  We believe our primary competitors are Leapfile, Zix, and Biscom.  Mail Express has the advantage of centralized policies for outbound file attachments and a transparent end-user experience, which allows for rapid customer deployments. Mail Express also has the benefit of integration with our most recent EFT release which provides customers with a more uniform administration experience for email attachment offloading and traditional MFT operations.
 
Governmental Regulation
 
Export Control Regulations.  All of our products are subject to U.S. export control laws and applicable foreign government import, export and/or use requirements.   The level of control generally depends on the nature of the goods and services in question. For example, the level of control is impacted by the nature of the software and encryption incorporated into our products.  Where controls apply, the export of our products may require an export license or authorization or that the transaction qualifies for a license exception or the equivalent, and may also be subject to corresponding reporting requirements.  For the export of some of our products, we may be subject to various post-shipment reporting requirements.  Minimal U.S. export restrictions apply to all of our products, whether or not they perform encryption functions.   Additionally, because we are a Department of Defense contractor, there are certain registration requirements that may be triggered by our sales.  In addition, certain of our items and/or transactions may be subject to the International Traffic in Arms Regulations (ITAR) if our software or services are specifically designed or modified for defense purposes.  Companies engaged in manufacturing or exporting ITAR-controlled goods and services (even if these companies do not export such items) are required to register with the U.S. State Department.

Enhancements to existing products may, and new products will, be subject to review under the Export Administration Act to determine what export classification they will receive. In light of the ongoing discussions regarding anti-terrorism legislation in the U.S. Congress, there continues to be discussions regarding the correct level of export control. Export regulations may be modified at any time. Modifications to the export regulations could reduce or eliminate our ability to export some or all of our products from the U.S. without a license in the future, which could put us at a disadvantage in competing for international sales compared to companies located outside of the U.S. that would not be subject to these restrictions.  Modifications to the export regulations could prevent us from exporting our existing and future products in an unrestricted manner without a license or make it more difficult to receive the desired classification. If export regulations were to be modified in such a way, we may be put at a competitive disadvantage with respect to selling our products internationally.  We are working on enhancing our systems to address the impact of these regulations on our products and services and understand the need to comply.  We will complete technical reviews on any new products that we acquire or develop that may be subject to these regulations before we can export them.

Privacy Laws.    As our business evolves to incorporate more cloud and SaaS solutions, we will receive, transmit, and store a greater volume and diversity of information. As a result, we may be subject to various international, federal and state regulations regarding the treatment and protection of personally identifying and other regulated information. Applicable laws may include, without limitation, U.S. federal laws and implementing regulations such as the GLBA and HIPAA, as well as state laws and regulations, and international laws and regulations including the European Union General Data Protection Regulation, or the GDPR, which replaced the European Union Data Protection Directive in May 2018. Additionally, some of these laws have requirements on the transmittal of data from one jurisdiction to another. In the event our systems are compromised by an unauthorized party, many of these privacy laws require that we provide notices to our customers whose personally identifiable data we reasonably believe may have been compromised. Additionally, if we transfer data in violation of these laws, we could be subjected to substantial fines. To mitigate the risk of compromised information, we use encryption and other security to protect our databases. We also have adopted policies to comply with the GDPR in the European Union.
 
Intellectual Property
 
We regard some of the features of our internal operations, our software, our brands and marketing message, and our documentation as proprietary and rely on copyright, patent, and trademark and service mark laws and trade secret protection, such as confidentiality procedures, contractual arrangements, non-disclosure agreements and other measures to protect our proprietary information. Our intellectual property is an important and valuable asset that enables us to gain recognition for our products, services, and technology and enhance our competitive position and market value.

As part of our confidentiality procedures, we enter into non-disclosure agreements with our employees and independent contractors, resellers, and corporate partners. We enter into license or subscription services agreements with respect to our software, documentation, and other proprietary information. Our standard license agreements are transferable only in limited circumstances and have a perpetual term. Our subscription services agreements for our hosted and managed solutions restrict access and have a definite term. We also educate our employees on trade secret protection and employ measures to protect our facilities, equipment, and networks.


Our trademarks and copyrights are central to our business. We have the following trademarks in the United States:
 
·
GlobalSCAPE®, CuteFTP®, CuteFTP Pro®, DMZ Gateway®, EFT Cloud Services ®, GlobalSCAPE Securely Connected®, and Mail Express® are registered trademarks of GlobalSCAPE, Inc.  
·
Secure FTP Server™, Wide Area File Services™, WAFS™, CDP™, Advanced Workflow Engine™, AWE™, EFT Server™, EFT Workspaces™,  EFT Insight™, Enhanced File Transfer™, Enhanced File Transfer Server™, Secure Ad Hoc Transfer™, SAT™, EFT Server Enterprise™, Enhanced File Transfer Server Enterprise ™, Desktop Transfer Client™, DTC™, Mobile Transfer Client™, MTC™, Web Transfer Client™, Workspaces™, Accelerate™, WTC™, Content Integrity Control™, Advanced Authentication™, AAM™,  and scConnect™ are trademarks of GlobalSCAPE, Inc. 
·
TappIn® and design are registered trademarks of TappIn, Inc., our wholly-owned subsidiary.
·
TappIn Secure Share ™, Social Share ™, Now Playing ™, and Enhanced A La Carte Playlist™ are trademarks of TappIn, Inc., our wholly-owned subsidiary.

In addition to the United States trademarks listed above, we have trademarks registered in Canada and the European Union for GlobalSCAPE. We have obtained United States copyright registrations for all but the most recent versions of our software applications.  We have two patents in the United States.

Despite our efforts to protect our proprietary rights, unauthorized parties may attempt to copy aspects of our products or to obtain and use information that we regard as proprietary.  Policing unauthorized use of our products, which are licensed by the thousands and sold world-wide, is difficult.  While we are unable to determine the extent to which piracy of our software products exists, software piracy is a persistent problem.  In selling our products, we rely primarily on click-wrap licenses which are not signed in writing by licensees and may be unenforceable under the laws of certain jurisdictions.  Additionally, our new offerings through Microsoft Azure require the platform to present the applicable licensing terms and if we cannot prove that a licensee received the intended notice of the license terms, we may have difficulty enforcing the applicable agreements. The laws of some foreign countries do not protect our proprietary rights to as great an extent as do the laws of the United States.  Companies in the software industry, and other patent and trademark holders seeking to profit from royalties in connection with grants of licenses, own large numbers of patents, copyrights, trademarks, service marks, and trade secrets and frequently enter into litigation based on allegations of infringement or other violations of intellectual property rights.  We have received, and may receive in the future, communications from third parties asserting that our products infringe, or may infringe, the proprietary rights of third parties, seeking damages resulting from such infringement or indicating that we may be required to obtain a license from or pay a royalty to, such third parties.  For more discussion on the risks associated with our intellectual property, you should read the information under “Risk Factors,” especially “Risks Related to Intellectual Property.”
 
Employees
 
Our number of employees is as follows:

   
March 1,
 
Department
 
2018
   
2017
 
Sales and Marketing
   
60
     
47
 
Engineering
   
28
     
33
 
Professional Services
   
6
     
14
 
Customer Support
   
23
     
20
 
Management and Administration
   
20
     
19
 
Total
   
137
     
133
 

None of our employees are covered by collective bargaining agreements. We believe our employee relations are good.
 
Investigation
 
On August 7, 2017, GlobalSCAPE announced that the Audit Committee, assisted by outside legal counsel and independent forensic accountants, had been conducting an investigation into certain transactions in the fourth quarter of 2016. We have since publicly disclosed multiple updates regarding the Investigation. The Investigation, which is now complete, identified  transactions which were recorded inconsistently with the Company’s stated revenue recognition policies and criteria as described in our discussion of our significant accounting policies in Note 2 to our consolidated financial statements in Part II, Item 8 below.


Subsequent to the announcement of the Investigation on August 7, 2017, the Audit Committee and management identified additional transactions which occurred during fiscal year 2016 in which revenue was recorded inconsistently with the Company’s stated revenue recognition policies and criteria including:

·
Transactions in which license activation keys did not appear to have been delivered to the customer in the period in which the sale was recorded;
·
Transactions appearing to contain side deal terms negotiated with customers but not reflected in the underlying sales documentation;
·
Transactions in which a sale was recorded although the customer had not yet responded to the Company’s request to provide a commitment to purchase;
·
Transactions in which a sale was made to a reseller whereby collection was not reasonably assured due to payment or other nonstandard terms not consistent with the Company’s revenue recognition policy;
·
Transactions in which there was either no purchase order or a purchase order dated after the date of the end of the period for which revenue had been previously recognized; and
·
One transaction which included incorrect vendor specific objective evidence allocation.

Additionally, management adjusted our consolidated financial statements as of and for the years ended December 31, 2016 and 2015 to account for immaterial misstatements. These changes in our consolidated financial statements as of and for the year ended December 31, 2015 were in addition to the changes previously disclosed in our original Annual Report on Form 10-K for the year ended December 31, 2016, filed March 27, 2017, as a result of changes in accounting methods and in the classification and presentation of our business activities in our consolidated financial statements.

As a result of the Investigation and management’s analysis, we restated (i) our consolidated financial statements as of and for the years ended December 31, 2016 and 2015 and (ii) our condensed consolidated financial statements as of and for the three months ended March 31, 2017.
 
Available Information
 
We file annual, quarterly and current reports, proxy statements and other information with the Securities and Exchange Commission. You may read and copy any document we file with the SEC at the SEC’s public reference room at 100 F Street, NE, Room 1580, Washington, D.C. 20549. Please call the SEC at 1-800-SEC-0330 for information on the public reference room. The SEC maintains an Internet web site that contains annual, quarterly and current reports, proxy statements and other information that issuers (including GlobalSCAPE) file electronically with the SEC. The SEC’s web site is www.sec.gov.  Our Annual Reports on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K and other reports and amendments filed with the Securities and Exchange Commission are available free of charge on our web site at www.globalscape.com in the Investor Relations section as soon as practicable after such reports are filed.  Information on our website is not incorporated by reference into this Form 10-K and should not be considered part of this report or any other filing that we make with the SEC.
 
Item 1A. Risk Factors
 
We have described below risks we are aware of that could have a material adverse effect on our business, financial results of operations and financial condition and the value of our stock owned by our stockholders.

Risks Related to Our Operations

A significant portion of our revenue is generated through maintenance and support services. Decreases in maintenance and support sales or renewal rates, or a decrease in the number of new licenses we sell, will negatively impact our future revenue and financial results.

Revenue from maintenance and support services, or M&S, we provide our customers comprised 61% and 57% of our total revenue in 2017 and 2016, respectively. We earn M&S revenue from new M&S contracts, typically sold with new software licenses, and from renewals of such contracts. Any reduction in the number of new software licenses that we sell, or a reduction in sales of associated initial M&S contracts, therefore may have a long-term negative impact on our future M&S revenue, even if our customers continue to renew M&S contracts at historical rates. This situation, in turn, would impact our business and harm our financial results.


Our customers have no obligation to purchase M&S with their initial software license or to renew their M&S contract after the expiration of their initial M&S period, which is typically one year, but may also be for two or three years.  Our customers’ purchases of M&S, and our renewal rates, may decline or fluctuate as a result of a number of factors, including the overall global economy, the health of their businesses, and the perceived value of the M&S program.  If our customers do not purchase M&S with their initial software license or do not renew their M&S contract for our products, our M&S revenue will decline and our financial results will suffer.  In addition, customers are generally entitled to a reduced annual maintenance fees for entering into long-term maintenance contracts, i.e. those contracts with a term longer than one year. Declines in our license sales, increases in the proportion of long-term maintenance contracts and/or increased discounting could lead to declines in our M&S revenue growth rates. Should customers migrate away from systems and applications which our products support, utilize alternatives to our products, including solutions offering free maintenance, or become dissatisfied with our maintenance services, increased cancellations could lead to declines in our maintenance revenue.

Our business and growth depend on our ability to obtain M&S renewals from existing customers. A decline in the percent of our M&S contracts that are renewed could adversely affect our future operating results.

A substantial portion of our annual M&S revenue is attributable to M&S contracts entered into during previous periods.  As a result, if there is a decline in the renewal rate of M&S contracts in any particular period, it is possible that only a small portion of the decline will be reflected in our M&S revenue recognized in that period and the remainder will be reflected in our M&S revenue recognized in subsequent periods. Our customers’ renewal rates may decline or fluctuate as a result of a number of factors including customer dissatisfaction with our products’ functionality, features or performance, the level and quality of our M&S services, or our pricing. Renewal rates may also change due to competitors’ product offerings, customers converting to in-house developed solutions, customers’ inability to continue their operations and spending levels, migration path issues for new versions of our products, and other factors, a number of which are beyond our control. Our customers have no obligation to renew their M&S contracts after the expiration of the initial term, and they may elect not to renew their M&S or to reduce the product quantity covered under their M&S contracts, thereby potentially reducing our future revenue. A decline in the renewal rate of M&S contracts may also result in a decrease in deferred revenue on our balance sheet as of the end of the period in which the decline in renewals occurred which, in turn, could result in a decrease in our future revenue.  For more information, see Item 7, “Management’s Discussion and Analysis of Financial Condition and Results of Operations”.

If we are unable to develop, offer and deliver new and enhanced products and services that achieve widespread market acceptance, or if we are unable to continually improve the performance, features, and reliability of our existing products and services, our business and operating results could be adversely affected.

Rapid technological changes, as well as changes in customer requirements and preferences, characterize the software industry.  Just as the transition from mainframes to personal computers transformed the industry, we believe our industry will continue to transform in response to continued adoption of mobile devices and cloud-based SaaS, growth of big data, and potential emergence of capabilities resulting from disruptive innovation.  In response, we have devoted significant resources to the development of new solutions, such as our SaaS solutions. We are making such investments through our internal efforts, including further development and enhancement of our existing products, as well as through potential acquisitions of new product lines.  Innovation, new product development or acquisition, and go-to-market activities involve a significant commitment of time and resources and are subject to a number of risks and challenges including:

Developing, sustaining, and appropriately leveraging market intelligence to identify areas of market need that offer potentially high return on investment for solution development.
Managing the length of the development cycle for new products and product enhancements which may be longer than originally expected.
Adapting to emerging and evolving industry standards and to technological developments by our competitors and customers.
Addressing the evolution of operating systems and industry platforms that presently may not be served by our existing products.
Entering into new or unproven markets with which we have limited experience.
Managing new product and service strategies, including integrating our various security and file replication technologies, management solutions, customer service, and support into unified enterprise security and file replication solutions.

Incorporating acquired products and technologies acquired through mergers, acquisitions or other relationships with third parties.
Developing or expanding efficient sales channels.
Obtaining sufficient licenses to technology and technical access from operating system software vendors on reasonable terms to enable the development and deployment of interoperable products, including source code licenses for certain products with deep technical integration into operating systems.

Changing purchasing trends such as purchasing through on-line marketplaces such as Amazon Web Services and Microsoft AZURE rather than direct sales or traditional channels.

Investments in new products may not result in sufficient revenue generation to justify their costs or may cause short or long-term harm to our financial results.  For example, customer adoption of our SaaS products may not occur as rapidly as anticipated, or competitors may introduce new products and services that achieve acceptance among our current customers thereby adversely affecting our competitive position, or we may not be successful in future attempts to achieve disruptive innovation.

Our executive management team must act quickly, continuously and with vision due to the rapid speed of changing customer expectations and advancement of technology inherent in the software industry, the extensive and complex efforts required to create useful and widely accepted products, the rapid evolution of cloud computing, mobile devices, and new computing platforms, and the creation of other new technologies. Although we have adopted a strategy that we believe will fulfill these challenges, if we fail to execute properly on that strategy, adapt that strategy as market conditions evolve, or internalize and execute on that strategy, we may fail to meet our customers’ expectations, fail to compete with our competitors’ products and technology, and lose the confidence of our channel partners and employees.  Such circumstances could adversely affect our business and financial performance.

We earn most of our revenue and operating margins from our Enhanced File Transfer licensed software solution suite and related maintenance and support services and, as a result, are highly dependent upon the continued success of this product line.

Our Enhanced File Transfer product platform, or EFT platform, is our MFT solution targeted primarily to the enterprise and small and medium business user environments. Our customers may purchase EFT as an on-premise license or may subscribe to it as software-as-a-service (or SaaS). License (both on-premise and SaaS), M&S, and professional services revenue from this product line was responsible for 95% and 93% of our total revenue in 2017 and 2016, respectively. This product has provided substantially all of our recent revenue growth and most of the operating margin necessary to fund our operations including, most notably, our sales and marketing and research and development activities.  Declines and variability in demand for our EFT products could occur as a result of:

Improved products or product versions being offered by competitors in our markets.
Competitive pricing pressures.
Failure to release new or enhanced versions of the EFT solution on a timely basis or at all.
Technological change that we are unable to address with file transfer products or that changes the way enterprises utilize our products.
General economic conditions.

Due to our product concentration, our business, results of operations, financial condition, and cash flows would be adversely affected by a decline in demand for the EFT solution suite.

The transition from an on-premise to a cloud-based, SaaS subscription business model is subject to numerous risks and uncertainties. 
 
We believe that there will be a continuing shift away from sales of on-premise software licenses to sales of subscriptions for our cloud-based, SaaS solutions, which provide our customers the right to access certain of our software in a hosted environment for a specified subscription period. This shift, and our pursuit of a SaaS strategy, may give rise to a number of risks, including the following:

         
·           
If customers are uncomfortable with cloud-based solutions and desire only perpetual licenses, we may experience longer than anticipated sales cycles and sales of our cloud-based solutions may lag behind our expectations;
          
 
Our cloud-based strategy may raise concerns among our customer base, including concerns regarding changes to pricing over time, service availability, information security of a cloud-based solution and access to files while offline or once a subscription has expired;
       
·           
We may be unsuccessful in maintaining our target pricing, adoption and projected renewal rates;
         
·           
We may select a target price that is not optimal and could negatively affect our sales or earnings; and
       
·           
We may incur costs at a higher than forecasted rate as we expand our cloud-based solutions.

The shift of our customers’ preference to cloud-based, SaaS solutions may also require a considerable investment of technical, financial, legal and sales resources, and a scalable organization. Market acceptance of such offerings is affected by a variety of factors, including but not limited to: security, reliability, scalability, customization, performance, current license terms, customer preference, customer concerns with entrusting a third party to store and manage their data, public concerns regarding privacy and the enactment of restrictive laws or regulations. Whether our business model transition will prove successful and will accomplish our business and financial objectives is subject to numerous uncertainties, including but not limited to: customer demand, renewal rates, channel acceptance, our ability to further develop and scale infrastructure, our ability to include functionality and usability in such solutions that address customer requirements, tax and accounting implications, pricing and our costs. In addition, the metrics we use to gauge the status of our business may evolve over the course of the transition as significant trends emerge.
 
If we are unable to successfully establish our cloud-based solutions and navigate our business model transition in light of the foregoing risks and uncertainties, our results of operations could be negatively impacted.

Cloud-based computing trends present competitive and execution risks.

Customers are transitioning to a hybrid computing environment utilizing various cloud-based software and services accessed via various smart client devices. Pricing and delivery models are evolving and our competitors are developing and deploying cloud-based services for customers. We are devoting significant resources to develop and deploy our own competing cloud-based software and services strategies. While we believe our expertise and investments in software for cloud-based services provides us with a strong foundation to compete, it is uncertain whether our strategies will attract the customers or generate the revenue required to be successful. Delivering our products through cloud-based, SaaS solutions requires that we pay third parties, such as Microsoft Azure, to host our products and make them available to our customers. As a result, we incur ongoing, recurring third-party hosting expenses associated with delivering SaaS solutions that we do not incur with respect to our on-premise license products. These expenses may cause the gross margin we realized from our SaaS software products to be lower than the gross margin we realized from our on-premises software products. Whether we are successful in this new business model depends on our execution in a number of areas, including:

·
Continuing to innovate and bring to market compelling cloud-based services that generate increasing traffic and market share;

·
Maintaining the utility, compatibility and performance of our software on the growing array of cloud computing platforms and the enhanced interoperability requirements associated with orchestration of cloud computing environments; and

·
Successfully deploying our SaaS products on platforms hosted by third-party services upon which we rely for delivery of those computing solutions to our customers.

These new business models may reduce our revenues or operating margins and could have a material adverse effect on our business, results of operations and financial condition.


If the market for cloud-based software develops more slowly than we expect or declines, our business could be materially adversely affected.

The market for cloud-based software is not as mature as the market for on-premise enterprise software, and it is uncertain whether cloud-based software will achieve and sustain high levels of customer demand and market acceptance. Our success will depend to a substantial extent on the widespread adoption of cloud-based software solutions. Many enterprises have invested substantial personnel and financial resources to integrate traditional enterprise software into their businesses and, therefore, may be reluctant or unwilling to migrate to cloud computing. Other enterprises have not elected to move from traditional processes that are not cloud-based to automated cloud-based processes. It is difficult to predict customer adoption rates and demand for our products and services, the future growth rate and size of the cloud-based software market or the entry of competitive applications. The expansion of the cloud-based software market depends on a number of factors, including the cost, performance, and perceived value associated with cloud-based software, as well as the ability of cloud-based software companies to address heightened security and privacy concerns. If we have a security incident or other cloud-based software providers experience security incidents, loss of customer data, disruptions in delivery or other similar problems, which is an increasing focus of the public and investors in recent years, the market for cloud-based applications as a whole, including our offerings, may be negatively affected. If cloud-based software does not achieve widespread adoption, or there is a reduction in demand for cloud-based software caused by a lack of customer acceptance, technological challenges, weakening economic conditions, increasing security or privacy concerns, competing technologies and offerings, decreases in corporate spending or otherwise, it could result in decreased revenues and our business could be materially adversely affected.

Potential customers may be unwilling to implement the business changes attendant to the use of some of our cloud-based software and services.

The use of our cloud-based software and services often requires customers to implement changes to their existing business process or to adopt new business processes with which they are unfamiliar. Some of our potential customers may continue to rely on existing internal solutions or other non-cloud-based solutions rather than implement the business changes called for by our solutions.

We must keep up with rapid and ongoing technological change to remain competitive in the rapidly evolving cloud-based technology industry.

The cloud-based technology industry is characterized by rapid and ongoing technological change, frequent new product and service introductions, and evolving industry standards. Our future success will depend on our ability to adapt quickly to rapidly changing technologies, to adapt our solutions to evolving industry standards and to improve the performance and reliability of our applications and services. To maintain and increase market acceptance of our applications and services, we must anticipate subscriber need and offer solutions that meet changing subscriber demands quickly and effectively. Subscribers may require features and functionality that our current applications and services do not have or that our platforms are not able to support. If we fail to develop solutions that satisfy subscriber preferences in a timely and cost-effective manner, our ability to renew our agreements with existing subscribers and our ability to increase demand for our solutions will be harmed.

If we are required to, and fail to successfully manage any changes to our business model, including the transition of our products to cloud offerings, our results of operations could be harmed.

We are beginning to transition from an on-premise to a cloud-based, SaaS subscription business model. This adjustment to our business model requires a considerable investment of technical, financial, legal and sales resources. Our transition to cloud offerings will continue to divert resources and increase costs, especially in cost of license and other revenues, in any given period. Such investments may not improve our long-term growth and results of operations. Further, the increase in some costs associated with our cloud services may be difficult to predict over time, especially in light of our lack of historical experience with the costs of delivering cloud-based versions of our applications. We may assume greater responsibilities for implementation related services during this transition. As a result, we may face risks associated with new and complex implementations, the cost of which may differ from original estimates. The consequences in such circumstances could include: monetary credits for current or future service engagements, reduced fees for additional product sales, and a customer’s refusal to pay its contractually-obligated subscription or service fees.


Our focus on cloud services may result in the loss of other business opportunities and negatively impact our revenue growth.

We have allocated significant resources related to our sales and marketing activities, software product development, management team and other personnel toward growing our cloud business. This strategic direction and redirection of resources could potentially result in the loss of sales opportunities in our traditional perpetual license and M&S sales business. If our cloud business does not grow in accordance with our expectations and we are not able to cover the shortfall with other sales opportunities, then our business could be harmed. Although the subscription model used for our cloud business is designed to create a recurring revenue stream that is more predictable, the shift to this model may reduce our license sales, spread revenue over a longer period and negatively affect future license and M&S sales revenue.

Our subscription services, such as EFT Arcus, may impact our revenue trends as some opportunities that otherwise would have materialized as software license sales for on-premises installation at our customers’ sites could potentially shift to subscription-based sales.

Most of our revenue, and the growth of our revenue, has been attributable to perpetual license and M&S sales of our EFT solution.  Perpetual license fees for software to be installed at a customer site are typically recognized in full as revenue at the time the software is delivered to the customer. On the other hand, subscription services are recognized as revenue over time as the services are delivered (assuming collection is deemed probable), typically on a monthly basis. Any significant increase in the percentage of our business generated from such a subscription model could, as a result, delay revenue recognition and have a negative impact on our operating results.

The impact of subscription services on prior revenue growth trends depends on several key factors, including the number of customers who may shift from on-premise software licenses to subscription services, the rate at which they may do so, the subscription term and fees, and the comparative value of the opportunity had it materialized as a software license sale instead of as a subscription service.  Generally, for a fixed number of opportunities (that is, without considering the possibility that a new service offering may result in additional sales opportunities), the addition of subscription services reduces revenue growth rates for several quarters for the associated solutions until cumulative subscription revenue increases and, potentially, surpasses comparable software license revenue. The revenue impacts are particularly pronounced early in the introduction of subscription services because there has been only a short time period for accumulation of the recurring revenue stream.  For this reason, we may experience decreased revenue during the time period that our customers shift to subscription services, which may be a period of multiple years.  As we continue to promote subscription-based services, the risk of a negative impact on revenue will continue, with revenue derived from sales of our EFT solution, the comparable on-premises MFT software in our portfolio, most subject to this ongoing risk from the introduction of these subscription services.

Subscription offerings create risks related to the timing of revenue recognition.

Although the subscription model is designed to increase the number of customers who purchase our products and services and create a recurring revenue stream that is more predictable, it creates certain risks related to the timing of revenue recognition and potential reductions in cash flows.

A decline in new or renewed subscriptions in any period may not be immediately reflected in our reported financial results for that period but may result in a decline in our revenue in future periods. If we were to experience significant downturns in subscription sales and renewal rates, our reported financial results might not reflect such downturns until future periods. Our subscription model could also make it difficult for us to rapidly increase our revenues from subscription or SaaS-based services through additional sales in any period as revenue from new customers will be recognized over the applicable subscription term. Increases in sales under our subscription sales model could result in decreased revenues over the short term if they are offset by a decline in sales from perpetual license customers.

Our cloud and SaaS offerings bring additional business and operational risks.

We offer delivery of several of our products using a SaaS model. Our SaaS offerings provide our customers with existing and new software management through a cloud service as opposed to traditional on-premises software deployments. There can be no assurance that SaaS revenue will be significant in the future despite our levels of investment in developing this product delivery method. Margins associated with our SaaS offerings are generally lower than margins associated with our on-premises solutions.

SaaS subscription arrangements are under month-to-month agreements. Accordingly, our customers generally have no long-term obligation to us and may cancel their SaaS subscription at any time. Even if our customers are satisfied with our SaaS products and services, they may elect not to continue their SaaS subscription. Renewal rates in the future may differ from historical trends such that we may not be able to accurately predict customer renewal rates. Our customers’ renewal rates may decline or fluctuate as a result of a number of factors, including their level of satisfaction with our services and their ability to continue their operations and spending levels. If we experience a decline in the renewal rates for our customers or they opt for lower-priced editions of our offerings or fewer subscriptions, our operating results may be adversely impacted.

There is a risk that we could find it difficult or costly to support both traditional software installed by customers and software delivered as a service. To the extent that our SaaS offerings are defective or there are disruptions to our services, demand for our SaaS offerings could diminish, and we could be subject to substantial liability.

Interruptions or delays in service from our third-party service delivery hosts could impair the delivery of our services and harm our business. If we or our third-party service delivery hosts experience security breaches and unauthorized access is obtained to a customer’s data or our data, our services may be perceived as not being secure, customers may curtail or stop using our services, and we may incur significant legal and financial exposure and liabilities.

Our success with our SaaS solutions depends on organizations and customers perceiving technological and operational benefits and cost savings associated with the increasing adoption of virtual infrastructure solutions in lieu of on-premises data centers. Concerns about security, privacy, availability, data integrity, retention and ownership may negatively impact the rate of adoption of these solutions. SaaS software solutions can be complex, and the deployment of our secure file transfer solutions in the desired manner may require additional professional services and implementation services for which we may not have the ability to provide at an appropriate margin. Our SaaS products are dependent upon third-party hardware, software and hosting vendors, all of which must interoperate for end users to achieve their computing goals. We expect other companies to enter this market and to introduce their own initiatives that may compete with, or not be compatible with, our cloud solutions.

If any of these events were to occur, our business, results of operations and financial condition could be adversely affected.

We rely on third parties to provide us with a number of operational services, including hosting and delivery of our SaaS products, certain of our customer support services, and other operations.  Any interruption or delay in service from these third parties, breaches of security or privacy, or failures in data collection could expose us to liability, harm our reputation and adversely impact our financial performance.

We rely on hosted computer services from third parties for certain services that we provide our customers.  As we gather customer data and host certain customer data in third-party facilities, a security breach could compromise the integrity or availability or result in the theft of customer data.  In addition, our operations could be negatively affected in the event of a security breach, and we could be subject to the loss or theft of confidential or proprietary information.

Unauthorized access to this data may be obtained through break-ins, breach of our secure network by an unauthorized party, employee theft or misuse, or other misconduct.  We rely on a number of third-party suppliers in the operation of our business for the provisioning of various services and materials that we use in the production of our products.  Although we seek to diversify our third-party suppliers, we may from time to time rely on a single or limited number of suppliers, or upon suppliers in a single country, for these services or materials.  The inability of such third parties to satisfy our requirements could disrupt our business operations or make it more difficult for us to implement our business strategy.  If any of these situations were to occur, our reputation could be harmed, we could be subject to third-party liability, including under data protection and privacy laws in certain jurisdictions, and our financial performance could be negatively impacted.

If we are unable to generate significant volumes of sales leads from our various marketing and demand generation efforts then our revenue may not grow as expected or may decline.

We generate leads through various marketing activities such as targeted email campaigns, attending networking-based trade shows, purchasing information and services from third-party experts in generating leads, and hosting webinars on enterprise IT management issues. Our marketing efforts may be unsuccessful, resulting in fewer sales leads. If we fail to generate a sufficient volume of leads from these activities and/or such sales leads do not result in actual sales, our revenue may not grow as expected or could decrease and our operating results could suffer.

Some of our sales leads are generated through visits to our websites by potential end-users interested in purchasing or downloading evaluations of our products. Many of these potential end-users find our websites by searching for secure file transfer products through Internet search engines, such as Google. A critical factor in attracting potential customers to our websites is how prominently our websites are displayed in response to search inquiries. If we are listed less prominently or fail to appear in search result listings for any reason, visits to our websites by customers and potential customers could decline significantly. We may not be able to replace this traffic, and, if we attempt to replace this traffic, we may be required to increase our sales and marketing expenses, which may not be offset by additional revenue and could adversely affect our operating results.

We rely heavily on third-party service providers to help us identify sales leads. If those service providers become unavailable to us, or if the cost of their services become more costly than we could afford to pay, our ability to generate a sufficient volume of sales leads could be compromised, and our ability to sustain or increase our revenue could be adversely affected.

Our sales cycles can be long and unpredictable, and our sales efforts require considerable time and expense. As a result, our sales and revenue are difficult to predict and may vary substantially from period to period, which may cause our results of operations to fluctuate significantly.

Our results of operations may fluctuate, in part, because of the resource intensive nature of our sales efforts, the length and variability of our sales cycle, and the short-term difficulty in adjusting our operating expenses. Our results of operations depend in part on sales to large organizations. The length of our sales cycle, from proof of concept to delivery of and payment for our products, is typically three to nine months but can be more than a year. If our competitors offer or develop products that our prospective customers may want to compare to our products, that situation could cause our average sales cycle to become longer. Because the length of time required to close a sale varies substantially from customer to customer, it is difficult to accurately predict when, or even if, we will make a sale to a potential customer. As a result, large individual sales have, in some cases, occurred in periods subsequent to those periods in which we anticipated they would occur or have not occurred at all. The loss or delay of one or more large transactions in a period could impact our results of operations for that period and any future periods for which revenue from that transaction is delayed. As a result of these factors, it is difficult for us to forecast accurately our revenue for any particular period in the future. Because a substantial portion of our expenses are relatively fixed in the short term, our results of operations will suffer if our revenue falls below expectations in a particular period, which could cause the price of our common stock to decline.
 
We may acquire new products, capabilities or entire business enterprises in the future that could give rise to risks and challenges that could adversely affect our future financial results.

Acquisitions of new products, capabilities or entire business enterprises involve a number of risks and challenges, including:

·
Complexity, time, and costs associated with integration of the acquired business operations, workforce, products, and technologies into our existing business, sales force, employee base, product lines, marketing and technology which ultimately may not be successful.

·
Diversion of management time and attention from our existing business and other business opportunities throughout the integration.

·
Potential loss or termination of employees, including costs associated with the termination or replacement of those employees.

·
Assumption of debt or other liabilities of the acquired business, including any future litigation related to alleged liabilities of the acquired business.

·
The incurrence of additional acquisition-related debt as well as increased expenses and working capital requirements.

·
Potential dilution of earnings per share.

·
Increased costs and efforts in connection with compliance with Section 404 of the Sarbanes-Oxley Act of 2002.


·
Potentially substantial accounting charges for restructuring and related expenses, write-off of in-process research and development, impairment of goodwill, amortization of intangible assets, and share-based compensation expense.

The ongoing integration of any acquired products, capabilities or entire business enterprises involves continually determining and leveraging the actual market synergies, sustaining and even extending the business performance of the acquired entity, implementing our technology systems in the acquired operations, and integrating and managing the personnel related to the acquired products and/or operations.  We also must continue to effectively integrate the different cultures of acquired business organizations into our own culture in a way that aligns various interests.

Any of the foregoing, and other factors, could harm our ability to achieve anticipated levels of financial performance or to realize other anticipated benefits of an acquisition.  In addition, because acquisitions of technology-based products and companies are inherently risky, no assurance can be given that our previous, current, or future acquisitions will be successful and will not adversely affect our business, operating results, or financial condition.

Our ability to sell our products is highly dependent on the quality of our support and services offerings. Our failure to offer high-quality support and services could have a material and adverse effect on our business and results of operations.

Once our products are deployed for use by our end customers, our end customers may depend on our support organization and our channel partners to resolve issues relating to our products. High-quality support is critical for the successful marketing and sale of our products. If we or our channel partners do not assist our end customers in deploying our products effectively, succeed in helping our customers resolve post-deployment issues quickly, or provide ongoing support, it could adversely affect our ability to sell our products to existing end customers and could harm our reputation with other potential end customers. As we expand our operations internationally, our support organization will face additional challenges, including those associated with delivering support, training and documentation in languages other than English. Our failure or the failure of our channel partners to maintain high-quality support and services could have a material and adverse effect on our business and operating results.

If we fail to manage our sales and distribution channels effectively, our operating results could be adversely affected.

We sell our software products both directly to end-users and through a network of distributors and resellers that we collectively refer to as the channel as well as through marketplaces such as Amazon Web Services and Microsoft Azure. Sales through these different methods involve distinct risks. Risks associated with direct sales include:

·
Challenges in scaling the size of the direct sales team to levels required for revenue growth.

·
Difficulty in hiring, retaining, and motivating our direct sales force.

·
Substantial amounts of training for sales representatives to become productive, including regular updates to cover new and revised products.

·
Leads obtained from paid advertising (for example, Google ads) impacting direct sales should the marketing and advertising effectiveness decline due to non-attributable declines in leads, unforeseen search engine algorithm changes, or other occurrences that may adversely impact the lead generation aspects of the direct sales cycle.  Increased competition may materially impact the costs associated with such marketing and advertising.

From time-to-time, we make significant changes in the organizational structure and compensation plans of our sales organization, which may increase the risk of sales personnel turnover. To the extent that we experience turnover within our direct sales force or sales management, there is a risk that the productivity of our sales force would be negatively impacted which could lead to revenue declines. Turnover within our sales force can cause disruption in sales cycles leading to delay or loss of business. It can take time to implement new sales management plans and to effectively recruit and train new sales representatives. We review and modify our compensation plans for the sales organization periodically. Changes to our sales compensation plans could make it difficult for us to attract and retain top sales talent.
 
Sales through third-party distributors and resellers involve a number of risks, including:

Our lack of control over the timing of delivery of our products to end-users.


Our resellers and distributors currently not being subject to minimum sales requirements or any obligation to market our products to their customers.

Our reseller and distributor agreements generally being nonexclusive and terminable at any time without cause.

Our resellers and distributors frequently marketing and distributing competing products and, from time to time, placing greater emphasis on the sale of these products due to pricing, promotions, and other terms offered by our competitors.

For 2017 and 2016, approximately 35% and 37%, respectively, of our revenue was derived from indirect channel sales through distributors and resellers. We expect that a significant portion of our revenue will continue to be derived from indirect channel sales in the future. Our ability to effectively distribute our products through those channels depends in part upon the financial and business condition of our distributor and reseller network. Computer software distributors and resellers typically are not highly capitalized, have previously experienced difficulties during times of economic contraction, and have experienced difficulties during the past several years. If our distributors and resellers were not be able to sustain their business at a level necessary to sell our products or provide customer support services, our business and revenue could be negatively impacted.

We rely upon major distributors and resellers in both the U.S. and international regions. Our largest distributor accounted for 14% of our total revenues in 2017 and 2016. Although we believe that we are not substantially dependent on this distributor, if it were to experience a significant disruption with its business or if our relationship with it were to significantly deteriorate, it is possible that our ability to sell to end users would be, at least temporarily, negatively impacted. This could, in turn, negatively impact our financial results.

Over time, we have modified and will continue to modify aspects of our relationship with our distributors and resellers, such as their incentive programs, pricing to them and our distribution model, to motivate and reward them for aligning their businesses with our strategy and business objectives. Changes in these relationships and underlying programs could negatively impact their business and/or harm our business. In addition, the loss of or a significant reduction in business with those distributors or resellers or the failure to achieve anticipated levels of sell-through with any one of our major international distributors or large resellers could harm our business. In particular, if one or more of such distributors or resellers were unable to meet their obligations with respect to our accounts receivable from them, we could be forced to write off such accounts receivables and may be required to delay the recognition of revenue on future sales to these customers. These events could have a material adverse effect on our financial results.

Revenue from our Mail Express, Wide Area File Services, CuteFTP and TappIn product lines will likely decline in the future and become a smaller part of our total revenue.

Revenue from our products and services other than our EFT solution was $1.6 million and $2.2 million in 2017 and 2016, respectively, and accounted for 4.6% and 6.9% of our total revenue in 2017 and 2016, respectively.  As we increase our focus and emphasis on our EFT platform products, our revenue from these products will likely continue to decline. We incur costs and expenses supporting these products for our customers who are currently using them. If revenue from these products continues to decline, we may begin to incur losses from these products. The potential for such losses may cause us to decide to sell or discontinue one or more of these product lines. If we cannot effectively reduce our costs to support these products, or if see decide to sell one or more of these product lines but cannot find a buyer for them, we may begin incurring losses on these products that could materially affect our results of operations and financial condition.

We may engage third parties to develop products on our behalf. These engagements may involve reliance on resources owned and managed by those third parties over which we have no direct control.

In addition to research and development of new products by our employees, we engage third parties from time-to-time to conceive, design and develop products on our behalf.  Arrangements of this type involve high levels of risk as a result of inherent uncertainties about the timely delivery and ultimate viability of those products due to the reliance we must place on third parties to plan, perform and successfully complete work for us.  These are processes for which we could have notably less direct control than if we performed the work ourselves.  These arrangements involve our reliance on the ongoing financial viability of the enterprise performing the work.  This risk is challenging to manage because we do not always have clear visibility as to the overall condition of the third-party enterprise.  These risks could result in the product not being successfully completed within the expected timeframe, or at all. If actual results from these type of endeavors that we may undertake in the future differ materially from original and ongoing expectations, our business, operating results and financial position could be harmed.


Our ability to develop our software will be seriously impaired if we are not able to use our foreign subcontractors.

We rely on foreign subcontractors to help us develop some aspects of some of our software. If these programmers decided to stop working for us, or if we were unable to continue using them because of political or economic instability, we would have difficulty finding comparably skilled developers in a timely manner. In addition, we would likely have to pay considerably more for the same work, especially if we used U.S. personnel. If we could not replace the contract programmers, it could take us longer to develop certain products and product upgrades and at a higher cost.

Seasonality may cause fluctuations in our revenue.

We believe there could be notable seasonal factors in the future that may cause us to record higher revenue in some quarters compared with others. We believe this variability is possible largely due to our customers’ budgetary and spending patterns, as many customers spend the unused portions of their discretionary budgets prior to the end of their fiscal years. For example, we have historically recorded our highest level of revenue in our fourth quarter, which we believe corresponds to the fourth quarter of a majority of our customers. If our rate of growth slows over time, seasonal or cyclical variations in our operations may become more pronounced, and our business, results of operations and financial position may be adversely affected.

Reliance on delivery of our products near or at the end of each quarter could cause our revenue for the applicable period to fall below expected levels.

As a result of customer buying patterns and the efforts of our sales force and channel partners to meet or exceed their sales objectives, we have historically received a substantial portion of orders from our customers and generated a substantial portion of revenue during the last few weeks of each period. A significant interruption in our IT systems, which manage critical functions such as order processing, trade compliance reviews, delivery of our products, billings, collections, revenue recognition, and financial reporting, among others, could result in delayed order fulfillment and decreased revenue for that period. If expected revenue at the end of any period is delayed for any reason, including the failure of anticipated purchase orders to materialize, our logistics or channel partners’ inability to deliver products prior to period-end to fulfill purchase orders received near the end of the period, our inability to release new products on schedule, any failure of our systems related to order review and processing, or any delays in product delivery based on trade compliance requirements, our revenue for that period could fall below our expectations and the estimates of market analysts, if any, which could adversely impact our business and results of operations and cause a decline in the trading price of our common stock.

Fluctuations in professional services revenue may be greater than experienced in previous reporting periods and have a disproportionate impact on our financial results.  For example, increased professional services sales, especially to the government, may result in lower earnings as a percentage of revenue.

Our solution portfolio includes software licenses, subscription services, M&S, and professional services.  Because they are relatively labor intensive, professional services typically have substantially lower margins than software license sales, M&S and subscription services. Professional services were 6% and 8% of our total revenue in 2017 and 2016, respectively.  However, this percentage can fluctuate significantly from period to period depending on the needs of our customers.

Depending on our mix of software licenses, subscription, M&S, and professional services revenue in a given reporting period, our earnings as a percentage of revenue may fluctuate from historical norms. For example, if we were to derive a relatively large (compared to historical norms) component of our revenue from professional services in a reporting period, earnings as a percentage of revenue may decline in that period due to lower margin contribution from those labor-intensive services as compared to software license, subscription, and M&S revenue.

We may not be able to compete effectively with larger, better-positioned companies, resulting in lower margins and loss of market share.

We operate in intensely competitive markets that experience rapid technological developments, market consolidation, changes in industry standards, changes in customer requirements, and frequent new product introductions and product improvements by existing and new competitors.  If we are unable to anticipate or react to these competitive challenges or if existing or new competitors take or gain additional market share in any of our markets, our competitive position could weaken, and we could experience a decrease in revenues that could adversely affect our business and operating results.  To compete successfully, we must maintain a successful research and development effort to create new products and services and enhance existing products and services, effectively adapt to changes in the technology or product rights held by our competitors, appropriately respond to competitor strategies as such strategies become apparent, and effectively adapt to technological changes and changes in the ways that our information is accessed, used, and stored within our enterprise and consumer markets.  If we are unsuccessful in responding to our competitors or to changing technological and customer demands, we could experience a negative effect on our competitive position and our financial results.


We compete with a variety of companies that have significantly greater revenues and financial resources, more partners, resellers and distribution channels than we have, and greater quantities of personnel and technical resources. For example, our EFT solution suite competes with products from IBM Sterling, Ipswitch, Axway and several other vendors. Our WAFS product competes with Riverbed Technology, Panzura, and Peer Sync.  Large companies may be able to develop new technologies, across multiple solution spaces, and on more operating systems, more quickly than we can, to offer a broader array of products, and to respond more quickly to new opportunities, industry standards or customer requirements.

Additional competitors may enter the market and also may have significantly greater capabilities and resources than we do. Some existing competitors also may be able to adopt more aggressive pricing strategies. For example, Ipswitch provides an older version of its consumer file transfer protocol program for free for non-commercial use, and Microsoft includes file transfer protocol functionality in its Internet browser, which it also distributes for free. Increased competition may result in lower operating margins and loss of market share.

As we attempt to expand our business, our operating expenses may increase, and we may incur losses.

We intend to expand our business, specifically with regard to new on-premise license sales and SaaS delivery of our products, with increased focus on SaaS delivery. To do so, we plan to increase our research and development expenditures to accelerate our introduction of new features, functions and capabilities for our products to the marketplace. We intend to enhance the presence and visibility of those products by increasing our sales and marketing expenditures to expand our sales force, particularly through a broader reseller program involving more third parties, and by implementing new sales lead generation and marketing initiatives.

These expanded research and development and sales and marketing activities may result in an increase in our operating expenses. If we do not successfully develop new features, functions and capabilities for our products in a manner that increases license sales of our products, and if our enhanced sales and marketing activities, including expansion of our third-party reseller programs, are not successful, our revenue may not increase. In that event, our net income could decline or we may incur losses.

As we develop new products or new features, functions and capabilities for existing products, we capitalize certain of our costs related to those activities and defer the expense arising from those activities to future periods.

In accordance with GAAP, we capitalize certain of our costs related to the development of new products or new features, functions and capabilities for existing products. We present these capitalized costs as an asset on our balance sheet. We amortize these costs to expense in future periods after these work products are completed and released for sale so as to match these expenses the associated revenue we earn in the future. If we were to deem these capitalized costs not to be realizable through future revenue and accordingly had to reduce the carrying value of these assets, possibly to zero, we could incur significant expenses earlier than anticipated.

Our products are complex and operate in a wide variety of computer configurations, which could result in errors or product failures.

Addressing MFT both on-premise licenses and SaaS models typically requires very complex products.  Undetected errors, failures, or bugs may occur, especially when products are first introduced or when new versions are released.  Our products are often installed and used in large-scale computing environments with different operating systems, system management software, and equipment and networking configurations, which may cause errors or failures in our products or may expose undetected errors, failures, or bugs in our products.  Our customers’ computing environments also are often characterized by a wide variety of standard and non-standard configurations that make pre-release testing for programming or compatibility errors very difficult and time-consuming.  In addition, despite testing by us and others, errors, failures, or bugs may not be found in new products or releases until after commencement of commercial shipments.  In the past, we have discovered software errors, failures, and bugs in certain of our product offerings after their introduction and have experienced delayed or lost revenues during the time required to correct these errors.

Errors, failures, or bugs in products released by us could result in negative publicity, product returns, loss of or delay in market acceptance of our products, loss of competitive position, or claims by customers or others.  Many of our end-user customers use our products in applications that are critical to their businesses and may have a greater sensitivity to defects in our products than to defects in other, less critical, software products.  In addition, if an actual or perceived breach of information integrity or availability occurs in one of our end-user customer’s systems, regardless of whether the breach is attributable to our products, the market perception of the effectiveness of our products could be harmed.  Alleviating any of these problems could require significant expenditures of our capital and other resources and could cause interruptions, delays, or cessation of our product licensing, which could cause us to lose existing or potential customers and could adversely affect our operating results.


Our business is subject to the risks of warranty claims, product returns, product liability and product defects.

Real or perceived errors, failures or defects in our products could result in claims by customers for losses that they sustain.  If customers make these types of claims, we may be required, or may choose, for customer relations or other reasons, to expend additional resources in order to help correct the problem. Liability provisions in our standard terms and conditions of sale, and those of our resellers and distributors, may not be enforceable under some circumstances or may not fully or effectively protect us from customer claims and related liabilities and costs, including indemnification obligations under our agreements with resellers and distributors. The sale and support of our products also entail the risk of product liability claims.  We maintain insurance to protect against certain types of claims associated with the use of our products, but our insurance coverage may not adequately cover any such claims. Even claims that ultimately are unsuccessful could result in expenditures of funds in connection with litigation and divert management’s time and other resources.

Turmoil and uncertainty in U.S. and international economic markets could adversely affect our business and operating results.

Demand for our products depends in large part upon the level of capital and maintenance expenditures by many of our customers.  Economic downturns could have an adverse effect on spending on information technology projects since in such environments, prospects and customers may reduce, sometimes greatly, their discretionary spending to focus on preserving mandatory spending budgets.

These adverse impacts to customer spending may be directly, and adversely, reflected in our future business and operating results because we believe a substantial part of their MFT spending budget is considered discretionary by our prospects and customers. The perception of MFT solutions spending as discretionary is further reinforced by the existence of low cost, or even free, products that deliver some subset of the capabilities found in our solutions.  In the event of an economic downturn, some customers may decide to defer spending for our solutions or may elect to obtain low cost or free “good enough” products as an interim measure.  The potential adverse impacts of such decisions may persist for an extended period of time, even well into a period of economic recovery, given that many prospects will not change their IT infrastructure for a considerable period of time after that infrastructure has been installed and is operating adequately.

Adverse financial results from another economic downturn and uncertainty could include flat, or even decreasing, sales, lower gross and net margins, and impairment of current or future goodwill and long-lived assets.  In addition, some of our customers could delay paying their obligations to us.  Potentially reduced sales and margins and customer payment problems could limit our ability to fund research and development, marketing, sales, and other activities necessary to sustain and expand our market position.

In past economic downturns, we have sometimes experienced a decrease in our stock price. If investors have concerns that our business, financial condition and results of operations will be negatively impacted by another economic downturn, our stock price could decrease again.

Regardless of economic conditions, fluctuations in demand for our products and services are driven by many factors and a decrease in demand for our products could adversely affect our financial results.

We are subject to fluctuations in demand for our products and services due to a variety of factors, including competition, product obsolescence, technological change, budget constraints of our actual and potential customers, awareness of security threats to IT systems, and other factors.  While such factors may, in some periods, increase product sales, fluctuations in demand can also negatively impact our product sales.  If demand for our products declines, our revenues, as well as our gross and net margins, could be adversely affected.

Sales to the U.S. Government make up a portion of our business, and changes in government defense spending could have consequences on our financial position, results of operations and business.

Our revenues from the U.S. Government largely result from contracts awarded to us under various U.S. Government programs, primarily defense-related programs with the Department of Defense (“DoD”). The funding of our programs is subject to the overall U.S. Government foreign policy, budget and appropriation decisions, and processes which are driven by numerous factors, including geo-political events and macroeconomic conditions, and are beyond our control. Projected defense spending budgets are uncertain and difficult to predict.

Significant changes in defense spending could have long-term consequences for our size and structure. Changes in government priorities and requirements could impact the funding, or the timing of funding, of our programs which could negatively impact our results of operations and financial condition.  Government contracts typically have long sales cycles such that closure of such contracts is difficult to predict.


U.S. Government contracts generally also permit the government to terminate the contract, in whole or in part, without prior notice, at the government’s convenience or for default based on performance. A termination arising out of our default could expose us to liability and have a negative impact on our ability to obtain future contracts and orders. Furthermore, on contracts for which we are a subcontractor and not the prime contractor, the U.S. Government could terminate the prime contract for convenience or otherwise, irrespective of our performance as a subcontractor.

Because we are a DoD contractor, certain of our items and/or transactions may be subject to the International Traffic in Arms Regulations (“ITAR”) if our software or services are specifically designed or modified for defense purposes.  Companies engaged in manufacturing or exporting ITAR-controlled goods and services (even if these companies do not export such items) are required to register with the U.S. State Department.  Failure to comply with these requirements could result in fines and sanctions which could negatively impact our results of operations and financial condition.

If we lose key personnel we may not be able to execute our business plan.

Our future success depends on the continued services of our employees. If employees leave, it can be difficult to replace them because of the intense competition in the marketplace for people with the skillsets we need to operate our business. New employees may not be productive for weeks or months as they learn about our solutions, our personnel and the administrative practices within our company.

It may be difficult for us to recruit and retain software developers and other technical and management personnel because we are a relatively small company.

We compete intensely with other software development and distribution companies domestically and internationally as well as information technology departments supporting larger businesses all of whom strive to recruit and hire employees from a limited pool of qualified personnel. Some qualified candidates prefer to work for larger, better known companies or in another geographic area. In order to attract and retain personnel in a competitive marketplace, we believe that we must provide a competitive compensation package, including cash, equity-based compensation, and other employee benefits including medical insurance and healthcare plans. The volatility in our stock price may from time to time adversely affect our ability to recruit or retain employees. In addition, we may be unable to obtain required stockholder approvals of future increases in the number of shares available for issuance under our equity compensation plans. Also, accounting rules require us to treat the issuance of employee stock options and other forms of equity-based compensation as compensation expense. As a result, we may decide to issue fewer equity-based incentives and may be impaired in our efforts to attract and retain necessary personnel. If we are unable to hire and retain qualified employees, or conversely, if we fail to manage employee performance or reduce staffing levels when required by market conditions, our business and operating results could be adversely affected.

Key personnel have left our company in the past. There likely will be additional departures of key personnel from time to time in the future. The loss of any key employee could result in significant disruptions to our operations, including adversely affecting the timeliness of product releases, the successful implementation and completion of company initiatives, the effectiveness of our disclosure controls and procedures and our internal control over financial reporting, and the results of our operations. Hiring, training, and successfully integrating replacement sales, engineering, and other personnel could be time consuming, may cause additional disruptions to our operations, and may be unsuccessful, which could negatively impact future revenues.

Our operations potentially are vulnerable to security breaches that could harm the quality of our products and services or disrupt our ability to deliver our products and services.

Information security is a dynamic discipline that historically has faced threats that develop and emerge in ways that are sometimes unpredictable. Third parties may breach our systems and information security and damage our products and services or misappropriate confidential customer information. This might cause us to lose customers, or even cause customers to make claims against us for damages. We may be required to expend significant resources to protect against potential or actual security breaches and/or to address problems caused by such breaches.

Improper disclosure of personal data could result in liability and harm our reputation. 

While we have derived the majority of our historical revenues from on-premises delivery of our products, we now also offer our products on third-party, hosted platforms. As we continue to execute our strategy of increasing the number and scale of our cloud-based offerings, we may store and process increasingly large amounts of personally identifiable information of our customers. At the same time, the continued occurrence of high-profile data breaches provides evidence of an external environment increasingly hostile to information security. This environment demands that we continuously improve our design and coordination of security controls. It is possible our security controls over personal data, our training of employees and vendors on data security, and other practices we follow may not prevent the improper disclosure of personally identifiable information. Improper disclosure of this information could harm our reputation, lead to legal exposure to customers, or subject us to liability under laws that protect personal data, resulting in increased costs or loss of revenue.  We believe consumers using our subscription services increasingly will want efficient, centralized methods of choosing their privacy preferences and controlling their data. Perceptions that our products or services do not adequately protect the privacy of personal information could inhibit sales of our products or services and could constrain consumer and business adoption of cloud-based solutions.

Breaches of our cybersecurity systems could degrade our ability to conduct our business operations and deliver products and services to our customers, delay our ability to recognize revenue, compromise the integrity of our software products, result in significant data losses and the theft of our intellectual property, damage our reputation, expose us to liability to third parties and require us to incur significant additional costs to maintain the security of our networks and data.

We increasingly depend upon our IT systems to conduct virtually all of our business operations, ranging from our internal operations and product development activities to our marketing and sales efforts and communications with our customers and business partners.  Cyber threats may attempt to penetrate our network security, or that of our website, and misappropriate our proprietary information or cause interruptions of our service.  Because the techniques used by such attackers to access or sabotage networks change frequently and may not be recognized until launched against a target, we may be unable to anticipate these techniques.  In addition, sophisticated hardware and operating system software and applications that we produce or procure from third parties may contain defects in design or manufacture, including “bugs” and other problems that could unexpectedly interfere with the operation of the system.  We have also outsourced a number of our business functions to third-party contractors. Therefore, our business operations also depend, in part, on the success of our contractors’ own cybersecurity measures. Similarly, we rely upon distributors, resellers, system vendors and systems integrators to sell our products and our sales operations depend, in part, on the reliability of their cybersecurity measures. Additionally, we depend upon our employees to appropriately handle confidential data and deploy our IT resources in a safe and secure fashion that does not expose our network systems to security breaches and the loss of data. Accordingly, if our cybersecurity systems and those of our contractors fail to protect against unauthorized access, sophisticated cyber-attacks and the mishandling of data by our employees and contractors, our ability to conduct our business effectively could be damaged in a number of ways, including:

·
Sensitive data regarding our business, including intellectual property and other proprietary data, could be stolen.
·
Our electronic communications systems, including email and other methods, could be disrupted, and our ability to conduct our business operations could be seriously damaged until such systems can be restored.
·
Our ability to process customer orders and electronically deliver products and services could be degraded, and our distribution channels could be disrupted, resulting in delays in revenue recognition.
·
Defects and security vulnerabilities could be introduced into our software products, thereby damaging the reputation and perceived reliability and security of our products and potentially making the data systems of our customers vulnerable to further data loss and cyber incidents.
·
Personally identifiable data of our customers, employees and business partners could be lost.

Should any of the above events occur, we could be subject to significant claims for liability from our customers or from regulatory actions of governmental agencies, our ability to protect our intellectual property rights could be compromised and our reputation and competitive position could be significantly harmed. Also, the regulatory and contractual actions, litigations, investigations, fines, penalties and liabilities relating to data breaches that result in losses of personally identifiable or credit card information of users of our services could be significant in terms of fines and reputational impact and necessitate changes to our business operations that may be disruptive to us. Additionally, we could incur significant costs in order to upgrade our cybersecurity systems and remediate damages. Consequently, our financial performance and results of operations could be adversely affected.


Certain components of the software code comprising some of our products are licensed from third parties making us dependent upon those licenses remaining in place for those products to operate in their current form.

Certain key components of the software code comprising certain of our products are licensed from unrelated, third parties.  These licenses are not perpetual and, as such, with advance notice as provided in the license agreements, these third parties could terminate these licenses.  Even with advance notice, termination of these licenses could create a severe hardship for us due to the need to locate substitute software code from other third parties or create alternative software code ourselves in order for our products to continue to operate in the manner designed or for us to keep pace with customer requirements, including our obligations under maintenance and support agreements.  There is no assurance we could achieve either of those alternative solutions in a timely and effective manner that would not disrupt our ability to continue selling and supporting those products, or without the consumption of significant company resources in the form of time spent by our personnel creating alternative solutions or cash paid to third parties to assist us.  Such a situation could delay the completion and introduction to the marketplace of other products we are developing to remain competitive due to the diversion of the attention of certain of our key personnel away from that work.  If any of these events occur, our future business and financial results could be adversely affected.

We utilize “open source” software in some of our products.

The open source software community develops software technology for free use by anyone. We incorporate a limited amount of open source code software into our products.  We may use more open source code software in the future.

Our use, in some instances, of open source code software may impose limitations on our ability to commercialize our solutions and may subject us to possible intellectual property litigation.  Open source code may impose limitations on our ability to commercialize our products because, among other reasons, open source license terms may be ambiguous and may result in unanticipated obligations regarding our solution, and open source software cannot be protected under trade secret law. In addition, it may be difficult for us to accurately determine the identities of the developers of the open source code and whether the acquired software infringes third-party intellectual property rights. As a result, we could be subject to suits by parties claiming ownership of what we believe to be open source software. From time to time, companies that incorporate open source software into their products have been subject to such claims.

Claims of infringement or misappropriation against us could be costly for us to defend and could require us to re-engineer our solution or to seek to obtain licenses from third parties in order to continue offering our solution. We also might need to discontinue the sale of our solution in the event re-engineering could not be accomplished on a timely or cost-effective basis. If any such claim, attempted remediation, or solution discontinuance occur, our business and operating results could be harmed.

Our products may expose customers to invasion of privacy, causing customer dissatisfaction or possible claims against us for damages.

Our products and solutions are intended to facilitate data and information transfer and sharing, sometimes by providing outsiders access to a customer’s computer. Such access potentially may make the customer vulnerable to security breaches, which could result in the loss of the customer’s privacy or property.  Invasions of privacy or other customer harm occurring in an environment where our solutions are operating could result in customer dissatisfaction and possible claims against us for any resulting damages.

We are subject to governmental export and import controls, and sanctions laws that could subject us to liability or impair our ability to compete in international markets.

All products that are exported, re-exported or that are worked on by foreign nationals are subject to export controls.  Such controls include prohibitions on end uses, end users and exports to certain sanctioned countries.  In addition, incorporation of encryption technology into our products increases the level of U.S. export controls.  We are subject to these requirements as certain of our products include the ability for the end user to encrypt data.  Therefore, our products may be exported outside the United States or revealed to foreign nationals only by complying with the required level of export controls/restrictions. Restrictions applicable to our products may include a requirement to have a license to export the technology, a requirement to have software licenses approved before export is allowed, and outright bans on the licensing of certain encryption technology to particular end users or to all end users in a particular country.  In addition, various countries regulate the import and re-export of certain technology and have enacted laws that could limit our ability to distribute our products or could limit our customers’ ability to implement our products in those countries or that make it a violation for us to comply with U.S. sanctions requirements.
 

There can be no assurance that we will be successful in obtaining or maintaining the licenses and other authorizations required to export our products from applicable government authorities. Any change in export or import regulations or related legislation, shift in approach to the enforcement or scope of existing regulations, changes in the list of countries to which we cannot export, or changes in persons or technologies targeted by such regulations could result in decreased use of our products by, or in our decreased ability to export or sell our products to, existing or potential customers with international operations.  Changes in our products or changes in export and import regulations may create delays in the introduction of our products in international markets, prevent our customers with international operations from deploying our products throughout their global systems or, in some cases, prevent the export or import of our products to certain countries, companies or individuals altogether. Any change in export, import or sanctions regulations or related legislation, a shift in approach to the enforcement or scope of existing regulations, or change in the countries, persons or technologies targeted by such regulations, could result in decreased use of our products by, or in our decreased ability to export or sell our products to, existing or potential customers with international operations.
 
Export and sanctions laws and regulations can be extremely complex in their application.  If we are found not to have complied with applicable export control or sanctions laws, we may be sanctioned, fined or penalized by, among other things, having our ability to obtain export licenses curtailed or eliminated, possibly for an extended period of time. Our failure to receive or maintain any required export licenses or authorizations or our being penalized for failure to comply with applicable export control or sanctions laws would hinder our ability to sell our products, could result in financial penalties, and could materially adversely affect our business, financial condition, and results of operations.  Any failure on our part or the part of our distributors to comply with encryption or other applicable export control or sanctions requirements could harm our business and operating results.
 
Import and export regulations of encryption/decryption technology vary from country to country. We may be subject to different statutory or regulatory controls, including licensing requirements, in different foreign jurisdictions, and as such, importation or re-exportation of our technology may not be permitted in these foreign jurisdictions. Violations of foreign regulations or regulation of international transactions could prevent us from being able to sell our products in international markets. Our success depends in large part on our having access to international markets. A violation of foreign regulations could limit our access to such markets and have a negative effect on our results of operations.

As our international sales grow, we could become increasingly subject to additional risks that could harm our business.

We conduct significant sales and customer support in countries outside of the United States.  Approximately 25% and 23% of our sales were to purchasers outside the United States in 2017 and 2016, respectively.  If our sales outside the United States increase, we may be required to further expand our international operations.  To successfully expand international sales, we must establish additional foreign operations, hire additional personnel, including regulatory compliance professionals, and recruit additional international resellers.  We may also incur additional expense translating our applications into additional languages. In addition, there is significant competition for entry into high growth markets.  Our international operations are subject to a variety of risks, which could cause fluctuations in the results of our international operations.  These risks include:

·
Compliance with foreign regulatory and market requirements.
·
Variability of foreign economic, political and labor conditions.
·
Changing restrictions imposed by regulatory requirements, tariffs or other trade barriers or by U.S. export laws.
·
Potential increase in expenses to comply with international data protection laws.
·
The imposition by the United States government of sanctions on countries, individuals or business entities.
·
Longer accounts receivable payment cycles.
·
Potentially adverse tax consequences.
·
Difficulties in protecting intellectual property.
·
Burdens of complying with a wide variety of foreign laws.
·
Difficulty transferring funds to the U.S. in a tax efficient manner from non-U.S jurisdictions in which the cash flow originates.


We are subject to risks associated with compliance with laws and regulations globally which may harm our business.

We are a global company subject to varied and complex laws, regulations and customs domestically and internationally. These laws and regulations relate to a number of aspects of our business, including trade protection, import and export control, sanctions laws, data and transaction processing security, payment card industry data security standards, records management, user-generated content hosted on websites we operate, corporate governance, employee and third-party complaints, gift policies, conflicts of interest, employment and labor relations laws, securities regulations and other regulatory requirements affecting trade and investment. The application of these laws and regulations to our business is often unclear and may at times conflict. Compliance with these laws and regulations may involve significant costs or require changes in our business practices that result in reduced revenue and profitability. Non-compliance could also result in fines, damages, or criminal sanctions against us, our officers or our employees, prohibitions on the conduct of our business, and damage to our reputation. We incur additional legal compliance costs associated with our global operations and could become subject to legal penalties if we fail to comply with local laws and regulations in U.S. jurisdictions or in foreign countries, which laws and regulations may be substantially different from those in the U.S.
 
In many foreign countries, particularly in those with developing economies, it is common to engage in business practices that are prohibited by U.S. regulations applicable to us, including the Foreign Corrupt Practices Act. Although we implement policies and procedures designed to ensure compliance with these laws, there can be no assurance that all of our employees, contractors and agents, as well as those companies to which we outsource certain of our business operations, including those based in or from countries where practices that violate such U.S. laws may be customary, will not take actions in violation of our internal policies. Any such violation, even if prohibited by our internal policies, could have an adverse effect on our business.
 
Our interaction with foreign parties can also increase our costs with respect to compliance.  For example, the EU has recently adopted a comprehensive overhaul of its data protection regime from the current national legislative approach to a single European Economic Area Privacy Regulation, the GDPR, which came into effect in May 2018. The EU data protection regime extends the scope of the EU data protection law to all foreign companies processing data of EU residents. It imposes a strict data protection compliance regime with severe penalties of up to the greater of 4% of worldwide turnover and €20 million and includes new rights such as the “portability” of personal data. Although the GDPR will apply across the EU without a need for local implementing legislation, as has been the case under the current data protection regime, local data protection authorities (“DPAs”) will still have the ability to interpret the GDPR, which has the potential to create inconsistencies on a country-by-country basis. Since we act as a data processor for our SaaS customers, we are taking steps to cause our processes to be compliant with applicable portions of the GDPR, but we cannot assure you that such steps will be effective.  We have adopted policies to comply with the GDPR, but ongoing implementation and maintenance of compliance regimes could require changes to certain of our business practices, thereby increasing our costs.
 
Failure to comply with existing or future privacy and data use and security laws, regulations, and requirements to which we are subject or could become subject, including by reason of inadvertent disclosure of confidential information, could result in fines, sanctions, penalties or other adverse consequences and loss of consumer confidence, which could materially adversely affect our results of operations, overall business and reputation especially since we market our products as a means by which compliance can be achieved.

Failure to maintain proper and effective internal controls has affected, and could in the future affect, our ability to produce accurate financial statements which has resulted, and could in the future result, in the restatement of our consolidated financial statements, and such failure to maintain proper and effective internal controls could adversely affect our operating results, our ability to operate our business, and our stock price.

Effective internal controls are necessary for us to provide reliable financial reports and effectively prevent fraud.  We maintain a system of internal control over financial reporting, which is defined as a process designed by, or under the supervision of, our principal executive officer and principal financial officer, or persons performing similar functions, and effected by our board of directors, management and other personnel, to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with GAAP.  Our management has determined that our internal control over financial reporting was not effective to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external reporting purposes in accordance with GAAP as of December 31, 2017.
 
Failure to establish and maintain appropriate internal financial reporting controls and procedures has caused us to fail to meet our reporting obligations, resulted in the restatement of our financial statements, harmed our operating results, subjected us to regulatory scrutiny and investigation, potentially caused investors to lose confidence in our reported financial information, and had a negative effect on the market price for shares of our common stock.  Failure to remediate our material weaknesses and control deficiencies with respect to our internal control over financial reporting could result in similar consequences in the future.

 
There are inherent limitations in all control systems, and misstatements due to error or fraud have occurred and may occur again in the future and not be detected.

The ongoing internal control provisions of Section 404 of the Sarbanes-Oxley Act of 2002 require us to identify material weaknesses in internal control over financial reporting, which is a process to provide reasonable assurance regarding the reliability of financial reporting for external purposes in accordance with GAAP. Our management, including our principal executive officer and principal financial officer, does not expect that our internal controls and disclosure controls, even once all material weaknesses and control deficiencies are remediated, will prevent all errors and all fraud. A control system, no matter how well conceived and operated, can provide only reasonable, not absolute, assurance that the objectives of the control system are met. In addition, the design of a control system must reflect the fact that there are resource constraints and the benefit of controls must be relative to their costs. Because of the inherent limitations in all control systems, no evaluation of controls can provide absolute assurance that all control issues and instances of fraud in our company have been detected. These inherent limitations include the realities that judgments in decision-making can be faulty and that breakdowns can occur because of simple errors or mistakes. Further, controls can be circumvented by individual acts of some persons, by collusion of two or more persons, or by management override of the controls. The design of any system of controls is also based in part upon certain assumptions about the likelihood of future events, and there can be no assurance that any design will succeed in achieving our stated goals under all potential future conditions. Over time, a control may be inadequate because of changes in conditions, such as growth of the company or increased transaction volume, or the degree of compliance with the policies or procedures may deteriorate. Because of inherent limitations in a cost-effective control system, misstatements due to error or fraud may occur again in the future and not be detected.
In addition, discovery and disclosure of a material weakness, such as those material weaknesses we have previously discovered and disclosed, by definition, could have a material adverse impact on our financial statements. Such an occurrence could discourage certain customers or suppliers from doing business with us and affect how our stock trades. This could, in turn, negatively affect our ability to access public debt or equity markets for capital.

The amount of income taxes we compute as payable on our income tax returns filed with the Internal Revenue Service and certain states could be challenged by those taxing authorities resulting in us paying more taxes than anticipated.

We file income tax returns with the Internal Revenue Service and taxing authorities in certain states. We prepare and file those returns based on our interpretations of the relevant tax code as to revenue to be reported and deductions and credits allowed. We use third-party experts to assist us in preparing our tax returns and computing our tax liabilities to help us ensure we pay the proper amount of tax due. Our tax returns are subject to examination by taxing authorities that could interpret the tax code in a different manner from us and conclude we are obligated to pay more taxes than we originally computed and paid. While we would defend the position taken on our tax returns as filed, a challenge from a taxing authority can be costly to defend with no assurance of a favorable outcome for us. In the event of an unfavorable result under these circumstances, our business, operating results and financial position could be harmed.

The amount of sales tax we collect on sales could be challenged by taxing authorities both in jurisdictions in which we have a corporate presence as well as by taxing authorities in areas where we have no corporate presence.

We collect and remit sales tax on sales in jurisdictions where we have a corporate or physical presence that results in an obligation to do so.  We sell our products to customers in numerous locations where we do not have a corporate or physical presence and, therefore, do not collect sales tax on those sales.  States in which we collect sales tax could audit our activities and assess us with additional tax based on their interpreting the sales tax code differently than we interpret it. Various states in which we do not collect sales tax are aggressive in interpreting their sales tax codes in determining if a company with no apparent presence in those states is obligated to collect and remit sales taxes, particularly on sales made across the Internet.  States where we do not collect sales tax could make an assertion that we should have been collecting sales tax and could assess us with that tax.  While we would defend our position taken as to our obligation to collect sales tax and the amount of sales tax collected, a challenge from a taxing authority can be costly to defend with no assurance of a favorable outcome for us. In the event of an unfavorable result under these circumstances, our business, operating results and financial position could be harmed.

Risks Related to Stock Ownership

Our stock price is, and may continue to be, volatile.

The trading price of our common stock has been and could continue to be subject to wide fluctuations in response to certain factors, including:

·
U.S. and global economic conditions leading to general declines in market capitalizations, with such declines not associated with operating performance.

·
Quarter-to-quarter variations in results of operations.

·
Our announcements of new products.

·
Our announcements of acquisitions.

·
Our announcements of significant new customers or contracts.
 


·
Our competitors’ announcements of new products.

·
Our product development or release schedule.

·
Changes in our management team.

·
General conditions in the software industry.

·
Investor perceptions and expectations regarding our products, plans and strategic position and those of our competitors and customers.
 
In addition, the public stock markets experience extreme price and trading volume volatility, particularly in high-technology sectors of the market. This volatility has significantly affected the market prices of securities of many technology companies for reasons often unrelated to the operating performance of the specific companies. The broad market fluctuations may adversely affect the market price of our common stock.

Accounting charges may cause fluctuations in our annual or quarterly financial results.

Our financial results may be affected by non-cash and other accounting charges, including:

·
Amortization of intangible assets, including acquired technology and product rights.

·
Acquisition expenses.

·
Impairment of goodwill and intangibles.

·
Share-based compensation expense.

·
Restructuring charges.

·
Impairment of long-lived assets.

·
Reserves for uncertain tax positions.

Anti-takeover provisions in our charter and Delaware law could inhibit others from acquiring us.

Some of the provisions of our certificate of incorporation and bylaws and in Delaware law could, together or separately:

·
Discourage potential acquisition proposals.

·
Delay or prevent a change in control.

·
Limit the price that investors may be willing to pay in the future for shares of our common stock.


In particular, our certificate of incorporation and bylaws prohibit stockholders from voting by written consent or calling meetings of the stockholders.  We are also subject to Section 203 of the Delaware General Corporation Law, which generally prohibits a Delaware corporation from engaging in any of a broad range of business combinations with any interested stockholder, as defined in the statute, for a period of three years following the date on which the stockholder became an interested stockholder.

Our directors and executive officers continue to have substantial control over us.

Our directors and executive officers, together with their affiliates and related persons, beneficially owned, in the aggregate, approximately 20% of our outstanding common stock as of March 31, 2018. These stockholders would have the ability to substantially control our operations and direct our policies including the outcome of matters submitted to our stockholders for approval, such as the election of directors and any acquisition or merger, consolidation or sale of all or substantially all of our assets. In addition, our certificate of incorporation and bylaws provide for our Board of Directors to be divided into three classes of directors serving staggered three-year terms.  As a result, approximately one-third of our Board of Directors will be elected each year.

Stockholders’ ownership of our stock may be significantly diluted as a result of the exercise of stock options, thereby affecting the value of the stock.

There were options to purchase 2,665,210 shares of our common stock outstanding under our employee and director stock option plans as of December 31, 2017, of which options to purchase 1,124,109 shares were vested. We have filed registration statements under the Securities Act of 1933, as amended (the “Securities Act”), covering stock issued upon the exercise of options by non-affiliates, and we may file a registration statement covering options held by affiliates as well. If we do not file a registration statement covering affiliates, affiliates who exercise their options may choose to sell the stock under an exemption from registration, such as Rule 144 under the Securities Act. The exercise of these options and sale of the resulting stock could depress the value of our stock.
 
Risks Related to Intellectual Property

We are vulnerable to claims that our products infringe third-party intellectual property rights particularly because our products are partially developed by independent parties.

From time to time, we experience claims that our products infringe third-party intellectual property rights.  We may be exposed to future litigation based on claims that our products infringe the intellectual property rights of others. This risk is exacerbated by the fact that some of the code in our products is developed by independent parties or licensed from third parties over whom we have less control than we exercise over internal developers. In addition, we expect that infringement claims against software developers will become more prevalent as the number of products and developers grows and the functionality of software programs in the market increasingly overlaps.  Companies in the technology industry, and other patent and trademark holders seeking to profit from royalties in connection with grants of licenses, own large numbers of patents, copyrights, trademarks, service marks, and trade secrets and frequently enter into litigation based on allegations of infringement or other violations of intellectual property rights.  In addition, we may be the target of aggressive and opportunistic enforcement of patents by third parties, including non-practicing entities.

Responding to and defending against such claims may cause us to incur significant expense and divert the time and efforts of our management and employees. Successful assertion of such claims could require that we pay substantial damages or ongoing royalty payments, prevent us from selling our products and services, damage our reputation, or require that we comply with other unfavorable terms, any of which could materially harm our business. In addition, we may decide to pay substantial settlement costs in connection with any claim or litigation, whether or not successfully asserted.

While it is not possible to predict the outcome of patent litigation incidents to our business, defense costs may be significant, and we believe the costs associated with this litigation or other claims of infringement could generally have a material adverse impact on our results of operations, financial position or cash flows.  Regardless of the merit of such claims, responding to infringement claims can be expensive and time-consuming.


For any intellectual property rights claim against us or our customers, we may have to pay damages and indemnify our customers against damages.

Claims of infringement could require us to re-engineer our products or seek to obtain licenses from third parties in order to continue offering our products in a manner that may include licensing technologies from others. In addition, an adverse legal decision affecting our intellectual property, or the use of significant resources to defend against this type of claim could place a significant strain on our financial resources and harm our reputation.

We may not be able to protect our intellectual property rights.

Our software code and trade and service marks are some of our most valuable assets. Given the global nature of the Internet and our business, we are vulnerable to the misappropriation of this intellectual property, particularly in foreign markets, such as China and Eastern Europe, where laws or law enforcement practices are less developed. The global nature of the Internet makes it difficult to control the ultimate destination or security of our software making it more likely that unauthorized third-parties will copy certain portions of our proprietary information or reverse engineer the proprietary information used in our programs. If our proprietary rights were infringed by a third-party and we did not have adequate legal recourse, our ability to earn profits, which are highly dependent on those rights, would be severely diminished.

Other companies may own, obtain or claim trademarks that could prevent, limit or interfere with our use of our trademarks.

Our various trademarks are important to our business. If we were to lose the use of any of our trademarks, our business would be harmed and we would have to devote substantial resources towards developing an independent brand identity. Defending or enforcing our trademark rights at a local and international level could result in the expenditure of significant financial and managerial resources.
 
Risks Related to the Investigation and the Restatement

Matters relating to or arising from our Audit Committee investigation, including regulatory proceedings, litigation matters and potential additional expenses, may adversely affect our business and results of operations.

As previously disclosed in our public filings and in this Form 10-K, the Audit Committee has recently completed the investigation relating to revenue recognition. We are also the subject of an investigation by the SEC related to these matters.

We have incurred significant expenses related to legal, accounting, and other professional services in connection with the Audit Committee investigation and related matters and related remediation efforts. The expenses incurred, and expected to be incurred, in connection with the Audit Committee and SEC investigations, the impact of our delay in 2017 and to date in 2018 in meeting our periodic reporting requirements on the confidence of investors, employees and customers, and the diversion of the attention of the management team that has occurred, and is expected to continue, has adversely affected, and could continue to adversely affect, our business, financial condition and results of operations or cash flows.
 
As a result of the matters reported above, we are exposed to greater risks associated with litigation, regulatory proceedings and government enforcement actions. In addition, we have incurred significant legal expenses in connection with a securities class action that has been filed against us and certain of our directors and officers. Any future investigations or additional lawsuits may adversely affect our business, financial condition, results of operations and cash flows.

We have restated our consolidated financial statements, which may lead to additional risks and uncertainties.

As discussed in Note 15 to our consolidated financial statements included in Part II, Item 8, “Financial Statements and Supplementary Data”, of our Form 10-K/A filed on June 14, 2018, we have restated our consolidated financial statements as of and for the years ended December 31, 2016 and 2015. The determination to restate these consolidated financial statements was made by our Audit Committee upon management’s recommendation. As a result of these events, we have become subject to a number of additional risks and uncertainties, including substantial unanticipated accounting and legal fees in connection with or related to the Restatement. Likewise, such events might cause a diversion of our management’s time and attention.

We are also subject to claims, investigations and proceedings arising out of the Restatement. For additional information regarding this litigation, see Part I, Item 3, “Legal Proceedings”, of this Form 10-K.

The restatement of our previously issued financial results has resulted in private litigation and could result in private litigation judgments that could have a material adverse impact on our results of operations and financial condition.

We are subject to shareholder litigation relating to the restatement of our previously filed financial statements and to certain of our previous public disclosures.  For additional discussion of this litigation, see Part I, Item 3, “Legal Proceedings”, of this Form 10-K. Our management has been, and may in the future be, required to devote significant time and attention to this litigation, and this and any additional matters that arise could have a material adverse impact on our results of operations and financial condition as well as on our reputation. While we cannot estimate our potential exposure in these matters at this time, we have already incurred significant expense defending this litigation and expect to continue to need to incur significant expense in the defense.

The existence of the litigation may have an adverse effect on our reputation with our customers, which could have an adverse effect on our results of operations and financial condition.

We have identified material weaknesses in our internal control over financial reporting which could, if not remediated, result in additional material misstatements in our consolidated financial statements.

Our management is responsible for establishing and maintaining adequate internal control over our financial reporting, as defined in Rule 13a-15(f) under the Securities Exchange Act of 1934, as amended (the “Exchange Act”). As disclosed in Part II, Item 9A, management has identified material weaknesses in our internal control over financial reporting.

A material weakness is defined as a deficiency, or combination of deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of our annual or interim consolidated financial statements will not be prevented or detected on a timely basis. In connection with our management’s assessment of our internal control over financial reporting, our management identified the following deficiencies that constituted individually, or in the aggregate, material weaknesses in our internal control over financial reporting as of December 31, 2017.

We had material weaknesses in our control environment and monitoring:

·
We did not implement effective oversight of our finance and accounting processes (including organizational structure and reporting hierarchy), which impacted our ability to make appropriate decisions regarding revenue recognition.
·
We did not effectively design and implement appropriate oversight controls over our period-end financial closing and reporting processes, and our review controls were not sufficient to ensure that errors regarding revenue recognition would be detected.
·
We did not effectively monitor (review, evaluate and assess) the risks associated with key internal control activities that provide the revenue information contained in our financial statements.

We had material weaknesses related to internal control monitoring and activities to support the financial reporting process:
 
·
We did not maintain effective controls over the invoicing process to ensure that proper supporting documentation was received prior to preparing invoices.
·
We did not maintain effective controls over the revenue recognition process to ensure revenue was only recognized when all four criteria of our revenue recognition policy were met.

Because of these material weaknesses, our management concluded that our internal control over financial reporting was not effective based on criteria set forth by the Committee of Sponsoring Organization of the Treadway Commission in Internal Control-An Integrated Framework (2013).

As disclosed in Part II, Item 9A, we have developed and are in the process of implementing remediation plans designed to address these material weaknesses. If our remedial measures are insufficient to address the material weaknesses, or if additional material weaknesses or significant deficiencies in our internal control are discovered or occur in the future, our consolidated financial statements may contain material misstatements and we could be required to restate our financial results, which could lead to substantial additional costs for accounting and legal fees.

 
Any additional revisions or restatements of our consolidated financial statements may lead to a further loss of investor confidence and have a negative impact on the trading prices of our securities. Any of these matters could adversely affect our business, reputation, revenues, results of operations and financial condition and limit our ability to access the capital markets through equity or debt issuances.

We face risks related to an ongoing Securities and Exchange Commission investigation.

On January 11, 2018, we received a subpoena from the SEC which has since opened a formal investigation relating to, among other things, the Restatement (the “SEC Investigation”). See Part I, Item 3, “Legal Proceedings” of this Form 10-K for a discussion of the SEC Investigation. We are cooperating fully with the SEC Investigation. At this point, we are unable to predict what the outcome of the SEC Investigation may be or what, if any, consequences the SEC Investigation may have with respect to the Company or any current or former Company personnel. However, the SEC Investigation could result in considerable legal expenses, divert management’s attention from other business concerns and harm our business. If the SEC were to determine that legal violations occurred, we could be required to pay significant civil and/or criminal penalties and/or other amounts and we could become subject to a cease and desist order and/or other remedies or conditions imposed as part of any resolution. We can provide no assurances as to the outcome of the SEC Investigation.

Our indemnification obligations and limitations of our director and officer liability insurance may have a material adverse effect on our financial condition, results of operations and cash flows.

Under Delaware law, our certificate of incorporation and bylaws and certain indemnification agreements to which we are a party, we have an obligation to indemnify, or we have otherwise agreed to indemnify, certain of our current and former directors and officers with respect to current and future investigations and litigation, including the matters discussed in Part I, Item 3, “Legal Proceedings” of this Form 10-K. In connection with some of these pending matters, we are required to, or we have otherwise agreed to, advance, and have advanced, legal fees and related expenses to certain of our current and former directors and officers and expect to continue to do so while these matters are pending. Certain of these obligations may not be “covered matters” under our directors’ and officers’ liability insurance, or there may be insufficient coverage available. Further, in the event the directors and officers are ultimately determined not to be entitled to indemnification, we may not be able to recover the amounts we previously advanced to them.
In addition, we have incurred significant expenses in connection with the Audit Committee’s independent investigation, the pending SEC Investigation, and shareholder litigation. We cannot provide any assurances that past or future claims related to those or other matters, including the cost of fees, penalties or other expenses, will not exceed the limits of our insurance policies, that such claims are covered by the terms of our insurance policies or that our insurance carrier will be able to cover our claims. Additionally, to the extent there is coverage of these claims, the insurers also may seek to deny or limit coverage in some or all of these matters. Furthermore, the insurers could become insolvent and unable to fulfill their obligation to defend, pay or reimburse us for insured claims. Accordingly, we cannot be sure that claims will not arise that are in excess of the limits of our insurance or that are not covered by the terms of our insurance policy. Due to these coverage limitations, we may incur significant unreimbursed costs to satisfy our indemnification obligations, which may have a material adverse effect on our financial condition, results of operations or cash flows.
 
Item 1B.  Unresolved Staff Comments

None.

Item 2.  Properties

Our corporate office is in San Antonio, Texas.  That office contains approximately 21,000 square feet for which the average annual rent under the lease is $347,000. We believe these facilities are suitable for our current business needs and that suitable, additional space would be available if needed in the future under acceptable terms.
 
Item 3.  Legal Proceedings
 
As previously disclosed in the Company’s Current Report on Form 8-K filed on November 15, 2017, on August 9, 2017, a securities class action complaint, Anthony Giovagnoli v. GlobalSCAPE, Inc., et. al., Case No. 5:17-cv-00753, was filed against the Company in the United States District Court for the Western District of Texas. The complaint names as defendants the Company, Matthew Goulet, and James Albrecht for allegedly making materially false and misleading statements regarding, inter alia, the Company’s previously reported financial statements. The complaint alleges violations of Sections 10(b) and 20(a) of the Exchange Act and Rule 10b-5 promulgated thereunder. The complaint seeks unspecified damages, costs, attorneys’ fees, and equitable relief. On November 6, 2017, the Court appointed a lead plaintiff, who has agreed to file an amended complaint following the completion of the Restatement. Management intends to vigorously defend against this action. At this time, the Company cannot predict how the courts will rule on the merits of the claims and/or the scope of the potential loss in the event of an adverse outcome. Should the Company ultimately be found liable, the resulting damages could have a material adverse effect on its financial position, liquidity, or results of operations.

On October 20, 2017, the Company received a demand letter from a stockholder seeking the inspection of books and records of the Company pursuant to Section 220 of the Delaware General Corporation Law (the “Section 220 Demand”). This stockholder’s stated purpose for the demand is, inter alia, to investigate whether the Company’s Board of Directors and officers engaged in an illegal scheme to misrepresent the Company’s performance by falsely reporting accounts receivable, license revenue, total current assets and total assets, total stockholders’ equity, and total liabilities for the year ended December 31, 2016, as well as the Board’s independence to consider a stockholder derivative demand. The Company intends to fully respond to the Section 220 Demand to the extent required under Delaware law.

The Board has established a special litigation committee (“Special Litigation Committee”) consisting of Dr. Thomas Hicks and Frank Morgan to analyze and investigate claims that could potentially be asserted in stockholder derivative litigation related to facts connected to the claims and allegations asserted in the litigation related to the Restatement and the Section 220 Demand (the “Potential Derivative Litigation”). The Special Litigation Committee will determine what actions are appropriate and in the best interests of the Company, and decide whether it is in the best interests of the Company to pursue, dismiss, or consensually resolve any claims that may be asserted in the Potential Derivative Litigation. The Board determined that each member of the Special Litigation Committee is disinterested and independent with respect to the Potential Derivative Litigation. Among other things, the Special Litigation Committee has the power to retain counsel and advisors, as appropriate, to assist it in the investigation, to gather and review relevant documents relating to the claims, to interview persons who may have knowledge of the relevant information, to prepare a report setting forth its conclusions and recommended course of action with respect to the Potential Derivative Litigation, and to take any actions, including, without limitation, directing the filing and prosecution of litigation on behalf of the Company, as the Special Litigation Committee in its sole discretion deems to be in the best interests of the Company in connection with the Potential Derivative Litigation. The Special Litigation Committee’s findings and determinations shall be final and not subject to review by the Board and in all respects shall be binding upon the Company.
 
As disclosed in a Current Report on Form 8-K filed on March 16, 2018, the Fort Worth, Texas Regional Office of the SEC has opened a formal investigation of issues relating to the Restatement, with which the Company is cooperating fully.  At this time, the Company is unable to predict the duration, scope, result or related costs associated with the SEC’s investigation.  The Company is also unable to predict what, if any, action may be taken by the SEC, or what penalties or remedial actions the SEC may seek.  Any determination by the SEC that the Company’s activities were not in compliance with existing laws or regulations, however, could result in the imposition of fines, penalties, disgorgement, equitable relief, or other losses, which could have a material adverse effect on the Company’s financial position, liquidity, or results of operations.
 
On May 31, 2018, the Company was served with a subpoena issued by a grand jury sitting in the United States District Court for the Western District of Texas (the “Grand Jury Subpoena”). The Grand Jury Subpoena requests all documents and emails relating to the Company’s investigation of the potential improper recognition of software license revenue.  The Company intends to fully cooperate with the Grand Jury Subpoena and related investigation being conducted by the United States Attorney’s Office for the Western District of Texas (the “U.S. Attorney’s Investigation”).  At this time, the Company is unable to predict the duration, scope, result or related costs of the U.S. Attorney’s Investigation.  The Company is also unable to predict what, if any, further action may be taken in connection with the Grand Jury Subpoena and the U.S. Attorney’s Investigation, or what, if any, penalties, sanctions or remedial actions may be sought.  Any determination by the U.S. Attorney’s office that the Company’s activities were not in compliance with existing laws or regulations, however, could result in the imposition of fines, penalties, disgorgement, equitable relief, or other losses, which could have a material adverse effect on the Company’s consolidated financial position, liquidity, or results of operations.

Item 4. Mine Safety Disclosures

Not Applicable.


PART II
 
Item 5.  Market for Registrant’s Common Equity, Related Stockholder Matters and Issuer Purchases of Equity
   
Our common stock is listed on the NYSE American Exchange under the symbol “GSB”. The following table sets forth the quarterly high and low closing sale prices for our common stock for the last two fiscal years.

   
2017
   
2016
 
   
High
   
Low
   
High
   
Low
 
First Quarter (ending March 31)
 
$
4.26
   
$
3.71
   
$
4.08
   
$
3.27
 
Second Quarter (ending June 30)
 
$
5.29
   
$
3.87
   
$
4.00
   
$
3.20
 
Third Quarter (ending September 30)
 
$
5.44
   
$
3.62
   
$
3.87
   
$
3.41
 
Fourth Quarter (ending December 31)
 
$
4.33
   
$
3.40
   
$
4.18
   
$
3.35
 
                                 
Annual
 
$
5.44
   
$
3.40
   
$
4.18
   
$
3.20
 

On April 30, 2018, the last reported sales price of our common stock on the NYSE American Exchange was $3.73 per share.  As of April 30, 2018, we had approximately 1,769 stockholders of record of our common stock.

We paid quarterly dividends of $.015 per share on March 8, 2016, June 8, 2016, September 8, 2016 and December 8, 2016 to stockholders of record as of the close of business on February 23, 2016, May 23, 2016, August 23, 2016 and November 23, 2016, respectively. We paid quarterly dividends of $.015 per share on March 8, 2017, June 8, 2017, September 8, 2017 and December 18, 2017 to stockholders of record as of the close of business on February 23, 2017, May 23, 2017, August 23, 2017 and November 30, 2017, respectively. The timing and amount of dividends to be paid, if any, in subsequent quarters will be determined on future dates by the Board of Directors.

Item 6.  Selected Financial Data

The following selected financial data is derived from the Consolidated Financial Statements included in this and previous annual reports. This data is qualified in its entirety by and should be read in conjunction with the more detailed Financial Statements and related notes included in this annual report and with Item 8, “Financial Statements and Supplementary Data”. Historical results may not be indicative of future results.
 
As part of our ongoing enhancement and refinement of our financial reporting to fairly present our results of operations and financial position, we may make changes from time-to-time in accounting methods and in the classification and presentation of our business activities in our financial statements. To ensure comparability between periods, we revise previous period financial statements presented to conform them to the method of presentation in our current period financial statements.
 
As discussed in Note 2 to our Consolidated Financial Statements included in this annual report, in preparing our consolidated financial statements as of December 31, 2017, and for the year then ended, we refined our classification of revenue from certain services we provide such that we now classify those activities as professional services revenue instead of M&S revenue. We have applied that reclassification to our consolidated statements of operations and comprehensive income for the year ended December 31, 2016, which had the effect of decreasing previously reported M&S revenue and increasing previously reported professional services revenue by $113,000 for the year ended December 31, 2016.
 
Statement of Operations Data:
                             
($ in thousands except per share amounts)
                             
   
Year Ended December 31,
 
   
2017
   
2016
   
2015
   
2014
   
2013
 
                               
Total revenues
 
$
33,891
   
$
32,595
   
$
30,735
   
$
26,770
   
$
24,339
 
Income from operations
 
$
2,622
   
$
5,227
   
$
6,309
   
$
4,615
   
$
3,901
 
Net income
 
$
1,371
   
$
3,585
   
$
4,526
   
$
3,026
   
$
3,840
 
                                         
Net income per common share - basic
 
$
0.06
   
$
0.17
   
$
0.22
   
$
0.15
   
$
0.21
 
Net income per common share - diluted
 
$
0.06
   
$
0.17
   
$
0.21
   
$
0.15
   
$
0.20
 
                                         
Cash dividends declared per share
 
$
0.060
   
$
0.060
   
$
0.045
   
$
0.050
   
$
0.050
 

 


Balance Sheet Data:
                             
($ in thousands)
                             
   
2017
   
2016
   
2015
   
2014
   
2013
 
                               
Total assets
 
$
52,513
   
$
49,745
   
$
44,325
   
$
38,387
   
$
33,092
 
Long term debt, less current portion
 
$
-
   
$
-
   
$
-
   
$
-
   
$
2,989
 
 
Item 7.  Management’s Discussion and Analysis of Financial Condition and Results of Operations
 
The following Management’s Discussion and Analysis of Financial Condition and Results of Operations should be read in conjunction with our consolidated financial statements for the years ended December 31, 2017 and 2016, and related notes included elsewhere in this document.  Our consolidated financial information as of December 31, 2016, and for the year then ended, presented within this Form 10-K reflects the effects of the Restatement.

Overview

We develop and sell computer software that provides secure information exchange, data transfer and sharing capabilities for enterprises and consumers. We have been in business for more than twenty years having sold our products to thousands of enterprises and more than one million individual consumers globally.

Our primary business is selling and supporting managed file transfer, or MFT, software for enterprises. MFT software facilitates the transfer of data from one location to another across a computer network within a single enterprise or between multiple computer networks in multiple enterprises.

Our MFT products are based upon our Enhanced File Transfer, or EFT, platform. This platform emphasizes secure and efficient data exchange for virtually any organization. It enables business partners, customers and employees to share information safely and securely. The EFT platform provides enterprise-level security while automating the integration of back-end systems which are features often missing from traditional file transfer software. The EFT platform features built-in regulatory compliance, governance, and visibility controls to maintain data safety and security. It can replace legacy systems, homegrown servers, expensive leased lines and virtual area networks, all of which can be insecure, with a top-performing, scalable alternative. The EFT platform promotes ease of administration while providing the detailed capabilities necessary for complete control of a file transfer system.

We earn most of our revenue from the sale of products and services that are part of our EFT platform. Our customers can purchase the capabilities of our EFT platform in two ways:

·
Under a perpetual software license for which they pay a one-time fee and under which they typically install our product on computers that they own and/or manage. Our brand name for this product is EFT. Almost all customers who purchase EFT also purchase a maintenance and support, or M&S, contract for which they pay us a recurring fee. Most of the revenue we have earned from our EFT platform products has been from sales of perpetual software licenses and related M&S.
·
As a software-as-a-service, or SaaS, under which they pay us ongoing fees to access the capabilities of the EFT platform in the cloud. Through the end of 2017, EFT Cloud was our SaaS offering of the EFT platform which users accessed for a flat monthly subscription fee. In January 2018, we introduced EFT Arcus, which will be our SaaS offering of the EFT platform going forward, for which users will pay a base monthly subscription fee plus an additional variable amount determined based upon their metered usage of EFT Arcus resources.

We sell other products that are synergistic to our EFT platform including Mail Express, WAFS, and CuteFTP. Collectively, these products constituted less than 5% of our total revenue in 2017. Customers pay a one-time fee to purchase these products under a perpetual software license. Some customers also purchase an M&S contract. We do not offer a SaaS version of these products and have no plans to do so.


We also earn revenue from professional services we provide to assist our customers in configuring and integrating our EFT platform products into their environments.

We focus on selling our EFT platform products in a business-to-business environment. The majority of the resources we will expend in the future for product research, development, marketing and sales will focus on EFT platform products. We expect to expend minimal resources developing and selling our other products. We believe our EFT platform products and business capabilities are well-positioned to compete effectively in the market for these products.

In June 2017, we introduced a data integration product that we planned to sell under the brand name Kenetix. We licensed the technology for this product from a third-party. We have experienced issues with the third-party technology and have determined to suspend marketing of the product as we evaluate options and determine whether the licensor can effectively address the issues.

For a more comprehensive discussion of the products we sell and the services we offer, see Software Products and Services above.

Key Business Metrics

Key Business Metrics

We review a number of key business metrics on an ongoing basis to help us monitor our performance and to identify material trends which may affect our business. The significant metrics we review are described below.

Revenue Growth

We believe annual revenue growth is a key metric for monitoring our continued success in developing our business in future periods. Given our diverse solution portfolio, we regularly review our revenue mix and changes in revenue across all solutions to identify emerging trends. We believe our revenue growth is primarily dependent upon executing our business strategies which include:

·
Ongoing innovation of our EFT platform to address the expanding needs of our existing customers and to enhance our products’ appeal to new customers.

·
Licensing, developing and/or acquiring technologies with features and functions that are complementary to and synergistic with our EFT platform so as to expand the breadth of our product offerings.

·
Enhancing our sales and marketing programs to improve identification of potential demand for our products and to increase the rate at which we are successful in selling our products.

To support product innovation, we continue to enhance our software engineering group and our focus on optimizing the manner in which we assess the development of new technologies, our approach to managing those projects, and the timelines over which we do that work.

We remain alert for attractive opportunities to collaborate with others or perhaps combine other revenue-producing technologies with ours to expand our product offerings and reach. To that end, we continually assess products and services offered by others that might be synergistic with our existing products. We may elect to take advantage of those opportunities through cooperative marketing agreements or licensing arrangements or by acquiring an ownership position in the enterprise offering the opportunity.

In continuing to develop our demand generation activities, we have made and continue to make ongoing changes in sales and marketing including:
 
·
Increasing sales staff capacity as needed to address our markets.
·
Aligning our sales group to enhance its industry and geographic focus.
·
Implementing new sales and marketing campaigns.
·
Using third-party digital marketing experts with search engine optimization expertise to enhance our efforts in this area.

·
Evolving our lead generation programs to increase our sales staff’s exposure to potential purchasers.
·
Enhancing our support of channel partners and engaging them to sell our products through training, orientation and marketing programs.

As part of growing revenue in total, we are focused on increasing license revenue both in terms of absolute dollars and as a percent of total revenue. When we sell our licensed products, we also typically create a recurring revenue stream from M&S since almost all purchasers of our licensed enterprise products also purchase an M&S contract. Most of our M&S contracts are for one year although we also sell multi-year contracts. The customer pays us the M&S fee for the entire term of the agreement at the time the contract begins. We recognize that amount as revenue ratably in future periods over the term of the contract.

We typically experience a high renewal rate for M&S services for our enterprise products so long as a customer continues using the licensed product they purchased from us. As a result, growing license revenue not only contributes to increasing revenue growth at the time the license is sold but also provides a foundation for future recurring revenue as the purchasers of our licensed products renew M&S contracts to support their ongoing product support needs. This pattern of activity can create a cumulative effect for M&S renewals as a result of the cumulative number of licensed software installations sold over multiple years that create M&S renewals in any single year predictably (and in line with our expectations) exceeding the number of new software licenses we sell in a single year. We expect this cumulative effect to continue to grow if we continue to increase enterprise software license revenue in future periods. For these reasons, we expect M&S revenue will remain a substantial part of our total revenue.

See Comparison of the Consolidated Statement of Operations for the Years Ended December 31, 2017 and 2016 for a discussion of trends in our revenue growth that we monitor using this metric.

In the past, we reported bookings and potential future revenue as key business metrics. With the refinement of our revenue growth key business metric discussed above, we no longer rely on bookings or potential future revenue as key business metrics since we have determined that our revenue growth metric is the primary metric upon which we rely to measure the success of sales and marketing programs and our outlook for revenue in the future.

Adjusted EBITDA (Non-GAAP Measurement)

We utilize Adjusted EBITDA (Earnings Before Interest, Taxes, Total Other Income/Expense, Depreciation, Amortization, other than amortization of capitalized software development costs, and Share-Based Compensation Expense) to provide us a view of income and expenses that is supplemental and secondary to our primary assessment of net income as presented in our consolidated statement of operations and comprehensive income. We use Adjusted EBITDA to provide another perspective for measuring profitability from our core operating activities that does not include the effects of the following items:

·
Expenses that typically do not require us to pay them in cash in the current period (such as depreciation, amortization and share-based compensation);
·
The cost of financing our business; and
·
The effects of income taxes.

We monitor Adjusted EBITDA to assess our performance relative to our intended strategies, expected patterns of action, and budgets. We use the results of that assessment to adjust our future activities to the extent we deem necessary.

Adjusted EBITDA is not a measure of financial performance under GAAP. It should not be considered as a substitute for net income presented on our consolidated statement of operations and comprehensive income. Adjusted EBITDA has limitations as an analytical tool and when assessing our operating performance. Adjusted EBITDA should not be considered in isolation or without a simultaneous reading and consideration of our consolidated financial statements prepared in accordance with GAAP.


We compute Adjusted EBITDA as follows ($ in thousands):
 
   
Year Ended
 
   
December 31,
 
   
2017
   
2016
 
             
             
Net Income
 
$
1,371
   
$
3,585
 
Add (subtract) items to determine Adjusted EBITDA:
               
Income tax expense
   
1,547
     
1,801
 
Interest (income) expense, net
   
(296
)
   
(159
)
Depreciation and amortization:
               
Total depreciation and amortization
   
2,144
     
2,045
 
Amortization of capitalized software development costs
   
(1,883
)
   
(1,777
)
Share-based compensation expense
   
1,566
     
1,014
 
Adjusted EBITDA
 
$
4,449
   
$
6,509
 

See Comparison of the Consolidated Statement of Operations for the Years Ended December 31, 2017 and 2016 for discussion of the variances between periods in the components comprising Adjusted EBITDA.

Solution Perspective and Trends

Our discussion of the business trends of our products is based on the following profile of our revenue components ($ in thousands):
 
   
2017
   
2016
 
         
Percent of
         
Percent of
 
   
Amount
   
Total
   
Amount
   
Total
 
                         
Revenue By Type
                       
License
   
10,929
     
32.2
%
   
11,243
     
34.5
%
M&S
   
20,761
     
61.3
%
   
18,668
     
57.3
%
Professional Services
   
2,201
     
6.5
%
   
2,684
     
8.2
%
Total Revenue
 
$
33,891
     
100.0
%
 
$
32,595
     
100.0
%
                                 
Revenue By Product Line
                               
License
                               
EFT Platform
 
$
10,412
     
95.3
%
 
$
10,237
     
91.1
%
Other
   
517
     
4.7
%
   
1,006
     
8.9
%
     
10,929
     
100.0
%
   
11,243
     
100.0
%
M&S
                               
EFT Platform
   
19,715
     
95.0
%
   
17,432
     
93.4
%
Other
   
1,046
     
5.0
%
   
1,236
     
6.6
%
     
20,761
     
100.0
%
   
18,668
     
100.0
%
                                 
Professional Services (all EFT Platform)
   
2,201
     
100.0
%
   
2,684
     
100.0
%
                                 
Total Revenue
                               
EFT Platform
   
32,328
     
95.4
%
   
30,353
     
93.1
%
Other
   
1,563
     
4.6
%
   
2,242
     
6.9
%
   
$
33,891
     
100.0
%
 
$
32,595
     
100.0
%
 



We earn revenue primarily from the following activities:

License revenue from sales of our EFT platform products that we deliver as either perpetually-licensed software installed at the customer’s premises, for which we earn the full amount of the license revenue at the time the license is delivered, or as a cloud-based service delivered using a SaaS model, for which we earn monthly subscription revenue as these services are delivered.
License revenue from sales of our Mail Express, WAFS and CuteFTP products that are installed at the customer’s premises under a perpetual license for which we earn the full amount of the license revenue at the time the license is delivered.
M&S revenue under contracts to provide ongoing product support and software updates to our customers who have purchased licensed software which we recognize ratably over the contractual period, which is typically one year but can be up to three years.
Professional services revenue from a variety of implementation and integration services, as well as delivery of education and training associated with our solutions, which we recognize as the services are completed.

We earn most of our revenue from the sale of our EFT platform products and the associated M&S and professional services related to those products. With our core competency being in products that address the MFT market, we believe our EFT platform products provide the best opportunity for our future growth. Accordingly, expansion of the capabilities of the EFT platform will be our primary focus in the future. While we will continue to sell and support our other products for the foreseeable future, they will not be an area of emphasis for us going forward.

We believe that continuing to offer licensed products installed on-premises for which we recognize revenue up-front and that carry with them a recurring M&S revenue stream continues to be important to our future success. At the same time, we recognize that a migration of capabilities to a SaaS platform is attractive to a growing number of customers. We have, and have had for quite some time, the capabilities in place to deliver our EFT platform in that manner. In 2018, we released EFT Arcus as our newest offering of the EFT platform as SaaS.

A migration in the marketplace from purchasing our EFT platform products for a one-time, perpetual license fee, along with an associated contract for M&S services, to paying a monthly fee to access those products in a SaaS manner, could cause our revenue growth rate to decrease and could cause a short-term decline in our revenue. These decreases could occur because it can typically takes approximately 24 to 36 months for the cumulative revenue earned from delivering our EFT platform products for a monthly subscription fee to exceed the cumulative revenue we would earn from the combination of selling a perpetual license for a one-time fee along with an M&S contract.

In mid-2016, we reviewed the allocation of our product research, development, sales and marketing resources across all of our products. As a result of that review, we decided to adjust that allocation to focus most of our resources involved in product research and development, as well as our sales and marketing activities, on our EFT platform products in order to expand their capabilities and to remain positioned to be responsive to the evolving needs of our customers. Accordingly, we do not expect to expend significant resources in the future on expanding the features and capabilities of, or on sales and marketing programs for, Mail Express, WAFS and CuteFTP. We plan to continue providing customer support for those products for the foreseeable future.

To support product innovation, we continue to enhance our software engineering group and our focus on optimizing the manner in which we assess the development of new technologies, our approach to managing those projects, and the timelines over which we do that work. In continuing to develop our demand generation, marketing and sales activities, we have made and continue to make ongoing changes in sales and marketing including:
 
·
Increasing sales staffing and capabilities as needed to address our markets.
·
Aligning our sales group to enhance its industry and geographic focus.
·
Implementing new sales and marketing campaigns.
·
Evolving our lead generation programs to increase our sales staff’s exposure to potential purchasers.
·
Enhancing our support of channel partners and engaging them to sell our products through training, orientation and marketing programs.

Our total revenue increased 4% in 2017. For a more complete discussion of this revenue trend, see Comparison of the Consolidated Statement of Operations for the Years Ended December 31, 2017 and 2016.

Liquidity and Capital Resources
 
Our cash and working capital positions were as follows ($ in thousands):
 
   
December 31, 2017
   
December 31, 2016
 
Cash and cash equivalents
 
$
11,583
   
$
8,895
 
Short term certificates of deposit
   
4,291
     
2,754
 
Long term certificates of deposit
   
11,503
     
12,779
 
Total cash, cash equivalents and certificates of deposit
 
$
27,377
   
$
24,428
 
                 
Current assets
 
$
23,296
   
$
18,760
 
Current liabilities
   
(16,886
)
   
(16,188
)
Working capital
 
$
6,410
   
$
2,572
 

At December 31, 2017, our short term investments consisted of certificates of deposit maturing on various dates through 2018. Our long term investments as of that date consisted of a certificate of deposit maturing in December 2021.

When assessing our liquidity and capital resources, we consider the following factors:

·
We may access and monetize our certificates of deposit at any time without risk of loss of the original amounts invested. If we were to redeem these certificates of deposit prior to their maturity, we may incur a penalty and forfeit certain amounts of accrued interest.
·
Deferred revenue, unlike the other liability components of our working capital, is an obligation we will satisfy by providing services in the future to our customers as part of our ongoing operating activities from which we have historically generated cash flow. Our deferred revenue does not involve a disbursement of cash as a direct payment of that liability although we will incur operating expenses in the future as we deliver those M&S services.

Our capital requirements principally relate to our need to fund our ongoing operating expenditures, which are primarily related to employee salaries and benefits. We make these expenditures to enhance our existing products, develop new products, sell those products in the marketplace and support our customers after the sale.

We rely on cash and cash equivalents on hand and cash flows from operations to fund our operating activities and believe those items will be our principal sources of capital for the foreseeable future. If our revenue declines and/or our expenses increase, our cash flow from operations and cash on hand could decline.

We plan to expend significant resources in the future for research and development of our products and expansion and enhancement of our sales and marketing activities. If sales decline or if our liquidity is otherwise under duress, we could substantially reduce personnel and personnel-related costs, reduce or substantially eliminate capital expenditures and/or reduce or substantially eliminate certain research and development and sales and marketing expenditures. We may also sell equity or debt securities or enter into credit arrangements in order to finance future acquisitions or licensing activities, to the extent available.

Cash provided or used by our various activities consisted of the following ($ in thousands):

   
Cash Provided (Used) During the
Year Ended December 31,
 
   
2017
   
2016
 
Operating activities
 
$
5,736
   
$
7,065
 
Investing activities
 
$
(2,212
)
 
$
(13,880
)
Financing activities
 
$
(836
)
 
$
(175
)



Our cash provided by operating activities decreased during 2017 compared to 2016 primarily due to the following factors set forth on our Consolidated Statements of Cash Flows:

·
Net income after considering adjustments to reconcile net income to net cash provided by operating activities decreasing from $6.7 million in 2016 to $5.5 million in 2017. The primary cause of this decrease was the expenses we incurred in connection with the Investigation. See the section below under Comparison of the Consolidated Statement of Operations for the Years Ended December 31, 2017 and 2016 for a discussion of additional factors that contributed to this variation.
·
Deferred revenue decreasing $395,000 during 2017 compared to increasing $1.2 million during 2016. This change was primarily due to an M&S contract supporting our EFT platform products used by the U.S. Army in connection with their Standard Army Maintenance System-Enhanced logistics program not being renewed at the end of the third fiscal quarter of 2017 as a result of the U.S. Army consolidating certain of their operations.
·
Federal income tax receivable increasing $530,000 during 2017 compared to decreasing $229,000 during 2016 due to higher payments in 2017 as compared to 2016.  In 2016 we did not make any federal income tax payments due to utilization of overpayments from 2015.
 
Offset by:
 
·
Accounts receivable decreasing $346,000 during 2017 compared to increasing $532,000 during 2016 primarily due to our ongoing work to improve the timeliness of our accounts receivable collections.
·
Accounts payable increasing $970,000 in 2017 compared to increasing $91,000 during 2016 primarily due to the abnormally high payables related to expenses from the Investigation and normal variations in the timing of payments to our vendors.

The amount of cash we used for investing activities during 2017 decreased compared to 2016 due primarily to the purchase of certificates of deposit in 2016 for which there was no similar event in 2017.

Financing activities used more cash during 2017 than during 2016 primarily due to a decrease in proceeds from stock option exercises as a result 2017 having fewer departures of personnel with significant vested stock options. Former employees typically exercise their vested stock options shortly after the end of their employment. 

Contractual Obligations and Commitments

At December 31, 2017, our contractual obligations and commitments consisted primarily of the following items:

·
An obligation to deliver services in the future to satisfy our right to earn our deferred revenue of $17.0 million. Those future services primarily relate to our obligations under M&S contracts. We will recognize this deferred revenue as revenue over the remaining life of those contracts which generally ranges from one to three years. Deferred revenue, unlike the other liability components of our working capital, is an obligation we will satisfy through providing services in the future to our customers as part of our ongoing operating activities from which we have historically generated cash flow. Our deferred revenue does not involve a disbursement of cash as a direct payment of that liability.
·
An obligation under a contract with a third party to make future minimum prepaid royalty payments in the amount of $800,000 in September 2018 and $1.2 million in November 2019.
·
Trade accounts payable and accrued liabilities which include our contractual obligations to pay software royalties to third parties that vary in amount based on our sales volume of products upon which royalties are payable.
·
Operating lease for our office space.
·
Federal and state taxes.

Our non-cancellable, contractual obligations at December 31, 2017, consisted of the following (in thousands):

   
Amounts Due for the Period
 
   
Fiscal Years
 
   
2018
   
2019
   
Thereafter
   
Total
 
                         
Prepaid royalty fees
 
$
800
   
$
1,200
   
$
-
     
2,000
 
Operating leases
   
360
     
120
     
-
     
480
 
Total
 
$
1,160
   
$
1,320
   
$
-
   
$
2,480
 


Recent Accounting Pronouncements

The Financial Accounting Standards Board, or FASB, has issued the following Accounting Standard Updates (ASU) described below that we believe may be relevant to our business and to the preparation of our consolidated financial statements.

ASU 2017-09, Compensation—Stock Compensation (Topic 718): Scope of Modification Accounting (issued September 2017) – This update provides guidance about which changes to the terms or conditions of a share-based payment award require an entity to apply modification accounting. It states that in these situations, modification accounting should be applied unless the fair value of the modified award is the same as the fair value of the original award immediately before the original award was modified, the vesting conditions of the modified award are the same as the vesting conditions of the original award immediately before the original award was modified, and the classification of the modified award as equity or a liability is the same as the classification of the original award immediately before the original award was modified. This update is effective for all entities for annual periods including interim periods within those annual periods beginning after December 15, 2017. The adoption of this pronouncement did not have a material impact on our consolidated financial statements.

ASU 2017-04, Intangibles – Goodwill and Other (issued January 2017) - To simplify the subsequent measurement of goodwill, Step 2 was eliminated from the goodwill impairment test. In computing the implied fair value of goodwill under Step 2, an entity was required to perform procedures to determine the fair value at the impairment testing date of its assets and liabilities (including unrecognized assets and liabilities) following the procedure that would be required in determining the fair value of assets acquired and liabilities assumed in a business combination. Instead, under the amendments in this update, an entity should perform its annual, or interim, goodwill impairment test by comparing the fair value of a reporting unit with its carrying amount. An entity should recognize an impairment charge for the amount by which the carrying amount exceeds the reporting unit’s fair value. Any loss recognized should not exceed the total amount of goodwill allocated to that reporting unit. Additionally, an entity should consider income tax effects from any tax deductible goodwill on the carrying amount of the reporting unit when measuring the goodwill impairment loss, if applicable. This update also eliminated the requirements for any reporting unit with a zero or negative carrying amount to perform a qualitative assessment and, if it fails that qualitative test, to perform Step 2 of the goodwill impairment test. Therefore, the same impairment assessment applies to all reporting units. An entity is required to disclose the amount of goodwill allocated to each reporting unit with a zero or negative carrying amount of net assets. An entity still has the option to perform the qualitative assessment for a reporting unit to determine if the quantitative impairment test is necessary. A public business entity that is a U.S. Securities and Exchange Commission (SEC) filer is required to adopt the amendments in this update for its annual or any interim goodwill impairment tests in fiscal years beginning after December 15, 2019. We expect that the application of the provisions of this update will not have a material effect on our consolidated financial statements.

ASU 2016-18, Statement of Cash Flows – Restricted Cash (issued November 2016) – This pronouncement addresses the diversity of practice that exists in the classification and presentation of transfers between cash and restricted cash in the statement of cash flows. It provides that restricted cash and restricted cash equivalents should be included with cash and cash equivalents when reconciling the beginning-of-period and end-of-period total amounts shown on the statement of cash flow. Since we do not have any restricted cash balances, we do not expect this pronouncement to have a material effect on how we present items in our consolidated statement of cash flows.

ASU 2016-15, Statement of Cash Flows – Classification of Certain Cash Receipts and Cash Payments (issued June 2016) - This pronouncement provides guidance as to the treatment of transactions in a statement of cash flows with respect to eight specific cash flow issues. During 2017 and 2016, we had no transactions of the type cited in the statement and do not anticipate having any such transactions in the foreseeable future. Accordingly, we do not expect this pronouncement to have a material effect on how we present items in our consolidated statement of cash flows.

ASU 2016-13, Financial Instruments – Credit Losses (issued June 2016) - Among the provisions of this ASU is a requirement that assets measured at amortized cost, which includes trade accounts receivable, be presented at the net amount expected to be collected. This pronouncement requires that an entity reflect all of its expected credit losses based on current estimates which will replace the current standard requiring that an entity need consider only past events and current conditions in measuring an incurred loss. We are subject to this guidance effective with consolidated financial statements we issue for the year ending December 31, 2020, and the quarterly periods during that year. We do not expect the amounts we report as accounts receivable in those future periods under this guidance to be materially affected relative to current guidance.

ASU 2016-09, Improvements to Employee Share-Based Payment Accounting (issued March 2016) - When implemented, this standard will discontinue the recording in equity of tax benefits or tax deficiencies that arise from differences between share-based payment compensation expense recorded for financial statement purposes and that expense deductible for tax purposes. This new standard requires that the tax effect of all such differences be recorded and reported in the statement of operations. This standard also requires that tax-related cash flows resulting from share-based payments be reported as operating activities in the statement of cash flows which is a change from the current requirement to present such tax-related items as an inflow from financing activities and an outflow from operating activities. As prescribed by this standard, we adopted it beginning January 1, 2017, and followed it in the preparation of our financial statements as of December 31, 2017.

This standard also permits an accounting policy election for the impact of forfeitures on the recognition of expense for share-based payment awards. Forfeitures may be either estimated (as has been the requirement in the past) or recognized when they occur. We elected to continue estimating forfeitures consistent with our existing practices thereby resulting in no change to our application of GAAP for this aspect of computing share-based compensation.

ASU 2016-02, Leases (issued February 2016). The main difference between existing GAAP and this ASU 2016-02 is the presentation by lessees on their financial statements of lease assets and lease liabilities arising from operating leases. Since this new standard retains the distinction between finance and operating leases, the effect of leases in the statement of operations and the statement of cash flows will be largely unchanged from existing GAAP. Our only lease of significance is our operating lease for our corporate office space for which we will present a right-to-use asset and a lease liability on our balance sheet when we implement this standard. We are in the process of determining those amounts. In accordance with this standard, we will implement it beginning with our interim and annual financial statements for 2019. The extent of the effect of this standard on our consolidated financial statements for 2019 and later will depend upon the leases, if any, that we have in effect at that date.

ASU 2015-17, Income Tax: Balance Sheet Classification of Deferred Taxes (issued November 2015) – This pronouncement requires that all deferred tax assets and liabilities for a tax jurisdiction, along with any related valuation allowance, be classified as noncurrent on the balance sheet. We have implemented this ASU in the accompanying consolidated financial statements.

ASU 2014-09, Revenue from Contracts with Customers (issued May 2014) - The core principle of this guidance is that an entity should recognize revenue to depict the transfer of promised goods or services to customers in an amount that reflects consideration to which the entity expects to be entitled in exchange for those goods or services. We will implement these new principles effective with consolidated financial statements we issue for the year ending December 31, 2018, and the quarterly periods during that year.

We have assessed the effect of ASU 2014-09 on the amount and timing of revenue we expect to recognize from our business activities in 2018 and later. We do not expect there to be material differences in the amount and timing of revenue we recognize from similar business activities in future periods determined by applying ASU 2014-09 as compared to revenue we would have otherwise recognized by applying GAAP as it existed prior to 2018.

We have determined that the application of ASU 2014-09 will have a material effect on the timing of our recording of expenses resulting from the incremental costs we incur to obtain a contract with a customer to deliver goods and services. These incremental costs consist primarily of sales commissions paid to our sales people and royalties on certain of our products paid to third parties. For years ended December 31, 2017, and earlier, we recorded the full amount of the sales commission and royalties paid on the full value of an M&S or SaaS contract as an expense on the inception date of the M&S contract. Under ASU 2014-09, we will account for such costs we incur in 2018 and later as follows:

·
If these costs are associated with products and services for which we recognize revenue at a point in time (primarily sales of perpetual software licenses and professional services), we will expense these costs in full at the time we recognize that revenue.
·
If these costs are associated with services for which we recognize revenue over time (primarily sales of M&S and SaaS subscriptions) for which we believe it is likely that the contract for those services will be renewed for additional terms in the future, provided we deem these costs to be recoverable, we will record these costs as deferred expense asset and amortize that cost to expense as follows:



o
For the portion of the cost that we determine benefits us primarily only over the term of the specific underlying contract currently in force (such as the term of an M&S contract), we will recognize expense ratably each month over that term.
o
For the portion of the cost that we determine benefits us over an overall customer relationship that is likely to span a period of time that is longer than an initial contract term (for example, an M&S contract renewed for multiple terms in the future), we will recognize expense ratably monthly over the estimated life of the customer relationship.
 
Our application of ASU 2014-09 to incremental costs we incur to obtain a contract with a customer will result in our recording, as an asset as of January 1, 2018, a deferred expense of approximately $1.2 million applicable to contracts with customers in effect as of that date. We previously reported this amount as an expense in our consolidated financial statements for periods ending on and before December 31, 2017. We estimate that we will amortize this amount to expense at the rate of approximately $186,000 per quarter beginning in 2018. The incremental costs we incur to obtain contracts with customers during 2018 and later years, and the amount of such costs we record as a deferred expense and amortize to expense in subsequent periods, will depend upon the nature and scope of our future business activities, the nature and mix of the products and services we sell, the compensation plans we have in place for our sales people, and the royalty arrangements we enter into with third parties.

Critical Accounting Policies

We follow accounting standards set by the Financial Accounting Standards Board. This board sets GAAP, which we follow in preparing financial statements that report our financial position, results of operations, and sources and uses of cash. We also follow the reporting regulations of the United States Securities and Exchange Commission, or SEC.
 
The preparation of financial statements in accordance with GAAP requires the use of estimates and assumptions that affect the reported amounts of assets and liabilities, disclosure of contingent assets and liabilities known to exist as of the date the financial statements are published, and the reported amounts of revenues and expenses during the reporting period. Uncertainties with respect to such estimates and assumptions are inherent in the preparation of our consolidated financial statements. It is possible the actual results could differ from these estimates and assumptions and could have a material effect on the reported amounts of our financial position and results of operations.

Principles of Consolidation

We prepare our consolidated financial statements in accordance with GAAP.  All intercompany accounts and transactions have been eliminated.

Revenue Recognition

We develop, market and sell software products and services. We recognize revenue from a transaction when the following conditions are met:

·          Persuasive evidence of an arrangement exists.
·          Delivery has occurred or services have been rendered.
·          The amount of the sale is fixed or determinable.
·          Collection of the sale amount is reasonably assured.

For a sale transaction not meeting any one of these four criteria, we defer recognition of revenue related to that transaction until all the criteria are met.

We earn the majority of our software license revenue from software products sold under perpetual software license agreements. At the time our customers purchase these products, they typically also purchase an M&S contract. These transactions are multiple element software sales for which we assess the presence of vendor specific objective evidence (“VSOE”) of the fair value of the undelivered elements to determine the portion of these sales to recognize as revenue upon delivery of the software product and the portion of these sales to record as deferred revenue at the time the product is delivered. We amortize the deferred revenue component to revenue in future periods on a straight-line method as we deliver the related future services to the customer. For transactions, if any, for which we cannot establish VSOE of the fair value of the undelivered elements, we initially record the entire transaction as deferred revenue and amortize that amount to revenue in future periods as we deliver the related future services to the customer.
 

We provide services under M&S contracts with terms generally ranging from one to three years. We require up-front payment of our M&S fee in an amount that covers the entire term of the agreement.  We record as deferred revenue amounts due or paid that relate to future periods during which we will provide the M&S service. Deferred revenue related to services we will deliver within one year is presented as a current liability while deferred revenue related to services that we will deliver more than one year into the future is presented as a non-current liability. We reduce deferred revenue and recognize revenue ratably in future periods on a straight-line method as we deliver the M&S service.

For our products licensed and delivered under a SaaS transaction on a monthly or other periodic subscription basis, we recognize subscription revenue, including initial setup fees, on a monthly basis ratably over the contractual term of the customer contract as we deliver our products and services. Amounts paid prior to this revenue recognition are presented as deferred revenue until earned.
 
We provide professional services to our customers consisting primarily of software installation support, operations support and training. We recognize revenue from these services as they are completed and accepted by our customers.
 
We collect sales tax on many of our sales. We do not include sales tax collected in our revenue. We record it as a liability payable to taxing authorities.

We will apply the principles under ASU 2014-09, Revenue from Contracts with Customers (issued May 2014), beginning with consolidated financial statements we issue in 2018. We have evaluated the implementation of these principles resulting in the following observations:

·
We have assessed the effect of the principles relative to our business and the manner in which we recognize revenue. We have concluded that its application will not have a material effect on the amounts or timing of revenue we report in future periods.
·
We believe the application of the principles will result in a change in the manner in which we record sales commission expenses related to M&S contracts. Currently, we record the full amount of the sales commission paid on the full value of an M&S contract as an expense on the inception date of the M&S contract. After implementing ASU 2014-09, we will record that commission expense ratably over the term of the M&S contract.
·
We will adopt the new principles using the modified retrospective method.

Cash and cash equivalents

Cash and cash equivalents includes all cash and highly liquid investments with original maturities of three months or less.

Short Term Investments

Short-term investments consist of certificates of deposit held with financial institutions with contractual maturity dates less than one year from the balance sheet date.  The Company has the intent and ability to hold these investments until their maturity dates and therefore accounts for them as held-to-maturity. These certificates of deposit are stated at amortized cost, which approximates fair value of these investments.

Long-Term Investments

Long-term investments consist of certificates of deposit held with financial institutions with contractual maturity dates greater than one year from the balance sheet date. The Company has the intent and ability to hold these investments until their maturity dates and therefore accounts for them as held-to-maturity. These certificates of deposit are stated at amortized cost, which approximates fair value of these investments.

Property and Equipment

Property and equipment is comprised of furniture and fixtures, software, computer equipment and leasehold improvements which are recorded at cost and depreciated using the straight-line method over their estimated useful lives.    Furniture, fixtures and equipment have a useful life of five to seven years, computer equipment and software have a useful life of three years and leasehold improvements have a useful life that is the shorter of the term of the lease under which the improvements were made or the estimated useful life of the asset.

Expenditures for maintenance and repairs are charged to operations as incurred.


Goodwill

Goodwill is not amortized. On at least an annual basis, we test goodwill for impairment at the reporting unit level using December 31 as the measurement date. We operate as a single reporting unit.
 
When testing goodwill, we first assess qualitative factors to determine whether it is more likely than not (that is, a likelihood of more than 50 percent) that the fair value of our reporting unit is less than its carrying amount, including goodwill. In performing this qualitative assessment, we assess events and circumstances relevant to us including, but not limited to:

Macroeconomic conditions.
Industry and market considerations.
Cost factors and trends for labor and other expenses of operating our business.
Our overall financial performance and outlook for the future.
Trends in the quoted market value and trading of our common stock.
 
In considering these and other factors, we consider the extent to which any adverse events and circumstances identified could affect the comparison of our reporting unit’s fair value with its carrying amount. We place more weight on events and circumstances that most affect our reporting unit’s fair value or the carrying amount of our net assets. We consider positive and mitigating events and circumstances that may affect our determination of whether it is more likely than not that the fair value of our reporting unit is less than its carrying amount. We evaluate, on the basis of the weight of the evidence, the significance of all identified events and circumstances in the context of determining whether it is more likely than not that the fair value of our reporting unit is less than its carrying amount.
 
If, after assessing the totality of these qualitative events and circumstances, we determine it is not more likely than not that the fair value of our reporting unit is less than its carrying amount, we conclude there is no impairment of goodwill and perform no further testing in accordance with GAAP. If we conclude otherwise, we proceed with performing the first step, and if necessary, the second step, of the two-step goodwill impairment test prescribed by GAAP.

As of December 31, 2017, after assessing the totality of the relevant events and circumstances, we determined it not more likely than not that the fair value of our reporting unit was less than its carrying amount. Accordingly, we concluded there was no impairment of goodwill as of that date. There have been no material events or changes in circumstances since that time indicating that the carrying amount of goodwill may exceed its fair market value and that interim testing needed to be performed.

Capitalized Software Development Costs
 
When we complete research and development for a software product and have in place a program plan and a detail program design or a working model of that software product, we capitalize production costs incurred for that software product from that point forward until it is ready for general release to the public. Thereafter, we amortize capitalized software production costs to expense using the straight-line method over the estimated useful life of that product, which is generally three years. We periodically assess the carrying value of capitalized software development costs and our method of amortizing them relative to our estimates of realizability through sales of products in the marketplace.

Cost of revenue

Cost of revenue consists of expenses associated with the production, delivery and support of the products and services we sell. Cost of license revenue consists primarily of amortization of the capitalized software development costs we incur when producing our software products, royalties we pay to use software developed by others for certain features of our products, and fees we pay to third parties who provide services supporting our SaaS solutions. Cost of M&S revenue and cost of professional services revenue consist primarily of salaries and related costs of our employees and third parties we use to deliver these services.

Research and Development
 
We expense research and development costs as incurred.

Advertising Expense

We expense advertising costs as incurred as a component of our sales and marketing expenses.


Share-Based Compensation

We measure the cost of share-based payment transactions at the grant date based on the calculated fair value of the award. We recognize this cost as an expense ratably over the recipient’s requisite service period during which that award vests or becomes unrestricted.

For stock option awards, we estimate their fair value at the grant date using the Black-Scholes option-pricing model considering the following factors:

We estimate expected volatility based on historical volatility of our common stock.
We use primarily the simplified method to derive an expected term which represents an estimate of the time options are expected to remain outstanding. We use this method because our options are plain-vanilla options, and we believe our historical option exercise experience is not adequately indicative of our future expectations.
We base the risk-free rate for periods within the contractual life of the option on the U.S. treasury yield curve in effect at the time of grant.
We estimate a dividend yield based on our historical and expected future dividend payments.

For restricted stock awards, we use the quoted price of our common stock on the grant date as the fair value of the award.

Income Taxes

We account for income taxes using the asset and liability method.  We record deferred tax assets and liabilities based on the difference between the tax bases of assets and liabilities and their carrying amount for financial reporting purposes, as measured by the enacted tax rates and laws that will be in effect when the differences are expected to reverse. Deferred tax assets and liabilities are carried on the balance sheet with the presumption that they will be realizable in future periods in which we generate taxable income.

We assess the likelihood that deferred tax assets will be realized from future taxable income. Based on this assessment, we provide any necessary valuation allowance on our balance sheet with a corresponding increase in the tax provision on our statement of operations.   Any valuation allowances we establish are determined based upon a number of assumptions, judgments, and estimates, including forecasted earnings, future taxable income, and the relative proportions of revenue and income before taxes in the various domestic jurisdictions in which we operate.

We account for uncertainty in income taxes using a two-step process to determine the amount of tax benefit to be recognized. First, we evaluate the tax position to determine the likelihood that it will be sustained upon external examination. If the tax position is deemed “more-likely-than-not” to be sustained, we assess the tax position to determine the amount of benefit to recognize in the financial statements. The amount of the benefit we recognize is the largest amount that we believe has a greater than 50 percent likelihood of being realized upon ultimate settlement. Unrecognized tax benefits represent tax positions for which reserves have been established.

We record the effect of new tax legislation in the period in which it is signed into law.

Earnings Per Share

We compute basic earnings per share using the weighted-average number of common shares outstanding during the periods.  We compute diluted earnings per share using the weighted-average number of common shares outstanding plus the number of common shares that would be issued assuming conversion of all potentially dilutive common shares outstanding.

Awards of non-vested options are considered potentially dilutive common shares for the purpose of computing earnings per common share.  We apply the treasury stock method to non-vested options under which the assumed proceeds include the amount the employee must pay to exercise the option plus the amount of unrecognized cost attributable to future periods less any expected tax benefits.


Results of Operations

Comparison of the Consolidated Statement of Operations for the Years Ended December 31, 2017 and 2016
 
   
2017
   
2016
   
$ Change
 
   
($ in thousands)
             
Total revenues
 
$
33,891
   
$
32,595
   
$
1,296
 
Cost of revenues
   
6,213
     
6,292
     
(79
)
Gross profit
   
27,678
     
26,303
     
1,375
 
Operating expenses
                       
Sales and marketing
   
12,862
     
11,558
     
1,304
 
General and administrative
   
9,066
     
6,947
     
2,119
 
Research and development
   
3,128
     
2,571
     
557
 
                         
Total operating expenses
   
25,056
     
21,076
     
3,980
 
Income from operations
   
2,622
     
5,227
     
(2,605
)
Other income (expense), net
   
296
     
159
     
137
 
Provision for income taxes
   
1,547
     
1,801
     
(254
)
Net Income
 
$
1,371
   
$
3,585
   
$
(2,214
)

In the discussions below, we refer to the year ended December 31, 2017 as “2017” and the year ended December 31, 2016, as “2016”. The percentage changes cited in our discussions below are the change between 2017 and 2016.

The components of our revenues were as follows ($ in thousands):
 
   
Revenue for the Year Ended December 31,
 
   
2017
   
2016
 
         
Percent of
         
Percent of
 
   
Amount
   
Total
   
Amount
   
Total
 
                         
Revenue By Type
                       
License
 
$
10,929
     
32.2
%
 
$
11,243
     
34.5
%
M&S
   
20,761
     
61.3
%
   
18,668
     
57.3
%
Professional Services (all EFT Platform)
   
2,201
     
6.5
%
   
2,684
     
8.2
%
Total Revenue
 
$
33,891
     
100.0
%
 
$
32,595
     
100.0
%
                                 
Revenue By Product Line
                               
License
                               
EFT Platform
 
$
10,412
     
95.3
%
 
$
10,237
     
91.1
%
Other
   
517
     
4.7
%
   
1,006
     
8.9
%
Total License Revenue
   
10,929
     
100.0
%
   
11,243
     
100.0
%
                                 
M&S
                               
EFT Platform
   
19,715
     
95.0
%
   
17,432
     
93.4
%
Other
   
1,046
     
5.0
%
   
1,236
     
6.6
%
     
20,761
     
100.0
%
   
18,668
     
100.0
%
                                 
Professional Services (all EFT Platform)
   
2,201
     
100.0
%
   
2,684
     
100.0
%
                                 
Total Revenue
                               
EFT Platform
   
32,328
     
95.4
%
   
30,353
     
93.1
%
Other
   
1,563
     
4.6
%
   
2,242
     
6.9
%
   
$
33,891
     
100.0
%
 
$
32,595
     
100.0
%



Our total revenue increased 4.0%. Revenue from our EFT platform products and services increased 6.5%. That increase was offset by a 30.3% decrease in revenue from our other products consisting of Mail Express, WAFS, CuteFTP, and TappIn. The portion of our total revenue realized from those other products decreased to 4.6%.

These trends are in line with our expectations as a result of our strategy implemented in mid-2016 to focus our efforts primarily on our EFT platform products. At the same time, we decided that while we would continue selling our other products, we would de-emphasize them in the future, not expend future significant product development and engineering resources to enhance those products, and not dedicate significant future sales and marketing activities to them. We intend to maintain our focus on our EFT platform for the foreseeable future such that we expect to see a continuing decline in revenue from our products other than those that are part of the EFT platform.

EFT Platform Products

License and M&S revenue from our EFT platform products increased 1.7%, and 13.1%, respectively. The increases across these products and services were primarily due to continued enhancement in our product development and software engineering groups which allowed us to refine our process for identifying new product opportunities, to better focus our resources on products that would yield larger and more immediate revenue opportunities, and to optimize our project management and software engineering processes to reduce the time necessary to produce new or improved products.

Substantially all of our EFT platform license revenue is from the sale of perpetual licenses to customers who install the software on computers they own or access in the cloud. In 2018, we released EFT Arcus, our SaaS offering of our EFT platform products, which replaced our EFT Cloud SaaS products that we sold prior to that time. Through December 31, 2017, we have not earned significant revenue from our EFT platform SaaS products. In the future, we will be placing a greater emphasis on promoting EFT Arcus to our customers. For the first 24 to 36 months that a customer subscribes to EFT Arcus, their cumulative cost of ownership will typically be less than their total cost of purchasing an EFT platform perpetual license combined with an M&S contract. Accordingly, we expect the revenue we earn during that period from an EFT Arcus customer will be less than the revenue we would earn from that same customer during that same period had they purchased a perpetual license with an M&S contract. As a result, during that period of time, we could experience a decrease in the growth rate of, or even a decline in revenue we earn from, the sale of new EFT platform perpetual licenses. We could also experience a decrease in the growth rate of our M&S revenue. However, we believe thereafter and over the long term, the cumulative, recurring revenue stream we will earn from EFT Arcus will exceed what we would have otherwise earned from the sale of a perpetual licenses combined with an M&S contract.

M&S Revenue - When we sell an EFT platform license, we also typically create a recurring revenue stream from M&S since almost all purchasers of our licensed products also purchase an M&S contract. In general, and depending upon the level of M&S a customer purchases, this recurring revenue stream is 20% to 30% per year of the price of the underlying software license to which the M&S relates.

Our M&S contracts are typically for one year with some customers buying two or three year contracts. The customer pays us the M&S fee for the entire term of the agreement at the time the contract begins. We recognize that amount as revenue ratably in future periods over the term of the contract.

We typically experience a high renewal rate for M&S services for our enterprise products so long as a customer continues using the licensed product they purchased from us. As a result, the sale of an EFT platform license not only contributes to license revenue but also provides a foundation for future recurring revenue as the purchasers of our licensed products typically continue to renew M&S contracts to support their ongoing product support needs. This pattern of activity can create a cumulative effect for M&S renewals as a result of the cumulative number of licensed software installations sold over multiple years that create M&S renewals in any single year predictably (and in line with our expectations) exceeding the number of new software licenses we sell in a single year. We expect this cumulative effect to continue to grow if we continue to increase enterprise software license revenue in future periods.

M&S revenue from our EFT platform products increased 13.1% primarily due to:

·
New M&S contracts resulting from ongoing sales of EFT licenses that add to the base of M&S contracts already in place.
·
Sustained, high renewal rates of M&S contracts by customers who initially purchased these services in earlier periods. We believe these renewals result from our programs designed to provide high-quality and responsive M&S services to our customers.


At the end of the third fiscal quarter of 2017 the U.S. Army did not renew their M&S contract used in connection with their Standard Army Maintenance System-Enhanced logistics program due to consolidation of certain of their operations.  This contract provided approximately $1.9 million annually in M&S revenue.

Our professional services revenue was $483,000 less for 2017 compared to 2016 which is a decrease of 17.9%. Going into 2016, we had a backlog of professional services engagements that arose from software sales in previous periods.  We worked down that backlog during 2016 which resulted in our professional services revenue being higher than typical for 2016 relative to software license revenue.  There was not a similar backlog going into 2017 such that our professional services revenue for 2017 decreased as compared to 2016 but was at a level relative to software license sales that we believe to be more typical.  In addition, during 2017 we began to focus more on selling pre-packaged professional services (as compared to customized services) which, while yielding lower total revenue from professional services, allowed us to deliver professional services more efficiently and without the unpredictability that can arise with customized services.

To improve our ability to successfully sell existing EFT platform products and services as well as new products produced by our software engineering team, we continued to evolve our sales and marketing activities as follows:
 
·
Increasing sales staffing and capabilities as needed to address our markets.
·
Aligning our sales group to enhance its industry and geographic focus.
·
Implementing new sales and marketing campaigns.
·
Evolving our lead generation programs to increase our sales staff’s exposure to potential purchasers.
·
Enhancing our support of channel partners and engaging them to sell our products through training, orientation and marketing programs.
 
Other Products

In mid-2016, we announced that we would reduce our emphasis in the future on selling Mail Express, WAFS, CuteFTP, and TappIn products that are not part of our EFT platform. Collectively, these products constituted less than 5% and 10% of our total revenue in 2017 and 2016, respectively. Accordingly, during the second half of 2016, we began to curtail our product development and engineering resources for these products and significantly reduced our sales and marketing activities supporting them. As a result, our license and M&S revenue from those products collectively declined 30.3% in 2017 compared to 2016. Our future focus will continue to be on our EFT platform such that we expect to see a continuing decline in revenue from these other products although we do expect them to continue to produce a modest contribution margin that contributes to our future profitability.

Cost of Revenues.  These expenses are associated with the production, delivery and support of our products and services. We believe it is most meaningful to view cost of revenues as a percent of the revenues to which those costs relate since many of those costs are variable relative to revenue.

Cost of license revenue consists primarily of:

·
Amortization of capitalized software development costs we incur when producing our software products. This amortization begins when a product is ready for general release to the public and generally is an expense that is not directly variable relative to revenue.
·
Royalties we pay to use software developed by others for certain features of our products that is generally an expense that is variable relative to revenue.
·
Fees we pay to third parties who provide services supporting our SaaS subscription solutions for our EFT platform that generally have components that are both variable and not variable relative to revenue.

Cost of M&S revenue and cost of professional services revenue consist primarily of salaries and related costs of our employees and third parties we use to deliver these services.

Cost of software license revenue decreased 2.8% and as a percent of software license revenue was 27.3% in both 2017 and 2016.  These minor fluctuations are primarily caused by the mix of products sold that are associated with a royalty and are well within our expectations.

Cost of M&S revenue as a percent of M&S revenue was substantially unchanged. Cost of revenue for M&S in absolute dollars increased by 14.7% due to an increase in M&S revenue. The cost of delivering M&S can vary slightly up or down from period-to-period, but we believe such changes are typically not indicative of long term trends or permanent changes in our cost of delivering M&S. Our gross margin on these services generally remains greater than 90% as a result of a consistent application of our customer support delivery protocols and practices.


Cost of professional services revenue as a percent of that revenue was 66.5% in 2017 as compared to 62.7% in 2016. This variation resulted from the varying scope and mix of the professional services we deliver that can change from period-to-period in response to the circumstances of the customer environments in which we are working. Because the cost of revenue for professional services is highly variable relative to our revenue from our services, this cost in absolute dollars decreased 13.1% due to a decrease in our professional services revenue for the reasons discussed above.

Sales and Marketing.  We believe it meaningful to view cost of sales and marketing as a percent of revenues since many of those costs, particularly sales commissions, are variable relative to revenue. These expenses were 38.0% of total revenue for 2017 compared to 35.6% of total revenue for 2016. In absolute dollars these expenses increased 11.3%. These variations were primarily due to:

·
Increasing the size of our sales, marketing and product strategy teams and increased compensation rates due to competitive demands in the marketplace.
·
Increased marketing activities related to competitive intelligence and channel development.
·
Increased sales lead generation activities.

Research and Development.  The overall profile of our research and development activities was as follows ($ in thousands):

   
Year Ending December 31,
 
   
2017
   
2016
 
R&D expenditures expensed
 
$
3,128
   
$
2,571
 
R&D expenditures capitalized
   
1,926
     
1,538
 
Total R&D expenditures (non-GAAP measurement)
 
$
5,054
   
$
4,109
 

Our R&D expenditures expensed increased 21.7% and our R&D expenditures capitalized increased 25.2%. These results were due to our planned, continued increase in our capacity to develop new products as well as maintain our existing products and research technologies available from third-parties. We did this through a combination of increasing our engineering headcount and engaging additional third-party resources on a flexible basis as needed. In particular, we expended additional resources developing our Workspaces, Remote Agent and Cloud Connector EFT platform modules released in 2017 and our EFT Arcus product that we introduced in January 2018.

Total resources expended for R&D set forth above as total R&D expenditures serves to illustrate our total corporate efforts to improve our existing products and to develop new products regardless of whether or not our expenditures for those efforts were expensed or capitalized. Total resources expended for R&D is not a measure of financial performance under GAAP and should not be considered a substitute for R&D expense (set forth above as R&D expenditures expensed) and capitalized software development costs (set forth above as R&D expenditures capitalized) individually. While we believe the non-GAAP, total resources expended for R&D amount provides useful supplemental information regarding our overall corporate product improvement and new product creation activities, there are limitations associated with the use of this non-GAAP measurement. Total resources expended for R&D is a non-GAAP measure not prepared in accordance with GAAP and may not be comparable to similarly titled measures of other companies since there is no standard for preparing this non-GAAP measure. As a result, this non-GAAP measure of total resources expended for R&D has limitations and should not be considered in isolation from, or as a substitute for, R&D expense and capitalized software development cost individually.

General and Administrative.  These expenses increased 30.5% primarily due to:

·
Increased professional fees and related expenses totaling $2.5 million associated with the Investigation, the Restatement and related litigation.
·
An increase in professional fees paid to third-party advisors and our registered independent public accountants related to the independent audit of our internal controls in 2017 that was required for the first time due to us becoming an accelerated filer under SEC regulations.
·
An increase in share-based compensation expense due to a higher average number of options outstanding in 2017 compared to 2016. Our options outstanding increased as we continued to grant options to attract and retain key personnel in a competitive marketplace for talent.

Offset by:

·
A decrease in bonus payments to certain of our personnel due to our financial results for 2017 not achieving the objectives necessary for them to receive bonus payments in the amounts paid in 2016.
·
Severance pay related to the departure of the former chief executive officer in 2016 for which there was not a similar event in 2017.
·
A decrease in bad debt expense as a result of an enhanced review of our accounts receivable during 2016 resulting in an increased write-off of accounts receivable in that period for which there was not a similar event during 2017 due to an improvement in our collections of accounts receivable.
 
Other Income.  Other income consists primarily of interest income earned on certificates of deposit. The increase in this amount was due primarily to enhanced investment of our cash beginning in the second half of 2016 to earn a higher rate of interest.

Income Taxes.  Our effective tax rate was 53.0% for 2017 and 33.4% for 2016. These rates differed from a federal statutory tax rate of 34% primarily due to:

·
A reduction in the value of our net deferred tax assets due to the reduction of the corporate income tax to 21% under the Tax Cuts and Jobs Act of 2017.
·
Certain expenses in our consolidated financial statements, such as a portion of meals and entertainment expenses, that are not deductible on our federal income tax return.
·
State income taxes included in income tax expense in our consolidated financial statements.

Offset by:

·
The domestic production activities deduction and the research and development credit that are tax credit incentives that serve to reduce the rate at which we pay federal income taxes in exchange for us conducting certain aspects of our business in a manner promoted by the Internal Revenue Code.
      
Item 8.  Financial Statements and Supplementary Data

GlobalSCAPE, Inc.

Index to Consolidated Financial Statements

Years ending December 31, 2017 and 2016

Contents

64
   
Consolidated Financial Statements
 
65
66
67
68
69

 

 

Report of Independent Registered Public Accounting Firm

Board of Directors and Stockholders
GlobalSCAPE, Inc.

Opinion on the Consolidated Financial Statements

We have audited the accompanying consolidated balance sheets of GlobalSCAPE, Inc. and its subsidiary (the Company) as of December 31, 2017 and 2016, and the related consolidated statements of operations and comprehensive income, stockholders’ equity, and cash flows for each of the two years in the period ended December 31, 2017, and the related notes (collectively referred to as the consolidated financial statements). In our opinion, the consolidated financial statements present fairly, in all material respects, the consolidated financial position of the Company as of December 31, 2017 and 2016, and the results of its operations and its cash flows for each of the two years in the period ended December 31, 2017, in conformity with U.S. generally accepted accounting principles.

We also have audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States) (PCAOB), the Company’s internal control over financial reporting as of December 31, 2017, based on criteria established in Internal Control—Integrated Framework (2013) issued by the Committee of Sponsoring Organizations of the Treadway Commission, and our report dated June 14, 2018 expressed an adverse opinion on the effectiveness of the Company’s internal control over financial reporting.

Basis for Opinion

These consolidated financial statements are the responsibility of the Company’s management. Our responsibility is to express an opinion on these consolidated financial statements based on our audits. We are a public accounting firm registered with the PCAOB and are required to be independent with respect to the Company in accordance with the U.S. federal securities laws and the applicable rules and regulations of the Securities and Exchange Commission and the PCAOB.
We conducted our audits in accordance with the standards of the PCAOB. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the consolidated financial statements are free of material misstatement, whether due to error or fraud. Our audits included performing procedures to assess the risks of material misstatement of the consolidated financial statements, whether due to error or fraud, and performing procedures that respond to those risks. Such procedures included examining, on a test basis, evidence regarding the amounts and disclosures in the consolidated financial statements. Our audits also included evaluating the accounting principles used and significant estimates made by management, as well as evaluating the overall presentation of the consolidated financial statements. We believe that our audits provide a reasonable basis for our opinion.

Emphasis of Matter

As discussed in Note 7 to the consolidated financial statements, the Company is involved in litigation and regulatory matters. The Company intends to vigorously defend against these matters. However, at this time, the Company cannot predict the ultimate outcome and/or the scope of any potential loss. Accordingly, no provision for any liability that may result has been made in the consolidated financial statements. Should the Company ultimately be found liable, the resulting outcome could have a material adverse effect on its consolidated financial position, liquidity or the results of its operations. Our opinion is not modified with respect to these matters.

/s/ WEAVER AND TIDWELL LLP

We have served as the Company’s auditors since 2017.
Austin, Texas
June 14, 2018

 
GlobalSCAPE, Inc.
Consolidated Balance Sheets
(in thousands except share amounts)
 
   
December 31,
 
   
2017
   
2016
 
Assets
           
Current assets:
           
Cash and cash equivalents
 
$
11,583
   
$
8,895
 
Short term certificates of deposit
   
4,291
     
2,754
 
Accounts receivable, net
   
5,925
     
6,288
 
Federal income tax receivable
   
822
     
292
 
Prepaid expenses and other
   
675
     
531
 
Total current assets
   
23,296
     
18,760
 
                 
Long term certificates of deposit
   
11,503
     
12,779
 
Capitalized software development costs, net
   
3,786
     
3,743
 
Goodwill
   
12,712
     
12,712
 
Deferred tax asset, net
   
651
     
1,050
 
Property and equipment, net
   
481
     
456
 
Other assets
   
84
     
245
 
Total assets
 
$
52,513
   
$
49,745
 
                 
 Liabilities and Stockholders’ Equity
               
Current liabilities:
               
Accounts payable
 
$
1,900
   
$
930
 
Accrued expenses
   
1,671
     
1,603
 
Deferred revenue
   
13,315
     
13,655
 
Total current liabilities
   
16,886
     
16,188