UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
Washington, D.C. 20549
FORM 10-K
(Mark One)
ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934 | |
For the fiscal year ended December 31, 2019
or
TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934 | |
For the transition period from to
Commission file number: 001-34511
______________________________________
(Exact name of registrant as specified in its charter)
______________________________________
(State or other jurisdiction of incorporation or organization) | (I.R.S. Employer Identification No.) |
(Address of principal executive offices, including zip code)
(408 ) 235-7700
(Registrant’s telephone number, including area code)
Securities registered pursuant to Section 12(b) of the Act:
(Title of each class) | (Trading Symbol) | (Name of exchange on which registered) |
Securities registered pursuant to Section 12(g) of the Act: None
Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act. Yes ☒ No ☐
Indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or Section 15(d) of the Act. Yes ☐ No ☒
Indicate by check mark whether the registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 (“Exchange Act”) during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days. Yes ☒ No ☐
Indicate by check mark whether the registrant has submitted electronically every Interactive Data File required to be submitted pursuant to Rule 405 of Regulation S-T (§232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit such files). Yes ☒ No ☐
Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, a smaller reporting company, or an emerging growth company. See the definitions of “large accelerated filer,” “accelerated filer,” “smaller reporting company,” and “emerging growth company” in Rule 12b-2 of the Exchange Act.
☒ | Accelerated filer | ☐ | |||
Non-accelerated filer | ☐ | Smaller reporting company | |||
Emerging growth company | |||||
If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. ☐
Indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Act). Yes ☐ No ☒
The aggregate market value of voting stock held by non-affiliates of the registrant, as of June 28, 2019, the last business day of the registrant’s most recently completed second quarter, was $8,793,866,992 (based on the closing price for shares of the registrant’s common stock as reported by The Nasdaq Global Select Market on that date). Shares of common stock held by each executive officer, director, and holder of 5% or more of the registrant’s outstanding common stock have been excluded in that such persons may be deemed to be affiliates. This determination of affiliate status is not necessarily a conclusive determination for other purposes.
As of February 21, 2020, there were 172,514,722 shares of the registrant’s common stock outstanding.
DOCUMENTS INCORPORATED BY REFERENCE
FORTINET, INC.
ANNUAL REPORT ON FORM 10-K
For the Year Ended December 31, 2019
Table of Contents
Page | ||
Part I | ||
Item 1. | ||
Item 1A. | ||
Item 1B. | ||
Item 2. | ||
Item 3. | ||
Item 4. | ||
Part II | ||
Item 5. | ||
Item 6. | ||
Item 7. | ||
Item 7A. | ||
Item 8. | ||
Item 9. | ||
Item 9A. | ||
Item 9B. | ||
Part III | ||
Item 10. | ||
Item 11. | ||
Item 12. | ||
Item 13. | ||
Item 14. | ||
Part IV | ||
Item 15. | ||
Part I
ITEM 1. Business
Overview
Fortinet is a global leader in cybersecurity solutions provided to a wide variety of organizations, such as enterprises, communication service providers, government organizations and small businesses. Our cybersecurity solutions are designed to provide broad visibility and segmentation of the digital attack surface through our integrated Fortinet Security Fabric platform, which features automated protection, detection and response.
The focus areas of our business consist of:
• | Network Security—We derive a majority of product sales from our FortiGate network security appliances. Our FortiGate network security appliances include a broad set of built-in security and networking features and functionalities, including firewall, next-generation firewall, secure web gateway, secure sockets layer (“SSL”) inspection, software-defined wide-area network (“SD-WAN”), intrusion prevention, SSL data leak prevention, virtual private network (“VPN”), switch and wireless controller and wide area network edge. Our network security appliances are managed by our FortiOS network operating system, which provides the foundation for FortiGate security functions. We enhance the performance of our network security appliances from branch to data center by designing and implementing Security Processing Unit (“SPU”) technology within our appliances, enabling us to add security and network functionality with minimal impact to network throughput performance. |
• | Infrastructure Security—The Fortinet Security Fabric platform is a broad, automated and integrated security platform that extends beyond the network to cover other attack vectors. Other infrastructure solutions covered include Secure Access (Wi-Fi and switch). |
• | Cloud Security—We help customers connect securely to and across their hybrid, public and private cloud environments by offering security through our virtual firewall and other software products in public and private cloud environments. Our cloud security solutions, including virtual appliances and hosted solutions, extend the core capabilities of the Fortinet Security Fabric platform to provide businesses with the same level of cybersecurity and threat intelligence in and across cloud environments that they receive on their physical networks. Fortinet cloud security offerings are available across all major cloud providers, including Amazon Web Services, Microsoft Azure, Google Cloud, Oracle Cloud, Alibaba Cloud and IBM Cloud. Our Cloud Security portfolio also includes securing applications, including email and web. |
• | Endpoint Protection, Internet of Things and Operational Technology Security—We protect end-customers from advanced threats that target their devices and the data that reside on them through our advanced endpoint solutions that provide core endpoint protection, advanced threat protection, incident monitoring, and response. Additionally, the proliferation of Internet of Things (“IoT”) and the digitization of Operational Technology (“OT”) devices has generated new opportunities for us to grow our business. We offer network access control solutions that provide visibility, control and automated event responses in order to secure IoT devices. |
We also develop and provide Artificial Intelligence (“AI”)-driven security operations solutions, including FortiGuard security services, that can be applied across the entire Fortinet Security Fabric platform. These solutions help customers better secure their environments by delivering deeper intelligence and insights and by reducing the gaps in security skills and resources that are present in many organizations.
In addition to our security solutions, our customers, channel partners and end-customers may purchase FortiGuard and other security subscription services to receive threat intelligence updates, FortiCare technical support services across all of our products and the support of Technical Account Managers, Resident Engineers and professional service consultants for implementations or training services.
During our year ended December 31, 2019, we generated total revenue of $2.16 billion and net income of $326.5 million. See Part II, Item 8 of this Annual Report on Form 10-K for more information on our consolidated balance sheets as of December 31, 2019 and 2018 and our consolidated statements of income, comprehensive income, stockholders’ equity, and cash flows for each of the three years ended December 31, 2019, 2018 and 2017.
1
We were incorporated in Delaware in November 2000. Our principal executive office is located at 899 Kifer Road, Sunnyvale, California 94086 and our telephone number at that location is (408) 235-7700.
Technology and Architecture
The Fortinet Security Fabric platform helps organizations secure their environments and reduce their security and network complexities. The Fortinet Security Fabric platform has an open architecture designed to connect Fortinet solutions and third-party solutions into a single ecosystem.
Our proprietary SPU hardware architecture, FortiOS operating system and associated security and networking functions are combined to form the Fortinet Security Fabric platform. This approach to security ties together discrete security solutions into an integrated whole, which enables our products to perform security processing for networks with high throughput requirements across a broad threat landscape.
SPU
Our proprietary SPUs are Application-Specific Integrated Circuits (“ASICs”) that include (i) the Content Processor (“SPU CP”), (ii) the Network Processor (“SPU NP”) and (iii) the System-on-a-Chip (“SPU SoC”). Each successive generation of SPU adds network speed and the capacity to perform security functions. Our SPUs are designed to enhance the security processing capabilities implemented in software by accelerating computationally intensive tasks such as firewall policy enforcement, SD-WAN, network address translation, Intrusion Prevention Systems (“IPS”) threat detection and encryption.
The use of SPUs allows our appliances to deliver security functionality with minimal impact to network throughput performance, which we believe delivers a lower total cost of ownership (“TCO”) to our customers. As the security needs of our end-customers increase, we believe that our TCO and our SPUs will give our products a competitive advantage against other architectural approaches.
Entry-level FortiGate products often use the SPU SoC to provide the necessary acceleration at this level. Mid-range FortiGate products use a central processing unit (“CPU”) and include the SPU NP and SPU CP hardware acceleration. The high-end FortiGate products use multiple CPUs, SPU CPs and SPU NPs.
FortiOS
Our proprietary FortiOS operating system provides the foundation for the operation of all FortiGate appliances, whether physical, virtual, private or public cloud based, and is at the heart of the Fortinet Security Fabric platform. We make regular updates to FortiOS available through our FortiCare support services.
The security and networking capabilities of the Fortinet Security Fabric platform are controlled through FortiOS. The core kernel functions to the security processing feature sets work together to provide a highly integrated solution. FortiOS provides (i) multiple layers of security, including a hardened kernel layer providing protection for the FortiGate system, (ii) a network security layer, providing security for end-customers’ network infrastructures and (iii) application content protection, providing security for end-customers’ workstations and applications. FortiOS directs the operations of processors and SPUs and provides system management functions such as command line, graphical user interfaces, multiple network and security topology views.
Key high-level functions and capabilities of FortiOS include:
• | key enablement for the Fortinet Security Fabric platform architecture; |
• | optionality to configure FortiGate appliances into different security environments, such as our Internal Network Firewall, Next-Generation Firewall and Data Center Firewall; |
• | configuration of the physical aspects of the appliance, such as ports, onboard Wi-Fi and switching; |
• | extension of the Fortinet Security Fabric platform through direct management of FortiSwitch and FortiAP devices; |
• | key network functions such as routing and deployment modes (network routing, transparent, sniffer, etc.); |
• | the ability to deploy and orchestrate SD-WAN instances; |
• | implementation of security updates from our FortiGuard distribution network, delivering FortiGuard security subscription services and intelligence, such as IPS, antivirus and application control; |
• | native integrations with major cloud provider platforms; and |
• | real-time reporting and logging. |
2
FortiOS also enables advanced, integrated routing and switching, allowing end-customers to deploy FortiGate devices within a wide variety of networks, as well as providing a direct replacement solution option for legacy switching and routing equipment. FortiOS implements a suite of commonly used standards-based routing protocols as well as network address translation technologies, allowing the FortiGate appliance to integrate and operate in a wide variety of network environments. Additional features include virtual domain capabilities, which can provide support for multiple customers on a single device or FortiOS instance. FortiOS also provides capabilities for the logging of traffic for forensic analysis purposes, which are particularly important for regulatory compliance initiatives such as payment card industry data security standards. FortiOS is designed to help control network traffic in order to optimize performance by including functionality such as packet classification, queue disciplines, policy enforcement, congestion management, wide-area network (“WAN”) optimization and caching. These features enable administrators to set the appropriate configurations and policies that meet their infrastructure needs.
Products
Our core product offerings consist of our FortiGate product family and our non-FortiGate products, all of which may be purchased to complement commercial and enterprise deployments. Our FortiGate hardware and software licenses are sold with a set of broad security services. These security services are enabled by FortiGuard Labs, which provides extensive threat research and artificial intelligence capabilities from a global cloud network to deliver protection services to each FortiGate appliance that is registered by the end-customer. Our non-FortiGate products span the full range of our customers’ core security needs and include the Fortinet Security Fabric platform, email security, cloud security, endpoint protection and other products.
FortiGate
FortiGate offers a broad set of security and networking functions, including firewall, intrusion prevention, anti-malware, VPN, application control, web filtering, anti-spam and WAN acceleration. FortiGate is available as a hardware appliance or as a virtual appliance. All FortiGate appliances run on FortiOS. FortiGate platforms can be centrally managed through both embedded web-based and command line interfaces, as well as through FortiManager, which provides a central management architecture for FortiGate appliances and the Fortinet Security Fabric platform.
By combining multiple network security functions in our purpose-built security platform, FortiGate appliances provide broad, high-quality protection capabilities and deployment flexibility while reducing the operational burden and costs associated with managing multiple point products. With over 40 models in the FortiGate product line, FortiGate is designed to address security requirements for small- to medium-sized businesses, large enterprises and government organizations worldwide.
Typically, all FortiGate hardware appliances include our SPUs to accelerate content and network security features implemented within FortiOS. The significant differences between each model are the performance and scalability targets each model is designed to meet, while the security features and associated services offered are common throughout all models. The FortiGate-20 through -90 series models are designed for perimeter protection for small- to medium-sized businesses and enterprises with distributed offices. The FortiGate-100 through -900 series models are designed for perimeter deployment in medium-sized to large enterprise networks. The FortiGate-1000 through -7000 series models deliver high performance and scalable network security functionality for perimeter, data center and core deployment in large enterprises.
We also incorporate additional technologies within FortiGate appliances that differentiate our solutions, including data leak protection, traffic optimization, SSL inspection, threat vulnerability management and wireless controller technology. In addition to these in-built features, we offer a full range of wireless access points and controllers, complementing FortiGate appliances with the flexibility of wireless local area network access.
Fortinet Security Fabric Platform and Non-FortiGate Products
As part of the Fortinet Security Fabric platform, we offer products that provide network security, end point security, cloud security, web-based application security, identity and access management, sandbox protection and email security. The integration of devices using open standards, common operating systems, and unified management platforms enables the sharing and correlation of real-time threat intelligence. The following Fortinet products can operate as part of the Fortinet Security Fabric platform.
• | FortiSwitch—Our FortiSwitch product family provides secure switching solutions that can be deployed in traditional network switching designs with Layer 2 or Layer 3 access control features. FortiSwitch creates a scalable and secure access layer for customers to connect their end devices, such as computers and laptops, as well as to expand the field of IoT devices. |
3
• | FortiAP—Our FortiAP product family provides secure wireless networking solutions. FortiAPs allow a variety of management options including from the cloud and directly from our FortiGate firewall product. FortiAPs create a scalable and secure access layer for connecting wireless devices such as computers, laptops, cell phones and tablets, as well as IoT devices. |
• | FortiExtender—Our FortiExtender appliance provides a WAN connection to our FortiGate products using wireless broadband networks. End-customers that use multiple WAN connections, including SD-WAN, can use FortiExtender for one of those WAN links. FortiExtender can also be used as the primary connection for a location where wireless is the preferred broadband option. |
• | FortiAnalyzer—Our FortiAnalyzer family of products provides centralized network logging, analyzing and reporting solutions that securely aggregate content and log data from our FortiGate devices, other Fortinet products and third-party devices to enable network logging, analysis and reporting. |
• | FortiManager—Our FortiManager family of products provides a central and scalable management solution for our FortiGate products, including software updates, configuration, policy settings and security updates. FortiManager facilitates the coordination of policy-based provisioning, device configuration and operating system revision management, as well as network security monitoring and device control. |
• | FortiWeb—Our FortiWeb product family provides web application firewall solutions, including internet protocol (“IP”) reputation and anti-botnet security, distributed denial-of-service protection, protocol validation, application attack signatures and deep learning AI to protect applications against a wide range of threats. |
• | FortiMail—Our FortiMail product family provides secure email gateway solutions. FortiMail utilizes the technologies and security services from FortiGuard Labs to deliver protection against threats that use email as an attack vector. FortiMail also integrates data protection capabilities to avoid data loss. |
• | FortiSandbox—Our FortiSandbox technology delivers proactive detection and mitigation with the ability to generate a directly actionable protection capability. Available in both hardware and cloud-based form, the FortiSandbox subjects suspicious code to a set of multi-layer protection techniques, culminating in execution within an operating system, allowing real-time behavioral analysis to be performed in a secure environment. When malicious code is identified, a signature can be generated locally for distribution across the Fortinet Security Fabric platform. |
• | FortiSIEM—Our FortiSIEM family of software solutions provides a cloud-ready security information and event management (“SIEM”) solution. FortiSIEM unifies analytics that are traditionally monitored discretely, parses the information and then processes it in an event-based analytics engine for handling real-time searches, rules, dashboards and ad-hoc queries. This unification of diverse sources of data enables organizations to create comprehensive dashboards and reports to identify root causes of threats, and take the steps necessary to remediate and prevent them in the future. |
• | FortiToken and FortiAuthenticator—Our FortiToken and FortiAuthenticator product families allow organizations to implement multi-factor authentication to better safeguard systems, assets and data. |
• | FortiNAC—Our FortiNAC product family enables customers to implement zero trust network access strategies by gaining visibility into devices connecting into the network, including IoT devices, in order to meet minimum required security postures and to control access. |
All of the products listed above are available in multiple form factors, such as hardware, virtual machine, cloud or software-as-a-service (“SaaS”), except for FortiSwitch, FortiAP and FortiExtender, which are available as hardware appliances only.
In the fourth quarter of 2019, we acquired enSilo Limited (“enSilo”), a provider of endpoint detection and response products and services, and CyberSponse, Inc. (“CyberSponse”), a provider of security orchestration, automation and response products and services. We expect that the enSilo acquisition will further enhance the Fortinet Security Fabric platform and strengthen endpoint and network security solutions by providing customers with advanced endpoint security. We expect that the CyberSponse acquisition will further extend the automation and incident response capabilities of our FortiAnalyzer, FortiSIEM and FortiGate solutions.
4
Services
FortiGuard Security Subscription Services
Security requirements are dynamic due to the constantly changing nature of threats. Our FortiGuard security subscription services are designed to quickly deliver new threat detection and prevention capabilities to end-customers worldwide as new threats evolve. Our FortiGuard Labs global threat research team identifies emerging threats, collects threat samples, and replicates, reviews, characterizes and collates attack data through the use of AI, automation and original research. Based on this research, we develop updates for virus signatures, attack definitions, scanning engines and other security solution components to distribute to end-customers. FortiGuard functionality varies depending on which FortiGate and non-FortiGate products the end-customer is using, but will typically include one or more of the following functions: application control, antivirus, intrusion prevention, web filtering, anti-spam, VPN functions, email image analysis, vulnerability management, database functions, web functions, advanced threat protection, sandboxing and domain and IP reputation services.
End-customers purchase FortiGuard security subscription services in advance, typically with terms of one to five years. We provide FortiGuard security subscription services 24 hours a day, seven days a week.
FortiCare Technical Support Services
Our FortiCare support services portfolio includes technical support and extended product warranty. For our standard technical support, our channel partners may provide first-level support to the end-customer. We also provide first-level support to our end-customers, as well as second- and third-level support as appropriate. We also provide knowledge management tools and customer self-help portals to help augment our support capabilities in an efficient and scalable manner. We deliver technical support to partners and end-customers 24 hours a day, seven days a week, through worldwide regional technical support centers. In addition to our technical support services, we offer a range of advanced services, including premium support, professional services and replacement parts delivery.
Service Bundles
We also sell FortiGuard and FortiCare services as bundles, consolidating security services into packages that would be typical for certain types of end-customer.
• | Advanced Threat Protection—Our Advanced Threat Protection bundle includes application control, antivirus, IP reputation and anti-botnet security, mobile security, data sanitation, sandbox, intrusion prevention and virus outbreak protection, along with FortiCare support services. |
• | Unified Threat Protection—Our Unified Threat Protection bundle includes antispam, antivirus, data sanitation, sandbox, application control, intrusion prevention, virus outbreak protection and web filtering, along with FortiCare support services. |
• | Enterprise Protection—Our Enterprise Protection bundle includes application control, intrusion prevention, web filtering, sandbox, antivirus, mobile security, IP reputation and anti-botnet security, antispam, cloud access security broker (“CASB”), industrial control systems, security rating, virus outbreak protection and data sanitation, along with FortiCare support services. |
• | 360 Protection—Our 360 Protection bundle includes application control, intrusion prevention, web filtering, sandbox, antivirus, mobile security, IP reputation and anti-botnet security, antispam, CASB, industrial control systems, security rating, virus outbreak protection and data sanitation, along with enhanced FortiCare support services and operational services such as SD-WAN orchestration and cloud-based management and visibility of the Fortinet Security Fabric platform. |
Professional Services
We offer professional services to end-customers including technical account managers (“TAMs”), resident engineers (“REs”) and professional service consultants and security architects for implementations.
5
TAMs and REs are dedicated support engineers available to help identify and eliminate issues before problems arise. Each TAM and RE acts as a single point of contact and customer advocate within Fortinet, offering a deep understanding of our customers’ businesses and security requirements.
Our professional services consultants and security architects help to formulate customer-specific security strategies, develop roadmaps for securing digital initiatives and design product deployments. They work closely with end-customers to implement our products according to design, utilizing network analysis tools, traffic simulation software and scripts.
Training Services
We offer training services to our end-customers and channel partners through our training department and authorized training partners. We have also implemented a training certification program, Network Security Expert, to help ensure an understanding of our products and services.
Customers
We typically sell our security solutions to channel partners, who in turn sell to end-customers. At times, we also sell directly to end-customers. Our end-customers are located in over 80 countries and include small and medium-sized businesses, large enterprises and government organizations across a wide range of industries, including telecommunications, government, financial services, retail, technology, education, manufacturing and healthcare. An end-customer deployment may involve as few as one or as many as thousands of appliances and other Fortinet Security Fabric platform products, depending on the end-customer’s size and security requirements. Customers may also access our products via the cloud through certain cloud providers such as Amazon Web Services, Microsoft Azure, Google Cloud, Oracle Cloud, Alibaba Cloud and IBM Cloud. Typically, our customers also purchase our FortiGuard security subscription services and FortiCare technical support services.
During 2019, Exclusive Networks Group (“Exclusive”) and Ingram Micro Inc. (“Ingram Micro”) accounted for 31% and 11% of total revenue, respectively. During 2018, Exclusive and Ingram Micro accounted for 30% and 10% of total revenue, respectively. During 2017, Exclusive accounted for 25% of total revenue.
Sales and Marketing
We primarily sell our products and services through a two-tier distribution model. We sell to distributors that sell to networking security and enterprise-focused resellers and to service providers and managed security service providers (“MSSPs”), who, in turn, sell to our end-customers. In certain cases, we sell directly to large service providers and major systems integrators. We work with many technology distributors, including Exclusive, Ingram Micro, Synnex Corporation, Tech Data Corporation and Arrow Electronics, Inc.
We support our channel partners with a dedicated team of experienced channel account managers, sales professionals and sales engineers who provide business planning, joint marketing strategy, and pre-sales and operational sales support. Additionally, our sales teams help drive and support large enterprise and service provider sales through a direct touch model. Our sales professionals and engineers typically work closely with our channel partners and directly engage with large end-customers to address their unique security and deployment requirements. To support our broadly dispersed global channel and end-customer base, we have sales professionals in over 80 countries around the world.
Our marketing strategy is focused on building our brand and driving end-customer demand for our security solutions. We use a combination of internal marketing professionals and a network of regional and global channel partners. Our internal marketing organization is responsible for messaging, branding, demand generation, product marketing, packaging support and subscription services into service bundles, channel marketing, partner incentives and promotions, event marketing, digital marketing, communications, analyst relations, public relations and sales enablement. We focus our resources on campaigns, programs and activities that can be leveraged by partners worldwide to extend our marketing reach, such as sales tools and collateral, product awards and technical certifications, media engagement, training, regional seminars and conferences, webinars and various other demand-generation activities.
In 2019, we continued to invest in sales and marketing resources, particularly in the enterprise market where we believe there is an opportunity to expand our business. We intend to continue to make investments in our sales resources and infrastructure and marketing strategy, which are critical to support our growth.
6
Manufacturing and Suppliers
We outsource the manufacturing of our security appliance products to a variety of contract manufacturers and original design manufacturers. Our current manufacturing partners include ADLINK Technology, Inc. (“ADLINK”), IBASE Technology, Inc. (“IBASE”), Micro-Star International Co. (“Micro-Star”), Senao Networks, Inc. (“Senao”), Wistron Corporation (“Wistron”) and a number of other manufacturers. The majority of our hardware is manufactured in Taiwan. We submit purchase orders to our contract manufacturers that describe the type and quantities of our products to be manufactured, the delivery date and other delivery terms. Once our products are manufactured, they are sent to either our warehouse in California or to our logistics partner in Taoyuan City, Taiwan, where accessory packaging and quality-control testing are performed. We believe that outsourcing our manufacturing and a substantial portion of our logistics enables us to focus resources on our core competencies. Our proprietary SPUs, which are key to the performance of our appliances, are built by contract manufacturers including Toshiba America Electronic Components, Inc. (“Toshiba”) and Renesas Electronics America, Inc. (“Renesas”). These contract manufacturers use foundries in Taiwan and Japan operated by either Taiwan Semiconductor Manufacturing Company Limited (“TSMC”) or by the contract manufacturer itself.
The components included in our products are sourced from various suppliers by us or, more frequently, by our contract manufacturers. Some of the components important to our business, including certain CPUs from Intel Corporation (“Intel”); network chips from Broadcom Inc. (“Broadcom”), Marvell Technology Group Ltd. (“Marvell”) and Intel, and memory devices from Intel, ADATA Technology Co., Ltd. (“ADATA”), OCZ Technology Group, Inc., Samsung Electronics Co., Ltd. (“Samsung”), and Western Digital Technologies, Inc. (“Western Digital”), are available from limited or sole sources of supply.
We have no long-term contracts related to the manufacturing of our ASICs or other components that guarantee any capacity or pricing terms.
Research and Development
We focus our research and development efforts on developing new hardware and software products and services, and adding new features to existing products and services. Our development strategy is to identify features, products and systems for both software and hardware that are, or are expected to be, important to our end-customers. Our success in designing, developing, manufacturing and selling new or enhanced products will depend on a variety of factors, including identification of market demand for new products, product selection, timely implementation of product design and development, product performance, costs of development, bills of materials, effective manufacturing and assembly processes and sales and marketing.
Intellectual Property
We rely primarily on patent, trademark, copyright and trade secrets laws, confidentiality procedures and contractual provisions to protect our technology. We periodically have discussions with third parties regarding licensing Fortinet’s intellectual property and have sometimes taken legal action against competitors to protect our intellectual property, and as a result third parties have paid us fees in return for licenses or covenants-not-to-sue related to Fortinet intellectual property. As of December 31, 2019, we had 626 U.S. and foreign-issued patents and 175 pending U.S. and foreign patent applications. We also license software from third parties for inclusion in our products, including open source software and other software.
Despite our efforts to protect our rights in our technology, unauthorized parties may attempt to copy aspects of our products or obtain and use information and technology that we regard as proprietary. We generally enter into confidentiality agreements with our employees, consultants, vendors and customers, and generally limit access to and distribution of our proprietary information. However, we cannot provide assurance that the steps we take will prevent misappropriation of our technology. In addition, the laws of some foreign countries do not protect our proprietary rights to as great an extent as the laws of the United States, and many foreign countries do not enforce these laws as diligently as government agencies and private parties in the United States.
Our industry is characterized by the existence of a large number of patents and frequent claims and related litigation regarding patent and other intellectual property rights. Third parties have asserted, are currently asserting and may in the future assert patent, copyright, trademark or other intellectual property rights against us, our channel partners or our end-customers. Successful claims of infringement by a third party could prevent us from distributing certain products or performing certain services or require us to pay substantial damages (including treble damages if we are found to have willfully infringed patents or copyrights), royalties or other fees. Even if third parties offer a license to their technology, the terms of any offered license may not be acceptable and the failure to obtain a license or the costs associated with any license could cause our business, operating results or financial condition to be materially and adversely affected. In certain instances, we indemnify our end-customers, distributors and resellers against claims that our products infringe the intellectual property of third parties.
7
Seasonality
For information regarding seasonality in our sales, see the section entitled “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Quarterly Results of Operations—Seasonality, Cyclicality and Quarterly Revenue Trends” in Part II, Item 7 of this Annual Report on Form 10-K.
Competition
The markets for our products are extremely competitive and are characterized by rapid technological change. The principal competitive factors in our markets include the following:
•product performance, throughput, features, effectiveness, interoperability and reliability;
•addition and integration of new networking and security features and technological expertise;
•compliance with industry standards and certifications;
•price of products and services and total cost of ownership;
•brand recognition;
•customer service and support across varied and complex customer segments;
•sales and distribution capabilities;
•size and financial stability; and
•breadth of product line.
Among others, our competitors include Barracuda Networks, Inc. (“Barracuda”), Check Point Software Technologies Ltd. (“Check Point”), Cisco Systems, Inc. (“Cisco”), CrowdStrike Holdings, Inc. (“CrowdStrike”), F5 Networks, Inc. (“F5 Networks”), FireEye, Inc. (“FireEye”), Forcepoint LLC (“Forcepoint”), Imperva, Inc. (“Imperva”), Juniper Networks, Inc. (“Juniper”), McAfee, LLC (“McAfee”), Palo Alto Networks, Inc. (“Palo Alto Networks”), Proofpoint, Inc. (“Proofpoint”), SonicWALL, Inc. (“SonicWALL”), Sophos Group Plc (“Sophos”), Trend Micro Incorporated (“Trend Micro”) and Zscaler, Inc (“Zscaler”).
We believe we compete favorably based on our products’ performance, throughput, reliability, breadth and ability to work together; our ability to add and integrate new networking and security features and our technological expertise. Several competitors are significantly larger, have greater financial, technical, marketing, distribution, customer support and other resources, are more established than we are, and have significantly better brand recognition. Some of these larger competitors have substantially broader product offerings, and leverage their relationships based on other products or incorporate functionality into existing products in a manner that discourages users from purchasing our products. Based in part on these competitive pressures, we may lower prices or attempt to add incremental features and functionalities to our products.
Conditions in our markets could change rapidly and significantly as a result of technological advancements or market consolidation. The development and market acceptance of alternative technologies could decrease the demand for our products or render them obsolete. Our competitors may introduce products that are less costly, provide superior performance, are better marketed, or achieve greater market acceptance than our products. Additionally, our larger competitors often have broader product lines and are better positioned to withstand a significant reduction in capital spending by end-customers, and will therefore not be as susceptible to downturns in a particular market. The above competitive pressures are likely to continue to impact our business. We may not be able to compete successfully in the future, and competition may harm our business.
Employees
As of December 31, 2019, our total headcount was 7,082 employees and contractors. None of our U.S. employees are represented by a labor union; however, our employees in certain European and Latin American countries have the right to be represented by external labor organizations if they maintain up-to-date union membership. We have not experienced any work stoppages, and we consider our relations with our employees to be good.
Available Information
Our web site is located at https://www.fortinet.com, and our investor relations web site is located at https://investor.fortinet.com. The information posted on our website is not incorporated by reference into this Annual Report on Form 10-K. Our Annual Report on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K and amendments to reports filed or furnished pursuant to Sections 13(a) and 15(d) of the Securities Act, are available free of charge on our investor relations web site as soon as reasonably practicable after we electronically file such material with, or furnish it to, the SEC. You may also access all of our public filings through the SEC’s website at https://www.sec.gov.
8
We webcast our earnings calls and certain events we participate in or host with members of the investment community on our investor relations web site. Additionally, we provide notifications of news or announcements regarding our financial performance, including SEC filings, investor events and press and earnings releases, as part of our investor relations web site. The contents of these web sites are not intended to be incorporated by reference into this report or in any other report or document we file.
9
ITEM 1A. Risk Factors
Investing in our common stock involves a high degree of risk. Investors should carefully consider the following risks and all other information contained in this Annual Report on Form 10-K, including our consolidated financial statements and the related notes, before investing in our common stock. The risks and uncertainties described below are not the only ones we face. Additional risks and uncertainties that we are unaware of, or that we currently believe are not material, also may become important factors that affect us. If any of the following risks materialize, our business, financial condition and results of operations could be materially harmed. In that case, the trading price of our common stock could decline substantially, and investors may lose some or all of their investment.
Risks Related to Our Business
Our operating results are likely to vary significantly and be unpredictable.
Our operating results have historically varied from period to period, and we expect that they will continue to do so as a result of a number of factors, many of which are outside of our control or may be difficult to predict, including:
• | our ability to attract and retain new end-customers or sell additional products and services to our existing end-customers; |
• | the level of demand for our products and services, which may render forecasts inaccurate; |
• | the timing of channel partner and end-customer orders, and our reliance on a concentration of shipments at the end of each quarter; |
• | the timing of shipments, which may depend on factors such as inventory levels, logistics, manufacturing or shipping delays, our ability to ship new products on schedule and our ability to accurately forecast inventory requirements; |
• | inventory management; |
• | component and product inventory shortages, including those caused by factors outside of our control such as natural disasters and health emergencies, including earthquakes, fires, power outages, typhoons, floods, pandemics or epidemics such as the coronavirus and manmade events such as civil unrest, labor disruption, international trade disputes, international conflicts, terrorism, wars and critical infrastructure attacks; |
• | the mix of products sold and the mix of revenue between products and services, as well as the degree to which products and services are bundled and sold together for a package price; |
• | the purchasing practices and budgeting cycles of our channel partners and end-customers, including the effect of the end of product refresh cycles; |
• | any decreases in demand by channel partners or end-customers, including any such decreases caused by factors outside of our control such as natural disasters and health emergencies, including earthquakes, fires, power outages, typhoons, floods, pandemics or epidemics such as the coronavirus and manmade events such as civil unrest, labor disruption, international trade disputes, international conflicts, terrorism, wars and critical infrastructure attacks; |
• | the effectiveness of our sales organization, generally or in a particular geographic region, the time it takes to hire sales personnel and the timing of hiring, and our ability to hire and retain effective sales personnel; |
• | sales execution risk related to effectively selling to all segments of the market, including enterprise and small- and medium-sized businesses and service providers, and to selling our broad security product and services portfolio, including, among other execution risks, risks associated with the complexity and distraction in selling to all segments and increased competition and unpredictability of timing to close sales deals with large enterprises; |
10
• | execution risk associated with our efforts to capture the opportunities related to our identified growth drivers, such as risk associated with our ability to capitalize on network security and SD-WAN, infrastructure security, cloud security and endpoint protection, IoT and OT security opportunities; |
• | the seasonal buying patterns of our end-customers; |
• | the timing and level of our investments in sales and marketing, and the impact of such investments on our operating expenses, operating margin and the productivity and effectiveness of execution of our sales and marketing teams; |
• | the timing of revenue recognition for our sales; |
• | the level of perceived threats to network security, which may fluctuate from period to period; |
• | any actual or perceived vulnerabilities in our products or services, and any actual or perceived breach of our network or our customers’ networks; |
• | changes in the requirements, market needs or buying practices and patterns of our distributors, resellers or end-customers; |
• | changes in the growth rates of the network security market in particular and other security and networking markets, such as SD-WAN, for which we sell products and services; |
• | the timing and success of new product and service introductions or enhancements by us or our competitors, or any other change in the competitive landscape of our industry, including consolidation among our competitors, partners or end-customers; |
• | the deferral of orders from distributors, resellers or end-customers in anticipation of new products or product enhancements announced by us or our competitors; |
• | increases or decreases in our billings, revenue and expenses caused by fluctuations in foreign currency exchange rates or a strengthening of the U.S. dollar, as a significant portion of our expenses is incurred and paid in currencies other than the U.S. dollar, and the impact such fluctuations may have on the actual prices that our partners and customers are willing to pay for our products and services; |
• | compliance with existing laws and regulations that are applicable to our ability to conduct business with the public sector and other sectors; |
• | litigation, litigation fees and costs, settlements, judgments and other equitable and legal relief granted related to litigation; |
• | the impact of cloud-based platforms on our billings, revenues, operating margins and free cash flow; |
• | decisions by potential end-customers to purchase network security solutions from newer technology providers, from larger, more established security vendors or from their primary network equipment vendors; |
• | price competition and increased competitiveness in our market, including the competitive pressure caused by product refresh cycles; |
• | our ability to both increase revenues and manage and control operating expenses in order to improve our operating margins; |
• | changes in customer renewal rates or attached rates for our services; |
• | changes in the payment terms of services contracts or the contractual term of services contracts sold; |
• | changes in payment terms of our contracts with service providers and distributors; |
• | changes in our estimated annual effective tax rates; |
11
• | changes in circumstances and challenges in business conditions, including decreased demand, which may negatively impact our channel partners’ ability to sell the current inventory they hold and negatively impact their future purchases of products from us; |
• | increased demand for cloud-based services and the uncertainty associated with transitioning to providing such services; |
• | increased expenses, unforeseen liabilities or write-downs and any impact on results of operations from any acquisition consummated; |
• | our channel partners having insufficient financial resources to withstand changes and challenges in business conditions; |
• | disruptions in our channel or termination of our relationship with important channel partners, including as a result of consolidation among distributors and resellers of security solutions; |
• | insolvency, credit or other difficulties confronting our key suppliers and channel partners, which could affect their ability to purchase or pay for products and services and which could disrupt our supply or distribution chain; |
• | policy changes and uncertainty with respect to immigration laws, trade policy and tariffs, including increased tariffs applicable to countries where we manufacture our products, foreign imports and tax laws related to international commerce; |
• | political, economic and social instability, including geo-political instability and uncertainty, such as the impact of the United Kingdom’s exit from the European Union (“Brexit”); |
• | general economic conditions, both in domestic and foreign markets; |
• | future accounting pronouncements or changes in our accounting policies as well as the significant costs that may be incurred to adopt and comply with these new pronouncements; |
• | possible impairments or acceleration of depreciation of our existing real estate due to our current real estate holdings and future development plans; and |
• | legislative or regulatory changes, such as with respect to privacy, information and cybersecurity, exports, the environment and applicable accounting standards. |
Any one of the factors above or the cumulative effect of some of the factors referred to above may result in significant fluctuations in our quarterly financial and other operating results. This variability and unpredictability could result in our failing to meet our internal operating plan or the expectations of securities analysts or investors for any period. If we fail to meet or exceed such expectations for these or any other reasons, the market price of our shares could fall substantially and we could face costly lawsuits, including securities class action suits. In addition, a significant percentage of our operating expenses are fixed in nature over the near term. Accordingly, in the event of revenue shortfalls, we are generally unable to mitigate the negative impact on margins in the short term.
Adverse economic conditions or reduced information technology spending may adversely impact our business.
Our business depends on the overall demand for information technology and on the economic health of our current and prospective customers. In addition, the purchase of our products is often discretionary and may involve a significant commitment of capital and other resources. Weak global and regional economic conditions and spending environments, geopolitical instability and uncertainty, weak economic conditions in certain regions or a reduction in information technology spending regardless of macro-economic conditions could have adverse impacts on our business, financial condition and results of operations, including longer sales cycles, lower prices for our products and services, higher default rates among our channel partners, reduced unit sales and slower or declining growth.
12
Our billings, revenue, operating margin and free cash flow growth may slow or may not continue.
We may experience slowing growth, or a decrease, in billings, revenue, operating margin and free cash flow for a number of reasons, including a slowdown in demand for our products or services, a shift in demand from products to services, increased competition, a decrease in the growth of our overall market or softness in demand in certain geographies or industry verticals, such as the service provider industry, changes in our strategic opportunities, execution risks and our failure for any reason to continue to capitalize on sales and growth opportunities due to other risks identified in the risk factors described in this periodic report. Our expenses as a percentage of total revenue may be higher than expected if our revenue is lower than expected and, if our investments in sales and marketing and other functional areas do not result in expected billings and revenue growth, we may experience margin declines and may not be able to sustain profitability in future periods if we fail to increase billings, revenue or deferred revenue, do not appropriately manage our cost structure and free cash flow or encounter unanticipated liabilities. Any failure by us to maintain profitability, maintain our margins and continue our billings, revenue and free cash flow growth could cause the price of our common stock to materially decline.
We rely significantly on revenue from FortiGuard security subscription and FortiCare technical support services, and revenue from these services may decline or fluctuate. Because we recognize revenue from these services over the term of the relevant service period, downturns or upturns in sales of FortiGuard security subscription and FortiCare technical support services are not immediately reflected in full in our operating results.
Our FortiGuard security subscription and FortiCare technical support services revenue has historically accounted for a significant percentage of our total revenue. Revenue from the sale of new, or from the renewal of existing, FortiGuard security subscription and FortiCare technical support service contracts may decline and fluctuate as a result of a number of factors, including fluctuations in purchases of FortiGate appliances or our Fortinet Security Fabric platform products, changes in the sales mix between products and services, end-customers’ level of satisfaction with our products and services, the prices of our products and services, the prices of products and services offered by our competitors, reductions in our customers’ spending levels and the timing of revenue recognition with respect to these arrangements. If our sales of new, or renewals of existing, FortiGuard security subscription and FortiCare technical support service contracts decline, our revenue and revenue growth may decline and our business could suffer. In addition, in the event significant customers require payment terms for FortiGuard security subscription and FortiCare technical support services in arrears or for shorter periods of time than annually, such as monthly or quarterly, this may negatively impact our billings and revenue. Furthermore, we recognize FortiGuard security subscription and FortiCare technical support services revenue monthly over the term of the relevant service period, which is typically from one to five years. As a result, much of the FortiGuard security subscription and FortiCare technical support services revenue we report each quarter is the recognition of deferred revenue from FortiGuard security subscription and FortiCare technical support services contracts entered into during previous quarters or years. Consequently, a decline in new or renewed FortiGuard security subscription and FortiCare technical support services contracts in any one quarter will not be fully reflected in revenue in that quarter but will negatively affect our revenue in future quarters. Accordingly, the effect of significant downturns in sales of new, or renewals of existing, FortiGuard security subscription and FortiCare technical support services is not reflected in full in our statements of income until future periods. Our FortiGuard security subscription and FortiCare technical support services revenue also makes it difficult for us to rapidly increase our revenue through additional service sales in any period, as revenue from new and renewal support services contracts must be recognized over the applicable service period.
We generate a majority of revenue from sales to distributors, resellers and end-customers outside of the United States, and we are therefore subject to a number of risks associated with international sales and operations.
We market and sell our products throughout the world and have established sales offices in many parts of the world. Our international sales have represented a majority of our total revenue in recent periods. Therefore, we are subject to risks associated with having worldwide operations. We are also subject to a number of risks typically associated with international sales and operations, including:
• | economic or political instability in foreign markets; |
• | greater difficulty in enforcing contracts and accounts receivable collection, including longer collection periods; |
• | longer sales processes for larger deals, particularly during the summer months; |
• | changes in regulatory requirements; |
13
• | difficulties and costs of staffing and managing foreign operations; |
• | the uncertainty of protection for intellectual property rights in some countries; |
• | costs of compliance with foreign policies, laws and regulations and the risks and costs of non-compliance with such policies, laws and regulations; |
• | any disruption in manufacturing or shipping or decreases in demand by channel partners or end-customers, including any such disruption or decreases caused by factors outside of our control such as natural disasters and health emergencies, including earthquakes, fires, power outages, typhoons, floods, pandemics or epidemics such as the coronavirus and manmade events such as civil unrest, labor disruption, international trade disputes, international conflicts, terrorism, wars and critical infrastructure attacks; |
• | protectionist policies and penalties, and local laws, requirements, policies and perceptions that may adversely impact a U.S.-headquartered business’s sales in certain countries outside of the United States; |
• | costs of complying with, and the risks, reputational damage and other costs of non-compliance with, U.S. or other foreign laws and regulations for foreign operations, including the U.S. Foreign Corrupt Practices Act, the United Kingdom Bribery Act 2010, the General Data Protection Regulation (the “GDPR”), import and export control laws, trade laws and regulations, tariffs and retaliatory measures, trade barriers and economic sanctions; |
• | other regulatory or contractual limitations on our ability to sell our products in certain foreign markets, and the risks and costs of non-compliance; |
• | heightened risks of unfair or corrupt business practices in certain geographies and of improper or fraudulent sales or sales-related arrangements, such as sales “side agreements” to allow return rights, that could disrupt the sales team through terminations of employment or otherwise, and may adversely impact financial results as compared to those already reported or forecasted and result in restatements of financial statements and irregularities in financial statements; |
• | our ability to effectively implement and maintain adequate internal controls to properly manage our international sales and operations; |
• | political unrest, changes and uncertainty associated with terrorism, hostilities, war or natural disasters; |
• | changes in foreign currency exchange rates; |
• | management communication and integration problems resulting from cultural differences and geographic dispersion; and |
• | changes in tax, tariff, employment and other laws. |
Product and service sales and employee and contractor matters may be subject to foreign governmental regulations, which vary substantially from country to country. Further, we may be unable to keep up to date with changes in government requirements as they change over time. Failure to comply with these regulations could result in adverse effects to our business. In many foreign countries, it is common for others to engage in business practices that are prohibited by our internal policies and procedures or U.S. regulations applicable to us. Although we implemented policies and procedures designed to ensure compliance with these laws and policies, there can be no assurance that all of our employees, contractors, channel partners and agents will comply with these laws and policies. Violations of laws or key control policies by our employees, contractors, channel partners or agents could result in litigation, regulatory action, costs of investigation, delays in revenue recognition, delays in financial reporting, financial reporting misstatements, fines, penalties or the prohibition of the importation or exportation of our products and services, any of which could have a material adverse effect on our business and results of operations.
We may undertake corporate operating restructurings or transfers of assets that involve our group of foreign country subsidiaries through which we do business abroad, in order to maximize the operational and tax efficiency of our group structure. If ineffectual, such restructurings or transfers could increase our income tax liabilities, and in turn, increase our global effective tax rate. Moreover, our existing corporate structure and intercompany arrangements have been implemented in a
14
manner that we believe is in compliance with current prevailing tax laws. However, the tax authorities of the jurisdictions in which we operate may challenge our methodologies for valuing developed technology or intercompany arrangements, which could impact our worldwide effective tax rate and harm our financial position and operating results.
If we are not successful in continuing to execute our strategy to increase our sales to large and medium-sized end-customers, our results of operations may suffer.
An important part of our growth strategy is to increase sales of our products to large and medium-sized businesses, service providers and government organizations. While we have increased sales in recent periods to large and medium-sized businesses, our sales volume varies by quarter and there is risk as to our level of success selling to these target customers. Such sales involve unique sales skillsets, processes and structures, are often more complex and feature a longer contract term and may be at higher discount levels. We also have experienced uneven traction selling to certain government organizations and service providers and managed security service providers (“MSSPs”), and there can be no assurance that we will be successful selling to these customers. Sales to these organizations involve risks that may not be present, or that are present to a lesser extent, with sales to smaller entities. These risks include:
• | increased competition from competitors that traditionally target large and medium-sized businesses, service providers and government organizations and that may already have purchase commitments from those end-customers; |
• | increased purchasing power and leverage held by large end-customers in negotiating contractual arrangements; |
• | unanticipated changes in the capital resources or purchasing behavior of large end-customers, including changes in the volume and frequency of their purchases and changes in the mix of products and services, willingness to change to cloud delivery model and related payment terms; |
• | more stringent support requirements in our support service contracts, including stricter support response times, more complex requirements and increased penalties for any failure to meet support requirements; |
• | longer sales cycles and the associated risk that substantial time and resources may be spent on a potential end-customer that elects not to purchase our products and services; |
• | uncertainty as to timing to close large deals and any delays in closing those deals; and |
• | longer ramp-up periods for enterprise sales personnel as compared to other sales personnel. |
Large and medium-sized businesses, service providers and MSSPs and government organizations often undertake a significant evaluation process that results in a lengthy sales cycle, in some cases longer than 12 months. Although we have a channel sales model, our sales representatives typically engage in direct interaction with end-customers, along with our distributors and resellers, in connection with sales to large and medium-sized end-customers. We may spend substantial time, effort and money in our sales efforts without being successful in producing any sales. In addition, purchases by large and medium-sized businesses, service providers and government organizations are frequently subject to budget constraints, multiple approvals and unplanned administrative, processing and other delays. Furthermore, service providers and MSSPs represent our largest industry vertical and consolidation or continued changes in buying behavior by larger customers within this industry could negatively impact our business. Large and medium-sized businesses, service providers and MSSPs and government organizations typically have longer implementation cycles, require greater product functionality and scalability, expect a broader range of services, including design, implementation and post go-live services, demand that vendors take on a larger share of risks, require acceptance provisions that can lead to a delay in revenue recognition and expect greater payment flexibility from vendors. In addition, large and medium-sized businesses, service providers and government organizations may require that our products and services be sold differently from how we offer our products and services, which could negatively impact our operating results. Our large business and service provider customers may also become more deliberate in their purchases as they plan their next-generation network security architecture, leading them to take more time in making purchasing decisions or to purchase based only on their immediate needs. All these factors can add further risk to business conducted with these customers. In addition, if sales expected from a large and medium-sized end-customer for a particular quarter are not realized in that quarter or at all, our business, operating results and financial condition could be materially and adversely affected.
15
Managing inventory of our products and product components is complex. Insufficient inventory or components may result in lost sales opportunities or delayed revenue, while excess inventory may harm our gross margins.
Managing our inventory is complex. Our channel partners may increase orders during periods of product shortages, cancel orders or not place orders commensurate with our expectations if their inventory is too high, return products or take advantage of price protection (if any is available to the particular partner) or delay orders in anticipation of new products, and accurately forecasting inventory requirements and demand can be challenging. Our channel partners also may adjust their orders in response to the supply of our products and the products of our competitors that are available to them and in response to seasonal fluctuations in end-customer demand. Furthermore, if the time required to manufacture or ship certain products increases for any reason, inventory shortfalls could result. If we cannot manufacture and ship our products due to, for example, natural disasters and health emergencies such as earthquakes, fires, power outages, typhoons, floods, pandemics and epidemics such as the coronavirus or manmade events such as civil unrest, labor disruption, international trade disputes, international conflicts, terrorism, wars and critical infrastructure attacks, our business and financial results could be materially and adversely impacted. Management of our inventory is further complicated by the significant number of different products and models that we sell which may impact our billings, revenue, margins and free cash flow. Mismanagement of our inventory, whether due to imprecise forecasting, employee errors or malfeasance, inaccurate information or otherwise, may adversely affect our results of operations.
Inventory management remains an area of focus as we balance the need to maintain inventory levels that are sufficient to ensure competitive lead times against the risk of inventory obsolescence because of rapidly changing technology, product transitions, customer requirements or excess inventory levels. If we ultimately determine that we have excess inventory, we may have to reduce our prices and write-down inventory, which in turn could result in lower gross margins. Alternatively, insufficient inventory levels may lead to shortages that result in delayed billings and revenue or loss of sales opportunities altogether as potential end-customers turn to competitors’ products that are readily available. For example, we have in the past experienced inventory shortages and excesses due to the variance in demand for certain products from forecasted amounts. In addition, for those channel partners that have rights of return, inventory held by such channel partners affects our results of operations. Our inventory management systems and related supply chain visibility tools may be inadequate to enable us to effectively manage inventory. If we are unable to effectively manage our inventory and that of our channel partners, our results of operations could be adversely affected.
Widespread health problems, such as the outbreak and spread of the coronavirus, could adversely affect our business in a material way.
While the majority of our products are manufactured outside of China, certain components for our products and certain of our products are manufactured in China and Taiwan. In addition, certain of our logistics and shipping operations are in Taiwan. We also have other operations in Asia. Pandemics and epidemics such as the current coronavirus outbreak or other widespread public health problems could negatively impact our business. If, for example, the coronavirus progresses in ways that disrupt the manufacture or shipment of our products or otherwise disrupt our operations, this may materially negatively impact our operating results for the first quarter of 2020 and subsequent periods, including billings, revenue, gross margins, operating margins, cash flows and other operating results and our overall business. If the coronavirus spreads in ways that continue to negatively impact the overall economy and buying patterns of partners or potential customers, this would negatively impact, and may materially negatively impact, our sales, operating results and business. If the spread of the coronavirus limits the manufacturing of our products, either by limiting components available or by limiting the actual manufacture and assembly, this likely would result in increased product backlog, lower billings, lower revenue and decreased profitability and would negatively impact, and may materially negatively impact, our operating results and business. In addition, the coronavirus has caused an increase in our expenses, including increased cancellation charges and reduced attendance fees due to the cancellation of our Accelerate Barcelona sales conference, and it may result in increased component and product manufacturing costs. These increases in expenses will likely negatively impact, and may materially negatively impact, our operating results for the first quarter 2020 and in subsequent periods. As a result of the foregoing, the coronavirus will likely negatively impact our operating results and may do so in a material way.
We are dependent on the continued services and performance of our senior management, the loss of any of whom could adversely affect our business, operating results and financial condition.
Our future performance depends on the continued services and continuing contributions of our senior management to execute on our business plan and to identify and pursue new opportunities and product innovations. The loss of services of members of senior management, particularly Ken Xie, our Co-Founder, Chief Executive Officer and Chairman, or Michael Xie, our Co-Founder, President and Chief Technology Officer, or of any of our senior sales leaders or functional area leaders, could significantly delay or prevent the achievement of our development and strategic objectives. The loss of the services or the
16
distraction of our senior management for any reason could adversely affect our business, financial condition and results of operations.
If we are unable to hire, retain and motivate qualified personnel, our business will suffer.
Our future success depends, in part, on our ability to continue to attract and retain highly skilled personnel. The loss of the services of any of our key personnel, the inability to attract or retain qualified personnel, any failure to have in place and execute an effective succession plan for key executives or delays in hiring required personnel, particularly in engineering, sales and marketing, may seriously harm our business, financial condition and results of operations. From time to time, we experience turnover in our management-level personnel. None of our key employees has an employment agreement for a specific term, and any of our employees may terminate their employment at any time. Our ability to continue to attract and retain highly skilled personnel will be critical to our future success.
Competition for highly skilled personnel is frequently intense, especially for qualified sales, support and engineering employees in network security and especially in the locations where we have a substantial presence and need for highly skilled personnel, such as the San Francisco Bay Area and Vancouver, Canada. We may not be successful in attracting, assimilating or retaining qualified personnel to fulfill our current or future needs. Also, to the extent we hire personnel from competitors, we may be subject to allegations that they have been improperly solicited or divulged proprietary or other confidential information. Changes in immigration laws, including changes to the rules regarding H1-B visas, may also harm our ability to attract personnel from other countries. Our inability to hire properly qualified and effective sales, support and engineering employees could harm our growth and our ability to effectively support growth.
If we do not increase the effectiveness of our sales organization, we may have difficulty adding new end-customers or increasing sales to our existing end-customers and our business may be adversely affected.
Although we have a channel sales model, sales in our industry are complex and members of our sales organization often engage in direct interaction with our prospective end-customers, particularly for larger deals involving larger end-customers. Therefore, we continue to be substantially dependent on our sales organization to obtain new end-customers and sell additional products and services to our existing end-customers. There is significant competition for sales personnel with the skills and technical knowledge that we require, including experienced enterprise sales employees and others. Our ability to grow our revenue depends, in large part, on our success in recruiting, training and retaining sufficient numbers of sales personnel to support our growth and on the effectiveness of those personnel in selling successfully in different contexts, each of which has its own different complexities, approaches and competitive landscapes, such as managing and growing the channel business for sales to small businesses and more actively selling to the end-customer for sales to larger organizations. New hires require substantial training and may take significant time before they achieve full productivity. Our recent hires and planned hires may not become productive as quickly as we expect, and we may be unable to hire or retain sufficient numbers of qualified individuals in the markets where we do business or plan to do business. Furthermore, hiring sales personnel in new countries requires additional setup and upfront costs that we may not recover if the sales personnel fail to achieve full productivity. If our sales employees do not become fully productive on the timelines that we have projected, our revenue will not increase at anticipated levels and our ability to achieve long-term projections may be negatively impacted. If we are unable to hire and train sufficient numbers of effective sales personnel, or the sales personnel are not successful in obtaining new end-customers or increasing sales to our existing customer base, our business, operating results and prospects will be adversely affected. If we do not hire properly qualified and effective sales employees and organize our sales team effectively to capture the opportunities in the various customer segments we are targeting, our growth and ability to effectively support growth would be harmed.
The sales prices of our products and services may decrease, which may reduce our gross profits and operating margin, and which may adversely impact our financial results and the trading price of our common stock.
The sales prices for our products and services may decline for a variety of reasons or our product mix may change, resulting in lower growth and margins based on a number of factors, including competitive pricing pressures, discounts or promotional programs we offer, a change in our mix of products and services and anticipation of the introduction of new products and services. Competition continues to increase in the market segments in which we participate, and we expect competition to further increase in the future, thereby leading to increased pricing pressures. Larger competitors with more diverse product offerings may reduce the price of products and services that compete with ours in order to promote the sale of other products or services or may bundle them with other products or services. Additionally, although we price our products and services worldwide in U.S. dollars, currency fluctuations in certain countries and regions have in the past, and may in the future, negatively impact actual prices that partners and customers are willing to pay in those countries and regions. Furthermore, we anticipate that the sales prices and gross profits for our products or services will decrease over product life
17
cycles. We cannot ensure that we will be successful in developing and introducing new offerings with enhanced functionality on a timely basis, or that our product and service offerings, if introduced, will enable us to maintain our prices, gross profits and operating margin at levels that will allow us to maintain profitability.
If our internal enterprise IT networks, on which we conduct internal business and interface externally, our operational networks, through which we connect to customer systems and provide services, or our research and development networks, our back-end labs and cloud stacks through which we research and develop products and services, are compromised, public perception of our products and services may be harmed, our customers may be breached and harmed, we may become subject to liability, and our business, operating results and stock price may be adversely impacted.
Our success depends on the market’s confidence in our ability to provide effective network security protection. Despite our efforts and processes to prevent breaches of our internal network system and website, we are still vulnerable to computer viruses, break-ins, phishing attacks, attempts to overload our servers with denial-of-service and other cyber-attacks and similar disruptions from unauthorized access to our internal network system or our website. Our security measures may also be breached due to employee error, malfeasance or otherwise, which breaches may be more difficult to detect than outsider threats, and the existing programs and trainings we have in place to prevent such insider threats may not be effective or sufficient. Third parties may also attempt to fraudulently induce our employees to transfer funds or disclose information in order to gain access to our network and confidential information. Third parties may also send our customers or others malware or malicious emails that falsely indicate that we are the source, potentially causing lost confidence in us and reputational harm. We cannot guarantee that the measures we have taken to protect our network and website will provide adequate security. Moreover, because we provide network security products, we may be a more attractive target for attacks by computer hackers and any security breaches and other security incidents involving us may result in more harm to our reputation and brand than companies that do not sell network security solutions. Hackers and malicious parties may be able to develop and deploy viruses, worms, ransomware and other malicious software programs that attack our products and customers, that impersonate our update servers in an effort to access customer networks and negatively impact customers, or otherwise exploit any security vulnerabilities of our products, or attempt to fraudulently induce our employees, customers or others to disclose passwords or other sensitive information or unwittingly provide access to our internal network system or data. For example, as we previously announced, in the second quarter of 2019 we discovered that an unauthorized party targeted us using sophisticated techniques, such as efforts to impersonate our firewall update servers, in order to try to gain access to certain of our customers’ systems. Although, based on our investigation of this incident, we do not believe that it had a material impact on our or our customers’ businesses, and in general we take numerous measures and implement multiple layers of security to protect our network and our customers’ networks, and, in this particular case, we took immediate additional action to protect our customers, we cannot guarantee that our security products and services will prevent all threats. Further, we cannot be sure that third parties have not been, or will not in the future be, successful in improperly accessing our system and our customers’ systems, which could negatively impact us and our customers. An actual or perceived breach, or any other actual or perceived data security incident, that involves our network, systems or website and/or our customers’ network, systems or websites, including the specific matter that is discussed above, could adversely affect the market perception of our products and services and investor confidence in our company. Any breach of our network system or website could impair our ability to operate our business, including our ability to provide FortiGuard security subscription and FortiCare technical support services to our end-customers, lead to interruptions or system slowdowns, cause loss of critical data or lead to the unauthorized disclosure or use of confidential, proprietary or sensitive information. We could also be subject to liability and litigation and reputational harm and our channel partners and end-customers may be harmed, lose confidence in us and decrease or cease using our products and services. Any breach of our internal network system or our website could have an adverse effect on our business, operating results and stock price.
Reliance on a concentration of shipments at the end of the quarter could cause our billings and revenue to fall below expected levels.
As a result of customer-buying patterns and the efforts of our sales force and channel partners to meet or exceed quarterly quotas, we have historically received a substantial portion of each quarter’s sales orders and generated a substantial portion of each quarter’s billings and revenue during the last two weeks of the quarter. We implemented a cloud-based quoting tool to help provide our sales team with the ability to have faster quote generation, reduce quote errors and increase sales productivity. Our ability to integrate the data from this tool into our order processing may cause order processing delays that could have an effect on our financial results. Our billings and revenue for any quarter could fall below our expectations or those of securities analysts and investors, resulting in a decline in our stock price, if expected orders at the end of any quarter are delayed for any reason or our ability to fulfill orders at the end of any quarter is hindered for any reason, including, among others:
• | the failure of anticipated purchase orders to materialize; |
18
• | our logistics partners’ inability to ship products prior to quarter-end to fulfill purchase orders received near the end of the quarter; |
• | disruption in manufacturing or shipping based on natural disasters or widespread public health problems including pandemics and epidemics such as the coronavirus outbreak; |
• | our failure to accurately forecast our inventory requirements and to appropriately manage inventory to meet demand; |
• | our inability to release new products on schedule; |
• | any failure of our systems related to order review and processing; and |
• | any delays in shipments due to trade compliance requirements, labor disputes or logistics changes at shipping ports, airline strikes, severe weather or otherwise. |
Unless we continue to develop better market awareness of our company and our products, and to improve lead generation and sales enablement, our revenue may not continue to grow.
Increased market awareness of our capabilities and products and increased lead generation are essential to our continued growth and our success in all of our markets, particularly for the large businesses, service provider and government organization market. We have historically had relatively low spending on marketing activities. While we have increased our investments in sales and marketing, it is not clear that these investments will continue to result in increased revenue. If our investments in additional sales personnel or our marketing programs are not successful in continuing to create market awareness of our company and products or increasing lead generation, or if we experience turnover and disruption in our sales and marketing teams, we will not be able to achieve sustained growth, and our business, financial condition and results of operations will be adversely affected.
We rely on third-party channel partners for substantially all of our revenue. If our partners fail to perform, our ability to sell our products and services will be limited, and if we fail to optimize our channel partner model going forward, our operating results may be harmed. Additionally, a small number of distributors represents a large percentage of our revenue and gross accounts receivable, and one distributor accounted for 36% of our total net accounts receivable as of December 31, 2019.
A significant portion of our sales is generated through a limited number of distributors, and substantially all of our revenue is from sales by our channel partners, including distributors and resellers. We depend on our channel partners to generate a significant portion of our sales opportunities and to manage our sales process. To the extent our channel partners are unsuccessful in selling our products, or if we are unable to enter into arrangements with and retain a sufficient number of high-quality channel partners in each of the regions in which we sell products, we are unable to keep them motivated to sell our products, or our channel partners shift focus to other vendors and/or our competitors, our ability to sell our products and operating results may be harmed. The termination of our relationship with any significant channel partner may adversely impact our sales and operating results.
We provide sales channel partners with specific programs to assist them with selling our products and incentivize them to sell our products, but there can be no assurance that these programs will be effective. In addition, our channel partners may be unsuccessful in marketing, selling and supporting our products and services and may purchase more inventory than they can sell. Our channel partners generally do not have minimum purchase requirements. Some of our channel partners may have insufficient financial resources to withstand changes and challenges in business conditions. Moreover, many of our channel partners are privately held, including our largest distributor Exclusive Networks, and we may not have sufficient information to assess their financial condition. If our channel partners’ financial condition or operations weaken, their ability to sell our product and services could be negatively impacted. Our channel partners may also market, sell and support products and services that are competitive with ours, and may devote more resources to the marketing, sales and support of such products, or may decide to cease selling our products and services altogether in favor of a competitor’s products and services. They may also have incentives to promote our competitors’ products to the detriment of our own, or they may cease selling our products altogether. We cannot ensure that we will retain these channel partners or that we will be able to secure additional or replacement partners or that existing channel partners will continue to perform. The loss of one or more of our significant channel partners or the failure to obtain and ship a number of large orders each quarter through them could harm our operating results.
19
In addition, a small number of channel partners represents a large percentage of our revenue and gross accounts receivable. We are exposed to the credit and liquidity risk of some of our channel partners and to credit exposure in weakened markets, which could result in material losses. Our dependence on a limited number of key channel partners means that our billings, revenue and operating results may be harmed by the inability of these key channel partners to successfully sell our products and services, or if any of these key channel partners is unable or unwilling to pay us, terminates its relationship with us or goes out of business. Although we have programs in place that are designed to monitor and mitigate credit and liquidity risks, we cannot guarantee these programs will be effective in reducing our credit risks. If we are unable to adequately control these risks, our business, operating results, and financial condition could be harmed. If channel partners fail to pay us under the terms of our agreements or we are otherwise unable to collect on our accounts receivable from these channel partners, we may be adversely affected both from the inability to collect amounts due and the cost of enforcing the terms of our contracts, including litigation. Our channel partners may seek bankruptcy protection or other similar relief and fail to pay amounts due to us, or pay those amounts more slowly, either of which could adversely affect our operating results, financial position, and cash flow. We may be further impacted by consolidation of our existing channel partners. In such instances, we may experience changes to our overall business and operational relationships due to dealing with a larger combined entity, and our ability to maintain such relationships on favorable contractual terms may be more limited. We may also become increasingly dependent on a more limited number of channel partners, as consolidation increases the relative proportion of our business for which each channel partner is responsible, which may magnify the risks described in the preceding paragraphs.
For example, in July 2017, Exclusive, which distributes our solutions to a large group of resellers and end-customers, acquired Fine Tec U.S. Since the acquisition of Fine Tec U.S., Exclusive’s business with us has increased and may continue to increase in the future.
Exclusive accounted for 36% and 38% of our total net accounts receivable as of December 31, 2019 and December 31, 2018, respectively. During 2017, 2018 and 2019, Exclusive accounted for 25%, 30% and 31% of our total revenue, respectively. In addition to other risks associated with the concentration of accounts receivable and revenue from these distributors, Exclusive is a private entity and we may not have sufficient information to assess its financial condition and, accordingly, if Exclusive were to experience financial difficulties, we might not have advance notice. Additionally, Exclusive may face liquidity risk as a private equity-backed company, which may harm our ability to collect on our accounts receivable.
In addition, any new sales channel partner will require extensive training and may take several months or more to achieve productivity. Our channel partner sales structure could subject us to lawsuits, potential liability and reputational harm if, for example, any of our channel partners misrepresent the functionality of our products or services to end-customers or our channel partners violate laws or our corporate policies. We depend on our global channel partners to comply with applicable legal and regulatory requirements. To the extent that they fail to do so, that could have a material adverse effect on our business, operating results and financial condition. If we fail to optimize our channel partner model or fail to manage existing sales channels, our business will be seriously harmed.
Actual, possible or perceived defects or vulnerabilities in our products or services, the failure of our products or services to detect or prevent a security breach or the misuse of our products could harm our reputation and divert resources.
Because our products and services are complex, they have contained and may contain defects or errors that are not detected until after their commercial release and deployment by our customers. Defects or vulnerabilities may impede or block network traffic, cause our products or services to be vulnerable to electronic break-ins, cause them to fail to help secure our customers or cause our products or services to allow unauthorized access to our customers’ networks. We are also susceptible to errors, defects, vulnerabilities or attacks that may arise at, or be inserted into our products in, different stages in our supply chain, or manufacturing processes, and which are out of our control. Attacks may target specific unidentified or unresolved vulnerabilities that exist or arrive only in the supply chain, making these attacks virtually impossible to anticipate and difficult to defend against. Different customers deploy and use our products in different ways, and certain deployments and usages may subject our products to adverse conditions that may negatively impact the effectiveness and useful lifetime of our products. Our networks and products, including cloud-based technology, could be targeted by attacks specifically designed to disrupt our business and harm our reputation. We cannot ensure that our products will prevent all security threats. Because the techniques used by computer hackers to access or sabotage networks change frequently and generally are not recognized until launched against a target, we may be unable to anticipate these techniques. In addition, defects or errors in our FortiGuard security subscription or FortiCare updates or our FortiGate appliances and operating systems could result in a failure of our FortiGuard security subscription services to effectively update end-customers’ FortiGate appliances and cloud-based products and thereby leave customers vulnerable to attacks. Furthermore, our solutions may also fail to detect or prevent viruses, worms or similar threats due to a number of reasons such as the evolving nature of such threats and the continual emergence of new threats that we may fail to add to our FortiGuard databases in time to protect our end-customers’ networks. Our FortiGuard or FortiCare data centers and networks may also experience technical failures and downtime, and may fail to distribute appropriate updates,
20
or fail to meet the increased requirements of our customer base. Any such technical failure, downtime or failures in general may temporarily or permanently expose our end-customers’ networks, leaving their networks unprotected against the latest security threats.
An actual, possible or perceived security breach or infection of the network of one of our end-customers, regardless of whether the breach is attributable to the failure of our products or services to prevent the security breach, could adversely affect the market’s perception of our security products and services and, in some instances, subject us to potential liability that is not contractually limited. We may not be able to correct any security flaws or vulnerabilities promptly, or at all. Our products may also be misused by end-customers or third parties who obtain access to our products. For example, our products could be used to censor private access to certain information on the internet. Such use of our products for censorship could result in negative press coverage and negatively affect our reputation, even if we take reasonable measures to prevent any improper shipment of our products or if our products are provided by an unauthorized third party. Any actual, possible or perceived defects, errors or vulnerabilities in our products, or misuse of our products, could result in:
• | the expenditure of significant financial and product development resources in efforts to analyze, correct, eliminate or work around errors or defects or to address and eliminate vulnerabilities; |
• | the loss of existing or potential end-customers or channel partners; |
• | delayed or lost revenue; |
• | delay or failure to attain market acceptance; |
• | negative publicity and harm to our reputation; and |
• | litigation, regulatory inquiries or investigations that may be costly and harm our reputation and, in some instances, subject us to potential liability that is not contractually limited. |
If we do not appropriately manage any future growth, including through the expansion of our real estate facilities, or are unable to improve our systems, processes and controls, our operating results will be negatively affected.
We rely heavily on information technology to help manage critical functions such as order configuration, pricing and quoting, revenue recognition, financial forecasts, inventory and supply chain management and trade compliance reviews. In addition, we have been slow to adopt and implement certain automated functions, which could have a negative impact on our business. For example, a large part of our order processing relies on manual data entry of customer purchase orders received through email and, to a lesser extent, through electronic data interchange from our customers. Due to the use of manual processes and the fact that we may receive a large amount of our orders in the last few weeks of any given quarter, an interruption in our email service or other systems could result in delayed order fulfillment and decreased billings and revenue for that quarter.
To manage any future growth effectively, we must continue to improve and expand our information technology and financial, operating, security and administrative systems and controls, and our business continuity and disaster recovery plans and processes. We must also continue to manage headcount, capital and processes in an efficient manner. We may not be able to successfully implement requisite improvements to these systems, controls and processes, such as system capacity, access, security and change management controls, in a timely or efficient manner. Our failure to improve our systems and processes, or their failure to operate in the intended manner, whether as a result of the significant growth of our business or otherwise, may result in our inability to manage the growth of our business and to accurately forecast our revenue, expenses and earnings, or to prevent certain losses. Moreover, the failure of our systems and processes could undermine our ability to provide accurate, timely and reliable reports on our financial and operating results and could impact the effectiveness of our internal control over financial reporting.
In addition, our systems, processes and controls may not prevent or detect all errors, omissions, malfeasance or fraud, such as corruption and improper “side agreements” that may impact revenue recognition or result in financial liability. Our productivity and the quality of our products and services may also be adversely affected if we do not integrate and train our new employees quickly and effectively. Any future growth would add complexity to our organization and require effective coordination throughout our organization. Failure to ensure appropriate systems, processes and controls and to manage any future growth effectively could result in increased costs and harm our reputation and results of operations.
21
We have expanded our office real estate holdings to meet our projected growing need for office space. We have started construction on a second building adjacent to our headquarters as we expand our campus in Sunnyvale, California. These plans will require significant capital expenditure over the next several years and involve certain risks, including impairment charges and acceleration of depreciation, changes in future business strategy that may decrease the need for expansion (such as a decrease in headcount) and risks related to construction. Future changes in growth or fluctuations in cash flow may also negatively impact our ability to pay for these projects or free cash flow. Additionally, inaccuracies in our projected capital expenditures could negatively impact our business, operating results and financial condition.
We may experience difficulties maintaining and expanding our internal business management systems.
The maintenance of our internal business management systems, such as our Enterprise Resource Planning (“ERP”) and Customer Relationship Management (“CRM”) systems, has required, and will continue to require, the investment of significant financial and human resources. In addition, we may choose to upgrade or expand the functionality of our internal systems, leading to additional costs. We may also discover deficiencies in our design or maintenance of our internal systems that could adversely affect our ability to forecast orders, process orders, ship products, provide services and customer support, send invoices and track payments, fulfill contractual obligations, accurately maintain books and records, provide accurate, timely and reliable reports on our financial and operating results or otherwise operate our business. Additionally, if any of our internal systems does not operate as intended, the effectiveness of our internal control over financial reporting could be adversely affected or our ability to assess it adequately could be delayed. Further, we may expand the scope of our ERP and CRM systems. Our operating results may be adversely affected if these upgrades or expansions are delayed or if the systems do not function as intended or are not sufficient to meet our operating requirements.
If our estimates or judgments relating to our critical accounting policies are based on assumptions that change or prove to be incorrect, our operating results could fall below expectations of securities analysts and investors, resulting in a decline in our stock price.
The preparation of financial statements in conformity with generally accepted accounting principles requires management to make estimates and assumptions that affect the amounts reported in the consolidated financial statements and accompanying notes. We base our estimates on historical experience and on various other assumptions that we believe to be reasonable under the circumstances, as provided in “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Critical Accounting Policies and Estimates” in this Annual Report on Form 10-K, the results of which form the basis for making judgments about the carrying values of assets and liabilities that are not readily apparent from other sources. Our operating results may be adversely affected if our assumptions change or if actual circumstances differ from those in our assumptions, which could cause our operating results to fall below the expectations of securities analysts and investors, resulting in a decline in our stock price. Significant assumptions and estimates used in preparing our consolidated financial statements include those related to revenue recognition, deferred contract costs and commission expense, valuation of inventory, accounting for business combination, contingent liabilities and accounting for income taxes.
We offer retroactive price protection to certain of our major distributors, and if we fail to balance their inventory with end-customer demand for our products, our allowance for price protection may be inadequate, which could adversely affect our results of operations.
We provide certain of our major distributors with price protection rights for inventories of our products held by them. If we reduce the list price of our products, certain distributors receive refunds or credits from us that reduce the price of such products held in their inventory based upon the new list price. Future credits for price protection will depend on the percentage of our price reductions for the products in inventory and our ability to manage the levels of our major distributors’ inventories. If future price protection adjustments are higher than expected, our future results of operations could be materially and adversely affected.
Because we depend on several third-party manufacturers to build our products, we are susceptible to manufacturing delays that could prevent us from shipping customer orders on time, if at all, and may result in the loss of sales and customers, and third-party manufacturing cost increases could result in lower gross margins and free cash flow.
We outsource the manufacturing of our security appliance products to contract manufacturing partners and original design manufacturing partners, including manufacturers with facilities located in Taiwan, China and other countries outside the United States such as Micro-Star, Wistron, Senao, ADLINK and IBASE. Our reliance on our third-party manufacturers in Asia and elsewhere reduces our control over the manufacturing process, exposing us to risks, including reduced control over quality assurance, costs, supply and timing and possible tariffs. Any manufacturing disruption related to our third-party manufacturers or their component suppliers for any reason, including natural disasters and health emergencies such as earthquakes, fires,
22
power outages, typhoons, floods, health pandemics and epidemics such as the coronavirus and manmade events such as civil unrest, labor disruption, international trade disputes, international conflicts, terrorism, wars and critical infrastructure attacks, could impair our ability to fulfill orders. If we are unable to manage our relationships with these third-party manufacturers effectively, or if these third-party manufacturers experience delays, increased manufacturing lead-times, disruptions, capacity constraints or quality control problems in their manufacturing operations, or fail to meet our future requirements for timely delivery, our ability to ship products to our customers could be impaired and our business would be seriously harmed.
These manufacturers fulfill our supply requirements on the basis of individual purchase orders. We have no long-term contracts or arrangements with our third-party manufacturers that guarantee capacity, the continuation of particular payment terms or the extension of credit limits. Accordingly, they are not obligated to continue to fulfill our supply requirements, and the prices we are charged for manufacturing services could be increased on short notice. If we are required to change third-party manufacturers, our ability to meet our scheduled product deliveries to our customers would be adversely affected, which could cause the loss of sales and existing or potential customers, delayed revenue or an increase in our costs, which could adversely affect our gross margins. Our individual product lines are generally manufactured by only one manufacturing partner. Any production or shipping interruptions for any reason, such as a natural disaster, epidemic, capacity shortages, quality problems or strike or other labor disruption at one of our manufacturing partners or locations or at shipping ports or locations, would severely affect sales of our product lines manufactured by that manufacturing partner. Furthermore, manufacturing cost increases for any reason could result in lower gross margins.
Our proprietary SPUs, which are key to the performance of our appliances, are built by contract manufacturers including Renesas and Toshiba. These contract manufacturers use foundries operated by TSMC or Renesas on a purchase-order basis, and these foundries do not guarantee their capacity and could delay orders or increase their pricing. Accordingly, the foundries are not obligated to continue to fulfill our supply requirements, and due to the long lead time that a new foundry would require, we could suffer inventory shortages of our SPU as well as increased costs. In addition to our proprietary SPU, we also purchase off-the-shelf ASICs or integrated circuits from vendors for which we have experienced, and may continue to experience, long lead times. Our suppliers may also prioritize orders by other companies that order higher volumes or more profitable products. If any of these manufacturers materially delays its supply of ASICs or specific product models to us, or requires us to find an alternate supplier and we are not able to do so on a timely and reasonable basis, or if these foundries materially increase their prices for fabrication of our ASICs, our business would be harmed.
In addition, our reliance on third-party manufacturers and foundries limits our control over environmental regulatory requirements such as the hazardous substance content of our products and therefore our ability to ensure compliance with the Restriction of Hazardous Substances Directive (the “EU RoHS”) adopted in the European Union (the “EU”) and other similar laws. It also exposes us to the risk that certain minerals and metals, known as “conflict minerals,” that are contained in our products have originated in the Democratic Republic of the Congo or an adjoining country. As a result of the passage of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (“Dodd-Frank”), the SEC adopted disclosure requirements for public companies whose products contain conflict minerals that are necessary to the functionality or production of such products. Under these rules, we are required to obtain sourcing data from suppliers, perform supply chain due diligence, and file annually with the SEC a specialized disclosure report on Form SD covering the prior calendar year. We have incurred and expect to incur additional costs to comply with the rules, including costs related to efforts to determine the origin, source and chain of custody of the conflict minerals used in our products and the adoption of conflict minerals-related governance policies, processes and controls. Moreover, the implementation of these compliance measures could adversely affect the sourcing, availability and pricing of materials used in the manufacture of our products to the extent that there may be only a limited number of suppliers that are able to meet our sourcing requirements, which would make it more difficult to obtain such materials in sufficient quantities or at competitive prices. We may also encounter customers who require that all of the components of our products be certified as conflict-free. If we are not able to meet customer requirements, such customers may choose to not purchase our products, which could impact our sales and the value of portions of our inventory.
Because some of the key components in our products come from limited sources of supply, we are susceptible to supply shortages, long lead times for components, and supply changes, each of which could disrupt or delay our scheduled product deliveries to our customers, result in inventory shortage, cause loss of sales and customers or increase component costs resulting in lower gross margins and free cash flow.
We and our contract manufacturers currently purchase several key parts and components used in the manufacture of our products from limited sources of supply. We are therefore subject to the risk of shortages and long lead times in the supply of these components and the risk that component suppliers may discontinue or modify components used in our products. We have in the past experienced, and are currently experiencing, shortages and long lead times for certain components. Our limited source components for particular appliances and suppliers of those components include specific types of CPUs from Intel, network chips from Broadcom, Marvell and Intel, and memory devices from Intel, ADATA, Toshiba, Samsung and Western
23
Digital. We also may face shortages in the supply of the capacitors and resistors that are used in the manufacturing of our products. The introduction by component suppliers of new versions of their products, particularly if not anticipated by us or our contract manufacturers, could require us to expend significant resources to incorporate these new components into our products. In addition, if these suppliers were to discontinue production of a necessary part or component, we would be required to expend significant resources and time in locating and integrating replacement parts or components from another vendor. Qualifying additional suppliers for limited source parts or components can be time-consuming and expensive.
Our manufacturing partners have experienced long lead times for the purchase of components incorporated into our products. Lead times for components may be adversely impacted by factors outside of our control such as natural disasters and health emergencies such as earthquakes, fires, power outages, typhoons, floods, health pandemics and epidemics such as the coronavirus, and manmade events such as civil unrest, labor disruption, international trade disputes, international conflicts, terrorism, wars, critical infrastructure attacks and other factors. Our reliance on a limited number of suppliers involves several additional risks, including:
• | a potential inability to obtain an adequate supply of required parts or components when required; |
• | financial or other difficulties faced by our suppliers; |
• | infringement or misappropriation of our intellectual property; |
• | price increases; |
• | failure of a component to meet environmental or other regulatory requirements; |
• | failure to meet delivery obligations in a timely fashion; |
• | failure in component quality; and |
• | inability to ship products on a timely basis. |
The occurrence of any of these events would be disruptive to us and could seriously harm our business. Any interruption or delay in the supply of any of these parts or components, or the inability to obtain these parts or components from alternate sources at acceptable prices and within a reasonable amount of time, would harm our ability to meet our scheduled product deliveries to our distributors, resellers and end-customers. This could harm our relationships with our channel partners and end-customers and could cause delays in shipment of our products and adversely affect our results of operations. In addition, increased component costs could result in lower gross margins.
We are exposed to fluctuations in currency exchange rates, which could negatively affect our financial condition and results of operations.
A significant portion of our operating expenses are incurred outside the United States. These expenses are denominated in foreign currencies and are subject to fluctuations due to changes in foreign currency exchange rates, particularly changes in the Euro, Brazilian real, Canadian dollar and British pound. Additionally, fluctuations in the exchange rate of the Canadian dollar may negatively impact our development plans in Burnaby, Canada. While we are not currently engaged in material hedging activities, we have been hedging currency exposures relating to certain balance sheet accounts through the use of forward exchange contracts. If we stop hedging against any of these risks or if our attempts to hedge against these currency exposures are not successful, our financial condition and results of operations could be adversely affected. Our sales contracts are primarily denominated in U.S. dollars and therefore, while substantially all of our revenue is not subject to foreign currency risk, it does not serve as a hedge to our foreign currency-denominated operating expenses. In addition, a strengthening of the U.S. dollar may increase the real cost of our products to our customers outside of the United States, which may also adversely affect our financial condition and results of operations.
Failure to comply with laws and regulations applicable to our business could subject us to fines and penalties and could also cause us to lose end-customers in the public sector or negatively impact our ability to contract with the public sector.
Our business is subject to regulation by various federal, state, regional, local and foreign governmental agencies, including agencies responsible for monitoring and enforcing employment and labor laws, workplace safety, product safety, product labeling, environmental laws, consumer protection laws, anti-bribery laws, data privacy laws, import and export controls, federal securities laws and tax laws and regulations. In certain jurisdictions, these regulatory requirements may be
24
more stringent than in the United States. Non-compliance with applicable regulations or requirements could subject us to investigations, sanctions, enforcement actions, disgorgement of profits, fines, damages and civil and criminal penalties or injunctions. If any governmental sanctions are imposed, or if we do not prevail in any possible civil or criminal litigation, our business, operating results and financial condition could be adversely affected. In addition, responding to any action will likely result in a significant diversion of management’s attention and resources and an increase in professional fees. Enforcement actions and sanctions could harm our business, operating results and financial condition.
For example, the GDPR, which became effective in May 2018 and superseded current EU data protection regulations, imposes stringent data handling requirements on companies that receive or process personal data of residents of the EU. Non-compliance with the GDPR could result in significant penalties, including data protection audits and heavy fines. Compliance with, and the other burdens imposed by, the GDPR may limit our ability to operate or expand our business in Europe and could adversely impact our operating results, as could delays or shortcomings in the implementation of our GDPR compliance program.
Additionally, we may be subject to other legal regimes throughout the world governing data handling, protection and privacy. For example, in June 2018, California passed the California Consumer Privacy Act (the “CCPA”), which provides new data privacy rights for consumers and new operational requirements for companies and became effective on January 1, 2020. Fines for non-compliance may be up to $7,500 per violation. The costs of compliance with, and other burdens imposed by, the GDPR and CCPA may limit the use and adoption of our products and services and could have an adverse impact on our business.
Selling our solutions to the U.S. government, whether directly or through channel partners, also subjects us to certain regulatory and contractual requirements and risks. Failure to comply with these requirements by either us or our channel partners could subject us to investigations, fines, suspension or debarment from doing business with the U.S. government or one of its divisions, and other penalties and damages, which could have an adverse effect on our business, operating results, financial condition and prospects. As an example, the U.S. Department of Justice (the “DOJ”) has in the past pursued claims against, and obtained monetary settlements or damages from, companies, including us, under the False Claims Act and other statutes related to pricing, discount practices and compliance with laws related to sales to the federal government, such as the Trade Agreements Act (the “TAA”). The DOJ continues to actively pursue such claims. Any violations of regulatory and contractual requirements could result in us being suspended or debarred from future government contracting. Any of these outcomes could have an adverse effect on our revenue, operating results, financial condition and prospects.
These laws and regulations impose added costs on our business, and failure to comply with these or other applicable regulations and requirements, including non-compliance in the past, could lead to claims for damages from our channel partners, penalties, termination of contracts, loss of exclusive rights in our intellectual property and temporary suspension or permanent debarment from government contracting. Any such damages, penalties, disruptions or limitations in our ability to do business with the public sector could have an adverse effect on our business and operating results.
Global economic uncertainty and weakening product demand caused by political instability and conflict could adversely affect our business and financial performance.
Economic uncertainty in various global markets caused by political instability and conflict has resulted, and may continue to result, in weakened demand for our products and services and difficulty in forecasting our financial results and managing inventory levels. Political developments impacting government spending and international trade, including potential government shutdowns and election year instability in the United States, continued uncertainty surrounding the United Kingdom’s departure from the EU and trade disputes and tariffs, may negatively impact markets and cause weaker macro-economic conditions. The effects of these events may continue due to potential additional U.S. government shutdowns and developments resulting from the 2020 presidential election, instability in the United Kingdom and the EU as negotiations for the terms of Brexit continue, with the ultimate outcome still uncertain, and the United States’ ongoing trade disputes with China and other countries. The continuing effect of any or all of these events could adversely impact demand for our products, harm our operations and weaken our financial results.
We are subject to governmental export and import controls that could subject us to liability or restrictions on sales, and that could impair our ability to compete in international markets.
Because we incorporate encryption technology into our products, certain of our products are subject to U.S. export controls and may be exported outside the United States only with the required export license or through an export license exception, or may be prohibited altogether from export to certain countries. If we were to fail to comply with U.S. export laws, U.S. Customs regulations and import regulations, U.S. economic sanctions and other countries’ import and export laws, we
25
could be subject to substantial civil and criminal penalties, including fines for the company and incarceration for responsible employees and managers, and the possible loss of export or import privileges. In addition, if our channel partners fail to obtain appropriate import, export or re-export licenses or permits (e.g. for stocking orders placed by our partners), we may also be adversely affected through reputational harm and penalties and we may not be able to provide support related to appliances shipped pursuant to such orders. Obtaining the necessary export license for a particular sale may be time-consuming and may result in the delay or loss of sales opportunities.
Furthermore, U.S. export control laws and economic sanctions prohibit the shipment of certain products to U.S. embargoed or sanctioned countries, governments and persons. Even though we take precautions to prevent our product from being shipped to U.S. sanctions targets, our products could be shipped to those targets by our channel partners, despite such precautions. Any such shipment could have negative consequences including government investigations and penalties and reputational harm. In addition, various countries regulate the import of certain encryption technology, including import permitting and licensing requirements, and have enacted laws that could limit our ability to distribute our products or could limit our customers’ ability to implement our products in those countries. Changes in our products or changes in export and import regulations may create delays in the introduction of our products in international markets, prevent our customers with international operations from deploying our products globally or, in some cases, prevent the export or import of our products to certain countries, governments or persons altogether. Any change in export or import regulations, economic sanctions or related legislation, shift in the enforcement or scope of existing regulations, or change in the countries, governments, persons or technologies targeted by such regulations, could result in decreased use of our products by, or in our decreased ability to export or sell our products to, existing or potential customers with international operations. Any decreased use of our products or limitation on our ability to export or sell our products would likely adversely affect our business, financial condition and results of operations.
Efforts to withdraw from or materially modify international trade agreements, to change tax provisions related to global manufacturing and sales or to impose new tariffs, economic sanctions or related legislation, any of which could adversely affect our financial condition and results of operations.
Our business benefits directly and indirectly from free trade agreements, and we also rely on various U.S. corporate tax provisions related to international commerce, as we develop, market and sell our products and services globally. Efforts to withdraw from or materially modify international trade agreements, or to change corporate tax policy related to international commerce, could adversely affect our financial condition and results of operations as could the continuing uncertainty regarding whether such actions will be taken.
Moreover, efforts to implement changes related to export or import regulations (including the imposition of new border taxes or tariffs on foreign imports), trade barriers, economic sanctions and other related policies could harm our results of operations. For example, during 2018 and 2019 the United States imposed additional import tariffs on certain goods from different countries and on most of Chinese imported goods. As a result, China and other countries imposed retaliatory tariffs on goods exported from the United States and both the United States and foreign countries have threatened to alter or leave current trade agreements. While we do not currently expect these tariffs to have a significant effect on our raw material and product import costs, if the United States expands increased tariffs, or retaliatory trade measures are taken by China or other countries in response to the tariffs, the cost of our products could increase, our operations could be disrupted or we could be required to raise our prices, which may result in the loss of customers and harm to our reputation and operating performance.
Any modification in these areas, any shift in the enforcement or scope of existing regulations or any change in the countries, governments, persons or technologies targeted by such regulations, could result in decreased use of our products by, or in our decreased ability to export or sell our products to, existing or potential end-customers with international operations and could result in increased costs. Any decreased use of our products or limitation on our ability to export or sell our products would likely adversely affect our business, financial condition and results of operations.
If we fail to comply with environmental requirements, our business, financial condition, operating results and reputation could be adversely affected.
We are subject to various environmental laws and regulations, including laws governing the hazardous material content of our products, laws relating to our real property and future expansion plans and laws concerning the recycling of electrical and electronic equipment. The laws and regulations to which we are subject include the EU RoHS Directive, EU Registration, Evaluation, Authorization and Restriction of Chemicals and the EU Waste Electrical and Electronic Equipment Directive (the “WEEE Directive”), as well as the implementing legislation of the EU member states. Similar laws and regulations have been passed or are pending in China, South Korea, Norway and Japan and may be enacted in other regions, including in the United States, and we are, or may in the future be, subject to these laws and regulations.
26
The EU RoHS Directive and the similar laws of other jurisdictions ban or restrict the presence of certain hazardous substances such as lead, mercury, cadmium, hexavalent chromium and certain fire-retardant plastic additives in electrical equipment, including our products. We have incurred costs to comply with these laws, including research and development costs, costs associated with assuring the supply of compliant components and costs associated with writing off scrapped noncompliant inventory. We expect to continue to incur costs related to environmental laws and regulations in the future. With respect to the EU RoHS, we and our competitors rely on exemptions for lead and other substances in network infrastructure equipment. It is possible one or more of these use exemptions will be revoked in the future. Additionally, although some of the EU RoHS exemptions have been extended, it is possible that some of these exemptions may expire in the future without being extended. If this exemption is revoked or expires without extension, if there are other changes to these laws (or their interpretation) or if new similar laws are passed in other jurisdictions, we may be required to re-engineer our products to use components compatible with these regulations. This re-engineering and component substitution could result in additional costs to us and/or disrupt our operations or logistics.
The EU has also adopted the WEEE Directive, which requires electronic goods producers to be responsible for the collection, recycling and treatment of such products. Although currently our EU international channel partners are responsible for the requirements of this directive as the importer of record in most of the European countries in which we sell our products, changes in interpretation of the regulations may cause us to incur costs or have additional regulatory requirements in the future to meet in order to comply with this directive, or with any similar laws adopted in other jurisdictions.
Our failure to comply with these and future environmental rules and regulations could result in reduced sales of our products, increased costs, substantial product inventory write-offs, reputational damage, penalties and other sanctions.
A portion of our revenue is generated by sales to government organizations, which are subject to a number of challenges and risks.
Sales to U.S. and foreign federal, state and local governmental agency end-customers have accounted for a portion of our revenue in past periods, and we may in the future increase sales to government organizations. Sales to government organizations are subject to a number of risks. Selling to government organizations can be highly competitive, expensive and time consuming, often requiring significant upfront time and expense, with long sales cycles and without any assurance of winning a sale.
Government demand, sales and payment for our products and services may be negatively impacted by numerous factors and requirements unique to selling to government agencies, such as:
• | public sector budgetary cycles; |
• | funding authorizations and requirements unique to government agencies, with funding or purchasing reductions or delays adversely affecting public sector demand for our products; |
• | geopolitical matters, including tariff and trade disputes, Brexit and government shutdowns; and |
• | rules and regulations applicable to certain government sales, including GSA regulations. |
The rules and regulations applicable to sales to government organizations may also negatively impact sales to other organizations. To date, we have had limited traction in sales to U.S. federal government agencies, and any future sales to government organizations is uncertain. Government organizations may have contractual or other legal rights to terminate contracts with our distributors and resellers for convenience or due to a default, and any such termination may adversely impact our future results of operations. For example, if the distributor receives a significant portion of its revenue from sales to such government organization, the financial health of the distributor could be substantially harmed, which could negatively affect our future sales to such distributor. Governments routinely investigate, review and audit government vendors’ administrative and other processes, and any unfavorable investigation, audit or other review could result in the government’s refusing to continue buying our products and services, a reduction of revenue or fines, or civil or criminal liability if the investigation, audit or other review uncovers improper, illegal or otherwise concerning activities. Any such penalties could adversely impact our results of operations in a material way. Finally, purchases by the U.S. government may require certain products to be manufactured in the United States and other high cost manufacturing locations, and we may not manufacture all products in locations that meet the requirements of the U.S. government.
27
False detection of vulnerabilities, viruses or security breaches or false identification of spam or spyware could adversely affect our business.
Our FortiGuard security subscription services may falsely detect, report and act on viruses or other threats that do not actually exist. This risk is heightened by the inclusion of a “heuristics” feature in our products, which attempts to identify viruses and other threats not based on any known signatures but based on characteristics or anomalies that may indicate that a particular item is a threat. When our end-customers enable the heuristics feature in our products, the risk of falsely identifying viruses and other threats significantly increases. These false positives, while typical in the industry, may impair the perceived reliability of our products and may therefore adversely impact market acceptance of our products. Also, our FortiGuard security subscription services may falsely identify emails or programs as unwanted spam or potentially unwanted programs, or alternatively fail to properly identify unwanted emails or programs, particularly as spam emails or spyware are often designed to circumvent anti-spam or spyware products. Parties whose emails or programs are blocked by our products may seek redress against us for labeling them as spammers or spyware, or for interfering with their business. In addition, false identification of emails or programs as unwanted spam or potentially unwanted programs may reduce the adoption of our products. If our system restricts important files or applications based on falsely identifying them as malware or some other item that should be restricted, this could adversely affect end-customers’ systems and cause material system failures. In addition, our threat researchers periodically identify vulnerabilities in various third-party products, and, if these identifications are perceived to be incorrect or are in fact incorrect, this could harm our business. Any such false identification or perceived false identification of important files, applications or vulnerabilities could result in negative publicity, loss of end-customers and sales, increased costs to remedy any problem and costly litigation.
Our ability to sell our products is dependent on the quality of our technical support services, and our failure to offer high-quality technical support services would have a material adverse effect on our sales and results of operations.
Once our products are deployed within our end-customers’ networks, our end-customers depend on our technical support services, as well as the support of our channel partners and other third parties, to resolve any issues relating to our products. If we, our channel partners or other third parties do not effectively assist our customers in planning, deploying and operational proficiency for our products, succeed in helping our customers quickly resolve post-deployment issues and provide effective ongoing support, our ability to sell additional products and services to existing customers would be adversely affected and our reputation with potential customers could be damaged. Many large end-customers, and service provider or government organization end-customers, require higher levels of support than smaller end-customers because of their more complex deployments and more demanding environments and business models. If we, our channel partners or other third parties fail to meet the requirements of our larger end-customers, it may be more difficult to execute on our strategy to increase our penetration with large businesses, service providers and government organizations. Our failure to maintain high-quality support services would have a material adverse effect on our business, financial condition and results of operations and may subject us to litigation, reputational damage, loss of customers and additional costs.
We could be subject to changes in our tax rates, the adoption of new U.S. or international tax legislation or exposure to additional tax liabilities.
We are subject to taxes in the United States and numerous foreign jurisdictions, where a number of our subsidiaries are organized. Our provision for income taxes is subject to volatility and could be adversely affected by several factors, many of which are outside of our control. These include:
• | the mix of earnings in countries with differing statutory tax rates or withholding taxes; |
• | changes in the valuation of our deferred tax assets and liabilities; |
• | transfer pricing adjustments; |
• | an increase in non-deductible expenses for tax purposes, including certain stock-based compensation expense; |
• | tax costs related to intercompany realignments; |
• | tax assessments resulting from income tax audits or any related tax interest or penalties that could significantly affect our provision for income taxes for the period in which the settlement takes place; and |
28
• | changes in accounting principles, court decisions, tax rulings, and interpretations of or changes to tax laws, and regulations by international, federal or local governmental authorities. |
We have open tax years that could be subject to the examination by the Internal Revenue Service (the “IRS”) and other tax authorities. We currently have ongoing tax audits in the United Kingdom, Canada and several other foreign jurisdictions. The focus of all of these audits is the allocation of profit between our legal entities. We regularly assess the likelihood of adverse outcomes resulting from such examinations to determine the adequacy of our provision for income taxes. Although we believe that our estimates are reasonable, the ultimate tax outcome may differ from the amounts recorded in our consolidated financial statements and may materially affect our financial results.
On June 7, 2019, the Ninth Circuit issued an opinion in Altera Corporation and Subsidiaries vs. Commissioner of Internal Revenue that reversed the Tax Court Decision in favor of the IRS. This ruling stated the IRS rule that stock compensation must be included in cost sharing was valid. Based on this decision, in second quarter of 2019, we recorded a reserve for uncertain tax positions for this potential tax liability. On February 10, 2020, the Ninth Circuit decision was appealed to the Supreme Court of the United States. We will continue to monitor and assess the impact as this case moves forward.
We may undertake corporate operating restructurings or transfers of assets that involve our group of foreign country subsidiaries through which we do business abroad, in order to maximize the operational and tax efficiency of our group structure. If ineffectual, such restructurings or transfers could increase our income tax liabilities, and in turn, increase our global effective tax rate. Moreover, our existing corporate structure and intercompany arrangements have been implemented in a manner that we believe is in compliance with current prevailing tax laws. However, the tax authorities of the jurisdictions in which we operate may challenge our methodologies for valuing developed technology or intercompany arrangements, which could impact our worldwide effective tax rate and harm our financial position and operating results.
Significant judgment is required in determining any valuation allowance recorded against deferred tax assets. In assessing the need for a valuation allowance, we consider all available evidence, including past operating results, estimates of future taxable income and the feasibility of tax planning strategies. In the event that we change our determination as to the amount of deferred tax assets that can be realized, we will adjust our valuation allowance with a corresponding impact to the provision for income taxes in the period in which such determination is made.
Forecasting our estimated annual effective tax rate is complex and subject to uncertainty, and there may be material differences between our forecasted and actual tax rates.
Forecasts of our income tax position and effective tax rate are complex, subject to uncertainty and periodic updates because our income tax position for each year combines the effects of a mix of profits earned and losses incurred by us in various tax jurisdictions with a broad range of income tax rates, as well as changes in the valuation of deferred tax assets and liabilities, the impact of various accounting rules and changes to these rules and tax laws, the results of examinations by various tax authorities, and the impact of any acquisition, business combination or other reorganization or financing transaction. To forecast our global tax rate, we estimate our pre-tax profits and losses by jurisdiction and forecast our tax expense by jurisdiction. If the mix of profits and losses, our ability to use tax credits or effective tax rates in a given jurisdiction differs from our estimate, our actual tax rate could be materially different than forecasted, which could have a material impact on our results of business, financial condition and results of operations. Additionally, our actual tax rate may be subject to further uncertainty due to potential changes in U.S. and foreign tax rules.
As a multinational corporation, we conduct our business in many countries and are subject to taxation in many jurisdictions. The taxation of our business is subject to the application of multiple and sometimes conflicting tax laws and regulations, as well as multinational tax conventions. Our effective tax rate is highly dependent upon the geographic distribution of our worldwide earnings or losses, the tax regulations and tax holidays in each geographic region, the availability of tax credits and carryforwards and the effectiveness of our tax planning strategies. The application of tax laws and regulations is subject to legal and factual interpretation, judgment and uncertainty. Tax laws themselves are subject to change as a result of changes in fiscal policy, changes in legislation and the evolution of regulations and court rulings. Consequently, tax authorities may impose tax assessments or judgments against us that could materially impact our tax liability and/or our effective income tax rate.
The Organisation for Economic Co-operation and Development (the “OECD”), an international association comprised of 36 countries, including the United States, has issued and continues to issue guidelines and proposals that change various aspects of the existing framework under which our tax obligations are determined in many of the countries in which we do business. Due to our extensive international business activities, any changes in the taxation of such activities could increase our tax obligations in many countries and may increase our worldwide effective tax rate.
29
Our inability to acquire and integrate other businesses, products or technologies could seriously harm our competitive position.
In order to remain competitive, we may seek to acquire additional businesses, products, technologies or intellectual property, such as patents. For example, we closed our acquisitions of enSilo and CyberSponse in the fourth quarter of 2019. For any possible future acquisitions, we may not be successful in negotiating the terms of the acquisition or financing the acquisition. For both our prior and future acquisitions, we may not be successful in effectively integrating the acquired business, product, technology or intellectual property and sales force into our existing business and operations. We may have difficulty incorporating acquired technologies, intellectual property or products with our existing product lines, integrating reporting systems and procedures, and maintaining uniform standards, controls, procedures and policies. For example, we may experience difficulties integrating an acquired company’s ERP or CRM systems, sales support and other processes and systems, with our current systems and processes. Our due diligence may fail to identify all of the problems, liabilities or other shortcomings or challenges of an acquired business, product or technology, including issues with intellectual property, product quality or product architecture, regulatory compliance practices, revenue recognition or other accounting practices or employee or customer issues, and we may not accurately forecast the financial impact of an acquisition. In addition, any acquisitions we are able to complete may be dilutive to revenue growth and earnings and may not result in any synergies or other benefits we had expected to achieve, which could result in impairment charges that could be substantial. We may have to pay cash, incur debt or issue equity securities to pay for any acquisition, each of which could affect our financial condition or the value of our capital stock and could result in dilution to our stockholders. Acquisitions during a quarter may result in increased operating expenses and adversely affect our results of operations for that period or future periods compared to the results that we have previously forecasted or achieved. Further, completing a potential acquisition and integrating acquired businesses, products, technologies or intellectual property could significantly divert management time and resources.
Our business is subject to the risks of warranty claims, product returns, product liability and product defects.
Our products are very complex and, despite testing prior to their release, have contained and may contain undetected defects or errors, especially when first introduced or when new versions are released. Product errors have affected the performance and effectiveness of our products and could delay the development or release of new products or new versions of products, adversely affect our reputation and our end-customers’ willingness to buy products from us, result in litigation and disputes with customers and adversely affect market acceptance or perception of our products. Any such errors or delays in releasing new products or new versions of products or allegations of unsatisfactory performance could cause us to lose revenue or market share, increase our service costs, cause us to incur substantial costs in redesigning the products, cause us to lose significant end-customers, subject us to litigation, litigation costs and liability for damages and divert our resources from other tasks, any one of which could materially and adversely affect our business, results of operations and financial condition. Our products must successfully interoperate with products from other vendors. As a result, when problems occur in a network, it may be difficult to identify the sources of these problems. The occurrence of hardware and software errors, whether or not caused by our products, could delay or reduce market acceptance of our products and have an adverse effect on our business and financial performance, and any necessary revisions may cause us to incur significant expenses. The occurrence of any such problems could harm our business, financial condition and results of operations.
Although we generally have limitation of liability provisions in our standard terms and conditions of sale, they may not fully or effectively protect us from claims if exceptions apply or if the provisions are deemed unenforceable, and in some circumstances we may be required to indemnify a customer in full, without limitation, for certain liabilities, including liabilities that are not contractually limited. The sale and support of our products also entail the risk of product liability claims. We maintain insurance to protect against certain claims associated with the use of our products, but our insurance coverage may not adequately cover any claim asserted against us, if at all, and in some instances may subject us to potential liability that is not contractually limited. In addition, even claims that ultimately are unsuccessful could result in our expenditure of funds in litigation and divert management’s time and other resources.
Our business is subject to the risks of earthquakes, fire, power outages, typhoon, floods, virus outbreaks and other broad health-related challenges and other catastrophic events, and to interruption by manmade problems such as civil unrest, labor disruption, critical infrastructure attack and terrorism.
A significant natural disaster, such as an earthquake, fire, power outage, flood, viral outbreak or other catastrophic event, could have a material adverse impact on our business, operating results and financial condition. Our corporate headquarters are located in the San Francisco Bay Area, a region known for seismic activity, and our research and development and data center in Burnaby, Canada, from which we deliver to customers our FortiGuard security subscription updates, is subject to the risk of flooding and is also in a region known for seismic activity. Any earthquake in the Bay Area or Burnaby, or
30
flooding in Burnaby, could materially negatively impact our ability to provide products and services, such as FortiCare support and FortiGuard subscription services and could otherwise materially negatively impact our business. In addition, natural disasters could affect our manufacturing vendors, suppliers or logistics providers’ ability to perform services, such as obtaining product components and manufacturing products, or performing or assisting with shipments, on a timely basis, as well as our customers’ ability to order from us and our employees’ ability to perform their duties. For example, a typhoon in Taiwan could materially negatively impact our ability to ship products and could result in delays in billings and revenues, and the coronavirus outbreak could materially negatively impact our ability to manufacture and ship products. In the event our or our service providers’ information technology systems or manufacturing or logistics abilities are hindered by any of the events discussed above, shipments could be delayed, resulting in our missing financial targets, such as revenue and shipment targets, for a particular quarter. In addition, regional instability, civil unrest, labor disruptions, acts of terrorism and other geo-political unrest could cause disruptions in our business or the business of our manufacturers, logistics providers, partners or end-customers, or of the economy as a whole. Given our typical concentration of sales at the end of each quarter, any disruption in the business of our manufacturers, logistics providers, partners or end-customers that impacts sales at the end of our quarter could have a significant adverse impact on our quarterly results. To the extent that any of the above results in security risks to our customers, delays or cancellations of customer orders, the delay of the manufacture, deployment or shipment of our products or interruption or downtime of our services, our business, financial condition and results of operations would be adversely affected.
Risks Related to Our Industry
The network security market is rapidly evolving and the complex technology incorporated in our products makes them difficult to develop. If we do not accurately predict, prepare for and respond promptly to technological and market developments and changing end-customer needs, our competitive position and prospects may be harmed.
The network security market is expected to continue to evolve rapidly. Moreover, many of our end-customers operate in markets characterized by rapidly changing technologies and business plans, which require them to add numerous network access points and adapt increasingly complex networks, incorporating a variety of hardware, software applications, operating systems and networking protocols. In addition, computer hackers and others who try to attack networks employ increasingly sophisticated techniques to gain access to and attack systems and networks. The technology in our products is especially complex because it needs to effectively identify and respond to new and increasingly sophisticated methods of attack, while minimizing the impact on network performance. Additionally, some of our new products and enhancements may require us to develop new hardware architectures and ASICs that involve complex, expensive and time-consuming research and development processes. For example, we enter into development agreements with third parties. If our contract development projects are not successfully completed, or are not completed in a timely fashion, our product development could be delayed and our business generally could suffer. Costs for contract development can be substantial and our profitability may be harmed if we are unable to recover these costs. Although the market expects rapid introduction of new products or product enhancements to respond to new threats, the development of these products is difficult and the timetable for commercial release and availability is uncertain and there can be long time periods between releases and availability of new products. We have in the past and may in the future experience unanticipated delays in the availability of new products and services and fail to meet previously announced timetables for such availability. If we do not quickly respond to the rapidly changing and rigorous needs of our end-customers by developing and releasing and making available on a timely basis new products and services or enhancements that can respond adequately to new security threats, our competitive position and business prospects may be harmed.
Moreover, business models based on SaaS, either hosted or cloud-based services, have become increasingly in-demand by our end-customers and adopted by other providers, including our competitors. While we have introduced additional cloud-based products and services and will continue to do so, most of our platform is currently deployed on premise, and therefore, if customers demand that our platform be provided through a SaaS business model, we would be required to make additional investments in our infrastructure and personnel to be able to more fully provide our platform through a SaaS model in order to maintain the competitiveness of our platform. Such investments may involve expanding our data centers, servers and networks, and increasing our technical operations and engineering teams. These risks are compounded by the uncertainty concerning the future viability of SaaS business models and the future demand for such models by customers. Additionally, if we are unable to meet the demand to provide our services through a SaaS model, we may lose customers to competitors.
Our uniform resource locator (“URL”) database for our web filtering service may fail to keep pace with the rapid growth of URLs and may not categorize websites in accordance with our end-customers’ expectations.
The success of our web filtering service depends on the breadth and accuracy of our URL database. Although our URL database currently catalogs millions of unique URLs, it contains only a portion of the URLs for all of the websites that are
31
available on the internet. In addition, the total number of URLs and software applications is growing rapidly, and we expect this rapid growth to continue in the future. Accordingly, we must identify and categorize content for our security risk categories at an extremely rapid rate. Our database and technologies may not be able to keep pace with the growth in the number of websites, especially the growing amount of content utilizing foreign languages and the increasing sophistication of malicious code and the delivery mechanisms associated with spyware, phishing and other hazards associated with the internet. Further, the ongoing evolution of the internet and computing environments will require us to continually improve the functionality, features and reliability of our web filtering function. Any failure of our databases to keep pace with the rapid growth and technological change of the internet could impair the market acceptance of our products, which in turn could harm our business, financial condition and results of operations.
In addition, our web filtering service may not be successful in accurately categorizing internet and application content to meet our end-customers’ expectations. We rely upon a combination of automated filtering technology and human review to categorize websites and software applications in our proprietary databases. Our end-customers may not agree with our determinations that particular URLs should be included or not included in specific categories of our databases. In addition, it is possible that our filtering processes may place material that is objectionable or that presents a security risk in categories that are generally unrestricted by our customers’ internet and computer access policies, which could result in such material not being blocked from the network. Conversely, we may miscategorize websites such that access is denied to websites containing information that is important or valuable to our customers. Any miscategorization could result in customer dissatisfaction and harm our reputation. Any failure to effectively categorize and filter websites according to our end-customers’ and channel partners’ expectations could impair the growth of our business.
If our new products and product enhancements do not achieve sufficient market acceptance, our results of operations and competitive position will suffer.
We spend substantial amounts of time and money to acquire and develop internally new products and enhanced versions of our existing products in order to incorporate additional features, improved functionality or other enhancements in order to meet our customers’ rapidly evolving demands for network security in our highly competitive industry. When we develop a new product or an enhanced version of an existing product, we typically incur expenses and expend resources upfront to market, promote and sell the new offering. Therefore, when we develop and introduce new or enhanced products, they must achieve high levels of market acceptance in order to justify the amount of our investment in developing and bringing them to market.
Our new products or product enhancements could fail to attain sufficient market acceptance for many reasons, including:
• | delays in releasing our new products or enhancements to the market; |
• | failure to accurately predict market demand in terms of product functionality and to supply products that meet this demand in a timely fashion; |
• | failure to have the appropriate research and development expertise and focus to make our top strategic fabric products successful; |
• | failure of our sales force and partners to focus on selling new products; |
• | inability to interoperate effectively with the networks or applications of our prospective end-customers; |
• | inability to protect against new types of attacks or techniques used by hackers; |
• | actual or perceived defects, vulnerabilities, errors or failures; |
• | negative publicity about their performance or effectiveness; |
• | introduction or anticipated introduction of competing products by our competitors; |
• | poor business conditions for our end-customers, causing them to delay IT purchases; |
• | changes to the regulatory requirements around security; and |
32
• | reluctance of customers to purchase products incorporating open source software. |
If our new products or enhancements do not achieve adequate acceptance in the market, our competitive position will be impaired, our revenue will be diminished and the effect on our operating results may be particularly acute because of the significant research, development, marketing, sales and other expenses we incurred in connection with the new product or enhancement.
Demand for our products may be limited by market perception that individual products from one vendor that provide multiple layers of security protection in one product are inferior to point solution network security solutions from multiple vendors.
Sales of many of our products depend on increased demand for incorporating broad security functionality into one appliance. If the market for these products fails to grow as we anticipate, our business will be seriously harmed. Target customers may view “all-in-one” network security solutions as inferior to security solutions from multiple vendors because of, among other things, their perception that such products of ours provide security functions from only a single vendor and do not allow users to choose “best-of-breed” defenses from among the wide range of dedicated security applications available. Target customers might also perceive that, by combining multiple security functions into a single platform, our solutions create a “single point of failure” in their networks, which means that an error, vulnerability or failure of our product may place the entire network at risk. In addition, the market perception that “all-in-one” solutions may be suitable only for small and medium-sized businesses because such solution lacks the performance capabilities and functionality of other solutions may harm our sales to large businesses, service provider and government organization end-customers. If the foregoing concerns and perceptions become prevalent, even if there is no factual basis for these concerns and perceptions, or if other issues arise with our market in general, demand for multi-security functionality products could be severely limited, which would limit our growth and harm our business, financial condition and results of operations. Further, a successful and publicized targeted attack against us, exposing a “single point of failure,” could significantly increase these concerns and perceptions and may harm our business and results of operations.
We face intense competition in our market and we may lack sufficient financial or other resources to maintain or improve our competitive position.
The market for network security products is intensely competitive and we expect competition to intensify in the future. We face many competitors across the different cybersecurity markets. Our competitors include companies such as Barracuda, Check Point, Cisco, CrowdStrike, F5 Networks, FireEye, Forcepoint, Imperva, Juniper, McAfee, Palo Alto Networks, Proofpoint, SonicWALL, Sophos, Trend Micro and Zscaler.
Many of our existing and potential competitors enjoy substantial competitive advantages such as:
• | greater name recognition and longer operating histories; |
• | larger sales and marketing budgets and resources; |
• | broader distribution and established relationships with distribution partners and end-customers; |
• | access to larger customer bases; |
• | greater customer support resources; |
• | greater resources to make acquisitions; |
• | lower labor and development costs; and |
• | substantially greater financial, technical and other resources. |
In addition, some of our larger competitors have substantially broader product offerings, and leverage their relationships based on other products or incorporate functionality into existing products in a manner that discourages customers from purchasing our products. These larger competitors often have broader product lines and market focus, and are in a better position to withstand any significant reduction in capital spending by end-customers in these markets. Therefore, these competitors will not be as susceptible to downturns in a particular market. Also, many of our smaller competitors that specialize
33
in providing protection from a single type of security threat are often able to deliver these specialized security products to the market more quickly than we can.
Conditions in our markets could change rapidly and significantly as a result of technological advancements or continuing market consolidation. Our competitors and potential competitors may also be able to develop products or services, and leverage new business models, that are equal or superior to ours, achieve greater market acceptance of their products and services, and increase sales by utilizing different distribution channels than we do. For example, certain of our competitors are focusing on delivering security services from the cloud. In addition, current or potential competitors may be acquired by third parties with greater available resources, and new competitors may arise pursuant to acquisitions of network security companies or divisions. As a result of such acquisitions, competition in our market may continue to increase and our current or potential competitors might be able to adapt more quickly to new technologies and customer needs, devote greater resources to the promotion or sale of their products and services, initiate or withstand substantial price competition, take advantage of acquisition or other opportunities more readily, or develop and expand their product and service offerings more quickly than we do. In addition, our competitors may bundle products and services competitive with ours with other products and services. Customers may accept these bundled products and services rather than separately purchasing our products and services. As our customers refresh the security products bought in prior years, they may seek to consolidate vendors, which may result in current customers choosing to purchase products from our competitors on an ongoing basis. Due to budget constraints or economic downturns, organizations may be more willing to incrementally add solutions to their existing network security infrastructure from competitors than to replace it with our solutions. These competitive pressures in our market or our failure to compete effectively may result in price reductions, fewer customer orders, reduced revenue and gross margins and loss of market share.
If functionality similar to that offered by our products is incorporated into existing network infrastructure products, organizations may decide against adding our appliances to their network, which would have an adverse effect on our business.
Large, well-established providers of networking equipment such as Cisco, F5 Networks and Juniper offer, and may continue to introduce, network security features that compete with our products, either in standalone security products or as additional features in their network infrastructure products. The inclusion of, or the announcement of an intent to include, functionality perceived to be similar to that offered by our security solutions in networking products that are already generally accepted as necessary components of network architecture may have an adverse effect on our ability to market and sell our products. Furthermore, even if the functionality offered by network infrastructure providers is more limited than our products, a significant number of customers may elect to accept such limited functionality in lieu of adding appliances from an additional vendor such as us. Many organizations have invested substantial personnel and financial resources to design and operate their networks and have established deep relationships with other providers of networking products, which may make them reluctant to add new components to their networks, particularly from other vendors such as us. In addition, an organization’s existing vendors or new vendors with a broad product offering may be able to offer concessions that we are not able to match because we currently offer only network security products and have fewer resources than many of our competitors. If organizations are reluctant to add additional network infrastructure from new vendors or otherwise decide to work with their existing vendors, our business, financial condition and results of operations will be adversely affected.
Risks Related to Intellectual Property
Our proprietary rights may be difficult to enforce, which could enable others to copy or use aspects of our products without compensating us.
We rely primarily on patent, trademark, copyright and trade secrets laws and confidentiality procedures and contractual provisions to protect our technology. Valid patents may not issue from our pending applications, and the claims eventually allowed on any patents may not be sufficiently broad to protect our technology or products. Any issued patents may be challenged, invalidated or circumvented, and any rights granted under these patents may not actually provide adequate defensive protection or competitive advantages to us. Patent applications in the United States are typically not published until at least 18 months after filing, or, in some cases, not at all, and publications of discoveries in industry-related literature lag behind actual discoveries. We cannot be certain that we were the first to make the inventions claimed in our pending patent applications or that we were the first to file for patent protection. Additionally, the process of obtaining patent protection is expensive and time-consuming, and we may not be able to prosecute all necessary or desirable patent applications at a reasonable cost or in a timely manner. In addition, recent changes to the patent laws in the United States may bring into question the validity of certain software patents and may make it more difficult and costly to prosecute patent applications. As a result, we may not be able to obtain adequate patent protection or effectively enforce our issued patents.
34
Despite our efforts to protect our proprietary rights, unauthorized parties may attempt to copy aspects of our products or obtain and use information that we regard as proprietary. We generally enter into confidentiality or license agreements with our employees, consultants, vendors and customers, and generally limit access to and distribution of our proprietary information. However, we cannot guarantee that the steps taken by us will prevent misappropriation of our technology. Policing unauthorized use of our technology or products is difficult. In addition, the laws of some foreign countries do not protect our proprietary rights to as great an extent as the laws of the United States, and many foreign countries do not enforce these laws as diligently as government agencies and private parties in the United States. From time to time, legal action by us may be necessary to enforce our patents and other intellectual property rights, to protect our trade secrets, to determine the validity and scope of the proprietary rights of others or to defend against claims of infringement or invalidity. Such litigation could result in substantial costs and diversion of resources and could negatively affect our business, operating results and financial condition. If we are unable to protect our proprietary rights (including aspects of our software and products protected other than by patent rights), we may find ourselves at a competitive disadvantage to others who need not incur the additional expense, time and effort required to create the innovative products that have enabled us to be successful to date.
Our products contain third-party open source software components, and failure to comply with the terms of the underlying open source software licenses could restrict our ability to sell our products.
Our products contain software modules licensed to us by third-party authors under “open source” licenses, including the GNU Public License, the GNU Lesser Public License, the BSD License, the Apache License, the MIT X License and the Mozilla Public License. From time to time, there have been claims against companies that distribute or use open source software in their products and services, asserting that open source software infringes the claimants’ intellectual property rights. We could be subject to suits by parties claiming infringement of intellectual property rights in what we believe to be licensed open source software. Use and distribution of open source software may entail greater risks than use of third-party commercial software, as, for example, open source licensors generally do not provide warranties or other contractual protections regarding infringement claims or the quality of the code. Some open source licenses contain requirements that we make available source code for modifications or derivative works we create based upon the type of open source software we use. If we combine our proprietary software with open source software in a certain manner, we could, under certain open source licenses, be required to release the source code of our proprietary software to the public. This would allow our competitors to create similar products with lower development effort and time and ultimately could result in a loss of product sales for us.
Although we monitor our use of open source software to avoid subjecting our products to conditions we do not intend, the terms of many open source licenses have not been interpreted by U.S. courts, and there is a risk that these licenses could be construed in a way that, for example, could impose unanticipated conditions or restrictions on our ability to commercialize our products. In this event, we could be required to seek licenses from third parties to continue offering our products, to make our proprietary code generally available in source code form, to re-engineer our products or to discontinue the sale of our products if re-engineering could not be accomplished on a timely basis, any of which requirements could adversely affect our business, operating results and financial condition.
Claims by others that we infringe their proprietary technology or other litigation matters could harm our business.
Patent and other intellectual property disputes are common in the network security industry. Third parties are currently asserting, have asserted and may in the future assert claims of infringement of intellectual property rights against us. Third parties have also asserted such claims against our end-customers or channel partners whom we may indemnify against claims that our products infringe the intellectual property rights of third parties. As the number of products and competitors in our market increases and overlaps occur, infringement claims may increase. Any claim of infringement by a third party, even those without merit, could cause us to incur substantial costs defending against the claim and could distract our management from our business. In addition, litigation may involve patent holding companies, non-practicing entities or other adverse patent owners who have no relevant product revenue and against whom our own patents may therefore provide little or no deterrence or protection.
Although third parties may offer a license to their technology, the terms of any offered license may not be acceptable, and the failure to obtain a license or the costs associated with any license could cause our business, financial condition and results of operations to be materially and adversely affected. In addition, some licenses may be non-exclusive and, therefore, our competitors may have access to the same technology licensed to us.
Alternatively, we may be required to develop non-infringing technology, which could require significant time, effort and expense, and may ultimately not be successful. Furthermore, a successful claimant could secure a judgment or we may agree to a settlement that prevents us from distributing certain products or performing certain services or that requires us to pay substantial damages (including treble damages if we are found to have willfully infringed such claimant’s patents or
35
copyrights), royalties or other fees. Any of these events could seriously harm our business, financial condition and results of operations.
From time to time we are subject to lawsuits claiming patent infringement. We are also subject to other litigation in addition to patent infringement claims, such as employment-related litigation and disputes, as well as general commercial litigation, and could become subject to other forms of litigation and disputes, including stockholder litigation. If we are unsuccessful in defending any such claims, our operating results and financial condition and results may be materially and adversely affected. For example, we may be required to pay substantial damages and could be prevented from selling certain of our products. Litigation, with or without merit, could negatively impact our business, reputation and sales in a material fashion.
We have several ongoing patent lawsuits, certain companies have sent us demand letters proposing that we license certain of their patents, and organizations have sent letters demanding that we provide indemnification for patent claims. As two examples of the ongoing patent lawsuits against us, one such patent lawsuit by British Telecommunications plc was filed in federal court in Delaware in July 2018, and a second such lawsuit by Finjan, Inc. was filed in federal court in California in October 2018, and additional patent lawsuits have been filed against us since. Given this and the proliferation of lawsuits in our industry and other similar industries by both non-practicing entities and operating entities, and recent non-practicing entity and operating entity patent litigation against other companies in the security space, we expect that we will be sued for patent infringement in the future, regardless of the merits of any such lawsuits. The cost to defend such lawsuits and any settlement payment or adverse result in such lawsuits could have a material adverse effect on our results of operations and financial condition.
We rely on the availability of third-party licenses.
Many of our products include software or other intellectual property licensed from third parties. It may be necessary in the future to renew licenses relating to various aspects of these products or to seek new licenses for existing or new products. Licensors may claim we owe them additional license fees for past and future use of their software and other intellectual property or that we cannot utilize such software or intellectual property in our products going forward. There can be no assurance that the necessary licenses would be available on acceptable terms, if at all. The inability to obtain certain licenses or other rights or to obtain such licenses or rights on favorable terms or for reasonable pricing, or the need to engage in litigation regarding these matters, could result in delays in product releases until equivalent technology can be identified, licensed or developed, if at all, and integrated into our products and may result in significant license fees and have a material adverse effect on our business, operating results, and financial condition. Moreover, the inclusion in our products of software or other intellectual property licensed from third parties on a non-exclusive basis could limit our ability to differentiate our products from those of our competitors.
We also rely on technologies licensed from third parties in order to operate functions of our business. If any of these third parties allege that we have not properly paid for such licenses or that we have improperly used the technologies under such licenses, we may need to pay additional fees or obtain new licenses, and such licenses may not be available on terms acceptable to us or at all or may be costly. In any such case, or if we were required to redesign our internal operations to function with new technologies, our business, results of operations and financial condition could be harmed.
Risks Related to Ownership of our Common Stock
As a public company, we are subject to compliance initiatives that will require substantial time from our management and result in significantly increased costs that may adversely affect our operating results and financial condition.
The Sarbanes-Oxley Act of 2002 (“Sarbanes-Oxley”), Dodd-Frank and other rules implemented by the SEC and The Nasdaq Stock Market impose various requirements on public companies, including requiring changes in corporate governance practices. These requirements, as well as proposed corporate governance laws and regulations under consideration, may further increase our compliance costs. If compliance with these various legal and regulatory requirements diverts our management’s attention from other business concerns, it could have a material adverse effect on our business, financial condition and results of operations. Sarbanes-Oxley requires, among other things, that we assess the effectiveness of our internal control over financial reporting annually, and of our disclosure controls and procedures quarterly. Although our most recent assessment, testing and evaluation resulted in our conclusion that, as of December 31, 2019, our internal controls over financial reporting were effective, we cannot predict the outcome of our testing in 2020 or future periods. We may incur additional expenses and commitment of management’s time in connection with further evaluations, both of which could materially increase our operating expenses and accordingly reduce our operating results.
36
In September 2018, California enacted a law that requires publicly held companies headquartered in California to have at least one female director by the end of 2019 and at least three by the end of 2021, depending on the size of the board. The law would impose financial penalties for failure to comply. Though we are currently in compliance with the requirements of the law for 2019, we may incur costs associated with complying with the law in future years, including costs associated with expanding our board of directors or identifying qualified candidates for appointment to our board of directors, or financial penalties or harm to our brand and reputation if we are unable to do so.
Changes in financial accounting standards may cause adverse unexpected fluctuations and affect our reported results of operations.
A change in accounting standards or practices, and varying interpretations of existing or new accounting pronouncements, such as changes to standards related to revenue recognition (which became effective for us on January 1, 2018) and accounting for leases (which became effective for us on January 1, 2019), as well as the significant costs incurred or that may be incurred to adopt and to comply with these new pronouncements, could have a significant effect on our reported financial results or the way we conduct our business. If we do not ensure that our systems and processes are aligned with the new standards, we could encounter difficulties generating quarterly and annual financial statements in a timely manner, which could have an adverse effect on our business, our ability to meet our reporting obligations and compliance with internal control requirements.
The revenue and lease standards are principles based and interpretation of those principles may vary from company to company based on their unique circumstances. Management will continue to make judgments and assumptions based on our interpretation of the new standard. It is possible that interpretation, industry practice and guidance may evolve as we work toward implementing the new revenue recognition standard. If our circumstances change or if actual circumstances differ from our assumptions, our operating result may be adversely affected and could fall below our publicly announced guidance or the expectations of securities analysts and investors, resulting in a decline in the market price of our common stock. Further, equity investments are now required to be measured at fair value (with subsequent changes in fair value recognized in net income), which may increase the volatility of our earnings.
If securities or industry analysts stop publishing research or publish inaccurate or unfavorable research about our business, our stock price and trading volume could decline.
The trading market for our common stock will depend in part on the research and reports that securities or industry analysts publish about us or our business. If we do not maintain adequate research coverage or if one or more of the analysts who cover us downgrades our stock or publishes inaccurate or unfavorable research about our business, our stock price could decline. If one or more of these analysts ceases coverage of our company or fails to publish reports on us regularly, demand for our stock could decrease, which could cause our stock price and trading volume to decline.
The trading price of our common stock may be volatile.
The market price of our common stock may be subject to wide fluctuations in response to, among other things, the risk factors described in this periodic report, news about us and our financial results, news about our competitors and their results, and other factors such as rumors or fluctuations in the valuation of companies perceived by investors to be comparable to us. For example, during 2019, the closing price of our common stock ranged from $66.91 to $109.53 per share.
Furthermore, stock markets have experienced price and volume fluctuations that have affected and continue to affect the market prices of equity securities of many companies. These fluctuations often have been unrelated or disproportionate to the operating performance of those companies. These broad market and industry fluctuations, as well as general economic, political and market conditions, such as recessions, interest rate changes or international currency fluctuations, may negatively affect the market price of our common stock.
In the past, many companies that have experienced volatility in the market price of their stock have been subject to securities class action litigation. We may be the target of this type of litigation in the future. Securities litigation against us could result in substantial costs and divert our management’s attention from other business concerns, which could seriously harm our business.
37
Share repurchases under our Repurchase Program (the “Repurchase Program”) could increase the volatility of the trading price of our common stock, could diminish our cash reserves, could occur at non-optimal prices and may not result in the most effective use of our capital.
In November 2019, our board of directors approved a $1.0 billion increase in the authorized stock repurchase under the Repurchase Program and extended the term of the Repurchase Program to February 28, 2021, bringing the aggregate amount authorized to be repurchased $2.5 billion. As of December 31, 2019, $1.6 billion remained available for future share repurchases under the Repurchase Program. Share repurchases under the Repurchase Program could affect the price of our common stock, increase stock price volatility and diminish our cash reserves. In addition, an announcement of the reduction, suspension or termination of the Repurchase Program could result in a decrease in the trading price of our common stock. Moreover, our stock price could decline, resulting in repurchases made at non-optimal prices. Our failure to repurchase our stock at optimal prices may be perceived by investors as an inefficient use of our cash and cash equivalents, which could result in litigation that may have an adverse effect on our business, operating results and financial condition. In addition, while our board of directors carefully considers various alternative uses of our cash and cash equivalents in determining whether to authorize stock repurchases, there can be no assurance that the decision by our board of directors to repurchase stock would result in the most effective uses of our cash and cash equivalents, and there may be alternative uses of our cash and cash equivalents that would be more effective, such as investing in growing our business organically or through acquisitions.
Anti-takeover provisions contained in our certificate of incorporation and bylaws, as well as provisions of Delaware law, could impair a takeover attempt.
Our certificate of incorporation, bylaws and Delaware law contain provisions that could have the effect of rendering more difficult, delaying or preventing an acquisition deemed undesirable by our board of directors. Our corporate governance documents include provisions:
• | authorizing “blank check” preferred stock, which could be issued by the board without stockholder approval and may contain voting, liquidation, dividend and other rights superior to our common stock; |
• | limiting the liability of, and providing indemnification to, our directors and officers; |
• | limiting the ability of our stockholders to call and bring business before special meetings; |
• | requiring advance notice of stockholder proposals for business to be conducted at meetings of our stockholders and for nominations of candidates for election to our board of directors; |
• | providing that certain litigation matters may only be brought against us in state or federal courts in the State of Delaware; |
• | controlling the procedures for the conduct and scheduling of board and stockholder meetings; and |
• | providing the board of directors with the express power to postpone previously scheduled annual meetings and to cancel previously scheduled special meetings. |
These provisions, alone or together, could delay or prevent hostile takeovers and changes in control or changes in our management.
As a Delaware corporation, we are also subject to provisions of Delaware law, including Section 203 of the Delaware General Corporation Law, which prevents stockholders holding more than 15% of our outstanding common stock from engaging in certain business combinations without approval of the holders of a substantial majority of all of our outstanding common stock.
Any provision of our certificate of incorporation, bylaws or Delaware law that has the effect of delaying or deterring a change in control could limit the opportunity for our stockholders to receive a premium for their shares of our common stock, and could also affect the price that some investors are willing to pay for our common stock.
However, these anti-takeover provisions will not have the effect of preventing activist stockholders from seeking to increase short-term stockholder value through actions such as nominating board candidates and requesting that we pursue strategic combinations or other transactions. These actions could disrupt our operations, be costly and time-consuming and divert the attention of our management and employees. In addition, perceived uncertainties as to our future direction as a result
38
of activist stockholder actions could result in the loss of potential business opportunities, as well as other negative business consequences. Actions of an activist stockholder may also cause fluctuations in our stock price based on speculative market perceptions or other factors that do not necessarily reflect our business. Further, we may incur significant expenses in retaining professionals to advise and assist us on activist stockholder matters, including legal, financial, communications advisors and solicitation experts, which may negatively impact our future financial results.
ITEM 1B. Unresolved Staff Comments
Not applicable.
ITEM 2. Properties
Our corporate headquarters is located in Sunnyvale, California and comprises approximately 160,000 square feet of building space on ten acres of land. In 2019, we began construction on a second building of approximately 170,000 square feet that will serve as the cornerstone of our headquarters campus. Along with our corporate headquarters, as of December 31, 2019, we also own approximately 200,000 square feet in Union City, California used as a manufacturing assembly and operations center; approximately 375,000 square feet of office and building space in Burnaby and Ottawa, Canada used for operations, support and research and development work; and 40,000 square feet of office space in Valbonne, France predominantly used as a sales and support office.
We maintain additional leased offices throughout the world, predominantly used as sales and support offices. We believe that our existing properties are sufficient and suitable to meet our current needs. We intend to expand our facilities or add new facilities as we add employees and enter new geographic markets, and we believe that suitable additional or alternative space will be available as needed to accommodate ongoing operations and any such growth. However, we expect to incur additional operating expenses and capital expenditures in connection with such new or expanded facilities.
For information regarding the geographical location of our property and equipment, see Note 15 to our consolidated financial statements in Part II, Item 8 of this Annual Report on Form 10-K.
ITEM 3. Legal Proceedings
We are subject to various claims, complaints and legal actions that arise from time to time in the normal course of business. We accrue for contingencies when we believe that a loss is probable and that we can reasonably estimate the amount of any such loss. There can be no assurance that existing or future legal proceedings arising in the ordinary course of business or otherwise will not have a material adverse effect on our business, consolidated financial position, results of operations or cash flows.
ITEM 4. Mine Safety Disclosure
Not applicable.
39
Part II
ITEM 5. | Market for Registrant’s Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities |
Our common stock is traded on The Nasdaq Global Select Market under the symbol “FTNT.”
Holders of Record
As of February 21, 2020, there were 43 holders of record of our common stock. A substantially greater number of holders of our common stock are “street name” or beneficial holders, whose shares are held by banks, brokers and other financial institutions.
Dividends
We have never declared or paid cash dividends on our capital stock. We do not anticipate paying any cash dividends in the foreseeable future. Any future determination to declare cash dividends will be made at the discretion of our board of directors and will depend on our financial condition, operating results, capital requirements, general business conditions and other factors that our board of directors may deem relevant.
Stock Performance Graph
This performance graph shall not be deemed “filed” for purposes of Section 18 of the Securities and Exchange Act of 1934 (the “Exchange Act”), or incorporated by reference into any filing of Fortinet under the Securities Act of 1933, as amended (the “Securities Act”), or the Exchange Act, except as shall be expressly set forth by specific reference in such filing.
The following graph compares the cumulative five-year total return for our common stock, the Standard & Poor’s 500 Stock Index (the “S&P 500 Index”) and the NASDAQ Computer Index. Such returns are based on historical results and are not intended to suggest future performance. Data for the S&P 500 Index and the NASDAQ Computer Index assume reinvestment of dividends. We have never declared or paid cash dividends on our capital stock, nor do we anticipate paying any such cash dividends in the foreseeable future.
40
COMPARISON OF CUMULATIVE TOTAL RETURN*
Among Fortinet, Inc., the S&P 500 Index and
the NASDAQ Computer Index
December 2014 * | December 2015 | December 2016 | December 2017 | December 2018 | December 2019 | |||||||||||||||||||
Fortinet, Inc. | $ | 100 | $ | 102 | $ | 98 | $ | 142 | $ | 230 | $ | 348 | ||||||||||||
S&P 500 Index | $ | 100 | $ | 99 | $ | 109 | $ | 130 | $ | 122 | $ | 157 | ||||||||||||
NASDAQ Computer | $ | 100 | $ | 106 | $ | 119 | $ | 166 | $ | 159 | $ | 240 | ||||||||||||
* Assumes that $100 was invested on December 31, 2014 in stock or index, including reinvestment of dividends. Stockholder returns over the indicated period should not be considered indicative of future stockholder returns.
Sales of Unregistered Securities
None.
Purchases of Equity Securities by the Issuer and Affiliated Purchasers
Share Repurchase Program
In January 2016, our board of directors approved our Share Repurchase Program (the “Repurchase Program”). In November 2019, our board of directors approved a $1.0 billion increase in the authorized stock repurchase under the Repurchase Program and extended the term of the Repurchase Program to February 28, 2021, bringing the aggregate amount authorized to be repurchased to $2.5 billion of our outstanding common stock through February 28, 2021. Under the Repurchase Program, share repurchases may be made by us from time to time in privately negotiated transactions or in open market transactions. The Repurchase Program does not require us to purchase a minimum number of shares, and may be suspended, modified or discontinued at any time without prior notice. Since its inception, we have repurchased 20.8 million shares of our common stock under the Repurchase Program for an aggregate purchase price of $907.2 million.
41
The following table provides information with respect to the shares of common stock we repurchased during the three months ended December 31, 2019 (in millions, except per share amounts):
Total Number of Shares Purchased | Average Price Paid per Share | Total Number of Shares Purchased as Part of Publicly Announced Plans or Programs | Approximate Dollar Value of Shares that May Yet Be Purchased Under the Plans or Programs | |||||||||||
October 1 - October 31, 2019 | 0.3 | $ | 77.39 | 0.3 | $ | 592.9 | ||||||||
November 1 - November 30, 2019 | — | $ | — | — | $ | 1,592.9 | ||||||||
December 1 - December 31, 2019 | * | $ | 100.01 | * | $ | 1,592.8 | ||||||||
Total | 0.3 | $ | 77.40 | 0.3 | ||||||||||
* Number rounds to zero
ITEM 6. Selected Financial Data
The following selected consolidated financial data set forth below was derived from our historical audited consolidated financial statements and should be read in conjunction with the section titled “Management’s Discussion and Analysis of Financial Condition and Results of Operations” and “Financial Statements and Supplementary Data,” and other financial data included elsewhere in this Annual Report on Form 10-K. Our historical results of operations are not indicative of our future results of operations.
Year Ended December 31, | |||||||||||||||||||
2019 | 2018 | 2017 | 2016 | 2015 | |||||||||||||||
(in millions, except per share amounts) | |||||||||||||||||||
Consolidated Statements of Income Data: | |||||||||||||||||||
Total revenue | $ | 2,156.2 | $ | 1,801.2 | $ | 1,494.9 | $ | 1,275.4 | $ | 1,009.3 | |||||||||
Total gross profit | $ | 1,650.3 | $ | 1,350.8 | $ | 1,109.6 | $ | 937.6 | $ | 722.5 | |||||||||
Operating income | $ | 344.2 | $ | 231.0 | $ | 109.8 | $ | 42.9 | $ | 14.9 | |||||||||
Net income | $ | 326.5 | $ | 332.2 | $ | 31.4 | $ | 32.2 | $ | 8.0 | |||||||||
Net income per share: | |||||||||||||||||||
Basic | $ | 1.91 | $ | 1.96 | $ | 0.18 | $ | 0.19 | $ | 0.05 | |||||||||
Diluted | $ | 1.87 | $ | 1.91 | $ | 0.18 | $ | 0.18 | $ | 0.05 | |||||||||
Weighted-average shares outstanding: | |||||||||||||||||||
Basic | 171.0 | 169.1 | 174.3 | 172.6 | 170.4 | ||||||||||||||
Diluted | 175.0 | 174.2 | 178.1 | 176.3 | 176.1 | ||||||||||||||
As of December 31, | |||||||||||||||||||
2019 | 2018 | 2017 | 2016 | 2015 | |||||||||||||||
(in millions) | |||||||||||||||||||
Consolidated Balance Sheet Data: | |||||||||||||||||||
Cash, cash equivalents and investments | $ | 2,209.9 | $ | 1,716.6 | $ | 1,349.3 | $ | 1,310.5 | $ | 1,164.3 | |||||||||
Total assets | $ | 3,885.5 | $ | 3,078.0 | $ | 2,257.9 | $ | 2,139.9 | $ | 1,790.5 | |||||||||
Total stockholders’ equity | $ | 1,321.9 | $ | 1,010.2 | $ | 589.4 | $ | 837.7 | $ | 755.4 | |||||||||
42
ITEM 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations
In addition to historical information, this Annual Report on Form 10-K contains forward-looking statements within the meaning of Section 27A of the Securities Act and Section 21E of the Exchange Act. These statements include, among other things, statements concerning our expectations regarding:
• | continued growth and market share gains; |
• | variability in sales in certain product categories from year to year and between quarters; |
• | expected impact of sales of certain products and services; |
• | the impact of macro-economic, geopolitical factors and other disruption on our manufacturing or sales, including the impact of the coronavirus and other public health issues and natural disasters; |
• | the proportion of our revenue that consists of our product and service revenue, and the mix of billings between products and services, and the duration of service contracts; |
• | the impact of our product innovation strategy; |
• | the effects of government regulation, tariffs and other related policies; |
• | drivers of long-term growth and operating leverage, such as increased sales productivity, functionality and value in our standalone and bundled subscription service offerings; |
• | growing our sales to businesses, service providers and government organizations, our ability to execute these sales and of the complexity of selling to all segments (including the increased competition and unpredictability of timing associated with sales to larger enterprises), the impact of sales to these organizations on our long-term growth, expansion and operating results, and the effectiveness of our internal sales organization; |
• | our ability to hire properly qualified and effective sales, support and engineering employees; |
• | trends in revenue, cost of revenue and gross margin; |
• | trends in our operating expenses, including sales and marketing expense, research and development expense, general and administrative expense, and expectations regarding these expenses; |
• | risks and expectations related to acquisitions or sales of assets, including integration issues related to product plans and products, including the acquired technology; |
• | continued investments in research and development, and expectations that our research and development expense will increase in absolute dollars during 2020; |
• | continued investments in our sales resources and infrastructure and marketing strategy, and expectations that our sales and marketing expense will increase in absolute dollars during 2020; |
• | expectations that our general and administrative expense will increase in absolute dollars during 2020; |
• | expectations that proceeds from the exercise of stock options in future years will be adversely impacted by the increased mix of restricted stock units versus stock options granted; |
• | estimates of a range of 2020 spending on our headquarters expansion project; |
• | expectations regarding uncertain tax benefits and our effective domestic and global tax rates, and the impact of the Tax Cuts and Jobs Act (the “2017 Tax Act”) and the Ninth Circuit’s Altera decision regarding stock-based compensation in cost sharing arrangements; |
43
• | expectations regarding spending related to real estate and other capital expenditures and to the impact on free cash flows; |
• | competition in our markets; |
• | statements regarding expected outcomes and liabilities in litigation; |
• | our intentions regarding share repurchases and the sufficiency of our existing cash, cash equivalents and investments to meet our cash needs for at least the next 12 months; |
• | other statements regarding our future operations, financial condition and prospects and business strategies; and |
• | adoption and impact of new accounting standards. |
These forward-looking statements are subject to certain risks and uncertainties that could cause our actual results to differ materially from those reflected in the forward-looking statements. Factors that could cause or contribute to such differences include, but are not limited to, those discussed in this Annual Report on Form 10-K and, in particular, the risks discussed under the heading “Risk Factors” in Part I, Item 1A of this Annual Report on Form 10-K and those discussed in other documents we file with the Securities and Exchange Commission (the “SEC”). We undertake no obligation, and specifically disclaim any obligation, to revise or publicly release the results of any revision to these and any other forward-looking statements. Given these risks and uncertainties, readers are cautioned not to place undue reliance on such forward-looking statements.
Business Overview
Fortinet is a global leader in cybersecurity solutions provided to a wide variety of organizations, such as enterprises, communication service providers, government organizations and small businesses. Our cybersecurity solutions are designed to provide broad visibility and segmentation of the digital attack surface through our integrated Fortinet Security Fabric platform, which features automated protection, detection and response.
The focus areas of our business consist of:
• | Network Security—We derive a majority of product sales from our FortiGate network security appliances. Our FortiGate network security appliances include a broad set of built-in security and networking features and functionalities, including firewall, next-generation firewall, secure web gateway, SSL inspection, SD-WAN, intrusion prevention, SSL data leak prevention, VPN, switch and wireless controller and wide area network edge. Our network security appliances are managed by our FortiOS network operating system, which provides the foundation for FortiGate security functions. We enhance the performance of our network security appliances from branch to data center by designing and implementing SPU technology within our appliances, enabling us to add security and network functionality with minimal impact to network throughput performance. |
• | Infrastructure Security—The Fortinet Security Fabric platform is a broad, automated and integrated security platform that extends beyond the network to cover other attack vectors. Other infrastructure solutions covered include Secure Access (Wi-Fi and switch). |
• | Cloud Security—We help customers connect securely to and across their hybrid, public and private cloud environments by offering security through our virtual firewall and other software products in public and private cloud environments. Our cloud security solutions, including virtual appliances and hosted solutions, extend the core capabilities of the Fortinet Security Fabric platform to provide businesses with the same level of cybersecurity and threat intelligence in and across cloud environments that they receive on their physical networks. Fortinet cloud security offerings are available across all major cloud providers, including Amazon Web Services, Microsoft Azure, Google Cloud, Oracle Cloud, Alibaba Cloud and IBM Cloud. Our Cloud Security portfolio also includes securing applications, including email and web. |
44
• | Endpoint Protection, Internet of Things and Operational Technology Security—We protect end-customers from advanced threats that target their devices and the data that reside on them through our advanced endpoint solutions that provide core endpoint protection, advanced threat protection, incident monitoring, and response. Additionally, the proliferation of IoT and the digitization of OT devices has generated new opportunities for us to grow our business. We offer network access control solutions that provide visibility, control and automated event responses in order to secure IoT devices. |
We also develop and provide AI-driven security operations solutions, including FortiGuard security services that can be applied across the entire Fortinet Security Fabric platform. These solutions help customers better secure their environments by delivering deeper intelligence and insights and by narrowing the gaps in security skills and resources that are present in many organizations.
In addition to our security solutions, our customers, channel partners and end-customers may purchase FortiGuard and other security subscription services to receive threat intelligence updates, FortiCare technical support services across all of our products and the support of Technical Account Managers, Resident Engineers and professional service consultants for implementations or training services.
Financial Highlights
• | Total revenue was $2.16 billion in 2019, an increase of 20% compared to $1.80 billion in 2018. Product revenue was $788.5 million in 2019, an increase of 17% compared to $674.4 million in 2018. Service revenue was $1.37 billion in 2019, an increase of 21% compared to $1.13 billion in 2018. |
• | We generated operating income of $344.2 million in 2019, an increase of 49% compared to $231.0 million in 2018. |
• | Cash, cash equivalents and investments were $2.21 billion as of December 31, 2019, an increase of $493.3 million, or 29%, from December 31, 2018. |
• | Deferred revenue was $2.14 billion as of December 31, 2019, an increase of $449.1 million, or 27%, from December 31, 2018. |
• | We generated cash flows from operating activities of $808.0 million in 2019, an increase of $169.1 million, or 26%, compared to 2018. |
• | In 2019, we repurchased 1.9 million shares of common stock under the Repurchase Program for an aggregate purchase price of $140.9 million. In 2018, we repurchased 3.8 million shares of common stock for a total purchase price of $209.1 million. |
Our revenue growth was driven by both product and service revenue. On a geographic basis, revenue continues to be diversified globally, which remains a key strength of our business. Product revenue grew 17% in 2019. We experienced revenue growth across several of our hardware and software products, including FortiGate enabled with SD-WAN features. Service revenue growth of 21% in 2019 was driven by the strength of our FortiGuard and other security subscription revenue, which grew 24%.
During the second quarter of 2019, we reclassified the 100 series of our FortiGate product from an entry-level product to a mid-range product. Prior periods have been reclassified to conform with current period presentation. Including this reclassification, we saw a mix shift from high-end to mid-range products in 2019.
During the fourth quarter of 2019, we acquired enSilo Limited (“enSilo”) and CyberSponse Inc. (“CyberSponse”) to further strengthen our Fortinet Security Fabric platform by providing real-time automated endpoint detection and response capability (enSilo) and security orchestration, automation and response products and services (CyberSponse). The impact of these acquisitions, individually and in the aggregate, were not material to our consolidated financial statements.
In 2019, our revenue growth outpaced our growth in operating expenses. As a result, operating expenses as a percentage of revenue decreased by two percentage points compared to 2018. Headcount increased by 21% to 7,082 employees and contractors as of December 31, 2019, up from 5,845 as of December 31, 2018. The acquisition of enSilo and CyberSponse increased headcount by 135 employees. Excluding these two acquisitions, headcount would have increased 19% year over year.
45
The impact of the coronavirus outbreak on our business remains uncertain, and, though the majority of our products are manufactured outside of China, certain components for our products and certain of our products are manufactured in China and Taiwan and we have international shipping and logistics centers in Taiwan. While any significant impact is uncertain at this point, if the coronavirus outbreak continues to spread, the business disruption caused thereby could have a material negative impact on our billings, revenue, gross margin, operating margin, cash flows and other financial results for the first quarter of 2020 and certain periods thereafter.
Business Model
We primarily sell our products and services through a two-tier distribution model. We sell to distributors that sell to networking security and enterprise-focused resellers and to service providers and MSSPs, who, in turn, sell to our end-customers. In certain cases, we sell directly to large service providers and major systems integrators. In certain cases, we sell directly to large service providers and major systems integrators. We also offer our products across major cloud providers, and have recognized on-demand revenue from Amazon Web Services, Microsoft Azure, IBM Cloud, Google Cloud and Oracle Cloud. We have also recognized revenue from customers who deploy our products in a bring-your-own-license (“BYOL”) arrangement at a cloud provider such as Amazon Web Services, Microsoft Azure, Google Cloud, Oracle Cloud and Alibaba Cloud. In a BYOL arrangement, a customer purchases a software license from us through our channel partners and deploys the software in a cloud provider’s environment. Similarly, customers may purchase such a license from us and deploy in their private cloud.
Typically, our customers purchase our hardware products and software licenses, as well as our FortiGuard security subscription and FortiCare technical support services. We generally invoice at the time of our sale for the total price of the products and security and technical support services. The invoice is typically payable within 30 to 45 days. We also invoice certain services on a monthly basis.
Key Metrics
We monitor a number of key metrics, including the key financial metrics set forth below, in order to help us evaluate growth trends, establish budgets, measure the effectiveness of our sales and marketing efforts, and assess operational efficiencies. The following table summarizes revenue, deferred revenue, billings (non-GAAP), net cash provided by operating activities, and free cash flow (non-GAAP). We discuss revenue below under “—Components of Operating Results,” and we discuss net cash provided by operating activities below under “—Liquidity and Capital Resources.” Deferred revenue, billings (non-GAAP), and free cash flow (non-GAAP) are discussed immediately below the following table.
Year Ended or As of December 31, | |||||||||||
2019 | 2018 | 2017 | |||||||||
(in millions) | |||||||||||
Revenue | $ | 2,156.2 | $ | 1,801.2 | $ | 1,494.9 | |||||
Deferred revenue | $ | 2,135.9 | $ | 1,686.8 | $ | 1,336.3 | |||||
Billings (non-GAAP) | $ | 2,602.9 | $ | 2,153.3 | $ | 1,795.9 | |||||
Net cash provided by operating activities | $ | 808.0 | $ | 638.9 | $ | 594.4 | |||||
Free cash flow (non-GAAP) | $ | 715.8 | $ | 585.9 | $ | 459.1 | |||||
Deferred revenue. Our deferred revenue consists of amounts that have been invoiced but that have not yet been recognized as revenue. The majority of our deferred revenue balance consists of the unrecognized portion of service revenue from FortiGuard security subscription and FortiCare technical support service contracts, which is recognized as revenue ratably over the contractual service period. We monitor our deferred revenue balance, deferred revenue growth and the mix of short-term and long-term deferred revenue because deferred revenue represents a significant portion of free cash flow and of revenue to be recognized in future periods. Deferred revenue was $2.14 billion as of December 31, 2019, an increase of $449.1 million, or 27%, from December 31, 2018.
Billings (non-GAAP). We define billings as revenue recognized in accordance with generally accepted accounting principles in the United States (“GAAP”) plus the change in deferred revenue from the beginning to the end of the period and adjustments to the deferred revenue balance due to adoption of Financial Accounting Standards Board (“FASB”) Topic 606, Revenue from Contracts with Customers (“Topic 606”), less any deferred revenue balances acquired from business combination(s) during the period. We consider billings to be a useful metric for management and investors because billings
46
drive current and future revenue, which is an important indicator of the health and viability of our business. There are a number of limitations related to the use of billings instead of GAAP revenue. First, billings include amounts that have not yet been recognized as revenue and are impacted by the security and support contractual service period agreements. Second, we may calculate billings in a manner that is different from peer companies that report similar financial measures. Management accounts for these limitations by providing specific information regarding GAAP revenue and evaluating billings together with GAAP revenue. Total billings were $2.60 billion for 2019, an increase of 21% compared to $2.15 billion in 2018.
A reconciliation of revenue, the most directly comparable financial measure calculated and presented in accordance with GAAP, to billings is provided below:
Year Ended December 31, | |||||||||||
2019 | 2018 | 2017 | |||||||||
(in millions) | |||||||||||
Billings: | |||||||||||
Revenue | $ | 2,156.2 | $ | 1,801.2 | $ | 1,494.9 | |||||
Add: Change in deferred revenue | 449.1 | 350.5 | 301.0 | ||||||||
Add: Deferred revenue adjustment due to adoption of Topic 606 | — | 4.1 | — | ||||||||
Less: Deferred revenue balance acquired in business combinations | (2.4 | ) | (2.5 | ) | — | ||||||
Total billings (non-GAAP) | $ | 2,602.9 | $ | 2,153.3 | $ | 1,795.9 | |||||
Free cash flow (non-GAAP). We define free cash flow as net cash provided by operating activities minus purchases of property and equipment. We believe free cash flow to be a liquidity measure that provides useful information to management and investors about the amount of cash generated by the business that, after capital expenditures, can be used for strategic opportunities, including repurchasing outstanding common stock, investing in our business, making strategic acquisitions and strengthening the balance sheet. A limitation of using free cash flow rather than the GAAP measures of cash provided by or used in operating activities, investing activities, and financing activities is that free cash flow does not represent the total increase or decrease in the cash and cash equivalents balance for the period because it excludes cash flows from investing activities other than capital expenditures and cash flows from financing activities. Management accounts for this limitation by providing information about our capital expenditures and other investing and financing activities on the face of the consolidated statements of cash flows and under “—Liquidity and Capital Resources” and by presenting cash flows from investing and financing activities in our reconciliation of free cash flow. In addition, it is important to note that other companies, including companies in our industry, may not use free cash flow, may calculate free cash flow in a different manner than we do or may use other financial measures to evaluate their performance, all of which could reduce the usefulness of free cash flow as a comparative measure. A reconciliation of net cash provided by operating activities, the most directly comparable financial measure calculated and presented in accordance with GAAP, to free cash flow is provided below:
Year Ended December 31, | |||||||||||
2019 | 2018 | 2017 | |||||||||
(in millions) | |||||||||||
Free Cash Flow: | |||||||||||
Net cash provided by operating activities | $ | 808.0 | $ | 638.9 | $ | 594.4 | |||||
Less: Purchases of property and equipment | (92.2 | ) | (53.0 | ) | (135.3 | ) | |||||
Free cash flow (non-GAAP) | $ | 715.8 | $ | 585.9 | $ | 459.1 | |||||
Net cash used in investing activities | $ | (502.3 | ) | $ | (134.9 | ) | $ | (76.8 | ) | ||
Net cash used in financing activities | $ | (195.6 | ) | $ | (202.6 | ) | $ | (415.6 | ) | ||
Components of Operating Results
Revenue. We generate the majority of our revenue from sales of our hardware and software products and amortization of amounts included in deferred revenue related to previous sales of FortiGuard security subscription and FortiCare technical support services. We also recognize revenue from cloud security solutions, professional services and training.
47
Our total revenue is comprised of the following:
• | Product revenue. Product revenue is primarily generated from sales of our appliances. The majority of our product revenue has been generated by our FortiGate product line, and we do not expect this to change in the foreseeable future. Product revenue also includes revenue derived from sales of fabric hardware and software products, including FortiGate software licenses. As a percentage of total revenue, we expect that our product revenue may vary from quarter-to-quarter based on certain factors, as discussed below under “—Quarterly Results of Operations,” and we expect the trend to continue in 2020. |
• | Service revenue. Service revenue is generated primarily from FortiGuard security subscription services and FortiCare technical support services. We recognize revenue from FortiGuard security subscription and FortiCare technical support services over the contractual service period. Our typical contractual support and subscription term is one to three years and, to a lesser extent, five years. We also generate a small portion of our revenue from professional services and training services, for which we recognize revenue as the services are provided, and cloud-based services, for which we recognize revenue as the services are delivered or on a monthly usage basis. As a percentage of total revenue, we continue to expect service revenue to be higher than product revenue. Our service revenue growth rate depends significantly on the growth of our customer base, the expansion of our service bundle offerings, the expansion and introduction of new service offerings and the renewal of service contracts by our existing customers. |
Our total cost of revenue is comprised of the following:
• | Cost of product revenue. The majority of the cost of product revenue consists of third-party contract manufacturers’ costs and the costs of materials used in production. Our cost of product revenue also includes supplies, shipping costs, personnel costs associated with logistics and quality control, facility-related costs, excess and obsolete inventory costs, warranty costs and amortization of intangible assets. Personnel costs include direct compensation and benefits. |
• | Cost of service revenue. Cost of service revenue is primarily comprised of salaries, benefits and bonuses, as well as stock-based compensation. Cost of service revenue also includes third-party repair and contract fulfillment, data center and cloud hosting, supplies and facility-related costs. |
Gross margin. Gross profit as a percentage of revenue, or gross margin, has been and will continue to be affected by a variety of factors, including the average sales price of our products, product costs, the mix of products sold and the mix of revenue between hardware products, software licenses and services and any excess inventory write-offs. Service revenue and software licenses have had a positive effect on our total gross margin given the higher gross margins compared to hardware product gross margins. During 2019, service gross margin benefited from renewals and continued sales of services and subscriptions, growing faster than related expenses. Product gross margin benefited from gains in average selling price, as well as lower direct and indirect product costs as a percentage of product revenue. It also benefited from deal mix, software revenue growth and a stable product transition environment. Cost of product revenue was comprised of direct product costs and indirect costs, including inventory reserves and other manufacturing overhead. Overall gross margin in 2020 will be impacted by service and product revenue mix, but we expect it to be comparable to overall gross margin in 2019.
Operating expenses. Our operating expenses consist of research and development, sales and marketing and general and administrative expenses. Personnel costs are the most significant component of operating expenses and consist primarily of salaries, benefits, bonuses, stock-based compensation, and sales commissions, as applicable. We expect personnel costs to continue to increase in absolute dollars as we expand our workforce.
• | Research and development. Research and development expense consists primarily of personnel costs. Additional research and development expenses include ASIC and system prototypes and certification-related expenses, depreciation of property and equipment and facility-related expenses. The majority of our research and development is focused on both software development and the ongoing development of our hardware platform. We record all research and development expenses as incurred. Our research and development teams are primarily located in Canada and the United States. |
• | Sales and marketing. Sales and marketing expense is the largest component of our operating expenses and primarily consists of personnel costs. Additional sales and marketing expenses include product marketing, public relations, field marketing and channel marketing programs (e.g. partner cooperative marketing arrangements), as well as travel, depreciation of property and equipment and facility-related expenses. We |
48
intend to hire additional personnel focused on sales and marketing and expand our sales and marketing efforts worldwide in order to capture market share in the enterprise market.
• | General and administrative. General and administrative expense consists of personnel costs, as well as professional fees, depreciation of property and equipment and software and facility-related expenses. General and administrative personnel include our executive, finance, human resources, information technology and legal organizations. Our professional fees principally consist of outside legal, auditing, accounting, tax, information technology and other consulting costs. |
Interest income—net. Interest income—net consists of interest earned on our cash, cash equivalents and investments. We have historically invested our cash in corporate debt securities, certificates of deposit and term deposits, commercial paper, money market funds, and U.S. government and agency securities.
Other income (expense)—net. Other income (expense)—net consists primarily of foreign exchange gains and losses related to foreign currency remeasurement, as well as the gain on the sale of an investment in a privately held company and the impairment charge on an investment in a privately held company.
Provision for (benefit from) income taxes. We are subject to income taxes in the United States, as well as other tax jurisdictions or countries in which we conduct business. Earnings from our non-U.S. activities are subject to income taxes in local countries and may be subject to U.S. income taxes. Our effective tax rate differs from the U.S. statutory rate primarily due to foreign income subject to different tax rates than in the U.S., nondeductible stock-based compensation expense, federal research and development tax credit, state taxes, withholding taxes, excess tax benefits related to stock-based compensation expense and the tax impacts of the 2017 Tax Act.
Critical Accounting Policies and Estimates
Our discussion and analysis of our financial condition and results of operations are based upon our financial statements, which have been prepared in accordance with GAAP. These principles require us to make estimates and judgments that affect the reported amounts of assets, liabilities, revenue, cost of revenue and expenses, and related disclosures. We base our estimates on historical experience and on various other assumptions that we believe to be reasonable under the circumstances. To the extent that there are material differences between these estimates and our actual results, our future financial statements will be affected.
We believe that, of the significant accounting policies described in Note 1 to our consolidated financial statements included in Part II, Item 8 of this Annual Report on Form 10-K, the following accounting policies involve a greater degree of judgment and complexity. Accordingly, we believe these are the most critical to fully understand and evaluate our financial condition and results of operations.
Revenue Recognition
On January 1, 2018, we adopted Topic 606, Revenue from Contracts with Customers, using the modified retrospective method applied to those contracts which were not completed as of January 1, 2018. Results for reporting periods beginning after January 1, 2018 are presented under Topic 606, while prior period amounts are not adjusted and continue to be reported under ASC Topic 605 (“Topic 605”), Revenue Recognition.
Beginning in 2018, revenues are recognized when control of goods or services is transferred to our customers, in an amount that reflects the consideration we expect to be entitled to in exchange for those goods or services. Prior to 2018, revenue was recognized under Topic 605 when all of the following criteria were met: (i) persuasive evidence of an arrangement existed, (ii) delivery has occurred or services have been rendered, (iii) sales price was fixed or determinable and (iv) collectability was reasonably assured.
Under Topic 606, we determine revenue recognition through the following steps:
• | identification of a contract or contracts with a customer; |
• | identification of the performance obligations in a contract, including evaluation of performance obligations as to being distinct goods or services in a contract; |
• | determination of a transaction price; |
• | allocation of a transaction price to the performance obligations in a contract; and |
• | recognition of revenue when, or as, we satisfy a performance obligation. |
49
Our sales contracts typically contain multiple deliverables, such as hardware, software license, security subscription, technical support services and other services, which are generally capable of being distinct and accounted for as separate performance obligations. We evaluated the criteria to be distinct under Topic 606 and concluded that the hardware and software licenses were distinct and distinct in the context of a contract from the security subscription and technical support services, as a customer can benefit from the hardware and software licenses without the services and the services are separately identifiable within a contract. We allocate a transaction price to each performance obligation based on relative standalone selling price. If not observable through past transactions, we determine standalone selling price based on the historical pricing and discounting practices for those services when sold separately. We determine standalone selling price for a product or service by considering multiple historical factors including, but not limited to, cost of products, gross margin objectives, pricing practices, geographies and the term of a service contract that fall within a reasonably range as a percentage of list price.
Under the previous standard, Topic 605, revenue from contracts that contain products and services is allocated to each unit of accounting based on an estimated selling price using vendor-specific objective evidence (“VSOE”) of selling price, if it existed, or third-party evidence (“TPE”) of selling price. If neither VSOE nor TPE of selling price existed for a deliverable, we used our best estimate of selling price for that deliverable. For multiple-element arrangements where software deliverables were included, revenue was allocated to the non-software deliverables and to the software deliverables as a group using the relative estimated selling prices of each of the deliverables in an arrangement based on the estimated selling price hierarchy. The amount allocated to the software deliverables was then allocated to each software deliverable using the residual method when VSOE of fair value existed. If evidence of VSOE of fair value of one or more undelivered elements did not exist, all software allocated revenue was deferred and recognized when delivery of those elements occurred or when fair value was established. When the undelivered element for which we did not have VSOE of fair value was support, revenue for the entire arrangement was recognized ratably over the support period. The same residual method and VSOE of fair value principles applied for our multiple element arrangements that contained only software elements.
Deferred Contract Costs and Commission Expense
Beginning in 2018, we recognized commission expense based on Topic 606’s guidance for contract costs. Under this new guidance, we recognize sales commissions related to product sales upfront while sales commissions for service contracts are deferred as deferred contract costs in the consolidated balance sheets and amortized over the applicable amortization period. Costs for initial contracts that are not commensurate with renewal commissions are amortized on a straight-line basis over the period of benefit, which we have determined to be five years and which is typically longer than the initial contract term. Significant estimates, assumptions, and judgments in accounting for deferred contract costs include, but are not limited to, identification of contract costs, anticipated billings and the expected period of benefit.
Valuation of Inventory
Inventory is recorded at the lower of cost or net realizable value. Cost is computed using the first-in, first-out method. In assessing the ultimate recoverability of inventory, we make estimates regarding future customer demand, the timing of new product introductions, economic trends and market conditions. If the actual product demand is significantly lower than forecasted, we could be required to record inventory write-downs which would be charged to cost of product revenue. Any write-downs could have an adverse impact on our gross margins and profitability.
Business Combinations
We include the results of operations of the businesses that we acquire as of the respective dates of acquisition. We allocate the fair value of the purchase price of our business acquisitions to the tangible and intangible assets acquired and liabilities assumed based on their estimated fair values. The excess of the purchase price over the fair values of these identifiable assets and liabilities is recorded as goodwill. We often continue to gather additional information throughout the measurement period, and if we make changes to the amounts recorded, such changes are recorded in the period in which they are identified.
Contingent Liabilities
From time to time, we are involved in disputes, litigation and other legal actions. However, there are many uncertainties associated with any litigation, and these actions or other third-party claims against us may cause us to incur substantial settlement charges, which are inherently difficult to estimate and could adversely affect our results of operations. We review significant new claims and litigation for the probability of an adverse outcome. Estimates can change as individual
50
claims develop. The actual liability in any such matters may be materially different from our estimates, which could result in the need to adjust our liability and record additional expenses.
Accounting for Income Taxes
We record income taxes using the asset and liability method, which requires the recognition of deferred tax assets and liabilities for the expected future tax consequences of events that have been recognized in our financial statements or tax returns. In addition, deferred tax assets are recorded for the future benefit of utilizing net operating losses and research and development credit carryforwards. Deferred tax assets and liabilities are measured using the currently enacted tax rates that apply to taxable income in effect for the years in which those tax assets and liabilities are expected to be realized or settled. Valuation allowances are provided when necessary to reduce deferred tax assets to the amount expected to be realized.
We recognize tax benefits from an uncertain tax position only if it is more likely than not, based on the technical merits of the position that the tax position will be sustained on examination by the tax authorities. The tax benefits recognized in the financial statements from such positions are then measured based on the largest benefit that has a greater than 50% likelihood of being realized upon ultimate settlement.
Effective January 1, 2018, the 2017 Tax Act reduced the federal corporate income tax rate from 35% to 21% and created a territorial tax system with a one-time transition tax on foreign earnings of U.S. subsidiaries not previously subject to U.S. income tax. Our selection of an accounting policy for 2018 with respect to the Global Intangible Low-Taxed Income (“GILTI”) tax rules was to treat GILTI tax as a current period expense under the period cost method. For 2019, we were not subject to GILTI. We will continue to monitor and assess the impact of the 2017 Tax Act and ongoing guidance and accounting interpretations issued in response to the 2017 Tax Act.
As part of the process of preparing our consolidated financial statements, we are required to estimate our taxes in each of the jurisdictions in which we operate. We estimate actual current tax exposure together with assessing temporary differences resulting from differing treatment of items, such as accruals and allowances not currently deductible for tax purposes. These differences result in deferred tax assets, which are included in our consolidated balance sheets. In general, deferred tax assets represent future tax benefits to be received when certain expenses previously recognized in our consolidated statements of income become deductible expenses under applicable income tax laws, or loss or credit carryforwards are utilized.
In assessing the realizability of deferred tax assets, management considers whether it is more likely than not that some portion or all of the deferred tax assets will be realized. The ultimate realization of deferred tax assets is dependent upon the generation of future taxable income during the periods in which those temporary differences become deductible. We continue to assess the need for a valuation allowance on the deferred tax assets by evaluating both positive and negative evidence that may exist. Any adjustment to the valuation allowance on deferred tax assets would be recorded in the consolidated statements of income for the period that the adjustment is determined to be required.
51
Results of Operations
The following tables set forth our results of operations for the periods presented and as a percentage of our total revenue for those periods. The period-to-period comparison of financial results is not necessarily indicative of financial results to be achieved in future periods.
Year Ended December 31, | |||||||||||
2019 | 2018 | 2017 | |||||||||
(in millions) | |||||||||||
Consolidated Statements of Income Data: | |||||||||||
Revenue: | |||||||||||
Product | $ | 788.5 | $ | 674.4 | $ | 577.2 | |||||
Service | 1,367.7 | 1,126.8 | 917.7 | ||||||||
Total revenue | 2,156.2 | 1,801.2 | 1,494.9 | ||||||||
Cost of revenue: | |||||||||||
Product | 324.6 | 291.0 | 243.8 | ||||||||
Service | 181.3 | 159.4 | 141.5 | ||||||||
Total cost of revenue | 505.9 | 450.4 | 385.3 | ||||||||
Gross profit: | |||||||||||
Product | 463.9 | 383.4 | 333.4 | ||||||||
Service | 1,186.4 | 967.4 | 776.2 | ||||||||
Total gross profit | 1,650.3 | 1,350.8 | 1,109.6 | ||||||||
Operating expenses: | |||||||||||
Research and development | 277.1 | 244.5 | 210.6 | ||||||||
Sales and marketing | 926.9 | 782.3 | 701.0 | ||||||||
General and administrative | 102.1 | 93.0 | 87.9 | ||||||||
Restructuring charges | — | — | 0.3 | ||||||||
Total operating expenses | 1,306.1 | 1,119.8 | 999.8 | ||||||||
Operating income | 344.2 | 231.0 | 109.8 | ||||||||
Interest income—net | 42.5 | 26.5 | 13.5 | ||||||||
Other income (expense)—net | (7.5 | ) | (6.6 | ) | 0.7 | ||||||
Income before income taxes | 379.2 | 250.9 | 124.0 | ||||||||
Provision for (benefit from) income taxes | 52.7 | (81.3 | ) | 92.6 | |||||||
Net income | $ | 326.5 | $ | 332.2 | $ | 31.4 | |||||
52
Year Ended December 31, | ||||||||
2019 | 2018 | 2017 | ||||||
(as percentage of revenue) | ||||||||
Revenue: | ||||||||
Product | 37 | % | 37 | % | 39 | % | ||
Service | 63 | 63 | 61 | |||||
Total revenue | 100 | 100 | 100 | |||||
Cost of revenue: | ||||||||
Product | 15 | 16 | 16 | |||||
Service | 8 | 9 | 9 | |||||
Total cost of revenue | 23 | 25 | 26 | |||||
Gross margin: | ||||||||
Product | 59 | 57 | 58 | |||||
Service | 87 | 86 | 85 | |||||
Total gross margin | 77 | 75 | 74 | |||||
Operating expenses: | ||||||||
Research and development | 13 | 14 | 14 | |||||
Sales and marketing | 43 | 43 | 47 | |||||
General and administrative | 5 | 5 | 6 | |||||
Restructuring charges | — | — | — | |||||
Total operating expenses | 61 | 62 | 67 | |||||
Operating margin | 16 | 13 | 7 | |||||
Interest income—net | 2 | 1 | 1 | |||||
Other income (expense)—net | — | — | — | |||||
Income before income taxes | 18 | 14 | 8 | |||||
Provision for (benefit from) income taxes | 2 | (5 | ) | 6 | ||||
Net income | 15 | % | 18 | % | 2 | % | ||
Percentages have been rounded for presentation purposes and may differ from unrounded results.
Discussion regarding our financial condition and results of operations for 2018 as compared to 2017 can be found in Item 7 of our Annual Report on Form 10-K for the fiscal year ended December 31, 2018, filed with the SEC on February 27, 2019.
53
2019 and 2018
Revenue
Year Ended December 31, | ||||||||||||||||||||
2019 | 2018 | |||||||||||||||||||
Amount | % of Revenue | Amount | % of Revenue | Change | % Change | |||||||||||||||
(in millions, except percentages) | ||||||||||||||||||||
Revenue: | ||||||||||||||||||||
Product | $ | 788.5 | 37 | % | $ | 674.4 | 37 | % | $ | 114.1 | 17 | % | ||||||||
Service | 1,367.7 | 63 | 1,126.8 | 63 | 240.9 | 21 | ||||||||||||||
Total revenue | $ | 2,156.2 | 100 | % | $ | 1,801.2 | 100 | % | $ | 355.0 | 20 | % | ||||||||
Revenue by geography: | ||||||||||||||||||||
Americas | $ | 917.3 | 42 | % | $ | 762.9 | 42 | % | $ | 154.4 | 20 | % | ||||||||
Europe, Middle East and Africa (“EMEA”) | 813.9 | 38 | 678.0 | 38 | 135.9 | 20 | ||||||||||||||
Asia Pacific (“APAC”) | 425.0 | 20 | 360.3 | 20 | 64.7 | 18 | ||||||||||||||
Total revenue | $ | 2,156.2 | 100 | % | $ | 1,801.2 | 100 | % | $ | 355.0 | 20 | % | ||||||||
Total revenue increased by $355.0 million, or 20%, in 2019 compared to 2018. We continued to experience diversification of revenue globally, and across both customer and industry segments. Revenue from all regions grew, with the Americas contributing the largest portion of our revenue growth on an absolute dollar basis.
Product revenue increased by $114.1 million, or 17%, in 2019 compared to 2018. We experienced revenue growth across many of our hardware and software products due to an increase in product revenue from our SD-WAN FortiGate solutions and growth in sales of our Infrastructure Security solutions.
Service revenue increased by $240.9 million, or 21%, in 2019 compared to 2018. FortiGuard security subscription and FortiCare technical support and other revenues increased by $144.8 million, or 24%, and by $96.1 million, or 18%, respectively, in 2019 compared to 2018. The increases were primarily due to the recognition of revenue from our growing deferred revenue balance related to FortiGuard and other security subscriptions and FortiCare technical support and other contracts. Of the service revenue recognized in 2019, 68% was included in the deferred revenue balance as of December 31, 2018. Of the service revenue recognized in 2018, 67% was included in the deferred revenue balance as of December 31, 2017.
Cost of revenue and gross margin
Year Ended December 31, | ||||||||||||||
2019 | 2018 | Change | % Change | |||||||||||
(in millions, except percentages) | ||||||||||||||
Cost of revenue: | ||||||||||||||
Product | $ | 324.6 | $ | 291.0 | $ | 33.6 | 12 | % | ||||||
Service | 181.3 | 159.4 | 21.9 | 14 | ||||||||||
Total cost of revenue | $ | 505.9 | $ | 450.4 | $ | 55.5 | 12 | % | ||||||
Gross margin (%): | ||||||||||||||
Product | 58.8 | % | 56.9 | % | ||||||||||
Service | 86.7 | 85.9 | ||||||||||||
Total gross margin | 76.5 | % | 75.0 | % | ||||||||||
Total gross margin increased by 1.5 percentage points in 2019 compared to 2018, driven by improvements to both product and service gross margins. Product gross margin increased by 1.9 percentage points in 2019 compared to 2018. Product gross margin benefited from gains in average selling price, as well as lower direct and indirect product costs as a percentage of product revenue. It also benefited from deal mix, software revenue growth and a stable product transition environment. Cost of
54
product revenue was comprised primarily of third-party contract manufacturers’ costs and the costs of materials used in production. Service gross margin increased by 0.8 percentage points in 2019 compared to 2018, as our service revenue growth outpaced our growth in related personnel costs. Cost of service revenue was comprised primarily of personnel costs.
Operating expenses
Year Ended December 31, | Change | % Change | ||||||||||||||||||
2019 | 2018 | |||||||||||||||||||
Amount | % of Revenue | Amount | % of Revenue | |||||||||||||||||
(in millions, except percentages) | ||||||||||||||||||||
Operating expenses: | ||||||||||||||||||||
Research and development | $ | 277.1 | 13 | % | $ | 244.5 | 14 | % | $ | 32.6 | 13 | % | ||||||||
Sales and marketing | 926.9 | 43 | 782.3 | 43 | 144.6 | 18 | ||||||||||||||
General and administrative | 102.1 | 5 | 93.0 | 5 | 9.1 | 10 | ||||||||||||||
Total operating expenses | $ | 1,306.1 | 61 | % | $ | 1,119.8 | 62 | % | $ | 186.3 | 17 | % | ||||||||
Research and development
Research and development expense increased by $32.6 million, or 13%, in 2019 compared to 2018, primarily due to an increase in personnel-related costs of $29.9 million as a result of increased headcount to support the development of new products and continued enhancements to our existing products. We intend to continue to invest in our research and development organization, and expect research and development expense to increase in absolute dollars in 2020.
Sales and marketing
Sales and marketing expense increased by $144.6 million, or 18%, in 2019 compared to 2018, primarily due to an increase in personnel-related costs of $103.9 million as a result of increases to sales and marketing headcount in order to drive global market share gains. In addition, marketing expenses increased by $16.8 million. We intend to continue to make investments in our sales resources and infrastructure and marketing strategy, which are critical to support growth, and expect sales and marketing expense to increase in absolute dollars in 2020.
General and administrative
General and administrative expense increased by $9.1 million, or 10%, in 2019 compared to 2018, primarily due to an increase in personnel-related costs of $6.1 million and an increase in litigation costs of $3.1 million. Certain facilities, depreciation, and information technology costs are allocated to other organizations based on headcount. We expect general and administrative expense to increase in absolute dollars in 2020.
Operating income and margin
We generated operating income of $344.2 million in 2019, an increase of $113.2 million, or 49%, compared to $231.0 million in 2018. Operating income as a percentage of revenue increased to 16% in 2019 compared to 13% in 2018. The increase in operating margin is primarily due to the improvement in gross margin by 1.5 percentage points. In addition, as a percent of total revenue, research and development expense decreased by 0.7 percentage points, sales and marketing expense decreased by 0.4 percentage points and general and administrative expense decreased by 0.4 percentage points.
Interest income—net and other expense—net
Year Ended December 31, | ||||||||||||||
2019 | 2018 | Change | % Change | |||||||||||
(in millions, except percentages) | ||||||||||||||
Interest income—net | $ | 42.5 | $ | 26.5 | $ | 16.0 | 60 | % | ||||||
Other expense—net | $ | (7.5 | ) | $ | (6.6 | ) | $ | (0.9 | ) | 14 | % | |||
55
Interest income—net increased in 2019 as compared to 2018, primarily due to higher interest rates and, to a lesser extent, higher invested balances of cash, cash equivalents and investments. Interest income—net varies depending on our average investment balances during the period, types and mix of investments, and market interest rates. The change in other expense—net in 2019 as compared to 2018 was the result of a $3.8 million impairment charge on an investment in a privately held company during 2019 compared to a $2.2 million gain on the sale of an investment in a privately held company in the same period last year, partially offset by $3.5 million decrease in foreign currency exchange losses.
Provision for (benefit from) income taxes
Year Ended December 31, | Change | % Change | ||||||||||||
2019 | 2018 | |||||||||||||
(in millions, except percentages) | ||||||||||||||
Provision for (benefit from) income taxes | $ | 52.7 | $ | (81.3 | ) | $ | 134.0 | (165 | )% | |||||
Effective tax rate | 14 | % | (32 | )% | ||||||||||
Our provision for income taxes for 2019 reflects an effective tax rate of 14%, compared to an effective tax rate benefit of 32% for 2018. The provision for income taxes for 2019 was comprised primarily of an $88.8 million tax expense related to U.S. federal and state taxes, other foreign income taxes and foreign withholding taxes and a $10.1 million tax expense for an unrecognized tax benefit related to the Ninth Circuit’s opinion in Altera Corporation and Subsidiaries vs. Commissioner of Internal Revenue (“Altera”). The provision was partially offset by excess tax benefits of $39.3 million from stock-based compensation expense and tax benefits of $6.8 million from federal research and development tax credits.
In 2018, our effective tax rate benefit of 32% was comprised primarily of impacts related to the 2017 Tax Act, including a benefit of $164.0 million from the realignment of our tax structure and operations that resulted in a book-to-tax basis difference from previously taxed off-shore deferred revenue. These benefits were partially offset by a $32.6 million increase in the transition tax for finalization of the provisional estimates under Staff Accounting Bulletin No. 118, Income Tax Accounting Implications of the Tax Cuts and Jobs Act, $20.5 million of tax expense for the impact of the GILTI and $29.6 million of tax expense related to U.S. federal and state taxes, other foreign income taxes, foreign withholding taxes and a decrease in tax reserves.
Quarterly Results of Operations
The following table sets forth our unaudited quarterly statements of income data for the last eight quarters. The information for each of these quarters has been prepared on the same basis as the audited annual financial statements included elsewhere in this Annual Report and, in the opinion of management, includes all adjustments, which includes only normal recurring adjustments, necessary for the fair presentation of the results of operations for these periods. This data should be read in conjunction with our audited consolidated financial statements and related notes included elsewhere in this annual report. These quarterly operating results are not necessarily indicative of our operating results for any future period.
56
Three Months Ended | |||||||||||||||||||||||||||||||
Dec 31, 2019 | Sept 30, 2019 | Jun 30, 2019 | Mar 31, 2019 | Dec 31, 2018 | Sept 30, 2018 | Jun 30, 2018 | Mar 31, 2018 | ||||||||||||||||||||||||
(in millions, except per share amounts) | |||||||||||||||||||||||||||||||
Consolidated Statements of Income Data: | |||||||||||||||||||||||||||||||
Revenue: | |||||||||||||||||||||||||||||||
Product | $ | 238.8 | $ | 197.1 | $ | 189.9 | $ | 162.7 | $ | 200.8 | $ | 164.5 | $ | 166.3 | $ | 142.8 | |||||||||||||||
Service | 375.6 | 350.4 | 331.8 | 309.9 | 306.2 | 289.4 | 275.0 | 256.2 | |||||||||||||||||||||||
Total revenue | 614.4 | 547.5 | 521.7 | 472.6 | 507.0 | 453.9 | 441.3 | 399.0 | |||||||||||||||||||||||
Cost of revenue: | |||||||||||||||||||||||||||||||
Product (1)(2) | 92.7 | 79.0 | 82.7 | 70.2 | 86.9 | 72.0 | 73.9 | 58.2 | |||||||||||||||||||||||
Service (1)(2) | 47.8 | 45.1 | 45.6 | 42.8 | 41.6 | 39.6 | 39.2 | 39.0 | |||||||||||||||||||||||
Total cost of revenue | 140.5 | 124.1 | 128.3 | 113.0 | 128.5 | 111.6 | 113.1 | 97.2 | |||||||||||||||||||||||
Total gross profit | 473.9 | 423.4 | 393.4 | 359.6 | 378.5 | 342.3 | 328.2 | 301.8 | |||||||||||||||||||||||
Operating expenses: | |||||||||||||||||||||||||||||||
Research and development (1) | 71.2 | 69.9 | 67.4 | 68.6 | 65.5 | 58.7 | 61.2 | 59.1 | |||||||||||||||||||||||
Sales and marketing (1)(2) | 257.1 | 227.4 | 226.5 | 215.9 | 205.9 | 198.3 | 192.8 | 185.3 | |||||||||||||||||||||||
General and administrative (1) | 27.2 | 26.1 | 24.3 | 24.5 | 22.0 | 22.5 | 23.5 | 25.0 | |||||||||||||||||||||||
Total operating expenses | 355.5 | 323.4 | 318.2 | 309.0 | 293.4 | 279.5 | 277.5 | 269.4 | |||||||||||||||||||||||
Operating income | 118.4 | 100.0 | 75.2 | 50.6 | 85.1 | 62.8 | 50.7 | 32.4 | |||||||||||||||||||||||
Interest income—net | 9.9 | 11.4 | 11.0 | 10.2 | 9.3 | 6.9 | 5.8 | 4.5 | |||||||||||||||||||||||
Other income (expense)—net | (0.6 | ) | (6.0 | ) | (0.4 | ) | (0.5 | ) | (2.3 | ) | 0.9 | (5.0 | ) | (0.2 | ) | ||||||||||||||||
Income before income taxes | 127.7 | 105.4 | 85.8 | 60.3 | 92.1 | 70.6 | 51.5 | 36.7 | |||||||||||||||||||||||
Provision for (benefit from) income taxes | 12.5 | 25.6 | 13.1 | 1.5 | (90.5 | ) | 11.9 | 2.2 | (4.9 | ) | |||||||||||||||||||||
Net income | $ | 115.2 | $ | 79.8 | $ | 72.7 | $ | 58.8 | $ | 182.6 | $ | 58.7 | $ | 49.3 | $ | 41.6 | |||||||||||||||
Net income per share: | |||||||||||||||||||||||||||||||
Basic | $ | 0.67 | $ | 0.47 | $ | 0.42 | $ | 0.35 | $ | 1.07 | $ | 0.35 | $ | 0.29 | $ | 0.25 | |||||||||||||||
Diluted | $ | 0.66 | $ | 0.46 | $ | 0.42 | $ | 0.34 | $ | 1.04 | $ | 0.33 | $ | 0.28 | $ | 0.24 | |||||||||||||||
(1) Includes stock-based compensation as follows:
Three Months Ended | |||||||||||||||||||||||||||||||
Dec 31, 2019 | Sept 30, 2019 | Jun 30, 2019 | Mar 31, 2019 | Dec 31, 2018 | Sept 30, 2018 | Jun 30, 2018 | Mar 31, 2018 | ||||||||||||||||||||||||
(in millions) | |||||||||||||||||||||||||||||||
Cost of product revenue | $ | 0.3 | $ | 0.4 | $ | 0.4 | $ | 0.4 | $ | 0.4 | $ | 0.3 | $ | 0.4 | $ | 0.4 | |||||||||||||||
Cost of service revenue | 2.9 | 2.7 | 2.9 | 2.8 | 2.8 | 2.8 | 2.7 | 2.5 | |||||||||||||||||||||||
Research and development | 10.0 | 9.3 | 10.0 | 9.4 | 9.5 | 9.3 | 9.2 | 8.4 | |||||||||||||||||||||||
Sales and marketing | 25.1 | 24.9 | 26.3 | 25.4 | 25.1 | 26.0 | 23.6 | 20.9 | |||||||||||||||||||||||
General and administrative | 5.4 | 5.1 | 5.4 | 5.0 | 4.8 | 4.8 | 4.7 | 4.3 | |||||||||||||||||||||||
Total stock-based compensation expense | $ | 43.7 | $ | 42.4 | $ | 45.0 | $ | 43.0 | $ | 42.6 | $ | 43.2 | $ | 40.6 | $ | 36.5 | |||||||||||||||
57
(2) Total amortization included in product costs, service costs, and sales and marketing expense are as follows:
Three Months Ended | |||||||||||||||||||||||||||||||
Dec 31, 2019 | Sept 30, 2019 | Jun 30, 2019 | Mar 31, 2019 | Dec 31, 2018 | Sept 30, 2018 | Jun 30, 2018 | Mar 31, 2018 | ||||||||||||||||||||||||
(in millions) | |||||||||||||||||||||||||||||||
Amortization of intangible assets | $ | 2.8 | $ | 2.2 | $ | 2.9 | $ | 3.0 | $ | 2.9 | $ | 2.5 | $ | 1.8 | $ | 1.8 | |||||||||||||||
Seasonality, Cyclicality and Quarterly Revenue Trends
Our quarterly results reflect a pattern of increased customer buying at year-end, which has positively impacted billings and product revenue activity in the fourth quarter. In the first quarter, we generally experience lower sequential customer buying, followed by an increase in buying in the second quarter. The third quarter is often consistent with the second quarter. Although these seasonal factors are common in the technology sector, historical patterns should not be considered a reliable indicator of our future sales activity or performance. On a quarterly basis, we have usually generated the majority of our product revenue in the final month of each quarter and a significant amount in the last two weeks of each quarter. We believe this is due to customer buying patterns typical in this industry.
Consistent with the seasonality note above, our total quarterly revenue over the past eight quarters has generally increased sequentially in each quarter, except in the first quarter of 2019 and 2018. Product revenue, in each quarter in 2019, increased as compared to the same quarter in 2018, which we believe was due to investments we made in our sales and marketing organizations, continued product innovation and a robust security market. We continue to see a shift from product revenue to higher-margin, recurring service revenue.
Total gross margin has fluctuated on a quarterly basis primarily due to seasonality of product sales and seasonality of cost increases. Product gross margin varies based on the types of products sold and the average selling prices of our products. In 2019, product gross margin was impacted by new product introductions and the mix of high-end, mid-range and entry-level products. Service gross margin benefited from the growth of our customer base and renewals.
Liquidity and Capital Resources
As of December 31, | |||||||||||
2019 | 2018 | 2017 | |||||||||
(in millions) | |||||||||||
Cash and cash equivalents | $ | 1,222.5 | $ | 1,112.4 | $ | 811.0 | |||||
Investments | 987.4 | 604.2 | 538.3 | ||||||||
Total cash, cash equivalents and investments | $ | 2,209.9 | $ | 1,716.6 | $ | 1,349.3 | |||||
Working capital | $ | 1,295.4 | $ | 964.5 | $ | 689.6 | |||||
Year Ended December 31, | |||||||||||
2019 | 2018 | 2017 | |||||||||
(in millions) | |||||||||||
Net cash provided by operating activities | $ | 808.0 | $ | 638.9 | $ | 594.4 | |||||
Net cash used in investing activities | (502.3 | ) | (134.9 | ) | (76.8 | ) | |||||
Net cash used in financing activities | (195.6 | ) | (202.6 | ) | (415.6 | ) | |||||
Net increase in cash and cash equivalents | $ | 110.1 | $ | 301.4 | $ | 102.0 | |||||
Liquidity and capital resources may be impacted by our operating activities, as well as by our stock repurchases, proceeds associated with stock option exercises, issuances of common stock under our equity incentive plans and payment of taxes in connection with the net settlement of equity awards, real estate and other capital expenditures and business acquisitions.
In recent years, we have received significant capital resources from billings, the exercise of stock options and our Employee Stock Purchase Plan (“ESPP”) purchases. Additional increases in billings may depend on a number of factors, including demand for our products and services, competition, market or industry changes, and our ability to execute. We expect
58
proceeds from the exercise of stock options in future years to be impacted by the increased mix of restricted stock units versus stock options granted and also to vary based on our share price. There will not be future proceeds from purchases under our ESPP, which was terminated in February 2019. As of December 31, 2019, $1.6 billion remained available for future share repurchases under the Repurchase Program.
Construction of a second building at our headquarters campus started in the fourth quarter of 2018 and related spending will continue in 2020 and until project completion. We estimate 2020 real estate spending, including the headquarters campus project, to be between $150.0 million and $160.0 million dollars.
As of December 31, 2019, our cash, cash equivalents and investments of $2.21 billion were invested primarily in deposit accounts, money market funds, corporate debt securities, commercial paper, certificates of deposit and term deposits and U.S. government and agency securities. It is our investment policy to invest excess cash in a manner that preserves capital, provides liquidity and generates return without significantly increasing risk. We do not enter into investments for trading or speculative purposes.
The amount of cash, cash equivalents and investments held by our international subsidiaries was $109.3 million as of December 31, 2019 and $956.6 million as of December 31, 2018. The decrease in cash, cash equivalents and investments held by our international subsidiaries related to changes in our international tax structure.
We believe that our existing cash and cash equivalents will be sufficient to meet our anticipated cash needs for at least the next 12 months. Our future capital requirements will depend on many factors, including our growth rate, the timing and amount of our share repurchases, the timing and extent of spending to support development efforts, the expansion of sales and marketing activities, the introduction of new and enhanced products and services offerings, the continuing market acceptance of our products and our investments in purchasing or leasing real estate. Historically, we have required capital principally to fund our working capital needs, share repurchases, capital expenditures and acquisition activities. In the event that additional financing is required from outside sources, we may not be able to raise it on terms acceptable to us or at all.
Operating Activities
Cash generated by operating activities is our primary source of liquidity. It is primarily comprised of net income, as adjusted for non-cash items and changes in operating assets and liabilities. Non-cash adjustments consist primarily of stock-based compensation, amortization of deferred contract costs and depreciation and amortization. Changes in operating assets and liabilities consist primarily of changes in deferred revenue, deferred contract costs, accounts receivable and inventory.
Our operating activities during 2019 provided $808.0 million in cash as a result of the continued growth of our business and our ability to successfully manage our working capital. Changes in operating assets and liabilities primarily resulted from an increase in sales of our FortiGuard security subscription and FortiCare technical support services to new and existing customers, as reflected by an increase in our deferred revenue. Our total deferred revenue balance grew $449.1 million, or 27%, during 2019.
Our operating activities during 2018 provided $638.9 million in cash as a result of the continued growth of our business and our ability to successfully manage our working capital. Changes in operating assets and liabilities primarily resulted from an increase in sales of our FortiGuard security subscription and FortiCare technical support services to new and existing customers, as reflected by an increase in our deferred revenue. Our total deferred revenue balance as of December 31, 2018 of $1.69 billion represented a 26% increase year over year.
Investing Activities
The changes in cash flows from investing activities primarily relate to timing of purchases, maturities and sales of investments and purchases of property and equipment. Historically, in making a lease versus purchase decision related to our larger facilities, we have considered various factors including financial metrics and the impact on our employees. In certain cases, we have elected to purchase the facility if we believed that purchasing rather than leasing is more in line with our long-term strategy. We expect to make similar decisions in the future. We may also make cash payments in connection with future business combinations.
During 2019, cash used in investing activities was primarily driven by $375.5 million expended on purchases of investments, net of maturities and sales of investments, $92.2 million spent on purchases of property and equipment and $34.6 million used for the acquisitions of enSilo and CyberSponse, net of cash acquired.
59
During 2018, cash used in investing activities was primarily due to $60.2 million spent for purchases of our investments, net of maturities and sales of investments, $53.0 million spent on capital expenditures and $21.7 million used for the acquisitions of Bradford Networks, Inc. and ZoneFox Limited, net of cash acquired.
Financing Activities
The changes in cash flows from financing activities primarily relate to repurchase and retirement of common stock, proceeds from the issuance of common stock under our equity incentive plans, taxes paid related to net share settlement of equity awards and payments of debt assumed in business combinations.
During 2019, cash used in financing activities was $195.6 million, primarily due to $145.1 million used to repurchase shares of our common stock, $46.5 million used to pay tax withholding, net of proceeds, from the issuance of common stock and $3.7 million of payments of the debt assumed in business combinations.
During 2018, cash used in financing activities was $202.6 million, primarily due to $211.8 million used to repurchase shares of our common stock and $10.1 million of payments of the debt assumed in business combinations. This was partially offset by $19.3 million of proceeds from the issuance of common stock, net of tax withholding.
Contractual Obligations and Commitments
The following summarizes our inventory purchase commitments as of December 31, 2019:
Payments Due by Period | |||||||||||||||||||
Total | Less than 1 year | 1 - 3 years | 3 - 5 years | More than 5 years | |||||||||||||||
(in millions) | |||||||||||||||||||
Inventory purchase commitments (1) | $ | 231.9 | $ | 231.9 | $ | — | $ | — | $ | — | |||||||||
(1) | Consists of minimum purchase commitments with independent contract manufacturers. |
In addition to commitments with contract manufacturers, we have open purchase orders and contractual obligations in the ordinary course of business for which we have not received goods or services. As of December 31, 2019, we had $12.8 million in other contractual commitments having a remaining term in excess of one year that may not be cancelable.
As of December 31, 2019, we had $82.8 million of long-term income tax liabilities, including interest, related to uncertain tax positions. Because of the high degree of uncertainty regarding the settlement of these liabilities, we are unable to estimate the years in which future cash outflows may occur.
Off-Balance Sheet Arrangements
During 2019, 2018 and 2017, we did not have any relationships with unconsolidated organizations or financial partnerships, such as structured finance or special purpose entities that would have been established for the purpose of facilitating off-balance sheet arrangements or other contractually narrow or limited purposes.
Recent Accounting Pronouncements
See Note 1 of the notes to our consolidated financial statements in Part II, Item 8 of this Annual Report on Form 10-K for a full description of recently adopted accounting pronouncements.
ITEM 7A. Quantitative and Qualitative Disclosures about Market Risk
Interest Rate Fluctuation Risk
The primary objectives of our investment activities are to preserve principal, provide liquidity and maximize income without significantly increasing risk. Some of the securities we invest in are subject to market risk. This means that a change in prevailing interest rates may cause the principal amount of the investment to fluctuate. To minimize this risk, we maintain our portfolio of cash, cash equivalents and investments in a variety of securities, including corporate debt securities, certificates of deposit and term deposits, commercial paper, money market funds, and U.S. government and agency securities. The risk
60
associated with fluctuating interest rates is limited to our investment portfolio. A 10% decrease in interest rates in 2019, 2018 and 2017 would have resulted in an insignificant decrease in our interest income in each of these periods.
Foreign Currency Exchange Risk
Our sales contracts are primarily denominated in U.S. dollars and therefore substantially all of our revenue is not subject to foreign currency translation risk. However, a substantial portion of our operating expenses incurred outside the United States are denominated in foreign currencies and are subject to fluctuations due to changes in foreign currency exchange rates, particularly changes in the Canadian dollar (“CAD”), the Brazilian real (“BRL”), the Euro (“EUR”) and the British pound (“GBP”). To help protect against significant fluctuations in value and the volatility of future cash flows caused by changes in currency exchange rates, we engage in foreign currency risk management activities to minimize the impact of balance sheet items denominated in CAD. We do not use these contracts for speculative or trading purposes. All of the derivative instruments are with high quality financial institutions and we monitor the credit worthiness of these parties. These contracts typically have a maturity of one month and settle on the last day of each month. We record changes in the fair value of forward exchange contracts related to balance sheet accounts in Other income (expense)—net in the consolidated statements of income. We recognized an expense of $4.7 million in 2019 due to foreign currency transaction losses.
Our use of forward exchange contracts is intended to reduce, but not eliminate, the impact of currency exchange rate movements. Our forward exchange contracts are relatively short-term in nature and are focused on the CAD. Long-term material changes in the value of the U.S. dollar against other foreign currencies, such as the EUR, BRL and GBP, could adversely impact our operating expenses in the future. We assessed the risk of loss in fair values from the impact of hypothetical changes in foreign currency exchange rates. For foreign currency exchange rate risk, a 10% increase or decrease of foreign currency exchange rates against the U.S. dollar with all other variables held constant would have resulted in a $5.6 million change in the value of our foreign currency cash balances as of December 31, 2019.
Inflation Risk
Our monetary assets, consisting primarily of cash, cash equivalents and short-term investments, are not affected significantly by inflation because they are predominantly short-term. We believe the impact of inflation on replacement costs of equipment, furniture and leasehold improvements will not materially affect our operations. The rate of inflation, however, affects our cost of revenue and expenses, such as those for employee compensation, which may not be readily recoverable in the price of products and services offered by us.
61
ITEM 8. | Financial Statements and Supplementary Data |
INDEX TO CONSOLIDATED FINANCIAL STATEMENTS
For the years ended December 31, 2019, 2018, and 2017
Page | |
The supplementary financial information required by this Item 8 is included in Part II, Item 7 of this Annual Report on Form 10-K under the caption “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Quarterly Results of Operations.”
62
REPORT OF INDEPENDENT REGISTERED PUBLIC ACCOUNTING FIRM
To the stockholders and the Board of Directors of Fortinet, Inc.
Opinion on the Financial Statements
We have audited the accompanying consolidated balance sheets of Fortinet, Inc. and subsidiaries (the “Company”) as of December 31, 2019 and 2018, the related consolidated statements of income, comprehensive income, stockholders’ equity, and cash flows, for each of the three years in the period ended December 31, 2019, and the related notes and the schedule listed in the Index at Item 15 (collectively referred to as the “financial statements”). In our opinion, the financial statements present fairly, in all material respects, the financial position of the Company as of December 31, 2019 and 2018, and the results of its operations and its cash flows for each of the three years in the period ended December 31, 2019, in conformity with accounting principles generally accepted in the United States of America.
We have also audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States) (PCAOB), the Company’s internal control over financial reporting as of December 31, 2019, based on criteria established in Internal Control–Integrated Framework (2013) issued by the Committee of Sponsoring Organizations of the Treadway Commission and our report dated February 25, 2020, expressed an unqualified opinion on the Company’s internal control over financial reporting.
Change in Accounting Principle
As discussed in Note 1 to the financial statements, the Company has changed its method of accounting for revenue in fiscal 2018 due to adoption of the new revenue standard.
Basis for Opinion
These financial statements are the responsibility of the Company’s management. Our responsibility is to express an opinion on the Company’s financial statements based on our audits. We are a public accounting firm registered with the PCAOB and are required to be independent with respect to the Company in accordance with the U.S. federal securities laws and the applicable rules and regulations of the Securities and Exchange Commission and the PCAOB.
We conducted our audits in accordance with the standards of the PCAOB. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether due to error or fraud. Our audits included performing procedures to assess the risks of material misstatement of the financial statements, whether due to error or fraud, and performing procedures that respond to those risks. Such procedures included examining, on a test basis, evidence regarding the amounts and disclosures in the financial statements. Our audits also included evaluating the accounting principles used and significant estimates made by management, as well as evaluating the overall presentation of the financial statements. We believe that our audits provide a reasonable basis for our opinion.
Critical Audit Matter
The critical audit matter communicated below is a matter arising from the current-period audit of the financial statements that was communicated or required to be communicated to the audit committee and that (1) relates to accounts or disclosures that are material to the financial statements and (2) involved our especially challenging, subjective, or complex judgments. The communication of critical audit matters does not alter in any way our opinion on the financial statements, taken as a whole, and we are not, by communicating the critical audit matter below, providing a separate opinion on the critical audit matter or on the accounts or disclosures to which it relates.
Litigation Contingencies–Refer to Note 11 to the financial statements
Critical Audit Matter Description
The Company is involved in disputes, litigation and other legal actions in the normal course of business. Claims from third parties may result in a requirement to pay substantial damages and could prevent the Company from selling certain of their products. An estimated loss from a loss contingency is accrued by a charge to income if it is probable that a liability has been incurred and the amount of the loss can be reasonably estimated. Where a range of loss can be reasonably estimated with no best estimate in the range, management records the minimum estimated liability.
The determination of litigation contingency accruals is subject to significant management judgement in assessing the likelihood of a loss being incurred and when determining whether a reasonable estimate of the loss or range of loss can be made.
63
Given the inherent uncertainty of the outcome of identified current matters, auditing the valuation assertion of litigation contingencies required a high degree of auditor judgment and an increased extent of effort when performing audit procedures.
How the Critical Audit Matter Was Addressed in the Audit
Our audit procedures related to the litigation contingencies included the following, among others:
• | We tested the effectiveness of controls over management’s litigation contingency accrual analysis and assessment of matters with potential impact. |
• | We obtained and evaluated legal letters from internal and external legal counsel, and we discussed with internal legal counsel the pending litigation matters. |
• | We made inquiries with management to obtain an understanding of litigation matters that the Company is currently undergoing. |
• | We read available court filings for litigation matters to search for contradictory information. |
• | We read Board of Directors meeting minutes to search for contradictory information. |
• | We evaluated the assumptions used by the Company to estimate the litigation contingency, including corroborating the assumptions with internal legal counsel. |
• | We evaluated the Company’s litigation contingencies disclosure for consistency with our knowledge of the Company’s litigation matters. |
/s/ DELOITTE & TOUCHE LLP
San Jose, California
February 25, 2020
We have served as the Company’s auditor since 2002.
64
FORTINET, INC.
CONSOLIDATED BALANCE SHEETS
(in millions, except per share amounts)
December 31, 2019 | December 31, 2018 | ||||||
ASSETS | |||||||
CURRENT ASSETS: | |||||||
Cash and cash equivalents | $ | $ | |||||
Short-term investments | |||||||
Accounts receivable—Net of reserves for doubtful accounts of $1.2 million and $0.9 million at December 31, 2019 and 2018, respectively | |||||||
Inventory | |||||||
Prepaid expenses and other current assets | |||||||
Total current assets | |||||||
LONG-TERM INVESTMENTS | |||||||
PROPERTY AND EQUIPMENT—NET | |||||||
DEFERRED CONTRACT COSTS | |||||||
DEFERRED TAX ASSETS | |||||||
OTHER INTANGIBLE ASSETS—NET | |||||||
GOODWILL | |||||||
OTHER ASSETS | |||||||
TOTAL ASSETS | $ | $ | |||||
LIABILITIES AND STOCKHOLDERS’ EQUITY | |||||||
CURRENT LIABILITIES: | |||||||
Accounts payable | $ | $ | |||||
Accrued liabilities | |||||||
Accrued payroll and compensation | |||||||
Income taxes payable | |||||||
Deferred revenue | |||||||
Total current liabilities | |||||||
DEFERRED REVENUE | |||||||
INCOME TAX LIABILITIES | |||||||
OTHER LIABILITIES | |||||||
Total liabilities | |||||||
COMMITMENTS AND CONTINGENCIES (Note 11) | |||||||
STOCKHOLDERS’ EQUITY: | |||||||
Common stock, $0.001 par value—300 shares authorized; 171.7 shares and 169.8 shares issued and outstanding at December 31, 2019 and 2018, respectively | |||||||
Additional paid-in capital | |||||||
Accumulated other comprehensive income (loss) | ( | ) | |||||
Retained earnings (accumulated deficit) | ( | ) | |||||
Total stockholders’ equity | |||||||
TOTAL LIABILITIES AND STOCKHOLDERS’ EQUITY | $ | $ | |||||
See notes to consolidated financial statements.
65
FORTINET, INC.
CONSOLIDATED STATEMENTS OF INCOME
(in millions, except per share amounts)
Year Ended December 31, | |||||||||||
2019 | 2018 | 2017 | |||||||||
REVENUE: | |||||||||||
Product | $ | $ | $ | ||||||||
Service | |||||||||||
Total revenue | |||||||||||
COST OF REVENUE: | |||||||||||
Product | |||||||||||
Service | |||||||||||
Total cost of revenue | |||||||||||
GROSS PROFIT: | |||||||||||
Product | |||||||||||
Service | |||||||||||
Total gross profit | |||||||||||
OPERATING EXPENSES: | |||||||||||
Research and development | |||||||||||
Sales and marketing | |||||||||||
General and administrative | |||||||||||
Restructuring charges | |||||||||||
Total operating expenses | |||||||||||
OPERATING INCOME | |||||||||||
INTEREST INCOME—NET | |||||||||||
OTHER INCOME (EXPENSE)—NET | ( | ) | ( | ) | |||||||
INCOME BEFORE INCOME TAXES | |||||||||||
PROVISION FOR (BENEFIT FROM) INCOME TAXES | ( | ) | |||||||||
NET INCOME | $ | $ | $ | ||||||||
Net income per share (Note 9): | |||||||||||
Basic | $ | $ | $ | ||||||||
Diluted | $ | $ | $ | ||||||||
Weighted-average shares outstanding: | |||||||||||
Basic | |||||||||||
Diluted | |||||||||||
See notes to consolidated financial statements.
66
FORTINET, INC.
CONSOLIDATED STATEMENTS OF COMPREHENSIVE INCOME
(in millions)
Year Ended December 31, | |||||||||||
2019 | 2018 | 2017 | |||||||||
Net income | $ | $ | $ | ||||||||
Other comprehensive income (loss): | |||||||||||
Change in unrealized gains (losses) on investments | ( | ) | |||||||||
Tax provision (benefit) related to change in unrealized gains (losses) on investments | |||||||||||
Other comprehensive income (loss) | ( | ) | |||||||||
Comprehensive income | $ | $ | $ | ||||||||
See notes to consolidated financial statements.
67
FORTINET, INC.
CONSOLIDATED STATEMENTS OF STOCKHOLDERS’ EQUITY
(in millions)
Common Stock | Additional Paid-In Capital | Accumulated Other Comprehensive Income (Loss) | Retained Earnings (Accumulated Deficit) | Total Stockholders’ Equity | ||||||||||||||||||
Shares | Amount | |||||||||||||||||||||
BALANCE—December 31, 2016 | $ | $ | $ | ( | ) | $ | $ | |||||||||||||||
Issuance of common stock in connection with equity incentive plans - net of tax withholding | — | — | ||||||||||||||||||||
Repurchase and retirement of common stock | ( | ) | ( | ) | — | ( | ) | ( | ) | |||||||||||||
Stock-based compensation expense | — | — | — | — | ||||||||||||||||||
Net unrealized loss on investments - net of tax | — | — | — | ( | ) | — | ( | ) | ||||||||||||||
Net income | — | — | — | — | ||||||||||||||||||
BALANCE—December 31, 2017 | ( | ) | ( | ) | ||||||||||||||||||
Issuance of common stock in connection with equity incentive plans - net of tax withholding | — | — | ||||||||||||||||||||
Repurchase and retirement of common stock | ( | ) | ( | ) | — | ( | ) | ( | ) | |||||||||||||
Stock-based compensation expense | — | — | — | — | ||||||||||||||||||
Cumulative effect adjustments from adoption of Topic 606 | — | — | — | — | ||||||||||||||||||
Net income | — | — | — | — | ||||||||||||||||||
BALANCE—December 31, 2018 | ( | ) | ( | ) | ||||||||||||||||||
Issuance of common stock in connection with equity incentive plans - net of tax withholding | ( | ) | — | — | ( | ) | ||||||||||||||||
Repurchase and retirement of common stock | ( | ) | ( | ) | — | ( | ) | ( | ) | |||||||||||||
Stock-based compensation expense | — | — | — | — | ||||||||||||||||||
Cumulative-effect adjustment from adoption of ASU 2018-02 | — | — | — | ( | ) | |||||||||||||||||
Net unrealized gain on investments - net of tax | — | — | — | — | ||||||||||||||||||
Net income | — | — | — | — | ||||||||||||||||||
BALANCE—December 31, 2019 | $ | $ | $ | $ | $ | |||||||||||||||||
See notes to consolidated financial statements.
68
FORTINET, INC.
CONSOLIDATED STATEMENTS OF CASH FLOWS
(in millions)
Year Ended December 31, | |||||||||||
2019 | 2018 | 2017 | |||||||||
CASH FLOWS FROM OPERATING ACTIVITIES: | |||||||||||
Net income | $ | $ | $ | ||||||||
Adjustments to reconcile net income to net cash provided by operating activities: | |||||||||||
Stock-based compensation | |||||||||||
Amortization of deferred contract costs | |||||||||||
Depreciation and amortization | |||||||||||
Amortization of investment premiums (discounts) | ( | ) | ( | ) | |||||||
Other | ( | ) | |||||||||
Changes in operating assets and liabilities, net of assets acquired and liabilities assumed in business combinations: | |||||||||||
Accounts receivable—net | ( | ) | ( | ) | ( | ) | |||||
Inventory | ( | ) | ( | ) | |||||||
Prepaid expenses and other current assets | ( | ) | ( | ) | |||||||
Deferred contract costs | ( | ) | ( | ) | |||||||
Deferred tax assets | ( | ) | |||||||||
Other assets | ( | ) | ( | ) | ( | ) | |||||
Accounts payable | |||||||||||
Accrued liabilities | ( | ) | |||||||||
Accrued payroll and compensation | ( | ) | |||||||||
Other liabilities | ( | ) | ( | ) | ( | ) | |||||
Deferred revenue | |||||||||||
Income taxes payable | ( | ) | ( | ) | |||||||
Net cash provided by operating activities | |||||||||||
CASH FLOWS FROM INVESTING ACTIVITIES: | |||||||||||
Purchases of investments | ( | ) | ( | ) | ( | ) | |||||
Sales of investments | |||||||||||
Maturities of investments | |||||||||||
Purchases of property and equipment | ( | ) | ( | ) | ( | ) | |||||
Payments made in connection with business combinations, net of cash acquired | ( | ) | ( | ) | |||||||
Net cash used in investing activities | ( | ) | ( | ) | ( | ) | |||||
CASH FLOWS FROM FINANCING ACTIVITIES: | |||||||||||
Repurchase and retirement of common stock | ( | ) | ( | ) | ( | ) | |||||
Proceeds from issuance of common stock | |||||||||||
Taxes paid related to net share settlement of equity awards | ( | ) | ( | ) | ( | ) | |||||
Payments of debt assumed in connection with business combinations | ( | ) | ( | ) | |||||||
Other | ( | ) | |||||||||
Net cash used in financing activities | ( | ) | ( | ) | ( | ) | |||||
NET INCREASE IN CASH AND CASH EQUIVALENTS | |||||||||||
CASH AND CASH EQUIVALENTS—Beginning of year | |||||||||||
CASH AND CASH EQUIVALENTS—End of year | $ | $ | $ | ||||||||
SUPPLEMENTAL DISCLOSURES OF CASH FLOW INFORMATION: | |||||||||||
Cash paid for income taxes—net | $ | $ | $ | ||||||||
Operating lease liabilities arising from obtaining right-of-use assets | $ | $ | — | $ | — | ||||||
Finance lease liabilities arising from obtaining right-of-use assets | $ | $ | — | $ | — | ||||||
Cash paid to settle liability incurred for repurchase of common stock | $ | $ | $ | ||||||||
NON-CASH INVESTING AND FINANCING ACTIVITIES: | |||||||||||
Transfers of evaluation units from inventory to property and equipment | $ | $ | $ | ||||||||
Liability for purchase of property and equipment and asset retirement obligations | $ | $ | $ | ||||||||
Liability incurred for repurchase of common stock | $ | $ | $ | ||||||||
Liability incurred in connection with business combination | $ | $ | $ | ||||||||
See notes to consolidated financial statements.
69
1. | SUMMARY OF SIGNIFICANT ACCOUNTING POLICIES |
Business—Fortinet, Inc. (“Fortinet”) was incorporated in Delaware in November 2000 and is a global leader in broad, integrated and automated cybersecurity solutions. Fortinet provides high performance cybersecurity solutions to a wide variety of businesses, such as enterprises, communication service providers and small businesses. Fortinet’s cybersecurity solutions are designed to provide broad visibility and segmentation of the digital attack surface, through our integrated Security Fabric Platform with automated protection, detection and responses.
Basis of Presentation and Preparation—The consolidated financial statements of Fortinet and its wholly owned subsidiaries (collectively, the “Company,” “we,” “us” or “our”) have been prepared in accordance with generally accepted accounting principles in the United States (“GAAP”). All intercompany transactions and balances have been eliminated in consolidation.
Use of Estimates—The preparation of consolidated financial statements in accordance with GAAP requires management to make estimates and assumptions that affect the amounts reported in the consolidated financial statements and accompanying notes. Such management estimates include, but are not limited to, the standalone selling price for each distinct performance obligation included in customer contracts with multiple performance obligations, the period of benefit for deferred contract costs for commissions, stock-based compensation, inventory valuation, the fair value of assets acquired and liabilities assumed in business combinations, the measurement of liabilities for uncertain tax positions and deferred tax assets and liabilities, the assessment of recoverability of our goodwill and other long-lived assets, the determination of sales returns reserves and contingent liabilities. We base our estimates on historical experience and also on assumptions that we believe are reasonable. Actual results could differ from those estimates.
Concentration Risk—Financial instruments that subject us to concentrations of credit risk consist primarily of cash, cash equivalents, short-term and long-term investments and accounts receivable. Our cash balances are maintained as deposits with various large financial institutions in the United States and around the world. Balances in the United States typically exceed the amount of insurance provided on such deposits. We maintain our cash equivalents and investments in money market funds, commercial paper and fixed income securities with major financial institutions that our management believes are financially sound.
Our accounts receivables are primarily derived from our channel partners in various geographic locations. We perform ongoing credit evaluations of our customers. We generally do not require collateral on accounts receivable, and we maintain reserves for estimated potential credit losses. As of December 31, 2019 and 2018, Exclusive Networks Group (“Exclusive”) accounted for 36 % and 38 % of total net accounts receivable, respectively. As of December 31, 2019, Ingram Micro Inc. (“Ingram Micro”) accounted for 10 % of total net accounts receivable.
During 2019, Exclusive and Ingram Micro accounted for 31 % and 11 % of total revenue, respectively. During 2018, Exclusive and Ingram Micro accounted for 30 % and 10 % of total revenue, respectively. During 2017, Exclusive accounted for 25 % of total revenue.
We rely on a small number of manufacturing partners, primarily in Taiwan but also in China and the United States, to manufacture our products, and some of the components of our products are available from limited or sole sources of supply. Each of our proprietary Application-Specific Integrated Circuits is built by a sole contract manufacturer.
Financial Instruments and Fair Value—We define fair value as the price that would be received from selling an asset, or paid to transfer a liability, in an orderly transaction between market participants at the measurement date. When determining the fair value measurements for assets and liabilities which are required to be recorded at fair value, we consider the principal or most advantageous market in which to transact and the market-based risk. We apply fair value accounting for all financial assets and liabilities and non-financial assets and liabilities that are recognized or disclosed at fair value in the financial statements on a recurring basis. Due to their short-term nature, the carrying amounts reported in the consolidated financial statements approximate the fair value for cash and cash equivalents, accounts receivable, accounts payable, accrued liabilities, and accrued payroll and compensation.
Comprehensive Income—Comprehensive income includes certain changes in equity from non-owner sources that are excluded from net income, specifically, unrealized gains and losses on available-for-sale investments and the related tax impact.
70
Cash, Cash Equivalents and Available-for-Sale Investments—We consider all highly liquid investments, purchased with original maturities of three months or less, to be cash equivalents. Cash and cash equivalents consist of balances with banks and highly liquid investments in money market funds, commercial paper, term deposits and corporate debt.
We classify our investments as available-for-sale at the time of purchase, since it is our intent that these investments are available for current operations. Investments with original maturities greater than three months that mature less than one year from the consolidated balance sheet date are classified as short-term investments. Investments with maturities greater than one year from the consolidated balance sheet date are classified as long-term investments.
An investment is impaired if the fair value of the investment is less than its cost. If the fair value of an investment is less than its amortized cost basis at the balance sheet date and if we do not intend to sell the investment, we consider available evidence to assess whether it more likely than not that we will be required to sell the investment before the recovery of its amortized cost basis. We consult with our investment managers and consider available quantitative and qualitative evidence in evaluating, among other factors, general market conditions, the duration and extent to which the fair value is less than cost, and our ability to hold the investment.
Once an impairment is determined to be other-than-temporary, an impairment charge is recorded and a new cost basis in the investment is established. The difference between the investment’s then-current amortized cost basis and fair value is separated into (i) the amount of the impairment related to the credit loss (i.e., the credit loss component) and (ii) the amount of the impairment related to all other factors (i.e., the non-credit loss component). The credit loss component is recognized in earnings. The non-credit loss component is recognized in accumulated other comprehensive income (loss).
Inventory—Inventory is recorded at the lower of cost or net realizable value. Cost is computed using the first-in, first-out method. In assessing the ultimate recoverability of inventory, we make estimates regarding future customer demand, the timing of new product introductions, economic trends and market conditions. If the actual product demand is significantly lower than forecasted, we could be required to record inventory write-downs which would be charged to cost of product revenue.
Property and Equipment—Property and equipment are stated at cost less accumulated depreciation. Depreciation is computed using the straight-line method over the estimated useful lives of the assets as follows:
Estimated Useful Lives | |
Building and building improvements | 2 to 30 years |
Computer equipment and software | 1 to 7 years |
Evaluation units | |
Furniture and fixtures | 3 to 5 years |
Leasehold improvements | Shorter of useful life or lease term |
Other Investments—Investments in privately held companies where we own less than 20% of the voting stock and have no indicators of significant influence over operating and financial policies of those companies are included in other assets in the consolidated balance sheets. As of December 31, 2017, these investments were accounted for under the cost method. As of December 31, 2018, with the adoption of the Accounting Standards Update (“ASU”) 2016-01—Financial Instruments—Overall (Subtopic 825-10): Recognition and Measurement of Financial Assets and Financial Liabilities, these investments are accounted for at cost, adjusted for changes in observable prices minus impairment. Adoption of ASU 2016-01 did not have an impact on our consolidated financial statements. For these non-quoted investments, we regularly review the assumptions underlying the operating performance and cash flow forecasts as well as current fundraising activities and valuations based on information provided by these privately held companies. If it is determined that an other-than-temporary decline or increase in
71
value exists in an investment without readily determinable value, we adjust the value of the investment to its fair value and record the related impairment or increase in value as an investment loss or gain in our consolidated statements of income.
Business Combinations—We include the results of operations of the businesses that we acquire as of the respective dates of acquisition. We allocate the fair value of the purchase price of our business acquisitions to the tangible and intangible assets acquired and liabilities assumed, based on their estimated fair values. The excess of the purchase price over the fair values of these identifiable assets and liabilities is recorded as goodwill. We often continue to gather additional information throughout the measurement period, and if we make changes to the amounts recorded, such amounts are recorded in the period in which they are identified.
Impairment of Long-Lived Assets—We evaluate events and changes in circumstances that could indicate carrying amounts of long-lived assets, including intangible assets, may not be recoverable. When such events or changes in circumstances occur, we assess the recoverability of long-lived assets by determining whether the carrying value of such assets will be recovered through undiscounted expected future cash flows. If the total of the future undiscounted cash flows is less than the carrying amount of those assets, we record an impairment charge in the period in which we make the determination. If such assets are considered to be impaired, the impairment to be recognized is measured by the amount by which the carrying amount of the assets exceeds the fair value of the assets.
Goodwill—Goodwill represents the excess of purchase consideration over the estimated fair value of net assets of businesses acquired in a business combination. Goodwill acquired in a business combination is not amortized, but instead tested for impairment at least annually during the fourth quarter, or sooner when circumstances indicate an impairment may exist. We perform a qualitative assessment in the fourth quarter of each year, or more frequently if indicators of potential impairment exist, to determine if any events or circumstances exist, such as an adverse change in business climate or a decline in the overall industry that would indicate that it would more likely than not reduce the fair value of a reporting unit below its carrying amount, including goodwill. Then we perform a quantitative impairment test by comparing the fair value of a reporting unit with its carrying amount. Any excess in the carrying value of a reporting unit’s goodwill over its fair value is recognized as an impairment loss, limited to the total amount of goodwill allocated to that reporting unit.
We performed our annual goodwill impairment analysis and did not identify any impairment indicators as a result of the review. As of December 31, 2019, we had one reporting unit.
Other Intangible Assets—Intangible assets with finite lives are carried at cost, less accumulated amortization. Amortization is computed using the straight-line or accelerated method over the estimated economic lives of the assets, which range from three to five years .
Deferred Revenue—Deferred revenue consists of amounts that have been invoiced but that have not yet been recognized as revenue. The majority of deferred revenue is comprised of security subscription and technical support services which are invoiced upfront and delivered over 12 months or longer.
Income Taxes—We record income taxes using the asset and liability method, which requires the recognition of deferred tax assets and liabilities for the expected future tax consequences of events that have been recognized in our financial statements or tax returns. In addition, deferred tax assets are recorded for the future benefit of utilizing net operating losses and research and development credit carryforwards. Deferred tax assets and liabilities are measured using the currently enacted tax rates that apply to taxable income in effect for the years in which those tax assets and liabilities are expected to be realized or settled. Valuation allowances are provided when necessary to reduce deferred tax assets to the amount expected to be realized.
We recognize tax benefits from an uncertain tax position only if it is more likely than not, based on the technical merits of the position, that the tax position will be sustained on examination by the tax authorities. The tax benefits recognized in the financial statements from such positions are then measured based on the largest benefit that has a greater than 50% likelihood of being realized upon ultimate settlement.
Stock-Based Compensation—The fair value of restricted stock units (“RSUs”) is based on the closing market price of our common stock on the date of grant. We have elected to use the Black-Scholes-Merton (“Black-Scholes”) pricing model to determine the fair value of our employee stock options and our equity incentive plans. Stock-based compensation expense is amortized on a straight-line basis over the service period. We account for forfeitures of all stock-based payment awards when they occur.
72
Leases—We rent certain facilities under operating lease agreements. On January 1, 2019, we adopted Financial Accounting Standards Board (“FASB”) Topic 842, Leases (“Topic 842”), which requires the recognition of right-of-use (“ROU”) assets and lease liabilities for operating leases on the consolidated balance sheet. Under Topic 842, we determine if an arrangement is a lease at inception. The ROU assets and the short and long-term lease liabilities from our operating leases are included in other assets, accrued liabilities and other liabilities in our consolidated balance sheets, respectively. The corresponding assets, the short and long-term lease liabilities from our finance leases are included in property and equipment, accrued liabilities and other liabilities in our consolidated balance sheets, respectively.
The ROU assets represent our right to use an underlying asset for the lease term. Lease liabilities represent our obligation to make lease payments under the lease. Operating lease ROU assets and liabilities are recognized at the lease commencement date based on the present value of lease payments over the lease term. The implicit rate within our operating leases is generally not determinable and therefore we use our incremental borrowing rate at the lease commencement date to determine the present value of lease payments. The determination of our incremental borrowing rate requires judgment. We determine our incremental borrowing rate for each lease using indicative bank borrowing rates, adjusted for various factors including level of collateralization, term and currency to align with the terms of a lease. The operating lease ROU asset also includes any lease prepayments, net of lease incentives. Certain leases include options to extend or terminate the lease. An option to extend the lease is considered in connection with determining the ROU asset and lease liability when it is reasonably certain we will exercise that option. An option to terminate is considered unless it is reasonably certain we will not exercise the option.
Lease expense for lease payments for our operating leases is recognized on a straight-line basis over the term of the lease. We begin recognizing rent expense on the date that a lessor makes an underlying asset that is subject to the lease available for our use. For our finance leases, we recognize amortization expense from the amortization of the corresponding assets and interest expense on the related lease liabilities.
Prior to 2019, leases were recognized under FASB Topic 840, Leases (“Topic 840”). Under Topic 840, related rent expense was recognized on a straight-line basis over the term of the lease. Rent holidays and scheduled rent increases were included in the determination of rent expense to be recorded over the lease term. Lease incentives were recognized as a reduction of rent expense on a straight-line basis over the term of the lease. Renewals were not assumed in the determination of the lease term unless they were deemed to be reasonably assured at the inception of the lease. We began recognizing rent expense on the date that we obtained the legal right to use and control the leased space.
Advertising Expense—Advertising costs are expensed when incurred and are included in operating expenses in the accompanying consolidated statements of income. Our advertising expenses were not significant for any periods presented.
Research and Development Costs—Research and development costs are expensed as incurred.
Deferred Contract Costs and Commission Expense —In 2017, we recognized commission expense on both product sales and service contracts at the time of sale. Beginning on January 1, 2018, we recognize sales commissions related to product sales upfront while sales commissions for service contracts are deferred as Deferred contract costs in the consolidated balance sheets and amortized over the applicable amortization period. Costs for initial contracts that are not commensurate with renewal commissions are amortized on a straight-line basis over the period of benefit, which we have determined to be five years and which is typically longer than the initial contract term.
Software Development Costs—The costs to develop software that is marketed have not been capitalized as we believe our current software development process is essentially completed concurrently with the establishment of technological feasibility. Such costs are expensed as incurred and included in research and development in our consolidated statements of income.
The costs to obtain or develop software for internal use are capitalized based on qualifying criteria, which includes a determination of whether such costs are incurred during the application development stage. Such costs are amortized over the software’s estimated useful life.
73
January 1, 2018. Results for reporting periods beginning after January 1, 2018 are presented under Topic 606, while prior period amounts are not adjusted and continue to be reported under ASU 2009-13, Revenue Recognition (Topic 605) (“Topic 605”). The details of significant changes and quantitative impact of the changes are discussed below.
Beginning in 2018, revenues are recognized when control of these goods or services is transferred to our customers, in an amount that reflects the consideration we expect to be entitled to in exchange for those goods or services. Prior to 2018, revenue was recognized under Topic 605 when all of the following criteria were met: (i) persuasive evidence of an arrangement existed, (ii) delivery has occurred or services have been rendered, (iii) sales price was fixed or determinable and (iv) collectability was reasonably assured.
Under Topic 606, we determine revenue recognition through the following steps:
•identification of a contract or contracts with a customer,
• | identification of the performance obligations in a contract, including evaluation of performance obligations and evaluating the distinct goods or services in a contract, |
•determination of a transaction price,
•allocation of a transaction price to the performance obligations in a contract, and
•recognition of revenue when, or as, we satisfy a performance obligation.
We derive a majority of product sales from our FortiGate products which include a broad set of built-in security and networking features and functionalities, including firewall, next-generation firewall, secure web gateway, secure sockets layer (“SSL”) inspection, software-defined wide-area network, intrusion prevention, SSL data leak prevention, virtual private network, switch and wireless controller and wide area network edge.
We previously recognized product revenue for sales to distributors that had no general right of return and direct sales to end-customers upon shipment, based on general revenue recognition accounting guidance once all other revenue recognition criteria were met. Certain distributors are granted stock rotation rights, limited rights of return or rebates for sales of our products. The arrangement fee for this group of distributors was not fixed or determinable when products were shipped and revenue was therefore deferred and recognized upon sell-through. Under Topic 606, we recognize product revenue upon shipment when control of the promised goods is transferred to the customer. Our term software licenses represent multiple performance obligations, which include software licenses and software support services where the term licenses are recognized upfront upon transfer of control, with the associated software support services recognized ratably over the contract term as services and software updates are provided. Previously, term licenses were recognized over the license period.
Service revenue relates to sales of our FortiGuard security subscription, FortiCare technical support services and other services. Our typical subscription and contractual support term is one to three years , and to a lesser extent, five years . Our revenue recognition for service arrangements did not significantly change under Topic 606. We continue to recognize revenue from these services ratably over the contractual service period because of continuous transfer of control to the customer over the support period. Revenue related to subsequent renewals of these services are recognized over the support term of the renewal agreement. We also generate a small portion of our revenue from other services consisting of professional services, training and software-as-a-service (“SaaS”) which is either hosted or cloud-based services. We recognize revenue from professional and training services as the services are provided. We recognize revenue from SaaS as the subscription service is delivered over the term, which is typically one year, or on a monthly usage basis. To date, SaaS revenue has not represented a significant percentage of our total revenue.
Our sales contracts typically contain multiple performance obligations, such as hardware, software license, security subscription, technical support services and other services. These are distinct from our security subscriptions, technical support services and other services in that the customer can benefit from the product without these services and such services are separately identifiable within the contract. We allocate the transaction price to each performance obligation based on relative standalone selling price. We determine standalone selling price based on the historical pricing and discounting practices for those services when sold separately. If not observable through past transactions, we may require judgment to determine the standalone selling price for distinct performance obligations by considering multiple historical factors including, but not limited to, cost of products, gross margin objectives, pricing practices, geographies and the term of the service contract that fall within a reasonably range as a percentage of list price. Revenue is reported net of sales tax.
74
Under Topic 605, revenue from contracts that contain our products and services were allocated to each unit of accounting based on an estimated selling price using vendor-specific objective evidence (“VSOE”) of selling price, if it existed, or third-party evidence (“TPE”) of selling price. If neither VSOE nor TPE of selling price existed for a deliverable, we used our best estimate of selling price for that deliverable. For multiple-element arrangements where software deliverables were included, revenue was allocated to the non-software deliverables and to the software deliverables as a group using the relative estimated selling prices of each of the deliverables in the arrangement based on the estimated selling price hierarchy. The amount allocated to the software deliverables was then allocated to each software deliverable using the residual method when VSOE of fair value existed. If evidence of VSOE of fair value of one or more undelivered elements did not exist, all software allocated revenue was deferred and recognized when delivery of those elements occurred or when fair value was established. When the undelivered element for which we did not have VSOE of fair value was support, revenue for the entire arrangement was recognized ratably over the support period. The same residual method and VSOE of fair value principles applied for our multiple element arrangements that contained only software elements.
In certain circumstances, our contracts include provisions for sales rebates and other customer incentive programs. Additionally, in limited circumstances, we may permit end-customers, distributors and resellers to return our products, subject to varying limitations, for a refund within a reasonably short period from the date of purchase. These amounts are accounted for as variable consideration that can decrease the transaction price. We estimate variable consideration using the expected-value method based on the most likely amounts to which we expect our customers to be entitled. We include estimated amounts in the transaction price to the extent that it is probable that a significant reversal of cumulative revenue recognized will not occur when the uncertainty associated with the variable consideration is resolved. Our estimate for refund liabilities, which include sales returns reserve and customer rebates, was $27.6 million and $24.1 million as of December 31, 2019 and 2018, respectively, and is included in current liabilities in our consolidated balance sheet.
We generally invoice at the time of our sale for the total price of the hardware, software licenses, security and technical support and other services, and the invoice is payable within 30 to 45 days. We also invoice certain services on a monthly basis. Amounts billed and due from our customers are classified as receivables on the balance sheet and do not bear interest. Our deferred revenue primarily consists of amounts that have been invoiced but have not been recognized as revenue as of period end.
Shipping and handling fees charged to our customers are recognized as revenue in the period shipped and the related costs for providing these services are recorded in cost of revenue. Shipping and handling fees recognized were not significant during 2019, 2018 and 2017.
Warranties—We generally provide a one-year warranty on most hardware products and a 90 -day warranty on software. We also provide extended warranties under the terms of our support agreements. A provision for estimated future costs related to warranty activities in the first year after product sale is recorded as a component of cost of product revenues when the product revenue is recognized, based upon historical product failure rates and historical costs incurred in correcting product failures. Warranty costs related to extended warranties sold under support agreements are recognized as cost of service revenue as incurred. In the event we change our warranty reserve estimates, the resulting charge against future cost of revenue or reversal of previously recorded charges may materially affect our gross margins and operating results. Accrued warranty was not significant as of December 31, 2019 and 2018.
Contingent Liabilities—From time to time, we are involved in disputes, litigation, and other legal actions. There are many uncertainties associated with any disputes, litigation and other legal actions, and these actions or other third-party claims against us may cause us to incur costly litigation fees, costs and substantial settlement charges, and possibly subject us to damages and other penalties, which are inherently difficult to estimate and could adversely affect our results of operations. In addition, the resolution of any intellectual property litigation may require us to make royalty payments, which could adversely affect our gross margins in future periods. We review significant new claims and litigation for the probability of an adverse outcome. Estimates can change as individual claims develop. The actual liability in any such matters may be materially different from our estimates, which could result in the need to adjust our liability and record additional expenses, which may be material.
75
Recently Adopted Accounting Standards
Leases
In February 2016, the FASB issued Topic 842, which requires the recognition of ROU assets and lease liabilities for operating leases on the consolidated balance sheet. We adopted Topic 842 and its related amendments as of January 1, 2019 using a modified retrospective transition approach by applying the new standard to all leases existing at the date of initial application and not restating comparative periods. We elected the package of practical expedients permitted under the transition guidance, which allowed us to waive reassessing the lease classification for any expired or existing leases, the initial direct costs for any existing leases and whether any expired or existing contracts contained leases.
Under the new guidance, we determine if an arrangement contains a lease and the classification of that lease, if applicable, at inception or upon modification of a contract. We have elected to not recognize a lease liability or ROU asset for short-term leases (leases that, at the commencement date, have a lease term of 12 months or less and do not include an option to purchase the underlying asset that we are reasonably certain to exercise). We have elected to not allocate the contract consideration for operating lease contracts with lease and non-lease components, and account for the lease and non-lease components as a single lease component.
The primary impact of adopting Topic 842 was the recognition of ROU assets and lease liabilities for operating leases of $39.1 million and $40.6 million, respectively, on January 1, 2019, which included reclassifying prepaid rent and deferred rent as a component of the ROU asset. Topic 842 did not have a material impact on our consolidated statements of income and cash flows.
Our accounting for finance leases (formerly referred to as capital leases prior to the adoption of Topic 842) remained substantially unchanged. Finance leases are not material to our consolidated financial statements.
Comprehensive Income
In February 2018, the FASB issued ASU 2018-02—Income Statement—Reporting Comprehensive Income (Topic 220): Reclassification of Certain Tax Effects from Accumulated Other Comprehensive Income, which allows companies to reclassify stranded tax effects resulting from the Tax Cuts and Jobs Act (the “2017 Tax Act”) from accumulated other comprehensive income to retained earnings. We adopted ASU 2018-02 on January 1, 2019 and elected to reclassify $0.1 million of stranded tax effects as of that date.
Stock Compensation
In June 2018, the FASB issued ASU 2018-07—Compensation—Stock Compensation (Topic 718): Improvements to Nonemployee Share-Based Payment Accounting, which simplifies the accounting for share-based payments to nonemployees by aligning it with the accounting for share-based payments to employees subject to certain exceptions. ASU 2018-07 expands the scope of Accounting Standards Codification (“ASC”) Topic 718, Compensation—Stock Compensation (“ASC 718”), to include share-based payments granted to nonemployees in exchange for goods or services used or consumed in an entity’s own operations and supersedes the guidance in ASC 505, Equity, by moving it to ASC 718. We adopted ASU 2018-07 on January 1, 2019. ASU 2018-07 did not have a material impact on our consolidated financial statements.
Recent Accounting Standards Not Yet Effective
Income Taxes
In December 2019, the FASB issued ASU 2019-12—Income Taxes (Topic 740): Simplifying the Accounting for Income Taxes. The amendments in ASU 2019-12 simplify the accounting for income taxes by removing certain exceptions to the general principles in Topic 740. The amendments also improve consistent application of and simplify GAAP for other areas of Topic 740 by clarifying and amending existing guidance. ASU 2019-12 is effective for us beginning on January 1, 2021. Early adoption of the amendments is permitted. We are currently evaluating the impact of ASU 2019-12 on our consolidated financial statements.
76
Cloud Computing
In August 2018, the FASB issued ASU 2018-15—Intangibles-Goodwill and Other—Internal-Use Software (Subtopic 350-40): Customer’s Accounting for Implementation Costs Incurred in a Cloud Computing Arrangement That Is a Service Contract, which requires a customer in a cloud computing arrangement that is a service contract to follow the internal-use software guidance in ASC Topic 350, Intangibles—Goodwill and Other, to determine which implementation costs to capitalize as assets or expense as incurred. Companies can choose to adopt the ASU 2018-15 prospectively or retrospectively. ASU 2018-15 is effective for us beginning January 1, 2020. The adoption of this standard will not have a material impact on our consolidated financial statements.
Fair Value Measurements
In August 2018, the FASB issued ASU 2018-13—Fair Value Measurement (Topic 820): Disclosure Framework—Changes to the Disclosure Requirements for Fair Value Measurement, which eliminates, adds and modifies certain disclosure requirements for fair value measurements in ASC 820, Fair Value Measurement, as part of its disclosure framework project. ASU 2018-13 is effective for us beginning January 1, 2020. The amendments in ASU 2018-13 that relate to changes in unrealized gains and losses, the range and weighted average of significant unobservable inputs used to develop Level 3 fair value measurements and the narrative description of measurement uncertainty should be applied prospectively for only the most recent interim or annual period presented in the initial fiscal year of adoption. All other amendments in ASU 2018-13 should be applied retrospectively to all periods presented upon their effective date. The adoption of this standard will not have a material impact on our disclosures.
Financial Instruments
In June 2016, the FASB issued ASU 2016-13—Financial Instruments—Credit Losses (Topic 326): Measurement of Credit Losses on Financial Instruments and in November 2018, the FASB issued ASU 2018-19—Codification Improvements to Topic 326, Financial Instruments—Credit Losses, as a subsequent amendment to the initial guidance (collectively, Topic 326). In April 2019, the FASB issued ASU 2019-04—Codification Improvements to Topic 326: Financial Instruments—Credit Losses, Topic 815, Derivatives and Hedging, and Topic 825, Financial Instruments, in May 2019, the FASB issued ASU 2019-05—Financial Instruments—Credit Losses (Topic 326): Targeted Transition Relief, and in November 2019, the FASB issued ASU 2019-11—Codification Improvements to Topic 326 to clarify and address certain items related to the amendments in ASU 2016-13. Topic 326 requires a financial asset (or a group of financial assets) measured at an amortized cost basis to be presented at the net amount expected to be collected. The new approach to estimating credit losses (referred to as the current expected credit losses model) generally accelerates recognition of credit losses. The new guidance is effective for us beginning on January 1, 2020. The adoption of this standard will not have a material impact on our consolidated financial statements.
2. | REVENUE RECOGNITION |
Our revenue consists of product and service revenue. Product revenue is generated by sales of our FortiGate products and other hardware and software solutions. Service revenue relates to sales of our FortiGuard security subscription, FortiCare technical support services and other services.
Disaggregation of Revenue
The following table presents our revenue disaggregated by major product and service lines (in millions):
Years Ended | ||||||||||
December 31, 2019 | December 31, 2018 | December 31, 2017 (1) | ||||||||
Product | $ | $ | $ | |||||||
Service: | ||||||||||
Security subscription | ||||||||||
Technical support and other | ||||||||||
Total service revenue | ||||||||||
Total revenue | $ | $ | $ | |||||||
(1) December 31, 2017 amounts have not been adjusted under the modified retrospective method. | ||||||||||
Deferred Revenue
Our deferred revenue consists of amounts that have been invoiced but have not been recognized as revenue as of period end. During 2019, we recognized $930.4 million in revenue that was included in the deferred revenue balance as of December 31, 2018. During 2018, we recognized $753.3 million in revenue that was included in the deferred revenue balance as of January 1, 2018.
Transaction Price Allocated to the Remaining Performance Obligations
As of December 31, 2019, the aggregate amount of the transaction price allocated to remaining performance obligations was $2.14 billion, which was substantially comprised of deferred security subscription and technical support services. We expect to recognize approximately $1.17 billion as revenue over the next 12 months and the remainder thereafter.
Accounts Receivable
Trade accounts receivable are recorded at the invoiced amount. Trade accounts receivable are reduced by an allowance for doubtful accounts which is determined based on our assessment of the collectability of customer accounts. The allowance for doubtful accounts was $1.2 million as of December 31, 2019 and $0.9 million as of December 31, 2018.
Contract Assets
Contract assets represent amounts that have been recognized as revenue but for which we did not have the unconditional right to invoice the customer. Our contract assets as of December 31, 2019 and December 31, 2018 were immaterial.
Deferred Contract Costs
Sales commissions earned by our sales force are considered incremental and recoverable costs of obtaining a contract with a customer. Sales commissions for the sale of products and software licenses are recognized at the time of sale. Sales commissions for initial service contracts are deferred and then amortized as an expense on a straight-line basis over the period of benefit which we have determined to be five years . We determined the period of benefit taking into consideration our customer contracts, our technology and other factors. Sales commissions for renewal contracts are deferred and then amortized on a straight-line basis over the contractual period of the underlying contracts which ranges from one to three years and, to a lesser extent, five years . The amortization of deferred contract costs is included in sales and marketing expense in our consolidated statements of income. Amortization of deferred contract costs during 2019 and 2018 was $107.9 million and $90.9 million, respectively. No impairment loss was recognized during 2019 and 2018.
77
3. | FINANCIAL INSTRUMENTS AND FAIR VALUE |
The following tables summarize our investments (in millions):
December 31, 2019 | |||||||||||||||
Amortized Cost | Unrealized Gains | Unrealized Losses | Fair Value | ||||||||||||
Corporate debt securities | $ | $ | $ | ( | ) | $ | |||||||||
Commercial paper | |||||||||||||||
Certificates of deposit and term deposits (1) | |||||||||||||||
U.S. government and agency securities | |||||||||||||||
Total available-for-sale securities | $ | $ | $ | ( | ) | $ | |||||||||
December 31, 2018 | |||||||||||||||
Amortized Cost | Unrealized Gains | Unrealized Losses | Fair Value | ||||||||||||
Corporate debt securities | $ | $ | $ | ( | ) | $ | |||||||||
Commercial paper | |||||||||||||||
Certificates of deposit and term deposits (1) | |||||||||||||||
U.S. government and agency securities | ( | ) | |||||||||||||
Total available-for-sale securities | $ | $ | $ | ( | ) | $ | |||||||||
(1) The majority of our certificates of deposit and term deposits are foreign deposits. | |||||||||||||||
The following tables show the gross unrealized losses and the related fair values of our investments that have been in a continuous unrealized loss position (in millions):
December 31, 2019 | |||||||||||||||||||||||
Less Than 12 Months | 12 Months or Greater | Total | |||||||||||||||||||||
Fair Value | Unrealized Losses | Fair Value | Unrealized Losses | Fair Value | Unrealized Losses | ||||||||||||||||||
Corporate debt securities | $ | $ | ( | ) | $ | $ | $ | $ | ( | ) | |||||||||||||
Certificates of deposit and term deposits | |||||||||||||||||||||||
Commercial paper | |||||||||||||||||||||||
U.S. government and agency securities | |||||||||||||||||||||||
Total available-for-sale securities | $ | $ | ( | ) | $ | $ | $ | $ | ( | ) | |||||||||||||
December 31, 2018 | |||||||||||||||||||||||
Less Than 12 Months | 12 Months or Greater | Total | |||||||||||||||||||||
Fair Value | Unrealized Losses | Fair Value | Unrealized Losses | Fair Value | Unrealized Losses | ||||||||||||||||||
Corporate debt securities | $ | $ | ( | ) | $ | $ | ( | ) | $ | $ | ( | ) | |||||||||||
Commercial paper | ( | ) | ( | ) | |||||||||||||||||||
Certificates of deposit and term deposits | |||||||||||||||||||||||
U.S. government and agency securities | |||||||||||||||||||||||
Total available-for-sale securities | $ | $ | ( | ) | $ | $ | ( | ) | $ | $ | ( | ) | |||||||||||
78
The contractual maturities of our investments were as follows (in millions):
December 31, 2019 | December 31, 2018 | ||||||
Due within one year | $ | $ | |||||
Due within one to three years | |||||||
Total | $ | $ | |||||
Available-for-sale securities are reported at fair value, with unrealized gains and losses and the related tax impact included as a separate component of stockholders’ equity and in comprehensive income. Realized losses on available-for-sale securities were insignificant in the periods presented and are included in Other income (expense)—net in our consolidated statements of income. We use the specific identification method to determine the cost basis of investments sold.
The unrealized losses on our available-for-sale securities were caused by fluctuations in market value and interest rates as a result of the economic environment. We consider these investments to be temporarily impaired as of December 31, 2019 because (i) the decline in market value was attributable to changes in market conditions and not credit quality, and (ii) we have concluded currently that neither do we intend to sell nor is it more likely than not that we will be required to sell these investments prior to recovery of their amortized cost basis.
Fair Value Accounting—We apply the following fair value hierarchy for disclosure of the inputs used to measure fair value. This hierarchy prioritizes the inputs into three broad levels as follows:
Level 1—Inputs are unadjusted quoted prices in active markets for identical assets or liabilities.
Level 2—Inputs are quoted prices for similar assets and liabilities in active markets or inputs that are observable for the assets or liabilities, either directly or indirectly through market corroboration, for substantially the full term of the financial instruments.
Level 3—Unobservable inputs based on our own assumptions used to measure assets and liabilities at fair value. The inputs require significant management judgment or estimation.
We measure the fair value of money market funds and certain U.S. government and agency securities using quoted prices in active markets for identical assets. The fair value of all other financial instruments was based on quoted prices for similar assets in active markets, or model-driven valuations using significant inputs derived from or corroborated by observable market data.
We classify investments within Level 1 if quoted prices are available in active markets for identical securities.
We classify items within Level 2 if the investments are valued using model-driven valuations using observable inputs such as quoted market prices, benchmark yields, reported trades, broker/dealer quotes or alternative pricing sources with reasonable levels of price transparency. Investments are held by custodians who obtain investment prices from a third-party pricing provider that incorporates standard inputs in various asset price models.
79
Fair Value of Financial Instruments
Assets Measured at Fair Value on a Recurring Basis
The following tables present the fair value of our financial assets measured at fair value on a recurring basis (in millions):
December 31, 2019 | December 31, 2018 | ||||||||||||||||||||||||||||||
Aggregate Fair Value | Quoted Prices in Active Markets For Identical Assets | Significant Other Observable Remaining Inputs | Significant Other Unobservable Remaining Inputs | Aggregate Fair Value | Quoted Prices in Active Markets For Identical Assets | Significant Other Observable Remaining Inputs | Significant Other Unobservable Remaining Inputs | ||||||||||||||||||||||||
(Level 1) | (Level 2) | (Level 3) | (Level 1) | (Level 2) | (Level 3) | ||||||||||||||||||||||||||
Assets: | |||||||||||||||||||||||||||||||
Corporate debt securities | $ | $ | $ | $ | $ | $ | $ | $ | |||||||||||||||||||||||
Certificates of deposit and term deposits | |||||||||||||||||||||||||||||||
Money market funds | |||||||||||||||||||||||||||||||
Commercial paper | |||||||||||||||||||||||||||||||
U.S. government and agency securities | |||||||||||||||||||||||||||||||
Total | $ | $ | $ | $ | $ | $ | $ | $ | |||||||||||||||||||||||
Reported as: | |||||||||||||||||||||||||||||||
Cash equivalents | $ | $ | |||||||||||||||||||||||||||||
Short-term investments | |||||||||||||||||||||||||||||||
Long-term investments | |||||||||||||||||||||||||||||||
Total | $ | $ | |||||||||||||||||||||||||||||
There were no transfers between Level 1 and Level 2 of the fair value hierarchy during the years ended December 31, 2019 and December 31, 2018.
4. INVENTORY
Inventory consisted of the following (in millions):
December 31, 2019 | December 31, 2018 | ||||||
Raw materials | $ | $ | |||||
Finished goods | |||||||
Inventory | $ | $ | |||||
80
5. PROPERTY AND EQUIPMENT—Net
Property and equipment—net consisted of the following (in millions):
December 31, 2019 | December 31, 2018 | ||||||
Building and building improvements | $ | $ | |||||
Computer equipment and software | |||||||
Land | |||||||
Leasehold improvements | |||||||
Evaluation units | |||||||
Furniture and fixtures | |||||||
Construction-in-progress | |||||||
Total property and equipment | |||||||
Less: accumulated depreciation | ( | ) | ( | ) | |||
Property and equipment—net | $ | $ | |||||
Depreciation expense was $50.7 million, $46.7 million and $46.9 million in 2019, 2018 and 2017, respectively.
6. INVESTMENTS IN PRIVATELY HELD COMPANIES
Our investments in the equity securities of privately held companies totaled $5.3 million and $9.1 million as of December 31, 2019 and 2018, respectively. These investments are accounted for at cost, adjusted for changes in observable prices minus impairment. We own less than 20% of the voting securities in each of these investments and do not have the ability to exercise significant influence over operating and financial policies of the respective entities. These investments are recorded as Other assets in our consolidated balance sheets and would be measured at fair value if indicators of an increase in value or impairment existed. During the third quarter of 2019, we determined that one of our investments was other-than-temporarily impaired. As a result, we recognized a non-cash impairment charge of $3.8 million to Other income (expense)—net in our consolidated statements of income. During the third quarter of 2018, we sold equity securities of a privately held company for $5.2 million and recognized a gain of $2.2 million to Other income (expense)—net in our consolidated statements of income. As of December 31, 2019, no other events have occurred that would affect the carrying value of these investments.
7. BUSINESS COMBINATIONS
2019 Acquisitions
CyberSponse, Inc.
On December 12, 2019, we acquired all outstanding shares of CyberSponse, Inc. (“CyberSponse”), a provider of security orchestration, automation and response products and services. We expect that the CyberSponse acquisition will further extend the automation and incident response capabilities of our FortiAnalyzer, FortiSIEM and FortiGate solutions.
Under the business combination method of accounting in accordance with ASC Topic 805, Business Combinations (“ASC 805”), the total preliminary purchase price was allocated to CyberSponse’s identifiable tangible and intangible assets acquired and liabilities assumed based on their estimated fair values using management’s best estimates and assumptions to assign fair value as of the acquisition date. The preliminary purchase price for CyberSponse was $26.1 million, of which $18.6 million was allocated to goodwill that was non-deductible for tax purposes and $9.1 million was allocated to identifiable intangible assets, the majority of which was developed technology, offset by $1.6 million of net liabilities assumed, which predominantly included cash, accounts receivable, accrued payroll and compensation liabilities and deferred tax liabilities. We incurred a $4.1 million liability in connection with this business combination, the majority of which related to the settlement of CyberSponse’s equity awards in cash, which we included in accrued liabilities in our consolidated balance sheet as of December 31, 2019. The preliminary purchase price included $3.0 million of this liability and the remaining $1.1 million was recognized as compensation cost in the consolidated statement of income for the year ended December 31, 2019. The preliminary purchase price also included $3.8 million held in indemnity escrow, of which $2.8 million will be held for 12 months and the remaining $1.0 million will be held for 36 months after the transaction closing date. The amount recognized for acquired indemnification assets as of the acquisition date was not material. Goodwill recorded in connection with this acquisition represents the value we expect to be created through expansion into markets within our existing business, and potential cost savings and synergies.
Our estimates and assumptions are subject to change within the measurement period. The allocation of the purchase price for this acquisition has been prepared on a preliminary basis and changes to the allocation of certain assets and liabilities may occur as additional information becomes available. The primary areas of the purchase price that are not yet finalized are related to income taxes and the valuation of acquired assets and assumed liabilities.
enSilo Limited
On October 28, 2019, we acquired all outstanding shares of enSilo Limited (“enSilo”), a provider of endpoint detection and response products and services. We expect that the enSilo acquisition will further enhance the Fortinet Security Fabric platform and strengthen endpoint and network security solutions by providing customers with advanced endpoint security.
Under the business combination method of accounting in accordance with ASC 805, the total preliminary purchase price was allocated to enSilo’s identifiable tangible and intangible assets acquired and liabilities assumed based on their estimated fair values using management’s best estimates and assumptions to assign fair value as of the acquisition date. The preliminary purchase price for enSilo was $15.8 million, of which $10.4 million was allocated to goodwill, $10.8 million was
81
allocated to identifiable intangible assets, the majority of which was developed technology, offset by $5.4 million of net liabilities assumed, which predominantly included cash, accounts receivable, operating lease right-of-use asset and liability, deferred revenue, accrued payroll and compensation liabilities, assumed debt and deferred tax liabilities. The preliminary purchase price included $2.0 million held in indemnity escrow for 12 months after the transaction closing date. The amount recognized for acquired indemnification assets as of the acquisition date was not material. Goodwill recorded in connection with this acquisition represents the value we expect to be created through expansion into markets within our existing business, and potential cost savings and synergies and goodwill is non-deductible for tax purposes.
Our estimates and assumptions are subject to change within the measurement period. The allocation of the purchase price for this acquisition has been prepared on a preliminary basis and changes to the allocation of certain assets and liabilities may occur as additional information becomes available. The primary areas of the purchase price that are not yet finalized are related to income taxes and the valuation of acquired assets and assumed liabilities.
2018 Acquisitions
ZoneFox Holdings Limited
On October 22, 2018, we acquired all outstanding shares of ZoneFox Holdings Limited (“ZoneFox”), a privately held cloud-based company providing insider threat detection and response. The purchase price for ZoneFox was $16.1 million, of which $12.5 million was allocated to goodwill that was non-deductible for tax purposes and $6.8 million was allocated to identifiable intangible assets, the majority of which was developed technology, offset by $3.2 million of net liabilities assumed.
The acquisition included a $2.0 million cash earn-out that was subject in full to satisfaction of certain performance conditions. The performance conditions were not met and the cash earn-out will not be paid.
Bradford Networks, Inc.
On June 4, 2018, we acquired all outstanding shares of Bradford Networks, Inc. (“Bradford”), a provider of network access control security products and services. The purchase price for Bradford was $6.8 million, of which $11.1 million was allocated to goodwill that was non-deductible for tax purposes and $8.0 million was allocated to identifiable intangible assets, the majority of which was developed technology, offset by $12.3 million of net liabilities assumed.
The acquisition included a $2.0 million cash earn-out that was subject in full to satisfaction of certain performance conditions. The performance conditions were not met and the cash earn-out will not be paid.
Additional Acquisition-Related Information
The operating results of the acquired companies are included in our consolidated statements of income from the respective dates of acquisition. Acquisition-related costs related to each acquisition were not material. Pro forma information has not been presented as the impact of these acquisitions, individually and in the aggregate, were not material to our consolidated financial statements.
8. GOODWILL AND OTHER INTANGIBLE ASSETS—Net
Goodwill
The following table presents the changes in the carrying amount of goodwill (in millions):
Amount | |||
Balance—December 31, 2018 | $ | ||
Additions due to business combinations | |||
Balance—December 31, 2019 | $ | ||
There were no impairments to goodwill during 2019, 2018, 2017 or any previous years.
Other Intangible Assets—net
The following tables present other intangible assets—net (in millions, except years):
December 31, 2019 | |||||||||||||
Weighted-Average Useful Life (in Years) | Gross | Accumulated Amortization | Net | ||||||||||
Other intangible assets—net: | |||||||||||||
Finite-lived intangible assets: | |||||||||||||
Developed technologies | $ | $ | $ | ||||||||||
Customer relationships | |||||||||||||
Total other intangible assets—net | $ | $ | $ | ||||||||||
December 31, 2018 | |||||||||||||
Weighted-Average Useful Life (in Years) | Gross | Accumulated Amortization | Net | ||||||||||
Other intangible assets—net: | |||||||||||||
Finite-lived intangible assets: | |||||||||||||
Developed technologies and other | $ | $ | $ | ||||||||||
Customer relationships | |||||||||||||
Total other intangible assets—net | $ | $ | $ | ||||||||||
82
Amortization expense of finite-lived intangible assets was $10.9 million, $9.0 million and $8.6 million in 2019, 2018, and 2017, respectively. The following table summarizes estimated future amortization expense of finite-lived intangible assets (in millions):
Amount | |||
Years: | |||
2020 | $ | ||
2021 | |||
2022 | |||
2023 | |||
Total | $ | ||
9. NET INCOME PER SHARE
Basic net income per share is computed by dividing net income by the weighted-average number of shares of common stock outstanding during the period. Diluted net income per share is computed by dividing net income by the weighted-average number of shares of common stock outstanding during the period, plus the dilutive effects of restricted stock units (“RSUs”), stock options and our Employee Stock Purchase Plan (“ESPP”), which was terminated in February 2019 at the completion of the prior offering period. Dilutive shares of common stock are determined by applying the treasury stock method.
A reconciliation of the numerator and denominator used in the calculation of basic and diluted net income per share is as follows (in millions, except per share amounts):
Year Ended December 31, | |||||||||||
2019 | 2018 | 2017 | |||||||||
Numerator: | |||||||||||
Net income | $ | $ | $ | ||||||||
Denominator: | |||||||||||
Basic shares: | |||||||||||
Weighted-average common stock outstanding-basic | |||||||||||
Diluted shares: | |||||||||||
Weighted-average common stock outstanding-basic | |||||||||||
Effect of potentially dilutive securities: | |||||||||||
RSUs | |||||||||||
Stock options | |||||||||||
ESPP | |||||||||||
Weighted-average shares used to compute diluted net income per share | |||||||||||
Net income per share: | |||||||||||
Basic | $ | $ | $ | ||||||||
Diluted | $ | $ | $ | ||||||||
83
The following weighted-average shares of common stock were excluded from the computation of diluted net income per share for the periods presented, as their effect would have been antidilutive (in millions):
Year Ended December 31, | ||||||||
2019 | 2018 | 2017 | ||||||
RSUs | ||||||||
Stock options | ||||||||
ESPP | ||||||||
Total | ||||||||
10. LEASES
We have operating leases for offices, research and development facilities and data centers. Our leases have remaining terms that range from less than one year to approximately seven years , some of which include one or more options to renew, with renewal terms of up to five years . We do not include renewal options in our lease terms for calculating our lease liability, as the renewal options allow us to maintain operational flexibility and we are not reasonably certain we will exercise these renewal options at the time of the lease commencement.
During the year ended December 31, 2019 we entered into a finance lease with $3.6 million lease liabilities arising from obtaining right-of-use assets with a lease term of approximately two years . Our remaining finance leases were not material to our consolidated financial statements. The related assumptions and further disclosures for finance leases are not material.
The components of operating lease expense were as follows (in millions):
Year Ended | |||
December 31, 2019 | |||
Operating lease expense | $ | ||
Variable lease expense (1) | |||
Short-term lease expense | |||
Total lease expense | $ | ||
(1) Variable lease expense for the year ended December 31, 2019 predominantly included common area maintenance charges and parking expense.
Rent expense was $17.1 million and $16.7 million for 2018 and 2017, respectively. Rent expense was recognized in accordance with Topic 840 using the straight-line method over the term of a lease.
Supplemental balance sheet information related to our operating leases was as follows (in millions, except lease term and discount rate):
Classification | December 31, 2019 | |||
Operating lease ROU assets – non-current | Other assets | $ | ||
Operating lease liabilities – current | Accrued liabilities | $ | ||
Operating lease liabilities – non-current | Other liabilities | |||
Total operating lease liabilities | $ | |||
Weighted average remaining lease term in years – operating leases | ||||
Weighted average discount rate – operating leases | % | |||
84
Supplemental cash flow information related to leases was as follows (in millions):
Year Ended | |||
December 31, 2019 | |||
Cash paid for amounts included in the measurement of lease liabilities | |||
Operating cash flows used for operating leases | $ | ||
Lease liabilities arising from obtaining right-of-use assets | |||
Operating leases | $ | ||
Maturities of operating lease liabilities as of December 31, 2019 were as follows (in millions):
Year ending December 31, | Amount | ||
2020 | $ | ||
2021 | |||
2022 | |||
2023 | |||
2024 | |||
Thereafter | |||
Total lease payments | $ | ||
Less imputed interest | ( | ) | |
Total | $ | ||
As of December 31, 2019, we had additional minimum lease payments of $4.4 million relating to the operating leases that had been signed but had not yet commenced and therefore were excluded from the table above. These leases will commence during 2020 and will have lease term of approximately five to seven years .
The following table summarizes our future principal contractual obligations for operating lease commitments as of December 31, 2018 (in millions):
Year ending December 31, | Amount | ||
2019 | $ | ||
2020 | |||
2021 | |||
2022 | |||
2023 | |||
Thereafter | |||
Total | $ | ||
Total future principal contractual obligations for operating lease commitments as of December 31, 2018 exceeded our undiscounted lease liability as of the Topic 842 adoption date, primarily because the lease liability excluded short-term lease payments (due to the adoption of the short-term lease exemption) and excluded minimum lease payments relating to an operating lease that had been signed but had not yet commenced.
85
11. COMMITMENTS AND CONTINGENCIES
The following table summarizes our inventory purchase commitments as of December 31, 2019 (in millions):
Total | 2020 | 2021 | 2022 | 2023 | 2024 | Thereafter | ||||||||||||||||
Inventory purchase commitments | $ | $ | ||||||||||||||||||||
Inventory Purchase Commitments—Our independent contract manufacturers procure components and build our products based on our forecasts. These forecasts are based on estimates of future demand for our products, which are in turn based on historical trends and an analysis from our sales and marketing organizations, adjusted for overall market conditions. In order to reduce manufacturing lead times and plan for adequate component supply, we may issue purchase orders to some of our independent contract manufacturers which may not be cancelable. As of December 31, 2019, we had $231.9 million of open purchase orders with our independent contract manufacturers that may not be cancelable.
Other Contractual Commitments and Open Purchase Orders—In addition to commitments with contract manufacturers, we have open purchase orders and contractual obligations in the ordinary course of business for which we have not received goods or services. As of December 31, 2019, we had $12.8 million in other contractual commitments having a remaining term in excess of one year that may not be cancelable.
Litigation—We are involved in disputes, litigation, and other legal actions. For lawsuits where we are the defendant, we are in the process of defending these litigation matters, and while there can be no assurances and the outcome of certain of these matters is currently not determinable and not predictable, we currently are unaware of any existing claims or proceedings that we believe are likely to have a material adverse effect on our financial position. There are many uncertainties associated with any litigation and these actions or other third-party claims against us may cause us to incur costly litigation fees, costs and substantial settlement charges, and possibly subject us to damages and other penalties. In addition, the resolution of any intellectual property litigation may require us to make royalty payments, which could adversely affect our gross margins in future periods. If any of those events were to occur, our business, financial condition, results of operations, and cash flows could be adversely affected. Litigation is unpredictable and the actual liability in any such matters may be materially different from our current estimates, which could result in the need to adjust any accrued liability and record additional expenses. We accrue for contingencies when we believe that a loss is probable and that we can reasonably estimate the amount of any such loss.
Indemnification and Other Matters—Under the indemnification provisions of our standard sales contracts, we agree to defend our customers against third-party claims asserting various allegations such as product defects and infringement of certain intellectual property rights, which may include patents, copyrights, trademarks or trade secrets, and to pay judgments entered on such claims. In some contracts, our exposure under these indemnification provisions is limited by the terms of the contracts to certain defined limits, such as the total amount paid by our customer under the agreement. However, certain agreements include covenants, penalties and indemnification provisions including and beyond indemnification for third-party claims of intellectual property infringement, that could potentially expose us to losses in excess of the amount received under the agreement, and in some instances to potential liability that is not contractually limited. To date, although from time to time there are indemnification claims asserted against us and currently there are pending indemnification claims, there have been no material awards under such indemnification provisions.
Periodically we, like other security companies and companies in other industries, may experience cybersecurity threats, malicious activity directed against our information technology infrastructure and unauthorized attempts to gain access to our and our customers’ sensitive information and systems. For example, as previously disclosed, in the second quarter of 2019, we discovered that an unauthorized party illegally targeted us using sophisticated techniques, such as stealing technical data in order to both impersonate our firewall update servers and possibly attempt other attack methodologies, in an effort to try to gain access to certain of our customers’ systems. We have completed our investigation of this incident and we do not believe that it had a material impact on our or our customers’ businesses. We are currently not aware of any claims arising from this matter.
86
12. STOCKHOLDERS’ EQUITY
Stock-Based Compensation Plans
We have one primary stock incentive plan, the 2009 Equity Incentive Plan, under which we have granted RSUs and stock options. We also previously had an ESPP for eligible employees, which was terminated in February 2019.
2009 Equity Incentive Plan—Our board of directors approved the 2009 Equity Incentive Plan in 2009. On June 21, 2019, our stockholders approved the Amended and Restated Fortinet, Inc. 2009 Equity Incentive Plan (the “Amended Plan”). Among other things, the Amended Plan provided for a net decrease in the number of shares of common stock that were authorized and available for issuance pursuant to future awards granted on or following the effective date of the Amended Plan. On June 28, 2019, we deregistered from various registration statements on Form S-8 an aggregate of 46.2 million shares of common stock that were originally registered for issuance under our 2009 Equity Incentive Plan.
The maximum aggregate number of shares that may be issued under the Amended Plan is 47,873,531 shares; provided, however, that only 13,500,000 shares may be issued or transferred pursuant to new awards granted on or following the effective date of the Amended Plan. We may grant awards to employees, directors and other service providers. In the case of an incentive stock option granted to an employee who, at the time of the grant, owns stock representing more than 10 % of the voting power of all classes of stock, the exercise price shall be no less than 110 % of the fair market value per share on the date of grant and expire no more than five years from the date of grant, and options granted to any other employee, the per share exercise price shall be no less than 100 % of the closing stock price on the date of grant. In the case of a non-statutory stock option and options granted to other service providers, the per share exercise price shall be no less than 100 % of the fair market value per share on the date of grant. Options granted to individuals owning less than 10 % of the total combined voting power of all classes of stock generally have a contractual term of no more than ten years and options generally vest over four years .
As of December 31, 2019, there were a total of 13.4 million shares of common stock available for grant under the Amended Plan.
2011 Employee Stock Purchase Plan—In June 2011, our stockholders approved the ESPP. The ESPP permitted eligible employees to purchase common stock through regular, systematic payroll deductions, up to a maximum of 15 % of employees’ compensation for each purchase period at purchase prices equal to 85 % of the lesser of the fair market value of our common stock at the first trading date of the applicable offering period or the purchase date, subject to purchase limits of 4,000 shares for each purchase period or $25,000 worth of stock for each calendar year. Our board of directors voluntarily determined to terminate the ESPP, effective February 2019 at the completion of the prior offering period.
87
Restricted Stock Units
The following table summarizes the activity and related information for RSUs for the periods presented below (in millions, except per share amounts):
Restricted Stock Units Outstanding | ||||||
Number of Shares | Weighted-Average Grant Date Fair Value per Share | |||||
Balance—December 31, 2016 | $ | |||||
Granted | ||||||
Forfeited | ( | ) | ||||
Vested | ( | ) | ||||
Balance—December 31, 2017 | ||||||
Granted | ||||||
Forfeited | ( | ) | ||||
Vested | ( | ) | ||||
Balance—December 31, 2018 | ||||||
Granted | ||||||
Forfeited | ( | ) | ||||
Vested | ( | ) | ||||
Balance—December 31, 2019 | $ | |||||
As of December 31, 2019, total compensation expense related to unvested RSUs granted to employees and non-employees under the 2009 Plan, but not yet recognized, was $341.1 million. This expense is expected to be amortized on a straight-line basis over a weighted-average vesting period of 2.7 years.
RSUs settle into shares of common stock upon vesting. Upon the vesting of the RSUs, we net-settle the RSUs and withhold a portion of the shares to satisfy minimum statutory employee withholding tax requirements. Total payment of the employees’ tax obligations to the tax authorities is reflected as a financing activity within the consolidated statements of cash flows.
The following summarizes the number and value of the shares withheld for employee taxes (in millions):
Year Ended December 31, | |||||||||||
2019 | 2018 | 2017 | |||||||||
Shares withheld for taxes | |||||||||||
Amount withheld for taxes | $ | $ | $ | ||||||||
Employee Stock Options
In determining the fair value of our employee stock options, we use the Black-Scholes option pricing model, which employs the following assumptions.
Expected Term—The expected term represents the period that our stock-based awards are expected to be outstanding. We believe that we have sufficient historical experience for determining the expected term of the stock option award, and therefore, we calculated our expected term based on historical experience instead of using the simplified method.
Expected Volatility—The expected volatility of our common stock is based on our weighted-average implied and historical volatility.
88
Fair Value of Common Stock—The fair value of our common stock is the closing sales price of the common stock effective on the date of grant.
Risk-Free Interest Rate—We base the risk-free interest rate on the implied yield available on U.S. Treasury zero-coupon issues with an equivalent remaining term.
Expected Dividend—The expected dividend weighted-average assumption is zero .
The following table summarizes the weighted-average assumptions relating to our employee stock options:
Year Ended December 31, | ||||||||
2019 | 2018 | 2017 | ||||||
Expected term in years | ||||||||
Volatility | % | % | % | |||||
Risk-free interest rate | % | % | % | |||||
Dividend rate | % | % | % | |||||
The following table summarizes the stock option activity and related information for the periods presented below (in millions, except exercise prices and contractual life):
Options Outstanding | ||||||||||||
Number of Shares | Weighted- Average Exercise Price | Weighted- Average Remaining Contractual Life (Years) | Aggregate Intrinsic Value | |||||||||
Balance—December 31, 2016 | $ | |||||||||||
Granted | ||||||||||||
Forfeited | ( | ) | ||||||||||
Exercised | ( | ) | ||||||||||
Balance—December 31, 2017 | ||||||||||||
Granted | ||||||||||||
Forfeited | ( | ) | ||||||||||
Exercised | ( | ) | ||||||||||
Balance—December 31, 2018 | ||||||||||||
Granted | ||||||||||||
Forfeited | ( | ) | ||||||||||
Exercised | ( | ) | ||||||||||
Balance—December 31, 2019 | $ | |||||||||||
Options vested and expected to vest—December 31, 2019 | $ | $ | ||||||||||
Options exercisable—December 31, 2019 | $ | $ | ||||||||||
The aggregate intrinsic value represents the difference between the exercise price of stock options and the quoted market price of our common stock on December 31, 2019 for all in-the-money stock options. As of December 31, 2019, total compensation expense related to unvested stock options granted to employees but not yet recognized was $23.9 million. This expense is expected to be amortized on a straight-line basis over a weighted-average period of 2.7 years.
89
Additional information related to our stock options is summarized below (in millions, except per share amounts):
Year Ended December 31, | |||||||||||
2019 | 2018 | 2017 | |||||||||
Weighted-average fair value per share granted | $ | $ | $ | ||||||||
Intrinsic value of options exercised | $ | $ | $ | ||||||||
Fair value of options vested | $ | ||||||||||
The following table summarizes information about outstanding and exercisable stock options as of December 31, 2019, as follows (in millions, except exercise prices and contractual life):
Options Outstanding | Options Exercisable | |||||||||||||||
Range of Exercise Prices | Number Outstanding | Weighted- Average Remaining Contractual Life (Years) | Weighted- Average Exercise Price | Number Exercisable | Weighted- Average Exercise Price | |||||||||||
$19.94-$24.51 | $ | $ | ||||||||||||||
$26.49-$39.49 | ||||||||||||||||
$48.83-$72.75 | ||||||||||||||||
$76.22-$100.12 | ||||||||||||||||
Employee Stock Purchase Plan
There were no grants under the ESPP during the year ended December 31, 2019. In determining the grant date fair value of the ESPP, we used the Black-Scholes option pricing model. The following table summarizes the assumptions used and the resulting grant-date fair values of our ESPP:
Year Ended December 31, | |||||||
2018 | 2017 | ||||||
Expected term in years | |||||||
Volatility | % | % | |||||
Risk-free interest rate | % | % | |||||
Dividend rate | % | % | |||||
Weighted-average fair value per share granted | $ | $ | |||||
Additional information related to the ESPP is provided below (in millions, except per share amounts):
Year Ended December 31, | |||||||||||
2019 | 2018 | 2017 | |||||||||
Shares issued under the ESPP | |||||||||||
Weighted-average price per share issued | $ | $ | $ | ||||||||
90
Shares Reserved for Future Issuances
The following table presents the common stock reserved for future issuance (in millions):
December 31, 2019 | ||
Reserved for future equity award grants | ||
Outstanding stock options and RSUs | ||
Total common stock reserved for future issuances | ||
Stock-based Compensation Expense
Stock-based compensation expense is included in costs and expenses as follows (in millions):
Year Ended December 31, | |||||||||||
2019 | 2018 | 2017 | |||||||||
Cost of product revenue | $ | $ | $ | ||||||||
Cost of service revenue | |||||||||||
Research and development | |||||||||||
Sales and marketing | |||||||||||
General and administrative | |||||||||||
Total stock-based compensation expense | $ | $ | $ | ||||||||
The following table summarizes stock-based compensation expense by award type (in millions):
Year Ended December 31, | |||||||||||
2019 | 2018 | 2017 | |||||||||
RSUs | $ | $ | $ | ||||||||
Stock options | |||||||||||
ESPP | |||||||||||
Total stock-based compensation expense | $ | $ | $ | ||||||||
Total income tax benefit associated with stock-based compensation that is recognized in the consolidated statements of income is as follows (in millions):
Year Ended December 31, | |||||||||||
2019 | 2018 | 2017 | |||||||||
Income tax benefit associated with stock-based compensation | $ | $ | $ | ||||||||
Share Repurchase Program
In January 2016, our board of directors approved the Share Repurchase Program (the “Repurchase Program”), which authorized the repurchase of up to $200.0 million of our outstanding common stock through December 31, 2017. In 2016 and 2017, our board of directors approved the increases in the aggregate authorized repurchase amount under the Repurchase Program by $100.0 million and $700.0 million, respectively, to a total of $1.0 billion. In July 2018, our board of directors approved a $500.0 million increase in the authorized stock repurchase under the Repurchase program and extended the term of the Repurchase Program to December 31, 2019, bringing the aggregate amount authorized to be repurchased to $1.5 billion of our outstanding common stock through December 31, 2019. In November 2019, our board of directors approved a $1 billion increase in the authorized stock repurchase under the Repurchase program and extended the term of the Repurchase Program to
91
February 28, 2021, bringing the aggregate amount authorized to be repurchased to $2.5 billion of our outstanding common stock through February 28, 2021.Under the Repurchase Program, share repurchases may be made by us from time to time in privately negotiated transactions or in open market transactions. The Repurchase Program does not require us to purchase a minimum number of shares, and may be suspended, modified or discontinued at any time without prior notice. In 2019, we repurchased 1.9 million shares of common stock under the Repurchase Program in open market transactions for an aggregate purchase price of $140.9 million. As of December 31, 2019, $1.6 billion remained available for future share repurchases under the Repurchase Program.
13. INCOME TAXES
Income before income taxes consisted of the following (in millions):
Year Ended December 31, | |||||||||||
2019 | 2018 | 2017 | |||||||||
Domestic | $ | $ | $ | ( | ) | ||||||
Foreign | |||||||||||
Total income before income taxes | $ | $ | $ | ||||||||
Due to the realignment of our tax structure, income before income taxes moved from foreign jurisdictions to domestic jurisdiction in the year ended December 31, 2019.
The provision for (benefit from) income taxes consisted of the following (in millions):
Year Ended December 31, | |||||||||||
2019 | 2018 | 2017 | |||||||||
Current: | |||||||||||
Federal | $ | $ | ( | ) | $ | ||||||
State | |||||||||||
Foreign | |||||||||||
Total current | $ | $ | $ | ||||||||
Deferred: | |||||||||||
Federal | $ | $ | ( | ) | $ | ||||||
State | ( | ) | ( | ) | |||||||
Foreign | ( | ) | ( | ) | |||||||
Total deferred | ( | ) | |||||||||
Provision for (benefit from) income taxes | $ | $ | ( | ) | $ | ||||||
The foreign tax provision included the tax impacts from U.S. GAAP to local tax return book to tax differences and return to provision adjustments that create a permanent addback including but not limited to stock compensation, meals and entertainment, and settlement of prior year tax audits with foreign jurisdiction adjustments.
The provision for (benefit from) income taxes differs from the amount computed by applying the statutory federal income tax rate as follows (in millions):
Year Ended December 31, | |||||||||||
2019 | 2018 | 2017 | |||||||||
Tax at federal statutory tax rate | $ | $ | $ | ||||||||
Foreign income taxed at different rates | ( | ) | ( | ) | |||||||
Foreign withholding taxes | |||||||||||
Stock-based compensation expense | ( | ) | ( | ) | |||||||
Foreign tax credit | ( | ) | ( | ) | ( | ) | |||||
State taxes—net of federal benefit | ( | ) | ( | ) | |||||||
Research and development credit | ( | ) | ( | ) | ( | ) | |||||
Valuation allowance | |||||||||||
Dividend distribution | ( | ) | |||||||||
Impact of the 2017 Tax Act: | |||||||||||
Deferred tax asset remeasurement due to reduction in the federal corporate income tax rate | |||||||||||
One-time transition tax | ( | ) | |||||||||
Global Intangible Low-Taxed Income | |||||||||||
Book-to-Tax Basis differences | ( | ) | |||||||||
Other | ( | ) | |||||||||
Total provision for (benefit from) income taxes | $ | $ | ( | ) | $ | ||||||
There are permanent differences that arise from the portion of stock-based compensation expense that is not expected to generate a tax deduction, such as stock-based compensation expense on stock grants to certain foreign employees. This is offset by the actual tax benefits in the current periods from shares held by our U.S. and certain foreign employees. In 2019 and 2018, this excess tax benefit was greater than the non-deductible stock-based compensation expense.
We have realigned our tax structure in order to maximize the tax efficiency of our group structure and better align with our business operations as a result of the 2017 Tax Act. This realignment resulted in a book-to-tax basis difference for previously taxed off-shore deferred revenue as well as other book-to-tax difference. The basis differences resulted in a $164.0 million benefit to the 2018 tax provision.
In the fourth quarter of 2018, we completed our analysis to determine the effect of the 2017 Tax Act within the measurement period under the SEC guidance, and reflected an additional $32.6 million increase related to the transition tax in the 2018 income tax expense. In the fourth quarter of 2019, we recorded a $2.1 million tax benefit related to the transition tax due to the adjustments on prior 2018 foreign tax amounts. The 2017 Tax Act also created a new requirement that Global Intangible Low-Taxed Income (“GILTI”) earned by controlled foreign corporations (“CFCs”) must be included currently in the gross income of a CFC’s U.S. shareholder. In 2018, there was also a $20.5 million expense for the GILTI tax regime that was introduced by the 2017 Tax Act. In 2019, we were not subject to GILTI. We will continue to monitor and assess the impact of the 2017 Tax Act and ongoing guidance and accounting interpretations issued in response to the 2017 Tax Act.
On June 7, 2019, the Ninth Circuit overturned the U.S. Tax Court’s decision on Altera Corporation and Subsidiaries vs. Commissioner of Internal Revenue and ruled in favor of the Commissioner, validating the regulations requiring stock-based compensation to be included in a cost sharing arrangement. A rehearing of the case was requested, but the rehearing request was denied by the Ninth Circuit on November 12, 2019. A petition for Writ of Certiorari was filed with the U.S. Supreme Court on February 10, 2020. Due to the uncertainty surrounding the status of the current regulations and questions related to the scope of potential benefits or obligations, we incurred an unrecognized tax benefit of $10.1 million related to the Ninth Circuit’s Altera decision regarding stock-based compensation in cost sharing arrangements. We continue to monitor developments in this case and any impact it could have on our tax provision.
92
The tax effects of temporary differences that give rise to significant portions of the deferred tax assets as of the years ended are presented below (in millions):
December 31, 2019 | December 31, 2018 | ||||||
Deferred tax assets: | |||||||
General business credit carryforward | $ | $ | |||||
Deferred revenue | |||||||
Reserves and accruals | |||||||
Net operating loss carryforward | |||||||
Stock-based compensation expense | |||||||
Depreciation and amortization | |||||||
Operating lease liabilities | — | ||||||
Total deferred tax assets | |||||||
Less: Valuation allowance | ( | ) | ( | ) | |||
Deferred tax assets, net of valuation allowance | |||||||
Deferred tax liabilities: | |||||||
Deferred contract costs | ( | ) | ( | ) | |||
Operating lease ROU assets | ( | ) | — | ||||
Total deferred tax liabilities | ( | ) | ( | ) | |||
Net deferred tax assets | $ | $ | |||||
As of December 31, 2019, we recorded a deferred tax asset of $232.6 million and a deferred tax liability of $5.0 million. In assessing the realizability of deferred tax assets, we considered whether it is more likely than not that some portion or all of our deferred tax assets will be realized. This realization is dependent upon the generation of future taxable income during the periods in which those temporary differences become deductible. We concluded that it is more likely than not that we will be able to realize the benefits of our deferred tax assets in the future except for our California research and development (“R&D”) credits carryforward, certain impairment losses in business investments, certain foreign tax credits from foreign disregarded entities and certain tax attributes from business acquisitions. We anticipate having sufficient current year generated California R&D credits to cover the same year California tax liability for tax year 2019 and subsequent years. We also believe that it is more likely than not that the deferred tax assets for impairment losses, foreign tax credits from foreign disregarded entities and acquired foreign tax attributes will not be realized. As a result, we recorded a valuation allowance of $43.0 million against deferred tax assets for California R&D credits carryforwards (net of the unrecognized tax benefits), impairment losses, certain foreign tax credits and certain acquired tax attributes.
As of December 31, 2019, we had $46.7 million in federal net operating loss carryforwards to offset future income, which are limited by Section 382 of the Internal Revenue Code (“Section 382”) due to the acquisition of Meru, AccelOps and Bradford. With the acquisition of Meru, we had $22.6 million in federal net operating loss carryforwards which are limited by Section 382 available from year 2020. With the acquisition of AccelOps, we had $16.3 million in federal net operating loss carryforwards from 2016 that are limited by Section 382. With the acquisition of Bradford, we had $7.8 million in federal net operating loss carryforwards from 2018 that are limited by Section 382 available from July 2018. In 2019, it is estimated that a federal net operating loss of $169.4 million will be generated. We had $14.7 million in federal tax credits to offset future federal taxes. As of December 31, 2019, we had $35.5 million in California net operating loss carryforwards including $10.7 million from Meru and $13.4 million from AccelOps, both of which are limited by Section 382. In 2019, it is estimated that a California net operating loss of $11.3 million will be generated. We had state tax credit carryforwards of $30.6 million available to offset our future state taxes. The state credits carry forward indefinitely.
Under the 2017 Tax Act, starting on January 1, 2018, we are no longer subject to federal income tax on earnings remitted from our foreign subsidiaries. We have analyzed our global working capital and cash requirements and the potential tax liabilities attributable to repatriation, and have determined that we will be repatriating certain unremitted foreign earnings which was previously deemed indefinitely reinvested. For those investments from which we were able to make a reasonable estimate of the tax effects of such repatriation, we have recorded a provisional estimate for withholding and state taxes. For those investments from which we were not able to make a reasonable estimate, we have not recorded any deferred taxes.
93
We operate under a tax incentive agreement in Singapore, which is effective through December 31, 2020. The tax incentive agreement is conditional upon our meeting certain employment and investment thresholds.
As of December 31, 2019, we had $67.5 million of unrecognized tax benefits, of which, if recognized, $62.4 million would favorably affect our effective tax rate. Our policy is to include accrued interest and penalties related to uncertain tax benefits in income tax expense. As of December 31, 2019, 2018 and 2017, accrued interest and penalties were $14.1 million, $11.6 million and $13.5 million, respectively.
The aggregate changes in the balance of unrecognized tax benefits are as follows (in millions):
Year Ended December 31, | |||||||||||
2019 | 2018 | 2017 | |||||||||
Unrecognized tax benefits, beginning of year | $ | $ | $ | ||||||||
Gross increases for tax positions related to the current year | |||||||||||
Gross decreases for tax positions related to the current year | ( | ) | |||||||||
Gross increases for tax positions related to the prior year | |||||||||||
Gross decreases for tax positions related to prior year | ( | ) | ( | ) | ( | ) | |||||
Gross decreases for tax positions related to prior year audit settlements | ( | ) | ( | ) | ( | ) | |||||
Gross decreases for tax positions related to expiration of statute of limitations | ( | ) | ( | ) | |||||||
Unrecognized tax benefits, end of year | $ | $ | $ | ||||||||
As of December 31, 2019, 2018 and 2017, $82.8 million, $77.5 million and $90.2 million, respectively, of the amounts reflected above were recorded as Income tax liabilities—non-current in our consolidated balance sheets.
We recorded a net increase of gross unrecognized tax benefits of approximately $4.0 million during the year ended December 31, 2019. The net increase was primarily due to the increase in gross unrecognized tax benefits related to the Altera case, offset by the reversal of gross unrecognized tax benefits in connection with the lapse of statutes of limitations and the settlement of tax audits in foreign jurisdictions.
It is reasonably possible that our gross unrecognized tax benefits will decrease by up to $11.6 million in the next 12 months, primarily due to the lapse of the statute of limitations. These adjustments, if recognized, would positively impact our effective tax rate, and would be recognized as additional tax benefits.
We file income tax returns in the U.S. federal jurisdiction and in various U.S. state and foreign jurisdictions. Generally, we are no longer subject to U.S. state and non-U.S. income tax examinations by tax authorities for tax years prior to 2009. We are no longer subject to examination by U.S federal income tax authorities for tax years prior to 2015. We currently have ongoing tax audits in the United Kingdom, Canada and several other foreign jurisdictions. The focus of these audits is the inter-company profit allocation.
14. DEFINED CONTRIBUTION PLANS
Our tax-deferred savings plan under our 401(k) Plan permits participating U.S. employees to contribute a portion of their pre-tax or after-tax earnings. In Canada, we have a Group Registered Retirement Savings Plan Program (the “RRSP”), which permits participants to make tax deductible contributions. Our board of directors approved 50 % matching contributions on employee contributions up to 4 % of each employee’s eligible earnings. Our matching contributions to our 401(k) Plan and the RRSP for 2019, 2018 and 2017 were $6.6 million, $5.7 million and $4.7 million, respectively.
15. SEGMENT INFORMATION
Operating segments are defined as components of an enterprise about which separate financial information is available that is evaluated regularly by the chief operating decision maker in deciding how to allocate resources and in assessing
94
performance. Our chief operating decision maker is our chief executive officer. Our chief executive officer reviews financial information presented on a consolidated basis, accompanied by information about revenue by geographic region for purposes of allocating resources and evaluating financial performance. We have one business activity, and there are no segment managers who are held accountable for operations, operating results and plans for levels or components below the consolidated unit level. Accordingly, we have determined that we have one operating segment, and therefore, one reportable segment.
Revenue by geographic region is based on the billing address of our customers. The following tables set forth revenue and property and equipment—net by geographic region (in millions):
Year Ended December 31, | |||||||||||
Revenue | 2019 | 2018 | 2017 | ||||||||
Americas: | |||||||||||
United States | $ | $ | $ | ||||||||
Other Americas (1) | |||||||||||
Total Americas | |||||||||||
Europe, Middle East and Africa (“EMEA”) | |||||||||||
Asia Pacific (“APAC”) | |||||||||||
Total revenue | $ | $ | $ | ||||||||
(1) In 2019, Canada and Latin America revenue were combined and presented as Other Americas. Prior periods have been reclassified to conform with current period presentation. | |||||||||||
Property and Equipment—net | December 31, 2019 | December 31, 2018 | |||||
Americas: | |||||||
United States | $ | $ | |||||
Canada | |||||||
Latin America | |||||||
Total Americas | |||||||
EMEA | |||||||
APAC | |||||||
Total property and equipment—net | $ | $ | |||||
95
16. ACCUMULATED OTHER COMPREHENSIVE INCOME (LOSS)
Year Ended December 31, 2019 | |||||||||||
Unrealized Gains (Losses) on Investments | Tax provision (benefit) related to unrealized gains or losses on investments | Total | |||||||||
Beginning balance | $ | ( | ) | $ | ( | ) | $ | ( | ) | ||
Other comprehensive income before reclassifications | |||||||||||
Amounts reclassified from accumulated other comprehensive income (loss) | ( | ) | |||||||||
Net current-period other comprehensive income | |||||||||||
Ending balance | $ | $ | $ | ||||||||
We adopted ASU 2018-02 on January 1, 2019, and elected to reclassify the income tax effects of the 2017 Tax Act to retained earnings at the beginning of the period. Other amounts reclassified from accumulated other comprehensive income (loss) for unrealized losses on investments and tax provision related to unrealized gains or losses on investments are recorded in other income (expense)—net and in provision for (benefit from) income taxes, respectively. We did not have any material changes to accumulated other comprehensive income (loss) during 2018.
17. SUBSEQUENT EVENT
In January 2020, we entered into an agreement with a competitor in the network security industry, whereby, in February 2020, this party paid us a lump sum of $50.0 million for a seven-year mutual covenant-not-to-sue for patent claims. Pursuant to this agreement, at the end of this first seven-year period, either party may extend the agreement for an additional seven-year mutual covenant-not-to-sue in return for this competitor paying us an additional $50.0 million, for an aggregate payment of $100.0 million by the competitor to us. This agreement arose after expiration of previous agreements between the parties whereby the competitor had paid us additional sums for a limited term license to certain of our intellectual property and a limited term mutual covenant-not-to-sue.
96
ITEM 9. Changes in and Disagreements With Accountants on Accounting and Financial Disclosure
None.
ITEM 9A. Controls and Procedures
Evaluation of Disclosure Controls and Procedures
Our management, with the participation of our chief executive officer and chief financial officer, evaluated the effectiveness of our disclosure controls and procedures (as defined in Rule 13a-15(e) or 15d-15(e) under the Securities Exchange Act of 1934 (the “Exchange Act”) as of the end of the period covered by this Annual Report on Form 10-K. In designing and evaluating the disclosure controls and procedures, management recognized that any controls and procedures, no matter how well designed and operated, can provide only reasonable assurance of achieving the desired control objectives. In addition, the design of disclosure controls and procedures must reflect the fact that there are resource constraints and that management is required to apply its judgment in evaluating the benefits of possible controls and procedures relative to their costs.
Based on that evaluation, our chief executive officer and chief financial officer concluded that our disclosure controls and procedures were effective as of December 31, 2019 to provide reasonable assurance that information we are required to disclose in reports that we file or submit under the Exchange Act is recorded, processed, summarized and reported within the time periods specified in SEC rules and forms, and that such information is accumulated and communicated to our management, including our chief executive officer and chief financial officer, as appropriate, to allow timely decisions regarding required disclosure.
Management’s Report on Internal Control Over Financial Reporting
Our management is responsible for establishing and maintaining adequate internal control over financial reporting, as defined in Rule 13a-15(f) and 15d-15(f) under the Exchange Act. Management conducted an evaluation of the effectiveness of our internal control over financial reporting based on the framework in Internal Control—Integrated Framework (2013) set forth by the Committee of Sponsoring Organizations of the Treadway Commission.
Based on this evaluation, management concluded that our internal control over financial reporting was effective as of December 31, 2019. Management reviewed the results of its assessment with our Audit Committee. The effectiveness of our internal control over financial reporting as of December 31, 2019 has been audited by Deloitte & Touche LLP, an independent registered public accounting firm, as stated in its report, which appears in this Item under the heading “Report of Independent Registered Public Accounting Firm.”
Changes in Internal Control over Financial Reporting
In January 2019, we implemented certain internal controls over financial reporting in connection with our adoption of Topic 842. There were no other changes in our internal control over financial reporting (as defined in Rules 13a-15(f) or 15d-15(f) under the Exchange Act) during 2019 that have materially affected, or are reasonably likely to materially affect, our internal control over financial reporting.
97
REPORT OF INDEPENDENT REGISTERED PUBLIC ACCOUNTING FIRM
To the stockholders and the Board of Directors of Fortinet, Inc.
Opinion on Internal Control over Financial Reporting
We have audited the internal control over financial reporting of Fortinet, Inc. and subsidiaries (the “Company”) as of December 31, 2019, based on criteria established in Internal Control–Integrated Framework (2013) issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). In our opinion, the Company maintained, in all material respects, effective internal control over financial reporting as of December 31, 2019, based on criteria established in Internal Control–Integrated Framework (2013) issued by COSO.
We have also audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States) (PCAOB), the consolidated financial statements as of and for the year ended December 31, 2019, of the Company and our report dated February 25, 2020, expressed an unqualified opinion on those financial statements and included an explanatory paragraph related to the Company’s change in its method of accounting for revenue due to adoption of the new revenue standard in 2018.
Basis for Opinion
The Company’s management is responsible for maintaining effective internal control over financial reporting and for its assessment of the effectiveness of internal control over financial reporting, included in the accompanying Management’s Report on Internal Control over Financial Reporting. Our responsibility is to express an opinion on the Company’s internal control over financial reporting based on our audit. We are a public accounting firm registered with the PCAOB and are required to be independent with respect to the Company in accordance with the U.S. federal securities laws and the applicable rules and regulations of the Securities and Exchange Commission and the PCAOB.
We conducted our audit in accordance with the standards of the PCAOB. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether effective internal control over financial reporting was maintained in all material respects. Our audit included obtaining an understanding of internal control over financial reporting, assessing the risk that a material weakness exists, testing and evaluating the design and operating effectiveness of internal control based on the assessed risk, and performing such other procedures as we considered necessary in the circumstances. We believe that our audit provides a reasonable basis for our opinion.
Definition and Limitations of Internal Control over Financial Reporting
A company’s internal control over financial reporting is a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles. A company’s internal control over financial reporting includes those policies and procedures that (1) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company; (2) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorizations of management and directors of the company; and (3) provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the company’s assets that could have a material effect on the financial statements.
Because of its inherent limitations, internal control over financial reporting may not prevent or detect misstatements. Also, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate.
/s/ DELOITTE & TOUCHE LLP
San Jose, California
February 25, 2020
98
ITEM 9B. Other Information
None.
Part III
ITEM 10. Directors, Executive Officers and Corporate Governance
Information responsive to this item is incorporated herein by reference to our definitive proxy statement with respect to our 2020 Annual Meeting of Stockholders to be filed with the SEC within 120 days after the end of the fiscal year covered by this Annual Report on Form 10-K.
As part of our system of corporate governance, our board of directors has adopted a code of business conduct and ethics. The code applies to all of our employees, officers (including our principal executive officer, principal financial officer, principal accounting officer or controller, or persons performing similar functions), agents and representatives, including our independent directors and consultants, who are not our employees, with regard to their Fortinet-related activities. Our code of business conduct and ethics is available on our website at www.fortinet.com under “Corporate—Investor Relations—Corporate Governance.” We will post on this section of our website any amendment to our code of business conduct and ethics, as well as any waivers of our code of business conduct and ethics, that are required to be disclosed by the rules of the SEC or the Nasdaq Stock Market.
ITEM 11. Executive Compensation
Information responsive to this item is incorporated herein by reference to our definitive proxy statement with respect to our 2020 Annual Meeting of Stockholders to be filed with the SEC within 120 days after the end of the fiscal year covered by this Annual Report on Form 10-K.
ITEM 12. Security Ownership of Certain Beneficial Owners and Management and Related Stockholder Matters
Information responsive to this item is incorporated herein by reference to our definitive proxy statement with respect to our 2020 Annual Meeting of Stockholders to be filed with the SEC within 120 days after the end of the fiscal year covered by this Annual Report on Form 10-K.
ITEM 13. Certain Relationships and Related Transactions, and Director Independence
Information responsive to this item is incorporated herein by reference to our definitive proxy statement with respect to our 2020 Annual Meeting of Stockholders to be filed with the SEC within 120 days after the end of the fiscal year covered by this Annual Report on Form 10-K.
ITEM 14. Principal Accounting Fees and Services
Information responsive to this item is incorporated herein by reference to our definitive proxy statement with respect to our 2020 Annual Meeting of Stockholders to be filed with the SEC within 120 days after the end of the fiscal year covered by this Annual Report on Form 10-K.
99
Part IV
ITEM 15. Exhibits, Financial Statement Schedules
(a) The following documents are filed as part of this Annual Report on Form 10-K:
1. | Financial Statements: The information concerning Fortinet’s financial statements and the Report of Independent Registered Public Accounting Firm required by this Item 15(a)(1) is incorporated by reference herein to the section of this Annual Report on Form 10-K in Part II, Item 8, titled “Financial Statements and Supplementary Data.” |
2. | Financial Statement Schedule: The following financial statement schedule of Fortinet, Inc., for the fiscal years ended December 31, 2019, 2018 and 2017, is filed as part of this Annual Report on Form 10-K and should be read in conjunction with our consolidated financial statements. |
SCHEDULE II—VALUATION AND QUALIFYING ACCOUNTS
Year Ended December 31, | |||||||||||
2019 (1) | 2018 (1) | 2017 | |||||||||
(in millions) | |||||||||||
Sales Returns Reserve and Allowance for Doubtful Accounts: | |||||||||||
Beginning balance | $ | $ | $ | ||||||||
Charged to costs and expenses, net of deductions | |||||||||||
Reclassification due to adoption of Topic 606 (1) | ( | ) | |||||||||
Ending balance | $ | $ | $ | ||||||||
(1) Effective January 1, 2018, we reclassified our sales returns reserve in the amount of $13.6 million from accounts receivable to accrued liabilities, in connection with the adoption of Topic 606. The ending balances for the years ended December 31, 2019 and 2018 consist only of the allowance for doubtful accounts. | |||||||||||
Schedules not listed above have been omitted because they are not applicable or are not required or the information required to be set forth therein is included in the consolidated financial statements or notes thereto.
3. | Exhibits: See Item 15(b) below. We have filed, or incorporated into this Annual Report on Form 10-K by reference, the exhibits listed on the accompanying Exhibit Index immediately preceding the signature page of this Annual Report on Form 10-K. |
(b) Exhibits:
The exhibit list in the Exhibit Index immediately preceding the signature page of this Annual Report on Form 10-K is incorporated herein by reference as the list of exhibits required by this Item 15(b).
(c) Financial Statement Schedules: See Item 15(a) above.
100
EXHIBIT INDEX
Exhibit Number | Description | Incorporated by reference herein | ||||||
Form | Date | Exhibit Number | ||||||
Amended and Restated Certificate of Incorporation | Current Report on Form 8-K (File No. 001-34511) | June 28, 2018 | 3.1 | |||||
Amended and Restated Bylaws | Current Report on Form 8-K (File No. 001-34511) | June 28, 2018 | 3.2 | |||||
Specimen common stock certificate of the Company | Registration Statement on Form S-l, as amended (File No. 333-161190) | November 2, 2009 | 4.1 | |||||
4.2* | Description of Securities Registered Pursuant to Section 12 of the Exchange Act | |||||||
10.1† | Forms of Indemnification Agreement between the Company and its directors and officers | Registration Statement on Form S-l (File No. 333-161190) | August 10, 2009 | 10.1 | ||||
10.2† | Amended and Restated 2009 Equity Incentive Plan | Quarterly Report on Form 10-Q (File No. 001-34511) | August 1, 2019 | 10.1 | ||||
10.3† | Forms of stock option agreement under Amended and Restated 2009 Equity Incentive Plan | Annual Report on Form 10-K (File No. 001-34511) | February 28, 2012 | 10.5 | ||||
10.4† | Form of performance stock unit award agreement under Amended and Restated 2009 Equity Incentive Plan | Quarterly Report on Form 10-Q (File No. 001-34511) | August 6, 2013 | 99.1 | ||||
10.5† | Forms of restricted stock unit award and performance stock unit award agreement under Amended and Restated 2009 Equity Incentive Plan (Additional Forms) | Annual Report on Form 10-K (File No. 001-34511) | March 2, 2015 | 10.7 | ||||
10.6†* | Form of restricted stock unit award agreement under Amended and Restated 2009 Equity Incentive Plan (Additional Form) | |||||||
10.7†* | Form of stock option award agreement under Amended and Restated 2009 Equity Incentive Plan (Additional Form) | |||||||
10.8† | Fortinet, Inc. Bonus Plan | Current Report on Form 8-K (File No. 001-34511) | January 26, 2010 | 10.1 | ||||
10.9† | Fortinet, Inc. Cash and Equity Incentive Plan | Quarterly Report on Form 10-Q (File No. 001-34511) | November 5, 2013 | 10.1 | ||||
Form of Change of Control Agreement between the Company and its directors | Quarterly Report on Form 10-Q (File No. 001-34511) | August 4, 2015 | 10.1 | |||||
Amended and Restated Change of Control Severance Agreement, effective as of August 7, 2019, between the Company and Ken Xie | Quarterly Report on Form 10-Q (File No. 001-34511) | August 1, 2019 | 10.2 | |||||
Amended and Restated Change of Control Severance Agreement, effective as of August 7, 2019, between the Company and Michael Xie | Quarterly Report on Form 10-Q (File No. 001-34511) | August 1, 2019 | 10.3 | |||||
Amended and Restated Change of Control Severance Agreement, effective as of August 7, 2019, between the Company and John Whittle | Quarterly Report on Form 10-Q (File No. 001-34511) | August 1, 2019 | 10.4 | |||||
Offer Letter, dated as of October 23, 2006, by and between the Company and John Whittle | Registration Statement on Form S-l, as amended (File No. 333-161190) | August 10, 2009 | 10.10 | |||||
Offer Letter, dated as of April 3, 2014, by and between the Company and Keith Jensen | Annual Report on Form 10-K (File No. 001-34511) | February 26, 2018 | 10.22 | |||||
Amended and Restated Change of Control Severance Agreement, effective as of August 7, 2019, between the Company and Keith Jensen | Quarterly Report on Form 10-Q (File No. 001-34511) | August 1, 2019 | 10.5 | |||||
21.1* | List of subsidiaries | |||||||
23.1* | Consent of Independent Registered Public Accounting Firm | |||||||
101
24.1* | Power of Attorney (incorporated by reference to the signature page of this Annual Report on Form 10-K) | |||||||
31.1* | Certification of Chief Executive Officer pursuant to Exchange Act Rules 13a-14(a) and 15d-14(a), as adopted pursuant to Section 302 of the Sarbanes-Oxley Act of 2002 | |
31.2* | Certification of Chief Financial Officer pursuant to Exchange Act Rules 13a-14(a) and 15d-14(a), as adopted pursuant to Section 302 of the Sarbanes-Oxley Act of 2002 | |
32.1** | Certifications of Chief Executive Officer and Chief Financial Officer pursuant to 18 U.S.C. Section 1350, as adopted pursuant to Section 906 of the Sarbanes-Oxley Act of 2002 | |
101.INS* | Inline XBRL Instance Document - the instance document does not appear in the interactive data file because its XBRL tags are embedded within the inline XBRL document. | |
101.SCH* | Inline XBRL Taxonomy Extension Schema Document | |
101.CAL* | Inline XBRL Taxonomy Extension Calculation Linkbase Document | |
101.DEF* | Inline XBRL Taxonomy Extension Definition Linkbase Document | |
101.LAB* | Inline XBRL Taxonomy Extension Label Linkbase Document | |
101.PRE* | Inline XBRL Taxonomy Extension Presentation Linkbase Document | |
104* | Cover Page Interactive Data File - the cover page from the Company’s Annual Report on Form 10-K for the year ended December 31, 2019 is formatted in inline XBRL. | |
________________________________
† Indicates management compensatory plan, contract or arrangement.
* Filed herewith.
** Furnished herewith. This certification is deemed not filed for purposes of Section 18 of the Exchange Act, or otherwise subject to the liability of that section, nor shall it be deemed incorporated by reference into any filing under the Securities Act or the Exchange Act.
102
SIGNATURES
Pursuant to the requirements of Section 13 or 15(d) of the Securities Exchange Act of 1934, the registrant has duly caused this report to be signed on its behalf by the undersigned, thereunto duly authorized, on February 25, 2020.
FORTINET, INC. | ||
By: | /s/ Ken Xie | |
Ken Xie, Chief Executive Officer and Chairman | ||
(Duly Authorized Officer and Principal Executive Officer) | ||
FORTINET, INC. | ||
By: | /s/ Keith Jensen | |
Keith Jensen, Chief Financial Officer | ||
(Duly Authorized Officer and Principal Financial Officer and Principal Accounting Officer) | ||
103
POWER OF ATTORNEY
KNOW ALL PERSONS BY THESE PRESENTS, that each person whose signature appears below constitutes and appoints Ken Xie and Keith Jensen, jointly and severally, his or her attorney-in-fact, with the power of substitution, for him or her in any and all capacities, to sign any amendments to this Annual Report on Form 10-K and to file the same, with exhibits thereto and other documents in connection therewith, with the Securities and Exchange Commission, hereby ratifying and confirming all that each of said attorneys-in-fact, or his substitute or substitutes, may do or cause to be done by virtue hereof.
Pursuant to the requirements of the Securities Exchange Act of 1934, this report has been signed below by the following persons on behalf of the registrant and in the capacities and on the dates indicated.
Signature | Title | Date | ||
/s/ Ken Xie | Chief Executive Officer and Chairman | February 25, 2020 | ||
Ken Xie | (Principal Executive Officer) | |||
/s/ Keith Jensen | Chief Financial Officer | February 25, 2020 | ||
Keith Jensen | (Principal Financial Officer and Principal Accounting Officer) | |||
/s/ Michael Xie | President, Chief Technology Officer and Director | February 25, 2020 | ||
Michael Xie | ||||
/s/ Ming Hsieh | Director | February 25, 2020 | ||
Ming Hsieh | ||||
/s/ Jean Hu | Director | February 25, 2020 | ||
Jean Hu | ||||
/s/ Gary Locke | Director | February 25, 2020 | ||
Gary Locke | ||||
/s/ William H. Neukom | Director | February 25, 2020 | ||
William H. Neukom | ||||
/s/ Christopher B. Paisley | Director | February 25, 2020 | ||
Christopher B. Paisley | ||||
/s/ Judith Sim | Director | February 25, 2020 | ||
Judith Sim | ||||
104
Exhibit 4.2
DESCRIPTION OF FORTINET’S SECURITIES REGISTERED
PURSUANT TO SECTION 12 OF THE SECURITIES EXCHANGE ACT OF 1934
As of December 31, 2019, Fortinet, Inc. (“we,” “us” or “our”) had one class of securities registered under Section 12 of the Securities Exchange Act of 1934, as amended: our common stock.
The following summary of the terms of our common stock is based upon our amended and restated certificate of incorporation, our amended and restated bylaws and applicable provisions the Delaware General Corporation Law (the “DGCL”). The summary is not complete, and is qualified by reference to our amended and restated certificate of incorporation and our amended and restated bylaws, which are filed as exhibits to this Annual Report on Form 10-K and are incorporated by reference herein. We encourage you to read our amended and restated certificate of incorporation, our amended and restated bylaws and the applicable provisions of the DGCL for additional information.
Capitalization
Our authorized capital stock consists of 310,000,000 shares of capital stock, including 300,000,000 shares of common stock, par value $0.001 per share, and 10,000,000 shares of undesignated preferred stock, par value $0.001 per share.
Common Stock
Dividend Rights
Subject to preferences that may apply to any shares of preferred stock outstanding at the time, the holders of our common stock are entitled to receive dividends out of funds legally available if our board of directors, in its discretion, determines to issue dividends and then only at the times and in the amounts that our board of directors may determine.
Voting Rights
Holders of our common stock are entitled to one vote for each share held on all matters submitted to a vote of stockholders. We have not provided for cumulative voting for the election of directors in our amended and restated certificate of incorporation. Our amended and restated certificate of incorporation implements a gradual declassification of our board of directors and provides for the annual election of directors for one-year terms, commencing upon the expiration of the directors’ then-current terms. Accordingly, beginning with our 2020 annual meeting of stockholders, all members of our board of directors will stand for election annually for one-year terms. Our amended and restated bylaws provide for a majority voting standard for uncontested elections of directors.
Right to Receive Liquidation Distributions
Upon our liquidation, dissolution or winding-up, the assets legally available for distribution to our stockholders would be distributable ratably among the holders of our common stock and any participating preferred stock outstanding at that time, subject to prior satisfaction of all outstanding debt and liabilities and the preferential rights of and the payment of liquidation preferences, if any, on any outstanding shares of preferred stock.
Other Rights and Preferences
Our common stock is not entitled to preemptive rights, and is not subject to conversion, redemption or sinking fund provisions.
Preferred Stock
Our board of directors is authorized, subject to limitations prescribed by Delaware law, to issue preferred stock in one or more series, to establish from time to time the number of shares to be included in each series and to fix the designation, powers, preferences and rights of the shares of each series and any of its qualifications, limitations, or restrictions, in each case without further vote or action by our stockholders. Our board of directors can also increase or decrease the number of shares of any series of preferred stock, but not below the number of shares of that series then outstanding, without any further vote or action by our stockholders. Our board of directors may authorize the issuance of preferred stock with voting or conversion rights that could adversely affect the voting power or other rights of the holders of our common stock. The issuance of preferred stock, while providing flexibility in connection with possible acquisitions and other corporate purposes, could, among other things, have the effect of delaying, deferring or preventing a change in our control and might adversely affect the market price of our common stock and the voting and other rights of the holders of our common stock.
Anti-Takeover Provisions
The provisions of Delaware law, our amended and restated certificate of incorporation and our amended and restated bylaws could have the effect of delaying, deferring or discouraging another person from acquiring control of our company. These provisions, which are summarized below, may have the effect of discouraging takeover bids.
Delaware Law
We are subject to the provisions of Section 203 of the DGCL regulating corporate takeovers. In general, DGCL Section 203 prohibits a publicly held Delaware corporation from engaging in a business combination with an interested stockholder for a period of three years following the date on which the person became an interested stockholder unless:
• | prior to the date of the transaction, the board of directors of the corporation approved either the business combination or the transaction which resulted in the stockholder becoming an interested stockholder; |
• | the interested stockholder owned at least 85% of the voting stock of the corporation outstanding at the time the transaction commenced, excluding for purposes of determining the voting stock outstanding, but not the outstanding voting stock owned by the interested stockholder, (i) shares |
owned by persons who are directors and also officers and (ii) shares owned by employee stock plans in which employee participants do not have the right to determine confidentially whether shares held subject to the plan will be tendered in a tender or exchange offer; or
• | at or subsequent to the date of the transaction, the business combination is approved by the board of directors of the corporation and authorized at an annual or special meeting of stockholders, and not by written consent, by the affirmative vote of at least 66 2/3% of the outstanding voting stock that is not owned by the interested stockholder. |
Generally, a business combination includes a merger, asset or stock sale or other transaction or series of transactions together resulting in a financial benefit to the interested stockholder. An interested stockholder is a person who, together with affiliates and associates, owns or, within three years prior to the determination of interested stockholder status, did own 15% or more of a corporation’s outstanding voting stock. We expect the existence of this provision to have an anti-takeover effect with respect to transactions our board of directors does not approve in advance. We also anticipate that DGCL Section 203 may also discourage attempts that might result in a premium over the market price for the shares of common stock held by stockholders.
Amended and Restated Certificate of Incorporation and Amended and Restated Bylaws Provisions
Our amended and restated certificate of incorporation and our amended and restated bylaws include a number of provisions that could deter hostile takeovers or delay or prevent changes in control of our company, including the following:
• | Board of Directors Vacancies. Our amended and restated certificate of incorporation and our amended and restated bylaws authorize only our board of directors to fill vacant directorships, including newly created seats. In addition, the number of directors constituting our board of directors may be set only by a resolution adopted by a majority vote of our entire board of directors. These provisions prevent a stockholder from increasing the size of our board of directors and then gaining control of our board of directors by filling the resulting vacancies with its own nominees. This makes it more difficult to change the composition of our board of directors but promotes continuity of management. |
• | Stockholder Action; Special Meetings of Stockholders. Our amended and restated certificate of incorporation provides that our stockholders may not take action by written consent, and may only take action at an annual or special meeting of our stockholders. Our amended and restated bylaws further provide that special meetings of our stockholders may be called only by a majority of our board of directors, the chairperson of our board of directors, our chief executive officer or our president, thus prohibiting a stockholder from calling a special meeting. These provisions might delay the ability of our stockholders to force consideration of a proposal or for stockholders to take any action, including the removal of directors. |
• | Advance Notice Requirements for Stockholder Proposals and Director Nominations. Our amended and restated bylaws provide advance notice procedures for stockholders seeking to bring business before our annual meeting of stockholders or to nominate candidates for election as directors at our annual meeting of stockholders. Our amended and restated bylaws also specify certain |
requirements regarding the form and content of a stockholder’s notice. These provisions might preclude our stockholders from bringing matters before our annual meeting of stockholders or from making nominations for directors at our annual meeting of stockholders if the proper procedures are not followed. We expect that these provisions might also discourage or deter a potential acquirer from conducting a solicitation of proxies to elect the acquirer’s own slate of directors or otherwise attempting to obtain control of our company.
• | No Cumulative Voting. The DGCL provides that stockholders are not entitled to the right to cumulate votes in the election of directors unless a corporation’s certificate of incorporation provides otherwise. Our amended and restated certificate of incorporation and amended and restated bylaws do not provide for cumulative voting. |
• | Supermajority Requirements for Amendments of Our Amended and Restated Certificate of Incorporation and Our Amended and Restated Bylaws. Our amended and restated certificate of incorporation provides that the affirmative vote of holders of at least 66 2/3% of the voting power of all of the then outstanding shares of voting stock is required to amend, alter or repeal, or adopt any provision as part of our amended and restated certificate of incorporation inconsistent with the purpose and intent of, certain provisions of our amended and restated certificate of incorporation. Further, the affirmative vote of holders of at least 66 2/3% of the voting power of all of the then outstanding shares of voting stock is required to amend or repeal our amended and restated bylaws, although our amended and restated bylaws may be amended by a simple majority vote of our board of directors. |
• | Issuance of Undesignated Preferred Stock. Our board of directors has the authority, without further action by the stockholders, to issue up to 10,000,000 shares of undesignated preferred stock with rights and preferences, including voting rights, designated from time to time by our board of directors. The existence of authorized but unissued shares of preferred stock enables our board of directors to render more difficult or to discourage an attempt to obtain control of us by means of a merger, tender offer, proxy contest or other means. |
• | Choice of Forum. Our amended and restated bylaws provide that, unless we consent in writing to the selection of alternate forum, state and federal courts located within the state of Delaware are the exclusive forum for: (i) any derivative action or proceeding brought on our behalf; (ii) any action asserting a breach of a fiduciary duty owed by, or other wrongdoing by, any of our directors, officers, employees or agents to the corporation or the corporation’s stockholders; (iii) any action asserting a claim arising pursuant to any provision of the DGCL, our amended and restated certificate of incorporation or our amended and restated bylaws; (iv) any action to interpret, apply, enforce or determine the validity of our amended and restated certificate of incorporation or our amended and restated bylaws; or (v) any action asserting a claim governed by the internal affairs doctrine. |
Listing
Our common stock is listed on The Nasdaq Global Select Market under the symbol “FTNT.”
Transfer Agent and Registrar
The transfer agent and registrar for our common stock is Computershare Trust Company, N.A.
Exhibit 10.6
AMENDED AND RESTATED FORTINET, INC.
2009 EQUITY INCENTIVE PLAN
RESTRICTED STOCK UNIT AWARD AGREEMENT
Unless otherwise defined herein, the terms defined in the Amended and Restated Fortinet, Inc. 2009 Equity Incentive Plan (the “Plan”) will have the same defined meanings in this Restricted Stock Unit Award Agreement, including any country-specific terms and conditions set forth in the attached Appendix (collectively, the “Award Agreement”).
I.NOTICE OF RESTRICTED STOCK UNIT GRANT
Participant Name:
Address:
You have been granted the right to receive an Award of Restricted Stock Units, subject to the terms and conditions of the Plan and this Award Agreement, as follows:
Grant Number | |
Date of Grant | |
Vesting Commencement Date | |
Number of Restricted Stock Units | |
Vesting Schedule:
Subject to any acceleration provisions contained in the Plan or set forth below, the Restricted Stock Unit will vest in accordance with the following schedule:
[INSERT VESTING SCHEDULE.]
In the event Participant ceases to be a Service Provider for any or no reason before Participant vests in any Restricted Stock Units, any such unvested Restricted Stock Units and Participant’s right to acquire any Shares hereunder will immediately terminate.
By Participant’s signature and the signature of the representative of Fortinet, Inc. (the “Company”) below, Participant and the Company agree that this Award of Restricted Stock Units is granted under and governed by the terms and conditions of the Plan and this Award Agreement, including the Terms and Conditions of Restricted Stock Unit Grant, attached hereto as Exhibit A and the Addendum with additional country-specific terms and conditions (the “Addendum”) attached hereto as Exhibit B, all of which are made a part of this Award Agreement. Participant has reviewed the Plan and this Award Agreement in their entirety, has had an opportunity to obtain
1
the advice of counsel prior to accepting this Award Agreement and fully understands all provisions of the Plan and Award Agreement. Participant hereby agrees to accept as binding, conclusive and final all decisions or interpretations of the Administrator upon any questions relating to the Plan and Award Agreement. Participant further agrees to notify the Company upon any change in the residence address indicated below.
PARTICIPANT: | FORTINET, INC. | |||
Signature | By | |||
Print Name | Title | |||
Residence Address: | ||||
2
EXHIBIT A
TERMS AND CONDITIONS OF RESTRICTED STOCK UNIT GRANT
1. Grant. The Company hereby grants to the individual named in the Notice of Grant attached as Part I of this Award Agreement (the “Participant”) under the Plan an Award of Restricted Stock Units, subject to all of the terms and conditions in this Award Agreement and the Plan, which is incorporated herein by reference. In the event of a conflict between the terms and conditions of the Plan and the terms and conditions of this Award Agreement, the terms and conditions of the Plan will prevail.
2. Company’s Obligation to Pay. Each Restricted Stock Unit represents the right to receive a Share on the date it vests. Unless and until the Restricted Stock Units will have vested in the manner set forth in Section 3, Participant will have no right to payment of any such Restricted Stock Units. Prior to actual payment of any vested Restricted Stock Units, such Restricted Stock Unit will represent an unsecured obligation of the Company, payable (if at all) only from the general assets of the Company. Any Restricted Stock Units that vest in accordance with Sections 3 or 4 will be paid to Participant (or in the event of Participant’s death, to his or her estate) in whole Shares, subject to Participant satisfying any Tax-Related Items as defined and as set forth in Section 6. [The Company shall not be required to issue fractional Shares upon the vesting of a Restricted Stock Unit.] Vested Restricted Stock Units will be paid in Shares as soon as practicable after vesting, but in each such case within the period ending no later than the date that is two and one-half (2½) months from the end of the Company’s tax year that includes the vesting date.
3. Vesting Schedule. Except as provided in Section 4, and subject to Section 6, the Restricted Stock Units awarded by this Award Agreement will vest in accordance with the vesting provisions set forth in the Notice of Grant. Restricted Stock Units scheduled to vest on a certain date or upon the occurrence of a certain condition will not vest in accordance with any of the provisions of this Award Agreement, unless Participant will have been continuously a Service Provider from the Date of Grant until the date such vesting occurs as further described in Section 6.
4. Administrator Discretion. The Administrator, in its discretion, may accelerate the vesting of the balance, or some lesser portion of the balance, of the unvested Restricted Stock Units at any time, subject to the terms of the Plan. If so accelerated, such Restricted Stock Units will be considered as having vested as of the date specified by the Administrator.
5. Dividend Equivalents. Participant shall be entitled to receive the equivalent value (in cash or Shares or a combination thereof) of any dividends paid on each Share for each Restricted Stock Unit (a “Dividend Equivalent”). Dividend Equivalents will be subject to the same vesting and forfeitability restrictions to which the underlying Restricted Stock Units are subject. Any Dividend Equivalent that becomes payable shall be paid at the same time that the underlying Restricted Stock Unit is paid pursuant to Section 2.
3
6. Forfeiture upon Termination of Status as a Service Provider. Notwithstanding any contrary provision of this Award Agreement, the balance of the Restricted Stock Units that have not vested as of the time of Participant’s termination as a Service Provider, for any or no reason and Participant’s right to acquire any Shares hereunder, will immediately terminate upon Participant’s termination as a Service Provider. For purposes of the Restricted Stock Units, Participant's status as a Service Provider will be considered terminated as of the date Participant is no longer actively providing services to the Company or any Parent or Subsidiary (regardless of the reason for such termination and whether or not later to be found invalid or in breach of employment laws in the jurisdiction where Participant is employed or rendering services or the terms of Participant’s employment or service agreement, if any), and Participant’s right to vest in the Restricted Stock Units under the Plan, if any, will terminate as of such date and will not be extended by any notice period (e.g., Participant's period of service would not include any contractual notice period or any period of “garden leave” or similar period mandated under employment laws in the jurisdiction where Participant is employed or rendering services or the terms of Participant’s employment or service agreement, if any); the Administrator shall have the exclusive discretion to determine when Participant is no longer actively providing services for purposes of the Restricted Stock Unit grant (including whether Participant may still be considered to be a Service Provider while on a leave of absence).
7. Death of Participant. Any distribution or delivery to be made to Participant under this Award Agreement will, if Participant was a U.S. resident and is then deceased, be made to Participant’s designated beneficiary, or if no beneficiary survives Participant, the administrator or executor of Participant’s estate. Any distribution or delivery to be made to Participant under this Award Agreement will, if Participant was not a U.S. resident and is then deceased, be made to the administrator or executor of Participant’s estate. Any such transferee must furnish the Company with (a) written notice of his or her status as transferee, and (b) evidence satisfactory to the Company to establish the validity of the transfer and compliance with any laws or regulations pertaining to said transfer.
8. Responsibility for Taxes.
(a) Participant acknowledges that, regardless of any action taken by the Company or, if different, the Parent or Subsidiary retaining or employing Participant (the “Employer”) the ultimate liability for all income tax, social insurance, payroll tax, fringe benefits tax, payment on account or other tax-related items related to Participant’s participation in the Plan and legally applicable to Participant (“Tax-Related Items”), is and remains Participant’s responsibility and may exceed the amount actually withheld by the Company or the Employer. Participant further acknowledges that the Company and/or the Employer (1) make no representations or undertakings regarding the treatment of any Tax-Related Items in connection with any aspect of the Restricted Stock Units, including, but not limited to, the grant, vesting or settlement of the Restricted Stock Units, the issuance of Shares upon settlement of the Restricted Stock Units, the subsequent sale of Shares acquired pursuant to such settlement and the receipt of any dividends or dividend equivalents; and (2) do not commit to and are under no obligation to structure the terms of the grant or any aspect of the Restricted Stock Units to reduce or eliminate Participant’s liability for Tax-
4
Related Items or achieve any particular tax result. Further, if Participant is subject to Tax-Related Items in more than one jurisdiction, Participant acknowledges that the Company and/or the Employer (or former employer, as applicable) may be required to withhold or account for Tax-Related Items in more than one jurisdiction.
(b) Prior to any relevant taxable or tax withholding event, as applicable, Participant agrees to make adequate arrangements satisfactory to the Company and/or the Employer to satisfy all Tax-Related Items. In this regard, Participant authorizes the Company and/or the Employer, or their respective agents, at their discretion, to satisfy the Tax-Related Items by one or a combination of the following: (i) paying cash, (ii) withholding from Participant’s wages or other cash compensation payable to Participant by the Company and/or any Parent or Subsidiary, (iii) withholding from the proceeds of a sale of Shares acquired pursuant to the Restricted Stock Units, either through a voluntary sale or mandatory sale; or (iv) withholding in Shares to be issued upon vesting of the Restricted Stock Units; provided, however, that if the Participant is a Section 16 officer of the Company under the Exchange Act, then the Company will withhold in Shares upon the relevant taxable or tax withholding event, as applicable, unless the use of such withholding method is problematic under applicable tax or securities law or has materially adverse accounting consequences, in which case, any applicable obligations for Tax-Related Items may be satisfied by one or a combination of methods (i) through (iii) hereof, as determined by the Participant.
(c) Depending on the withholding method, the Company may withhold or account for Tax-Related Items by considering statutory withholding rates or other applicable withholding rates, including minimum and maximum applicable rates, in which case Participant may receive a refund of any over-withheld amount in cash and will have no entitlement to the Share equivalent. If the obligations for Tax-Related Items is satisfied by withholding in Shares, for tax purposes, Participant will be deemed to have been issued the full number of Shares subject to the vested Restricted Stock Units, notwithstanding that a number of the Shares are held back solely for the purpose of paying the Tax-Related Items.
(d) Participant agrees to pay to the Company or the Employer any amount of Tax-Related Items that the Company or the Employer may be required to withhold or account for as a result of Participant’s participation in the Plan that cannot be satisfied by the means previously described. If Participant fails to make satisfactory arrangements for the payment of any required Tax-Related Items obligations hereunder, the Company may refuse to issue or deliver the Shares or the proceeds of the sale of Shares if Participant fails to comply with these obligations in connection with the Tax-Related Items.
9. Rights as Stockholder. Neither Participant nor any person claiming under or through Participant will have any of the rights or privileges of a stockholder of the Company in respect of any Shares deliverable hereunder unless and until certificates representing such Shares will have been issued, recorded on the records of the Company or its transfer agents or registrars, and delivered to Participant. After such issuance, recordation and delivery, Participant will have all the rights of a stockholder of the Company with respect to voting such Shares and receipt of dividends and distributions on such Shares.
5
10. No Guarantee of Continued Service. PARTICIPANT ACKNOWLEDGES AND AGREES THAT THE VESTING OF THE RESTRICTED STOCK UNITS PURSUANT TO THE VESTING SCHEDULE HEREOF IS EARNED ONLY BY CONTINUING AS AN ACTIVE SERVICE PROVIDER, AND NOT THROUGH THE ACT OF BEING HIRED, BEING GRANTED THIS AWARD OF RESTRICTED STOCK UNITS OR ACQUIRING SHARES HEREUNDER. PARTICIPANT FURTHER ACKNOWLEDGES AND AGREES THAT THIS AWARD AGREEMENT, THE TRANSACTIONS CONTEMPLATED HEREUNDER AND THE VESTING SCHEDULE SET FORTH HEREIN DO NOT CONSTITUTE AN EXPRESS OR IMPLIED PROMISE OF CONTINUED ENGAGEMENT AS A SERVICE PROVIDER FOR THE VESTING PERIOD, FOR ANY PERIOD, OR AT ALL, AND WILL NOT INTERFERE IN ANY WAY WITH PARTICIPANT’S RIGHT OR THE RIGHT OF THE COMPANY (OR THE EMPLOYER) TO TERMINATE PARTICIPANT’S RELATIONSHIP AS A SERVICE PROVIDER AT ANY TIME, WITH OR WITHOUT CAUSE.
11. Nature of Grant. In accepting the Award, Participant acknowledges, understands and agrees that:
a. | the grant of the Restricted Stock Units is exceptional, voluntary and occasional and does not create any contractual or other right to receive future grants of Restricted Stock Units, or benefits in lieu of Restricted Stock Units, even if Restricted Stock Units have been granted in the past; |
b. | all decisions with respect to future Restricted Stock Units or other grants, if any, will be at the sole discretion of the Company; |
c. | Participant is voluntarily participating in the Plan; |
d. | the Restricted Stock Units and the Shares subject to the Restricted Stock Units, and the income and value of same, are not intended to replace any pension rights or compensation; |
e. | the Restricted Stock Units and the Shares subject to the Restricted Stock Units, and the income and value of same, are not part of normal or expected compensation for purposes of calculating any severance, resignation, termination, redundancy, dismissal, end-of-service payments, bonuses, long-service awards, leave-related payments, holiday pay, pension or retirement or welfare benefits or similar mandatory payments, and in no event should be considered as compensation for, or relating in any way to, past services for the Company, the Employer, or any Parent, Subsidiary, or Affiliate; |
f. | the future value of the underlying Shares is unknown, indeterminable and cannot be predicted with certainty; |
g. | unless otherwise agreed with the Company, the Restricted Stock Units and the Shares subject to the Restricted Stock Units, and the income and value of same, are not granted as consideration for, or in connection with, the service Participant may provide as a director of any Parent or Subsidiary of the Company. |
6
h. | no claim or entitlement to compensation or damages shall arise from forfeiture of the Restricted Stock Units resulting from the termination of Participant's status as a Service Provider (regardless of the reason for the termination and whether or not later found to be invalid or in breach of employment laws in the jurisdiction where Participant is employed or rendering services or the terms of Participant’s employment or service agreement, if any); |
i. | unless otherwise provided in the Plan or by the Company in its discretion, the Restricted Stock Units and the benefits evidenced by this Agreement do not create any entitlement to have the Restricted Stock Units or any such benefits transferred to, or assumed by, another company nor be exchanged, cashed out or substituted for, in connection with any corporate transaction affecting the Shares; and |
j. | the following provisions apply only if Participant is providing services outside the United States: |
(i) the Restricted Stock Units and the Shares subject to the Restricted Stock Units are not part of normal or expected compensation or salary for any purpose; and
(ii) Participant acknowledges and agrees that neither the Company, the Employer nor any Parent or Subsidiary shall be liable for any foreign exchange rate fluctuation between Participant’s local currency and the United States Dollar that may affect the value of the Restricted Stock Units or of any amounts due to Participant pursuant to the settlement of the Restricted Stock Units or the subsequent sale of any Shares acquired upon settlement.
12. No Advice Regarding Grant. The Company is not providing any tax, legal or financial advice, nor is the Company making any recommendations regarding Participant’s participation in the Plan, or Participant’s acquisition or sale of the underlying Shares. Participant understands and agrees he or she should consult with his or her own personal tax, legal and financial advisors regarding his or her participation in the Plan before taking any action related to the Plan.
13. Data Privacy. Participant hereby explicitly and unambiguously consents to the collection, use and transfer, in electronic or other form, of Participant’s personal data as described in this Award Agreement and any other Restricted Stock Unit grant materials by and among, as applicable, the Employer, the Company and any Parent or Subsidiary for the purpose of implementing, administering and managing Participant’s participation in the Plan.
Participant understands that the Company and the Employer may hold certain personal information about Participant, including, but not limited to, Participant’s name, home address, email address and telephone number, date of birth, social insurance number, passport or other identification number, salary, nationality, job title, any shares of stock or directorships held in the Company, details of all Restricted Stock Units or any other entitlement to shares of stock awarded, canceled, exercised, vested, unvested or outstanding in Participant’s favor (“Data”), for the exclusive purpose of implementing, administering and managing the Plan.
7
Participant understands that Data will be transferred to Charles Schwab & Co., Inc., or such other stock plan service provider as may be selected by the Company in the future, which is assisting the Company with the implementation, administration and management of the Plan. Participant understands that the recipients of the Data may be located in the United States or elsewhere, and that the recipients’ country (e.g., the United States) may have different data privacy laws and protections than Participant’s country. Participant understands that if he or she resides outside the United States, he or she may request a list with the names and addresses of any potential recipients of the Data by contacting his or her local human resources representative. Participant authorizes the Company, its broker and any other possible recipients which may assist the Company (presently or in the future) with implementing, administering and managing the Plan to receive, possess, use, retain and transfer the Data, in electronic or other form, for the sole purpose of implementing, administering and managing his or her participation in the Plan. Participant understands that Data will be held only as long as is necessary to implement, administer and manage Participant’s participation in the Plan. Participant understands if he or she resides outside the United States, he or she may, at any time, view Data, request additional information about the storage and processing of Data, require any necessary amendments to Data or refuse or withdraw the consents herein, in any case without cost, by contacting in writing his or her local human resources representative. Further, Participant understands that he or she is providing the consents herein on a purely voluntary basis. If Participant does not consent, or if Participant later seeks to revoke his or her consent, his or her employment or service and career with the Employer will not be affected; the only consequence of refusing or withdrawing Participant’s consent is that the Company would not be able to grant Participant Restricted Stock Units or other Awards or administer or maintain such Awards. Therefore, Participant understands that refusing or withdrawing his or her consent may affect Participant’s ability to participate in the Plan. For more information on the consequences of Participant’s refusal to consent or withdrawal of consent, Participant understands that he or she may contact his or her local human resources representative.
14. Address for Notices. Any notice to be given to the Company under the terms of this Award Agreement will be addressed to the Company, in care of Stock Administration at Fortinet, Inc., at 899 Kifer Road, Sunnyvale, CA 94086, or at such other address as the Company may hereafter designate in writing.
15. Grant is Not Transferable. Except to the limited extent provided in Section 7, this grant and the rights and privileges conferred hereby will not be transferred, assigned, pledged or hypothecated in any way (whether by operation of law or otherwise) and will not be subject to sale under execution, attachment or similar process. Upon any attempt to transfer, assign, pledge, hypothecate or otherwise dispose of this grant, or any right or privilege conferred hereby, or upon any attempted sale under any execution, attachment or similar process, this grant and the rights and privileges conferred hereby immediately will become null and void.
16. Binding Agreement. Subject to the limitation on the transferability of this grant contained herein, this Award Agreement will be binding upon and inure to the benefit of the heirs, legatees, legal representatives, successors and assigns of the parties hereto.
8
17. Additional Conditions to Issuance of Stock. If at any time the Company will determine, in its discretion, that the listing, registration or qualification of the Shares upon any securities exchange or under any U.S. state or federal or foreign law, or the consent or approval of any governmental regulatory authority is necessary or desirable as a condition to the issuance of Shares to Participant (or his or her estate or beneficiary, if applicable), such issuance will not occur unless and until such listing, registration, qualification, consent or approval will have been effected or obtained free of any conditions not acceptable to the Company. Where the Company determines that the delivery of the payment of any Shares will violate U.S. federal securities laws or other Applicable Laws, the Company will defer delivery until the earliest date at which the Company reasonably anticipates that the delivery of Shares will no longer cause such violation.
18. Plan Governs. This Award Agreement is subject to all terms and provisions of the Plan. In the event of a conflict between one or more provisions of this Award Agreement and one or more provisions of the Plan, the provisions of the Plan will govern. Capitalized terms used and not defined in this Award Agreement will have the meaning set forth in the Plan.
19. Administrator Authority. The Administrator will have the power to interpret the Plan and this Award Agreement and to adopt such rules for the administration, interpretation and application of the Plan as are consistent therewith and to interpret or revoke any such rules (including, but not limited to, the determination of whether or not any Restricted Stock Units have vested). All actions taken and all interpretations and determinations made by the Administrator in good faith will be final and binding upon Participant, the Company and all other interested persons. No member of the Administrator will be personally liable for any action, determination or interpretation made in good faith with respect to the Plan or this Award Agreement.
20. Electronic Delivery. The Company may, in its sole discretion, decide to deliver any documents related to Restricted Stock Units awarded under the Plan or future Restricted Stock Units that may be awarded under the Plan by electronic means or request Participant’s consent to participate in the Plan by electronic means. Participant hereby consents to receive such documents by electronic delivery and agrees to participate in the Plan through any on-line or electronic system established and maintained by the Company or a third party designated by the Company.
21. Captions. Captions provided herein are for convenience only and are not to serve as a basis for interpretation or construction of this Award Agreement.
22. Agreement Severable. In the event that any provision in this Award Agreement will be held invalid or unenforceable, such provision will be severable from, and such invalidity or unenforceability will not be construed to have any effect on, the remaining provisions of this Award Agreement.
23. Modifications to the Agreement. This Award Agreement constitutes the entire understanding of the parties on the subjects covered. Participant expressly warrants that he or she is not accepting this Award Agreement in reliance on any promises, representations, or inducements other than those contained herein. The Company may amend the terms of this Award Agreement, provided no amendment or modification that adversely affects the Participant’s rights under the Award in any material way may be made without the Participant’s written consent. Notwithstanding
9
anything to the contrary in the Plan or this Award Agreement, the Company reserves the right to revise this Award Agreement as it deems necessary or advisable, in its sole discretion and without the consent of Participant, to the extent necessary or desirable to facilitate compliance with Applicable Laws or to comply with Section 409A or to otherwise avoid imposition of any additional tax or income recognition under Section 409A in connection to this Award of Restricted Stock Units, but the Company shall not be under any obligation to make any such revision. Furthermore, nothing in this Award Agreement or the Plan shall provide a basis for any person to take action against the Company or any Parent or Subsidiary based on matters covered by Section 409A, including the tax treatment of any Restricted Stock Unit settled or amount paid or Restricted Stock Units granted under this Award Agreement, and neither the Company nor any Parent or Subsidiary shall under any circumstances have any liability to Participant or his or her estate or any other party for any taxes, penalties or interest due on amounts paid or payable under this Award Agreement, including taxes, penalties or interest imposed under Section 409A.
24. Amendment, Suspension or Termination of the Plan. By accepting this Award, Participant expressly warrants that he or she has received an Award of Restricted Stock Units under the Plan, and has received, read and understood a description of the Plan. Participant understands that the Plan is discretionary in nature and may be amended, suspended or terminated by the Company at any time.
25. Governing Law and Venue. This Award Agreement will be governed by the laws of the State of California, without giving effect to the conflict of law principles thereof. For purposes of litigating any dispute that arises under this Award of Restricted Stock or this Award Agreement, the parties hereby submit to and consent to the jurisdiction of the State of California, and agree that such litigation will be conducted in the courts of Santa Clara County, California, or the federal courts for the United States for the Northern District of California, and no other courts, where this Award of Restricted Stock is made and/or to be performed.
26. Language. Participant acknowledges that he or she is proficient in the English language, or has consulted with an advisor who is sufficiently proficient in English, so as to allow Participant to understand the terms and conditions of this Award Agreement. If Participant has received this Award Agreement or any other document related to the Plan translated into a language other than English and if the meaning of the translated version is different than the English version, the English version will control.
27. Addendum. Notwithstanding any provisions in the Award Agreement, the Restricted Stock Unit grant shall be subject to any special terms and conditions set forth in the Addendum, attached as Exhibit B, for Participant’s country. Moreover, if Participant relocates to one of the countries included in the Addendum, the special terms and conditions for such country will apply to Participant, to the extent the Company determines that the application of such terms and conditions is necessary or advisable for legal or administrative reasons. The Addendum constitutes part of the Award Agreement.
28. Imposition of Other Requirements. The Company reserves the right to impose other requirements on Participant’s participation in the Plan, on the Restricted Stock Unit and on any Shares acquired under the Plan, to the extent the Company determines it is necessary or advisable
10
for legal or administrative reasons, and to require Participant to sign any additional agreements or undertakings that may be necessary to accomplish the foregoing.
29. Insider Trading / Market Abuse Restrictions. Depending on Participant’s country of residence or the designated broker's country or the country where the Shares are listed, Participant may be subject to insider trading restrictions and/or market abuse laws in applicable jurisdictions, which may affect Participant’s ability to, directly or indirectly, accept, acquire, sell, attempt to sell or otherwise dispose of Shares or rights to Shares (e.g., the Restricted Stock Units) under the Plan during such times as Participant is considered to have “inside information” regarding the Company (as defined by the laws in the applicable jurisdictions or Participant’s country). Local insider trading laws and regulations may prohibit the cancellation or amendment of orders Participant placed before Participant possessed inside information. Furthermore, Participant could be prohibited from (i) disclosing the inside information to any third party and (ii) “tipping” third parties or causing them otherwise to buy or sell securities (third parties may include fellow employees). Any restrictions under these laws or regulations are separate from and in addition to any restrictions that may be imposed under any applicable Company insider trading policy. Participant is responsible for ensuring Participant’s compliance with any applicable restrictions and is advised to speak with his or her personal legal advisor on this matter.
30. Foreign Asset/Account, Exchange Control, and Tax Reporting. Depending on Participant’s country, Participant may be subject to foreign asset/account, exchange control and/or tax reporting requirements as a result of the vesting of the Restricted Stock Units, the acquisition, holding, and/or transfer of Shares or cash resulting from participation in the Plan and/or the opening and maintenance of a brokerage or bank account in connection with the Plan. Participant may be required to report such assets, accounts, account balances and values and/or related transactions to the applicable authorities in his or her country. Participant acknowledges that he or she is responsible for ensuring compliance with any applicable foreign asset/account, exchange control and tax reporting requirements. Participant further understands that he or she should consult Participant’s personal legal advisor on these matters.
31. Waiver. Participant acknowledges that a waiver by the Company of breach of any provision of this Award Agreement shall not operate or be construed as a waiver of any other provision of this Award Agreement, or of any subsequent breach by Participant or any other Participant.
32. Recovery of Erroneously Awarded Compensation. As an additional condition of receiving this Award, Participant agrees that the Restricted Stock Unit and any proceeds or other benefits Participant may receive hereunder shall be subject to clawback, recovery or recoupment provisions by the Company to the extent and in the manner required (i) under the terms of any clawback policy adopted by the Company, as may be amended from time to time, pursuant to the listing standards and/or the rules and regulations of any national securities exchange or association on which the Shares are listed, or (ii) to comply with any requirements imposed under Applicable Laws including, without limitation, the Dodd-Frank Wall Street Reform and Consumer Protection Act. Further, as the Committee determines necessary or appropriate, the Committee may impose a
11
reacquisition right with respect to previously-acquired Shares or other cash or property upon the occurrence of cause (as determined by the Committee).
* * *
12
EXHIBIT B
ADDENDUM TO
RESTRICTED STOCK UNIT AWARD AGREEMENT
RESTRICTED STOCK UNIT AWARD AGREEMENT
Capitalized terms used but not defined herein shall have the meanings set forth in the Plan, the Notice of Grant and/or the Terms and Conditions of Restricted Stock Unit Grant.
Terms and Conditions
This Addendum includes additional terms and conditions that govern the Restricted Stock Units granted to Participant under the Plan if Participant resides and/or works in one of the countries listed below. This Addendum forms part of the Award Agreement.
If Participant is a citizen or resident of a country other than the one in which Participant is currently working, is considered a resident of another country for local law purposes or transfers employment and/or residency between countries after the Date of Grant, the Company shall, in its sole discretion, determine to what extent the additional terms and conditions included herein will apply to Participant under these circumstances.
Notifications
This Addendum also includes notices regarding exchange controls and certain other issues of which Participant should be aware with respect to Participant’s participation in the Plan. The information is based on the securities, exchange control and other laws in effect in Participant’s country as of June 2019. Such laws are often complex and change frequently. As a result, the Company strongly recommends that Participant not rely on the information noted herein as the only source of information relating to the consequences of Participant’s participation in the Plan because the information may be out of date at the time Participant vests in the Restricted Stock Units or sells Shares acquired under the Plan.
In addition, the information contained herein is general in nature and may not apply to Participant’s particular situation, and the Company is not in a position to assure Participant of any particular result. Accordingly, Participant should seek appropriate professional advice as to how the relevant laws in Participant’s country may apply to Participant’s situation.
Finally, if Participant is a citizen or resident of a country other than the one in which Participant is currently working, is considered a resident of another country for local law purposes or transfers employment and/or residency between countries after the Date of Grant, the information contained herein may not be applicable in the same manner to Participant.
13
EUROPEAN UNION / EUROPEAN ECONOMIC AREA INCLUDING THE UNITED KINGDOM
Terms and Conditions
Authorization to Release and Transfer Necessary Personal Information. This provision replaces in its entirety Section 13 (Data Privacy) of the Award Agreement:
(a) | Participant is hereby notified of the collection, use and transfer outside of the European Economic Area, as described in the Award Agreement, in electronic or other form, of Participant’s Data (defined below) by and among, as applicable, the Company and its Subsidiaries for the exclusive and legitimate purpose of implementing, administering and managing Participant’s participation in the Plan. |
(b) | Participant understands that the Company and its Subsidiaries may hold certain personal information about Participant, including, but not limited to, Participant’s name, home address and telephone number, email address, date of birth, social insurance, passport or other identification number, salary, nationality, job title, any shares of stock or directorships held in the Company, details of all entitlement to Shares awarded, canceled, vested, unvested, exercised or outstanding in Participant’s favor (“Data”), for the purpose of implementing, administering and managing the Plan. |
(c) | Participant understands that providing the Company with this Data is necessary for the performance of the Award Agreement and that Participant’s refusal to provide the Data would make it impossible for the Company to perform its contractual obligations and may affect Participant’s ability to participate in the Plan. Participant’s Data will be accessible within the Company as described in the [Fortinet Data Privacy Policy] and only by the persons specifically charged with Data processing operations and by the persons that need to access the Data because of their duties and position in relation to the performance of the Award Agreement. |
(d) | The Company will use Participant’s Data only as long as is necessary to implement, administer and manage Participant’s participation in the Plan or as required to comply with legal or regulatory obligations, including under tax and security laws. When the Company no longer needs Participant’s Data, it will remove it from it from its systems. If the Company keeps data longer, it would be to satisfy legal or regulatory obligations and the Company’s legal basis would be relevant laws or regulations. The collection, use and transfer of Data for the purpose of implementing, administering and managing Participant’s participation in the Plan is conducted in accordance with the [Fortinet Data Privacy Policy]. |
(e) | Further, Participant understands that the Company will transfer Data to Charles Schwab & Co., Inc. (“Schwab”), and/or such other third parties as may be selected by the Company, which are assisting the Company with the implementation, administration and management of the Plan. The Company may select a different service provider or additional service providers and share Data with such other provider(s) serving in a similar manner. Participant |
14
may be asked to agree on separate terms and data processing practices with the service provider, with such agreement being a condition of the ability to participate in the Plan.
(f) | Schwab is based in the United States. If Participant is outside of the United States, Participant should note that his or her country has enacted data privacy laws that are different from the United States. When transferring Data to Schwab, the Company and its Subsidiaries provide appropriate safeguards described in the [Fortinet Data Privacy Policy]. By participating in the Plan, Participant agrees to the transfer of his or her Data to Schwab for the exclusive purpose of administering participation in the Plan. |
Finally, Participant may choose to opt out of allowing the Company to share Data with Schwab and others as described above, although execution of such choice may mean the Company cannot grant awards under the Plan to Participant. For questions about this choice or to make this choice, you should refer to the [Fortinet Data Privacy Policy] or contact [Insert data Privacy department email or other contact] if there are additional questions.
ALGERIA
Terms and Conditions
Restricted Stock Units Payable Only in Cash. Notwithstanding Section 2 of the Award Agreement, the grant of Restricted Stock Units does not provide any right for Participant to receive Shares. Restricted Stock Units granted to Participants in Algeria shall be paid only in cash through local payroll in an amount equal to the value of the Shares on the vesting date less any Tax-Related Items. Participant agrees to bear any currency fluctuation risk between the time the Restricted Stock Units vest and the time the cash payment is distributed to Participant through local payroll.
ARGENTINA
Notifications
Securities Law Information. The offering of the Restricted Stock Units pursuant to the Award Agreement is a private transaction. Neither the Restricted Stock Units nor the underlying Shares are publicly offered or listed on any stock exchange in Argentina.
Exchange Control Information. Following the sale of Shares and/or the receipt of dividends, Argentine residents may be subject to certain restrictions in bringing such funds back into Argentina. Argentine residents are solely responsible for complying with the exchange control rules that may apply in connection with participation in the Plan and/or the transfer of proceeds from the sale of Shares acquired under the Plan into Argentina. Prior to selling any Shares or transferring cash proceeds into Argentina, Argentine residents should consult their local bank and/or exchange control advisor to confirm the requirements as interpretations of the applicable Argentine Central Bank regulations
15
Foreign Asset/Account Information. If Participant holds Shares as of December 31 of any year, Participant is required to report the holding of the Shares on his or her personal tax return for the relevant year.
AUSTRALIA
Terms and Conditions
Australian Offer Document. The offer of Restricted Stock Units is intended to comply with the provisions of the Corporations Act 2001, ASIC Regulatory Guide 49 and ASIC Class Order CO 14/1000. Additional details are set forth in the Offer Document for the offer of Stock Units to Australian resident employees, which will be provided to Participant with the Award Agreement.
Notifications
Tax Information. The Plan is a plan to which subdivision 83A-C of the Income Tax Assessment Act 1997 (Cth) applies (subject to conditions in the Act).
Exchange Control Information. Exchange control reporting is required for cash transactions exceeding A$10,000 and international fund transfers. The Australian bank assisting with the transaction will file the report. If there is no Australian bank involved in the transfer, then Participant will be required to file the report.
AUSTRIA
Notifications
Exchange Control Information. If Participant holds Shares acquired under the Plan outside of Austria, Participant must submit a report to the Austrian National Bank. An exemption applies if the value of the Shares as of any given quarter is less than €30,000,000 or as of December 31 is less than €5,000,000. If the former threshold is exceeded, quarterly obligations are imposed, whereas if the latter threshold is exceeded, annual reports must be given. The annual reporting date is December 31 and the deadline for filing the annual report is January 31 of the following year.
When Participant sells Shares acquired under the Plan or receives a dividend payment, there may be exchange control obligations if the cash proceeds are held outside of Austria. If the transaction volume of all accounts abroad meets or exceeds €10,000,000, the movements and balances of all accounts must be reported monthly, as of the last day of the month, on or before the fifteenth day of the following month, on the prescribed form (Meldungen SI-Forderungen und/oder SI-Verpflichtungen). If the transaction value of all cash accounts abroad is less than €10,000,000, no ongoing reporting requirements apply.
16
BELGIUM
Notifications
Foreign Asset/Account Information. Belgian residents are required to report any security or bank accounts (including brokerage accounts) opened and maintained outside Belgium on his or her annual tax return. In a separate report, they must provide the National Bank of Belgium with certain details regarding such foreign accounts (including the account number, bank name, and country in which such account was opened). The forms to complete this report are available on the website of the National Bank of Belgium.
Stock Exchange Tax. A stock exchange tax applies to transactions executed by a Belgian resident through a non-Belgian financial intermediary, such as a U.S. broker. The stock exchange tax likely will apply when the Shares are sold. Participant should consult with his or her personal tax advisor for additional details on obligations with respect to the stock exchange tax.
Brokerage Account Tax. Participant may be subject to a brokerage account tax if the average annual value of securities (including Shares acquired under the Plan) held in a brokerage account exceeds certain thresholds. As the calculation of this tax is complex, Participant should consult with their personal tax advisor for more details.
BRAZIL
Terms and Conditions
Compliance with Law. By accepting the Restricted Stock Units, Participant acknowledges his or her agreement to comply with applicable Brazilian laws and to pay any and all applicable taxes associated with the vesting of the Restricted Stock Units, and the sale of Shares acquired under the Plan and the receipt of any dividends or Dividend Equivalents.
Labor Law Acknowledgement. By accepting the Restricted Stock Units, Participant agrees that Participant is (i) making an investment decision, (ii) Shares will be issued to Participant only if the vesting conditions are met and (iii) the value of the underlying Shares is not fixed and may increase or decrease in value over the vesting period without compensation to Participant.
Notifications
Exchange Control Information. If Participant is resident or domiciled in Brazil, Participant will be required to submit annually a declaration of assets and rights held outside of Brazil to the Central Bank of Brazil if the aggregate value of such assets and rights is equal to or greater than US$100,000. Assets and rights that must be reported include Shares acquired under the Plan.
Tax on Financial Transactions (IOF). Repatriation of funds into Brazil and the conversion between BRL and USD associated with such fund transfers may be subject to the Tax on Financial Transactions. It is Participant’s responsibility to comply with any applicable Tax on Financial Transactions arising from Participant’s participation in the Plan. Participant should consult with his or her personal tax advisor for additional details.
17
CAMBODIA
There are no country-specific provisions.
CANADA
Terms and Conditions
Restricted Stock Units Payable Only in Shares. Notwithstanding any discretion in the Plan or anything to the contrary in the Award Agreement, the grant of Restricted Stock Units does not provide any right for Participant to receive a cash payment, and the Restricted Stock Units are payable in Shares only.
Forfeiture upon Termination of Status as a Service Provider. The following provision replaces Section 6 of the Award Agreement:
Except as otherwise provided in the Plan or the Award Agreement, the balance of the Restricted Stock Units that have not vested as of the time of Participant’s termination as a Service Provider (for any or no reason and whether or not later found to be invalid or in breach of Canadian laws or the terms of the Participant’s employment or service agreement, if any), and Participant’s right to acquire any Shares hereunder, will immediately terminate upon Participant’s termination as a Service Provider. For purposes of the preceding sentence, the Participant’s right to vest in the Restricted Stock Units will terminate effective as of the date that is the earlier of (1) the date Participant’s status as a Service Provider is terminated, (2) the date Participant receives notice of termination of service from the Employer, or (3) the date the Participant is no longer actively providing service. The right to vest in the Restricted Stock Units will not be extended by any notice period (e.g., active service would not include any contractual notice period or any period of “garden leave” or similar period mandated under Canadian laws or the terms of the Participant’s employment or service agreement, if any); the Administrator shall have the exclusive discretion to determine when the Participant is no longer actively providing service for purposes of the Restricted Stock Units grant (including whether Participant may still be considered to be a Service Provider while on a leave of absence).
The following provisions will apply if Participant is a resident of Quebec:
Language Consent. The parties acknowledge that it is their express wish that this Award Agreement, as well as all documents, notices and legal proceedings entered into, given or instituted pursuant hereto or relating directly or indirectly hereto, be drawn up in English.
Les parties reconnaissent avoir expressement souhaité que la convention [“Award Agreement”], ainsi que tous les documents, avis et procédures judiciaries, éxecutés, donnés ou intentés en vertu de, ou lié, directement ou indirectement à la présente convention, soient rédigés en langue anglaise.
Data Privacy Notice and Consent. This provision supplements Section 13 of the Award Agreement:
18
Participant hereby authorizes the Company and the Company’s representatives to discuss with and obtain all relevant information from all personnel, professional or not, involved in the administration and operation of the Plan. Participant further authorizes the Company and any Parent or Subsidiary or designated broker and the administrator of the Plan to disclose and discuss the Plan with their advisors. Participant further authorizes the Company and any Parent or Subsidiary to record such information and to keep such information in Participant’s file.
Notifications
Securities Law Information. Participant is permitted to sell Shares acquired under the Plan through the designated broker appointed under the Plan, if any, provided the resale of Shares acquired under the Plan takes place outside of Canada through the facilities of a stock exchange on which the Shares are listed. The Shares are currently listed on the Nasdaq
Foreign Asset/Account Reporting Information. Foreign specified property (including shares of Common Stock acquired under the Plan) of a non-Canadian company held by a Canadian resident must be reported annually on form T1135 (Foreign Income Verification Statement) if the total cost of the foreign specified property exceeds C$100,000 at any time in the year. The option to purchase Shares must be reported (generally at nil cost) if the C$100,000 threshold is exceeded because of other foreign specified property held. Foreign specified property also includes Shares acquired under the Plan and their cost is generally the adjusted cost base (“ACB”) of the Shares. The ACB ordinarily would equal the fair market value of the Shares at acquisition, but if a participant owns other Shares, this ACB may have to be averaged with the ACB of the other shares. The form must be filed by April 30 of the following year. Participant should consult his or her personal legal advisor to ensure compliance with applicable reporting obligations.
CHILE
Notifications
Securities Law Information. This grant of Restricted Stock Units constitutes a private offering of securities in Chile effective as of the grant date. This offer of Restricted Stock Units is made subject to general ruling n° 336 of the Chilean Commission for the Financial Market (“CMF”). The offer refers to securities not registered at the securities registry or at the foreign securities registry of the CMF, and, therefore, such securities are not subject to oversight of the CMF. Given that the Restricted Stock Units are not registered in Chile, the Company is not required to provide public information about the Restricted Stock Units or the Shares in Chile. Unless the Restricted Stock Units and/or the Shares are registered with the CMF, a public offering of such securities cannot be made in Chile.
Esta Oferta de Unidades de Acciones Restringidas constituye una oferta privada de valores en Chile y se inicia en la fecha de la oferta. Esta oferta de Unidades de Acciones Restringidas se acoge a las disposiciones de la Norma de Carácter General Nº 336 (“NCG 336”) de la Comision para el Mercado Financiero de Chile (“CMF”). Esta oferta versa sobre valores no inscritos en el Registro de Valores o en el Registro de Valores Extranjeros que lleva la CMF, por lo que tales valores no están sujetos a la fiscalización de ésta. Por tratarse de valores no inscritos en Chile no
19
existe la obligación por parte de la Compañía de entregar en Chile información pública respecto de los mismos. Estos valores no podrán ser objeto de oferta pública en Chile mientras no sean inscritos en el Registro de Valores correspondiente.
Exchange Control and Tax Information. Participant is not required to repatriate proceeds obtained from the sale of Shares or from dividends or Dividend Equivalents to Chile; however, if Participant decides to repatriate proceeds from the sale of Shares and/or dividends or Dividend Equivalents and the amount of the proceeds to be repatriated exceeds US$10,000, Participant acknowledges that he or she must effect such repatriation through the Formal Exchange Market (i.e., a commercial bank or registered foreign exchange office).
Further, if the value of Participant’s aggregate investments held outside of Chile exceed US$5,000,000 (including the value of Shares acquired under the Plan), Participant must report the status of such investments annually to the Central Bank using Annex 3.1 of Chapter XII of the Foreign Exchange Regulations.
Foreign Asset/Account Reporting Information. The Chilean Internal Revenue Service (the “CIRS”) requires all taxpayers to provide information annually regarding (i) the results of investments held abroad and (ii) any taxes paid abroad which taxpayers will use as a credit against Chilean income tax. The sworn statements disclosing this information (or Formularios) must be submitted electronically through the CIRS website, www.sii.cl, using Form 1929, which is due on June 30 each year.
CHINA
Terms and Conditions
The following provisions will apply to Participants who are subject to PRC exchange control restrictions, as determined by the Company in its sole discretion:
Immediate Sale Restriction. Notwithstanding anything to the contrary in the Plan or Award Agreement, due to exchange control laws in China, Participant agrees that any Shares acquired at vesting of the Restricted Stock Units may be immediately sold at vesting or, at the Company’s discretion, at a later time (including when Participant’s status as a Service Provider terminates). If, however, the sale of the Shares is not permissible under the Company’s insider trading policy, or if any requisite exchange control approval for the Plan in China has not been obtained, the Company retains the discretion to postpone the issuance of the Shares subject to Participant’s vested Restricted Stock Units until such time that the sale is again permissible and to then immediately sell the Shares subject to the Restricted Stock Units. Participant further agrees that the Company is authorized to instruct its designated broker to assist with the mandatory sale of the Shares (on Participant’s behalf pursuant to this authorization), and Participant expressly authorizes such broker to complete the sale of such Shares. Participant acknowledges that the Company’s designated broker is under no obligation to arrange for the sale of the Shares at any particular price. Upon the sale of the Shares, the Company agrees to pay the cash proceeds from the sale, less any brokerage fees or commissions, to Participant in accordance with applicable exchange control laws and regulations and provided any liability for Tax-Related Items resulting from the vesting of the Restricted Stock Units has been
20
satisfied. Due to fluctuations in the Share price and/or the US dollar exchange rate between the vesting date and (if later) the date on which the Shares are sold, the sale proceeds may be more or less than the market value of the Shares on the vesting date (which is the amount relevant to determining Participant’s tax liability). Participant understands and agrees that the Company is not responsible for the amount of any loss Participant may incur and that the Company assumes no liability for any fluctuations in the Share price and/or US dollar exchange rate. In the event Participant is allowed to hold Shares, Participant must maintain Shares acquired under the Plan in an account maintained by the Company’s designated broker.
Exchange Control Information. Participant understands and agrees that, to facilitate compliance with exchange control laws in China, Participant may be required to immediately repatriate to China the cash proceeds from the sale of any Shares acquired at vesting of the Restricted Stock Units and any dividends or Dividend Equivalents received in relation to the Shares. Participant further understands that, under local law, such repatriation of the cash proceeds may need to be effectuated through a special exchange control account established by the Company or any Parent or Subsidiary, and Participant hereby consents and agrees that the proceeds from the sale of Shares acquired under the Plan and any dividends received in relation to the Shares may be transferred to such special account prior to being delivered to Participant.
The proceeds may be paid to Participant in U.S. dollars or local currency at the Company’s discretion. In the event the proceeds are paid to Participant in U.S. dollars, Participant understands that Participant will be required to set up a U.S. dollar bank account in China and provide the bank account details to the Employer and/or the Company so that the proceeds may be deposited into this account.
Participant agrees to bear any currency fluctuation risk between the time the Shares are sold or dividends or Dividend Equivalents are paid and the time the proceeds are distributed to Participant through any such special account.
Participant further agrees to comply with any other requirements that may be imposed by the Company in the future in order to facilitate compliance with exchange control requirements in China.
COLOMBIA
Terms and Conditions
Labor Laws Acknowledgement. The following provision supplements Section 11 of the Award Agreement:
Participants acknowledges that pursuant to Article 128 of the Colombian Labor Code, the Plan and related benefits do not constitute a component of “salary” for any purpose.
21
Notifications
Exchange Control Information. Participant is responsible for complying with any and all Colombian foreign exchange restrictions, approvals and reporting requirements in connection with the Restricted Stock Units and any Shares acquired or funds received under the Plan. This may include reporting obligations to the Central Bank (Banco de la República). If applicable, Participant will be required to register the investment in Shares with the Central Bank, regardless of the value of the investment. Participant should consult with his or her legal advisor regarding any obligations in connection with this reporting requirement.
COSTA RICA
There are no country-specific provisions.
CZECH REPUBLIC
Notifications
Exchange Control Information. The Czech National Bank (“CNB”) may require Participant to fulfill certain notification duties in relation to the opening and maintenance of a foreign account. In addition, Participant may need to report the following even in the absence of a request from the CNB: foreign direct investments with a value of CZK 2,500,000 or more in the aggregate or other foreign financial assets with a value of CZK 200,000,000 or more.
Because exchange control regulations change frequently and without notice, Participant should consult his or her personal legal advisor prior to the sale of Shares to ensure compliance with current regulations. It is Participant’s responsibility to comply with Czech exchange control laws, and neither the Company nor any Parent or Subsidiary will be liable for any resulting fines or penalties.
DENMARK
Terms and Conditions
Danish Stock Option Act. By participating in the Plan, Participant acknowledges that he or she received an Employer Statement translated into Danish, which is being provided to comply with the Danish Stock Option Act. To the extent more favorable to Participant and required to comply with Stock Option Act, the terms set forth in the Employer Statement will apply to Participant’s participation in the Plan.
Notifications
Foreign Asset/Account Reporting Information. The establishment of an account holding Shares or an account holding cash outside Denmark must be reported to the Danish Tax Administration. The form which should be used in this respect may be obtained from a local bank. (Please note that these obligations are separate from and in addition to the securities/tax reporting obligations described below.)
22
DOMINICAN REPUBLIC
There are no country-specific provisions.
EGYPT
Notifications
Exchange Control Information. If Participant transfers funds into Egypt in connection with the sale of Shares or the receipt of Dividend Equivalents, Participant may be required to do so through a registered bank in Egypt.
FINLAND
There are no country-specific provisions.
FRANCE
Terms and Conditions
French Language Provision. By accepting the Award Agreement providing for the terms and conditions of Participant’s grant, Participant confirms having read and understood the documents relating to this grant (the Plan and the Award Agreement) which were provided in English language. Participant accepts the terms of those documents accordingly.
En acceptant le Contrat d’Attribution décrivant les termes et conditions de l’attribution, le participant confirme ainsi avoir lu et compris les documents relatifs à cette attribution (le Plan U.S. et le Contrat d’Attribution) qui ont été communiqués en langue anglaise. Le participant accepte les termes en connaissance de cause.
Notifications
Tax Information. The Restricted Stock Units are not intended to be French tax-qualified Awards.
Foreign Asset/Account Reporting Information. If Participant retains Shares acquired under the Plan outside of France or maintains a foreign bank account, Participant is required to report such to the French tax authorities when filing Participant’s annual tax return. Additional monthly reporting obligations may apply if Participant’s foreign account balances exceed €1,000,000.
GERMANY
Notifications
Exchange Control Information. Cross-border payments in excess of €12,500 in connection with the sale of securities (including Shares acquired under the Plan) or the receipt of any dividends must
23
be reported monthly to the German Federal Bank. The report must be made by the 5th day of the month following the month in which the payment was received and must be filed electronically. The form of report (“Allgemeine Meldeportal Statistik”) can be accessed via the Bundesbank’s website (www.bundesbank.de) and is available in both German and English. Participant is responsible for satisfying the reporting obligation.
Foreign Asset / Account Reporting. German residents holding Shares exceeding 1% of the Company’s total share capital, must notify their local tax office of the acquisition of Shares if the acquisition costs for all Shares held exceeds €150,000 or if the resident holds 10% or more in the Company’s total shares of common stock.
HONG KONG
Terms and Conditions
Restricted Stock Units Payable Only in Shares. Notwithstanding any discretion in the Plan or anything to the contrary in the Award Agreement, the grant of Restricted Stock Units does not provide any right for Participant to receive a cash payment, and the Restricted Stock Units are payable in Shares only.
Sale of Shares. Shares received at vesting are accepted as a personal investment. In the event that the Restricted Stock Units vest and Shares are issued to Participant within six months of the Date of Grant, Participant agrees that the Shares will not be offered to the public or otherwise disposed of prior to the six-month anniversary of the Date of Grant.
Securities Law Information. WARNING: The grant of Restricted Stock Units under the terms of the Award Agreement and the Plan and the issuance of Shares at vesting of Restricted Stock Units do not constitute a public offering of securities, and they are available only to Service Providers.
Please be aware that the contents of the Award Agreement, including this Addendum, and the Plan have not been reviewed by any regulatory authority in Hong Kong. Participant is advised to exercise caution in relation to the right to acquire Shares at vesting of the Restricted Stock Units, or otherwise, under the Plan. If Participant is in any doubt about any of the contents of the Award Agreement, including this Addendum, or the Plan, Participant should obtain independent professional advice.
HUNGARY
There are no country-specific provisions.
INDIA
Notifications
Exchange Control Information. Participant must repatriate any cash dividends paid on Shares within one-hundred eighty (180) days and all proceeds received from the sale of Shares to India within ninety (90) days of receipt. Participant must obtain evidence of the repatriation of funds in the form of a foreign inward remittance certificate (the “FIRC”) from the bank where Participant
24
deposited the foreign currency. Participant must retain the FIRC in Participant’s records to present to the Reserve Bank of India or Participant’s Employer in the event that proof of repatriation is requested.
Foreign Asset/Account Reporting Information. Participant is required to declare his or her foreign bank accounts and any foreign financial assets (including Shares held outside India) in Participant’s annual tax return. It is Participant’s responsibility to comply with this reporting obligation and Participant should consult his or her personal advisor in this regard.
INDONESIA
Notifications
Exchange Control Information. If Participant remits funds into Indonesia (e.g., proceeds from the sale of Shares), the Indonesian Bank through which the transaction is made will submit a report of the transaction to the Bank of Indonesia for statistical reporting purposes. For transactions of US$10,000 or more, a description of the transaction must be included in the report. Although the bank through which the transaction is made is required to make the report, Participant must complete a “Transfer Report Form.” The Transfer Report Form should be provided to Participant by the bank through which the transaction is to be made.
IRELAND
Notifications
Director Notification Obligation. If Participant is a director, shadow director or secretary of an Irish Parent or Subsidiary, and holds 1% or more of the share capital of the Company, Participant must notify the Irish Parent or Subsidiary in writing within five business days of receiving or disposing of an interest in the Company (e.g., Restricted Stock Units, etc.), or within five business days of becoming aware of the event giving rise to the notification requirement or within five days of becoming a director or secretary if such an interest exists at the time. This notification requirement also applies with respect to the interests of a spouse or children under the age of 18 (whose interests will be attributed to the director, shadow director or secretary).
ISLE OF MAN
There are no country-specific provisions.
ISRAEL
Terms and Conditions
The Following Provisions Apply if Participant is Located in Israel on the Date of Grant
Trust Arrangement. Participant understands and agrees that the Restricted Stock Units are offered subject to and in accordance with the terms of the Plan, the sub-plan to the Plan for Israel (the “Israeli Sub-Plan”), the Trust Agreement (the “Trust Agreement”) between the Company and the
25
Company’s trustee appointed by the Company or its subsidiary or affiliate in Israel, ESOP Trust Company (the “Trustee”), and the Award Agreement. In the event of any inconsistencies between the Israeli Sub-Plan, the Award Agreement and/or the Plan, the Israeli Sub-Plan will govern the Restricted Stock Units granted to Participants in Israel.
Written Acceptance. If Participant has not already executed a Section 102 Capital Gains Award confirmation letter (“Confirmation Letter”) in connection with grants made under the Israeli Sub-Plan to the Plan, Participant must print, sign and deliver a signed copy of the Confirmation Letter within forty five (45) days of the Date of Grant. If Participant does not submit the signed Confirmation Letter within forty five (45) days of the Date of Grant, the Restricted Stock Units may not qualify for preferential tax treatment.
Nature of Grant. The following provision supplements Section 11 of the Award Agreement:
The Restricted Stock Units are intended to be 102 Capital Gains Track Grants that qualify for the 102 Capital Gains Track tax treatment. Notwithstanding the foregoing, by accepting the Restricted Stock Units, Participant acknowledges that the Company cannot guarantee or represent that the 102 Capital Gains Track tax treatment will apply to the Restricted Stock Units.
By accepting the Restricted Stock Units, Participant: (a) acknowledges receipt of and represents that Participant has read and is familiar with the Plan, the Israeli Sub-Plan, and the Award Agreement; (b) accepts the Restricted Stock Units subject to all of the terms and conditions of this Award Agreement, the Plan and the Israeli Sub-Plan; and (c) agrees that the Restricted Stock Units will be issued to and deposited with the Trustee and shall be held in trust for Participant’s benefit as required by the ITO, the Rules and any approval by the Israeli Tax Authority (“ITA”) pursuant to the terms of the ITO, the Rules and the Trust Agreement. Furthermore, by accepting the Restricted Stock Units, Participant confirms that he or she is familiar with the terms and provisions of Section 102 of the ITO, particularly the Capital Gains Track described in subsection (b)(2) and (b)(3) thereof, and agrees that he or she will not require the Trustee to release the Restricted Stock Units or shares of Common Stock to him or her, or to sell the Restricted Stock Units or shares of Common Stock to a third party, during the Required Holding Period, unless permitted to do so by the ITO or the Rules.
Dividend Equivalent Rights Distributions. The following provision supplements Section 5 of the Award Agreement:
For the sake of clarity, if Dividend Equivalent Rights are issued as rights to shares of Common Stock, such Dividend Equivalent Units will be deposited with the Trustee and will be subject to the same Section 102 rules under the Israeli Sub-Plan as the Restricted Stock Units.
Withholding Taxes. The following provision supplements Section 8 of the Award Agreement:
Participant agrees that he or she shall not be liable for the Employer’s component of payments to the National Insurance Institute unless and to the extent such payments by the Employer are a result of Participant’s election to sell the Shares before the end of the Required Holding Period (if allowed by the ITO and the Rules).
26
If the Restricted Stock Units vest during the Required Holding Period, the shares of Common Stock issued upon the vesting of such Restricted Stock Units shall be issued to and deposited with, or under the supervision of, the Trustee for the benefit of Participant and shall be held in trust as required by the ITO, the Rules and any approval by the ITA. In the event that such vesting occurs after the end of the Required Holding Period, the Shares issued upon the vesting of the Restricted Stock Units shall either: (i) be issued to and deposited with, or under the supervision of, the Trustee; or (ii) be transferred to Participant directly upon Participant’s request, provided that Participant first complies with his or her obligations with respect to Tax-Related Items. In the event that Participant elects to have the shares of Common Stock transferred to Participant without selling such shares of Common Stock, Participant shall become liable to pay taxes immediately in accordance with the provisions of the ITO and Section 8 of the Award Agreement, as supplemented by this Addendum.
Capitalized terms are defined in the Israeli Sub-Plan if not defined in this Addendum.
Immediate Sale Restriction Upon Transfer of Jurisdiction. Participants transferring into Israel after the Date of Grant may be required to sell their Shares immediately upon vesting of the Restricted Stock Units in order to comply with local tax withholding requirements. Participant acknowledges that the Company’s designated broker is under no obligation to arrange for the sale of the Shares at any particular price. Upon the sale of the Shares, the Company agrees to pay the cash proceeds from the sale, less any brokerage fees or commissions, to Participant, provided any liability for Tax-Related Items has been satisfied. Participant understands and agrees that the Company is not responsible for the amount of any loss Participant may incur and that the Company assumes no liability for any fluctuations in the Share price and/or US dollar exchange rate.
Notifications
Securities Law Information. The Company has obtained an exemption to the prospectus filing requirement from the Israeli Securities Authority. Accordingly, Restricted Stock Units are granted pursuant to an exemption from filing a prospectus granted to the Company by the Israeli Securities Authority. Copies of the Plan and Form S-8 registration statement for the Plan filed with the U.S. Securities and Exchange Commission are available from the Company.
27
[Fortinet, Inc. Letterhead]
Confirmation Letter - 102 Capital Gains Awards
I undertake and confirm the following (and such undertaking is deemed incorporated into any documents signed by me in connection with the grant of such Awards) with respect to any award of options, Restricted Stock Units or other equity-based grants that have been granted to me previously and/or as shall be granted to me in the future by Fortinet, Inc. (the “Company”), whether under the Company’s Amended and Restated 2009 Equity Incentive Plan or other plans maintained by the Company, pursuant to the Capital Gain Track under Section 102(b)(2) or l02(b)(3) of the Israeli Income Tax Ordinance and any regulations and rules promulgated thereunder (“Section 102” and “Awards”, respectively).
1. | I understand and accept the provisions of Section 102 in general, and the tax arrangement under the Capital Gain Track in particular, and its tax consequences, as they apply to the Awards; |
2. | I agree that the Awards and any shares or rights that may be issued upon exercise of the Awards (or otherwise in relation to the Awards), will be held by a trustee appointed pursuant to Section l02 (the “Trustee’’) for at least the duration of the Holding Period, as defined in Section 102, and I hereby confirm that I shall not release from trust and/or sell such Awards, shares or rights, before the end of the Holding Period. I understand that any release of such Awards, shares or rights from trust, or any sale of any of them prior to the termination of the Holding Period, will result in taxation at marginal tax rates, in addition to deductions of appropriate social security, health tax contributions or other compulsory payments; |
3. | I understand that the grant of the Awards is subject to the receipt of all required approvals from the Israeli Tax Authority and compliance with the requirements of Section 102. Accordingly, to the extent that for whatever reason the Awards and underlying shares of common stock shall not be subject to the Capital Gains Route, I shall bear and pay any and all taxes and any other compulsory payments applicable to the grant, exercise, sale or other disposition of Awards or shares. |
4. | I agree to be bound by the provisions of the Company’s trust agreement with the Trustee, ESOP Management and Trust Services Ltd., which holds the Awards for my benefit. |
5. | I hereby confirm that I have: (i) read and understand this letter; (ii) received all the clarifications and explanations that I have requested; and (iii) had the opportunity to consult with my advisors before signing this confirmation letter. |
6. | I hereby confirm that, in addition to my confirmation and agreement hereunder, the acceptance or settlement of any such Awards shall be deemed as irrevocable confirmation of my acknowledgements and undertakings herein with respect to such specific Award. |
28
7. | I declare that I am a resident of the state of Israel for tax purposes and agrees to notify the Company upon any change in the residence address and acknowledges that if I cease to be an Israeli resident or if my engagement with the Company or any affiliate is terminated, the Awards and underlying shares of common stock shall remain subject to Section 102, the trust agreement and the applicable equity plan and grant document. |
8. | I understand that this is a one-time Confirmation Letter, and that until Company will determine otherwise, this Confirmation Letter will apply to all future grants of Awards. I hereby confirm that by accepting this Confirmation Letter, I will be deemed to have elected to accept the terms and conditions herein in respect of any such future grant of Awards. |
Sincerely,
[Company Signature]
Confirmation:
Name of Employee:_______________________________
ID: ____________________________________________
Signature:_______________________________________
29
ITALY
Terms and Conditions
Terms of Grant. By accepting the Restricted Stock Units, Participant acknowledges that (1) Participant has received a copy of the Plan and the Award Agreement, including this Addendum; (2) Participant has reviewed those documents in their entirety and fully understands the contents thereof; and (3) Participant accepts all provisions of the Plan and the Award Agreement, including this Addendum. Participant further acknowledges that Participant has read and specifically and expressly approves, without limitation, the following sections of the Award Agreement: Section 6 – “Forfeiture upon Termination of Status as a Service Provider”; Section 8 – “Withholding of Taxes”; Section 10 – “No Guarantee of Continued Service”; Section 11 – “Nature of Grant”; Section 13 – “Data Privacy” as replaced by the above consent; Section 25 – “Governing Law and Venue”; and Section 26 – “Language.”
Notifications
Foreign Asset/Account Reporting Information. Italian residents who, during the fiscal year, hold investments abroad or foreign financial assets (e.g., cash, Shares, Restricted Stock Units) which may generate income taxable in Italy are required to report such on their annual tax returns (UNICO Form, RW Schedule) or on a special form if no tax return is due. The same reporting obligations apply to Italian residents who, even if they do not directly hold investments abroad or foreign financial assets (e.g., cash, Shares, Restricted Stock Units), are beneficial owners of the investment pursuant to Italian money laundering provisions.
Tax on Foreign Financial Assets. A tax on the value of financial assets held outside of Italy by individuals resident in Italy will be due. The taxable amount will be the fair market value of the financial assets (including Shares) assessed at the end of each calendar year.
JAPAN
Notifications
Exchange Control Information. Japanese residents are required to report details of any assets (including any Shares) held outside of Japan as of December 31 each year, to the extent such assets have a total net fair market value exceeding ¥50,000,000. Such report will be due by March 15 of the following year. Participant is advised to consult with his or her personal tax advisor as to whether the reporting obligation applies to Participant and whether Participant will be required to report details of any Restricted Stock Units or Shares that Participant holds.
KOREA
Notifications
30
Foreign Asset/Account Reporting Information. Korean residents must declare all foreign financial accounts (e.g., non-Korean bank accounts, brokerage accounts holding shares) to the Korean tax authority and file a report with respect to such accounts if the value of such accounts exceeds KRW 500 million (or an equivalent amount in foreign currency). Participant should consult with his or her personal tax advisor to determine how to value Participant’s foreign accounts for purposes of this reporting requirement and whether Participant is required to file a report with respect to such accounts.
KUWAIT
There are no country-specific provisions.
MALAYSIA
Notifications
31
Participant hereby explicitly and unambiguously consents to the collection, use and transfer, in electronic or other form, of Participant’s personal data as described in this Award Agreement and any other Restricted Stock Unit grant materials by and among, as applicable, the Employer, the Company and any Parent or Subsidiary for the exclusive purpose of implementing, administering and managing Participant’s participation in the Plan. Participant understands that the Company and the Employer may hold certain personal information about Participant, including, but not limited to, Participant’s name, home address and telephone number, date of birth, social insurance number or other identification number, salary, nationality, job title, any shares of stock or directorships held in the Company, details of all Restricted Stock Units or any other entitlement to shares of stock awarded, canceled, exercised, vested, unvested or outstanding in Participant’s favor (“Data”), for the exclusive purpose of implementing, administering and managing the Plan. The Data is supplied by the Employer and also by Participant through information collected in connection with the Award Agreement and the Plan. Participant understands that Data will be transferred to Charles Schwab & Co., Inc., or such other stock plan service provider as may be selected by the Company in the future, which is assisting the Company with the implementation, administration and management of the Plan. Participant understands that the recipients of the Data may be located in the United States or elsewhere, and that the recipients’ country (e.g., the United States) may have different data privacy laws and protections than Participant’s country. Participant understands that if he or she resides outside the United States, he or she may request a list with the names and addresses of any potential recipients of the Data by contacting his or her local human resources representative. Participant authorizes the Company, its broker and any other possible recipients which may assist the Company (presently or in the future) with implementing, administering and managing the Plan to receive, possess, use, retain and transfer the Data, in electronic or other form, for the sole purpose of implementing, administering and managing his or her participation in the Plan. Participant understands that Data will be held only as long as is necessary to implement, administer and manage Participant’s participation in the Plan. Participant understands if he or she resides outside the United States, he or she may, at any time, view Data, request additional information about the storage and processing of Data, require any necessary amendments to Data or refuse or withdraw the consents herein, in any case without cost, by contacting in writing his or her local human resources representative at [insert Malaysian entity information]. Further, Participant understands that he or she is providing the consents herein on a purely voluntary basis. If Participant does not consent, or if Participant later seeks to revoke his or her consent, his or her employment status or service and career with the Employer will not be adversely affected; the only consequence of refusing or withdrawing Participant’s consent is that the Company would not be able to grant Participant Restricted Stock Units or other Awards or administer or maintain such Awards. Therefore, Participant understands that refusing or withdrawing his or her consent may affect Participant’s ability to participate in the Plan. For more information on the consequences of Participant’s refusal to consent or withdrawal of consent, Participant understands that he or she may contact his or her local human resources representative. | Peserta dengan ini secara eksplisit dan tanpa sebarang keraguan mengizinkan pengumpulan, penggunaan dan pemindahan, dalam bentuk elektronik atau lain-lain, data peribadi Peserta seperti yang dinyatakan dalam Perjanjian Penganugerahan dan apa-apa bahan geran Unit Saham Terbatas yang lain oleh dan di antara, sebagaimana yang berkenaan, Majikan, Syarikat, dan mana-mana Syarikat Induk atau Anak Syarikat untuk tujuan ekslusif bagi pelaksanaan, pentadbiran dan pengurusan penyertaan Peserta dalam Pelan tersebut. Peserta memahami bahawa Syarikat dan Majikan mungkin memegang maklumat peribadi tertentu tentang Peserta, termasuk, tetapi tidak terhad kepada, namanya, alamat rumah dan nombor telefon, tarikh lahir, nombor insurans sosial atau nombor pengenalan lain, gaji, kewarganegaraan, jawatan, apa-apa saham atau jawatan pengarah yang dipegang dalam Syarikat, butir-butir semua Unit Saham Terbatas atau apa-apa hak lain untuk syer dalam saham yang dianugerahkan, dibatalkan, dilaksanakan, terletak hak, tidak diletak hak ataupun yang belum dijelaskan bagi faedah Peserta (“Data”), untuk tujuan yang eksklusif bagi melaksanakan, mentadbir dan menguruskan Pelan. Data dibekalkan oleh Majikan dan juga oleh Peserta melalui maklumat yang dikumpul berkenaan dengan Perjanjian Penganugerahan dan Pelan. Peserta memahami bahawa Data akan dipindah kepada Charles Schwab & Co., Inc., atau pembekal perkhidmatan pelan saham lain yang mungkin dipilih oleh Syarikat pada masa depan yang membantu Syarikat dalam melaksanakan, mentadbir dan menguruskan Pelan tersebut. Peserta memahami bahawa penerima-penerima Data mungkin berada di Amerika Syarikat atau di tempat lain, dan bahawa negara penerima (contohnya, Amerika Syarikat) mungkin mempunyai undang-undang privasi data dan perlindungan yang berbeza daripada negara Peserta. Peserta fahami bahawa sekiranya dia menetap di luar Amerika Syarikat, Peserta boleh meminta senarai nama dan alamat mana-mana penerima Data yang berpotensi dengan menghubungi wakil sumber manusia tempatannya. Peserta memberi kuasa kepada Syarikat, brokernya dan mana-mana penerima lain yang mungkin membantu Syarikat (pada masa kini atau masa depan) untuk melaksanakan, mentadbir dan menguruskan Pelan untuk menerima, memiliki, menggunakan, mengekalkan dan memindahkan Data, dalam bentuk elektronik atau lain-lain, dengan tujuan untuk melaksanakan, mentadbir dan menguruskan penyertaan Peserta dalam Pelan. Peserta fahami bahawa Data akan dipegang hanya untuk tempoh yang diperlukan untuk melaksanakan, mentadbir dan menguruskan penyertaan Peserta dalam Pelan. Peserta fahami bahawa sekiranya dia menetap di luar Amerika Syarikat, dia boleh, pada bila-bila masa, melihat Data, meminta maklumat tambahan mengenai penyimpanan dan pemprosesan Data, meminta bahawa pindaan-pindaan yang diperlukan dilaksanakan ke atas Data atau menolak atau menarik balik persetujuan dalam ini, dalam mana-mana kes, tanpa kos, dengan menghubungi secara bertulis wakil sumber manusia tempatannya di [masukkan informasi mengenai entiti di Malaysia]. Selanjutnya, Peserta memahami bahawa dia memberikan persetujuan di sini secara sukarela. Jika Peserta tidak bersetuju, atau jika Peserta kemudian membatalkan persetujuannya, status pekerjaan atau perkhidmatan dan kerjayanya dengan Majikan tidak akan terjejas; satunya akibat jika dia tidak bersetuju atau menarik balik persetujuannya adalah bahawa Syarikat tidak akan dapat menganugerahkan kepada Peserta Unit Saham Terbatas atau Anugerah lain atau mentadbir atau mengekalkan Anugerah tersebut. Oleh itu, Peserta fahami bahawa keengganan atau penarikan balik persetujuannya boleh menjejaskan keupayaannya untuk mengambil bahagian dalam Pelan. Untuk maklumat lanjut mengenai akibat keengganannya untuk memberikan keizinan atau penarikan balik keizinan, Peserta fahami bahawa dia boleh menghubungi wakil sumber manusia tempatannya. |
32
Director Notification Obligation. If Participant is a director of a Malaysian Parent or Subsidiary, Participant is subject to certain notification requirements under the Malaysian Companies Act. Among these requirements is an obligation to notify the Company’s Malaysian Parent or Subsidiary in writing when Participant receive or dispose of an interest (e.g., Restricted Stock Units or Shares) in the Company or any related company. This notification must be made within 14 days of receiving or disposing of any interest in the Company or any related company.
MEXICO
Terms and Conditions
No Entitlement or Claims for Compensation. These provisions supplement Section 11 of the Award Agreement:
Modification. By accepting the Restricted Stock Units, Participant understands and agrees that any modification of the Plan or the Award Agreement or its termination shall not constitute a change or impairment of the terms and conditions of employment.
Policy Statement. The Award of Restricted Stock Units the Company is making under the Plan is unilateral and discretionary and, therefore, the Company reserves the absolute right to amend it and discontinue it at any time without any liability.
The Company, with registered offices at 899 Kifer Road, Sunnyvale, CA 94086, U.S.A., is solely responsible for the administration of the Plan and participation in the Plan and the acquisition of Shares does not, in any way, establish an employment relationship between Participant and the Company since Participant is participating in the Plan on a wholly commercial basis and the sole employer is Fortinet, Inc., located at Prol. Paseo de la Reforma 115 Int. 702, Col. Lomas de Santa Fe, Del. Alvaro Obregon, Mexico, D.F. C.P. 01219, nor does it establish any rights between Participant and the Employer.
Plan Document Acknowledgment. By accepting the Award of Restricted Stock Units, Participant acknowledges that Participant has received copies of the Plan, has reviewed the Plan and the Award Agreement in their entirety and fully understands and accepts all provisions of the Plan and the Award Agreement.
In addition, by accepting the Award Agreement, Participant further acknowledges that Participant has read and specifically and expressly approved the terms and conditions in the Award Agreement, in which the following is clearly described and established: (i) participation in the Plan does not constitute an acquired right; (ii) the Plan and participation in the Plan is offered by the Company on a wholly discretionary basis; (iii) participation in the Plan is voluntary; and (iv) the Company and any Parent or Subsidiary are not responsible for any decrease in the value of the Shares underlying the Restricted Stock Units.
33
Finally, Participant hereby declares that Participant does not reserve any action or right to bring any claim against the Company for any compensation or damages as a result of Participant’s participation in the Plan and therefore grants a full and broad release to the Employer, the Company and any Parent or Subsidiary with respect to any claim that may arise under the Plan.
Spanish Translation
Sin derecho a compensación o reclamaciones por compensación. Estas disposiciones complementan el Contrato:
Modificación. Al aceptar las Unidades de Acciones Restringidas, el Participante entiende y acuerda que cualquier modificación al Plan o al Contrato o su terminación no constituirá un cambio o perjuicio a los términos y condiciones de empleo.
Declaración de Política. El Otorgamiento de Unidades de Acciones Restringidas que la Compañía está haciendo de conformidad con el Plan es unilateral y discrecional y, por lo tanto, la Compañía se reserva el derecho absoluto de modificar y discontinuar el mismo en cualquier momento, sin responsabilidad alguna.
La Compañía, con oficinas registradas ubicadas en 899 Kifer Road, Sunnyvale, CA 94086, , EE.UU. es únicamente responsable de la administración del Plan y la participación en el Plan y la adquisición de Acciones no establece, de forma alguna, una relación de trabajo entre el Participante y la Compañía, ya que el Participante participa en el Plan de una forma totalmente comercial y el único patrón es Fortinet, Inc., Prol. Paseo de la Reforma 115 Int. 702, Col. Lomas de Santa Fe, Del. Alvaro Obregon, Mexico, D.F. C.P. 01219, y tampoco establece ningún derecho entre el Participante y el Patrón.
Reconocimiento del Documento del Plan. Al aceptar el Otorgamiento de las Unidades de Acciones Restringidas, el Participante reconoce que el Participante ha recibido copias del Plan, ha revisado el Plan y el Contrato en su totalidad y entiende y acepta completamente todas las disposiciones contenidas en el Plan y en el Contrato.
Adicionalmente, al aceptar el Contrato, el Participante reconoce que el Participante ha leído y específica y expresamente ha aprobado los términos y condiciones del Contrato, en el que claramente se ha descrito y establecido que: (i) la participación en el Plan no constituye un derecho adquirido; (ii) el Plan y la participación en el Plan es ofrecida por la Compañía de forma enteramente discrecional; (iii) la participación en el Plan es voluntaria; y (iv) la Compañía, así como su Sociedad Controlante, Subsidiaria no son responsables por cualquier disminución en el valor de las Acciones subyacentes a las Unidades de Acciones Restringidas.
Finalmente, el Participante en este acto declara que el Participante no se reserva ninguna acción o derecho para interponer cualquier demanda o reclamación en contra de la Compañía por compensación, daño o perjuicio alguno como resultado de su participación en el Plan y, por lo tanto, otorga el más amplio finiquito al Patrón, la Compañía, así como su Sociedad Controlante, Subsidiaria con respecto a cualquier demanda o reclamación que pudiera surgir en virtud del Plan.
34
MOROCCO
Restricted Stock Units Payable Only in Cash. Notwithstanding Section 2 of the Award Agreement, the grant of Restricted Stock Units does not provide any right for Participant to receive Shares. Restricted Stock Units granted to Participants in Morocco shall be paid only in cash through local payroll in an amount equal to the value of the Shares on the vesting date less any Tax-Related Items. Participant agrees to bear any currency fluctuation risk between the time the Restricted Stock Units vest and the time the cash payment is distributed to Participant through local payroll.
NETHERLANDS
There are no country-specific provisions.
NEW ZEALAND
Notifications
Securities Law Information.
WARNING
This is an offer of Restricted Stock Units over Shares which, if vested, will entitle Participant to acquire Shares in accordance with the terms of the Award Agreement and the Plan. Shares, if issued, will give Participant a stake in the ownership of the Company. Participant may receive a return if dividends are paid.
If the Company runs into financial difficulties and is wound up, Participant will be paid only after all creditors have been paid. Participant may lose some or all of his or her investment, if any.
New Zealand law normally requires people who offer financial products to give information to investors before they invest. This information is designed to help investors to make an informed decision. The usual rules do not apply to this offer because it is made under an employee share scheme. As a result, Participant may not be given all the information usually required. The Participant will also have fewer other legal protections for this investment. The Participant should ask questions, read all documents carefully, and seek independent financial advice before committing him or herself.
Shares are quoted on the Nasdaq Global Select Market (“Nasdaq”). This means Participant may be able to sell them on the Nasdaq if there are interested buyers. Participant may get less than he or she invested. The price will depend on the demand for the Shares.
For information on risk factors impacting the Company’s business that may affect the value of the shares of Common Stock, you should refer to the risk factors discussion in the Company’s Annual Report on Form 10-K and Quarterly Reports on Form 10-Q, which are filed with the U.S. Securities
35
and Exchange Commission and are available online at www.sec.gov, as well as on the Company’s “Investor Relations” website at http://investor.fortinet.com/.
NIGERIA
There are no country-specific provisions.
NORWAY
There are no country-specific provisions.
PANAMA
Notifications
Securities Law Information. The Restricted Stock Units and any Shares which may be issued to Participant upon vesting and settlement of the Restricted Stock Units are not subject to registration under Panamanian Law as they are not intended for the public, but solely for Participant’s benefit.
PERU
Terms and Conditions
Labor Law Acknowledgment. By accepting the Restricted Stock Units, Participant acknowledges that the Restricted Stock Units are being granted ex gratia with the purpose of rewarding Participant.
Notifications
Securities Law Information. The offer of the Restricted Stock Units is considered a private offering in Peru; therefore, it is not subject to registration in Peru.
PHILIPPINES
Terms and Conditions
Restricted Stock Units Payable Only in Cash. Notwithstanding Section 2 of the Award Agreement, each Restricted Stock Unit represents the right to receive the cash equivalent of the Fair Market Value of a Share on the date it vests. For the avoidance of doubt, Participant shall not be entitled to receive any Shares pursuant to any vested Restricted Stock Units or pursuant to Dividend Equivalents.
POLAND
Notifications
Exchange Control Information. Participant acknowledges that any transfer of funds in excess of PLN15,000 into or out of Poland must be affected through a bank account in Poland. Participant
36
understands that they are required to store all documents connected with any foreign exchange transactions they engage in for a period of five years, as measured from the end of the year in which such transaction occurred.
Foreign Asset/Account Reporting Information. If Participant maintains bank or brokerage accounts holding cash and foreign securities (including Shares) outside of Poland, Participant will be required to report information to the National Bank of Poland on transactions and balances in such accounts if the value of such cash and securities exceeds PLN 7 million. If required, such reports must be filed on special forms available on the website of the National Bank of Poland. Participant should consult with his or her legal advisor to determine whether Participant will be required to submit reports to the National Bank of Poland.
PORTUGAL
Terms and Conditions
Language Consent. Participant hereby expressly declares that he or she has full knowledge of the English language and has read, understood and fully accepted and agreed with the terms and conditions established in the Plan and the Award Agreement.
Conhecimento da Lingua. O Participante pelo presente declara expressamente que tem pleno conhecimento da língua inglesa e que leu, compreendeu e livremente aceitou e concordou com os termos e condições estabelecidas no Plano e no Acordo de Atribuição
Notifications
Exchange Control Information. If Participant does not hold the Shares acquired at vesting with a Portuguese financial intermediary, Participant may need to file a report with the Portuguese Central Bank. If the Shares are held by a Portuguese financial intermediary, it will file the report for Participant.
PUERTO RICO
There are no country-specific provisions.
QATAR
There are no country-specific provisions.
ROMANIA
Notifications
Exchange Control Information. If Participant deposits the proceeds from the sale of Shares issued to him or her at vesting and settlement of the Shares or any Dividend Equivalents paid on such Shares in a bank account in Romania, Participant may be required to provide the Romanian bank with appropriate documentation explaining the source of the funds.
37
Participant should consult his or her personal advisor to determine whether Participant will be required to submit such documentation to the Romanian bank.
RUSSIA
Terms and Conditions
U.S. Transaction. The Plan, the Award Agreement, including this Addendum, and all other materials Participant may receive regarding Participant’s participation in the Plan or the grant of Restricted Stock Units do not constitute advertising or an offering of securities in Russia. The issuance of Shares acquired at vesting has not and will not be registered in Russia; therefore, such Shares may not be offered or placed in public circulation in Russia.
In no event will Shares acquired at vesting be delivered to Participant in Russia; all Shares will be maintained on Participant’s behalf in the United States.
Participant is not permitted to sell Shares acquired at vesting directly to a Russian legal entity or resident.
Depending on the development of local regulatory requirements, the Company reserves the right to settle the Restricted Stock Units in cash and/or to pay any proceeds related to the Restricted Stock Units to Participant through local payroll.
Data Privacy. This notification supplements Section 13 of the Award Agreement:
Participant understands and agrees that he or she must complete and return a Consent to Processing of Personal Data (the “Consent”) form to the Company. Further, Participant understands and agrees that if Participant does not complete and return a Consent form to the Company, the Company will not be able to grant Restricted Stock Units to Participant or other awards or administer or maintain such awards. Therefore, Participant understands that refusing to complete a Consent form or withdrawing his or her consent may affect Participant’s ability to participate in the Plan.
Notifications
Exchange Control Information. Russian residents should contact their personal advisor regarding their obligations resulting from their participation in the Plan as significant penalties may apply in the case of non-compliance with exchange control requirements and because such exchange control requirements may change.
Notifications
Foreign Asset/Account Reporting Information. Russian residents will be required to notify the Russian tax authorities within one month of opening or closing a foreign bank account or of changing any account details. Russian residents are also required to file with the Russian tax authorities reports of the transactions in their foreign bank accounts. Participant should consult with his or her personal tax advisor for additional information about these reporting obligations.
38
Anti-Corruption Information. Anti-corruption laws prohibit certain public servants, their spouses and their dependent children from owning any foreign source financial instruments (e.g., shares of foreign companies such as the Company). Accordingly, Participant should inform the Company if he or she is covered by these laws because Participant should not hold Shares acquired under the Plan.
Labor Law Information. If Participant continues to hold Shares acquired at vesting of the RSUs after an involuntary termination of status as a Service Provider, Participant may not be eligible to receive unemployment benefits in Russia.
SAUDI ARABIA
Terms and Conditions
Restricted Stock Units Payable Only in Cash. Notwithstanding Section 2 of the Award Agreement, the grant of Restricted Stock Units does not provide any right for Participant to receive Shares. Restricted Stock Units granted to Participants in Saudi Arabia shall be paid only in cash through local payroll in an amount equal to the value of the Shares on the vesting date less any Tax-Related Items. Participant agrees to bear any currency fluctuation risk between the time the Restricted Stock Units vest and the time the cash payment is distributed to Participant through local payroll.
SINGAPORE
Terms and Conditions
Sale Restriction. Participant agrees that any Shares acquired pursuant to the Restricted Stock Units will not be offered for sale in Singapore prior to the six-month anniversary of the Date of Grant unless such sale or offer is made pursuant to the exemptions under Part XIII Division (1) Subdivision (4) (other than section 280) of the Securities and Futures Act (Chapter 289, 2006 Ed.) (“SFA”).
Notifications
Securities Law Information. The grant of Restricted Stock Units is being made to Participant in reliance on the “Qualifying Person” exemption of the SFA under which it is exempt from the prospectus and registration requirements and is not made with a view to the underlying Shares being subsequently offered for sale to any other party. The Plan has not been and will not be lodged or registered as a prospectus with the Monetary Authority of Singapore.
Chief Executive Officer and Director Notification Obligation. If Participant is the Chief Executive Office (“CEO”) or a director, associate director or shadow director of a Singapore Parent, Subsidiary or Affiliate, Participant understands that Participant is subject to certain notification requirements under the Singapore Companies Act. Participant acknowledges that Participant must notify the Singapore Parent, Subsidiary or Affiliate in writing of an interest (e.g., unvested Restricted Stock Units, Shares, etc.) in the Company or any Parent or Subsidiary within two (2) business days of (i) its acquisition or disposal, (ii) any change in previously disclosed interest (e.g., when Shares
39
acquired at vesting are sold), or (iii) becoming the CEO and/or a director, if Participant holds such an interest at the time.
SLOVAKIA
Notifications
Foreign Asset/Account Reporting Information. If Participant permanently resides in the Slovak Republic and, apart from being employed, carries on business activities as an independent entrepreneur (in Slovakian, podnikatel), Participant will be obligated to report his or her foreign assets (including Shares) to the National Bank of Slovakia (provided that the value of the foreign assets exceeds an amount of €2,000,000).
SLOVENIA
There are no country-specific provisions.
SOUTH AFRICA
Terms and Conditions
Withholding Taxes. This provision supplements Section 7 of the Award Agreement:
By accepting the Restricted Stock Units, Participant agrees to immediately notify the Employer of the amount of any gain realized upon vesting of the Restricted Stock Units. If Participant fails to advise the Employer of the gain realized at vesting, Participant may be liable for a fine. Participant will be responsible for paying any difference between the actual tax liability and the amount withheld.
Notifications
Exchange Control Information. Participant is responsible for complying with applicable South African exchange control regulations. Since the exchange control regulations change frequently and without notice, Participant should consult Participant’s legal advisor prior to the acquisition or sale of Shares acquired under the Plan to ensure compliance with current regulations. As noted, it is Participant’s responsibility to comply with South African exchange control laws, and neither the Company nor any Parent or Subsidiary will be liable for any fines or penalties resulting from Participant’s failure to comply with applicable laws.
SPAIN
Terms and Conditions
Nature of Grant. This provision supplements Section 10 of the Award Agreement:
By accepting the Restricted Stock Units, Participant consents to participation in the Plan and acknowledges that Participant has received a copy of the Plan.
40
Participant understands that the Company has unilaterally, gratuitously, and in its sole discretion decided to grant Restricted Stock Units under the Plan to individuals who may be Service Providers throughout the world. The decision is a limited decision that is entered into upon the express assumption and condition that any grant will not bind the Company or any Parent or Subsidiary, other than to the extent set forth in this Award Agreement. Consequently, Participant understands that the Restricted Stock Units are granted on the assumption and condition that the Restricted Stock Units and any Shares acquired at vesting of the Restricted Stock Units are not part of any employment or service contract (either with the Company or any Parent or Subsidiary), and shall not be considered a mandatory benefit, salary for any purposes (including severance compensation), or any other right whatsoever. In addition, Participant understands that this grant would not be made but for the assumptions and conditions referred to above; thus, Participant acknowledges and freely accepts that, should any or all of the assumptions be mistaken or should any of the conditions not be met for any reason, then any grant of or right to the Restricted Stock Units shall be null and void.
Further, except as otherwise provided in the Plan and the Award Agreement, Participant understands that he or she will not be entitled to continue vesting in any Restricted Stock Units once Participant’s status as a Service Provider terminates. This will be the case, for example, even in the event of a termination of Participant’s status of a Service Provider by reason of, but not limited to, resignation, retirement, disciplinary dismissal adjudged to be with cause, disciplinary dismissal adjusted or recognized to be without cause, individual or collective dismissal or objective grounds, whether adjudged or recognized to be without cause, material modification of the terms of employment under Article 41 of the Workers’ Statute, relocation under Article 40 of the Workers’ Statute, Article 50 of the Workers’ Statute, unilateral withdrawal by the Employer and under Article 10.3 of the Royal Decree 1382/1985. Participant acknowledges that Participant has read and specifically accepts the vesting and termination conditions in the Award Agreement.
Notifications
Securities Law Information. The Restricted Stock Units do not qualify under Spanish Law as securities. No “offer to the public,” as defined under Spanish Law, has taken place or will take place in the Spanish territory. Neither the Plan nor the Award Agreement have been registered with the Comisión Nacronal del Mercado de Valores and do not constitute a public offering prospectus.
Exchange Control Information. Participant must declare the acquisition of Shares to the Spanish Dirección General de Comercio e Inversiones (the “DGCI”), the Bureau for Commerce and Investments, which is a department of the Ministry of Economy and Competitiveness. Participant must also declare ownership of any Shares by filing a Form D-6 with the Directorate of Foreign Transactions each January while the Shares are owned. In addition, the sale of Shares must also be declared on Form D-6 filed with the DGCI in January, unless the sale proceeds exceed the applicable threshold (currently €1,502,530), in which case, the filing is due within one month after the sale.
In addition, Participant is required to declare electronically to the Bank of Spain any foreign accounts (including brokerage accounts held abroad), any foreign instruments (including any Shares acquired under the Plan) and any transactions with non-Spanish residents (including any payments of Shares
41
made to Participant by the Company) depending on the value of such accounts and instruments and the amount of the transactions during the relevant year as of December 31 of the relevant year.
Foreign Asset/Accounting Reporting Information. If Participant holds rights or assets (e.g., Shares or cash held in a bank or brokerage account) outside of Spain with a value in excess of €50,000 per type of right or asset (e.g., Shares, cash, etc.) as of December 31 each year, Participant is required to report certain information regarding such rights and assets on tax form 720. After such rights and/or assets are initially reported, the reporting obligation will apply for subsequent years only if the value of any previously-reported rights or assets increases by more than €20,000. The reporting must be completed by the March 31 each year.
SWEDEN
There are no country-specific provisions.
SWITZERLAND
Notifications
Securities Law Information. The offering of Restricted Stock Units is not intended to be publicly offered in or from Switzerland. Because the offering of Restricted Stock Units is considered a private offering in Switzerland, it is not subject to registration in Switzerland. Neither this document nor any other materials relating to the grant of Restricted Stock Units under the Plan constitutes a prospectus as such term is understood pursuant to article 652a of the Swiss Code of Obligations, and neither this document nor any other materials relating to the grant of Restricted Stock Units under the Plan may be publicly distributed nor otherwise made publicly available in Switzerland. Further, neither this document nor any other offering or marketing material relating to the offering of Restricted Stock Units has been or will be filed with, approved, or supervised by any Swiss regulatory authority (in particular, the Swiss Financial Market Supervisory Authority (FINMA)).
TAIWAN
Terms and Conditions
Data Privacy Acknowledgement. Participant acknowledges that he or she has read and understands the terms regarding collection, processing and transfer of Data contained in Section 13 of the Award Agreement and by participating in the Plan, Participant agrees to such terms. In this regard, upon request of the Company or the Employer, Participant agrees to provide an executed data privacy consent form to the Employer or the Company (or any other agreements or consents that may be required by the Employer or the Company) that the Company and/or the Employer may deem necessary to obtain under the data privacy laws in Participant’s country, either now or in the future. Participant understands that he or she will not be able to participate in the Plan if Participant fails to execute any such consent or agreement.
42
Notifications
Exchange Control Information. Participant may acquire and remit foreign currency (including proceeds from the sale of Shares or the receipt of dividends) up to US$5,000,000 per year without justification.
If the transaction amount is TWD500,000 or more in a single transaction, Participant must submit a Foreign Exchange Transaction Form and also provide supporting documentation to the satisfaction of the remitting bank.
THAILAND
Notifications
Exchange Control Information. If the proceeds from the sale of Shares or the receipt of dividends and Dividend Equivalents are equal to or greater than US$50,000 in a single transaction, Participant must repatriate the proceeds to Thailand immediately upon receipt and to convert the funds to Thai Baht or deposit the proceeds in a foreign currency deposit account maintained by a bank in Thailand within 360 days of remitting the proceeds to Thailand. In addition, Participant must specifically report the inward remittance to the Bank of Thailand on a Foreign Exchange Transaction Form.
If Participant does not comply with this obligation, Participant may be subject to penalties assessed by the Bank of Thailand. Because exchange control regulations change frequently and without notice, Participant should consult a legal advisor before selling Shares to ensure compliance with current regulations. It is Participant’s responsibility to comply with exchange control laws in Thailand, and neither the Company nor any Parent or Subsidiary will be liable for any fines or penalties resulting from Participant’s failure to comply with applicable laws.
TUNISIA
Terms and Conditions
Settlement of Restricted Stock Units and Sale of Shares. Due to local regulatory requirements, upon the vesting of the Restricted Stock Units, Participant agrees to the immediate sale of any Shares to be issued to him or her upon vesting and settlement of the Restricted Stock Units. Participant further agrees that the Company is authorized to instruct its designated broker to assist with the mandatory sale of such Shares (on Participant’s behalf pursuant to this authorization) and Participant expressly authorizes the Company’s designated broker to complete the sale of such Shares. Participant acknowledges that the Company’s designated broker is under no obligation to arrange for the sale of the Shares at any particular price. Upon the sale of the Shares, the Company agrees to pay Participant the cash proceeds from the sale of the Shares, less any brokerage fees or commissions and subject to any obligation to satisfy Tax-Related Items. Participant acknowledges that he or she are not aware of any material nonpublic information with respect to the Company or any securities of the Company as of the date of the Award Agreement.
Notifications
43
Exchange Control Information. All proceeds from the sale of Shares as described above must be repatriated to Tunisia. Participant should consult his or her personal advisor before taking action with respect to remittance of proceeds into Tunisia. Participant is responsible for ensuring compliance with all exchange control laws in Tunisia. In addition, if Participant holds assets abroad in excess of 500 Tunisian Dinars, Participant must report the assets to the Central Bank of Tunisia.
TURKEY
Notifications
Securities Law Information. Under Turkish law, Participant is not permitted to sell Shares acquired under the Plan in Turkey. The Shares are currently traded on the Nasdaq Global Select Market, which is located outside of Turkey, under the ticker symbol “FTNT” and the Shares may be sold through this exchange.
Exchange Control Information. Participant likely will be required to engage a Turkish financial intermediary to assist with the sale of Shares acquired under the Plan and may also need to engage a Turkish financial intermediary with respect to the acquisition of such Shares, although this is less certain. As Participant is solely responsible for complying with the financial intermediary requirements and their application to participation in the Plan is uncertain, Participant should consult his or her personal legal advisor prior to the vesting of the Restricted Stock Units or any sale of Shares to ensure compliance.
UNITED ARAB EMIRATES
Notifications
Securities Law Information. Participation in the Plan is being offered only to selected Service Providers and is in the nature of providing equity incentives to Service Providers in the United Arab Emirates. The Plan and the Award Agreement are intended for distribution only to such Service Providers and must not be delivered to, or relied on by, any other person. Prospective purchasers of the securities offered should conduct their own due diligence on the securities. If Participant does not understand the contents of the Plan and the Award Agreement, Participant should consult an authorized financial adviser. The Emirates Securities and Commodities Authority has no responsibility for reviewing or verifying any documents in connection with the Plan. Neither the Ministry of Economy nor the Dubai Department of Economic Development have approved the Plan or the Award Agreement nor taken steps to verify the information set out therein, and have no responsibility for such documents.
UNITED KINGDOM
Terms and Conditions
Restricted Stock Units Payable Only in Shares. Notwithstanding any discretion in the Plan or anything to the contrary in the Award Agreement, the grant of Restricted Stock Units does not
44
provide any right for Participant to receive a cash payment, and the Restricted Stock Units are payable in Shares only.
Withholding Taxes. This provision supplements Section 7 of the Award Agreement:
If payment or withholding of the income tax due is not made within ninety (90) days of the end of the U.K. tax year (April 6 - April 5) in which such event giving rise to the Tax-Related Items occurs, or such other period specified in Section 222(1)(c) of the U.K. Income Tax (Earnings and Pensions) Act 2003 (the “Due Date”), the amount of any uncollected income tax shall constitute a loan owed by Participant to the Employer, effective on the Due Date. Participant agrees that the loan will bear interest at the then-current Official Rate of Her Majesty’s Revenue & Customs (“HMRC”), it will be immediately due and repayable, and the Company or the Employer may recover it at any time thereafter by any of the means referred to in Section 10 of the Award Agreement.
Notwithstanding the foregoing, if Participant is a director or executive officer of the Company (within the meaning of Section 13(k) of the U.S. Securities Exchange Act of 1934, as amended), Participant shall not be eligible for a loan from the Company to cover the income tax. In the event that Participant is a director or executive officer and income tax not collected from or paid by Participant by the Due Date, the amount of any uncollected income tax may constitute a benefit to Participant on which additional income tax and national insurance contributions (“NICs”) may be payable. Participant acknowledges that Participant ultimately will be responsible for reporting and paying any income tax due on this additional benefit directly to HMRC under the self-assessment regime and for reimbursing the Company or the Employer (as applicable) for the value of any employee NICs due on this additional benefit, which the Company and/or the Employer may recover from Participant at any time thereafter by any of the means referred to in Section 10 of the Award Agreement.
Joint Election for Transfer of the Employer’s Secondary Class 1 NICs Liability to the Participant. As a condition of vesting in the Restricted Stock Units, Participant agrees to accept any liability for secondary Class 1 NICs, which may be payable by the Company or the Employer in connection with the Restricted Stock Units (“Employer NICs”). Without limitation to the foregoing, Participant agrees to enter into an election between Participant and the Company or the Employer (the “Election”), in the form approved for such Election by HMRC, and any other consents or elections required to accomplish the transfer of the Employer NICs to Participant, prior to vesting of the Restricted Stock Units. Participant further agrees to enter into such other joint elections as may be required between Participant and any successor to the Company and/or the Employer. If Participant does not enter into the Election prior to the vesting of the Restricted Stock Units, Participant shall, without any liability to the Company or any Parent or Subsidiary, not be entitled to vest in the Restricted Stock Units.
Participant further agrees that the Company and/or the Employer may collect the Employer NICs by any of the means set forth in Section 10 of the Award Agreement, as supplemented above.
45
Exhibit 10.7
AMENDED AND RESTATED FORTINET, INC.
2009 EQUITY INCENTIVE PLAN
STOCK OPTION AWARD AGREEMENT
Unless otherwise defined herein, the terms defined in the Amended and Restated Fortinet, Inc. 2009 Equity Incentive Plan (the “Plan”) will have the same defined meanings in this Stock Option Award Agreement, including any country-specific terms and conditions set forth in the attached Appendix (collectively, the “Award Agreement”).
I.NOTICE OF STOCK OPTION GRANT
Participant Name:
Address:
You have been granted an Option to purchase Common Stock of Fortinet, Inc. (the “Company”), subject to the terms and conditions of the Plan and this Award Agreement, as follows:
Grant Number | |||
Date of Grant | |||
Vesting Commencement Date | |||
Exercise Price per Share | $ | ||
Total Number of Shares Granted | |||
Total Exercise Price | $ | ||
Type of Option: | Incentive Stock Option | ||
Nonstatutory Stock Option | |||
Term/Expiration Date: | |||
Vesting Schedule:
Subject to any acceleration provisions contained in the Plan or set forth below, this Option may be exercised, in whole or in part, in accordance with the following schedule:
[INSERT VESTING SCHEDULE]
In the event Participant ceases to be a Service Provider for any or no reason before Participant vests in any portion of the Option, any such unvested portion of the Option and Participant’s right to acquire any Shares hereunder will immediately terminate.
Termination Period:
The vested portion of this Option will be exercisable for [three (3) months] after Participant ceases to be a Service Provider, unless such termination is due to Participant’s death or Disability, in which case this Option will be exercisable for [twelve (12) months] after Participant ceases to be a Service Provider. Notwithstanding the foregoing, in no event may this Option be exercised after the Term/Expiration Date as provided above and may be subject to earlier termination as provided in Section 13(c) of the Plan.
By Participant’s signature and the signature of the Company’s representative below, Participant and the Company agree that this Option is granted under and governed by the terms and conditions of the Plan and this Award Agreement, including the Terms and Conditions of Stock Option Grant attached hereto as Exhibit A and the Additional Terms and Conditions of Stock Option Grant attached hereto as Exhibit B, all of which are made a part of this document. Participant has reviewed the Plan and this Award Agreement in their entirety, has had an opportunity to obtain the advice of counsel prior to accepting this Award Agreement and fully understands all provisions of the Plan and Award Agreement. Participant hereby agrees to accept as binding, conclusive and final all decisions or interpretations of the Administrator upon any questions relating to the Plan and Award Agreement. Participant further agrees to notify the Company upon any change in the residence address indicated below.
PARTICIPANT: | FORTINET, INC. | |||
Signature | By | |||
Print Name | Title | |||
Residence Address: | ||||
-2-
EXHIBIT A
TERMS AND CONDITIONS OF STOCK OPTION GRANT
1. Grant of Option. The Company hereby grants to the individual named in the Notice of Grant attached as Part I of this Award Agreement (the “Participant”) an option (the “Option”) to purchase the number of Shares, as set forth in the Notice of Grant, at the exercise price per Share set forth in the Notice of Grant (the “Exercise Price”), subject to all of the terms and conditions in this Award Agreement and the Plan, which is incorporated herein by reference. In the event of a conflict between the terms and conditions of the Plan and the terms and conditions of this Award Agreement, the terms and conditions of the Plan will prevail.
If designated in the Notice of Grant as a U.S. Incentive Stock Option (“ISO”), this Option is intended to qualify as an ISO under Section 422 of the U.S. Internal Revenue Code of 1986, as amended (the “Code”). However, if this Option is intended to be an ISO, to the extent that it exceeds the US$100,000 rule of Code Section 422(d) it will be treated as a U.S. Nonstatutory Stock Option (“NSO”). Further, if for any reason this Option (or portion thereof) will not qualify as an ISO, then, to the extent of such nonqualification, such Option (or portion thereof) shall be regarded as a NSO granted under the Plan. In no event will the Administrator, the Company or any Parent or Subsidiary or any of their respective employees or directors have any liability to Participant (or any other person) due to the failure of the Option to qualify for any reason as an ISO. Participants employed outside the U.S. will be granted NSOs.
2. Vesting Schedule.
(a) Except as provided in Section 3, the Option awarded by this Award Agreement will vest in accordance with the vesting provisions set forth in the Notice of Grant. Shares scheduled to vest on a certain date or upon the occurrence of a certain condition will not vest in Participant in accordance with any of the provisions of this Award Agreement, unless Participant will have been continuously a Service Provider from the Date of Grant until the date such vesting occurs.
(b) Notwithstanding any contrary provision of this Award Agreement, the balance of the Option that has not vested as of the time of the Participant’s termination as a Service Provider, for any or no reason and Participant’s right to acquire any Shares hereunder, will immediately terminate upon Participant’s termination as a Service Provider. For purposes of the Option, the Participant’s termination as a Service Provider will be considered terminated as of the date the Participant is no longer actively providing services as a Service Provider to the Company or one of its Subsidiaries (regardless of the reason for such termination and whether or not later found to be invalid or in breach of labor laws in the jurisdiction where the Participant is employed or the terms of the Participant’s employment agreement, if any), and unless otherwise determined by the Company, the Participant’s right to vest in the Option, if any, will terminate and the Participant's right to exercise any vested Option will be measured as of such date and, in either case, will not be extended by any notice period (e.g., the Participant’s period of service would not include any contractual notice period or any period of “garden leave” or similar period mandated under labor laws in the jurisdiction where the Participant is employed or the terms of the Participant’s employment agreement, if any). The Administrator shall have the exclusive discretion to determine when the Participant is no longer actively providing services for purposes of the Option (including whether the Participant may still be considered to be providing services while on a leave of absence).
-3-
3. Administrator Discretion. The Administrator, in its discretion, may accelerate the vesting of the balance, or some lesser portion of the balance, of the unvested Option at any time, subject to the terms of the Plan. If so accelerated, such Option will be considered as having vested as of the date specified by the Administrator.
4. Exercise of Option.
(a) Right to Exercise. This Option may be exercised only within the term set out in the Notice of Grant, and may be exercised during such term only in accordance with the Plan and the terms of this Award Agreement.
(b) Method of Exercise. This Option is exercisable by delivery of a written or electronic exercise notice, [in a form authorized by the Company] [in the form attached as Exhibit C] (the “Exercise Notice”), or in a manner and pursuant to such procedures as the Administrator may determine, which will state the election to exercise the Option, the number of Shares in respect of which the Option is being exercised (the “Exercised Shares”), and such other representations and agreements as may be required by the Company pursuant to the provisions of the Plan. The Exercise Notice will be completed by Participant and delivered to the Company. The Exercise Notice will be accompanied by payment of the aggregate Exercise Price as to all Exercised Shares together with any applicable tax withholding. This Option will be deemed to be exercised upon receipt by the Company of such fully executed Exercise Notice accompanied by such aggregate Exercise Price.
[(c) Fractional Shares. The Company shall not be required to issue fractional Shares upon the exercise of the Option.]
5. Method of Payment. Payment of the aggregate Exercise Price will be by any of the following, or a combination thereof, at the election of Participant, unless otherwise provided in the Additional Terms and Conditions of Stock Option Grant attached hereto as Exhibit B.
(a) cash;
(b) check;
(c) consideration received by the Company under a formal cashless exercise program adopted by the Company in connection with the Plan; or
(d) for Participants located in the U.S. and to the extent authorized by the Administrator in the sole discretion, surrender of other Shares which have a Fair Market Value on the date of surrender equal to the aggregate Exercise Price of the Exercised Shares, provided that accepting such Shareswill not result in any adverse accounting consequences to the Company, as determined in the sole discretion of the Company.
6. Tax Obligations.
(a) Responsibility for Taxes. Participant acknowledges that, regardless of any action taken by the Company or, if different, the Parent or Subsidiary retaining or employing Participant (the “Employer”) the ultimate liability for all income tax, social insurance, payroll tax, fringe benefits tax, payment on account or other tax-related items related to Participant’s participation in the Plan and legally applicable to Participant (“Tax-Related Items”), is and remains Participant’s responsibility and may exceed the amount actually withheld by the Company or the Employer. Participant further acknowledges that the Company and/or the Employer (1) make no representations or undertakings
-4-
regarding the treatment of any Tax-Related Items in connection with any aspect of the Option, including, but not limited to, the grant, vesting or exercise of the Option, the issuance of Shares upon the Participant’s exercise of the Option, the subsequent sale of Shares acquired pursuant to such settlement and the receipt of any dividends; and (2) do not commit to and are under no obligation to structure the terms of the grant or any aspect of the Option to reduce or eliminate Participant’s liability for Tax-Related Items or achieve any particular tax result. Further, if Participant is subject to Tax-Related Items in more than one jurisdiction, Participant acknowledges that the Company and/or the Employer (or former employer, as applicable) may be required to withhold or account for Tax-Related Items in more than one jurisdiction.
(b) Prior to any relevant taxable or tax withholding event, as applicable, Participant agrees to make arrangements satisfactory to the Company and/or the Employer to satisfy all Tax-Related Items. In this regard, Participant authorizes the Company and/or the Employer, or their respective agents, at their discretion, to satisfy the Tax-Related Items by one or a combination of the following: (i) paying cash; (ii) withholding from wages or other cash compensation paid to Participant by the Company, the Employer and/or any Subsidiary; (iii) withholding from proceeds of the sale of Shares acquired at exercise of the Option either through a voluntary sale or through a mandatory sale arranged by the Company (on Participant’s behalf pursuant to this authorization); or (iv) withholding in Shares to be issued at exercise of the Option, provided that if the Participant is a Section 16 officer of the Company under the Exchange Act, the Administrator must approve withholding in Shares as the method of withholding.
(c) Depending on the withholding method, the Company may withhold or account for Tax-Related Items by considering statutory withholding rates or other withholding rates, including minimum and maximum rates applicable in the Participant’s jurisdiction(s), in which case Participant may receive a refund of any over-withheld amount in cash and will have no entitlement to the Share equivalent. If the obligation for Tax-Related Items is satisfied by withholding in Shares, for tax purposes, Participant will be deemed to have been issued the full number of Shares subject to the exercised Option, notwithstanding that a number of the shares are held back solely for the purpose of paying the Tax-Related Items due as a result of any aspect of Participant’s participation in the Plan.
(d) Participant agrees to pay to the Company or the Employer any amount of Tax-Related Items that the Company or the Employer may be required to withhold or account for as a result of Participant’s participation in the Plan that cannot be satisfied by the means previously described in this section. If Participant fails to make satisfactory arrangements for the payment of any required Tax-Related Items obligations hereunder, the Company may refuse to issue or deliver the Shares or the proceeds of the sale of the Shares if Participant fails to comply with these obligations in connection with the Tax-Related Items.
(b) Notice of Disqualifying Disposition of ISO Shares. If the Option granted to Participant herein is an ISO, and if Participant sells or otherwise disposes of any of the Shares acquired pursuant to the ISO on or before the later of (i) the date two (2) years after the Grant Date, or (ii) the date one (1) year after the date of exercise, Participant will immediately notify the Company in writing of such disposition. Participant agrees that Participant may be subject to income tax withholding by the Company on the compensation income recognized by Participant.
7. Rights as Stockholder. Neither Participant nor any person claiming under or through Participant will have any of the rights or privileges of a stockholder of the Company in respect of any Shares deliverable hereunder unless and until certificates representing such Shares will have been issued, recorded on the records of the Company or its transfer agents or registrars, and delivered to Participant.
-5-
After such issuance, recordation and delivery, Participant will have all the rights of a stockholder of the Company with respect to voting such Shares and receipt of dividends and distributions on such Shares.
8. No Guarantee of Continued Service. PARTICIPANT ACKNOWLEDGES AND AGREES THAT THE VESTING OF THE OPTION PURSUANT TO THE VESTING SCHEDULE HEREOF IS EARNED ONLY BY CONTINUING AS AN ACTIVE SERVICE PROVIDER, AND NOT THROUGH THE ACT OF BEING HIRED, BEING GRANTED THIS OPTION OR ACQUIRING SHARES HEREUNDER. PARTICIPANT FURTHER ACKNOWLEDGES AND AGREES THAT THIS AWARD AGREEMENT, THE TRANSACTIONS CONTEMPLATED HEREUNDER AND THE VESTING SCHEDULE SET FORTH HEREIN DO NOT CONSTITUTE AN EXPRESS OR IMPLIED PROMISE OF CONTINUED ENGAGEMENT AS A SERVICE PROVIDER FOR THE VESTING PERIOD, FOR ANY PERIOD, OR AT ALL, AND WILL NOT INTERFERE IN ANY WAY WITH PARTICIPANT’S RIGHT OR THE RIGHT OF THE COMPANY (OR THE EMPLOYER) TO TERMINATE PARTICIPANT’S RELATIONSHIP AS A SERVICE PROVIDER AT ANY TIME, WITH OR WITHOUT CAUSE.
9. Nature of Grant. In accepting the Option, Participant acknowledges, understands and agrees to the following:
(a) Participant expressly warrants that Participant has received an Option under the Plan and has received, read, and understood a description of the Plan; the Plan is established voluntarily by the Company, it is discretionary in nature, and it may be amended, suspended or terminated by the Company at any time;
(b) the grant of the Option is exceptional, voluntary and occasional and does not create any contractual or other right to receive future grants of options, or benefits in lieu of options, even if options have been granted in the past;
(c) all decisions with respect to future option grants, if any, will be at the sole discretion of the Company;
(d) Participant is voluntarily participating in the Plan;
(e) Participant’s participation in the Plan shall not create a right to employment with the Employer and shall not interfere with the ability of the Employer to terminate Participant’s employment or relationship as a Service Provider at any time;
(f) the Option and any Shares subject to the Option are extraordinary items that do not constitute compensation of any kind for services of any kind rendered to the Company or the Employer, and are outside the scope of Participant’s employment or service contract, if any;
(g) the Option and the Shares subject to the Option, and the income and value of same, are not intended to replace any pension rights or compensation;
(h) the Option and the Shares subject to the Option and the income and value of same, are not part of normal or expected compensation or salary for any purposes, including, but not limited to, calculating any severance, resignation, termination, redundancy, dismissal, end of service payments, bonuses, long-service awards, leave-related payments, holiday pay, pension or retirement or welfare benefits or similar mandatory payments, and in no event should be considered as compensation for, or relating in any way to, past services for the Company, the Employer, or any Parent or Subsidiaryp
-6-
(i) the Option and Participant’s participation in the Plan will not be interpreted to form an employment contract or relationship with the Company or any Parent or Subsidiary of the Company;
(j) the future value of the Shares underlying the Option is unknown, indeterminable and cannot be predicted with certainty;
(k) unless otherwise agreed with the Company, the Option and the Shares subject to the Option, and the income and value of same, are not granted as consideration for, or in connection with, the service Participant may provide as a director of any Parentt or Subsidiary;
(l) no claim or entitlement to compensation or damages shall arise from forfeiture of the Option resulting from termination of Participant’s status as a Service Provider (regardless of the reason for the termination and whether or not later found to be invalid or in breach of employment laws in the jurisdiction where Participant is employed or rendering services or the terms of Participant’s employment or service agreement, if any);
(m) unless otherwise provided in the Plan or by the Company in its discretion, the Option and the benefits evidenced by this Award Agreement do not create any entitlement to have the Option or any such benefits transferred to, or assumed by, another company nor be exchanged, cashed out or substituted for, in connection with any corporate transaction affecting the Shares; and
(n) Participant acknowledges and agrees that neither the Company, the Employer nor any Parent or Subsidiary shall be liable for any foreign exchange rate fluctuation between Participant’s local currency and the United States Dollar that may affect the value of the Option or of any amounts due to Participant pursuant to the exercise of the Option or the subsequent sale of any Shares acquired upon settlement.
10. No Advice Regarding Grant. The Company is not providing any tax, legal, or financial advice, nor is the Company making any recommendations regarding Participant’s participation in the Plan or Participant’s acquisition or sale of the underlying Shares. Participant understands and agrees he or she should consult with his or her own tax, legal, and financial consultants regarding Participant’s participation in the Plan before taking any action related to the Plan.
11. Data Privacy. Participant hereby explicitly and unambiguously consents to the collection, use and transfer, in electronic or other form, of Participant’s personal data as described in this Award Agreement and any other Option grant materials by and among, as applicable, the Employer, the Company and any Parent or Subsidiary for the purpose of implementing, administering and managing Participant’s participation in the Plan.
Participant understands that the Company and the Employer may hold certain personal information about Participant, including, but not limited to, Participant’s name, home address, email address and telephone number, date of birth, social insurance number, passport or other identification number, salary, nationality, job title, any shares of stock or directorships held in the Company, details of all options or any other entitlement to shares of stock awarded, canceled, exercised, vested, unvested or outstanding in Participant’s favor (“Data”), for the exclusive purpose of implementing, administering and managing the Plan.
Participant understands that Data will be transferred to Charles Schwab & Co., Inc., or such other stock plan service provider as may be selected by the Company in the future, which is assisting
-7-
the Company with the implementation, administration and management of the Plan. Participant understands that the recipients of the Data may be located in the United States or elsewhere, and that the recipients’ country (e.g., the United States) may have different data privacy laws and protections than Participant’s country. Participant understands that if he or she resides outside the United States, he or she may request a list with the names and addresses of any potential recipients of the Data by contacting his or her local human resources representative. Participant authorizes the Company, its broker and any other possible recipients which may assist the Company (presently or in the future) with implementing, administering and managing the Plan to receive, possess, use, retain and transfer the Data, in electronic or other form, for the sole purpose of implementing, administering and managing his or her participation in the Plan. Participant understands that Data will be held only as long as is necessary to implement, administer and manage Participant’s participation in the Plan. Participant understands if he or she resides outside the United States, he or she may, at any time, view Data, request additional information about the storage and processing of Data, require any necessary amendments to Data or refuse or withdraw the consents herein, in any case without cost, by contacting in writing his or her local human resources representative. Further, Participant understands that he or she is providing the consents herein on a purely voluntary basis. If Participant does not consent, or if Participant later seeks to revoke his or her consent, his or her employment or service and career with the Employer will not be affected; the only consequence of refusing or withdrawing Participant’s consent is that the Company would not be able to grant Participant options or other Awards or administer or maintain such Awards. Therefore, Participant understands that refusing or withdrawing his or her consent may affect Participant’s ability to participate in the Plan. For more information on the consequences of Participant’s refusal to consent or withdrawal of consent, Participant understands that he or she may contact his or her local human resources representative.
12. Address for Notices. Any notice to be given to the Company under the terms of this Award Agreement will be addressed to the Company, in care of Stock Administration at Fortinet, Inc., 899 Kifer Road, Sunnyvale, CA 94086, or at such other address as the Company may hereafter designate in writing.
13. Non-Transferability of Option. This Option may not be transferred in any manner otherwise than by will or by the laws of descent or distribution and may be exercised during the lifetime of Participant only by Participant. Upon any attempt to transfer, assign, pledge, hypothecate or otherwise dispose of this grant, or any right or privilege conferred hereby, or upon any attempted sale under any execution, attachment or similar process, this grant and the rights and privileges conferred hereby immediately will become null and void.
14. Binding Agreement. Subject to the limitation on the transferability of this grant contained herein, this Award Agreement will be binding upon and inure to the benefit of the heirs, legatees, legal representatives, successors and assigns of the parties hereto.
15. Additional Conditions to Issuance of Stock. If at any time the Company determines, in its discretion, that the listing, registration or qualification of the Shares upon any securities exchange or under any U.S. state or federal or foreign law, or the consent or approval of any governmental regulatory authority is necessary or desirable as a condition to the issuance of Shares to Participant (or his or her estate or beneficiary, if applicable), such issuance will not occur unless and until such listing, registration, qualification, consent or approval will have been effected or obtained free of any conditions not acceptable to the Company. Assuming such compliance, for U.S. income tax purposes the Exercised Shares will be considered transferred to Participant on the date the Option is exercised with respect to such Exercised Shares.
-8-
16. Plan Governs. This Award Agreement is subject to all terms and provisions of the Plan. In the event of a conflict between one or more provisions of this Award Agreement and one or more provisions of the Plan, the provisions of the Plan will govern. Capitalized terms used and not defined in this Award Agreement will have the meaning set forth in the Plan.
17. Administrator Authority. The Administrator will have the power to interpret the Plan and this Award Agreement and to adopt such rules for the administration, interpretation and application of the Plan as are consistent therewith and to interpret or revoke any such rules (including, but not limited to, the determination of whether or not any Shares subject to the Option have vested). All actions taken and all interpretations and determinations made by the Administrator in good faith will be final and binding upon Participant, the Company and all other interested persons. No member of the Administrator will be personally liable for any action, determination or interpretation made in good faith with respect to the Plan or this Award Agreement.
18. Electronic Delivery. The Company may, in its sole discretion, decide to deliver any documents related to the Option awarded under the Plan or future options that may be awarded under the Plan by electronic means or request Participant’s consent to participate in the Plan by electronic means. Participant hereby consents to receive such documents by electronic delivery and agrees to participate in the Plan through any on-line or electronic system established and maintained by the Company or another third party designated by the Company.
19. Captions. Captions provided herein are for convenience only and are not to serve as a basis for interpretation or construction of this Award Agreement.
20. Agreement Severable. In the event that any provision in this Award Agreement will be held invalid or unenforceable, such provision will be severable from, and such invalidity or unenforceability will not be construed to have any effect on, the remaining provisions of this Award Agreement.
21. Modifications to the Agreement. This Award Agreement constitutes the entire understanding of the parties on the subjects covered. Participant expressly warrants that he or she is not accepting this Award Agreement in reliance on any promises, representations, or inducements other than those contained herein. The Company may amend the terms of this Award Agreement, provided no amendment or modification that adversely affects the Participant’s rights under the Award in any material way may be made without the Participant’s writtent consent. Notwithstanding anything to the contrary in the Plan or this Award Agreement, the Company reserves the right to revise this Award Agreement as it deems necessary or advisable, in its sole discretion and without the consent of Participant, to the extent necessary or desirable to facilitate compliance with Applicable Laws or to comply with Code Section 409A or to otherwise avoid imposition of any additional tax or income recognition under Section 409A of the Code in connection to this Option.
22. Amendment, Suspension or Termination of the Plan. By accepting the Option, Participant expressly warrants that he or she has received an Option under the Plan, and has received, read and understood a description of the Plan. Participant understands that the Plan is discretionary in nature and may be amended, suspended or terminated by the Company at any time.
23. Governing Law and Venue. This Award Agreement will be governed by, and subject to, the laws of the State of California, without giving effect to the conflict of law principles thereof. For purposes of litigating any dispute that arises under the Option or this Award Agreement, the parties hereby submit to and consent to the jurisdiction of the State of California, and agree that such litigation
-9-
will be conducted in the courts of Santa Clara County, California, or the federal courts for the United States for the Northern District of California, and no other courts, where this grant is made and/or to be performed.
24. Language. Participant acknowledges that he or she is proficient in the English language, or has consulted with an advisor who is sufficiently proficient in English, so as to allow Participant to understand the terms and conditions of this Award Agreement. If Participant has received this Award Agreement or any other document related to the Option and/or the Plan translated into a language other than English, and if the meaning of the translated version is different than the English version, the English version will control.
25. Additional Terms and Conditions of Stock Option Grant. Notwithstanding any provisions in the Terms and Conditions of Stock Option Grant, the Option shall be subject to any special terms and conditions set forth in the Additional Terms and Conditions of Stock Option Grant, attached as Exhibit B, for Participant’s country. Moreover, if Participant relocates to one of the countries included in the Additional Terms and Conditions of Stock Option Grant, the special terms and conditions for such country will apply to Participant, to the extent the Company determines that the application of such terms and conditions is necessary or advisable in order to comply with local law or facilitate the administration of the Plan. The Additional Terms and Conditions of Stock Option Grant constitute part of this Award Agreement.
26. Imposition of Other Requirements. The Company reserves the right to impose other requirements on Participant’s participation in the Plan, on the Option, and on any Shares acquired under the Plan, to the extent the Company determines it is necessary or advisable for legal or administrative reasons, and to require Participant to sign any additional agreements or undertakings that may be necessary to accomplish the foregoing.
27. Insider Trading / Market Abuse Restrictions. Depending on Participant’s country of residence or the designated broker's country or the country where the Shares are listed, Participant may be subject to insider trading restrictions and/or market abuse laws in applicable jurisdictions, which may affect Participant’s ability to, directly or indirectly, accept, acquire, sell, attempt to sell or otherwise dispose of Shares or rights to Shares (e.g., the Option) under the Plan during such times as Participant is considered to have “inside information” regarding the Company (as defined by the laws in the applicable jurisdictions or Participant’s country). Local insider trading laws and regulations may prohibit the cancellation or amendment of orders Participant placed before Participant possessed inside information. Furthermore, Participant could be prohibited from (i) disclosing the inside information to any third party and (ii) “tipping” third parties or causing them otherwise to buy or sell securities (third parties may include fellow employees). Any restrictions under these laws or regulations are separate from and in addition to any restrictions that may be imposed under any applicable Company insider trading policy. Participant is responsible for ensuring Participant’s compliance with any applicable restrictions and is advised to speak with his or her personal legal advisor on this matter.
28. Foreign Asset/Account, Exchange Control, and Tax Reporting. Depending on Participant’s country, Participant may be subject to foreign asset/account, exchange control and/or tax reporting requirements as a result of the exercise of the Option, the acquisition, holding, and/or transfer of Shares or cash resulting from participation in the Plan and/or the opening and maintenance of a brokerage or bank account in connection with the Plan. Participant may be required to report such assets, accounts, account balances and values and/or related transactions to the applicable authorities in his or her country. Participant acknowledges that he or she is responsible for ensuring compliance with any
-10-
applicable foreign asset/account, exchange control and tax reporting requirements. Participant further understands that he or she should consult Participant’s personal legal advisor on these matters.
29. Waiver. Participant acknowledges that a waiver by the Company of breach of any provision of this Award Agreement shall not operate or be construed as a waiver of any other provision of this Award Agreement, or of any subsequent breach by Participant or any other Participant.
30. Recovery of Erroneously Awarded Compensation. As an additional condition of receiving this Award, Participant agrees that the Option and any proceeds or other benefits Participant may receive hereunder shall be subject to clawback, recovery or recoupment provisions by the Company to the extent and in the manner required (i) under the terms of any clawback policy adopted by the Company, as may be amended from time to time, pursuant to the listing standards and/or the rules and regulations of any national securities exchange or association on which the Shares are listed, or (ii) to comply with any requirements imposed under Applicable Laws including, without limitation, the Dodd-Frank Wall Street Reform and Consumer Protection Act. Further, as the Committee determines necessary or appropriate, the Committee may impose a reacquisition right with respect to previously-acquired Shares or other cash or property upon the occurrence of cause (as determined by the Committee).
-11-
EXHIBIT B
ADDITIONAL TERMS AND CONDITIONS OF STOCK OPTION GRANT
Capitalized terms used but not defined herein shall have the meanings set forth in the Plan, the Notice of Stock Option Grant and/or the Terms and Conditions of Stock Option Grant.
Terms and Conditions
This Exhibit B includes additional terms and conditions that govern the Option granted to Participant under the Plan if Participant resides and/or works in one of the countries listed below. This Exhibit B forms part of the Award Agreement.
If Participant is a citizen or resident of a country other than the one in which Participant is currently working, is considered a resident of another country for local law purposes or transfers employment and/or residency between countries after the Date of Grant, the Company shall, in its sole discretion, determine to what extent the additional terms and conditions included herein will apply to Participant under these circumstances.
Notifications
This Exhibit B also includes notices regarding exchange controls and certain other issues of which Participant should be aware with respect to Participant’s participation in the Plan. The information is based on the securities, exchange control and other laws in effect in Participant’s country as of June 2019. Such laws are often complex and change frequently. As a result, the Company strongly recommends that Participant not rely on the information noted herein as the only source of information relating to the consequences of Participant’s participation in the Plan because the information may be out of date at the time Participant exercises the Option or sells Shares acquired under the Plan.
In addition, the information contained herein is general in nature and may not apply to Participant’s particular situation, and the Company is not in a position to assure Participant of any particular result. Accordingly, Participant should seek appropriate professional advice as to how the relevant laws in Participant’s country may apply to Participant’s situation.
Finally, if Participant is a citizen or resident of a country other than the one in which Participant is currently working, is considered a resident of another country for local law purposes or transfers employment and/or residency between countries after the Date of Grant, the information contained herein may not be applicable in the same manner to Participant.
European Union / European Economic Area Including the United Kingdom
Authorization to Release and Transfer Necessary Personal Information. This provision replaces in its entirety Section 11 (Data Privacy) of the Award Agreement:
(a)Participant is hereby notified of the collection, use and transfer outside of the European Economic Area, as described in the Award Agreement, in electronic or other form, of Participant’s Data (defined below) by and among, as applicable, the Company and its Subsidiaries for the exclusive and legitimate purpose of implementing, administering and managing Participant’s participation in the Plan.
(b)Participant understands that the Company and its Subsidiaries may hold certain personal information about Participant, including, but not limited to, Participant’s name, home address and telephone number, email address, date of birth, social insurance, passport or other identification number, salary, nationality, job title, any shares of stock or directorships held in the Company, details of all entitlement to Shares awarded, canceled, vested, unvested, exercised or outstanding in Participant’s favor (“Data”), for the purpose of implementing, administering and managing the Plan.
(c)Participant understands that providing the Company with this Data is necessary for the performance of the Award Agreement and that Participant’s refusal to provide the Data would make it impossible for the Company to perform its contractual obligations and may affect Participant’s ability to participate in the Plan. Participant’s Data will be accessible within the Company as described in the [Fortinet Data Privacy Policy] and only by the persons specifically charged with Data processing operations and by the persons that need to access the Data because of their duties and position in relation to the performance of the Award Agreement.
(d)The Company will use Participant’s Data only as long as is necessary to implement, administer and manage Participant’s participation in the Plan or as required to comply with legal or regulatory obligations, including under tax and security laws. When the Company no longer needs Participant’s Data, it will remove it from it from its systems. If the Company keeps data longer, it would be to satisfy legal or regulatory obligations and the Company’s legal basis would be relevant laws or regulations. The collection, use and transfer of Data for the purpose of implementing, administering and managing Participant’s participation in the Plan is conducted in accordance with the [Fortinet Data Privacy Policy].
(e)Further, Participant understands that the Company will transfer Data to Charles Schwab & Co., Inc. (“Schwab”), and/or such other third parties as may be selected by the Company, which are assisting the Company with the implementation, administration and management of the Plan. The Company may select a different service provider or additional service providers and share Data with such other provider(s) serving in a similar manner. Participant may be asked to agree on separate terms and data processing practices with the service provider, with such agreement being a condition of the ability to participate in the Plan.
(f)Schwab is based in the United States. If Participant is outside of the United States, Participant should note that his or her country has enacted data privacy laws that are different from the United States. When transferring Data to Schwab, the Company and its Subsidiaries provide appropriate safeguards described in the [Fortinet Data Privacy Policy]. By participating in the Plan, Participant agrees to the transfer of his or her Data to Schwab for the exclusive purpose of administering participation in the Plan.
Finally, Participant may choose to opt out of allowing the Company to share Data with Schwab and others as described above, although execution of such choice may mean the Company cannot grant
-2-
awards under the Plan to Participant. For questions about this choice or to make this choice, you should refer to the [Fortinet Data Privacy Policy] or contact [Insert data Privacy department email or other contact] if there are additional questions.
Argentina
Securities Law Information. The offering of the Option pursuant to the Award Agreement is a private transaction. Neither the Option nor the underlying Shares are publicly offered or listed on any stock exchange in Argentina.
Exchange Control Information. Following the sale of Shares and/or the receipt of dividends, Argentine residents may be subject to certain restrictions in bringing such funds back into Argentina. Argentine residents are solely responsible for complying with the exchange control rules that may apply in connection with participation in the Plan and/or the transfer of proceeds from the sale of Shares acquired under the Plan into Argentina. Prior to selling any Shares or transferring cash proceeds into Argentina, Argentine residents should consult their local bank and/or exchange control advisor to confirm the requirements as interpretations of the applicable Argentine Central Bank regulations
Foreign Asset/Account Information. If Participant holds Shares as of December 31 of any year, Participant is required to report the holding of the Shares on his or her personal tax return for the relevant year.
Australia
Tax Information. The Plan is a plan to which subdivision 83A-C of the Income Tax Assessment Act 1997 (Cth) applies (subject to conditions in the Act).
Exchange Control Information. Exchange control reporting is required for cash transactions exceeding A$10,000 and international fund transfers. The Australian bank assisting with the transaction will file the report. If there is no Australian bank involved in the transfer, then Participant will be required to file the report.
Austria
Exchange Control Information. If Participant holds Shares acquired under the Plan outside of Austria, Participant must submit a report to the Austrian National Bank. An exemption applies if the value of the Shares as of any given quarter is less than €30,000,000 or as of December 31 is less than €5,000,000. If the former threshold is exceeded, quarterly obligations are imposed, whereas if the latter threshold is exceeded, annual reports must be given. The annual reporting date is December 31 and the deadline for filing the annual report is January 31 of the following year.
When Participant sells Shares acquired under the Plan or receives a dividend payment, there may be exchange control obligations if the cash proceeds are held outside of Austria. If the transaction volume of all accounts abroad meets or exceeds €10,000,000, the movements and balances of all accounts must be reported monthly, as of the last day of the month, on or before the fifteenth day of the following month, on the prescribed form (Meldungen SI-Forderungen und/oder SI-Verpflichtungen). If the transaction value of all cash accounts abroad is less than €10,000,000, no ongoing reporting requirements apply.
-3-
Belgium
Tax Considerations. The Option must be accepted in writing with the time frame set forth and explained in the separate Country Supplement & Undertaking for Participants in Belgium. Participant should refer to the separate Country Supplement & Undertaking for Participants in Belgium for a more detailed description of the tax consequences of choosing to accept the Option. Participant should also consult a personal tax advisor with respect to accepting the Option and completing the additional forms.
Foreign Asset/Account Information. Belgian residents are required to report any security or bank accounts (including brokerage accounts) opened and maintained outside Belgium on his or her annual tax return. In a separate report, they must provide the National Bank of Belgium with certain details regarding such foreign accounts (including the account number, bank name, and country in which such account was opened). The forms to complete this report are available on the website of the National Bank of Belgium.
Stock Exchange Tax. A stock exchange tax applies to transactions executed by a Belgian resident through a non-Belgian financial intermediary, such as a U.S. broker. The stock exchange tax likely will apply when the Shares are sold. Participant should consult with his or her personal tax advisor for additional details on obligations with respect to the stock exchange tax.
Brokerage Account Tax. Participant may be subject to a brokerage account tax if the average annual value of securities (including Shares acquired under the Plan) held in a brokerage account exceeds certain thresholds. As the calculation of this tax is complex, Participant should consult with their personal tax advisor for more details.
Brazil
Compliance with Law. By accepting the Option, Participant acknowledges his or her agreement to comply with applicable Brazilian laws and to pay any and all applicable taxes associated with the Option and the sale of Shares acquired under the Plan and the receipt of any dividends.
Labor Law Acknowledgement. By accepting the option, Participant agrees that Participant is (i) making an investment decision, (ii) Shares will be issued to Participant only if the vesting conditions are met and (iii) the value of the underlying Shares is not fixed and may increase or decrease in value over the vesting or exercise period without compensation to Participant.
Exchange Control Information. If Participant is resident or domiciled in Brazil, Participant will be required to submit annually a declaration of assets and rights held outside of Brazil to the Central Bank of Brazil if the aggregate value of such assets and rights is equal to or greater than US$100,000. Assets and rights that must be reported include Shares acquired under the Plan.
Tax on Financial Transactions (IOF). Repatriation of funds into Brazil and the conversion between BRL and USD associated with such fund transfers may be subject to the Tax on Financial Transactions. It is Participant’s responsibility to comply with any applicable Tax on Financial Transactions arising from Participant’s participation in the Plan. Participant should consult with his or her personal tax advisor for additional details.
-4-
Canada
Consent to Receive Information in English for Employees in Quebec
The parties acknowledge that it is their express wish that the Award Agreement, as well as all documents, notices and legal proceeds entered into, given or instituted pursuant hereto or relating directly or indirectly hereto, be drawn up in English.
Les parties reconnaissent avoir exigé la rédaction en anglais de cette convention, ainsi que de tous documents exécutés, avis donnés et procédures judiciaries intentées, directement ou indirectement, relativement à ou suite à la présente convention.
Involuntary Termination Terms for Option
In the event of involuntary termination of Participant’s employment (whether or not in breach of local labor laws), Participant’s right to continued vesting or to exercise the Option, if any, will terminate effective as of the date that is the earlier of: (1) the date Participant’s status as a Service Provider is terminated, (2) the date Participant receives notice of termination of service from the Employer, or (3) the date the Participant is no longer actively providing service, regardless of any notice period or period of pay in lieu of such notice required under local law (e.g., active service would not include any contractual notice period or any period of “garden leave” or similar period mandated under Canadian laws or the terms of the Participant’s employment or service agreement, if any); the Administrator shall have the exclusive discretion to determine when the Participant is no longer actively providing service for purposes of the Option grant (including whether Participant may still be considered to be a Service Provider while on a leave of absence).
Data Privacy Notice and Consent
This section supplements the “Data Privacy” section of the Terms and Conditions of Stock Option Grant:
Participant hereby authorizes the Company and the Company’s representatives to discuss with and obtain all relevant information from all personnel, professional or not, involved in the administration and operation of the Plan. Participant further authorizes the Company and any Parent or Subsidiary or designated broker and the administrator of the Plan to disclose and discuss the Plan with their advisors. Participant further authorizes the Company and any Parent or Subsidiary to record such information and to keep such information in Participant’s file.
Chile
Securities Law Information. The Option grant constitutes a private offering of securities in Chile effective as of the grant date. This offer of the Option is made subject to general ruling n° 336 of the Chilean Commission for the Financial Market (“CMF”). The offer refers to securities not registered at the securities registry or at the foreign securities registry of the CMF, and, therefore, such securities are not subject to oversight of the CMF. Given that the Options are not registered in Chile, the Company is not required to provide public information about the Option or the Shares in Chile. Unless the Option and/or the Shares are registered with the CMF, a public offering of such securities cannot be made in Chile.
La concesión de la Opción constituye una oferta privada de valores en Chile y se inicia en la fecha de la oferta. Esta oferta de la Opción se acoge a las disposiciones de la Norma de Carácter General Nº
-5-
336 (“NCG 336”) de la Comision para el Mercado Financiero de Chile (“CMF”). Esta oferta versa sobre valores no inscritos en el Registro de Valores o en el Registro de Valores Extranjeros que lleva la CMF, por lo que tales valores no están sujetos a la fiscalización de ésta. Por tratarse de valores no inscritos en Chile no existe la obligación por parte de la Compañía de entregar en Chile información pública respecto de los mismos. Estos valores no podrán ser objeto de oferta pública en Chile mientras no sean inscritos en el Registro de Valores correspondiente.
Exchange Control and Tax Information. Participant is not required to repatriate proceeds obtained from the sale of Shares or from dividends to Chile; however, if Participant decides to repatriate proceeds from the sale of Shares and/or dividends and the amount of the proceeds to be repatriated exceeds US$10,000, Participant acknowledges that he or she must effect such repatriation through the Formal Exchange Market (i.e., a commercial bank or registered foreign exchange office).
Further, if the value of Participant’s aggregate investments held outside of Chile exceed US$5,000,000 (including the value of Shares acquired under the Plan), Participant must report the status of such investments annually to the Central Bank using Annex 3.1 of Chapter XII of the Foreign Exchange Regulations.
Foreign Asset/Account Reporting Information. The Chilean Internal Revenue Service (the “CIRS”) requires all taxpayers to provide information annually regarding (i) the results of investments held abroad and (ii) any taxes paid abroad which taxpayers will use as a credit against Chilean income tax. The sworn statements disclosing this information (or Formularios) must be submitted electronically through the CIRS website, www.sii.cl, using Form 1929, which is due on June 30 each year.
China
The following provisions will apply to Participants who are subject to PRC exchange control restrictions, as determined by the Company in its sole discretion:
Method of Payment. Notwithstanding any provision to the contrary in the Terms and Conditions of Stock Option Grant, due to stringent exchange controls and securities restrictions in China, when Participant exercises the Option, Participant must use a “cashless sell-all” exercise pursuant to which he or she delivers irrevocable instructions to the broker to sell all Shares to which Participant is entitled at exercise and remit the proceeds from sale less any Tax-Related Items and brokerage fees to Participant in cash. The Company reserves the right to provide Participant with additional methods of paying the Exercise Price depending upon the development of local laws.
Exchange Control Information for Participants who are Chinese Nationals. Participant understands and agrees that, to facilitate compliance with exchange control laws in China, Participant may be required to immediately repatriate to China the cash proceeds from the sale of any Shares acquired at and any dividends received. Participant further understands that, under local law, such repatriation of the cash proceeds may need to be effectuated through a special exchange control account established by the Company or any Parent or Subsidiary, and Participant hereby consents and agrees that the proceeds from the sale of Shares acquired under the Plan and any dividends received in relation to the Shares may be transferred to such special account prior to being delivered to Participant.
The proceeds may be paid to Participant in U.S. dollars or local currency at the Company’s discretion. In the event the proceeds are paid to Participant in U.S. dollars, Participant understands that Participant
-6-
will be required to set up a U.S. dollar bank account in China and provide the bank account details to the Employer and/or the Company so that the proceeds may be deposited into this account.
Participant agrees to bear any currency fluctuation risk between the time the Shares are sold or dividends or Dividend Equivalents are paid and the time the proceeds are distributed to Participant through any such special account.
Participant further agrees to comply with any other requirements that may be imposed by the Company in the future in order to facilitate compliance with exchange control requirements in China.
Colombia
Exchange Control Information. Participant is responsible for complying with any and all Colombian foreign exchange restrictions, approvals and reporting requirements in connection with the Option and any Shares acquired or funds received under the Plan. This may include reporting obligations to the Central Bank (Banco de la República). If applicable, Participant will be required to register the investment in Shares with the Central Bank, regardless of the value of the investment. Participant should consult with his or her legal advisor regarding any obligations in connection with this reporting requirement.
Costa Rica
There are no country-specific provisions.
Czech Republic
Exchange Control Information. The Czech National Bank (“CNB”) may require Participant to fulfill certain notification duties in relation to the opening and maintenance of a foreign account. In addition, Participant may need to report the following even in the absence of a request from the CNB: foreign direct investments with a value of CZK 2,500,000 or more in the aggregate or other foreign financial assets with a value of CZK 200,000,000 or more.
Because exchange control regulations change frequently and without notice, Participant should consult his or her personal legal advisor prior to the sale of Shares to ensure compliance with current regulations. It is Participant’s responsibility to comply with Czech exchange control laws, and neither the Company nor any Parent or Subsidiary will be liable for any resulting fines or penalties.
Egypt
Exchange Control Information. If Participant transfers funds into Egypt in connection with the sale of Shares or the receipt of dividends, Participant may be required to do so through a registered bank in Egypt.
Finland
There are no country-specific provisions.
-7-
France
French Language Provision. By accepting the Award Agreement providing for the terms and conditions of Participant’s grant, Participant confirms having read and understood the documents relating to this grant (the Plan and the Award Agreement) which were provided in English language. Participant accepts the terms of those documents accordingly.
En acceptant le Contrat d’Attribution décrivant les termes et conditions de l’attribution, le participant confirme ainsi avoir lu et compris les documents relatifs à cette attribution (le Plan U.S. et le Contrat d’Attribution) qui ont été communiqués en langue anglaise. Le participant accepte les termes en connaissance de cause.
Tax Information. The Option is not intended to be French tax-qualified.
Foreign Asset/Account Reporting Information. If Participant retains Shares acquired under the Plan outside of France or maintains a foreign bank account, Participant is required to report such to the French tax authorities when filing Participant’s annual tax return. Additional monthly reporting obligations may apply if Participant’s foreign account balances exceed €1,000,000.
Germany
Exchange Control Information. Cross-border payments in excess of €12,500 in connection with the sale of securities (including Shares acquired under the Plan) or the receipt of any dividends must be reported monthly to the German Federal Bank. The report must be made by the 5th day of the month following the month in which the payment was received and must be filed electronically. The form of report (“Allgemeine Meldeportal Statistik”) can be accessed via the Bundesbank’s website (www.bundesbank.de) and is available in both German and English. Participant is responsible for satisfying the reporting obligation.
Foreign Asset / Account Reporting. German residents holding Shares exceeding 1% of the Company’s total share capital, must notify their local tax office of the acquisition of Shares if the acquisition costs for all Shares held exceeds €150,000 or if the resident holds 10% or more in the Company’s total shares of common stock.
Hong Kong
WARNING: The Option and the Shares issued upon exercise do not constitute a public offering of securities under Hong Kong law and are available only to Service Providers of the Company or its Parent, Subsidiaries and Affiliates. The Award Agreement, including this Appendix, the Plan and other incidental communication materials have not been prepared in accordance with and are not intended to constitute a “prospectus” for a public offering of securities under the applicable securities legislation in Hong Kong. In addition, the documents have not been reviewed by any regulatory authority in Hong Kong. The Option is intended only for the personal use of each eligible Service Provider of the Employer, the Company or any Parent, Subsidiary or Affiliate and may not be distributed to any other person. If Participant is in any doubt about any of the contents of the Award Agreement, including this Appendix, or the Plan, Participant should obtain independent professional advice.
-8-
Sale of Shares. If the Option vests within six months of the Date of Grant, Participant agrees that he or she will not exercise the Option and sell the Shares acquired prior to the six-month anniversary of the Date of Grant.
India
Method of Payment. Notwithstanding any provision in the Terms and Conditions of Stock Option Grant, due to exchange control laws that are currently in effect in India, Participant will not be permitted to engage in a “sell to cover” exercise whereby a portion of Shares are sold to cover the Exercise Price, any Tax-Related Items and brokerage fees, and the proceeds are settled in Shares.
Exchange Control Information. Participant must repatriate any cash dividends paid on Shares within one-hundred eighty (180) days and all proceeds received from the sale of Shares to India within ninety (90) days of receipt. Participant must obtain evidence of the repatriation of funds in the form of a foreign inward remittance certificate (the “FIRC”) from the bank where Participant deposited the foreign currency. Participant must retain the FIRC in Participant’s records to present to the Reserve Bank of India or Participant’s Employer in the event that proof of repatriation is requested.
Foreign Asset/Account Reporting Information. Participant is required to declare his or her foreign bank accounts and any foreign financial assets (including Shares held outside India) in Participant’s annual tax return. It is Participant’s responsibility to comply with this reporting obligation and Participant should consult his or her personal advisor in this regard.
Indonesia
Method of Payment. Notwithstanding any provision in the Terms and Conditions of Stock Option Grant, due to securities laws in Indonesia, when Participant exercises the Option, Participant must use a “cashless sell-all” exercise pursuant to which he or she delivers irrevocable instructions to the broker to sell all Shares to which Participant is entitled at exercise and remit the proceeds from sale, less any Tax-Related Items and brokerage fees, to Participant in cash. Participant will not be permitted to receive and hold any Shares in connection with the exercise of the Option. The Company reserves the right to provide Participant with additional methods of paying the aggregate Exercise Price depending upon development of local laws.
Exchange Control Information. If Participant remits funds into Indonesia (e.g., proceeds from the cashless exercise of the Option), the Indonesian Bank through which the transaction is made will submit a report on the transaction to the Bank of Indonesia for statistical reporting purposes. For transactions of US$10,000 or more, a description of the transaction must be included in the report. Although the bank through which the transaction is made is required to make the report, Participant must complete a “Transfer Report Form.” The Transfer Report Form should be provided to Participant by the bank through which the transaction is made.
Ireland
Director Notification Obligation. If Participant is a director, shadow director or secretary of an Irish Parent or Subsidiary, and holds 1% or more of the share capital of the Company, Participant must notify
-9-
the Irish Parent or Subsidiary in writing within five business days of receiving or disposing of an interest in the Company (e.g., the Option, Shares, etc.), or within five business days of becoming aware of the event giving rise to the notification requirement or within five days of becoming a director or secretary if such an interest exists at the time. This notification requirement also applies with respect to the interests of a spouse or children under the age of 18 (whose interests will be attributed to the director, shadow director or secretary).
Israel
The Following Provisions Apply if Participant is Located in Israel on the Date of Grant
Trust Arrangement. Participant understands and agrees that the Option is offered subject to and in accordance with the terms of the Plan, the sub-plan to the Plan for Israel (the “Israeli Sub-Plan”), the Trust Agreement (the “Trust Agreement”) between the Company and the Company’s trustee appointed by the Company or its subsidiary or affiliate in Israel, ESOP Trust Company (the “Trustee”), and the Award Agreement. In the event of any inconsistencies between the Israeli Sub-Plan, the Award Agreement and/or the Plan, the Israeli Sub-Plan will govern the Option granted to Participants in Israel.
Written Acceptance. If Participant has not already executed a Section 102 Capital Gains Award confirmation letter (“Confirmation Letter”) in connection with grants made under the Israeli Sub-Plan to the Plan, Participant must print, sign and deliver a signed copy of the Confirmation Letter within forty five (45) days of the Date of Grant. If Participant does not submit the signed Confirmation Letter within forty five (45) days of the Date of Grant, the Option may not qualify for preferential tax treatment.
Nature of Grant. The following provision supplements Section 8 of the Award Agreement:
The Option is intended to be 102 Capital Gains Track Grant that qualify for the 102 Capital Gains Track tax treatment. Notwithstanding the foregoing, by accepting the Option, Participant acknowledges that the Company cannot guarantee or represent that the 102 Capital Gains Track tax treatment will apply to the Option.
By accepting the Option, Participant: (a) acknowledges receipt of and represents that Participant has read and is familiar with the Plan, the Israeli Sub-Plan, and the Award Agreement; (b) accepts the Option subject to all of the terms and conditions of this Award Agreement, the Plan and the Israeli Sub-Plan; and (c) agrees that the Option will be issued to and deposited with the Trustee and shall be held in trust for Participant’s benefit as required by the ITO, the Rules and any approval by the Israeli Tax Authority (“ITA”) pursuant to the terms of the ITO, the Rules and the Trust Agreement. Furthermore, by accepting the Option, Participant confirms that he or she is familiar with the terms and provisions of Section 102 of the ITO, particularly the Capital Gains Track described in subsection (b)(2) and (b)(3) thereof, and agrees that he or she will not require the Trustee to release the Option or Shares to him or her, or to sell the Option or Shares to a third party, during the Required Holding Period, unless permitted to do so by the ITO or the Rules.
Tax Obligations The following provision supplements Section 6 of the Award Agreement:
Participant agrees that he or she shall not be liable for the Employer’s component of payments to the National Insurance Institute unless and to the extent such payments by the Employer are a result of
-10-
Participant’s election to sell the Shares before the end of the Required Holding Period (if allowed by the ITO and the Rules).
If the Option vests during the Required Holding Period, the Shares issued upon the exercise of such Option shall be issued to and deposited with, or under the supervision of, the Trustee for the benefit of Participant and shall be held in trust as required by the ITO, the Rules and any approval by the ITA. In the event that such vesting occurs after the end of the Required Holding Period, the Shares issued upon the exercise of the Option shall either: (i) be issued to and deposited with, or under the supervision of, the Trustee; or (ii) be transferred to Participant directly upon Participant’s request, provided that Participant first complies with his or her obligations with respect to Tax-Related Items. In the event that Participant elects to have the Shares transferred to Participant without selling such Shares, Participant shall become liable to pay taxes immediately in accordance with the provisions of the ITO and Section 6 of the Award Agreement, as supplemented by this Exhibit B.
Capitalized terms are defined in the Israeli Sub-Plan if not defined in this Exhibit B.
Cashless Exercise Restriction Upon Transfer of Jurisdiction. Participants transferring into Israel after the Date of Grant may be required to use a “cashless sell-all” exercise in order to comply with local tax withholding requirements to which he or she delivers irrevocable instructions to the broker to sell all Shares to which Participant is entitled at exercise and remit the proceeds from sale, less any Tax-Related Items and brokerage fees, to Participant in cash. In this case, Participant will not be permitted to receive and hold any Shares in connection with the exercise of the Option.
-11-
[Fortinet, Inc. Letterhead]
Confirmation Letter - 102 Capital Gains Awards
I undertake and confirm the following (and such undertaking is deemed incorporated into any documents signed by me in connection with the grant of such Awards) with respect to any award of options, Restricted Stock Units or other equity-based grants that have been granted to me previously and/or as shall be granted to me in the future by Fortinet, Inc. (the “Company”), whether under the Company’s 2009 Equity Incentive Plan or other plans maintained by the Company, pursuant to the Capital Gain Track under Section 102(b)(2) or l02(b)(3) of the Israeli Income Tax Ordinance and any regulations and rules promulgated thereunder (“Section 102” and “Awards”, respectively).
1. | I understand and accept the provisions of Section 102 in general, and the tax arrangement under the Capital Gain Track in particular, and its tax consequences, as they apply to the Awards; |
2. | I agree that the Awards and any shares or rights that may be issued upon exercise of the Awards (or otherwise in relation to the Awards), will be held by a trustee appointed pursuant to Section l02 (the “Trustee’’) for at least the duration of the Holding Period, as defined in Section 102, and I hereby confirm that I shall not release from trust and/or sell such Awards, shares or rights, before the end of the Holding Period. I understand that any release of such Awards, shares or rights from trust, or any sale of any of them prior to the termination of the Holding Period, will result in taxation at marginal tax rates, in addition to deductions of appropriate social security, health tax contributions or other compulsory payments; |
3. | I understand that the grant of the Awards is subject to the receipt of all required approvals from the Israeli Tax Authority and compliance with the requirements of Section 102. Accordingly, to the extent that for whatever reason the Awards and underlying shares of common stock shall not be subject to the Capital Gains Route, I shall bear and pay any and all taxes and any other compulsory payments applicable to the grant, exercise, sale or other disposition of Awards or shares. |
4. | I agree to be bound by the provisions of the Company’s trust agreement with the Trustee, ESOP Management and Trust Services Ltd., which holds the Awards for my benefit. |
5. | I hereby confirm that I have: (i) read and understand this letter; (ii) received all the clarifications and explanations that I have requested; and (iii) had the opportunity to consult with my advisors before signing this confirmation letter. |
6. | I hereby confirm that, in addition to my confirmation and agreement hereunder, the acceptance or settlement of any such Awards shall be deemed as irrevocable confirmation of my acknowledgements and undertakings herein with respect to such specific Award. |
7. | I declare that I am a resident of the state of Israel for tax purposes and agrees to notify the Company upon any change in the residence address and acknowledges that if I cease to be an Israeli resident or if my engagement with the Company or any affiliate is terminated, the Awards and underlying |
-12-
shares of common stock shall remain subject to Section 102, the trust agreement and the applicable equity plan and grant document.
8. | I understand that this is a one-time Confirmation Letter, and that until Company will determine otherwise, this Confirmation Letter will apply to all future grants of Awards. I hereby confirm that by accepting this Confirmation Letter, I will be deemed to have elected to accept the terms and conditions herein in respect of any such future grant of Awards. |
Sincerely,
[Company Signature]
Confirmation:
Name of Employee:_______________________________
ID: ____________________________________________
Signature:_______________________________________
-13-
Italy
Method of Payment. Notwithstanding any provision in the Terms and Conditions of Stock Option Agreement, due to securities restrictions in Italy, when Participant exercises the Option, Participant must use a “cashless sell-all” exercise pursuant to which he or she delivers irrevocable instructions to the broker to sell all Shares to which Participant is entitled at exercise and remit the proceeds from sale, less any Tax-Related Items and brokerage fees, to Participant in cash. Participant will not be permitted to receive and hold any Shares in connection with the exercise of the Option. The Company reserves the right to provide Participant with additional methods of paying the aggregate Exercise Price depending upon development of local laws.
Acknowledgement
Participant acknowledges that he or she has read and specifically and expressly approves the following sections of the Terms and Conditions of Stock Option Grant: Responsibility for Taxes, Nature of Grant, and Governing Law and Venue, Language, Electronic Delivery, Agreement Severable, Imposition of Other Requirements. In addition, Participant acknowledges that he or she has read and specifically and expressly approves the Data Privacy paragraphs above.
Foreign Asset/Account Reporting Information. Italian residents who, during the fiscal year, hold investments abroad or foreign financial assets (e.g., cash, Shares, Options) which may generate income taxable in Italy are required to report such on their annual tax returns (UNICO Form, RW Schedule) or on a special form if no tax return is due. The same reporting obligations apply to Italian residents who, even if they do not directly hold investments abroad or foreign financial assets (e.g., cash, Shares, Options), are beneficial owners of the investment pursuant to Italian money laundering provisions.
Tax on Foreign Financial Assets. A tax on the value of financial assets held outside of Italy by individuals resident in Italy will be due. The taxable amount will be the fair market value of the financial assets (including Shares) assessed at the end of each calendar year.
Japan
Exchange Control Information. If Participant acquires Shares valued at more than ¥100,000,000 in a single transaction, Participant must file a Securities Acquisition Report with the Ministry of Finance through the Bank of Japan within 20 days of the purchase of the shares.
In addition, Japanese residents are required to report, in a Payment Report, details of any assets (including any Shares) held outside of Japan as of December 31 each year, to the extent such assets have a total net fair market value exceeding ¥50,000,000. Such report will be due by March 15 of the following year. Participant is advised to consult with his or her personal tax advisor as to whether the reporting obligation applies to Participant and whether Participant will be required to report details of any Options or Shares that Participant holds.
A Payment Report is required independently from a Securities Acquisition Report. Therefore, if the total amount that Participant pays upon a one-time transaction for exercising the Option and purchasing shares exceeds ¥100,000,000, then Participant must file both a Payment Report and a Securities Acquisition Report.
-14-
Korea
Exchange Control Information. If Participant remits funds out of Korea to pay the Exercise Price at exercise of the Option, such remittance must be “confirmed” by a foreign exchange bank in Korea. This is an automatic procedure, i.e., the bank does not need to “approve” the remittance, and it should take no more than a single day to process. The following supporting documents evidencing the nature of the remittance may need to be submitted to the bank together with the confirmation application: (i) the Notice of Grant and Award Agreement; (ii) the Plan; (iii) a document evidencing the type of shares to be acquired and the amount (e.g., the award certificate); and (iv) Participant’s certificate of employment. This confirmation is not necessary for cashless exercises because no funds are remitted out of Korea.
Foreign Asset/Account Reporting Information. Korean residents must declare all foreign financial accounts (e.g., non-Korean bank accounts, brokerage accounts holding shares) to the Korean tax authority and file a report with respect to such accounts if the value of such accounts exceeds KRW 500 million (or an equivalent amount in foreign currency). Participant should consult with his or her personal tax advisor to determine how to value Participant’s foreign accounts for purposes of this reporting requirement and whether Participant is required to file a report with respect to such accounts.
Malaysia
Director Notification Requirements. If Participant is a director of a Malaysian Parent or Subsidiary, Participant is subject to certain notification requirements under the Malaysian Companies Act. Among these requirements is an obligation to notify the Company’s Malaysian Parent or Subsidiary in writing when Participant receive or dispose of an interest (e.g., Options or Shares) in the Company or any related company. This notification must be made within 14 days of receiving or disposing of any interest in the Company or any related company.
Mexico
Labor Law Policy and Acknowledgment. In accepting the grant of the Option, Participant expressly recognizes that Fortinet, Inc., with registered offices at 1090 Kifer Road, Sunnyvale, CA 94086, U.S.A, is solely responsible for the administration of the Plan and that Participant’s participation in the Plan and acquisition of Shares do not constitute an employment relationship between Participant and Fortinet, Inc. since Participant is participating in the Plan on a wholly commercial basis and his or her sole Employer is Fortinet, Inc., located at Rodriguez Saro #615, Col. Del Valle, C.P. 03100, Mexico DF. Based on the foregoing, Participant expressly recognizes that the Plan and the benefits that he or she may derive from participating in the Plan do not establish any rights between Participant and the Employer, Fortinet, Inc., and do not form part of the employment conditions and/or benefits provided by Fortinet, Inc., and any modification of the Plan or its termination shall not constitute a change or impairment of the terms and conditions of Participant’s employment.
Participant further understands that his or her participation in the Plan is as a result of a unilateral and discretionary decision of Fortinet, Inc.; therefore, Fortinet, Inc. reserves the absolute right to amend and/or discontinue Participant’s participation at any time without any liability to Participant.
-15-
Finally, Participant hereby declares that he or she does not reserve to himself or herself any action or right to bring any claim against Fortinet, Inc. for any compensation or damages regarding any provision of the Plan or the benefits derived under the Plan, and Participant therefore grants a full and broad release to Fortinet, Inc., its affiliates, branches, representation offices, its shareholders, officers, agents, or legal representatives with respect to any claim that may arise.
Política Laboral y Reconocimiento/Aceptación
Al aceptar el otorgamiento de la Opción de Compra de Acciones, el Participante expresamente reconoce que Fortinet, Inc., con domicilio registrado ubicado en Sunnyvale, CA, U.S.A., es la única responsable por la administración del Plan y que la participación del Participante en el Plan y en su caso la adquisición de las Opciones de Compra de Acciones o Acciones no constituyen ni podrán interpretarse como una relación de trabajo entre el Participante y Fortinet, Inc., ya que el Participante participa en el Plan en un marco totalmente comercial y su único Patrón lo es Fortinet, Inc. con domicilio en Rodriguez Saro #615, Col. Del Valle, C.P. 03100, México DF, México. Derivado de lo anterior, el Participante expresamente reconoce que el Plan y los beneficios que pudieran derivar de la participación en el Plan no establecen derecho alguno entre el Participante y el Patrón, Fortinet, Inc. y no forma parte de las condiciones de trabajo y/o las prestaciones otorgadas por Fortinet, Inc. y que cualquier modificación al Plan o su terminación no constituye un cambio o impedimento de los términos y condiciones de la relación de trabajo del Participante.
Asimismo, el Participante reconoce que su participación en el Plan es resultado de una decisión unilateral y discrecional de Fortinet, Inc.; por lo tanto, Fortinet, Inc. se reserva el absoluto derecho de modificar y/o terminar la participación del Participante en cualquier momento y sin responsabilidad alguna frente el Participante.
Finalmente, el Participante por este medio declara que no se reserve derecho o acción alguna que ejercitar en contra de Fortinet, Inc. por cualquier compensación o daño en relación con las disposiciones del Plan o de los beneficios derivados del Plan y por lo tanto, el Participante otorga el más amplio finiquito que en derecho proceda a Fortinet, Inc., sus afiliadas, subsidiarias, oficinas de representación, sus accionistas, funcionarios, agentes o representantes legales en relación con cualquier demanda que pudiera surgir.
Netherlands
There are no country-specific provisions.
New Zealand
Securities Law Information
WARNING
This is an offer of options over Shares which, if vested, will entitle Participant to acquire Shares in accordance with the terms of the Award Agreement and the Plan. Shares, if issued, will give Participant a stake in the ownership of the Company. Participant may receive a return if dividends are paid.
-16-
If the Company runs into financial difficulties and is wound up, Participant will be paid only after all creditors have been paid. Participant may lose some or all of his or her investment, if any.
New Zealand law normally requires people who offer financial products to give information to investors before they invest. This information is designed to help investors to make an informed decision. The usual rules do not apply to this offer because it is made under an employee share scheme. As a result, Participant may not be given all the information usually required. The Participant will also have fewer other legal protections for this investment. The Participant should ask questions, read all documents carefully, and seek independent financial advice before committing him or herself.
Shares are quoted on the Nasdaq Global Select Market (“Nasdaq”). This means Participant may be able to sell them on the Nasdaq if there are interested buyers. Participant may get less than he or she invested. The price will depend on the demand for the Shares.
For information on risk factors impacting the Company’s business that may affect the value of the shares of Common Stock, you should refer to the risk factors discussion in the Company’s Annual Report on Form 10-K and Quarterly Reports on Form 10-Q, which are filed with the U.S. Securities and Exchange Commission and are available online at www.sec.gov, as well as on the Company’s “Investor Relations” website at http://investor.fortinet.com/.
Norway
No country-specific provisions.
Peru
Labor Law Acknowledgment. By accepting the Option, Participant acknowledges that the Option is being granted ex gratia with the purpose of rewarding Participant.
Securities Law Information. The Option offer is considered a private offering in Peru; therefore, it is not subject to registration in Peru.
Poland
Exchange Control Information. Participant acknowledges that any transfer of funds in excess of PLN15,000 into or out of Poland must be affected through a bank account in Poland. Participant understands that they are required to store all documents connected with any foreign exchange transactions they engage in for a period of five years, as measured from the end of the year in which such transaction occurred.
-17-
Foreign Asset/Account Reporting Information. If Participant maintains bank or brokerage accounts holding cash and foreign securities (including Shares) outside of Poland, Participant will be required to report information to the National Bank of Poland on transactions and balances in such accounts if the value of such cash and securities exceeds PLN 7 million. If required, such reports must be filed on special forms available on the website of the National Bank of Poland. Participant should consult with his or her legal advisor to determine whether Participant will be required to submit reports to the National Bank of Poland.
Portugal
Language Consent
Participant hereby expressly declares that he or she has full knowledge of the English language and has read, understood and fully accepted and agreed with the terms and conditions established in the Plan and the Award Agreement.
O Participante pelo presente declara expressamente que tem pleno conhecimento da língua inglesa e que leu, compreendeu e livremente aceitou e concordou com os termos e condições estabelecidas no Plano e no Acordo de Atribuição.
Exchange Control Information
If Participant acquires Shares under the Plan and does not hold the Shares with a Portuguese financial intermediary, he or she may need to file a report with the Portuguese Central Bank. If the Shares are held by a Portuguese financial intermediary, it will file the report for Participant. It is Participant’s responsibility to comply with any applicable exchange control laws.
Puerto Rico
No country-specific provisions.
Romania
Exchange Control Information. If Participant deposits the proceeds from the sale of Shares issued to him or her at vesting and settlement of the Shares or any dividends paid on such Shares in a bank account in Romania, Participant may be required to provide the Romanian bank with appropriate documentation explaining the source of the funds.
Participant should consult his or her personal advisor to determine whether Participant will be required to submit such documentation to the Romanian bank.
Russia
U.S. Transaction. The Plan, the Award Agreement, including this Exhibit B, and all other materials Participant may receive regarding Participant’s participation in the Plan or the Option grant do not constitute advertising or an offering of securities in Russia. The issuance of Shares acquired at exercise
-18-
has not and will not be registered in Russia; therefore, such Shares may not be offered or placed in public circulation in Russia.
In no event will Shares acquired at vesting be delivered to Participant in Russia; all Shares will be maintained on Participant’s behalf in the United States.
Participant is not permitted to sell Shares acquired at vesting directly to a Russian legal entity or resident.
Depending on the development of local regulatory requirements, the Company reserves the right to require a casheless sell all or impose other restrictions on the exercise of the Option.
Securities Law Information
Participant acknowledges that the Award Agreement, the Terms and Conditions of Stock Option Grant, the Plan and all other materials that Participant may receive regarding participation in the Plan and the grant of the Option itself do not constitute advertisement regarding or an offering of securities in Russia. Absent an express requirement under applicable Russian law, the issuance of Shares at exercise of the Option has not and will not be registered in Russia. Therefore, the Shares described in any Plan-related documentation may not be used for offering or public circulation in Russia.
Data Privacy. This notification supplements Section 11 of the Award Agreement:
Participant understands and agrees that, if required by the Company, he or she must complete and return a Consent to Processing of Personal Data (the “Consent”) form to the Company. Further, Participant understands and agrees that if Participant does not complete and return a Consent form to the Company, the Company will not be able to grant options to Participant or other awards or administer or maintain such awards. Therefore, Participant understands that refusing to complete a Consent form or withdrawing his or her consent may affect Participant’s ability to participate in the Plan.
Exchange Control Information. Russian residents should contact their personal advisor regarding their obligations resulting from their participation in the Plan as significant penalties may apply in the case of non-compliance with exchange control requirements and because such exchange control requirements may change.
Foreign Asset/Account Reporting Information. Russian residents will be required to notify the Russian tax authorities within one month of opening or closing a foreign bank account or of changing any account details. Russian residents are also required to file with the Russian tax authorities reports of the transactions in their foreign bank accounts. Participant should consult with his or her personal tax advisor for additional information about these reporting obligations.
Anti-Corruption Information. Anti-corruption laws prohibit certain public servants, their spouses and their dependent children from owning any foreign source financial instruments (e.g., shares of foreign companies such as the Company). Accordingly, Participant should inform the Company if he or she is covered by these laws because Participant should not hold Shares acquired under the Plan.
Labor Law Information. If Participant continues to hold Shares acquired at vesting of the RSUs after an involuntary termination of status as a Service Provider, Participant may not be eligible to receive unemployment benefits in Russia.
-19-
Singapore
Sale Restriction. Participant agrees that any Shares acquired pursuant to the Option will not be offered for sale in Singapore prior to the six-month anniversary of the Date of Grant unless such sale or offer is made pursuant to the exemptions under Part XIII Division (1) Subdivision (4) (other than section 280) of the Securities and Futures Act (Chapter 289, 2006 Ed.) (“SFA”).
Securities Law Information. The Option grant is being made to Participant in reliance on the “Qualifying Person” exemption of the SFA under which it is exempt from the prospectus and registration requirements and is not made with a view to the underlying Shares being subsequently offered for sale to any other party. The Plan has not been and will not be lodged or registered as a prospectus with the Monetary Authority of Singapore.
Chief Executive Officer and Director Notification Obligation. If Participant is the Chief Executive Office (“CEO”) or a director, associate director or shadow director of a Singapore Parent, Subsidiary or Affiliate, Participant understands that Participant is subject to certain notification requirements under the Singapore Companies Act. Participant acknowledges that Participant must notify the Singapore Parent, Subsidiary or Affiliate in writing of an interest (e.g., Option, Shares, etc.) in the Company or any Parent or Subsidiary within two (2) business days of (i) its acquisition or disposal, (ii) any change in previously disclosed interest (e.g., when Shares acquired at vesting are sold), or (iii) becoming the CEO and/or a director, if Participant holds such an interest at the time.
South Africa
Method of Payment
Notwithstanding any provision in the Terms and Conditions of Stock Option Agreement, due to exchange control restrictions in South Africa, when Participant exercises the Option, Participant must use a “cashless sell-all” exercise pursuant to which he or she delivers irrevocable instructions to the broker to sell all Shares to which Participant is entitled at exercise and remit the proceeds from sale, less any Tax-Related Items and brokerage fees, to Participant in cash. Participant will not be permitted to receive and hold any Shares in connection with the exercise of the Option. The Company reserves the right to provide Participant with additional methods of paying the aggregate Exercise Price depending upon development of local laws.
Responsibility for Taxes
This section supplements the “Responsibility for Taxes” section of the Terms and Conditions of Stock Option Grant:
In accepting the Option, Participant agrees to notify the Employer of the amount of any gain realized upon exercise of the Option. If Participant fails to advise the Employer of the gain realized upon exercise, he or she may be liable for a fine. Participant will be responsible for paying any difference between the actual tax liability and the amount withheld.
Exchange Control Information
Participant may be required to obtain exchange control approval prior to exercising the Option. Participant is solely responsible for complying with applicable South African exchange control regulations. Since the exchange control regulations change frequently and without notice, the Participant should consult his or her legal advisor prior to the exercise of the Option or sale of Shares
-20-
acquired at exercise to ensure compliance with current regulations. Neither the Company nor the Employer will be liable for any fines or penalties resulting from failure to comply with applicable laws.
Spain
Labor Law Acknowledgment
This section supplements the “Nature of Grant” section of the Terms and Conditions of Stock Option Grant:
In accepting the Option, Participant acknowledges that he or she consents to participation in the Plan and has received a copy of the Plan.
Participant understands that the Company has unilaterally, gratuitously, and discretionally decided to grant options under the Plan to individuals who may be employees of the Company or its Subsidiaries throughout the world. The decision is a limited decision that is entered into upon the express assumption and condition that any grant will not economically or otherwise bind the Company or any of its Subsidiaries on an ongoing basis. Consequently, Participant understands that the Option is granted on the assumption and condition that the Option or the Shares acquired upon exercise shall not become a part of any employment contract (either with the Company or any of its Subsidiaries) and shall not be considered a mandatory benefit, salary for any purposes (including severance compensation), or any other right whatsoever. In addition, Participant understands that this grant would not be made to Participant but for the assumptions and conditions referred to above; thus, Participant acknowledges and freely accepts that should any or all of the assumptions be mistaken or should any of the conditions not be met for any reason, then any grant of options shall be null and void.
Securities Law Information. The Option does not qualify under Spanish Law as securities. No “offer to the public,” as defined under Spanish Law, has taken place or will take place in the Spanish territory. Neither the Plan nor the Award Agreement have been registered with the Comisión Nacronal del Mercado de Valores and do not constitute a public offering prospectus.
Exchange Control Information. Participant must declare the acquisition of Shares to the Spanish Dirección General de Comercio e Inversiones (the “DGCI”), the Bureau for Commerce and Investments, which is a department of the Ministry of Economy and Competitiveness. Participant must also declare ownership of any Shares by filing a Form D-6 with the Directorate of Foreign Transactions each January while the Shares are owned. In addition, the sale of Shares must also be declared on Form D-6 filed with the DGCI in January, unless the sale proceeds exceed the applicable threshold (currently €1,502,530), in which case, the filing is due within one month after the sale.
In addition, Participant is required to declare electronically to the Bank of Spain any foreign accounts (including brokerage accounts held abroad), any foreign instruments (including any Shares acquired under the Plan) and any transactions with non-Spanish residents (including any payments of Shares made to Participant by the Company) depending on the value of such accounts and instruments and the amount of the transactions during the relevant year as of December 31 of the relevant year.
Foreign Asset/Accounting Reporting Information. If Participant holds rights or assets (e.g., Shares or cash held in a bank or brokerage account) outside of Spain with a value in excess of €50,000 per type of right or asset (e.g., Shares, cash, etc.) as of December 31 each year, Participant is required to report certain information regarding such rights and assets on tax form 720. After such rights and/or assets
-21-
are initially reported, the reporting obligation will apply for subsequent years only if the value of any previously-reported rights or assets increases by more than €20,000. The reporting must be completed by the March 31 each year.
Sweden
No country-specific provisions.
Switzerland
Method of Payment. Notwithstanding any provision to the contrary in the Award Agreement, due to restrictions in Switzerland, when Participant exercises the Option, Participant must use a “cashless sell-all” exercise pursuant to which he or she delivers irrevocable instructions to the broker to sell all Shares to which Participant is entitled at exercise and remit the proceeds from sale, less any Tax-Related Items and brokerage fees, to Participant in cash. The Company reserves the right to provide Participant with additional methods of paying the Exercise Price depending upon the development of local laws.
Securities Law Information. The Option offer is not intended to be publicly offered in or from Switzerland. Because Option offer is considered a private offering in Switzerland, it is not subject to registration in Switzerland. Neither this document nor any other materials relating to the Option grant under the Plan constitutes a prospectus as such term is understood pursuant to article 652a of the Swiss Code of Obligations, and neither this document nor any other materials relating to the Option grant under the Plan may be publicly distributed nor otherwise made publicly available in Switzerland. Further, neither this document nor any other offering or marketing material relating to the Option offering has been or will be filed with, approved, or supervised by any Swiss regulatory authority (in particular, the Swiss Financial Market Supervisory Authority (FINMA)).
Taiwan
Securities Law Information. This offer of the Option and the Shares to be issued pursuant to the Plan is available only for employees of the Company and its Subsidiaries. It is not a public offer of securities by a Taiwanese company; therefore, it is exempt from registration in Taiwan.
Exchange Control Information. Participant may acquire foreign currency and remit the same out of Taiwan, up to US$5 million per year without justification. When remitting funds for the purchase of Shares pursuant to the Plan, such remittances should be made through an authorized foreign exchange bank. In addition, if Participant remits TWD$500,000 or more in a single transaction, Participant must submit a Foreign Exchange Transaction Form to the remitting bank. If the transaction amount is US$500,000 or more in a single transaction, Participant may be required to provide supporting documentation to the satisfaction of the remitting bank.
Data Privacy Acknowledgement. Participant acknowledges that he or she has read and understands the terms regarding collection, processing and transfer of Data contained in Section 11 of the Award Agreement and by participating in the Plan, Participant agrees to such terms. In this regard, upon request of the Company or the Employer, Participant agrees to provide an executed data privacy consent form to the Employer or the Company (or any other agreements or consents that may be required by the Employer or the Company) that the Company and/or the Employer may deem necessary to obtain
-22-
under the data privacy laws in Participant’s country, either now or in the future. Participant understands that he or she will not be able to participate in the Plan if Participant fails to execute any such consent or agreement.
Thailand
Exchange Control Information
It is Participant’s responsibility to comply with all exchange control regulations in Thailand. If Participant exercises the Option with cash, Participant may apply directly to a commercial bank in Thailand for approval to remit up to US$1,000,000 per year for the purchase of Shares. If Participant exercises the Option by way of a cashless method of exercise, no application to a commercial bank is required. In addition, If the proceeds from the sale of Shares or the receipt of dividends are equal to or greater than US$50,000 in a single transaction, Participant must repatriate the proceeds to Thailand immediately upon receipt and to convert the funds to Thai Baht or deposit the proceeds in a foreign currency deposit account maintained by a bank in Thailand within 360 days of remitting the proceeds to Thailand. In addition, Participant must specifically report the inward remittance to the Bank of Thailand on a Foreign Exchange Transaction Form.
If Participant does not comply with this obligation, Participant may be subject to penalties assessed by the Bank of Thailand. Because exchange control regulations change frequently and without notice, Participant should consult a legal advisor before selling Shares to ensure compliance with current regulations. It is Participant’s responsibility to comply with exchange control laws in Thailand, and neither the Company nor any Parent or Subsidiary will be liable for any fines or penalties resulting from Participant’s failure to comply with applicable laws.
Turkey
Securities Law Information. Under Turkish law, Participant is not permitted to sell Shares acquired under the Plan in Turkey. The Shares are currently traded on the Nasdaq Global Select Market, which is located outside of Turkey, under the ticker symbol “FTNT” and the Shares may be sold through this exchange.
Exchange Control Information. Exchange control regulations require Turkish residents to purchase Shares through intermediary financial institutions that are approved under the Capital Market Law (i.e., banks licensed in Turkey). Therefore, if Participant uses cash to exercise the Option, the funds must be remitted through a bank or other financial institution licensed in Turkey. A wire transfer of funds by a Turkish bank will satisfy this requirement. This requirement does not apply to cashless exercises, as no funds leave Turkey. Participant likely will be required to engage a Turkish financial intermediary to assist with the sale of Shares acquired under the Plan and may also need to engage a Turkish financial intermediary with respect to the acquisition of such Shares, although this is less certain. As Participant is solely responsible for complying with the financial intermediary requirements and their application to participation in the Plan is uncertain, Participant should consult his or her personal legal advisor prior to the vesting of the Restricted Stock Units or any sale of Shares to ensure compliance.
United Arab Emirates
-23-
Securities Law Information. Participation in the Plan is being offered only to selected Service Providers and is in the nature of providing equity incentives to Service Providers in the United Arab Emirates. The Plan and the Award Agreement are intended for distribution only to such Service Providers and must not be delivered to, or relied on by, any other person. Prospective purchasers of the securities offered should conduct their own due diligence on the securities. If Participant does not understand the contents of the Plan and the Award Agreement, Participant should consult an authorized financial adviser. The Emirates Securities and Commodities Authority has no responsibility for reviewing or verifying any documents in connection with the Plan. Neither the Ministry of Economy nor the Dubai Department of Economic Development have approved the Plan or the Award Agreement nor taken steps to verify the information set out therein, and have no responsibility for such documents.
United Kingdom
Joint Election
As a condition of participation in the Plan and the exercise of the Option, Participant agrees to accept any liability for secondary Class 1 national insurance contributions that may be payable by the Company and/or the Employer in connection with the Option and any event giving rise to Tax-Related Items (the “Employer NICs”). Without prejudice to the foregoing, Participant agrees to execute a joint election with the Company, the form of such joint election being formally approved by Her Majesty’s Revenue & Customs (“HMRC”) (the “Joint Election”), and any other required consent or election. Participant further agrees to execute such other joint elections as may be required between him or her and any successor to the Company and/or the Employer. Participant further agrees that the Company and/or the Employer may collect the Employer NICs from him or her by any of the means set forth in “Responsibility for Taxes” section of the Terms and Conditions of Stock Option Grant.
If Participant does not enter into a Joint Election prior to exercise of the Option, he or she will not be entitled to exercise the Option unless and until he or she enters into a Joint Election and no Shares will be issued to Participant under the Plan, without any liability to the Company and/or the Employer.
Tax Obligations/Withholding Authorization
This section supplements the “Responsibility for Taxes” section of the Terms and Conditions of Stock Option Grant.
If payment or withholding of the income tax due is not made within ninety (90) days of the end of the U.K. tax year (April 6 - April 5) in which such event giving rise to the Tax-Related Items occurs, or such other period specified in Section 222(1)(c) of the U.K. Income Tax (Earnings and Pensions) Act 2003 (the “Due Date”), the amount of any uncollected income tax shall constitute a loan owed by Participant to the Employer, effective on the Due Date. Participant agrees that the loan will bear interest at the then-current Official Rate of Her Majesty’s Revenue & Customs (“HMRC”), it will be immediately due and repayable, and the Company or the Employer may recover it at any time thereafter by any of the means referred to in Section 10 of the Award Agreement.
Notwithstanding the foregoing, if Participant is a director or executive officer of the Company (within the meaning of Section 13(k) of the U.S. Securities Exchange Act of 1934, as amended), Participant shall not be eligible for a loan from the Company to cover the income tax. In the event that Participant is a director or executive officer and income tax not collected from or paid by Participant by the Due Date, the amount of any uncollected income tax may constitute a benefit to Participant on which additional income tax and national insurance contributions (“NICs”) may be payable. Participant
-24-
acknowledges that Participant ultimately will be responsible for reporting and paying any income tax due on this additional benefit directly to HMRC under the self-assessment regime and for reimbursing the Company or the Employer (as applicable) for the value of any employee NICs due on this additional benefit, which the Company and/or the Employer may recover from Participant at any time thereafter by any of the means referred to in Section 6 of the Award Agreement.
-25-
EXHIBIT C
AMENDED AND RESTATED FORTINET, INC.
2009 EQUITY INCENTIVE PLAN
EXERCISE NOTICE
Fortinet, Inc.
899 Kifer Road, Sunnyvale, CA 94086
Attention: Stock Administration
Exercise of Option. Effective as of today, ________________, _____, the undersigned (“Purchaser”) hereby elects to purchase ______________ shares (the “Shares”) of the Common Stock of Fortinet, Inc. (the “Company”) under and pursuant to the Amended and Restated 2009 Equity Incentive Plan (the “Plan”) and the Stock Option Award Agreement dated ________ (the “Award Agreement”). The purchase price for the Shares will be $_____________, as required by the Award Agreement.
Delivery of Payment. Purchaser herewith delivers to the Company the full purchase price of the Shares and any required Tax-Related Items to be paid in connection with the exercise of the Option.
Representations of Purchaser. Purchaser acknowledges that Purchaser has received, read and understood the Plan and the Award Agreement and agrees to abide by and be bound by their terms and conditions.
Rights as Stockholder. Until the issuance (as evidenced by the appropriate entry on the books of the Company or of a duly authorized transfer agent of the Company) of the Shares, no right to vote or receive dividends or any other rights as a stockholder will exist with respect to the Shares subject to the Option, notwithstanding the exercise of the Option. The Shares so acquired will be issued to Purchaser as soon as practicable after exercise of the Option. No adjustment will be made for a dividend or other right for which the record date is prior to the date of issuance, except as provided in Section 13 of the Plan.
No Advice Regarding Grant. Purchaser understands that Purchaser may suffer adverse tax or financial consequences as a result of Purchaser’s purchase or disposition of the Shares. Further, the Company is not providing any tax, legal, or financial advice, nor is the Company making any recommendations regarding Purchaser’s participation in the Plan or Purchaser’s acquisition or sale of the underlying Shares. Purchaser represents that Purchaser has consulted with any tax, legal, or financial consultants Purchaser deems advisable in connection with the purchase or disposition of the Shares, and that Purchaser is not relying on the Company for any such advice.
Entire Agreement; Governing Law. The Plan and Award Agreement are incorporated herein by reference. This Exercise Notice, the Plan and the Award Agreement constitute the entire agreement of
6712402-v5\GESDMS
the parties with respect to the subject matter hereof and supersede in their entirety all prior undertakings and agreements of the Company and Purchaser with respect to the subject matter hereof, and may not be modified adversely to the Purchaser’s interest except by means of a writing signed by the Company and Purchaser. This agreement is governed by the internal substantive laws, but not the choice of law rules, of the State of California.
Submitted by: | Accepted by: | |
PURCHASER | FORTINET, INC | |
Signature | By | |
Print Name | Title | |
Address: | ||
Date Received | ||
-2-
Exhibit 21.1
FORTINET, INC. SUBSIDIARIES
Entity | Jurisdiction of Incorporation | |
Fortinet International, Inc. | Cayman Islands | |
Fortinet UK, Ltd. | United Kingdom | |
Fortinet Technologies (Canada), ULC | Canada | |
Fortinet Japan K.K. | Japan | |
Fortinet Information Technology (Beijing) Co., Ltd. | China | |
Fortinet Malaysia SDN. BHD. | Malaysia | |
Fortinet Singapore Private Limited | Singapore | |
Fortinet Technologies India Private Limited | India | |
Fortinet S.A.R.L. | France | |
Fortinet GmbH | Germany | |
Fortinet Federal, Inc. | U.S.A. | |
Fortinet BV | Netherlands | |
Fortinet Mexico, S. de R.L. de C.V. | Mexico | |
Fortinet Network Security Brazil Limitada | Brazil | |
Fortinet Colombia S.A.S | Colombia | |
Fortinet Security NZ Limited | New Zealand | |
Fortinet Security Israel Ltd. | Israel | |
Fortinet Security Korea Ltd. | Korea | |
Fortinet Security LLC | Qatar | |
Fortinet Security Italy S.R.L. | Italy | |
Fortinet Networks Romania S.R.L. | Romania | |
Fortinet Holding LLC | U.S.A. | |
Accelops China | China | |
Fortinet Turkey Güvenlik Sistemleri Limited Şirketi | Turkey | |
Fortinet Security Spain S.L | Spain | |
Fortinet Networks Mauritius Ltd | Mauritius | |
Bradford Networks, Inc. | U.S.A. | |
Bradford Networks Europe Limited | United Kingdom | |
ZoneFox Holding Limited | United Kingdom | |
ZoneFox Limited | United Kingdom | |
Fortinet Branch Holding Company | U.S.A. | |
enSilo, Ltd. | Israel | |
enSilo, Inc. | U.S.A. | |
enSilo Limited | United Kingdom | |
CyberSponse, Inc. | U.S.A. | |
CyberSponse Federal, Inc. | U.S.A. | |
CyberSponse India Private Limited | India | |
Fortinet Austria GmbH | Austria | |
Fortinet Belgium BV | Belgium | |
Fortinet Denmark ApS | Denmark | |
Fortinet Finland Oy | Finland | |
Fortinet Security Network (Thailand) Ltd. | Thailand | |
PT Fortinet Indonesia Security | Indonesia | |
Exhibit 23.1
CONSENT OF INDEPENDENT REGISTERED PUBLIC ACCOUNTING FIRM
We consent to the incorporation by reference in the Registration Statements Nos. 333-229894, 333-223246, 333-216362, 333-209783, 333-205958, 333-202402, 333-194281, 333-186921, 333-179751, 333-175985, 333-172459 and, 333-163367 on Form S-8 of our reports dated February 25, 2020, relating to the financial statements and the effectiveness of the Company's internal control over financial reporting, appearing in the Annual Report on Form 10-K of the Company for the year ended December 31, 2019.
/s/ DELOITTE & TOUCHE LLP
San Jose, California
February 25, 2020
Exhibit 31.1
CERTIFICATION
I, Ken Xie, certify that:
1. | I have reviewed this Annual Report on Form 10-K of Fortinet, Inc.; |
2. | Based on my knowledge, this report does not contain any untrue statement of a material fact or omit to state a material fact necessary to make the statements made, in light of the circumstances under which such statements were made, not misleading with respect to the period covered by this report; |
3. | Based on my knowledge, the financial statements, and other financial information included in this report, fairly present in all material respects the financial condition, results of operations and cash flows of the registrant as of, and for, the periods presented in this report; |
4. | The registrant’s other certifying officer(s) and I are responsible for establishing and maintaining disclosure controls and procedures (as defined in Exchange Act Rules 13a-15(e) and 15d-15(e)) and internal control over financial reporting (as defined in Exchange Act Rules 13a-15(f) and 15d-15(f)) for the registrant and have: |
a. | Designed such disclosure controls and procedures, or caused such disclosure controls and procedures to be designed under our supervision, to ensure that material information relating to the registrant, including its consolidated subsidiaries, is made known to us by others within those entities, particularly during the period in which this report is being prepared; |
b. | Designed such internal control over financial reporting, or caused such internal control over financial reporting to be designed under our supervision, to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles; |
c. | Evaluated the effectiveness of the registrant’s disclosure controls and procedures and presented in this report our conclusions about the effectiveness of the disclosure controls and procedures, as of the end of the period covered by this report based on such evaluation; and |
d. | Disclosed in this report any change in the registrant’s internal control over financial reporting that occurred during the registrant’s most recent fiscal quarter (the registrant’s fourth fiscal quarter in the case of an annual report) that has materially affected, or is reasonably likely to materially affect, the registrant’s internal control over financial reporting; and |
5. | The registrant’s other certifying officer(s) and I have disclosed, based on our most recent evaluation of internal control over financial reporting, to the registrant’s auditors and the audit committee of the registrant’s board of directors (or persons performing the equivalent functions): |
a. | All significant deficiencies and material weaknesses in the design or operation of internal control over financial reporting which are reasonably likely to adversely affect the registrant’s ability to record, process, summarize and report financial information; and |
b. | Any fraud, whether or not material, that involves management or other employees who have a significant role in the registrant’s internal control over financial reporting. |
Date: February 25, 2020
/s/ Ken Xie | |
Ken Xie | |
Chief Executive Officer and Chairman (Principal Executive Officer) | |
Exhibit 31.2
CERTIFICATION
I, Keith Jensen, certify that:
1. | I have reviewed this Annual Report on Form 10-K of Fortinet, Inc.; |
2. | Based on my knowledge, this report does not contain any untrue statement of a material fact or omit to state a material fact necessary to make the statements made, in light of the circumstances under which such statements were made, not misleading with respect to the period covered by this report; |
3. | Based on my knowledge, the financial statements, and other financial information included in this report, fairly present in all material respects the financial condition, results of operations and cash flows of the registrant as of, and for, the periods presented in this report; |
4. | The registrant’s other certifying officer(s) and I are responsible for establishing and maintaining disclosure controls and procedures (as defined in Exchange Act Rules 13a-15(e) and 15d-15(e)) and internal control over financial reporting (as defined in Exchange Act Rules 13a-15(f) and 15d-15(f)) for the registrant and have: |
a. | Designed such disclosure controls and procedures, or caused such disclosure controls and procedures to be designed under our supervision, to ensure that material information relating to the registrant, including its consolidated subsidiaries, is made known to us by others within those entities, particularly during the period in which this report is being prepared; |
b. | Designed such internal control over financial reporting, or caused such internal control over financial reporting to be designed under our supervision, to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles; |
c. | Evaluated the effectiveness of the registrant’s disclosure controls and procedures and presented in this report our conclusions about the effectiveness of the disclosure controls and procedures, as of the end of the period covered by this report based on such evaluation; and |
d. | Disclosed in this report any change in the registrant’s internal control over financial reporting that occurred during the registrant’s most recent fiscal quarter (the registrant’s fourth fiscal quarter in the case of an annual report) that has materially affected, or is reasonably likely to materially affect, the registrant’s internal control over financial reporting; and |
5. | The registrant’s other certifying officer(s) and I have disclosed, based on our most recent evaluation of internal control over financial reporting, to the registrant’s auditors and the audit committee of the registrant’s board of directors (or persons performing the equivalent functions): |
a. | All significant deficiencies and material weaknesses in the design or operation of internal control over financial reporting which are reasonably likely to adversely affect the registrant’s ability to record, process, summarize and report financial information; and |
b. | Any fraud, whether or not material, that involves management or other employees who have a significant role in the registrant’s internal control over financial reporting. |
Date: February 25, 2020
/s/ Keith Jensen | |
Keith Jensen | |
Chief Financial Officer (Principal Financial Officer and Principal Accounting Officer) | |
Exhibit 32.1
CERTIFICATIONS OF CHIEF EXECUTIVE OFFICER AND CHIEF FINANCIAL OFFICER
PURSUANT TO
18 U.S.C. SECTION 1350,
AS ADOPTED PURSUANT TO
SECTION 906 OF THE SARBANES-OXLEY ACT OF 2002
I, Ken Xie, certify, pursuant to 18 U.S.C. Section 1350, as adopted pursuant to Section 906 of the Sarbanes-Oxley Act of 2002, that the Annual Report on Form 10-K of Fortinet, Inc. for the fiscal year ended December 31, 2019 fully complies with the requirements of Section 13(a) or 15(d) of the Securities Exchange Act of 1934, as amended (the “Exchange Act”), and that information contained in this Annual Report on Form 10-K fairly presents, in all material respects, the financial condition and results of operations of Fortinet, Inc.
By: | /s/ Ken Xie | ||
Date: | February 25, 2020 | Name: | Ken Xie |
Title: | Chief Executive Officer and Chairman (Principal Executive Officer) | ||
I, Keith Jensen, certify, pursuant to 18 U.S.C. Section 1350, as adopted pursuant to Section 906 of the Sarbanes-Oxley Act of 2002, that the Annual Report on Form 10-K of Fortinet, Inc. for the fiscal year ended December 31, 2019 fully complies with the requirements of Section 13(a) or 15(d) of the Exchange Act and that information contained in this Annual Report on Form 10-K fairly presents, in all material respects, the financial condition and results of operations of Fortinet, Inc.
By: | /s/ Keith Jensen | ||
Date: | February 25, 2020 | Name: | Keith Jensen |
Title: | Chief Financial Officer (Principal Financial Officer and Principal Accounting Officer) | ||
This certification is being furnished pursuant to 18 U.S.C. Section 1350, as adopted pursuant to Section 906 of the Sarbanes-Oxley Act of 2002 and will not be deemed “filed” for purposes of Section 18 of the Exchange Act, or otherwise subject to the liability of that section. This certification will not be incorporated by reference into any filing under the Securities Act of 1933, as amended, or the Exchange Act, except as shall be expressly set forth by specific reference in such a filing.