More annual reports from OneSpan:
2023 ReportPeers and competitors of OneSpan:
Salesforce.comTable of Contents UNITED STATES SECURITIES AND EXCHANGE COMMISSION Washington, D.C. 20549 FORM 10-K FOR ANNUAL AND TRANSITION REPORTS PURSUANT TO SECTIONS 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934 (Mark One) ☒☒ ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(D) OF THE SECURITIES EXCHANGE ACT OF 1934 FOR THE FISCAL YEAR ENDED DECEMBER 31, 2020 or ☐☐ TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934 FOR THE TRANSITION PERIOD FROM TO Commission file number 000-24389 OneSpan Inc. (Exact Name of Registrant as Specified in Its Charter) DELAWARE (State or Other Jurisdiction of Incorporation or Organization) 36-4169320 (IRS Employer Identification No.) 121 West Wacker Drive, Suite 2050 Chicago, Illinois 60601 (Address of Principal Executive Offices)(Zip Code) Registrant’s telephone number, including area code: 312-766-4001 Securities registered pursuant to Section 12(b) of the Act: Title of each class Common Stock, par value $.001 per share Trading Symbol OSPN Name of exchange on which registered NASDAQ Capital Market Securities registered pursuant to Section 12(g) of the Act: None Indicate by check mark if the registrant is a well-known seasoned issuer, as defined by Rule 405 of the Securities Act. Yes ☐ No ☒ Indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or 15(d) of the act. Yes ☐ No ☒ Indicate by check mark whether the registrant: (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days. Yes ☒ No ☐ Indicate by check mark whether the registrant has submitted electronically every Interactive Data File required to be submitted pursuant to Rule 405 of Regulation S-T (§232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit such files). Yes ☒ No ☐ Indicate by check mark if disclosure of delinquent filers pursuant to Item 405 of Regulation S-K is not contained herein, and will not be contained, to the best of registrant’s knowledge, in definitive proxy or information statements incorporated by reference in Part III of this Form 10-K or any amendment to this Form 10-K. ☐ Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, a smaller reporting company, or an emerging growth company. See definition of “large accelerated filer,” “accelerated filer”, “smaller reporting company”, and “emerging growth company” in Rule 12b-2 of the Exchange Act. Large accelerated filer ☒ Accelerated filer ☐ Non-accelerated filer ☐ Smaller reporting company ☐ Emerging growth company ☐ If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards pursuant to Section 13(a) of the Exchange Act. ☐ Indicate by check mark whether the registrant has filed a report on and attestation to its management’s assessment of the effectiveness of its internal control over financial reporting under Section 404(b) of the Sarbanes-Oxley Act (15 U.S.C. 7262(b)) by the registered public accounting firm that prepared or issued its audit report. ☒ Indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Exchange Act). Yes ☐ No ☒ As of June 30, 2020, the aggregate market value of voting and non-voting common equity (based upon the last sale price of the common stock as reported on the NASDAQ Capital Market on June 30, 2020) held by non-affiliates of the registrant was $955,147,012 at $27.93 per share. As of February 23, 2021, there were 40,391,202 shares of common stock outstanding. DOCUMENTS INCORPORATED BY REFERENCE Certain sections of the registrant’s Notice of Annual Meeting of Stockholders and Proxy Statement for its 2018 Annual Meeting of Stockholders are incorporated by reference into Part III of this report. TABLE OF CONTENTS PAGE Table of Contents PART I Item 1. Business Item 1A. Risk Factors Item 1B. Unresolved Staff Comments Item 2. Properties Item 3. Legal Proceedings Item 4. Mine Safety Disclosures PART II Item 5. Market for Registrant’s Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities Item 6. Selected Financial Data Item 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations Item 7A. Quantitative and Qualitative Disclosures About Market Risk Item 8. Financial Statements and Supplementary Data Item 9. Changes in and Disagreements with Accountants on Accounting and Financial Disclosures Item 9A. Controls and Procedures Item 9B. Other Information PART III Item 10. Directors, Executive Officers and Corporate Governance Item 11. Executive Compensation Item 12. Security Ownership of Certain Beneficial Owners and Management and Related Stockholder Matters Item 13. Certain Relationships and Related Transactions, and Director Independence Item 14. Principal Accounting Fees and Services PART IV Item 15. Exhibits, Financial Statement Schedules CONSOLIDATED FINANCIAL STATEMENTS AND SCHEDULE 1 9 29 29 29 30 31 33 33 50 51 51 51 55 55 55 55 56 56 56 F-1 Table of Contents Forward Looking Statement This Annual Report on Form 10-K contains forward-looking statements within the meaning of applicable U.S. securities laws, including statements regarding the potential benefits, performance and functionality of our products and solutions, including future offerings; our expectations, beliefs, plans, operations and strategies relating to our business and the future of our business; our strategic plans regarding our portfolio, including acquisitions and dispositions; and our expectations regarding our financial performance in the future. Forward-looking statements may be identified by words such as "seek", "believe", "plan", "estimate", "anticipate", “expect", "intend", "continue", "outlook", "may", "will", "should", "could", or "might", and other similar expressions. These forward-looking statements involve risks and uncertainties, as well as assumptions that, if they do not fully materialize or prove incorrect, could cause our results to differ materially from those expressed or implied by such forward- looking statements. Factors that could materially affect our business and financial results include, but are not limited to: market acceptance of our products and solutions and competitors’ offerings; the potential effects of technological changes; the impact of the COVID-19 pandemic and actions taken to contain it; our ability to effectively manage acquisitions, divestitures, alliances, joint ventures and other portfolio actions; the execution of our transformative strategy on a global scale; the increasing frequency and sophistication of hacking attacks; claims that we have infringed the intellectual property rights of others; changes in customer requirements; price competitive bidding; changing laws, government regulations or policies; pressures on price levels; investments in new products or businesses that may not achieve expected returns; impairment of goodwill or amortizable intangible assets causing a significant charge to earnings; actions of activist stockholders; and exposure to increased economic and operational uncertainties from operating a global business, as well as those factors described in the “Risk Factors” section of this Form 10-K. Our filings with the Securities and Exchange Commission (the “SEC”) and other important information can be found in the Investor Relations section of our website at investors.onespan.com. We do not have any intent, and disclaim any obligation, to update the forward-looking information to reflect events that occur, circumstances that exist or changes in our expectations after the date of this Form 10-K, except as required by law. Unless otherwise noted, references in this Annual Report on Form 10-K to “OneSpan”, “Company”, “we”, “our”, and “us” refer to OneSpan Inc. and its subsidiaries. Table of Contents Item 1 – Business Overview PART I OneSpan Inc. and its wholly owned subsidiaries design, develop and market digital solutions for identity, security, and business productivity that protect and facilitate electronic transactions via mobile and connected devices. We are a global leader in digital identity and anti-fraud solutions to financial institutions and other businesses. We do this by delivering trust in people’s identities, their devices, and the transactions they conduct online. We make digital banking accessible, secure, easy, and valuable. Our solutions secure access to online accounts, data, assets, and applications for global enterprises; provide tools for application developers to easily integrate security functions into their web-based and mobile applications; and facilitate end-to-end financial agreement automation including digital identity verification, electronic signature and electronic notarization. Our trusted identity platform technologies including Identity Verification, Cloud Authentication, Intelligent Adaptive Authentication and Risk Analytics, along with mobile app security, transaction signing and various other multi-factor authentication technologies, enhance the ability of companies to onboard new customers and prevent hacking attacks against online and mobile transactions while providing an exceptional experience for remote customers. We offer cloud based and on-premises solutions using both open standards and proprietary technologies. Some of our proprietary technologies are patented. Our products and services are used for authentication, fraud mitigation, e-signing transactions and documents, and identity management in Business-to-Business (“B2B”), Business-to-Employee (“B2E”) and Business-to-Consumer (“B2C”) environments. Our target market is business processes using an electronic interface, particularly the internet, where there is risk of account takeover or new account fraud. Our products can increase security associated with accessing business processes, reduce losses from unauthorized access, help customers comply with regulations, enhance the end- user experience, and reduce the cost of business processes by automating activities previously performed manually. Online and mobile application owners and publishers benefit from our expertise in multi-factor authentication, document signing, transaction signing, application security, remote customer onboarding, and in mitigating hacking attacks. Our convenient and proven security solutions enable low friction and trusted interactions between businesses, employees, and consumers across a variety of online and mobile platforms. Our primary growth strategy is to make digital banking more accessible, secure, easy and valuable. Our key growth objectives include: ● Expanding our portfolio of solutions that enable institutions to mitigate fraud, reduce operational costs, comply with regulations, easily on-board customers, adaptively authenticate transactions and reduce time to deploy; ● Automating and securing digital customer journeys to remotely verify identities, mitigate application fraud, and secure account openings and transactions; ● Increasing sales to existing customers and acquiring new customers; ● Driving increased demand for our products in new applications, new markets, and new territories; ● ● Expanding our channel partner ecosystem; and Strategically acquiring companies that expand our technology portfolio or customer base and increase our recurring revenue. 1 Table of Contents Impact of COVID-19 pandemic In March 2020, the World Health Organization recognized a novel strain of coronavirus (COVID-19) as a pandemic. In response to the pandemic, the United States and various foreign, state and local governments have, among other actions, imposed travel and business restrictions and required or advised communities in which we do business to adopt stay-at-home orders and social distancing guidelines, causing many businesses, including retail banking branches, to reduce or suspend operating activities. The pandemic and various governments’ responses have caused significant and widespread uncertainty, volatility and disruptions in the U.S. and global economies, including in the regions in which we operate. Beginning in the Summer of 2020 and continuing through the year ended December 31, 2020, we experienced lengthened sales cycles and reduced demand for some of our security solutions due to economic uncertainty connected with the COVID-19 pandemic. The most significant impact of the pandemic on our business has been a sharp drop in demand for our hardware authentication products and delays in the implementation of certain software security solutions. As we cannot predict the duration or scope of the pandemic or its impact on the economy, financial markets and our customers, any negative impact to our results cannot be reasonably estimated, but it could be material. We continue to closely monitor the Company’s financial health and liquidity and the impact of the pandemic on the Company. We are able to serve the needs of our customers while taking steps to protect the health and safety of our employees, customers, partners, and communities. See Part I – Item 1A – Risk Factors of this Form 10-K for additional information regarding the potential impact of COVID-19 on the Company. Industry Background Rapid global growth in cloud and mobile banking transactions is driving increased demand for multi-channel security solutions and enhanced user experiences across the financial services industry. Similarly, increasing remote corporate access of important resources by employees, business partners and customers is introducing new security risks for participants. Large and powerful criminal hacking organizations are launching more sophisticated hacking attacks with greater frequency. The criminal activities of private and state-sponsored hacking organizations have driven an increased need for security solutions and expansion of regulations requiring improved security measures to protect against hacking attacks and breaches. Several governments worldwide have issued specific recommendations either requiring or advocating multi-factor authentication and other security measures to improve the security of remote banking transactions. We believe these global trends have been accelerated by the pandemic and will continue and that the market for authentication, anti-fraud, and e-signature solutions will continue to grow driven by growth in digital banking transactions, digital commerce, work-from-home corporate access requirements, growing awareness of the impact of cyber-crime, and new government regulations. Our Background Our predecessor company, VASCO Corp., entered the data security business in 1991 through the acquisition of a controlling interest in ThumbScan, Inc., which we renamed as VASCO Data Security, Inc. In 1996, we expanded our computer security business by acquiring Lintel Security NV/SA, a Belgian corporation, which included assets associated with the development of security tokens and security technologies for personal computers and computer networks. Also in 1996, we acquired Digipass NV/SA, a Belgian corporation, which was also a developer of security tokens and security technologies. In 1997, the acquired entity was renamed VASCO Data Security NV/SA. In 1997, VASCO Data Security International, Inc. was incorporated and in 1998, we completed a registered exchange offer with the holders of the outstanding securities of VASCO Corp., becoming a publicly traded company. In 2006, we opened our international headquarters in Zurich, Switzerland. 2 Table of Contents In 2013, we acquired Cronto Limited (“Cronto”), a provider of secure visual transaction authentication solutions for online banking. In 2014, we acquired Risk IDS, a provider of risk analysis solutions to the banking community. In 2015, we acquired Silanis Technology Inc., a leading provider of electronic signature (e-signature) and digital transaction solutions used to electronically sign, send, and manage documents. The solution is sold under the OneSpan Sign (formerly eSignLive) name and is trusted by many of the largest banks, insurers, and government agencies. In May 2018, we acquired Dealflo Limited, a leading provider of identity verification and end-to-end financial automation solutions. Also in May 2018, VASCO Data Security international, Inc. changed its name to OneSpan Inc. The Company’s name change reflects a shift in our strategy and solution offerings. Including our predecessor companies, we have engaged in sixteen acquisitions and two dispositions. Our Products and Services Trusted Identity Platform The Trusted Identity (TID) platform is a cloud-based platform that brings together OneSpan’s broad portfolio of technologies including Intelligent Adaptive Authentication, Risk Analytics, OneSpan Cloud Authentication, OneSpan Identity Verification, Mobile Security Suite, OneSpan Sign, multi-factor authentication, biometrics, and orchestration to power solutions that secure users, devices, and transactions across the digital journey. The innovative approach of this platform delivers on simplicity with orchestration technology that integrates applications and services requirements via a single interface while constantly protecting sensitive data through an encrypted client/server secure channel. Intelligent Adaptive Authentication Intelligent Adaptive Authentication is a cloud-based solution that enables banks and other financial institutions to secure users, devices, and transactions while providing an enhanced customer experience. It is powered by the TID platform and leverages advanced risk analytics, mobile security, multi-factor authentication, biometrics, and other technologies that enable the real-time analysis and scoring of vast and disparate data across channels. This risk score drives a precise level of authentication security for each unique transaction which ensures a positive customer experience while safe guarding transactions and sensitive customer data. This helps institutions reduce fraud and drive growth through higher customer loyalty and increased use of bank services. Risk Analytics Risk Analytics is a comprehensive anti-fraud solution designed to help banks and other financial institutions improve the speed and accuracy of detecting known and emerging fraud across online and mobile channels. A component of the TID platform, which includes machine learning technology, the solution analyzes vast amounts of user, device, and transaction data in real time to provide a comprehensive risk assessment. It enables institutions to take a proactive approach to fraud prevention while removing major points of friction for end users. Cross-channel, prebuilt rules complement this scoring process and allow fraud experts to make decisions on alerts or link to automated business processes such as step-up authentication. The solution can be implemented in combination with Mobile Security Suite to provide integrated trust with minimal impact on the end user experience. It can be deployed in the cloud or on-premises. OneSpan Cloud Authentication OneSpan Cloud Authentication is a quick-to-deploy, cloud-based multifactor authentication solution that supports a full range of authentication options including biometrics, push notification, visual cryptograms for transaction 3 Table of Contents data signing, SMS and hardware authenticators. It eliminates cost associated with managing legacy on-premises authentication technology and provides a seamless upgrade path to more comprehensive solutions such as Intelligent Adaptive Authentication and Risk Analytics. OneSpan Identity Verification OneSpan Identity Verification gives banks and other financial institutions access to a wide range of identity verification services – all through a single API integration. Solution capabilities include: Identity document (e.g., driver’s license, passport, etc.) capture and real-time authenticity verification, as well as facial comparison (“selfie”) and liveness detection to establish that the individual presenting the identity document is the same person whose picture appears on the authenticated identity document. The solution enables banks and financial institutions to verify the identity of remote applicants during the new digital account opening, lending, and financing application processes. The multi-layered identity verification approach enables automated failover to alternative identity verification providers in the event of a verification failure or provider unavailability which reduces applicant abandonment rates. Additionally, the solution provides organizations the ability to ensure the best identity verification processes for their business needs and digital channels to help maximize pass rates, minimize application fraud, and increase operational efficiencies. Mobile Security Suite and Mobile Authenticator Studio Mobile Security Suite is a comprehensive software development kit that allows application developers to natively integrate security features including geolocation, device identification, jailbreak and root detection, fingerprint and face recognition, one-time password delivery via push notification, and electronic signing, among others. Through a comprehensive library of APIs, application developers can extend and strengthen application security, deliver enhanced convenience to their application users, and streamline application deployment and lifecycle management processes. Mobile Security Suite also includes a Runtime Application Self-Protection module, which can detect and mitigate malicious app activity and potential loss to hacking activities. Mobile Authenticator Studio is a user-friendly and secure mobile authenticator that operates as a discrete mobile application. It includes many of the features of the Mobile Security Suite and can easily be tailored to meet the needs of countless authentication processes. It can be customized and deployed rapidly without extensive technical support ensuring strong security with compelling value. OneSpan Sign OneSpan Sign supports a broad range of e-signature requirements from simple to complex, and from the occasional agreement to processing tens of thousands of transactions. OneSpan Sign provides multiple deployment options including public cloud, private cloud, or on-premises without compromising security or functionality. The solution is also available in a Federal Risk and Authorization Management Program (FedRAMP) SaaS-level compliant cloud, allowing U.S. government agencies to implement e-signatures in the cloud and meet GSA security requirements. Customers can configure OneSpan Sign to reinforce their brand for a seamless signing experience. Each step of the e- signature workflow can be customized, from authentication to distribution and storage. OneSpan Sign also provides comprehensive and secure electronic evidence for strong legal protection by capturing both document and process-level evidence. This reduces the time and cost of gathering evidence and demonstrating legal and regulatory compliance. Electronic signature capabilities can be a critical component of the account opening and onboarding processes, providing a secure and user-friendly way to execute legally binding agreements. Hardware Authenticators We offer a wide variety of hardware authenticators, each of which has its own distinct characteristics to meet the needs of our customers. All models of the Digipass family of authenticators are designed to work together so customers can switch devices without changes to their existing infrastructure. Our models range from one-button devices 4 Table of Contents and smart card readers to devices that include more advanced technologies, such as public key infrastructure (“PKI”) and visual cryptography. Digipass hardware technology is designed to support authentication and digital signatures for applications running on traditional PCs, tablets, and mobile phones. Authentication Server Authentication Server resides on-premises and incorporates a range of strong authentication utilities and solutions designed to allow organizations to securely authenticate users and transactions. The solution, once integrated, becomes largely transparent to users, minimizing rollout and support issues. Authentication Server encompasses multiple authentication technologies (e.g., passwords, dynamic password technologies, certificates, and biometrics) and allows the use of any combination of those technologies simultaneously. Authentication Server enables customers to administer a high level of access control. The solution requires only a few days to implement in most systems and supports our line of hardware and software authenticators. Once linked to an application, Authentication Server automatically handles login requests from any authorized user. Intellectual Property and Proprietary Rights and Licenses We rely on a combination of patent, copyright, trademark, design, and trade secret laws, as well as employee and third- party non-disclosure agreements to protect our proprietary rights. In particular, we hold several patents in the U.S. and in other countries, which cover multiple aspects of our technology. These patents expire between now and more than 10 years from now. In addition to the issued patents, we also have several patent applications pending in the U.S., Europe, and other countries. The majority of our issued and pending patents cover our Digipass product line. We believe these patents to be valuable property rights and we rely on the strength of our patents and on trade secret law to protect our proprietary technology. We furthermore have registrations for most of our trademarks in most of the markets where we sell the corresponding products and services and registrations of the designs of many of our hardware products primarily in the EU and China. To the extent that we believe our intellectual property rights are being infringed upon, we intend to assert vigorously our intellectual property rights, including but not limited to, pursuing all available legal remedies. Research and Development Our research and development efforts historically have been, and will continue to be, concentrated on solution enhancement, new technology development, and related new software introductions. We employ a team of full-time engineers and, from time to time, also engage independent engineering firms to conduct non-strategic product development efforts on our behalf. For fiscal years ended December 31, 2020, 2019, and 2018, we incurred expenses of $41.2 million, $42.5 million, and $32.2 million, respectively, for research and development. Production Our Digipass security hardware products are manufactured by third party manufacturers pursuant to purchase orders that we issue. Our hardware Digipass products are made primarily from commercially available electronic components purchased globally. Our software solutions are produced in-house or developed by third parties and sold under license. Hardware Digipass products utilize commercially available programmable microprocessors purchased from several suppliers. The microprocessors are the most important components of our security authenticators that are not commodity items readily available on the open market. Some microprocessors are single sourced. Orders of microprocessors generally require a lead-time of 12-16 weeks. We attempt to maintain a sufficient inventory of all parts to handle short-term increases in orders. 5 Table of Contents Large orders that would significantly deplete our inventory are typically required to be placed with more than twelve weeks of lead-time, allowing us to make appropriate arrangements with our suppliers. We purchase microprocessors and arrange for shipment to third parties for assembly and testing in accordance with our design specifications. The majority of our Digipass products are manufactured by four independent factories in Southern China. Purchases are made on a volume purchase order basis. We supply product test equipment at the point of assembly. We maintain a local team in China to conduct quality control and quality assurance procedures. Periodic visits are conducted by our personnel for quality management, assembly process review, and supplier relations. The COVID-19 pandemic resulted in a temporary closure of some component suppliers and third party manufacturers, and a reduction in global air and sea transportation capacity. Adjustments to our supply chain, manufacturing and transportation workflow processes has enabled us to meet customer delivery requirements. Competition The market for digital solutions for identity, security, and business productivity solutions is very competitive and, like most technology-driven markets, is subject to rapid change and constantly evolving solutions and services. Our anti-fraud products are designed to allow authorized users access to a computing environment or application, in some cases using patented technology, as a replacement for or supplement to a static password. Although certain of our security technologies are patented, there are other organizations that offer anti-fraud solutions that compete with us for market share. Our main competitors in our anti-fraud markets are Gemalto, a subsidiary of Thales Group, and RSA Security. There are many other companies, such as Transmit Security, Symantec, and Early Warning that offer competing services. In addition to these companies, we face competition from many small authentication solution providers, many of whom offer new technologies and niche solutions such as biometric or behavioral analysis. We believe that competition in this market is likely to intensify as a result of increasing demand for security products. Our primary competitors for electronic signature solutions include DocuSign and Adobe Systems. Both companies are significantly larger than us. In addition to these companies, there are dozens of smaller and regional providers of electronic signing solutions. We believe that the principal competitive factors affecting the market for digital solutions for identity, security, and business productivity, as well as electronic signatures include the strength and effectiveness of the solution, technical features, ease of use, quality and reliability, customer service and support, brand recognition, customer base, distribution channels, and the total cost of ownership of the solution. Although we believe that our products currently compete favorably with respect to such factors, there can be no assurance that we can maintain our competitive position against current and potential competitors. Some of our present and potential competitors have significantly greater financial, technical, marketing, purchasing, and other resources. As a result, they may be able to respond more quickly to new or emerging technologies and changes in customer requirements, or to devote greater resources to the development, promotion and sale of products, or to deliver competitive products at a lower end-user price. Current and potential competitors have established or may establish cooperative relationships among themselves or with third parties to increase the ability of their products to address the needs of our prospective customers. It is possible that new competitors or alliances may emerge and rapidly acquire significant market share. Accordingly, we have forged, and will continue to forge, our own partnerships to offer a broader range of products and capabilities to the market. Sales and Marketing Our solutions are sold worldwide through our direct sales force as well as through distributors, resellers, systems integrators, and original equipment manufacturers. Our sales staff coordinates sales activity through both our sales channels and those of our partners making direct sales calls either alone or with the sales personnel of our partners. Our sales staff also provides product education seminars to sales and technical personnel of resellers and distributors with whom we have working relationships and to potential end-users of our products. We offer customers a choice between SaaS, private cloud, and traditional on-premise software deployments. 6 Table of Contents Part of our expanded selling effort includes approaching our partners to find additional applications for our products. In addition, our marketing plan calls for the identification of new business opportunities that may require enhanced security or areas where we do not currently market our products. Customers and Markets We generally focus our sales and marketing efforts in three primary areas. The first is financial institutions where the majority of our revenue is derived. This segment includes traditional banks, credit unions, and online-only banks. This is our primary market. We believe there are substantial opportunities for future growth in the financial vertical as our solution portfolio expands and we deliver additional capabilities targeted specifically at identifying and mitigating online and mobile banking fraud. We also sell to the enterprise market segment which consists primarily of businesses seeking secure internal and remote network access. We sell to these businesses mostly through distribution and resellers. Our strategy is to leverage products developed for the banking market in the enterprise market as the hacking attacks in both markets have many similarities. We also target the government, healthcare and insurance market segments in select regions around the globe. Our top 10 customers contributed 21%, 29%, and 24%, in 2020, 2019, and 2018, respectively, of total worldwide revenue. A significant portion of our sales is denominated in foreign currencies and changes in exchange rates impact results of operations. To mitigate exposure to risks associated with fluctuations in currency exchange rates, we attempt to denominate an amount of billings in a currency such that it would provide a hedge against operating expenses being incurred in that currency. For additional information regarding how currency fluctuations can affect our business, please refer to “Management’s Discussion and Analysis of Financial Condition and Results of Operations” and “Quantitative and Qualitative Disclosures about Market Risk.” We also experience seasonality or variation across the year in our markets. These trends can include lower sales during the summer months, particularly in EMEA. Financial Information Relating to Foreign and Domestic Operations For financial information regarding OneSpan, see our Consolidated Financial Statements and the related Notes, which are included in this Annual Report on Form 10-K. We have a single operating segment for all our products and operations. See Note 17 in the Notes to Consolidated Financial Statements for a breakdown of revenue and long-lived assets between the U.S. and other regions. Government Regulation As a global cybersecurity company, we are subject to complex and evolving global regulations in the various jurisdictions in which our products and services are used. The most significant government regulations that impact our business are discussed below. For further discussion of how global regulations may impact our business, see Item 1A – Risk Factors. We are subject to anti-corruption laws and regulations, including the U.S. Foreign Corrupt Practices Act (FCPA), the UK Bribery Act and other laws that generally prohibit the making or offering of improper payments to foreign government officials and political figures for the purpose of obtaining or retaining business or to gain an unfair business advantage. In addition, we are subject to economic and trade sanctions programs administered by the Office of Foreign Assets Control (OFAC) in the U.S. Therefore, we do not permit financial institutions or entities that are domiciled in countries or territories subject to comprehensive OFAC trade sanctions (currently, Cuba, Iran, North Korea, Syria and Crimea), or that are included on OFAC’s list of Specially Designated Nationals and Blocked persons, to purchase OneSpan products and services or engage in transactions using our services. 7 Table of Contents The European General Data Production Regulation (GDPR) took effect in May 2018 and applies to certain of our products and services used by customers in Europe. The GDPR includes operational requirements for companies that receive or process personal data of residents of the European Union that are different from those previously in place in the European Union, and includes significant penalties for non-compliance. Other jurisdictions, such as Canada and Australia have enacted data privacy or data protection laws. As these laws continue to emerge in the countries where we or our customers operate, we need to analyze each of them to determine the applicability to our corporate operations and the applicability to our solutions and customers. We are subject to the Restriction on the Use of Hazardous Substances Directive 2002/95/EC (also known as the “RoHS Directive”) and the Waste Electrical and Electronic Equipment Directive (also known as the “WEEE Directive”). These directives restrict the distribution of products containing certain substances, including lead, within applicable geographies and require a manufacturer or importer to recycle products containing those substances. These directives affect the worldwide electronics and electronics components industries as a whole. Because banking and financial services is our largest industry target market, the government regulations affecting our customers in this area have a significant indirect effect on our business. For example, regulatory changes in Europe to promote a more open and connected digital banking ecosystem create compliance needs for our customers as well as market opportunities for those market participants that move to capitalize on these changes. Similar regulatory dynamics occur in the other primary markets where we have customers, such as healthcare and government. Additional proposed or new legislation and regulations could also significantly affect our business. Human Capital OneSpan’s values focus on developing and maintaining a world class innovative workforce through collaboration, accountability, transparency, and speed. Our talented teams are carefully managed to ensure retention and ability to sustain business performance with an eye toward the future. Our talent management and succession plan process at OneSpan includes the identification of key positions based on current and future business strategies, the identification of potential successors, and a plan for talent development. In addition to deep technical and skill development opportunities that enable OneSpan to foster employee engagement, we conduct extensive compliance-related training which is completed by all employees annually. Our managers of people are offered a variety of leadership development modules. Moreover, all employees are empowered to lead from any seat. OneSpan aligns its base and variable pay with the external market to ensure external competitiveness while maintaining internal value or equity within the organization. Our short-term and long-term incentive plans are designed to provide a variable pay opportunity to reward the attainment of key financial and operational goals and shareholder value creation. The mix among base compensation, short-term incentives and long-term incentives is designed to align with the competitive market. OneSpan is committed to fostering, cultivating, and preserving a culture of diversity, equality and inclusion. Our vision is to embrace an inclusive and engaged culture that drives a sense of belonging and respects and celebrates our differences. As of December 31, 2020, we had 870 total employees, including 449 located in the Americas, 383 located in EMEA (Europe, the Middle East and Africa), and 38 located in Asia Pacific. Of the total employees, 389 were involved in sales, marketing, operations, and customer support, 347 in research and development and 134 in general and administration. 8 Table of Contents Item 1A - Risk Factors You should carefully consider the following risk factors, which we consider the most significant, as well as other information contained in this Annual Report on Form 10-K. In addition, there are a number of less significant and other general risk factors that could affect our future results. If any of the events described in the risk factors were to occur, our business, financial condition or operating results could be materially and adversely affected. We have grouped our Risk Factors under captions that we believe describe various categories of potential risk. For the reader’s convenience, we have not duplicated risk factors that could be considered to be included in more than one category. Summary of Risk Factors We are providing the following summary of the risk factors contained in this Form 10-K to enhance the readability and accessibility of our risk factor disclosures. We encourage our stockholders to carefully review the full risk factors contained in this Form 10-K in their entirety for additional information regarding the risks and uncertainties that could cause our actual results to vary materially from recent results or from our anticipated future results. Risks Related to our Business ● While we believe the coronavirus could have a negative impact on our financial results in the future, the impact is difficult to assess at this time. ● A significant portion of our sales are to a limited number of customers. The loss of substantial sales to any one of them could have an adverse effect on revenues and profits. The return of a worldwide recession and/or regional economic downturns may further impact our business. ● ● Disruptions in markets or the European Union may affect our liquidity and capital resources. ● We could incur substantial accounting related costs if we are unable to maintain an effective system of internal control over financial reporting. ● We have a long operating history, but only modest accumulated profit. ● We derive revenue from a limited number of products. ● The sales cycle for our products and technology is long, and we may incur substantial expenses for sales that do not occur when anticipated. ● We have a great dependence on a limited number of suppliers and the loss of their manufacturing capability could materially impact our operations. ● We order some hardware components, such as processors, in advance of expected use and often produce finished goods prior to the receipt of executed customer orders. If orders are not received, we could suffer losses related to inventory that cannot be sold at full value. ● Our success depends on establishing and maintaining strategic relationships with other companies to distribute our technology and products and, in some cases, for us to incorporate their technology into our products and our products and services. ● We may not be able to maintain effective product distribution channels, which could result in decreased revenue. ● We depend on our key personnel for the success of our business and the loss of one or more of our key personnel could have an adverse effect on our ability to manage our business or could be negatively perceived in the capital markets. If we fail to continue to attract and retain qualified personnel, our business may be harmed. ● ● Changes in our effective tax rate may have an adverse effect on our results of operations. ● Our worldwide income tax provisions and other tax accruals may be insufficient if any taxing authorities assume taxing positions that are contrary to our positions. ● Changes in global tax laws or in their interpretation or enforcement, could have a material adverse effect on our effective tax rate, results of operations, cash flows and financial condition. ● Acquisitions, divestitures and other strategic transactions present many risks, and failure to realize the financial and strategic goals we anticipate could have a material adverse effect on our business, results of operations, cash flows and financial condition. 9 Table of Contents ● Reported revenue may fluctuate widely due to the interpretation or application of accounting rules. ● Provisions in various agreements potentially expose us to substantial liability for intellectual property infringement and other losses. The evolution of our business requires more complex development and go-to-market strategies, which involve significant risk. ● Risks Related to the Market ● We face significant competition and if we lose or fail to gain market share our financial results will suffer. ● A decrease of average selling prices for our products and services could adversely affect our business. ● We may need additional capital in the future and our failure to obtain capital would interfere with our growth strategy. ● We experience variations in quarterly operating results and sales are subject to seasonality, both of which may result in a volatile stock price. ● Our stock price may be volatile for reasons other than variations in our quarterly operating results. ● Our stock repurchase program could affect the price of our common stock and increase volatility and may be suspended or terminated at any time, which may result in a decrease in the trading price of our common stock ● A small group of persons control a substantial amount of our common stock and could delay or prevent a change of control. ● Certain provisions of our charter and of Delaware law make a takeover of our Company more difficult. ● Future issuances of blank check preferred stock may reduce voting power of common stock and may have anti-takeover effects that could prevent a change in control. ● Our business could be adversely affected as a result of actions of activist stockholders. Risks Related to Technology and Intellectual Property ● Technological changes occur rapidly in our industry and our development of new products is critical to maintain our revenue. ● ● Our business could be negatively impacted by cyber security incidents and other disruptions. ● We rely upon Amazon Web Services to operate portions of our platform and any disruption of or interference with our use of Amazon Web Services or other vendors’ material would adversely affect our business, results of operations and financial condition Some of our products contain third-party, open-source software and failure to comply with the terms of the underlying open- source software licenses could restrict our ability to sell our products or otherwise result in claims against us. ● We must continue to attract and retain highly skilled technical personnel for our research and development efforts. ● We cannot be certain that our research and development activities will be successful. ● ● ● We depend significantly upon our proprietary technology and intellectual property and the loss of or successful challenge to our proprietary rights could require us to divert management attention and could reduce revenue and increase our operating costs. Failure to effectively manage our product and service lifecycles could harm our business. SaaS offerings, which involve various risks, constitute an important part of our business. ● Our patents may not provide us with competitive advantages. ● We are subject to warranty and product liability risks. ● There is significant government regulation of technology imports and exports and to the extent we cannot meet the requirements of the regulations we may be prohibited from exporting some of our products, which could negatively impact our revenue. ● We employ cryptographic technology in our authentication products that uses complex mathematical formulations. 10 Table of Contents Risks Related to International Operations ● We face a number of risks associated with our international operations, any or all of which could result in a disruption in our business and a decrease in our revenue. ● We are subject to foreign currency exchange rate fluctuations and risks, and improper management of that risk could adversely affect our business, results of operations, and financial conditions. ● Changes in the European regulatory environment regarding privacy and data protection regulations could have a material adverse impact on our results of operations. The vote by the United Kingdom (UK) to leave the European Union (EU) could adversely affect our financial results. ● We must comply with governmental regulations setting environmental standards. ● ● We or our suppliers may be impacted by new regulations related to climate change. ● ● U.S. investors may have difficulties in making claims for any breach of their rights as holders of shares because some of our The effects of regulations relating to conflict minerals may adversely affect our business. assets and key employees are not located in the United States. ● Our business in countries with a history of corruption and transactions with foreign governments increase the risks associated with our international activities. Risks Related to Our Business While we believe the coronavirus could have a negative impact on our financial results in the future, the impact is difficult to assess at this time. The effects of the COVID-19 pandemic have materially affected how we and our customers are operating our businesses, and the duration and extent to which this will impact our future results of operations and overall financial performance remains uncertain. In December 2019, a novel coronavirus disease (“COVID-19”) was reported and in January 2020, the World Health Organization (“WHO”) declared it a Public Health Emergency of International Concern. On February 28, 2020, the WHO raised its assessment of the COVID-19 threat from high to very high at a global level due to the continued increase in the number of cases and affected countries, and on March 11, 2020, the WHO characterized COVID-19 as a pandemic. A significant outbreak of epidemic, pandemic, or contagious diseases in the human population could result in a widespread health crisis that could adversely affect the broader economies, financial markets and overall demand environment for our products. As a result of the COVID-19 pandemic, we temporarily closed our offices in March 2020 (including our corporate headquarters) in many countries except where we have been able to accommodate limited essential employees such as for the shipping of our hardware authentication tokens under revised procedures. We re-opened a limited number of our offices during the third and fourth quarter of 2020 with limited capacity under revised procedures. We are unable to predict further re-openings or whether the initial re-openings will be successful or remain in place. We implemented certain travel restrictions, remote work arrangements and other measures and while our early experience with this new situation has been satisfactory to date, it has disrupted how we normally operate our business and may in the longer term impact our productivity, innovation and effectiveness such that our results are adversely affected. We have shifted certain of our customer events to virtual-only experiences and we may deem it advisable to similarly alter, postpone or cancel entirely additional customer, employee or industry events in the future. Because we operate in multiple international locations, we expect there to be variability and additional complications from differing conditions and inconsistent guidance from numerous public health agencies. In our hardware business, we are exposed to specific risks related to manufacturing, supply chain, shipping and distribution- all of which have been impacted by the COVID-19 pandemic. As a result of COVID-19, we experienced some delays and increased costs related to fulfilling our hardware orders. Such issues have been primarily resolved however we may be unable to satisfy certain customer orders for our products in the future if orders substantially increase and/or supply chain problems emerge. In addition, the global economic uncertainty associated with the COVID- 11 Table of Contents 19 pandemic has affected many of our customers and we believe one of those effects has been decreased orders of hardware authentication tokens. We are not able to predict at this time whether and to what extent such orders may return or in what specific quantities. This risk is in addition to the other risks associated with our hardware business as stated elsewhere in “Risk Factors.” In our software business, we experienced some increased sales for products used in remote employee access and electronic signature in 2020 that we attribute in part to the COVID-19 pandemic. This increase may have been temporary, and we are unable to predict whether it will continue or decline. Moreover, the conditions caused by the COVID-19 pandemic can affect the rate of IT spending, the decision to start new IT projects, the timing of existing projects and the priority our customers place on various projects. While these factors may be positive for some of our software solutions such as electronic signature, these factors may be negative for our other software solutions, such as risk analysis software. The COVID-19 pandemic could adversely affect our customers’ ability or willingness to attend our events or to purchase our offerings, delay prospective customers’ purchasing decisions, adversely impact our ability to provide on-site sales meetings or professional services to our customers, delay the provisioning of our offerings, lengthen payment terms, reduce the value or duration of their contracts, or affect attrition rates, all of which could adversely affect our future sales, operating results and overall financial performance. During the Summer of 2020, we began to experience some of the aforementioned scenarios, and this continued through the remainder of 2020, due to, we believe, global economic uncertainty connected with the continued seriousness of the COVID-19 pandemic. While we hope that the negative consequences on our business associated with the COVID-19 pandemic will subside in 2021, we cannot predict the impact with certainty. If the restrictions on our employees, customers and others in the world continue or increase in order to limit the spread of COVID-19, the potential effects could continue and could be exacerbated, and our results of operations and overall financial performance may be harmed. The duration and extent of the impact from the COVID-19 pandemic depends on future developments that cannot be accurately predicted at this time, such as the severity and transmission rate of the virus, the extent and effectiveness of containment actions and the impact of these and other factors on our employees, customers, partners and vendors. If we are not able to respond to and manage the impact of such events effectively, our business will be harmed. A significant portion of our sales are to a limited number of customers. The loss of substantial sales to any one of them could have an adverse effect on revenues and profits. We derive a substantial portion of our revenue from a limited number of customers, many of which are financial institutions. The loss of substantial sales to any one of them could adversely affect our operations and results. In fiscal 2020, 2019, and 2018, our top 10 largest customers contributed 21%, 29%, and 24%, respectively, of total worldwide revenue. The return of a worldwide recession and/or regional economic downturns may further impact our business. Our business is subject to economic conditions that may fluctuate in the major markets in which we operate. Factors that could cause economic conditions to fluctuate include, without limitation, recession, inflation, deflation, interest rates, unemployment, consumer debt levels, general retail or commercial markets and consumer or business purchasing power or preferences. If global economic and financial market conditions remain uncertain and/or weak for an extended period of time, any of the following factors, among others, could have a material adverse effect on our financial condition and results of operations: ● slower consumer or business spending may result in reduced demand for our products and services, reduced orders from customers for our products, order cancellations, lower revenues, increased inventories, and lower gross margins; 12 Table of Contents ● ● ● ● ● ● ● continued volatility in the global markets and fluctuations in exchange rates for foreign currencies and contracts or purchase orders in foreign currencies could negatively impact our reported financial results and condition; continued volatility in the prices for commodities and raw materials we use in our products could have a material adverse effect on our costs, gross margins, and ultimately our profitability; restructurings, reorganizations, consolidations and other corporate events could affect our customers’ budgets and buying cycles, particularly in the banking industry; if our customers experience declining revenues, or experience difficulty obtaining financing in the capital and credit markets to purchase our products and services, this could result in reduced orders, order cancellations, inability of customers to timely meet their payment obligations to us, extended payment terms, higher accounts receivable, reduced cash flows, greater expense associated with collection efforts and increased bad debt expense; in the event of a contraction of our sales, dated inventory may result in a need for increased obsolescence reserves; a severe financial difficulty experienced by our customers may cause them to become insolvent or cease business operations, which could reduce sales, cash collections and revenue streams. any difficulty or inability on the part of manufacturers of our products or other participants in our supply chain in obtaining sufficient financing to purchase raw materials or to finance general working capital needs may result in delays or non-delivery of shipments of our products. We are unable to predict potential future economic conditions, disruptions in the sovereign debt markets or other financial markets, regional recessions, or the effect of any such disruption or disruptions on our business and results of operations, but the consequences may be materially adverse. We believe that our business in the Banking market in Europe would be impacted most directly by any such disruption and that the consequences may be materially adverse, as approximately 53% of our consolidated revenues originated in the EMEA region in 2020. Disruptions in markets or the European Union may affect our liquidity and capital resources. We believe our financial resources are adequate to meet our operating needs. However, disruptions in the sovereign debt markets or other financial markets, the Euro Monetary Union or the European Union, could materially adversely affect our liquidity and capital resources and expose us to additional currency fluctuation risk. Sufficiently adverse effects could cause us to modify our business plans. Furthermore, in an adverse economic environment there is a risk that customers may delay their orders until the economic conditions improve further. If a significant number of orders are delayed for an indefinite period of time, our revenue and cash receipts may not be sufficient to meet the operating needs of the business. If this is the case, we may need to significantly reduce our workforce, sell certain of our assets, enter into strategic relationships or business combinations, discontinue some or all of our operations, or take other similar restructuring actions. While we expect that these actions would result in a reduction of recurring costs, they also may result in a reduction of recurring revenue and cash receipts. It is also likely that we would incur substantial non-recurring costs to implement one or more of these restructuring actions. We could incur substantial accounting related costs if we are unable to maintain an effective system of internal control over financial reporting. In response to the material weakness in our internal control over financial reporting disclosed as of December 31, 2018, we expended significant resources to improve our internal control over financial reporting and the 13 Table of Contents effectiveness of our disclosure controls and procedures. We expended significant resources, including accounting related costs and significant management oversight as we corrected the deficiencies. Management has determined that full remediation of the prior deficiencies in internal control over financial reporting that led to this material weakness occurred, disclosed in Item 9A of the annual report on Form 10-K for the year ended December 31, 2019. Investments will continue to be made to improve the control environment. We cannot provide absolute assurance that additional material weaknesses, or significant deficiencies, in our internal controls will not be identified in the future. Failure to maintain effective controls or implement new or improved controls could result in significant deficiencies or material weaknesses, affect management evaluations and auditor attestations regarding the effectiveness of our internal controls, failure to meet periodic reporting obligations, and material misstatements in our financial statements. Material misstatement of our financial statements may result in a restatement, loss of investor and customer confidence, a decline in the market price of the Company’s common stock, and potential sanctions or investigations by NASDAQ, the Securities and Exchange Commission or other regulatory authorities. Failure to remedy any material weakness in the Company’s internal control over financial reporting, or to implement or maintain other effective control systems required of public companies, could also restrict the Company’s future access to the capital markets. We have a long operating history, but only modest accumulated profit. Although we have reported net income (loss) of $(5.5) million, $8.8 million, and $3.8 million for the years ended December 31, 2020, 2019, and 2018, respectively, our retained earnings were $173.7 million at December 31, 2020. Over our 25 year operating history, we have operated at a loss for many of those years. Depending on the economic environment’s changing rules and regulations, and our investment strategies, it may be difficult for us to sustain profitability on a GAAP basis. We may choose to invest for long term value which could decrease or eliminate short term profit. We derive revenue from a limited number of products. A significant portion of our revenue is derived from the sales of our legacy authentication hardware, software, and related services. We anticipate a substantial portion of future revenue, will be derived from authentication, products and related services. If the sale of these products and services is impeded for any reason and we have not diversified our offerings into more software, our business and results of operations would be negatively impacted. Further, we expect our hardware product sales to decline over the long term in our traditional markets. If the rate of decline is more than expected and the aforementioned diversification is not enough to offset the decline, our results could be uneven and overall could be negative. The sales cycle for our products and technology is long, and we may incur substantial expenses for sales that do not occur when anticipated. The sales cycle for our products, which is the period of time between the identification of a potential customer and completion of the sale, is typically lengthy and subject to a number of significant risks over which we have little control. If revenue falls significantly below anticipated levels, our business would be seriously harmed. A typical sales cycle in the financial services market is often six months or more. Larger banking transactions may take up to 18 months or more. Purchasing decisions for our products and services may be subject to delays due to many factors that are not within our control, such as: ● ● Time required for a prospective customer to recognize the need for our products; Significant expense of many security products and systems; ● Customer budgeting process; and ● Customer evaluation, testing and approval process. 14 Table of Contents As our operating expenses are based on anticipated revenue levels, a small fluctuation in the timing of sales can cause our operating results to vary significantly between periods. We have a great dependence on a limited number of suppliers and the loss of their manufacturing capability could materially impact our operations. In the event that the supply of components or finished products is interrupted or relations with any of our principal vendors is terminated, there could be increased costs and considerable delay in finding suitable replacement sources to manufacture our hardware products. Our hardware Digipass authentication devices are assembled at facilities located in mainland China. The importation of these products from China exposes us to the possibility of product supply disruption and increased costs in the event of changes in the policies of the Chinese government, political unrest or unstable economic conditions in China or developments in the United States or European Union that are adverse to trade, including enactment of protectionist legislation. In 2019, a portion of our hardware products became subject to tariffs. If such tariffs increase in amount or scope, our financial results could be negatively affected. In part to address these risks of manufacturing in mainland China, in 2020 we launched an initiative to establish limited manaufacturing in the European Union. At this time, we do not know whether this project will be successful or how much this project could mitigate the risks related to Chinese manufacturing. Regardless of the location of manufacturing, we continue to be exposed to supply chain risks and uncertainties related to disruptions caused by the COVID-19 pandemic. We order some hardware components, such as processors, in advance of expected use and often produce finished goods prior to the receipt of executed customer orders. If orders are not received, we could suffer losses related to inventory that cannot be sold at full value. In an attempt to minimize the risk of not having an adequate supply of component parts to meet demand and to take advantage of volume purchasing benefits, especially in situations where we have been notified that key processors will no longer be manufactured, we sometimes purchase multiple years’ supply of parts based on internal forecasts of demand. In addition, to meet customers’ demands for accelerated delivery of product, we sometimes produce finished product for existing customers before we receive the executed order from the customer. Should our forecasts of future demand be inaccurate or if we produce product that is never ordered, we could incur substantial losses related to the realization of our inventory. Our success depends on establishing and maintaining strategic relationships with other companies to distribute our technology and products and, in some cases, for us to incorporate their technology into our products and our products and services. Part of our business strategy is to enter into strategic alliances and other cooperative arrangements with other companies in our industry. We currently are involved in cooperative efforts with respect to the incorporation of our products into products of others and vice versa, research and development efforts, marketing efforts and reseller arrangements. These relationships are generally non-exclusive, and some of our strategic partners also have cooperative relationships with certain of our competitors. If we are unable to enter cooperative arrangements in the future or if we lose any of our current strategic or cooperative relationships, our business could be harmed. We do not control the time and resources devoted to such activities by parties with whom we have relationships. In addition, we may not have the resources available to satisfy expectations, which may adversely affect these relationships. These relationships may not continue, may not be commercially successful, or may require our expenditure of significant financial, personnel and administrative resources from time to time. Further, certain of our products and services compete with the products and services of our strategic partners. We may not be able to maintain effective product distribution channels, which could result in decreased revenue. We rely on both our direct sales force and an indirect channel distribution strategy for the sale and marketing of our products. We may be unable to attract distributors, resellers and integrators, as planned, that can market our products effectively and provide timely and cost-effective customer support and service. There is also a risk that some or all of our distributors, resellers or integrators may be acquired, may change their business models or may go out of business, 15 Table of Contents any of which could have an adverse effect on our business. Further, our distributors, integrators and resellers may sell competing products. The loss of important sales personnel, distributors, integrators or resellers could adversely affect us. We depend on our key personnel for the success of our business and the loss of one or more of our key personnel could have an adverse effect on our ability to manage our business or could be negatively perceived in the capital markets. Our success and our ability to manage our business depend, in large part, upon the efforts and continued service of our senior management team. The loss of one or more of our key personnel could have a material adverse effect on our business and operations. It could be difficult for us to find replacements for our key personnel, as competition for such personnel is often intense. Further, such a loss could be negatively perceived in the capital markets, which could reduce the market value of our securities. If we fail to continue to attract and retain qualified personnel, our business may be harmed. Our future success depends upon our ability to attract and retain highly qualified technical, sales and managerial personnel. Competition for such personnel is often intense and there can be no assurance that we can attract other highly qualified personnel in the future. If we cannot retain or are unable to hire such key personnel, our business, financial condition and results of operations could be significantly adversely affected. Changes in our effective tax rate may have an adverse effect on our results of operations. Our future effective tax rates may be adversely affected by a number of factors including the distribution of income among the various countries in which we operate, changes in the valuation of our deferred tax assets, increases in expenses not deductible for tax purposes, including the impairment of goodwill in connection with acquisitions, changes in share-based compensation expense, and changes in tax laws or the interpretation of such tax laws and changes in generally accepted accounting principles. Any significant increase in our future effective tax rates could adversely impact net income for future periods; and a reduction in our U.S. tax rate could negatively impact our deferred tax assets which could also adversely impact our net income. Our worldwide income tax provisions and other tax accruals may be insufficient if any taxing authorities assume taxing positions that are contrary to our positions. Significant judgment is required in determining our provision for income taxes and other taxes such as sales and VAT taxes. There are many transactions for which the ultimate tax outcome is uncertain. Some of these uncertainties arise as a consequence of intercompany agreements to purchase intellectual properties, allocate revenue and costs, and other factors, each of which could ultimately result in changes once the arrangements are reviewed by taxing authorities. Although we believe that our approach to determining the amount of such arrangements is reasonable, we cannot be certain that the final tax authority review of these matters will not differ materially from what is reflected in our historical income tax provisions and other tax accruals. Such differences could have a material effect on our income tax provisions or benefits, or other tax accruals, in the period in which such determination is made, and consequently, on our results of operations for such period. Changes in global tax laws or in their interpretation or enforcement, could have a material adverse effect on our effective tax rate, results of operations, cash flows and financial condition. We could be materially adversely affected by future changes in tax law or policy (or in their interpretation or enforcement) in the jurisdictions where we operate. These changes could be exacerbated by economic, budget or other challenges facing these jurisdictions. For example, foreign jurisdictions could impose tax rate changes along with additional corporate tax provisions that would disallow or tax perceived “base erosion” or profit shifting amongst jurisdictions. In addition, aspects of U.S. tax reform may lead foreign jurisdictions to respond by enacting additional tax legislation that results in an adverse effect on our effective tax rate, results of operations, cash flows and financial condition. 16 Table of Contents Acquisitions, divestitures and other strategic transactions present many risks, and failure to realize the financial and strategic goals we anticipate could have a material adverse effect on our business, results of operations, cash flows and financial condition. We may evaluate and consider potential strategic transactions, including acquisitions of, or investments in, complementary businesses, technologies, services, products and other assets, divestitures, alliances, joint ventures and other portfolio actions. We also may enter into relationships with other businesses to expand our products and platform, which could involve preferred or exclusive licenses, additional channels of distribution, discount pricing or investments in other companies. Our success depends, in part, upon our ability to identify suitable transactions; negotiate favorable contractual terms; comply with applicable regulations and receive necessary consents, clearances and approvals (including regulatory and antitrust clearances and approvals); integrate or separate businesses, operations technology and personnel; realize the full extent of the benefits, cost savings or synergies presented by strategic transactions; minimize potential losses of customers, business partners and key technical and managerial personnel; and minimize indemnities and potential disputes with buyers, sellers and strategic partners. In addition, execution or oversight of strategic transactions may result in the diversion of management attention from our existing business and may present financial, managerial and operational risks, including disruptions in our business because of the allocation of resources to consummate these transactions. Moreover, we might incur asset impairment charges related to acquisitions or divestitures that reduce our earnings. With respect to acquisitions in particular, our failure to successfully structure or manage the transactions could seriously harm our financial condition or operating results. The expected benefits of any acquisition may not be realized. In connection with our recent acquisitions and any future purchases, we could face additional financial and operational risks beyond those described above, including: dilution of our stockholders, if we issue equity to fund these transactions; reduced liquidity, increased debt and higher amortization expenses; assumption of operating losses, increased expenses and liabilities; discovery of unanticipated issues and liabilities; failure to meet expected returns; and difficulty in maintaining financial reporting and internal control processes needed to be compliant with requirements applicable to companies subject to SEC reporting. We also regularly review our portfolio for contributions to our objectives and alignment with our strategy, and we may pursue divestiture activities as a result of these reviews. However, we may not be successful in separating any underperforming or non-strategic assets, and gains or losses on any divestiture of, or lost operating income from, such assets may adversely affect our results of operations. Divestitures could also expose us to unanticipated liabilities or result in ongoing obligations, including transition service obligations and indemnity obligations. Reported revenue may fluctuate widely due to the interpretation or application of accounting rules. Our sales arrangements often include multiple elements, including hardware, services, software, maintenance and support. In addition, we have sold software related arrangements in multiple forms, including perpetual licenses, term-based licenses and SaaS subscriptions, each of which may be treated differently under accounting rules. The accounting rules for such arrangements are complex and subject to change from time to time. The nature of the arrangement can create variations in the timing of revenue recognition. Provisions in various agreements potentially expose us to substantial liability for intellectual property infringement and other losses. Our agreements with customers, solution partners and channel partners generally include provisions under which we agree to indemnify them for losses suffered or incurred as a result of claims of intellectual property infringement and, in some cases, for damages caused by us to property or persons or for other damages. In addition, we make certain representations and warranties and incur obligations under our contracts in the ordinary course of business, including for items related to data security and potential data privacy breaches. Not all of our potential losses under our contracts are covered by insurance policies, which could increase the impact of any such loss should it occur. Large 17 Table of Contents indemnity payments or damages resulting from our contractual obligations could harm our business, operating results and financial condition. The evolution of our business requires more complex development and go-to-market strategies, which involve significant risk. Our increasing focus on developing and marketing a platform of solutions for identity management, authentication, risk analysis, fraud detection, digital business processes and related areas requires different development and go-to-market strategies than our historic hardware authentication business. We are developing, buying and licensing technology weighted toward software solutions and investment in research, development, product management, sales training and senior management. This transformation strategy is currently in progress and brings with it significant risks related to our choice of solutions and our ability to execute the strategy successfully. This strategy requires a greater focus on marketing and selling product suites and software solutions rather than selling hardware products for authentication and transaction signing. Consequently, we are developing, and must continue to develop, new strategies for marketing and selling our offerings. In addition, marketing and selling new solutions to enterprises requires significant investment of time and resources in order to train our employees and educate our customers on the benefits of our new product offerings. These investments can be costly and the additional effort required to educate both customers and our own sales force can distract from efforts to sell existing products and services. Risks Related to the Market We face significant competition and if we lose or fail to gain market share our financial results will suffer. The market for security products and services is highly competitive. Our competitors include organizations that provide security products based upon approaches similar to and different from those that we employ. Many of our competitors have significantly greater financial, marketing, technical and other competitive resources than we do. As a result, our competitors may be able to adapt more quickly to new or emerging technologies and changes in customer requirements, or to devote greater resources to the promotion and sale of their products. A decrease of average selling prices for our products and services could adversely affect our business. The average selling prices for our solution offerings may decline as a result of competitive pricing pressures or a change in our mix of products, software and services. In addition, competition continues to increase in the market segments in which we participate and we expect competition to further increase in the future, thereby leading to increased pricing pressures. Furthermore, we anticipate that the average selling prices and gross profits for our products will decrease over product life cycles. To maintain or realize our revenue and gross margins, we must continue to develop, or purchase and introduce new products and services that incorporate new technologies or increased functionality. If we experience such pricing pressures or fail to deliver new products and services relevant to our markets, our revenue and gross margins could decline, which could harm our business, financial condition and results of operations. We may need additional capital in the future and our failure to obtain capital would interfere with our growth strategy. Our ability to obtain financing will depend on a number of factors, including market conditions, our operating performance and investor or creditor interest. These factors may make the timing, amount, terms and conditions of any financing unattractive. They may also result in our incurring additional indebtedness or accepting stockholder dilution. If adequate funds are not available or are not available on acceptable terms, we may have to forego strategic acquisitions or investments, defer our product development activities, or delay the introduction of new products. 18 Table of Contents We experience variations in quarterly operating results and sales are subject to seasonality, both of which may result in a volatile stock price. In the future, as in the past, our quarterly operating results may vary significantly, resulting in a volatile stock price. Factors affecting our operating results include: ● ● The level of competition; The size, timing, cancellation or rescheduling of significant orders; ● New product announcements or introductions by competitors; ● Technological changes in the market for security products including the adoption of new technologies and standards; ● Changes in pricing by competitors; ● Our ability to develop, introduce and market new products and product enhancements on a timely basis, if at all; ● Component costs and availability; ● Achievement of significant market share in particular markets followed by declines as buying cycles may be multiple years apart; ● The variability of revenue realized from individual customers as their buying patterns can vary significantly from period to period and is affected by the individual solutions purchased and the structure of the contract; ● Our success in expanding our sales and marketing programs; ● Market acceptance of new products and product enhancements; ● Changes in foreign currency exchange rates; and ● General economic conditions in the countries in which we operate. We also experience seasonality or variation across the year in our markets. These trends can include the summer months, particularly in Europe, or the second half of the fiscal year is generally higher than the first half in terms of sales. Our stock price may be volatile for reasons other than variations in our quarterly operating results. The market price of our common stock may fluctuate significantly in response to factors, some of which are beyond our control, including the following: ● Actual or anticipated fluctuations in our quarterly or annual operating results; ● Differences between actual operating results and results estimated by analysts that follow our stock and provide estimates of our results to the market; ● Differences between guidance relative to financial results, if given, and actual results; 19 Table of Contents ● Changes in market valuations of other technology companies, and cybersecurity companies in particular; ● Investor acceptance of our strategies and the perception of our success in executing those strategies; ● Announcements by us or our competitors of significant technical innovations, contracts, acquisitions, strategic partnerships, joint ventures or capital commitments; ● Additions or departures of key personnel; ● ● Future sales of common stock; The inclusion or exclusion of our stock in ETF’s, indices and other benchmarks, and changes made to methodologies connected therewith; ● Trading volume fluctuations; and ● Reactions by investors to uncertainties in the world economy and financial markets. Our stock repurchase program could affect the price of our common stock and increase volatility and may be suspended or terminated at any time, which may result in a decrease in the trading price of our common stock On June 10, 2020, the Board of Directors authorized a share repurchase program (“program”). Under the program, we are authorized to repurchase shares of our common stock from time to time in the open market, in privately negotiated transactions, or otherwise, at prices that the Company deems appropriate and subject to market conditions, applicable law and other factors deemed relevant in the Company’s sole discretion, up to an aggregate purchase price of $50.0 million. The timing and actual number of shares repurchased depend on a variety of factors including the timing of open trading windows, price, corporate and regulatory requirements, and other market conditions. The program does not obligate the Company to repurchase any dollar amount or number of shares of common stock. The authorization is effective until June 10, 2022. Repurchases pursuant to our stock repurchase program could affect our stock price and increase its volatility. The existence of a stock repurchase program could also cause our stock price to be higher than it would be in the absence of such a program and could potentially reduce the market liquidity for our stock. There can be no assurance that any stock repurchases will enhance stockholder value because the market price of our common stock may decline below the levels at which we repurchased shares of common stock. Although our stock repurchase program is intended to enhance long-term stockholder value, short-term stock price fluctuations could reduce the program’s effectiveness. A small group of persons control a substantial amount of our common stock and could delay or prevent a change of control. Mr. T. Kendall Hunt, our founder and former Chairman of the Board, beneficially owns approximately 12% of the outstanding shares of our common stock. In addition, Blackrock, Inc. holds approximately 12% of ownership, Legion Partners Asset Management holds approximately 7% of ownership, The Vanguard Group holds approximately 6% of ownership, Legal & General Investment Management LTD holds approximately 5% of ownership, and Sylebra Capital LTD holds approximately 5% of ownership. The concentration of ownership may have the effect of discouraging, delaying or preventing a change in control and may also have an adverse effect on the market price of our common stock. Certain provisions of our charter and of Delaware law make a takeover of our Company more difficult. Our corporate charter and Delaware law contain provisions, such as a class of authorized but unissued preferred stock which may be issued by our board without stockholder approval that might enable our management to resist a takeover of our Company. Delaware law also limits business combinations with interested stockholders. These 20 Table of Contents provisions might discourage, delay or prevent a change in control or a change in our management. These provisions could also discourage proxy contests and make it more difficult for stockholders to elect directors and take other corporate actions. The existence of these provisions could limit the price that investors might be willing to pay in the future for shares of our common stock. Future issuances of blank check preferred stock may reduce voting power of common stock and may have anti-takeover effects that could prevent a change in control. Our corporate charter authorizes the issuance of up to 500,000 shares of preferred stock with such designations, rights, powers and preferences as may be determined from time to time by our Board of Directors, including such dividend, liquidation, conversion, voting or other rights, powers and preferences as may be determined from time to time by the Board of Directors without further stockholder approval. The issuance of preferred stock could adversely affect the voting power or other rights of the holders of common stock. In addition, the authorized shares of preferred stock and common stock could be utilized, under certain circumstances, as a method of discouraging, delaying or preventing a change in control. Our business could be adversely affected as a result of actions of activist stockholders. Although we strive to maintain constructive, ongoing communications with all of our stockholders, and welcome their views and opinions with the goal of enhancing value for all of our stockholders, our stockholders may from time to time engage in proxy solicitations, advance stockholder proposals or otherwise attempt to effect changes or acquire control of the Company. Campaigns by stockholders to effect changes at publicly traded companies are sometimes led by investors seeking to increase short-term stockholder value through actions such as stock repurchases or sales of assets or the entire company. Responding to proxy contests and other actions by activist stockholders can be costly and time-consuming and could divert the attention of our Board of Directors and senior management from the management of our operations and the pursuit of our business strategy. Any perceived uncertainties as to our future direction and control, our ability to execute on our strategy or changes to the composition of our Board of Directors or senior management team arising from proposals by activist stockholders or a proxy contest could lead to the perception of a change in the direction of our business or instability that may be exploited by our competitors and/or other activist stockholders, result in the loss of potential business opportunities, result in the loss of our employees and business partners and make it more difficult to pursue our strategic initiatives or attract and retain qualified personnel and business partners, any of which could have an adverse effect on our business, financial condition and operating results. Further, actual or perceived actions of activist stockholders may cause significant fluctuations in our stock price based upon temporary or speculative market perceptions or other factors that do not necessarily reflect the Company’s underlying fundamentals and prospects. Risks Related to Technology and Intellectual Property Technological changes occur rapidly in our industry and our development of new products is critical to maintain our revenue. The introduction by our competitors of products embodying new technologies and the emergence of new industry standards could render our existing products obsolete and unmarketable. Our future revenue growth and operating profit will depend in part upon our ability to enhance our current products and develop innovative new solutions to distinguish us from the competition and to meet customers’ changing needs. Security-related product developments and technology innovations by others may adversely affect our competitive position and we may not successfully anticipate or adapt to changing technology, industry standards or customer requirements on a timely basis. 21 Table of Contents Our business could be negatively impacted by cyber security incidents and other disruptions. Our use of technology is increasing and is critical in at least three primary areas of our business: 1. Software and information systems that we use to help us run our business more efficiently and cost effectively, which are increasingly cloud-based tools; 2. The products we have traditionally sold and continue to sell to our customers contain technology that incorporates the use of secret numbers and encryption technology; and 3. Solutions delivered on a software-as-a-service basis, from both public and private cloud models, which may process and store confidential, personal, health and financial information and which may rely on third parties for some or all of the solution. A cyber incident in any of these areas of our business could disrupt our ability to take orders or deliver products or services to our customers, cause us to suffer significant monetary and other losses and significant reputational harm, or substantially impair our ability to grow the business. We expect that there will continue to be hacking attempts intended to capture business information or exploit computing power to impede the performance of our products, to access our customers’ information, or harm our reputation as a company. The processes used by hackers to access or sabotage technology products, services and networks are evolving in sophistication and increasing in frequency. We could experience a security incident due to various causes including intentional or unintentional conduct of our employees, vendors, technology partners and others that have access to or store our information. In July 2011, we discovered a cyber-incident related to DigiNotar B.V. shortly after we purchased the company. The hacking incident at DigiNotar B.V. led to the termination of DigiNotar B.V’s registration as a certification service provider and DigiNotar B.V.’s bankruptcy. Since that time, we have experienced several security incidents, although none have been material. Even though we have established teams, processes and strategies to protect our corporate and solution assets, we may incur losses from such events as a result of unanticipated costs associated with data security incidents. In addition, because we are in the cyber security industry, we could be targeted by hackers more than other companies and if a material cyber security breach occurred related to corporate or customer information, the reputational harm and potential lost future business could be greater than other companies not in our industry. We have taken various measures to strengthen the security of our products and our systems, to establish information security governance procedures and to train our employees. However, we are the subject of a large volume of hacking attempts and our defenses might not always be effective. If a hacking attempt were to be successful and lead to a material data breach, then it could harm our business, financial condition and results of operations, both in the current period and for a significant future period of time. We rely upon Amazon Web Services to operate portions of our platform and any disruption of or interference with our use of Amazon Web Services or other vendors’ material would adversely affect our business, results of operations and financial condition We outsource portions of our cloud infrastructure to Amazon Web Services, or AWS. Customers of our products need to be able to access our platform at any time, without interruption or degradation of performance. AWS runs its own platform that we access, and we are, therefore, vulnerable to service interruptions at AWS. We have experienced and expect that in the future we may experience interruptions, delays and outages in service and availability from time to time due to a variety of factors, including infrastructure changes, human or software errors, website hosting disruptions and capacity constraints. Capacity constraints could be due to a number of potential causes including technical failures, natural disasters, fraud or security attacks. In addition, if our security, or that of AWS, is compromised, our products or platform are unavailable or our users are unable to use our products within a reasonable amount of time or at all, then our business, results of operations and financial condition could be adversely affected. In some instances, we may not be able to identify the cause or causes of these performance problems within a period of time acceptable to our customers. It may become increasingly difficult to maintain and improve our platform 22 Table of Contents performance, especially during peak usage times, as our products become more complex and the usage of our products increases. To the extent that we do not effectively address capacity constraints, either through AWS or alternative providers of cloud infrastructure, our business, results of operations and financial condition may be adversely affected. In addition, any changes in service levels from AWS may adversely affect our ability to meet our customers' requirements. Any of the above circumstances or events may harm our reputation, possibly move customers to stop using our products, impair our ability to increase revenue from existing customers, impair our ability to grow our customer base, subject us to financial penalties and liabilities under our service level agreements and otherwise harm our business, results of operations and financial condition. These risks are also present with our other cloud service infrastructure vendors beside AWS. In addition, we also utilize strategic vendors to resell or incorporate third party technology and if these material vendors experienced a data breach, outage in service or other failure, we could be prevented from meeting our customers’ requirements. Some of our products contain third-party, open-source software and failure to comply with the terms of the underlying open-source software licenses could restrict our ability to sell our products or otherwise result in claims against us. Our products are distributed with software programs licensed to us by third-party authors under open-source licenses, which may include the GNU General Public License, the GNU Lesser Public License, the BSD License and the Apache License. Third-party, open-source programs are typically licensed to us for no fee and the underlying license agreements could require us to make available to users the source code for such programs, as well as the source code for any modifications or derivative works we create based on these third-party, open-source software programs. We do not provide end users a copy of the source code to our proprietary software because we believe that the manner in which our proprietary software is aligned or communicates with the relevant open-source programs does not create a modification, derivative work or extended version of, or a work based on, that open-source program requiring the distribution of our proprietary source code. Our ability to commercialize our products by incorporating third-party, open-source software may be restricted because, among other reasons: ● ● ● ● the terms of open-source license agreements are unclear and subject to varying interpretations, which could result in unforeseen obligations regarding our proprietary products or claims of infringement; it may be difficult to determine the developers of open-source software and whether such licensed software infringes another party’s intellectual property rights; competitors may have equal access to these open source products, which may help them develop competitive products; and open-source software potentially increases customer support costs because licensees can modify the software and potentially introduce errors, which could also increase the risk of vulnerabilities available to hackers. We must continue to attract and retain highly skilled technical personnel for our research and development efforts. The market for highly skilled technical talent is highly competitive. If we fail to attract, train, assimilate and retain qualified technical personnel for our research and development and product management efforts, we will experience delays or failures in introductions of new or modified products, and services, failures in adequate analysis of technology or acquisitions in the market, loss of clients and market share and a reduction in revenue. 23 Table of Contents We cannot be certain that our research and development activities will be successful. While management is committed to enhancing our current product offerings and introducing new products, we cannot be certain our research and development activities will be successful. Furthermore, we may not have sufficient financial resources to identify and develop new technologies and bring new products to market in a timely and cost effective manner, and we cannot ensure that any such products will be commercially successful. Failure to effectively manage our product and service lifecycles could harm our business. As part of the natural lifecycle of our products and services, we periodically inform customers that products or services will be reaching their end of life or end of availability and will no longer be supported or receive updates and security patches. Failure to effectively manage our product and service lifecycles could lead to customer dissatisfaction and contractual liabilities, which could adversely affect our business and operating results. SaaS offerings, which involve various risks, constitute an important part of our business. As we continue to acquire, develop and offer SaaS versions of products, we will need to continue to evolve our processes to meet a number of regulatory, intellectual property, contractual and service compliance challenges. These challenges include compliance with licenses for open source and third party software embedded in our SaaS offerings, maintaining compliance with export control and privacy regulations, including HIPAA and GDPR, protecting our services from external threats, maintaining continuous service levels and data security expected by our customers, preventing inappropriate use of our services and adapting our go-to-market efforts. In addition to using our internal resources, we also utilize third party resources to deliver SaaS offerings, such as third party data hosting vendors. The failure of a third party provider to prevent service disruptions, data losses or security breaches may require us to issue credits or refunds or indemnify or otherwise be liable to customers or third parties for damages that may occur. Additionally, if these third-party providers fail to deliver on their obligations, our reputation could be damaged, our customers could lose confidence in us and our ability to maintain and expand our SaaS offerings. Finally, our SaaS offerings need to be designed to operate at significant transaction volumes. When combined with third party software and hosting infrastructure, our SaaS offerings may not perform as designed which could lead to service disruptions and associated damages. We depend significantly upon our proprietary technology and intellectual property and the loss of or successful challenge to our proprietary rights could require us to divert management attention and could reduce revenue and increase our operating costs. From time to time, we receive claims that we have infringed the intellectual property rights of others, including claims regarding patents, copyrights, and trademarks. Because of constant technological change in the segments in which we compete, the extensive patent coverage of existing technologies, and the rapid rate of issuance of new patents, it is possible that the number of these claims may grow. In addition, former employers of our former, current, or future employees may assert claims that such employees have improperly disclosed to us the confidential or proprietary information of these former employers. Any such claim, with or without merit, could result in costly litigation and distract management from day-to-day operations. If we are not successful in defending such claims, we could be required to stop selling, delay shipments, redesign our products, pay monetary amounts as damages, enter into royalty or licensing arrangements, or satisfy indemnification obligations with our customers. Royalty or licensing arrangements we may seek in such circumstances may not be available to us on commercially reasonable terms or at all. We have made and expect to continue making significant expenditures to establish our intellectual property rights and to investigate, defend and settle claims related to the use of technology and intellectual property rights as part of our strategy to manage this risk. In addition, we license and use software from third parties in our business. These third party software licenses may not continue to be available to us on acceptable terms or at all, and may expose us to additional liability. This liability, or our inability to use any of this third party software or technology, could result in shipment delays or other disruptions in our business that could materially and adversely affect our operating results. We rely principally on trade secrets to protect much of our intellectual property in cases where we do not believe patent protection is appropriate or obtainable. However, trade secrets are difficult to protect. Although our 24 Table of Contents employees are subject to confidentiality obligations, this protection may be inadequate to deter or prevent misappropriation of our confidential information. We may be unable to detect unauthorized use of our intellectual property or otherwise take appropriate steps to enforce our rights. Failure to obtain or maintain trade secret protection could adversely affect our competitive business position. If we are unable to prevent third parties from infringing or misappropriating our copyrights, trademarks or other proprietary information, our competitive position could be adversely affected. In the course of conducting our business, we may inadvertently infringe the intellectual property rights of others, resulting in claims against us or our customers. Our contracts generally indemnify our customers for third-party claims for intellectual property infringement by the services and products we provide. In the past, we have resolved several claims of patent infringement brought against us and a claim brought against a customer related to our technology. None of these claims were material to our financial results but this may not always be the case. The expense of defending these claims may adversely affect our financial results and may not be covered by any insurance policies we maintain. In addition, any such disputes and litigation could divert management attention and harm our reputation in the market. Our patents may not provide us with competitive advantages. We hold numerous patents in the United States and in other countries, which cover multiple aspects of our technology. A substantial part of our patents cover the Digipass product line. Our patents expire between now and more than 10 years from now. There can be no assurance that we will continue to develop proprietary products or technologies that are patentable, that any issued patent will provide us with any competitive advantages or will not be challenged by third parties, or that patents of others will not hinder our competitive advantage. Although certain of our technologies are patented, there are other organizations that offer products with comparable functionality that employ different technological solutions and compete with us for market share. We are subject to warranty and product liability risks. A malfunction of or design defect in our products which results in a breach of a legal obligation or physical harm or damage from our products could result in tort or warranty claims against us. We seek to reduce the risk of these losses by using qualified engineers in the design, manufacturing and testing of our hardware products, proper development and testing of our software solutions, attempting to negotiate warranty disclaimers and liability limitation clauses in our sales agreements, and maintaining customary insurance coverage. However, these measures may ultimately prove ineffective in limiting our liability for damages. In addition to any monetary liability for the failure of our products, an actual or perceived breach of network or security at one of our customers or publicly known defect or perceived defect in our products could adversely affect the market’s perception of us and our products, and could have an adverse effect on our reputation and the demand for our products. Similarly, an actual or perceived breach of security within our own systems could damage our reputation and have an adverse effect on the demand for our products. There is significant government regulation of technology imports and exports and to the extent we cannot meet the requirements of the regulations we may be prohibited from exporting some of our products, which could negatively impact our revenue. Our international sales and operations are subject to risks such as the imposition of government controls, new or changed export license requirements, restrictions on the export of critical technology, trade restrictions and changes in tariffs. If we are unable to obtain regulatory approvals on a timely basis our business may be impacted. Certain of our products are subject to export controls under U.S. law. The list of products and countries for which export approval is required, and the regulatory policies with respect thereto, may be revised from time to time and our inability to obtain required approvals under these regulations could materially and adversely affect our ability to make international sales. Violations of export control and international trade laws could result in penalties, fines, adverse reputational consequences, and other materially adverse consequences. In the past, we voluntarily disclosed a trade control matter to the U.S. government. Although this matter was closed during 2018 with no fines, penalties, or finding of wrongdoing, we cannot guarantee that such issues will not arise in the future. In addition, we cannot predict the future government regulation of aspects of our business and such regulation could be detrimental to our results. 25 Table of Contents We employ cryptographic technology in our authentication products that uses complex mathematical formulations. A portion of our products are based on cryptographic technology. With cryptographic technology, a user is given a key that is required to encrypt and decode messages. The security afforded by this technology depends on the integrity of a user’s key and in part on the application of algorithms, which are advanced mathematical factoring equations. These codes may eventually be broken or become subject to government regulation regarding their use, which would render our technology and products less effective. The occurrence of any one of the following could result in a decline in demand for our technology and products: ● Any significant advance in techniques for attacking cryptographic systems, including the development of an easy factoring method or faster, more powerful computers; ● ● Publicity of the successful decoding of cryptographic messages or the misappropriation of keys; and Increased government regulation limiting the use, scope or strength of cryptography. Risks Related to International Operations We face a number of risks associated with our international operations, any or all of which could result in a disruption in our business and a decrease in our revenue. In 2020, approximately 88% of our revenue and approximately 73% of our operating expenses were generated/incurred outside of the U.S. In 2019, approximately 89% of our revenue and approximately 72% of our operating expenses were generated/incurred outside of the U.S. In 2018, approximately 91% of our revenue and approximately 71% of our operating expenses were generated/incurred outside of the U.S. A severe economic decline in any of our major foreign markets could adversely affect our results of operations and financial condition. In addition to exposures to changes in the economic conditions of our major foreign markets, we are subject to a number of risks any or all of which could result in a disruption in our business and a decrease in our revenue. These include: ● ● Inconsistent regulations and unexpected changes in regulatory requirements; Export controls relating to our technology; ● Difficulties and costs of staffing and managing international operations, including maintaining internal controls and closing or restructuring such operations; ● Potentially adverse tax consequences; ● Wage and price controls or protection; ● Uncertain protection for intellectual property rights, contractual rights and collecting accounts receivable; ● Imposition of trade barriers; ● Differing technology standards; ● Uncertain demand for our solutions in individual countries, even if there were past sales; ● Linguistic and cultural differences; 26 Table of Contents ● A widely distributed workforce; ● Difficulty in providing support and training to customers in certain international locations; ● Economic and political instability, including uncertainties in market conditions caused by the COVID-19 pandemic; and ● Social unrest, health crises, and cultural barriers or changes. We are subject to foreign currency exchange rate fluctuations and risks, and improper management of that risk could adversely affect our business, results of operations, and financial conditions. Because a significant number of our principal customers are located outside the United States, we expect that international sales will continue to generate a significant portion of our total revenue. We are subject to foreign exchange fluctuations and risks because the majority of our product costs are denominated in U.S. Dollars, whereas a significant portion of the sales and expenses of our foreign operating subsidiaries are denominated in various foreign currencies. A decrease in the value of any of these foreign currencies relative to the U.S. Dollar could adversely affect our revenue and profitability in U.S. Dollars of our products sold in these markets. We do not currently hold forward exchange contracts to exchange foreign currencies for U.S. Dollars to offset currency rate fluctuations. Changes in the European regulatory environment regarding privacy and data protection regulations could have a material adverse impact on our results of operations. In Europe, we are subject to the 1995 European Union (“EU”) Directive on Data Protection (“1995 Data Protection Directive”), which requires EU member states to impose minimum restrictions on the collection and use of personal data that, in some respects, are more stringent, and impose more significant burdens on subject businesses, than current privacy standards in the United States. We may also face audits or investigations by one or more foreign government agencies relating to our compliance with these regulations that could result in the imposition of penalties or fines. The EU member state regulations establish several obligations that organizations must follow with respect to use of personal data, including a prohibition on the transfer of personal information from the EU to other countries whose laws do not protect personal data to an adequate level of privacy or security. In addition, certain member states have adopted more stringent data protection standards. The Company addressed these requirements by certification to the U.S.-EU Safe Harbor Frameworks prior to such Frameworks being invalidated in October 2015 by the European Court of Justice. The General Data Protection Regulation (“GDPR”) replaced the 1995 Data Protection Directive effective May 25, 2018, creating significant impacts on how businesses can collect and process the personal data of EU individuals. We have expended significant resources to comply, but those methods may be subject to scrutiny by data protection authorities in EU member states. The costs of compliance with, and other burdens imposed by, such laws, regulations and policies that are applicable to us may limit our use of personal data and solutions and could have a material adverse impact on our results of operations. We must comply with governmental regulations setting environmental standards. Governmental regulations setting environmental standards influence the design, components or operation of our products. New regulations and changes to current regulations are always possible and, in some jurisdictions, regulations may be introduced with little or no time to bring related products into compliance with these regulations. Our failure to comply with these regulations may prevent us from selling our products in a certain country. In addition, these regulations may increase our cost of supplying the products by forcing us to redesign existing products or to use more expensive designs or components. In these cases, we may experience unexpected disruptions in our ability to supply customers with products, or we may incur unexpected costs or operational complexities to bring products into compliance. This could have an adverse effect on our revenues, gross profit margins and results of operations and increase the volatility of our financial results. We are subject to the Restriction on the Use of Hazardous Substances Directive 2002/95/EC (also known as the “RoHS Directive”) and the Waste Electrical and Electronic Equipment Directive (also known as the “WEEE Directive”). 27 Table of Contents These directives restrict the distribution of products containing certain substances, including lead, within applicable geographies and require a manufacturer or importer to recycle products containing those substances. These directives affect the worldwide electronics and electronics components industries as a whole. If we or our customers fail to comply with such laws and regulations, we could incur liabilities and fines and our operations could be suspended. The vote by the United Kingdom (UK) to leave the European Union (EU) could adversely affect our financial results. In June 2016, UK voters approved a referendum to withdraw the UK's membership from the EU, which is commonly referred to as "Brexit". We have operations in the UK and the EU, and as a result, we face risks associated with the potential uncertainty and disruptions that may follow Brexit, including with respect to volatility in exchange rates and interest rates and potential material changes to the regulatory regime applicable to our operations in the UK. Brexit could adversely affect European or worldwide political, regulatory, economic or market conditions and could contribute to instability in global political institutions, regulatory agencies and financial markets. Any of these effects of Brexit, and others we cannot anticipate or that may evolve over time, could adversely affect our business, financial condition, and operating results. We or our suppliers may be impacted by new regulations related to climate change. In addition to the European environmental regulations noted above, we or our suppliers may become subject to new laws enacted with regards to climate change. In the event that new laws are enacted or current laws are modified in countries in which we or our suppliers operate, our flow of product may be impacted and/or the costs of handling the potential waste associated with our products may increase dramatically, either of which could result in a significant negative impact on our ability to operate or operate profitably. The effects of regulations relating to conflict minerals may adversely affect our business. The Dodd-Frank Wall Street Reform and Consumer Protection Act contains provisions to improve transparency and accountability concerning the supply of certain minerals and derivatives (collectively “Conflict Minerals”) which may originate from the conflict zones of the Democratic Republic of Congo (DRC) and adjoining countries (collectively, “Covered Countries”). As a result, in August 2012 the SEC established annual disclosure and reporting requirements for companies using Conflict Minerals in their products, including products manufactured by third parties. Like many electronic devices, our hardware products contain Conflict Minerals and are subject to the disclosure and reporting requirements. Compliance with these rules also requires due diligence including country of origin inquiries to determine the sources of Conflict Minerals used in our products. As required, we filed our annual reports related to products manufactured. We reported that we determined we had no reason to believe Conflict Minerals used in our products may have originated in Covered Countries. We may incur continued costs associated with complying with these disclosure requirements. These requirements may affect pricing, sourcing and availability of Conflict Minerals used to produce our devices. We may be unable to verify the origin of all Conflict Minerals in our products. We may encounter challenges with customers and stakeholders if we are unable to certify that our products are conflict free. U.S. investors may have difficulties in making claims for any breach of their rights as holders of shares because some of our assets and key employees are not located in the United States. Several of our key employees are full-time or part-time residents of foreign countries, and a substantial portion of our assets and those of some of our key employees are located in foreign countries. As a result, it may not be possible for investors to effect service of process on those persons located in foreign countries, or to enforce judgments against some of our key employees based upon the securities or other laws of jurisdictions in those foreign countries. 28 Table of Contents Our business in countries with a history of corruption and transactions with foreign governments increase the risks associated with our international activities. We are subject to the U.S. Foreign Corrupt Practices Act (FCPA), and other laws that prohibit improper payments or offers of payments to foreign governments and their officials and political parties by U.S. and other business entities for the purpose of obtaining or retaining business. We have operations, deal with and make sales to governmental or quasi-governmental customers in countries known to experience corruption, particularly certain countries in the Middle East, Africa, East Asia and South and Central America, and further expansion of our international selling efforts may involve additional regions. Our activities in these countries create the risk of unauthorized payments or offers of payments by one of our employees, consultants, sales agents or channel partners that could be in violation of various laws, including the FCPA and the U.K. Bribery Act, even though these parties are not always subject to our control. Violations of the FCPA may result in severe criminal or civil sanctions, including suspension or debarment from U.S. government contracting, and we may be subject to other liabilities, which could negatively affect our business, operating results and financial condition. Violations of the U.K. Bribery Act may result in severe criminal or civil sanctions and we may be subject to other liabilities that could negatively affect our business operating results and financial condition. Item 1B - Unresolved Staff Comments None. Item 2 - Properties Our corporate headquarters is located in Chicago, Illinois. Our international headquarters is in Zurich, Switzerland. Our European operational headquarters is in Brussels, Belgium, along with our logistics facility. We conduct sales and marketing, research and development and customer support activities from various locations. Our primary global research and development center is in Montreal, Canada. We have additional research and development facilities in the Netherlands, Cambridge, United Kingdom, Bordeaux, France and Vienna, Austria. We have sales personnel in our offices near Brussels, Belgium, Singapore, Tokyo, Japan, Dubai, Zurich, Switzerland, Chicago, Illinois, London, United Kingdom, Boston, Massachusetts, Sydney, Australia, and in several field offices around the world. All of our properties are leased. Item 3 - Legal Proceedings We are a party to or have intellectual property subject to litigation and other proceedings that arise in the ordinary course of our business. These types of matters could result in fines, penalties, compensatory or treble damages or non-monetary sanctions or relief. We believe the probability is remote that the outcome of each of these matters, including the legal proceedings described below, will have a material adverse effect on the corporation as a whole, notwithstanding that the unfavorable resolution of any matter may have a material effect on our financial results in any particular interim reporting period. Among the factors that we consider in this assessment are the nature of existing legal proceedings and claims, the asserted or possible damages or loss contingency (if estimable), the progress of the case, existing law and precedent, the opinions or views of legal counsel and other advisers, our experience in similar cases and the experience of other companies, the facts available to us at the time of assessment and how we intend to respond to the proceeding or claim. Our assessment of these factors may change over time as individual proceedings or claims progress. Although we cannot predict the outcome of legal or other proceedings with certainty, where there is at least a reasonable possibility that a loss may have been incurred, U.S. GAAP requires us to disclose an estimate of the reasonably possible loss or range of loss or make a statement that such an estimate cannot be made. We follow a process in which we seek to estimate the reasonably possible loss or range of loss, and only if we are unable to make such an estimate do we conclude and disclose that an estimate cannot be made. Accordingly, unless otherwise indicated below in 29 Table of Contents our discussion of legal proceedings, a reasonably possible loss or range of loss associated with any individual legal proceeding cannot be estimated. We include various types of indemnification clauses in our agreements. These indemnifications may include, but are not limited to, infringement claims related to our intellectual property, direct damages and consequential damages. The type and amount of such indemnifications vary substantially based on our assessment of risk and reward associated with each agreement. We believe the estimated fair value of these indemnification clauses is minimal, and we cannot determine the maximum amount of potential future payments, if any, related to such indemnification provisions. We have no liabilities recorded for these clauses as of December 31, 2020. We have been involved in an ongoing dispute with a German company, Onespin solutions GmbH, regarding the co- existence of, or alleged infringement with, its trademark in certain jurisdictions for “ONESPIN” and our trademark in certain jurisdictions for “ONESPAN”. Onespin sells integrated circuit integrity verification solutions for use in the system on chip software development process flow. During the fourth quarter of 2020, we reached a settlement with Onespin on these matters. The amount of the settlement was not material from a financial perspective. We consider this matter to now be closed. A complaint was filed on August 20, 2020 against OneSpan and certain of its officers, asserting claims for purported violations of Sections 10(b) and 20(a) of the Securities Exchange Act of 1934 (the “Exchange Act”), and SEC Rule 10b-5 promulgated thereunder, based on certain alleged material misstatements and omissions. The case is captioned Almendariz v. OneSpan Inc., et al., No. 1:20-cv-04906 (N.D. Ill.) (the “Securities Class Action”). Specifically, the plaintiff in the Securities Class Action alleges, among other things, that certain statements about OneSpan’s business were misleading because of defendants’ failure to disclose that OneSpan purportedly had inadequate internal procedures and controls over financial reporting and related disclosures; and OneSpan purportedly downplayed the negative impacts of immaterial errors in its financial statements. A complaint, related in subject matter to the Securities Class Action, was filed on October 23, 2020 against certain of OneSpan’s officers and directors, and names OneSpan as a nominal defendant. The case is captioned Klein v. Boroditzky, et al., No. 1:20-cv-06310 (N.D. Ill.) (the “Derivative Action” and, collectively with the Securities Class Action, the “Litigation”). The plaintiff asserts claims for breach of fiduciary duty, abuse of control and corporate waste, as well as a claim for contribution under Sections 10(b) and 21D of the Exchange Act, based on the same alleged wrongdoing pled in the Securities Class Action. We intend to defend against the Litigation vigorously. From time to time, we have been involved in litigation and claims incidental to the conduct of our business, such as compensation claims from current or former employees in Europe. We expect that to continue. Excluding matters specifically disclosed above, we are not a party to any lawsuit or proceeding that, in management’s opinion, is likely to have a material adverse effect on its business, financial condition or results of operations. Item 4 - Mine Safety Disclosures Not applicable. 30 Table of Contents PART II Item 5 - Market for Registrant’s Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities Our common stock, par value $0.001 per share, trades on the NASDAQ Capital Market under the symbol OSPN. The following table sets forth the range of high and low daily closing prices of our common stock on the NASDAQ Capital Market for the past two years. 2020 Fourth quarter Third quarter Second quarter First quarter 2019 Fourth quarter Third quarter Second quarter First quarter High Low $ 26.60 32.96 27.93 20.39 High $ 19.74 16.68 19.41 21.55 $ 18.20 18.84 14.89 10.95 Low $ 14.13 12.95 13.40 12.40 On February 18, 2021, there were 111 registered holders and approximately 9,670 street name holders of the Company’s common stock. We have not paid any dividends on our common stock since incorporation. The declaration and payment of dividends will be at the sole discretion of the Board of Directors and subject to certain limitations under the General Corporation Law of the State of Delaware. The timing, amount and form of dividends, if any, will depend, among other things, on the Company’s results of operations, financial condition, cash requirements, plans for expansion and other factors deemed relevant by the Board of Directors. The Company intends to retain any future earnings for use in its business and therefore does not anticipate paying any cash dividends in the foreseeable future. Recent Sales of Unregistered Securities None Issuer Purchases of Equity Securities On June 10, 2020, the Board of Directors authorized a share repurchase program (“program”), pursuant to which the Company can repurchase up to $50.0 million of issued and outstanding common stock. Share purchases under the program will take place in open market transactions or in privately negotiated transactions and may be made from time to time depending on market conditions, share price, trading volume, and other factors. The timing of the repurchases and the amount of stock repurchased in each transaction is subject to OneSpan’s sole discretion and will depend upon market and business conditions, applicable legal and credit requirements and other corporate considerations. The authorization is effective until June 10, 2022 unless the total amount has been used or authorization has been cancelled. During the year ended December 31, 2020, the Company repurchased 0.3 million shares of the Company’s stock for $5.0 million in the aggregate at an average cost of $20.10 per share under its repurchase program. An additional 0.1 million shares of its common stock were withheld to satisfy the mandatory tax withholding requirements upon vesting of restricted stock for $2.0 million at an average cost of $21.08 per share. 31 Table of Contents The following table provides information relating to our purchase of shares of our common stock in the fourth quarter of 2020 (in thousands, except per share amounts): Total Number of Average Shares Purchased Price Paid (1) per Share Total Number of Shares Purchased as Part of Publicly Announced Plans or Programs Maximum Dollar Value of Shares that May Yet Be Purchased Under the Plans or Programs Period October 1, 2020 through October 31, 2020 November 1, 2020 through November 30, 2020 December 1, 2020 through December 31, 2020 — $ — 50 $ 18.94 204 $ 20.78 — 50 200 50,000 49,050 44,970 (1) Transactions represent surrender of vested shares in satisfaction of tax withholdings by grantees under the Company’s Equity Incentive Plans. Stock Performance Graph The Stock Performance Graph below compares the cumulative total return through December 31, 2020 assuming reinvestment of dividends, by an investor who invested $100.00 on December 31, 2015, in each of (i) our common stock, (ii) the Russell 2000 index, (iii) the Standard Industrial Code Index 3577 – Computer Peripheral Equipment, NEC and (iv) a comparable industry (the peer group) index selected by the Company. The peer group for this purpose consists of: American Software, Inc., Appian Corporation, BlackLine, Inc., CPI Card Group, Inc., FireEye, Inc., ProofPoint, Inc., PROS Holdings, Inc., Q2 Holdings, Inc., QAD, Inc., Qualys, Inc., Rapid7, Inc., SecureWorks Corp., Varonis Systems, Inc. The stock price performance shown on the graph below is not necessarily indicative of future price performance. 32 Table of Contents Item 6 - Selected Financial Data (in thousands, except per share data) The following table presents selected consolidated financial data for the periods indicated. The following information should be read in conjunction with the consolidated financial statements and the accompanying notes and "Item 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations" included in our Annual Report on Form 10-K. We have revised the prior period consolidated financial statements for the years ended December 2019 and 2108 to reflect immaterial errors identified and described within Note 2 - Summary of Significant Accounting Policies and summarized within Note 3 - Revision of Prior Period Financial Statements. Statements of Operations Data: Revenue Operating income (loss) Net income (loss) Diluted net income (loss) per common share Balance Sheet Data: Cash and equivalents Working capital Total assets Long term obligations Total stockholders equity 2020 2019 2018* 2017* 2016* Year Ended December 31, $ $ $ 215,691 (5,258) (5,455) (0.14) $ 88,394 131,874 375,203 42,559 257,340 253,484 14,189 7,864 0.20 84,282 135,989 382,542 46,436 262,294 $ $ $ $ $ $ 211,336 (920) 3,044 0.08 76,708 118,797 351,882 28,028 251,639 193,291 6,192 (22,399) (0.56) 78,661 161,784 337,622 33,539 237,930 192,304 9,599 10,514 0.27 49,345 139,199 327,270 6,148 253,162 *Prior period amounts are presented under ASC 605 and ASC 985-20. Item 7 - Management’s Discussion and Analysis of Financial Condition and Results of Operations (in thousands, except head count, ratios, time periods and percentages) The following discussion and analysis of our financial condition and results of operations should be read in conjunction with our financial statements and related notes appearing elsewhere in this Annual Report on Form 10-K. In addition to historical financial information, the following discussion may contain predictions, estimates and other forward-looking statements that involve a number of risks and uncertainties, including those discussed under Item 1A – Risk Factors and elsewhere in this Form 10-K. These risks could cause our actual results to differ materially from any future performance suggested below. Please see “Forward Looking Statements” at the beginning of this Form 10-K. The Company has excluded discussion of the comparison of the years ended December 31, 2019 and 2018 from this Form 10-K., which can be found in the annual report on Form 10-K for the period ended December 31, 2019, filed on March 16, 2020. Revision of Previously Issued Financial Statements This information should be read in conjunction with the consolidated financial statements and the notes thereto included in this Annual Report. We have revised our prior period financial statements to reflect the correction of immaterial errors as described in this Annual Report in Notes to the Consolidated Financial Statements, Note 3 – Revision of Previously Issued Financial Statements. COVID-19 Pandemic Response and Impact In March 2020, the World Health Organization recognized a novel strain of coronavirus (COVID-19) as a pandemic. In response to the pandemic, the United States and various foreign, state and local governments have, among other actions, imposed travel and business restrictions and required or advised communities in which we do business to adopt stay-at-home orders and social distancing guidelines, causing some businesses to adjust, reduce or suspend 33 Table of Contents operating activities. The pandemic and the various governments’ response have caused significant and widespread uncertainty, volatility and disruptions in the U.S. and global economies, including in the regions in which we operate. Financial Results and Outlook Beginning in the Summer of 2020 and continuing through the year ended December 31, 2020, we experienced lengthened sales cycles and reduced demand for some of our security solutions due to economic uncertainty connected with the COVID-19 pandemic. The most significant impact of the pandemic on our business has been a sharp drop in demand for our hardware authentication products and delays in the implementation of certain software security solutions. In addition, we believe demand for our hardware offerings declined in favor of our mobile and cloud security solutions as customers increasingly adopted digital alternatives in 2020. Finally, we saw strong demand for our hardware solutions in Europe during 2019 that did not repeat in 2020 due to many of our customers complying with banking regulations imposed by Payment Services Directive 2 (“PSD2”). As a result, our hardware revenues for 2020 were substantially below such revenues as compared to 2019. In the current and future periods, we may experience weaker customer demand, requests for discounts or extended payment terms, customer bankruptcies, supply chain disruption, employee staffing constraints and difficulties, government restrictions or other factors that could negatively impact the Company and its business, operations and financial results. As we cannot predict the duration or scope of the pandemic or its impact on economic and financial markets, any negative impact to our results cannot be reasonably estimated, but it could be material. We continue to monitor closely the Company’s financial health and liquidity and the impact of the pandemic on the Company. We are able to serve the needs of our customers while taking steps to protect the health and safety of our employees, customers, partners, and communities. See Part I – Item 1A – Risk Factors of this Form 10-K for additional information regarding the potential impact of COVID-19 on the Company. Overview We design, develop and market digital solutions for identity, security, and business productivity that protect and facilitate electronic transactions via mobile and connected devices. We are a global leader in providing anti-fraud and digital transaction management solutions to financial institutions and other businesses. Our solutions secure access to online accounts, data, assets, and applications for global enterprises; provide tools for application developers to easily integrate security functions into their web-based and mobile applications; and facilitate end-to-end financial agreement automation including digital identity verification, electronic signature and electronic notarization. Our core technologies, multi-factor authentication, electronic signature, and transaction signing, strengthen the process of preventing hacking attacks against online and mobile transactions. This allows companies to transact business safely and with an improved customer experience for remote customers. We offer cloud based and on-premises solutions using both open standards and proprietary technologies. Some of our proprietary technologies are patented. Our products and services are used for authentication, fraud mitigation, e-signing transactions and documents, and identity management in Business-to-Business (“B2B”), Business-to-Employee (“B2E”) and Business-to-Consumer (“B2C”) environments. Our target market is business processes using an electronic interface, particularly the Internet, where there is risk of account takeover or new account fraud. Our products can increase security associated with accessing business processes, reduce losses from unauthorized access, help customers comply with regulations, enhance the end- user experience, and reduce the cost of business processes by automating activities previously performed manually. Online and mobile application owners and publishers benefit from our expertise in multi-factor authentication, document signing, transaction signing, application security, remote customer onboarding, and in mitigating hacking attacks. Our convenient and proven security solutions enable low friction and trusted interactions between businesses, employees, and consumers across a variety of online and mobile platforms. 34 Table of Contents Our primary growth strategy is to make digital banking more accessible, secure, easy and valuable. Our key growth objectives include: ● Expanding our portfolio of services that enable institutions to mitigate fraud, reduce operational costs, comply with regulations, easily on-board customers, and adaptively authenticate transactions and reduce time to deploy; ● Automating and securing digital customer journeys to remotely verify identities, mitigate application fraud and secure account opening and transactions; ● Increasing sales to existing customers and acquiring new customers; ● Driving increased demand for our products in new applications, new markets, and new territories; ● ● Expanding our channel partner ecosystem; and Strategically acquiring companies that expand our technology portfolio or customer base and increase our recurring revenue. Our Business Model We offer our products through a product sales and licensing model or through our services platform, which includes our cloud-based service offerings. Our solutions are sold worldwide through our direct sales force, as well as through distributors, resellers, systems integrators, and original equipment manufacturers. Our sales force is able to offer customers a choice of an on-site implementation using our traditional on-premises model or a cloud implementation for some solutions using our services platform. Industry Growth Economic instability related to the COVID-19 pandemic impacted our results for the year ended December 31, 2020. As economic conditions recover, we believe the global markets for authentication, fraud mitigation, agreement automation, and electronic signature solutions will continue to grow driven by dynamic and growing threat environments, increased focus on the digital experience for mobile and online users, new government regulations, and continued growth in electronic commerce. The rate of growth in each country around the world may vary significantly based on local culture, competitive position, economic conditions, and the use of technology. Economic Conditions Our revenue may vary significantly with changes in the economic conditions in the countries in which we currently sell products. With our current concentration of revenue in Europe and specifically in the banking and finance vertical market, significant changes in the economic outlook for the European Banking market may have a significant effect on our revenue. The COVID-19 pandemic and the various responses of governments around the world have caused significant and widespread uncertainty, volatility and disruptions in the U.S. and global economies, including in the regions in which we operate. See Part I, Item 1A – Risk Factors of this Form 10-K for additional information regarding the potential impact of COVID-19 on the Company. 35 Table of Contents Cybersecurity Risks Our use of technology is increasing and is critical in three primary areas of our business: 1. Software and information systems that we use to help us run our business more efficiently and cost effectively; 2. The products we have traditionally sold and continue to sell to our customers for integration into their software applications contain technology that incorporates the use of secret numbers and encryption technology; and 3. New products and services that we introduced to the market are focused on processing information through our servers or in the cloud. We believe that the risks and consequences of potential incidents in each of the above areas are different. In the case of the information systems we use to help us run our business, we believe that an incident could disrupt our ability to take orders or deliver product to our customers, but such a delay in these activities would not have a material impact on our overall results. To minimize this risk, we actively use various forms of security and monitor the use of our systems regularly to detect potential incidents as soon as possible. In the case of products that we have traditionally sold, we believe that the risk of a potential cyber incident is minimal. We offer our customers the ability to either create the secret numbers themselves or have us create the numbers on their behalf. When asked to create the numbers, we do so in a secure environment with limited physical access and store the numbers on a system that is not connected to any other network, including other OneSpan networks, and similarly, is not connected to the Internet. In the case of our cloud-based solutions, which involve the processing of customer information, we believe a cyber incident could have a material impact on our business. While our revenue from cloud-based solutions comprises a minority of our revenue today, we believe that these solutions will provide substantial future growth. A cyber incident involving these solutions in the future could substantially impair our ability to grow the business and we could suffer significant monetary and other losses and significant reputational harm. To minimize the risk, we review our product security and procedures on a regular basis. Our reviews include the processes and software code we are currently using as well as the hosting platforms and procedures that we employ. We mitigate the risk of cyber incidents through a series of reviews, tests, tools and training. Certain insurance coverages may apply to certain cyber incidents. Overall, we expect the cost of securing our networks will increase in future periods, whether through increased staff, systems or insurance coverage. While we are not aware of any cyber incidents during the year ended December 31, 2020 that had a significant impact on our business, it is possible that we could experience an incident in future years, which could result in unanticipated costs. Currency Fluctuations In 2020, approximately 88% of our revenue and approximately 73% of our operating expenses were generated/incurred outside of the U.S. In 2019, approximately 89% of our revenue and approximately 72% of our operating expenses were generated/incurred outside of the U.S. In 2018, approximately 91% of our revenue and approximately 71% of our operating expenses were generated/incurred outside of the U.S. As a result, changes in currency exchange rates, especially the Euro exchange rate and the Canadian Dollar exchange rate, can have a significant impact on revenue and expenses. While the majority of our revenue is generated outside of the U.S., a significant amount of our revenue earned during the year ended December 31, 2020 was denominated in U.S. Dollars. In 2020, approximately 44% of our revenue was denominated in U.S. Dollars, 51% was denominated in Euros and 5% was denominated in other currencies. In 2019, 36 Table of Contents approximately 47% of our revenue was denominated in U.S. Dollars, 49% was denominated in Euros and 9% was denominated in other currencies. In 2018, approximately 58% of our revenue was denominated in U.S. Dollars, 30% was denominated in Euros, and 12% was denominated in other currencies. In general, to minimize the net impact of currency fluctuations on operating income, we attempt to denominate an amount of billings in a currency such that it would provide a hedge against the operating expenses being incurred in that currency. We expect that changes in currency rates may also impact our future results if we are unable to match amounts of revenue with our operating expenses in the same currency. If the amount of our revenue in Europe denominated in Euros continues as it is now or declines, we may not be able to balance fully the exposures of currency exchange rates on revenue and operating expenses. The financial position and the results of operations of our foreign subsidiaries, with the exception of our subsidiaries in Switzerland, Singapore and Canada, are measured using the local currency as the functional currency. Accordingly, assets and liabilities are translated into U.S. Dollars using current exchange rates as of the balance sheet date. Revenues and expenses are translated at average exchange rates prevailing during the year. Translation adjustments arising from differences in exchange rates generated comprehensive gain of $4.5 million in 2020, comprehensive gain of $1.5 million in 2019 and comprehensive loss of $5.5 million in 2018. These amounts are included as a separate component of stockholders’ equity. The functional currency for our subsidiaries in Switzerland, Singapore and Canada is the U.S. Dollar. Gains and losses resulting from foreign currency transactions are included in the consolidated statements of operations in other income (expense). Foreign exchange transaction gains aggregated less than $0.1 million for the year ended December 31, 2020. We reported foreign exchange transaction losses of $1.5 million and $0.2 million during the years ended December 31, 2019 and 2018, respectively. Components of Operating Results Revenue We generate revenue from the sale of our hardware products, software licenses, subscriptions, maintenance and support, and professional services. We believe comparison of revenues between periods is heavily influenced by the timing of orders and shipments reflecting the transactional nature of significant parts of our business. ● ● Product and license revenue. Product and license revenue includes hardware products and software licenses, which can be provided on a perpetual or term basis. Service and other revenue. Service and other revenue includes subscription solutions (which is our definition of software-as-a-service solutions), maintenance and support, and professional services. Cost of Goods Sold Our total cost of goods sold consists of cost of product and license revenue and cost of service and other revenue. We expect our cost of goods sold to increase in absolute dollars as our business grows, although it may fluctuate as a percentage of total revenue from period to period. ● Cost of product and license revenue. Cost of product and license revenue primarily consists of direct product and license costs. ● Cost of service and other revenue. Cost of service and other revenue primarily consists of costs related to subscription solutions, including personnel and equipment costs, and personnel costs of employees providing professional services and maintenance and support. 37 Table of Contents Gross Profit Gross profit as a percentage of total revenue, or gross margin, has been and will continue to be affected by a variety of factors, including our average selling price, manufacturing costs, the mix of products sold, and the mix of revenue among products, subscriptions and services. We expect our gross margins to fluctuate over time depending on these factors. Operating Expenses Our operating expenses are generally based on anticipated revenue levels and fixed over short periods of time. As a result, small variations in revenue may cause significant variations in the period-to-period comparisons of operating income or operating income as a percentage of revenue. Generally, the most significant factor driving our operating expenses is headcount. Direct compensation and benefit plan expenses generally represent between 60% and 65% of our operating expenses. In addition, a number of other expense categories are directly related to headcount. We attempt to manage our headcount within the context of the economic environments in which we operate and the investments we believe we need to make for our infrastructure to support future growth and for our products to remain competitive. Historically, operating expenses have been impacted by changes in foreign exchange rates. We estimate the change in currency rates in 2020 compared to 2019 resulted in an increase in operating expenses of approximately $0.7 million in 2020. The comparison of operating expenses can also be impacted significantly by costs related to our stock-based and long- term incentive plans. For full-year 2020, 2019, and 2018, operating expenses included $6.0 million, $5.3 million, and $6.1 million, respectively, related to stock-based and long-term incentive plans. Long-term incentive plan compensation expense includes both cash and stock-based incentives. ● ● Sales and marketing. Sales and marketing expenses consist primarily of personnel costs, commissions and bonuses, trade shows, marketing programs and other marketing activities, travel, outside consulting costs, and long-term incentive compensation. We expect sales and marketing expenses to increase in absolute dollars as we continue to invest in sales resources in key focus areas, although our sales and marketing expenses may fluctuate as a percentage of total revenue. Research and development. Research and development expenses consist primarily of personnel costs and long-term incentive compensation. We expect research and development expenses to increase in absolute dollars as we continue to invest in our future solutions, although our research and development expenses may fluctuate as a percentage of total revenue. ● General and administrative. General and administrative expenses consist primarily of personnel costs, legal and other professional fees, and long-term incentive compensation. We expect general and administrative expenses to increase in absolute dollars although our general and administrative expenses may fluctuate as a percentage of total revenue. ● Amortization/impairment of intangible assets. Acquired intangible assets are amortized over their respective amortization periods, and are periodically evaluated for impairment. Interest Income, Net Interest income consists of income earned on our cash equivalents and short term investments. Our cash equivalents and short term investments are invested in short-term instruments at current market rates. 38 Table of Contents Other Income (Expense), Net Other income (expense), net primarily includes exchange gains (losses) on transactions that are denominated in currencies other than our subsidiaries’ functional currencies, subsidies received from foreign governments in support of our research and development in those countries and other miscellaneous non-operational expenses. Income Taxes Our effective tax rate reflects our global structure related to the ownership of our intellectual property (“IP”). All our IP in our traditional authentication business is owned by two subsidiaries, one in the U.S. and one in Switzerland. These two subsidiaries have entered into agreements with most of the other OneSpan entities under which those other entities provide services to our U.S. and Swiss subsidiaries on either a percentage of revenue or on a cost plus basis or both. Under this structure, the earnings of our service provider subsidiaries are relatively constant. These service provider companies tend to be in jurisdictions with higher effective tax rates. Fluctuations in earnings tend to flow to the U.S. company and Swiss company. In 2020, earnings flowing to the U.S. company are expected to be taxed at a rate of 21% to 25%, while earnings flowing to the Swiss company are expected to be taxed at a rate ranging from 11% to 12%, plus Swiss withholding tax of an additional 5%. A Canadian and UK subsidiary currently sell to and service global customers directly. In addition, many of our OneSpan entities operate as distributors for all of our OneSpan products. As the majority of our revenues are generated outside of the U.S., our consolidated effective tax rate is strongly influenced by the effective tax rate of our foreign operations. Changes in the effective rate related to foreign operations reflect changes in the geographic mix of earnings and the tax rates in each of the countries in which it is earned. The statutory tax rate for the primary foreign tax jurisdictions ranges from 11% to 35%. The geographic mix of earnings of our foreign subsidiaries primarily depends on the level of pretax income of our service provider subsidiaries and the benefit realized in Switzerland through the sales of product. The level of pretax income in our service provider subsidiaries is expected to vary based on: 1. 2. 3. the staff, programs and services offered on a yearly basis by the various subsidiaries as determined by management, or the changes in exchange rates related to the currencies in the service provider subsidiaries, or the amount of revenues that the service provider subsidiaries generate. For items 1 and 2 above, there is a direct impact in the opposite direction on earnings of the U.S. and Swiss entities. Any change from item 3 is generally expected to result in a larger change in income in the U.S. and Swiss entities in the direction of the change (increased revenues expected to result in increased margins/pretax profits and conversely decreased revenues expected to result in decreased margins/pretax profits). In addition to the provision of services, the intercompany agreements transfer the majority of the business risk to our U.S. and Swiss subsidiaries. As a result, the contracting subsidiaries’ pretax income is reasonably assured while the pretax income of the U.S. and Swiss subsidiaries varies directly with our overall success in the market. In November 2015, we acquired OneSpan Canada Inc. (formerly eSignLive), a foreign company with substantial IP and net operating losses and other tax carryforwards. The tax benefit of the carryforwards has been fully reserved as realization has not been deemed more likely than not. In May 2018, we acquired Dealflo Limited (“Dealflo”), a foreign company with substantial IP and net operating losses. The tax benefit of the loss carryforwards will be reserved to the extent they exceed the deferred tax liabilities recognized upon acquisition as realization has not been deemed more likely than not. 39 Table of Contents Results of Operations The following tables summarize our consolidated results of operations for the periods presented. Revenue Revenue by Product: We generate revenue from the sale of our hardware products, software licenses, subscriptions, professional services, and maintenance and support. Product and license revenue includes hardware products and software licenses. Service and other revenue includes subscription solutions (which is our definition of software-as-a-service solutions), maintenance and support, and professional services. Years ended December 31, 2020 2019 Change $ % Revenue Hardware Software licenses Subscription Professional services Maintenance, support and other Total revenue $ $ 81,849 51,137 27,788 5,689 49,228 215,691 $ $ (in thousands) 127,005 56,308 22,280 5,759 42,132 253,484 $ $ (45,156) (5,171) 5,508 (70) 7,096 (37,793) (36)% (9)% 25% (1)% 17% (15)% Total revenue decreased $37.8 million or 15%, during the year ended December 31, 2020 compared to the year ended December 31, 2019. The overall decrease in revenue was comprised of a $45.2 million decrease in hardware revenue and a $13.7 million decrease in perpetual software license revenue, partially offset by an increase in recurring revenue, which is the portion of our revenue subject to future renewal. Recurring revenue, comprised of subscription, term-based software license, and maintenance, support and other revenue, increased $21.1 million or 26% during the year ended December 31, 2020, compared to the year ended December 31, 2019. Year-over-year revenue comparisons were affected by the one-time positive impact on 2019 revenue from the PSD2 regulation deadline. We also experienced reduced demand for our hardware products and perpetual software licenses due to an uncertain near-term business outlook for certain of our customers as a result of the pandemic. Product and license revenue decreased $50.3 million or 27% during the year ended December 31, 2020 compared to the year ended December 31, 2019, which was largely driven by a decrease in hardware sales. Hardware sales increased during the year ended December 31, 2019 related to the PSD2 regulation deadline. The decrease in hardware sales in 2020 is attributed to a reduction in demand following the PSD2 deadline, increased adoption of digital alternatives, and reduced demand due to the pandemic. Perpetual software license sales also decreased during the year ended December 31, 2020 compared to the year ended December 31, 2019, which we attribute to our strategy focused on growing recurring software revenue over perpetual licenses combined with softened demand as a result of the pandemic. Services and other revenue increased by $12.5 million, or 18% during the year ended December 31, 2020 compared to the year ended December 31, 2020. The increase for the year ended December 31, 2020 compared to the same period in 2019 was driven by higher subscription and maintenance revenue. We believe comparison of revenues between periods is heavily influenced by the timing of orders and shipments reflecting the transactional nature of significant parts of our business. As a result of the volatility in our business, we believe that the overall strength of our business is best evaluated over a longer term where the impact of transactions in any given period is not as significant as in a quarter-over-quarter comparison. 40 Table of Contents Revenue by Geographic Regions: We classify our sales by customer location in three geographic regions: 1) EMEA, which includes Europe, Middle East and Africa; 2) the Americas, which includes sales in North, Central, and South America; and 3) Asia Pacific (APAC), which also includes Australia, New Zealand, and India. The breakdown of revenue in each of our major geographic areas was as follows: Revenue EMEA Americas APAC Total revenue % of Total Revenue EMEA Americas APAC Years ended December 31, 2020 2019 $ Change % Change (in thousands) $ 117,086 53,171 45,434 $ 215,691 54% 25% 21% $ 145,942 61,577 45,965 $ 253,484 58% 24% 18% ($ 28,856) (8,406) (531) ($ 37,793) (20)% (14)% (1)% (15)% For the year ended December 31, 2020, revenue generated in EMEA was $28.9 million or 20% lower than the same period in 2019, driven by lower hardware sales, partially offset by higher maintenance and professional services revenue. Hardware revenue comparisons were affected by the one-time positive impact on 2019 revenue from the PSD2 regulation deadline. For the year ended December 31, 2020, revenue generated in the Americas was $8.4 million or 14% lower than the same period in 2019, driven by lower hardware and software license revenue, partially offset by higher subscription revenue. For the year ended December 31, 2020, revenue generated in the Asia Pacific region was $0.5 million or 1% lower than the same period in 2019, driven by lower hardware revenue, partially offset by higher maintenance and professional services revenue. Cost of Goods Sold and Gross Margin Cost of goods sold Product and license Services and other Total cost of goods sold Gross profit Gross margin Product and license Services and other Total gross margin Year ended December 31, 2020 2019 $ % Change $ 41,820 21,619 $ 63,439 (in thousands) $ 63,393 18,569 $ 81,962 ($ 21,573) 3,050 ($ 18,523) $ 152,252 $ 171,522 (19,270) (34)% 16% (23)% (11)% 69% 74% 71% 65% 74% 68% The cost of product and license revenue decreased $21.6 million or 34% during the year ended December 31, 2020 compared to the year ended December 31, 2019. The decrease in cost of product and license was driven by lower hardware sales. 41 Table of Contents The cost of services and other revenue increased by $3.1 million, or 16% during the year ended December 31, 2020 compared to the year ended December 31, 2019. The increase in cost of services and other revenue is reflective of higher subscription revenue, which has increased cloud-based infrastructure costs. Gross profit decreased $19.3 million, or 11% during the year ended December 31, 2020 compared to the year ended December 31, 2019. Gross profit margin was 71% for the year ended December 31, 2020, compared to 68% for the year ended December 31, 2019. The increase in profit margin for the year ended December 31, 2020 was driven by stronger margins for product and license. The majority of our inventory purchases are denominated in U.S. Dollars. Our sales are denominated in various currencies including the Euro. The impact of changes in currency rates are estimated to have increased revenue by $2.0 million for the year ended December 31, 2020. Had currency rates in 2020 been equal to rates in 2019, the gross profit margins would have been approximately one percentage point lower for the year ended December 31, 2020. Operating Expenses Operating costs Sales and marketing Research and development General and administrative Amortization of intangible assets Total operating costs Sales and Marketing Expenses Year ended December 31, 2019 2020 (in thousands) $ % Change $ $ 60,856 41,194 46,338 9,122 157,510 $ $ 61,503 42,463 43,897 9,470 157,333 ($ 647) (1,269) 2,441 (348) $ 177 (1)% (3)% 6% (4)% 0% Sales and marketing expenses decreased $0.6 million, or 1% during the year ended December 31, 2020 compared to the year ended December 31, 2019. Lower travel spend were partially offset by costs associated with higher headcount during the year ended December 31, 2020. Average full-time sales and marketing employee headcount for year ended December 31, 2020 was 356, compared to 319 for year ended December 31, 2019. Average headcount in 2020 was 12% higher than in 2019. Research and Development Expenses Research and development expenses decreased $1.3 million, or 3% during the year ended December 31, 2020 compared to the year ended December 31, 2019. The decrease in expense for the year ended December 31, 2020 was primarily driven by lower cloud computing costs for our test environment and lower travel costs, partially offset by higher personnel costs. Average full-time research and development employee headcount for year ended December 31, 2020 was 328, compared to 302 for year ended December 31, 2019. Average headcount in 2020 was 9% higher than in 2019. General and Administrative Expenses General and administrative expenses increased $2.4 million, or 6% during the year ended December 31, 2020 compared to the year ended December 31, 2019. The increase in general and administrative expenses for the year ended December 31, 2020 was driven by higher personnel costs which included additional stock comp due to an increase in eligible participants. The increase in expense was also driven by higher consulting spend, additional expense for subscription software tools and higher bad debt expense driven by a higher allowance for the likely adverse impact of the COVID-19 pandemic. Lower travel costs partially offset spend increases. 42 Table of Contents Average full-time general and administrative employee headcount for year ended December 31, 2020 was 125, compared to 113 for the year ended December 31, 2019. Average headcount in 2020 was 11% higher than in 2019. Amortization of Intangible Assets Amortization of intangible assets for the year ended December 31, 2020 was $9.1 million, compared to $9.5 million for the year ended December 31, 2019, a decrease of $0.3 million or 4%. The decrease was driven by certain technology assets becoming fully amortized during the year. Interest Income, net Interest income, net Year ended December 31, 2020 2019 (in thousands) $ 404 $ Change % Change $ 747 ($ 343) (46)% Interest income, net was $0.4 million for the year ended December 31, 2020, compared to $0.7 million for the year ended December 31, 2019. The decrease in interest income for 2020 compared to 2019 reflects a decrease in interest rates during the year ended December 31, 2020. Other Income, Net Other income (expense), net Year ended December 31, 2020 2019 $ Change % Change (in thousands) $ 1,434 ($ 527) $ 1,961 (372)% Other income (expense) , net primarily includes exchange gains (losses) on transactions that are denominated in currencies other than our subsidiaries’ functional currencies, subsidies received from foreign governments in support of our research and development in those countries, and other miscellaneous non-operational, non-recurring expenses. Other income (expense), net for the year ended December 31, 2020 was $1.4 million, compared to $(0.5) million for the year ended December 31, 2019. Higher income for the year ended December 31, 2020 was primarily driven by exchange gains on transactions that are denominated in currencies other than our subsidiaries’ functional currencies. Provision for income taxes Provision for income taxes $ 2,035 $ 6,545 ($ 4,510) (69)% Year ended December 31, 2019 2020 (in thousands) $ % Change Income tax expense for the year ended December 31, 2020 was $2.0 million compared to $6.5 million for the year ended December 31, 2019. The decrease in expense was attributable to decreased profits in the period excluding losses at entities where we cannot record a tax benefit, as well as a higher uncertain tax positions recorded in 2019 of $1.6 million. 43 Table of Contents Loss Carryforwards Available At December 31, 2020, we have gross deferred tax assets of $30.0 million resulting from foreign and state NOL carryforwards of $119.5 million and other foreign deductible carryforwards of $64.7 million. At December 31, 2020, we have a valuation allowance of $19.8 million against deferred tax assets related to certain carryforwards. See Note 13 – Income taxes for more information regarding carryforwards and valuation allowances. Liquidity and Capital Resources As of December 31, 2020, we had net cash balances (total cash and cash equivalents) of $88.4 million and short-term investments of $26.9 million. Short term investments consist of U.S. treasury bills and notes, government agency notes, corporate notes and bonds, and high quality commercial paper with maturities at acquisition of more than three months and less than twelve months. At December 31, 2019, we had net cash balances of $84.3 million and short-term investments of $25.5 million. We are in a lease agreement that required a letter of credit in the amount of $0.8 million to secure the obligation. The restricted cash related to this letter of credit is recorded in other non-current assets on the Consolidated Balance Sheet at December 31, 2020 and December 31, 2019. As of December 31, 2020, we held $52.0 million of cash and cash equivalents in subsidiaries outside of the United States. Of that amount, $51.4 million is not subject to repatriation restrictions, but may be subject to taxes upon repatriation. We believe that our financial resources are adequate to meet our operating needs over the next twelve months. Our cash flows are as follows: Cash provided by (used in): Operating activities Investing activities Financing activities Effect of foreign exchange rate changes on cash and cash equivalents Operating Activities Year ended December 31, 2020 2019 2018 (in thousands) $ 14,922 (4,664) (7,060) 914 $ 18,244 (9,893) (569) (208) 1,226 194 (970) (1,556) Cash generated by operating activities is primarily comprised of net income, as adjusted for non-cash items, and changes in operating assets and liabilities. Non-cash adjustments consist primarily of amortization and impairment of intangible assets, depreciation of property and equipment, and stock-based compensation. We expect cash inflows from operating activities to be affected by increases or decreases in sales and timing of collections. Our primary uses of cash from operating activities have been for personnel costs. We expect cash outflows from operating activities to be affected by increases in personnel cost as we grow our business. For the year ended December 31, 2020, $14.9 million of cash was provided by operating activities. Cash of $18.2 million and $1.2 million was provided by operating activities for the years ended December 31, 2019 and 2018, respectively. Our working capital at December 31, 2020 was $131.9 million, a decrease of $4.1 million or 3% from $136.0 million at December 31, 2019. The decrease is due to lower accounts receivable and higher deferred revenue, driven by the timing of revenue contracts with customers. 44 Table of Contents Investing Activities The changes in cash flows from investing activities primarily relate to timing of purchases, maturities and sales of investments, purchases of property and equipment, and activity in connection with acquisitions. We expect to continue to purchase property and equipment to support the continued growth of our business as well to continue to invest in our infrastructure and activity in connection with acquisitions. For the year ended December 31, 2020 and December 31, 2019, cash of $4.7 million and $9.9 million, respectively, was used in investing activities, which was primarily driven by the purchase of property and equipment, as well as purchases of short term investments which were partially offset by the maturity of short term investments. For the year ended December 31, 2018, cash of $0.2 million was provided by investing activities, which was driven by the maturity of short term investments, partially offset by the purchase of Dealflo and purchase of short term investments. Financing Activities The changes in cash flows from financing activities primarily related to the purchases of common stock under our share repurchase program and tax payments for restricted stock issuances. On June 10, 2020, the Board of Directors authorized a share repurchase program (“program”), pursuant to which the Company can repurchase up to $50.0 million of issued and outstanding common stock. Share purchases under the program will take place in open market transactions or in privately negotiated transactions and may be made from time to time depending on market conditions, share price, trading volume, and other factors. The timing of the repurchases and the amount of stock repurchased in each transaction is subject to OneSpan’s sole discretion and will depend upon market and business conditions, applicable legal and credit requirements and other corporate considerations. During the year ended December 31, 2020, the Company repurchased 0.3 million shares of the Company’s stock for $5.0 million in the aggregate at an average cost of $20.10 per share under its repurchase program. The authorization is effective until June 10, 2022 unless the total amount has been used or authorization has been cancelled. For the year ended December 31, 2020, net cash used in financing activities was $7.1 million, which was comprised of $5.0 million of common stock repurchased and $2.0 million of tax payments for restricted stock issuances. Cash of $0.6 million and $1.0 million was used in financing activities during the years ended December 31, 2019 and December 31, 2018, respectively. The cash usage was comprised of tax payments for restricted stock issuances in both periods. Off-Balance Sheet Arrangements The Company has no off-balance sheet arrangements. Contractual Obligations and Commitments The following summarizes our contractual obligations and commitments as of December 31, 2020: Operating lease obligations Purchase obligations Taxes payable Total 15,254 23,921 7,148 46,323 $ $ $ $ Payments due by period 2-3 years 1 year 2,814 20,586 1,053 24,453 $ $ 4,646 3,323 3,027 10,996 $ $ 4-5 years More than 5 years 2,527 12 3,068 5,607 $ $ 5,267 — — 5,267 45 Table of Contents We have purchase obligations of $23.9 million, including $12.7 million of inventory purchase obligations which are expected to be consummated in the next 12 months, $5.8 million of committed hosting arrangements which will be used in the next one to four years, and $5.4 million for other software agreements related to the administration of our business which range from one to five years. The operating lease obligations above do not include common area maintenance (“CAM”) charges or real estate taxes under our operating leases, for which the Company is also obligated. These charges are generally not fixed and can fluctuate from year to year. Taxes payable primarily represents deemed repatriation tax from 2017. The Company had $0.5 million, $2.9 million and $0.4 million of unrecognized tax benefits as of December 31, 2020, December 31, 2019 and December 31, 2018, respectively, which have been set aside in a reserve in accordance with ASC 740 Income Taxes. The amounts are not included in the above table as the timing of payment of such obligations, if any, is not determinable. Critical Accounting Policies and Estimates Management’s Discussion and Analysis of Financial Condition and Results of Operations discusses our consolidated financial statements, which have been prepared in accordance with accounting principles generally accepted in the U.S. The preparation of these financial statements requires management to make estimates and assumptions that affect the reported amounts of assets and liabilities and the disclosure of contingent assets and liabilities at the date of the consolidated financial statements and the reported amounts of revenue and expenses during the reporting period. On an on-going basis, management evaluates its estimates and judgments, including those related to bad debts, net realizable value of inventory and intangible assets. Management bases its estimates and judgments on historical experience and on various other factors that are believed to be reasonable under the circumstances, the results of which form the basis for making judgments about the carrying values of assets and liabilities that are not readily apparent from other sources. Actual results may differ from these estimates under different assumptions or conditions. Management believes the following critical accounting policies affect significant judgments and estimates used in the preparation of its consolidated financial statements. Revenue Recognition On January 1, 2018, we adopted FASB Accounting Standards Codification (ASC) Topic 606, “Revenue from Contracts with Customers”, or “Topic 606” using the modified retrospective method applied to those contracts which were not completed as of January 1, 2018. Results for reporting periods beginning after January 1, 2018 are presented under Topic 606. We recorded a net increase to opening Retained Earnings of $11.9 million, net of tax, as of January 1, 2018 due to the cumulative impact of adopting Topic 606, with the impact primarily related to the accounting impacts of our customer contracts that include a term license to our software, as well as the impact of accounting for costs incurred to obtain our contracts. See Note 6 - Revenue for further details. We determine revenue recognition through the following steps: Identification of the contract, or contracts, with a customer; Identification of the performance obligations in the contract; ● ● ● Determination of the transaction price; ● Allocation of the transaction price to the performance obligations in the contract; and ● Recognition of revenue when, or as, we satisfy a performance obligation. Revenues are recognized when control of the promised goods or services is transferred to our customers, in an amount that reflects the consideration we expect to be entitled to in exchange for those products or services, which excludes any sales incentives and amounts collected on behalf of third parties. Taxes assessed by a governmental authority that are both imposed on and concurrent with a specific revenue-producing transaction, that are collected by the Company from a customer, are excluded from revenue. Shipping and handling costs associated with outbound freight 46 Table of Contents after control over a product has transferred to a customer are accounted for as a fulfillment cost and are included in cost of goods sold. Nature of Goods and Services We derive our revenues primarily from Product and License Revenue, which includes hardware products and software licenses, and Services and Other, which is inclusive of software-as-a-service (which we refer to as “subscription”, or “SaaS”), maintenance and support, and professional services. Product Revenue: Revenue from the sale of security hardware is recorded upon shipment, which is the point at which control of the goods are transferred and the completion of the performance obligations, unless there are specific terms that would suggest control is transferred at a later date (e.g. delivery). No significant obligations or contingencies typically exist with regard to delivery, customer acceptance or rights of return at the time revenue is recognized. Customer invoices and subsequent payments normally correspond with delivery. License Revenue: Revenue from the sale of software licenses is recorded upon the latter of when the customer receives the ability to access the software or when they are legally allowed to use the software. No significant obligations or contingencies exist with regard to delivery, customer acceptance or rights of return at the time revenue is recognized. Contracts with customers for distinct licenses of intellectual property include perpetual licenses, which grant the customer unlimited access to the software, and term licenses which limit the customer’s access to the software to a specific time period. We offer term licenses ranging from one to five years in length. Customer payments normally correspond with delivery for perpetual licenses. For term licenses, payments are either on installment or in advance. In limited circumstances, we integrate third party software solutions into our software products. We have determined that, consistent with our conclusion under prior revenue recognition rules, generally we act as the principal with respect to the satisfaction of the related performance obligation and record the corresponding revenue on a gross basis from these transactions. For transactions in which we do not act as the principal, we would recognize revenue on a net basis. The fees owed to the third parties are recognized as a component of cost of goods sold when the revenue is recognized. Subscription Revenue: We generate subscription revenues from our cloud services offerings. Subscription revenues mostly include fees from customers for access to the OneSpan Sign, TID, and Dealflo solutions. Our standard customer arrangements do not provide the customer with the right to take possession of the software supporting the cloud-based application service at any time. As such, these arrangements are considered service contracts and revenue is recognized ratably over the service period of the contract. Customer payments are normally in advance for annual service. Maintenance, Support and Other: Maintenance and support agreements generally call for us to provide software updates and technical support, respectively, to customers. The annual fee for maintenance and technical support is recognized ratably over the term of the maintenance and support agreement as this is the period the services are delivered. Customer payments are normally in advance for annual service. Professional Services: Professional services revenues are primarily comprised of implementing, automating and extending business processes, technology infrastructure, and software applications. Professional services revenues are recognized over time as services are rendered, usually over a period of time that is generally less than a few months. Most projects are performed on a time and materials basis, while a portion of revenues is derived from projects performed on a fixed fee. For time and material contracts, revenues are generally recognized and invoiced by multiplying the number of hours expended in the performance of the contract by the contractual hourly rates. For fixed fee contracts, revenues are generally recognized using an input method based on the ratio of hours expended to total estimated hours to complete the services. Customer payments normally correspond with delivery. 47 Table of Contents Multiple-Element Arrangements In our typical multiple-element arrangement, the primary deliverables include: 1. A client component (i.e. an item that is used by the person being authenticated in the form of either a new standalone hardware device or software that is downloaded onto a device that the customer already owns); 2. Server system software that is installed on the customer’s systems (i.e., software on the server system that verifies the identity of the person being authenticated) or licenses for additional users on the server system software if the server system software had been installed previously; and 3. Post contract support (PCS) in the form of maintenance on the server system software or support. Our multiple-element arrangements may also include other items that are usually delivered prior to the recognition of any revenue are incidental to the overall transaction such as initialization of the hardware device, customization of the hardware device itself or the packaging in which it is delivered, deployment services where we deliver the device to our customer’s end-use customer or employee and, in some limited cases, professional services to assist with the initial implementation of a new customer. Significant Judgments We enter into contracts to deliver a combination of hardware devices, software licenses, subscriptions, maintenance and support and, in some situations, professional services. The Company evaluates the nature of the goods or services promised in these arrangements to identify the distinct performance obligations. Determining whether products and services are considered distinct performance obligations that should be accounted for separately versus together may require significant judgment depending on the terms and conditions of the respective customer arrangement. When a hardware client device and licenses to server software are sold in a contract, they are treated as a single performance obligation because the software license is deemed to be a component of the hardware that is integral to the functionality of the hardware that is used by our customers for identity authentication. When a software client device is sold in a contract server software, the licenses are considered a single performance obligation to deliver the authentication solution to the customer. In either of these types of arrangements, maintenance and support and professional services are typically distinct separate performance obligations from the hardware or software solutions. Our contracts to deliver subscription services typically do not include multiple performance obligations; however, in certain limited cases customers may purchase professional services that are distinct performance obligations. For contracts that contain multiple performance obligations, the transaction price is allocated to the separate performance obligations based on their estimated relative standalone selling price. Judgment is required to determine the stand- alone selling price (“SSP”) of each distinct performance obligation. We determine SSP for maintenance and support and professional services based on observable inputs; specifically, the range of prices charged to customers to renew annual maintenance and support contracts and the range of hourly rates we charge our customers in standalone professional services contracts. In instances where SSP is not directly observable, and when we sell at a highly variable price range, such as for transactions involving software licenses or subscriptions, we determine the SSP for those performance obligations using the residual method. Credit Losses We adopted ASU No. 2016-13, Measurement of Credit Losses on Financial Instruments, on January 1, 2020. As a result of the adoption, we amended the accounting policies for the allowance for credit losses. In accordance with ASU No. 2016-13, the Company evaluates its allowance based on expected losses rather than incurred losses, which is known as the current expected credit loss (“CECL”) model. The allowance is determined using the loss rate approach and is measured on a collective (pool) basis when similar risk characteristics exist. Where financial instruments do not share risk characteristics, they are evaluated on an individual basis. The allowance is based on relevant available information, from internal and external sources, relating to past events, current conditions, and reasonable and supportable forecasts. 48 Table of Contents Income Taxes As a global company, we calculate and provide for income taxes in each tax jurisdiction in which we operate. The provision for income taxes includes the amounts payable or refundable for the current year, the effect of deferred taxes and impacts from uncertain tax positions. Our provision for income taxes is significantly affected by shifts in the geographic mix of our pre-tax earnings across tax jurisdictions, changes in tax laws and regulations, and tax planning opportunities available in each tax jurisdiction. Deferred tax assets and liabilities are recognized for the expected future tax consequences of temporary differences between the financial statement and tax bases of our assets and liabilities and for operating losses and tax credit carryforwards. Deferred tax assets and liabilities are measured using enacted tax rates that will apply to taxable income in the years in which those differences are expected to be recovered or settled. Valuation allowances are established for deferred tax assets when it is more likely than not that a tax benefit will not be realized. We recognize the effect of a change in tax rates on deferred tax assets and liabilities and in income in the period that includes the enactment date. We recognize tax benefits for tax positions that are more likely than not to be sustained upon examination by tax authorities. The amount recognized is measured as the largest amount of benefit that is greater than 50 percent likely to be realized upon ultimate settlement. Unrecognized tax benefits are tax benefits claimed in our income tax returns that do not meet these recognition and measurement standards. Assumptions, judgments, and the use of estimates are required in determining whether the “more likely than not” standard has been met when developing the provision for income taxes. We recognize the tax impact of including certain foreign earnings in U.S. taxable income as a period cost. We have recognized deferred income taxes for local country income and withholding taxes that could be incurred on distributions of non- U.S. earnings because we do not plan to indefinitely reinvest such earnings. We monitor for changes in tax laws and reflect the impacts of tax law changes in the period of enactment. Recently Issued Accounting Pronouncements In September 2016, the FASB issued ASU 2016-13, Measurement of Credit Losses on Financial Instruments (Topic 326), which amends the Board’s guidance on the impairment of financial instruments. The ASU adds an impairment model that is based on expected losses rather than incurred losses, which is known as the current expected credit loss (“CECL”) model. The CECL model applies to most debt instruments (other than those measured at fair value), trade and other receivables, financial guarantee contracts, and loan commitments. This ASU is effective for fiscal years beginning after December 15, 2019, and interim periods within those fiscal years. The Company adopted ASC 326 as of January 1, 2020, using the cumulative-effect transition method with the required prospective approach. The cumulative-effect transition method enables an entity to record an allowance for expected credit losses at the date of adoption without restating comparative periods. The cumulative-effect adjustment for adoption of ASC 326 resulted in a decrease of $0.3 million in Accounts receivable, net of allowances and Retained Earnings as of January 1, 2020. In January 2017, the FASB issued ASU 2017-04, Intangibles-Goodwill and Other (Topic 350) – Simplifying the Test for Goodwill Impairment. This standard eliminates the requirement to calculate the implied fair value of goodwill to measure a goodwill impairment charge (i.e. Step 2 of the current guidance), instead measuring the impairment charge as the excess of the reporting unit's carrying amount over its fair value (i.e. Step 1 of the current guidance). The guidance was effective for us beginning in the first quarter of 2020, and should be applied prospectively. Early adoption is permitted for impairment testing dates after January 1, 2017. We adopted this standard on January 1, 2020 on a prospective basis. The adoption of this standard did not have a material impact on our consolidated financial statements. In August 2018, the FASB issued ASU No. 2018-13, Disclosure Framework - Changes to the Disclosure Requirements for Fair Value Measurement (“ASU 2018-13”), which amends ASC 820, Fair Value Measurement. ASU 2018-13 modifies the disclosure requirements for fair value measurements by removing, modifying, or adding certain disclosures. The ASU is effective for annual periods, including interim periods within those annual periods, beginning 49 Table of Contents after December 15, 2019, with early adoption permitted for removed or modified disclosures, and delayed adoption of the additional disclosures until their effective date. We adopted this standard on January 1, 2020 on a retrospective basis. The adoption of this standard did not have a material impact on our consolidated financial statements. In August 2018, the FASB issued ASU 2018-15, Customer's Accounting for Fees Paid in a Cloud Computing Arrangement, which helps entities evaluate the accounting for fees paid by a customer in a cloud computing arrangement (CCA) by providing guidance for determining when an arrangement includes a software license and when an arrangement is solely a hosted CCA service. Under ASU 2018-15, customers will apply the same criteria for capitalizing implementation costs as they would for an arrangement that has a software license. The new guidance also prescribes the balance sheet, income statement, and cash flow classification of the capitalized implementation costs and related amortization expense, and requires additional quantitative and qualitative disclosures. We adopted this standard on January 1, 2020 on a prospective basis. The adoption of this standard did not have a material impact on our consolidated financial statements. In August 2018, the FASB issued ASU 2018-14, Compensation—Retirement Benefits—Defined Benefit Plans—General (Topic 715-20): Disclosure Framework—Changes to the Disclosure Requirements for Defined Benefit Plans (ASU 2018-14), which modifies the disclosure requirements for defined benefit pension plans and other postretirement plans. ASU 2018-14 is effective for fiscal years ending after December 15, 2020, and earlier adoption is permitted. The adoption of the standard was not materially impactful to our consolidated financial statements and disclosures. In December 2019, the FASB issued ASU 2019-12, Simplification for Accounting for Income Taxes, which removes certain exceptions for recognizing deferred taxes for investments, performing intraperiod allocation and calculating income taxes in interim periods. The ASU also adds guidance to reduce complexity in certain areas, including recognizing deferred taxes for tax goodwill and allocating taxes to members of a consolidated group. ASU 2019-12 was effective beginning January 1, 2021. The adoption of this standard did not have a material impact on our financial statements. In March 2020, the FASB issued ASU 2020-04, Facilitation of the Effects of Reference Rate Reform on Financial Reporting. This update provides optional expedients and exceptions for applying generally accepted accounting principles to certain contract modifications and hedging relationships that reference London Inter-bank Offered Rate (LIBOR) or another reference rate expected to be discontinued. The guidance is effective upon issuance and can be applied through December 31, 2022. The adoption of this standard did not have a material impact on the Company’s consolidated financial statements. From time to time, new accounting pronouncements are issued by the FASB or other standard setting bodies that are adopted by us as of the specified effective date. Unless otherwise discussed, our management believes that the issued standards that are not yet effective will not have a material impact on our consolidated financial statements upon adoption. Item 7A - Quantitative and Qualitative Disclosures about Market Risk (In thousands) Foreign Currency Exchange Risk – In 2020, approximately 88% of our business was conducted outside the United States, primarily in Europe, Latin America and Asia/Pacific. A significant portion of our business operations is transacted in foreign currencies. As a result, we have exposure to foreign exchange fluctuations. We are affected by both foreign currency translation and transaction adjustments. Translation adjustments result from the conversion of the foreign subsidiaries’ balance sheets and income statements to U.S. Dollars at year-end exchange rates and weighted average exchange rates, respectively. Translation adjustments resulting from this process are recorded directly into stockholders’ equity. Transaction adjustments result from currency exchange movements when one of our companies transacts business in a currency that differs from its local currency. These adjustments are recorded as gains or losses in our statements of operations. Our business transactions are spread across numerous countries and currencies. This geographic diversity reduces the risk to our operating results. As noted in Management’s Discussion and Analysis above, we attempt to minimize the net impact of currency on operating earnings by denominating an amount of billings in a currency such that it would provide a hedge against the operating expenses being incurred in that currency. 50 Table of Contents Interest Rate Risk – We have minimal interest rate risk. We had no debt outstanding at December 31, 2020. Our cash, cash equivalents, and short term investments are invested in short-term instruments at current market rates. If rates were to increase or decrease by one percentage point, the Company’s interest income would increase or decrease approximately $0.3 million annually. Item 8 - Financial Statements and Supplementary Data The information in response to this item is included in our consolidated financial statements, together with the report thereon of KPMG LLP, appearing on pages F-1 through F-41 of this Form 10-K, and in Item 7 under the heading Management’s Discussion and Analysis of Financial Condition and Results of Operations. Item 9 - Changes in and Disagreements with Accountants on Accounting and Financial Disclosure None. Item 9A - Controls and Procedures Evaluation of Disclosure Controls and Procedures Our management, with the participation of our Chief Executive Officer and Chief Financial Officer, who, respectively, are our principal executive officer and principal financial officer, conducted an evaluation of the effectiveness of the design and operation of our disclosure controls and procedures (as defined in Rules 13a-15(e) and 15d-15(e) under the Securities Exchange Act of 1934, as amended (the "Exchange Act")) as of December 31, 2020. Disclosure controls and procedures include, without limitation, controls and procedures designed to ensure (i) information required to be disclosed by us in our reports that we file or submit under the Exchange Act is recorded, processed, summarized and reported within the time periods specified in the Securities and Exchange Commission’s rules and forms, and (ii) information required to be disclosed by us in our reports that we file or submit under the Exchange Act is accumulated and communicated to our management, including our principal executive and principal financial officers, or persons performing similar functions, as appropriate to allow timely decisions regarding required disclosure. Based upon that evaluation, our management have concluded that the Company's disclosure controls and procedures are effective as of December 31, 2020, to give reasonable assurance that the information required by us in reports filed under the Exchange Act, is recorded, processed, summarized and reported within the time period specified in the rules and forms of the SEC, and is accumulated and communicated to management, including our principal executive officer and principal financial officer, as appropriate, to allow timely decisions regarding required disclosure. Management’s Annual Report on Internal Control over Financial Reporting The management of OneSpan Inc. is responsible for establishing and maintaining adequate internal control over financial reporting. Internal control over financial reporting is defined in Rule 13a-15(f) and 15d-15(f) promulgated under the Exchange Act as a process designed by, or under the supervision of, the Company’s principal executive and principal financial officers and effected by the Company’s board of directors, management and other personnel, to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles and includes those policies and procedures that: (1) Pertain to the maintenance of records that in reasonable detail accurately and fairly reflect the transactions and dispositions of the assets of the Company; (2) Provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the Company are being made only in accordance with authorizations of management and directors of the Company; and (3) Provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposition of the Company’s assets that could have a material effect on the financial statements. Our management, led by our Chief Executive Officer and Chief Financial Officer, assessed the effectiveness of our internal control over financial reporting as of December 31, 2020, using the criteria set forth by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) in Internal Control—Integrated Framework (2013). 51 Table of Contents Management’s evaluation of our internal control over financial reporting determined that the Company’s internal control over financial reporting was effective based on those criteria as of December 31, 2020. KPMG LLP, an independent registered public accounting firm, has audited the consolidated financial statements as of and for the year ended December 31, 2020 included in this Annual Report on Form 10-K, and has issued its report on the effectiveness of the Company’s internal control over financial reporting as of December 31, 2020, included on page 53 of this annual report. Changes in Internal Control over Financial Reporting There were no changes in our internal control over financial reporting (as that term is defined in Rule 13a-15(f) and 15d- 15(f) under the Exchange Act) during the quarter ended December 31, 2020, that have materially affected, or are reasonably likely to materially affect, our internal control over financial reporting Limitations on the Effectiveness of Controls Internal control over financial reporting has inherent limitations. Internal control over financial reporting is a process that involves human diligence and compliance and is subject to lapses in judgment and breakdowns resulting from human failures. Internal control over financial reporting also can be circumvented by collusion or improper management override. Because of such limitations, there is a risk that material misstatements will not be prevented or detected on a timely basis by internal control over financial reporting. However, these inherent limitations are known features of the financial reporting process. Therefore, it is possible to design into the process safeguards to reduce, though not eliminate, this risk. Also, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies and procedures may deteriorate. 52 Table of Contents Report of Independent Registered Public Accounting Firm To the Stockholders and Board of Directors OneSpan Inc.: Opinion on Internal Control Over Financial Reporting We have audited OneSpan Inc. and subsidiaries’ (the Company) internal control over financial reporting as of December 31, 2020, based on criteria established in Internal Control – Integrated Framework (2013) issued by the Committee of Sponsoring Organizations of the Treadway Commission. In our opinion, the Company maintained, in all material respects, effective internal control over financial reporting as of December 31, 2020, based on criteria established in Internal Control – Integrated Framework (2013) issued by the Committee of Sponsoring Organizations of the Treadway Commission. We also have audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States) (PCAOB), the consolidated balance sheets of the Company as of December 31, 2020 and 2019, the related consolidated statements of operations, comprehensive income (loss), stockholders’ equity, and cash flows for each of the years in the three- year period ended December 31, 2020, and the related notes and financial statement schedule II (collectively, the consolidated financial statements), and our report dated February 25, 2021 expressed an unqualified opinion on those consolidated financial statements. Basis for Opinion The Company’s management is responsible for maintaining effective internal control over financial reporting and for its assessment of the effectiveness of internal control over financial reporting, included in the accompanying Management’s Annual Report on Internal Control over Financial Reporting. Our responsibility is to express an opinion on the Company’s internal control over financial reporting based on our audit. We are a public accounting firm registered with the PCAOB and are required to be independent with respect to the Company in accordance with the U.S. federal securities laws and the applicable rules and regulations of the Securities and Exchange Commission and the PCAOB. We conducted our audit in accordance with the standards of the PCAOB. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether effective internal control over financial reporting was maintained in all material respects. Our audit of internal control over financial reporting included obtaining an understanding of internal control over financial reporting, assessing the risk that a material weakness exists, and testing and evaluating the design and operating effectiveness of internal control based on the assessed risk. Our audit also included performing such other procedures as we considered necessary in the circumstances. We believe that our audit provides a reasonable basis for our opinion. Definition and Limitations of Internal Control Over Financial Reporting A company’s internal control over financial reporting is a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles. A company’s internal control over financial reporting includes those policies and procedures that (1) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company; (2) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorizations of management and directors of the company; and (3) provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the company’s assets that could have a material effect on the financial statements. Because of its inherent limitations, internal control over financial reporting may not prevent or detect misstatements. Also, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become 53 Table of Contents inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate. Chicago, Illinois February 25, 2021 /s/ KPMG LLP 54 Table of Contents Item 9B – Other Information On February 24, 2021, Naureen Hassan informed the Company’s Board of Directors that she will resign from the Board of Directors, effective March 1, 2021, as she has accepted a position in the public sector that precludes her continued role as a Board member of a publicly traded company. Ms. Hassan did not advise the Company of any disagreement with the Company on any matters relating to its operations, policies or practices. Item 10 - Directors, Executive Officers and Corporate Governance PART III All information in response to this Item is incorporated by reference to the “Directors and Executive Officers” and “Section 16(a) Beneficial Ownership Compliance” sections of OneSpan’s Proxy Statement to be filed with the SEC for the 2021 Annual Meeting of Stockholders. The following sets forth certain information with regard to each executive officer of the Corporation. There are no family relationships between any of the executive officers, and there is no arrangement or understanding between any executive officer and any other person pursuant to which the executive officer was selected. SCOTT M. CLEMENTS—Mr. Clements has served as OneSpan’s President and Chief Executive Officer since July 2017. From November 2016 to July 2017, he served as the Company’s President and Chief Operating Officer, and prior to that, Mr. Clements served as the Company’s Chief Strategy Officer since he joined the Company in December 2015. Before joining OneSpan, Mr. Clements spent eleven years at Tyco International where he most recently served as Corporate Senior Vice President, Business Development focused on technology acquisitions. Prior to that, Mr. Clements served as President of Tyco Retail Solutions and also as Tyco’s Chief Technology Officer. Before joining Tyco, Mr. Clements spent a decade at Honeywell International in domestic and international financial and operational leadership roles. Mr. Clements is 58 years old. MARK S. HOYT—In November 2015, the Board of Directors appointed Mr. Hoyt to the positions of Chief Financial Officer and Treasurer. In March 2018, the Board also appointed Mr. Hoyt an Executive Vice President. Prior to joining the Company, Mr. Hoyt was the Chief Financial Officer of operations in Europe, Middle East and Africa for Groupon, Inc., and was based in Switzerland from 2012 to 2015, and from 2010 to 2012, he was Vice President of International Financial Operations of Groupon, Inc. and was based in Chicago. Mr. Hoyt is 53 years old. STEVEN R. WORTH —Mr. Worth has served as OneSpan’s General Counsel, Chief Compliance Officer and Corporate Secretary since April 2016. Mr. Worth also has executive responsibility for corporate information security and product related security compliance. Prior to joining OneSpan, Mr. Worth spent five years at cloud software company SilkRoad Technology where he served as an Executive Vice President. Prior to that, Mr. Worth served five years as Vice President, General Counsel and Corporate Secretary of Diamond Management and Technology Consultants, an international publicly traded technology services company. Earlier in his career, Mr. Worth practiced law with the international firm Winston & Strawn. Mr. Worth is 50 years old. Item 11 - Executive Compensation The information in response to this Item is incorporated by reference to the “Executive Compensation” section of OneSpan’s Proxy Statement to be filed with the SEC for the 2021 Annual Meeting of Stockholders. Item 12 - Security Ownership of Certain Beneficial Owners and Management and Related Stockholder Matters The information in response to this Item is incorporated by reference to the “Security Ownership of Certain Beneficial Owners, Directors and Management” section of OneSpan’s Proxy Statement to be filed with the SEC for the 2021 Annual Meeting of Stockholders. 55 Table of Contents Item 13 - Certain Relationships and Related Transactions, and Director Independence The information in response to this Item is incorporated by reference to the “Directors and Executive Officers” and “Transactions with Related Persons” sections of OneSpan’s Proxy Statement to be filed with the SEC for the 2021 Annual Meeting of Stockholders. Item 14 - Principal Accounting Fees and Services The information in response to this Item is incorporated by reference to the “Report of the Audit Committee” section of OneSpan’s Proxy Statement to be filed with the SEC for the 2021 Annual Meeting of Stockholders. Item 15 - Exhibits and Financial Statement Schedules (a) The following documents are filed as part of this Form 10-K. PART IV (1) The following consolidated financial statements and notes thereto, and the related independent auditors’ report, are included on pages F-1 through F-41 of this Form 10-K: Report of Independent Registered Public Accounting Firm Consolidated Balance Sheets as of December 31, 2020 and 2019 Consolidated Statements of Operations for the Years Ended December 31, 2020, 2019 and 2018 Consolidated Statements of Comprehensive Income (Loss) for the Years Ended December 31, 2020, 2019 and 2018 Consolidated Statements of Stockholders’ Equity for the Years Ended December 31, 2020, 2019 and 2018 Consolidated Statements of Cash Flows for the Years Ended December 31, 2020, 2019 and 2018 Notes to Consolidated Financial Statements (2) The following consolidated financial statement schedule of the company is included on page F-42 of this Form 10-K: Schedule II – Valuation and Qualifying Accounts All other financial statement schedules are omitted because such schedules are not required or the information required has been presented in the aforementioned consolidated financial statements. (3) The following exhibits are filed with this Form 10-K or incorporated by reference as set forth at the end of the list of exhibits: Exhibit Number 2.1 Description Agreement for the Sale and Purchase of the Entire Issued Capital of Cronto Limited dated May 20, 2013. (Incorporated by reference – Form 8-K filed May 23, 2013.) 56 Table of Contents Exhibit Number 2.2 2.3 2.4 3.1 3.2 4.1 4.2* 4.3* 4.4* 4.5* 4.6* 4.7* 4.8* 4.9* 10.1* 10.2* Arrangement Agreement, dated October 6, 2015, among VASCO Data Security International, Inc., 685102 N.B. Inc., Silanis Technology Inc., Silanis International Limited, Silanis Canada Inc., and Silanis Agent Inc. (incorporated by reference – Form 8-K filed October 13, 2015.) Description Stock Purchase Agreement, dated May 30, 2018 between VASCO Digital Automation Limited and shareholders of Dealflo Limited (incorporated by reference – Form 8-K filed June 1, 2018.) Share Sale and Purchase Agreement by and among VASCO Data Security International, Inc., A.O.S. Holding B.V., Filipan Beheer B.V., Mr. Mladen Filipan and Pijnenburg Beheer N.V., dated February 4, 2005 (Incorporated by reference - Form 8-K filed February 8, 2005.) Certificate of Incorporation of Registrant, as amended. (incorporated by reference – Form 8-K filed June 1, 2018.) Bylaws of Registrant, as amended and restated January 3, 2019. (Incorporated by reference - Form 8-K filed on January 7, 2019.) Specimen of Registrant’s Common Stock Certificate. (Incorporated by reference to the Registrant’s Registration Statement on Form S-4, as amended (Registration No. 333-35563), originally filed on September 12, 1997.) Form of Award Agreement for Restricted Shares under the VASCO Data Security International, Inc. 2009 Equity Incentive Plan with respect to awards granted January 5, 2017. (Incorporated by reference – Form 10-K filed March 10, 2017.) Form of Award Agreement for Restricted Shares under the VASCO Data Security International, Inc. 2009 Equity Incentive Plan with respect to awards granted January 4, 2018. (Incorporated by reference – Form 10-K filed March 8, 2018.) Form of Award Agreement for Performance Shares under VASCO Data Security International, Inc. 2009 Equity Incentive Plan with respect to awards granted January 4, 2018. (Incorporated by reference – Form 10-K filed March 8, 2018.) Fiscal Year 2018 Form of Award Agreement for Deferred Stock under the VASCO Data Security International, Inc. 2009 Equity Incentive Plan. (Incorporated by reference – Form 10-K filed March 8, 2018.) Form of Award Agreement for Restricted Stock Units under the OneSpan Inc. 2019 Omnibus Incentive Plan. (Incorporated by reference – Form 10-K filed March 16, 2020.) Form of Award Agreement for Performance-based Restricted Stock Units under the OneSpan Inc. 2019 Omnibus Incentive Plan. (Incorporated by reference – Form 10-K filed March 16, 2020.) Form of Award Agreement for Restricted Stock Units for Non-Employee Directors under the OneSpan Inc. 2019 Omnibus Incentive Plan. (Incorporated by reference – Form 10-K filed March 16, 2020.) OneSpan Inc. Cash Award Long-Term Incentive Plan Agreement under the OneSpan Inc. 2019 Omnibus Incentive Plan. (Incorporated by reference – Form 10-K filed March 16, 2020.) VASCO Data Security International, Inc. 2009 Equity Incentive Plan, effective December 19, 2008. (Incorporated by reference to the Registrant’s Definitive Proxy Statement pursuant to Schedule 14A, filed with the SEC on April 30, 2009.) Employment Agreement, effective October 5, 2015, by and between VASCO Data Security International, Inc. and Mark Stephen Hoyt. (Incorporated by reference – Form 8-K filed October 5, 2015.) 57 Table of Contents Exhibit Number 10.3* 10.4* 10.5* 10.6* 14.1 14.2 21 23 31.1 31.2 32.1 32.2 Description Employment Agreement, dated December 1, 2015, by and between VASCO Data Security International, Inc. and Scott Clements, and Amendment No. 1 to Employment Agreement effective as of November 15, 2016. (Incorporated by reference – Form 8-K filed November 15, 2016) Employment Agreement, dated April 18, 2016 by and between VASCO Data Security International, Inc. and Steven Worth. Amendment No. 2 to Employment Agreement effective as of July 28, 2017, by and between VASCO Data Security International, Inc. (the “Company”), and Scott Clements further amending Employment Agreement entered into December 1, 2015 and first amended on November 15, 2016. (Incorporated by reference – Form 8-K filed July 28, 2017.) OneSpan Inc. 2019 Omnibus Incentive Plan (incorporated by reference from Attachment A to the Registrant’s Definitive Proxy Statement filed with the Securities and Exchange Commission on April 26, 2019.) Amended Corporate Governance Guidelines of the Board of Directors of One Span Inc. and Subsidiaries. OneSpan Inc. Code of Conduct and Ethics. Subsidiaries of Registrant. Consent of KPMG LLP. Rule 13a-14(a)/15d-14(a) Certification of Principal Executive Officer pursuant to Section 302 of the Sarbanes- Oxley Act of 2002, dated February 25, 2021. Rule 13a-14(a)/15d-14(a) Certification of Principal Financial Officer pursuant to Section 302 of the Sarbanes- Oxley Act of 2002, dated February 25, 2021. Section 1350 Certification of Principal Executive Officer pursuant to Section 906 of the Sarbanes-Oxley Act of 2002, dated February 25, 2021. Section 1350 Certification of Principal Financial Officer pursuant to Section 906 of the Sarbanes-Oxley Act of 2002, dated February 25, 2021. 101.INS XBRL Instance Document – the instance document does not appear in the Interactive Data File because its XBRL tags are embedded within the Inline XBRL document 101.SCH XBRL Taxonomy Extension Schema Document 101.CAL XBRL Taxonomy Extension Calculation Linkbase Document 101.LAB XBRL Taxonomy Extension Label Linkbase Document 101.PRE XBRL Taxonomy Extension Presentation Linkbase Document 101.DEF XBRL Taxonomy Extension Definition Linkbase Document 104 The cover page interactive data file does not appear in the Interactive Data File because its XBRL tags are embedded within the Inline XBRL document * Management contract or compensatory plan or arrangement required to be filed as an exhibit to this Annual Report on Form 10-K. OneSpan Inc. will furnish any of the above exhibits to stockholders upon written request addressed to the Secretary at the address given on the cover page of this Form 10-K. 58 Table of Contents OneSpan Inc. INDEX TO FINANCIAL STATEMENTS AND SCHEDULE Financial Statements Report of Independent Registered Public Accounting Firm Consolidated Balance Sheets as of December 31, 2020 and 2019 Consolidated Statements of Operations for the Years Ended December 31, 2020, 2019 and 2018 Consolidated Statements of Comprehensive Income (Loss) for the Years Ended December 31, 2020, 2019 and 2018 Consolidated Statements of Stockholders’ Equity for the Years Ended December 31, 2020, 2019 and 2018 Consolidated Statements of Cash Flows for the Years Ended December 31, 2020, 2019 and 2018 Notes to Consolidated Financial Statements Financial Statement Schedule The following consolidated financial statement schedule is included herein: Schedule II – Valuation and Qualifying Accounts F-2 F-4 F-5 F-6 F-7 F-8 F-10 F-42 All other financial statement schedules are omitted because they are not applicable or the required information is shown in the consolidated financial statements or notes thereto. F-1 Table of Contents Report of Independent Registered Public Accounting Firm To the Stockholders and Board of Directors OneSpan Inc.: Opinion on the Consolidated Financial Statements We have audited the accompanying consolidated balance sheets of OneSpan Inc. and subsidiaries (the Company) as of December 31, 2020 and 2019, the related consolidated statements of operations, comprehensive income (loss), stockholders’ equity, and cash flows for each of the years in the three-year period ended December 31, 2020, and the related notes and financial statement schedule II (collectively, the consolidated financial statements). In our opinion, the consolidated financial statements present fairly, in all material respects, the financial position of the Company as of December 31, 2020 and 2019, and the results of its operations and its cash flows for each of the years in the three-year period ended December 31, 2020, in conformity with U.S. generally accepted accounting principles. We also have audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States) (PCAOB), the Company’s internal control over financial reporting as of December 31, 2020, based on criteria established in Internal Control – Integrated Framework (2013) issued by the Committee of Sponsoring Organizations of the Treadway Commission, and our report dated February 25, 2021 expressed an unqualified opinion on the effectiveness of the Company’s internal control over financial reporting. Changes in Accounting Principle As discussed in Notes 2 and 11 to the consolidated financial statements, the Company has changed its method of accounting for credit losses on financial instruments as of January 1, 2020 due to the adoption of Accounting Standards Update (ASU) No. 2016-13, Measurement of Credit Losses on Financial Instruments, and as discussed in Notes 2 and 12 to the consolidated financial statements, the Company changed its method of accounting for leases as of January 1, 2019 due to the adoption of Accounting Standards Codification (ASC) Topic 842, Leases. Basis for Opinion These consolidated financial statements are the responsibility of the Company’s management. Our responsibility is to express an opinion on these consolidated financial statements based on our audits. We are a public accounting firm registered with the PCAOB and are required to be independent with respect to the Company in accordance with the U.S. federal securities laws and the applicable rules and regulations of the Securities and Exchange Commission and the PCAOB. We conducted our audits in accordance with the standards of the PCAOB. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the consolidated financial statements are free of material misstatement, whether due to error or fraud. Our audits included performing procedures to assess the risks of material misstatement of the consolidated financial statements, whether due to error or fraud, and performing procedures that respond to those risks. Such procedures included examining, on a test basis, evidence regarding the amounts and disclosures in the consolidated financial statements. Our audits also included evaluating the accounting principles used and significant estimates made by management, as well as evaluating the overall presentation of the consolidated financial statements. We believe that our audits provide a reasonable basis for our opinion. F-2 Table of Contents Critical Audit Matter The critical audit matter communicated below is a matter arising from the current period audit of the consolidated financial statements that was communicated or required to be communicated to the audit committee and that: (1) relates to accounts or disclosures that are material to the consolidated financial statements and (2) involved our especially challenging, subjective, or complex judgments. The communication of a critical audit matter does not alter in any way our opinion on the consolidated financial statements, taken as a whole, and we are not, by communicating the critical audit matter below, providing a separate opinion on the critical audit matter or on the accounts or disclosures to which it relates. Revenue from contracts containing software licenses with terms and conditions that are unique to individual contracts As discussed in Notes 2 and 6 to the consolidated financial statements, the Company enters into contracts to deliver a combination of hardware devices, software licenses, subscriptions, maintenance and support and, in some situations, professional services. The Company evaluates the nature of the goods and services promised in these arrangements to identify the distinct performance obligations. Certain arrangements contain terms and conditions that are unique to the individual contracts and may vary with regard to the number and type of promises included. The Company recognized total revenue of $215.7 million for the year ended December 31, 2020. We identified the evaluation of revenue from contracts containing software licenses with terms and conditions that are unique to individual contracts as a critical audit matter. Specifically, auditor judgment was required to evaluate the Company's identification of performance obligations in such contracts, including for contracts with new customers or contracts that were amended with existing customers. The following are the primary procedures we performed to address this critical audit matter. We evaluated the design and tested the operating effectiveness of certain internal controls related to the Company’s revenue recognition process. This included controls relating to the identification of performance obligations and evaluation of unique terms and conditions present in individual contracts. We tested a selection of contracts, including contracts with new customers or contracts that were amended with existing customers, by obtaining and reading the underlying contract and accounting analysis to evaluate the Company’s identification performance obligations. Specifically, we evaluated the completeness and accuracy of the Company’s identification of terms and conditions that were unique to the selected contracts and the Company’s determination of the impact of those terms and conditions on revenue recognition. We have served as the Company’s auditor since 1996. Chicago, Illinois February 25, 2021 /s/ KPMG LLP F-3 Table of Contents OneSpan Inc. CONSOLIDATED BALANCE SHEETS (in thousands, except per share data) ASSETS Current assets Cash and equivalents Short term investments Accounts receivable, net of allowances of $4,135 in 2020 and $2,524 in 2019 Inventories, net Prepaid expenses Contract assets Other current assets Total current assets Property and equipment, net Operating lease right-of-use assets Goodwill Intangible assets, net of accumulated amortization Deferred income taxes Contract assets - non-current Other assets Total assets LIABILITIES AND STOCKHOLDERS' EQUITY Current liabilities Accounts payable Deferred revenue Accrued wages and payroll taxes Short-term income taxes payable Other accrued expenses Deferred compensation Total current liabilities Long-term deferred revenue Long-term lease liabilities Other long-term liabilities Long-term income taxes payable Deferred income taxes Total liabilities Stockholders' equity Preferred stock: 500 shares authorized, none issued and outstanding at December 31, 2020 and 2019 Common stock: $.001 par value per share, 75,000 shares authorized; 40,353 and 40,207 shares issued; 40,353 and 40,207 shares outstanding at December 31, 2020 and 2019, respectively Additional paid-in capital Treasury stock, at cost, 250 and 0 shares outstanding at December 31, 2020 and 2019, respectively Retained earnings Accumulated other comprehensive loss Total stockholders' equity Total liabilities and stockholders' equity 2020 2019 $ $ $ 88,394 26,859 57,537 13,093 7,837 7,202 6,256 207,178 11,835 11,356 97,552 27,196 7,030 1,877 11,179 375,203 5,684 43,417 13,649 2,618 8,334 1,602 75,304 11,730 12,399 10,423 6,095 1,912 117,863 84,282 25,511 62,405 19,819 6,198 5,240 6,346 209,801 11,454 10,580 94,612 36,209 7,863 3,355 8,668 382,542 10,835 30,338 15,415 7,410 8,786 1,028 73,812 15,259 11,299 8,297 6,958 4,623 120,248 — — 40 98,819 (5,030) 173,731 (10,220) 257,340 375,203 $ 40 96,109 — 179,440 (13,295) 262,294 382,542 $ $ $ $ See accompanying notes to consolidated financial statements. F-4 Table of Contents OneSpan Inc. CONSOLIDATED STATEMENTS OF OPERATIONS (in thousands, except per share data) Revenue Product and license Services and other Total revenue Cost of goods sold Product and license Services and other Total cost of goods sold Gross profit Operating costs Sales and marketing Research and development General and administrative Amortization / impairment of intangible assets Total operating costs Operating income (loss) Interest income, net Other income (expense), net Income (loss) before income taxes Provision for income taxes Net income (loss) Net income (loss) per share Basic Diluted Weighted average common shares outstanding Basic Diluted For the years ended December 31, 2019 2018 2020 $ $ 132,986 82,705 215,691 183,313 70,171 253,484 $ 152,054 59,282 211,336 41,820 21,619 63,439 63,393 18,569 81,962 50,706 14,107 64,813 152,252 171,522 146,523 60,856 41,194 46,338 9,122 157,510 61,503 42,463 43,897 9,470 157,333 (5,258) 14,189 404 1,434 (3,420) 2,035 747 (527) 14,409 6,545 (5,455) $ 7,864 (0.14) (0.14) $ $ 0.20 0.20 $ $ $ 63,805 32,197 41,589 9,852 147,443 (920) 1,265 2,264 2,609 (435) 3,044 0.08 0.08 40,035 40,035 40,050 40,136 39,932 40,046 $ $ $ See accompanying notes to consolidated financial statements. F-5 Table of Contents OneSpan Inc. CONSOLIDATED STATEMENTS OF COMPREHENSIVE INCOME (LOSS) (in thousands) Net income (loss) Other comprehensive loss Cumulative translation adjustment, net of tax Pension adjustment, net of tax Comprehensive income (loss) For the years ended December 31, 2018 2019 2020 3,044 7,864 $ $ (5,455) $ 4,534 (1,459) $ (2,380) $ (5,516) 1,543 (1,551) 797 7,856 $ (1,675) See accompanying notes to consolidated financial statements. F-6 Table of Contents OneSpan Inc. CONSOLIDATED STATEMENTS OF STOCKHOLDERS’ EQUITY (in thousands) Description Balance at December 31, 2017 Cumulative effect of change related to adoption of ASC 606, net of tax Cumulative effect of change related to adoption of ASU 2016- 16, net of tax Net income (loss) Foreign currency translation adjustment, net of tax Restricted stock awards Tax payments for stock issuances Pension adjustment, net of tax Balance at December 31, 2018 Net income (loss) Foreign currency translation adjustment, net of tax Restricted stock awards Tax payments for stock issuances Pension adjustment, net of tax Balance at December 31, 2019 Cumulative effect of change related to adoption of ASU 2016- 13, net of tax Net income (loss) Foreign currency translation adjustment, net of tax Restricted stock awards Tax payments for stock issuances Pension adjustment, net of tax Repurchase of common shares Balance at December 31, 2020 Common Stock Shares 40,086 Amount 40 Treasury - Common Stock Shares Amount — Additional Paid-In Capital — 90,307 Accumulated Retained Earnings 156,151 Other Comprehensive Income (Loss) (8,568) Total Stockholders Equity 237,930 — — — — — 11,929 — 11,929 — — — — — — 139 — — — — — 40 — — 40,225 — — — — (18) — — — 40 $ 40,207 — — — — — — — 242 (96) — — — — 40 $ (250) 40,103 — — — — — — — — — — — — — $ — — — — — — 250 250 $ — — — — 452 3,044 — — 452 3,044 — 3,973 (970) — — — — — 93,310 — — — — 3,368 (569) — — — — — $ 96,109 — — — — — 171,576 7,864 (5,516) — — 797 (13,287) — (5,516) 3,973 (970) 797 251,639 7,864 — — — — $ 1,543 — — 1,543 3,368 (569) (1,551) (1,551) (13,295) $ 262,294 $ 179,440 — — — — (254) (5,455) — — (254) (5,455) — 4,740 (2,030) — — — — — (5,030) — (5,030)$ 98,819 — — — — — $ 173,731 $ 4,534 — — 4,534 4,740 (2,030) (1,459) (5,030) (10,220) $ 257,340 (1,459) — See accompanying notes to consolidated financial statements. F-7 Table of Contents OneSpan Inc. CONSOLIDATED STATEMENTS OF CASH FLOWS (in thousands) Cash flows from operating activities: Net income (loss) from operations Adjustments to reconcile net income (loss) from operations to net cash provided by (used in) operations: Depreciation, amortization, and impairment of intangible assets Loss on disposal of assets Deferred tax benefit Stock-based compensation Changes in operating assets and liabilities: Accounts receivable, net Inventories, net Contract assets Accounts payable Income taxes payable Accrued expenses Deferred compensation Deferred revenue Other assets and liabilities Net cash provided by operating activities Cash flows from investing activities: Purchase of short term investments Maturities of short term investments Additions to property and equipment Other Net cash provided by (used in) investing activities Cash flows from financing activities: Repurchase of common stock Tax payments for restricted stock issuances Net cash used in financing activities Effect of exchange rate changes on cash Net increase (decrease) in cash Cash, cash equivalents, and restricted cash, beginning of period Cash, cash equivalents, and restricted cash, end of period (1.) Supplemental cash flow disclosures: Cash paid for income taxes Cash paid for interest $ $ $ 2020 Years ended December 31, 2019 2018 $ (5,455) $ 7,864 $ 3,044 12,003 118 (1,487) 4,740 6,792 6,725 (191) (5,237) (5,642) (3,124) 574 8,342 (3,236) 14,922 (34,060) 32,630 (3,101) (133) (4,664) (5,030) (2,030) (7,060) 914 4,112 85,129 89,241 11,545 69 (1,624) 3,368 (3,414) (5,391) 1,740 3,628 158 (1,286) (334) 1,465 456 18,244 (33,839) 31,399 (7,453) — (9,893) — (569) (569) (208) 7,574 77,555 85,129 $ $ 12,138 (49) (7,431) 3,973 (11,960) (2,388) (2,167) (1,475) (2,682) 2,211 (291) 9,538 (1,235) 1,226 (22,820) 80,000 (3,685) (236) 194 — (970) (970) (1,556) (1,106) 78,661 77,555 9,422 $ — $ 7,839 $ — $ 10,884 — See accompanying notes to consolidated financial statements. F-8 Table of Contents (1.) The following table provides a reconciliation of cash, cash equivalents and restricted cash shown above to amounts reported within the consolidated balance sheets as of December 31, 2020 and 2019 and our previously reported consolidated balance sheet as of December 31, 2018 in our Annual Report on Form 10-K for the year ended December 31, 2019 (in thousands): December 31, 2020 December 31, 2019 December 31, 2018 Cash and cash equivalents Restricted cash included in other non-current assets Cash, cash equivalents and restricted cash $ $ 88,394 847 89,241 $ $ 84,282 847 85,129 $ $ 76,708 847 77,555 F-9 Table of Contents OneSpan Inc. NOTES TO CONSOLIDATED FINANCIAL STATEMENTS Unless otherwise noted, references in this Annual Report on Form 10-K to “OneSpan”, “Company”, “we”, “our” and “us” refer to OneSpan Inc. and its subsidiaries. Note 1 – Description of the Company and Basis of Presentation Description of the Company OneSpan Inc. and its wholly owned subsidiaries design, develop, market and support hardware and software security systems that manage and secure access to information assets. OneSpan has operations in Austria, Australia, Belgium, Brazil, Canada, China, France, Japan, The Netherlands, Singapore, Switzerland, the United Arab Emirates, the United Kingdom (U.K.), and the United States (U.S.). In accordance with ASC 280, Segment Reporting, our operations are reported as a single operating segment. The chief operating decision maker is the Chief Executive Officer who reviews the statement of operations of the Company on a consolidated basis, makes decisions and manages the operations of the Company as a single operating segment. Impact of COVID-19 pandemic In March 2020, the World Health Organization recognized a novel strain of coronavirus (COVID-19) as a pandemic. In response to the pandemic, the United States and various foreign, state and local governments have, among other actions, imposed travel and business restrictions and required or advised communities in which we do business to adopt stay-at-home orders and social distancing guidelines, causing some businesses to adjust, reduce or suspend operating activities. The pandemic and the various governments’ responses have caused significant and widespread uncertainty, volatility and disruptions in the U.S. and global economies, including in the regions in which we operate. Beginning in the Summer of 2020 and continuing through the year ended December 31, 2020, we experienced lengthened sales cycles and reduced demand for some of our security solutions due to economic uncertainty connected with the COVID-19 pandemic. The most significant impact of the pandemic on our business has been a sharp drop in demand for our hardware authentication products and delays in the implementation of certain software security solutions. As we cannot predict the duration or scope of the pandemic or its impact on economic and financial markets, any future negative impact to our results cannot be reasonably estimated, but it could be material. We continue to monitor closely the Company’s financial health and liquidity and the impact of the pandemic on the Company. We are able to serve the needs of our customers while taking steps to protect the health and safety of our employees, customers, partners, and communities. Principles of Consolidation The consolidated financial statements include the accounts of OneSpan Inc. and its wholly owned subsidiaries. Intercompany accounts and transactions have been eliminated in consolidation. Estimates and Assumptions The preparation of financial statements in conformity with accounting principles generally accepted in the U.S. requires management to make estimates and assumptions that affect the reported amounts of assets and liabilities and disclosure of contingent assets and liabilities at the date of the financial statements and the reported amounts of revenue and expenses during the reporting period. Actual results could differ from those estimates. F-10 Table of Contents Note 2 – Summary of Significant Accounting Policies Cash and Cash Equivalents Cash and cash equivalents are stated at cost plus accrued interest, which approximates fair value. Cash equivalents are high-quality short term money market instruments and commercial paper with maturities at acquisition of three months or less. Cash and cash equivalents are held by a number of U.S. and non-U.S. commercial banks and money market investment funds. We are in a lease agreement that required a letter of credit in the amount of $0.8 million to secure the obligation. The restricted cash related to this letter of credit is recorded in other non-current assets on the Consolidated Balance Sheet at December 31, 2020 and December 31, 2019. Short Term Investments The Company’s short term investments are in debt securities which consist of U.S treasury bills and notes, U.S. government agency notes, corporate notes, and high quality commercial paper with maturities at acquisition of more than three months and less than twelve months. The Company classifies its investments in debt securities as available-for-sale. The Company adopted ASU 2016-13, Measurement of Credit Losses on Financial Instruments, on January 1, 2020, which amended our accounting for available-for-sale debt securities. Credit impairments are recorded through an allowance rather than a direct write-down of the security and are recorded through a charge to the consolidated statement of operations. Unrealized gains or losses not related to credit impairments are recorded in accumulated other comprehensive gain/(loss) in the consolidated balance sheets. The Company reviews available-for-sale debt securities for impairments related to credit losses and other factors each quarter. As of December 31, 2020 and December 31, 2019, the unrealized gains and losses were not material. Credit Losses Reasonable assurance of collection is a requirement for revenue recognition. Credit limit adjustments for existing customers may result from the periodic review of outstanding accounts receivable. The Company records trade accounts receivable at invoice values, which are generally equal to fair value. The Company adopted ASU No. 2016-13, Measurement of Credit Losses on Financial Instruments, on January 1, 2020. As a result of the adoption, the Company amended its accounting policies for the allowance for credit losses. In accordance with ASU No. 2016-13, the Company evaluates its allowance based on expected losses rather than incurred losses, which is known as the current expected credit loss (“CECL”) model. The allowance is determined using the loss rate approach and is measured on a collective (pool) basis when similar risk characteristics exist. Where financial instruments do not share risk characteristics, they are evaluated on an individual basis. The allowance is based on relevant available information, from internal and external sources, relating to past events, current conditions, and reasonable and supportable forecasts. Fair Value of Financial Instruments At December 31, 2020 and 2019, our financial instruments were cash and equivalents, short term investments, accounts receivable, accounts payable and accrued liabilities. The estimated fair value of our financial instruments has been determined by using available market information and appropriate valuation methodologies, as defined in ASC 820, Fair Value Measurements. The fair values of the financial instruments were not materially different from their carrying amounts at December 31, 2020 and 2019. See Note 10 - Fair Value Measurements for additional detail. Inventories Inventories, consisting principally of hardware and component parts, are stated at the lower of cost or net realizable value. Cost is determined using the first-in-first-out (FIFO) method. We write down inventory when it appears that the carrying cost of the inventory may not be recovered through subsequent sale of the inventory. We analyze the quantity of inventory on hand, the quantity sold in the past year, the anticipated sales volume in the form of sales to new customers as well as sales to previous customers, the expected sales price and the cost of making the sale when F-11 Table of Contents evaluating the valuation of our inventory. If the sales volume or sales price of a specific model declines significantly, additional write downs may be required. Property and Equipment Property and equipment is stated at cost. Depreciation is computed using the straight-line method over the estimated useful lives of the related assets ranging from three to ten years. Leasehold improvements are depreciated over the lesser of the remaining lease term or 10 years. Additions and improvements are capitalized, while expenditures for maintenance and repairs are charged to operations as incurred. Gains or losses resulting from sales or retirements are recorded as incurred, at which time related costs and accumulated depreciation are removed from the accounts. Accounting for Leases All of our leases are operating leases. Under ASC 840 – For the Year ended December 31, 2018; Rent expense on facility leases is charged evenly over the life of the lease, regardless of the timing of actual payments. We relocated one of our principal executive offices from Oakbrook Terrace, Illinois to Chicago, Illinois during 2018 and recognized $0.3 million of lease exit costs in general and administrative expense on the statement of operations for the year ended December 31, 2018. Operating lease expense was $4.9 million for the year ended December 31, 2018. Under ASC 842 – For the Years ended December 31, 2020 and December 31, 2019: The Company adopted ASC Topic 842, Leases as of January 1, 2019, using the modified retrospective approach. Prior period amounts were not adjusted. In addition, the Company elected the following practical expedients: ● ● The package of practical expedients permitted under the transition guidance within the new standard. The practical expedient package applies to leases commenced prior to adoption of the new standard and permits companies not to reassess whether existing or expired contracts contain a lease, the lease classification, and any initial direct costs for existing leases. The short-term lease practical expedient, which allowed the Company to exclude short-term leases from recognition in the consolidated balance sheets; ● We have lease agreements that contain lease and non-lease components. For automobile leases, we account for lease and non-lease components together. For office leases, we account for these components separately using a relative standalone selling basis; and ● We apply the portfolio approach to automobile leases with similar characteristics that commence in the same period. The adoption of this accounting standard resulted in the recording of Operating lease right-of-use (“ROU”) assets and Operating lease liabilities of $9.2 million and $11.0 million, respectively, as of January 1, 2019. The difference between the asset and liability is a result of lease incentives, such as tenant improvement allowances, and deferred rent on the balance sheet at transition. The adoption of ASC Topic 842 had no impact on Retained earnings. See Note 12 – Leases for additional information. Goodwill Goodwill represents the excess of purchase price over the fair value of net identifiable assets acquired in a business combination. We assess the impairment of goodwill annually or whenever events or changes in circumstances F-12 Table of Contents indicate that the carrying value may not be recoverable. During the years ended December 31, 2019 and 2018, we assessed the impairment of goodwill in November. Upon becoming a large accelerated filer during the year ended December 31, 2020, we updated our accounting policy and shifted the annual impairment test to October 1, in order to allow for a greater amount of time to analyze our assessment in advance of the Company’s new accelerated filing deadline. The change in date of the annual impairment assessment of goodwill did not have a material impact to the analysis or conclusions during the year ended December 31, 2020, and is unlikely to materially impact our conclusions of the analysis in future years. During the year ended December 31, 2020, the Company adopted ASU 2017-04, Intangibles-Goodwill and Other (Topic 350) – Simplifying the Test for Goodwill impairment. The guidance simplifies the goodwill impairment test to address concerns related to the existing test’s cost and complexity by eliminating Step 2 of the previous goodwill impairment test, which required a hypothetical purchase price allocation to measure the amount of a goodwill impairment. Under the new guidance, the goodwill impairment test will consist of one step comparing the fair value of a reporting unit with its carrying amount. An entity should recognize a goodwill impairment charge for the amount by which the carrying amount exceeds the reporting unit’s fair value. The Company’s impairment assessment begins with a qualitative assessment to determine whether it is more likely than not that the fair value of a reporting unit is less than its carrying value. The qualitative assessment includes comparing the overall financial performance of the reporting unit against the planned results. Additionally, the reporting unit’s fair value is assessed in light of certain events and circumstances, including macroeconomic conditions, industry and market considerations, cost factors, and other relevant entity- and reporting unit specific events. The selection and assessment of qualitative factors used to determine whether it is more likely than not that the fair value of a reporting unit exceeds the carrying value involves significant judgments. If it is determined under the qualitative assessment that it is more likely than not that the fair value of a reporting unit is less than its carrying value, then the estimated fair value of the reporting unit is compared with its carrying value. An impairment charge is recognized for the amount by which the carrying amount exceeds the reporting unit’s fair value. We operate in one reporting unit and had no goodwill impairment recorded for the years ended December 31, 2020, 2019, and 2018. Long-Lived and Intangible Assets Finite-lived intangible assets include proprietary technology, customer relationships, and other intangible assets. Intangible assets other than patents with definite lives are amortized over the useful life, generally three to seven years for proprietary technology and five to twelve years for customer relationships. Patents are amortized over the life of the patent, generally 20 years in the U.S. Intangible assets arising from business combinations, such as acquired technology, customer relationships, and other intangible assets, are originally recorded at fair value. Long-lived assets, including property, plant and equipment, operating lease right-of-use assets, finite-lived intangible assets being amortized and capitalized software costs for internal use, are reviewed for impairment whenever events or changes in circumstances indicate that the carrying amount of the long-lived asset group may not be recoverable. An impairment loss shall be recognized if the carrying amount of a long-lived asset group exceeds the sum of the undiscounted cash flows expected to result from the use and eventual disposition of the asset. If it is determined that an impairment loss has occurred, the loss is measured as the amount by which the carrying amount of the long-lived asset group exceeds its fair value. Long-lived assets held for sale are reported at the lower of carrying value or fair value less cost to sell. Equity Method Investment We apply the equity method of accounting to our investment in Promon AS (Promon), because we exercise significant influence, but not controlling interest, in the investee. Promon is a technology company headquartered in Norway that specializes in mobile app security, whose solutions focus largely on Runtime Application Self-Protection (RASP). We exercise significant influence over Promon as a result of our 17% ownership interest in Promon, our representation on Promon’s Board of Directors, and the significance to Promon of our business activities with them. We F-13 Table of Contents integrate Promon’s RASP technology into our software solutions, which are licensed to our customers. Under the equity method of accounting, the Company’s proportionate share of the net earnings (losses) of Promon is reported in other income (expense), net in our consolidated Statements of Operations. The impact of the proportionate share of net earnings (losses) were immaterial for the years ended December 31, 2020, 2019 and 2018 as were the relative size of Promon’s assets and operations in relation to the Company’s. The carrying value of our equity method investment is reported in other noncurrent assets in the consolidated Balance Sheets and is reported originally at cost and adjusted each period for the Company’s share of the investee’s earnings (losses) and dividends paid, if any. The Company also assesses the investment for impairment whenever events or changes in circumstances indicate that the carrying value of the investment may not be recoverable. There were no qualitative factors that indicated that the carrying value of the investment may not be recoverable. The Company did not record any impairment charges during the years ended December 31, 2020, 2019 or 2018. The Company recorded $2.5 million and $3.5 million in costs of sales during the years ended December 31, 2020 and 2019, respectively for license fees owed to Promon for use of their software and technology. The Company owed Promon $2.2 million and $2.2 million as of December 31, 2020 and December 31, 2019, respectively, which is included in accounts payable and accrued liabilities. Share Repurchase Program On June 10, 2020, the Board of Directors authorized a share repurchase program (“program”), pursuant to which the Company can repurchase up to $50.0 million of issued and outstanding common stock. Share purchases under the program will take place in open market transactions or in privately negotiated transactions and may be made from time to time depending on market conditions, share price, trading volume, and other factors. The timing of the repurchases and the amount of stock repurchased in each transaction is subject to OneSpan’s sole discretion and will depend upon market and business conditions, applicable legal and credit requirements and other corporate considerations. During the year ended December 31, 2020, $5.0 million of issued and outstanding stock was repurchased under the program. The authorization is effective until June 10, 2022 unless the total amount has been used or authorization has been cancelled. During the year ended December 31, 2020, the Company repurchased 0.3 million shares of the Company’s stock for $5.0 million in the aggregate at an average cost of $20.10 per share under its repurchase program. Revenue Recognition On January 1, 2018, we adopted FASB Accounting Standards Codification (ASC) Topic 606, “Revenue from Contracts with Customers”, or “Topic 606” using the modified retrospective method applied to those contracts which were not completed as of January 1, 2018. Results for reporting periods beginning after January 1, 2018 are presented under Topic 606. We recorded a net increase to opening Retained Earnings of $11.9 million, net of tax, as of January 1, 2018 due to the cumulative impact of adopting Topic 606, with the impact primarily related to the accounting impacts of our customer contracts that include a term license to our software, as well as the impact of accounting for costs incurred to obtain our contracts. See Note 6 - Revenue for further details. We determine revenue recognition through the following steps: Identification of the contract, or contracts, with a customer; Identification of the performance obligations in the contract; ● ● ● Determination of the transaction price; ● Allocation of the transaction price to the performance obligations in the contract; and ● Recognition of revenue when, or as, we satisfy a performance obligation. Revenues are recognized when control of the promised goods or services is transferred to our customers, in an amount that reflects the consideration we expect to be entitled to in exchange for those products or services, which excludes any sales incentives and amounts collected on behalf of third parties. Taxes assessed by a governmental authority that are both imposed on and concurrent with a specific revenue-producing transaction, that are collected by the Company from a customer, are excluded from revenue. Shipping and handling costs associated with outbound freight after control over a product has transferred to a customer are accounted for as a fulfillment cost and are included in cost of goods sold. F-14 Table of Contents Nature of Goods and Services We derive our revenues primarily from Product and License Revenue, which includes hardware products and software licenses, and Services and Other, which is inclusive of software-as-a-service (which we refer to as “subscription”, or “SaaS”), maintenance and support, and professional services. Product Revenue: Revenue from the sale of security hardware is recorded upon shipment, which is the point at which control of the goods are transferred and the completion of the performance obligations, unless there are specific terms that would suggest control is transferred at a later date (e.g. delivery). No significant obligations or contingencies typically exist with regard to delivery, customer acceptance or rights of return at the time revenue is recognized. Customer invoices and subsequent payments normally correspond with delivery. License Revenue: Revenue from the sale of software licenses is recorded upon the latter of when the customer receives the ability to access the software or when they are legally allowed to use the software. No significant obligations or contingencies exist with regard to delivery, customer acceptance or rights of return at the time revenue is recognized. Contracts with customers for distinct licenses of intellectual property include perpetual licenses, which grant the customer unlimited access to the software, and term licenses which limit the customer’s access to the software to a specific time period. We offer term licenses ranging from one to five years in length. Customer payments normally correspond with delivery for perpetual licenses. For term licenses, payments are either on installment or in advance. In limited circumstances, we integrate third party software solutions into our software products. We have determined that, consistent with our conclusion under prior revenue recognition rules, generally we act as the principal with respect to the satisfaction of the related performance obligation and record the corresponding revenue on a gross basis from these transactions. For transactions in which we do not act as the principal, we would recognize revenue on a net basis. The fees owed to the third parties are recognized as a component of cost of goods sold when the revenue is recognized. Subscription Revenue: We generate subscription revenues from our cloud services offerings. Subscription revenues mostly include fees from customers for access to the OneSpan Sign, TID, and Dealflo solutions. Our standard customer arrangements do not provide the customer with the right to take possession of the software supporting the cloud-based application service at any time. As such, these arrangements are considered service contracts and revenue is recognized ratably over the service period of the contract. Customer payments are normally in advance for annual service. Maintenance, Support and Other: Maintenance and support agreements generally call for us to provide software updates and technical support, respectively, to customers. The annual fee for maintenance and technical support is recognized ratably over the term of the maintenance and support agreement as this is the period the services are delivered. Customer payments are normally in advance for annual service. Professional Services: Professional services revenues are primarily comprised of implementing, automating and extending business processes, technology infrastructure, and software applications. Professional services revenues are recognized over time as services are rendered, usually over a period of time that is generally less than a few months. Most projects are performed on a time and materials basis, while a portion of revenues is derived from projects performed on a fixed fee. For time and material contracts, revenues are generally recognized and invoiced by multiplying the number of hours expended in the performance of the contract by the contractual hourly rates. For fixed fee contracts, revenues are generally recognized using an input method based on the ratio of hours expended to total estimated hours to complete the services. Customer payments normally correspond with delivery. Multiple-Element Arrangements In our typical multiple-element arrangement, the primary deliverables include: 1. A client component (i.e. an item that is used by the person being authenticated in the form of either a new standalone hardware device or software that is downloaded onto a device that the customer already owns); F-15 Table of Contents 2. Server system software that is installed on the customer’s systems (i.e., software on the server system that verifies the identity of the person being authenticated) or licenses for additional users on the server system software if the server system software had been installed previously; and 3. Post contract support (PCS) in the form of maintenance on the server system software or support. Our multiple-element arrangements may also include other items that are usually delivered prior to the recognition of any revenue are incidental to the overall transaction such as initialization of the hardware device, customization of the hardware device itself or the packaging in which it is delivered, deployment services where we deliver the device to our customer’s end-use customer or employee and, in some limited cases, professional services to assist with the initial implementation of a new customer. Significant Judgments We enter into contracts to deliver a combination of hardware devices, software licenses, subscriptions, maintenance and support and, in some situations, professional services. The Company evaluates the nature of the goods or services promised in these arrangements to identify the distinct performance obligations. Determining whether products and services are considered distinct performance obligations that should be accounted for separately versus together may require significant judgment depending on the terms and conditions of the respective customer arrangement. When a hardware client device and licenses to server software are sold in a contract, they are treated as a single performance obligation because the software license is deemed to be a component of the hardware that is integral to the functionality of the hardware that is used by our customers for identity authentication. When a software client device is sold in a contract server software, the licenses are considered a single performance obligation to deliver the authentication solution to the customer. In either of these types of arrangements, maintenance and support and professional services are typically distinct separate performance obligations from the hardware or software solutions. Our contracts to deliver subscription services typically do not include multiple performance obligations; however, in certain limited cases customers may purchase professional services that are distinct performance obligations. For contracts that contain multiple performance obligations, the transaction price is allocated to the separate performance obligations based on their estimated relative standalone selling price. Judgment is required to determine the stand- alone selling price (“SSP”) of each distinct performance obligation. We determine SSP for maintenance and support and professional services based on observable inputs; specifically, the range of prices charged to customers to renew annual maintenance and support contracts and the range of hourly rates we charge our customers in standalone professional services contracts. In instances where SSP is not directly observable, and when we sell at a highly variable price range, such as for transactions involving software licenses or subscriptions, we determine the SSP for those performance obligations using the residual method. Cost of Goods Sold Included in product and license cost of goods sold are direct product costs and direct costs to deliver and provide software licenses. Cost of goods sold related to service revenues are primarily costs related to subscription solutions, including personnel and equipment costs, and personnel costs of employees providing professional services and maintenance support. Research and Development Costs Costs for research and development, principally the design and development of hardware, and the design and development of software prior to the determination of technological feasibility, are expensed as incurred on a project-by-project basis. Software Development Costs Software development costs are accounted for in accordance with ASC 985-20, Costs of Software to be Sold, Leased, or Marketed. Research costs and software development costs, prior to the establishment of technological F-16 Table of Contents feasibility, determined based upon the creation of a working model, are expensed as incurred. Our software capitalization policy defines technological feasibility as a functioning beta test prototype with confirmed manufacturability (a working model), within a reasonably predictable range of costs. Additional criteria include receptive customers, or potential customers, as evidenced by interest expressed in a beta test prototype, at some suggested selling price. Our policy is to amortize capitalized costs by the greater of (a) the ratio that current gross revenue for a product bears to the total of current and anticipated future gross revenue for that product or (b) the straight-line method over the remaining estimated economic life of the product, generally two to five years, including the period being reported on. Stock-Based Compensation We have stock-based employee compensation plans, described in Note 14 – Stock Compensation. ASC 718, Stock Compensation requires us to estimate the fair value of restricted stock granted to employees, directors and others to record compensation expense equal to the estimated fair value. Compensation expense is recorded on a straight-line basis over the vesting period for time-based awards and performance and market-based awards with cliff vesting provisions and on a graded basis for performance and market-based awards with graded vesting provisions. Forfeitures are recorded as incurred. Retirement Benefits We record annual expenses relating to defined benefit pension plans based on calculations which include various actuarial assumptions, including discount rates, assumed asset rates of return, compensation increases, and turnover rates. We review our actuarial assumptions on an annual basis and make modifications to the assumptions based on current rates and trends. The effects of gains, losses, and prior service costs and credits are amortized over the average service life. The funded status, or projected benefit obligation less plan assets, for each plan, is reflected in our consolidated financial statements using a December 31 measurement date. Other Income (Expense), Net Other income (expense), net primarily includes exchange gains (losses) on transactions that are denominated in currencies other than our subsidiaries’ functional currencies, subsidies received from foreign governments in support of our research and development in those countries and other miscellaneous non-operational expenses. During 2018, the Company recognized a $1.2 million government subsidy from a foreign government in support of our advancement authentication technology, which is included in other income (expense), net on the statement of operations for the year ended December 31, 2018. Income Taxes As a global company, we calculate and provide for income taxes in each tax jurisdiction in which we operate. The provision for income taxes includes the amounts payable or refundable for the current year, the effect of deferred taxes and impacts from uncertain tax positions. Our provision for income taxes is significantly affected by shifts in the geographic mix of our pre-tax earnings across tax jurisdictions, changes in tax laws and regulations, and tax planning opportunities available in each tax jurisdiction. Deferred tax assets and liabilities are recognized for the expected future tax consequences of temporary differences between the financial statement and tax bases of our assets and liabilities and for operating losses and tax credit carryforwards. Deferred tax assets and liabilities are measured using enacted tax rates that will apply to taxable income in the years in which those differences are expected to be recovered or settled. Valuation allowances are established for deferred tax assets when it is more likely than not that a tax benefit will not be realized. We recognize the effect of a change in tax rates on deferred tax assets and liabilities and in income in the period that includes the enactment date. We recognize tax benefits for tax positions that are more likely than not to be sustained upon examination by tax authorities. The amount recognized is measured as the largest amount of benefit that is greater than 50 percent likely F-17 Table of Contents to be realized upon ultimate settlement. Unrecognized tax benefits are tax benefits claimed in our income tax returns that do not meet these recognition and measurement standards. Assumptions, judgments, and the use of estimates are required in determining whether the “more likely than not” standard has been met when developing the provision for income taxes. We recognize the tax impact of including certain foreign earnings in U.S. taxable income as a period cost. We have recognized deferred income taxes for local country income and withholding taxes that could be incurred on distributions of non- U.S. earnings because we do not plan to indefinitely reinvest such earnings. We monitor for changes in tax laws and reflect the impacts of tax law changes in the period of enactment. Foreign Currency Translation and Transactions The financial position and results of operations of the majority of the Company’s foreign subsidiaries are measured using the local currency as the functional currency. Accordingly, assets and liabilities are translated into U.S. Dollars using current exchange rates as of the balance sheet date. Revenues and expenses are translated at average exchange rates prevailing during the year. Translation adjustments arising from differences in exchange rates are charged or credited to other comprehensive income (loss). Gains or (losses) resulting from foreign currency transactions were less than $0.1 million, $(1.5) million, and $(0.2) million in 2020, 2019, and 2018, respectively, and are included in other income (expense), net in the consolidated statements of operations. The financial position and results of our operations in Singapore, Switzerland, and Canada are measured in U.S. Dollars. For these subsidiaries, gains and losses that result from foreign currency transactions are included in the consolidated statements of operations in other income (expense), net. Recently Issued Accounting Pronouncements In September 2016, the FASB issued ASU 2016-13, Measurement of Credit Losses on Financial Instruments (Topic 326), which amends the Board’s guidance on the impairment of financial instruments. The ASU adds an impairment model that is based on expected losses rather than incurred losses, which is known as the current expected credit loss (“CECL”) model. The CECL model applies to most debt instruments (other than those measured at fair value), trade and other receivables, financial guarantee contracts, and loan commitments. This ASU is effective for fiscal years beginning after December 15, 2019, and interim periods within those fiscal years. The Company adopted ASC 326 as of January 1, 2020, using the cumulative-effect transition method with the required prospective approach. The cumulative-effect transition method enables an entity to record an allowance for expected credit losses at the date of adoption without restating comparative periods. The cumulative-effect adjustment for adoption of ASC 326 resulted in a decrease of $0.3 million in Accounts receivable, net of allowances and Retained Earnings as of January 1, 2020. In January 2017, the FASB issued ASU 2017-04, Intangibles-Goodwill and Other (Topic 350) – Simplifying the Test for Goodwill Impairment. This standard eliminates the requirement to calculate the implied fair value of goodwill to measure a goodwill impairment charge (i.e. Step 2 of the current guidance), instead measuring the impairment charge as the excess of the reporting unit's carrying amount over its fair value (i.e. Step 1 of the current guidance). The guidance was effective for us beginning in the first quarter of 2020, and should be applied prospectively. Early adoption is permitted for impairment testing dates after January 1, 2017. We adopted this standard on January 1, 2020 on a prospective basis. The adoption of this standard did not have a material impact on our consolidated financial statements. In August 2018, the FASB issued ASU No. 2018-13, Disclosure Framework - Changes to the Disclosure Requirements for Fair Value Measurement (“ASU 2018-13”), which amends ASC 820, Fair Value Measurement. ASU 2018-13 modifies the disclosure requirements for fair value measurements by removing, modifying, or adding certain disclosures. The ASU is effective for annual periods, including interim periods within those annual periods, beginning after December 15, 2019, with early adoption permitted for removed or modified disclosures, and delayed adoption of the additional disclosures until their effective date. We adopted this standard on January 1, 2020 on a retrospective basis. The adoption of this standard did not have a material impact on our consolidated financial statements. F-18 Table of Contents In August 2018, the FASB issued ASU 2018-15, Customer's Accounting for Fees Paid in a Cloud Computing Arrangement, which helps entities evaluate the accounting for fees paid by a customer in a cloud computing arrangement (CCA) by providing guidance for determining when an arrangement includes a software license and when an arrangement is solely a hosted CCA service. Under ASU 2018-15, customers will apply the same criteria for capitalizing implementation costs as they would for an arrangement that has a software license. The new guidance also prescribes the balance sheet, income statement, and cash flow classification of the capitalized implementation costs and related amortization expense, and requires additional quantitative and qualitative disclosures. We adopted this standard on January 1, 2020 on a prospective basis. The adoption of this standard did not have a material impact on our consolidated financial statements. In August 2018, the FASB issued ASU 2018-14, Compensation—Retirement Benefits—Defined Benefit Plans—General (Topic 715-20): Disclosure Framework—Changes to the Disclosure Requirements for Defined Benefit Plans (ASU 2018-14), which modifies the disclosure requirements for defined benefit pension plans and other postretirement plans. ASU 2018-14 is effective for fiscal years ending after December 15, 2020, and earlier adoption is permitted. The adoption of the standard was not materially impactful to our consolidated financial statements and disclosures. In December 2019, the FASB issued ASU 2019-12, Simplification for Accounting for Income Taxes, which removes certain exceptions for recognizing deferred taxes for investments, performing intraperiod allocation and calculating income taxes in interim periods. The ASU also adds guidance to reduce complexity in certain areas, including recognizing deferred taxes for tax goodwill and allocating taxes to members of a consolidated group. ASU 2019-12 was effective beginning January 1, 2021. The adoption of this standard did not have a material impact on our financial statements. In March 2020, the FASB issued ASU 2020-04, Facilitation of the Effects of Reference Rate Reform on Financial Reporting. This update provides optional expedients and exceptions for applying generally accepted accounting principles to certain contract modifications and hedging relationships that reference London Inter-bank Offered Rate (LIBOR) or another reference rate expected to be discontinued. The guidance is effective upon issuance and can be applied through December 31, 2022. The adoption of this standard did not have a material impact on the Company’s consolidated financial statements. From time to time, new accounting pronouncements are issued by the FASB or other standard setting bodies that are adopted by us as of the specified effective date. Unless otherwise discussed, our management believes that the issued standards that are not yet effective will not have a material impact on our consolidated financial statements upon adoption. Note 3 – Revision of Previously Issued Financial Statements We have revised amounts reported in previously issued financial statements for the periods presented in this Annual Report on Form 10-K related to immaterial errors. The errors relate to certain contracts with customers involving term-based software licenses and related maintenance and support services. The net contract assets that originated from a portion of these contracts in prior periods were not properly accounted for in subsequent periods, which caused overstatements of revenue in prior periods. We evaluated the aggregate effects of the errors to our previously issued financial statements in accordance with SEC Staff Accounting Bulletins No. 99 and No. 108 and, based upon quantitative and qualitative factors, determined that the errors were not material to the previously issued financial statements and disclosures included in our Annual Reports on Form 10-K for the years ended December 31, 2019 and 2018, or for any quarterly periods included therein or through our Quarterly Report on Form 10-Q for the quarterly period ended March 31, 2020. The following tables present the effects of the aforementioned revisions on our consolidated balance sheet as of December 31, 2019 and our consolidated statements of operations, comprehensive income (loss), stockholders’ equity and cash flows for the years ended December 31, 2020 and 2019. F-19 Table of Contents Consolidated Balance Sheet in thousands Contract assets Total current assets Contract assets - non-current Total assets Short-term income taxes payable Total current liabilities Total liabilities Retained earnings Total stockholders' equity Total liabilities and stockholders' equity Consolidated Statements of Operations in thousands Revenue Product and license Services and other Total revenue Gross Profit Operating income December 31, 2019 As Previously Reported Adjustments As Revised $ $ 7,058 211,619 3,565 384,570 7,711 74,113 120,549 181,167 264,021 384,570 $ (1,818) (1,818) (210) (2,028) (301) (301) (301) (1,727) (1,727) (2,028) 5,240 209,801 3,355 382,542 7,410 73,812 120,248 179,440 262,294 382,542 Year Ended December 31, 2019 As Previously Reported Adjustments As Revised Year Ended December 31, 2018 As Previously Reported Adjustments As Revised $ $ 184,173 70,397 254,570 (860)$ 183,313 70,171 (226) (1,086) 253,484 $ 152,977 59,303 212,280 $ (923) $ 152,054 59,282 211,336 (21) (944) 172,608 (1,086) 171,522 147,467 (944) 146,523 15,275 (1,086) 14,189 24 (944) (920) Income before income taxes Provision for income taxes 15,495 6,706 (1,086) (161) 14,409 6,545 3,553 (293) (944) (142) 2,609 (435) Net Income 8,789 (925) 7,864 3,846 (802) 3,044 Consolidated Statements of Comprehensive Loss Year Ended December 31, 2019 in thousands Net income Comprehensive income (loss) As Previously Reported Adjustments As Revised $ 8,789 8,781 (925) $ 7,864 7,856 (925) $ Year Ended December 31, 2018 As Previously Reported Adjustments As Revised 3,044 $ 3,846 (1,675) (873) (802) $ (802) $ F-20 Table of Contents Consolidated Statements of Stockholders’ Equity in thousands Balance at December 31, 2017 Net income (loss) Balance at December 31, 2018 Net income (loss) Balance at December 31, 2019 Consolidated Statements of Cash Flows in thousands Cash flows from operating activities: Net income Changes in operating assets and liabilities: Contract assets Income taxes payable Net cash provided by operating activities Note 4 – Inventories, net Total Stockholders' Equity As Previously Reported $ $ $ 237,930 3,846 252,441 8,789 264,021 $ $ $ Adjustments N/A (802) (802) (925) (1,727) As Revised N/A 3,044 251,639 7,864 262,294 $ $ $ Year ended December 31, 2019 As Previously Reported Adjustments As Revised Year ended December 31, 2018 As Previously Reported Adjustments As Revised $ 8,789 $ (925) $ 7,864 $ 3,846 $ (802) $ 3,044 655 318 18,244 1,085 (160) 1,740 158 — 18,244 (3,110) (2,541) 1,226 943 (141) — (2,167) (2,682) 1,226 Inventories, net, consisting principally of hardware and component parts, are stated at the lower of cost or net realizable value. Cost is determined using the FIFO method. Inventories, net are comprised of the following: December 31, 2020 2019 Component parts Work-in-process and finished goods Total Note 5 – Business Acquisitions $ (in thousands) 5,439 7,654 $ 13,093 7,429 12,390 $ 19,819 $ On May 30, 2018, OneSpan acquired the remaining interest in Dealflo Limited and its subsidiaries (“Dealflo”), increasing our ownership percentage to 100% from 1%. Dealflo, formerly a privately-held company based in the United Kingdom, provides identity verification and end-to-end financial agreement solutions. Upon acquisition, Dealflo became a wholly-owned subsidiary of OneSpan. Dealflo’s total purchase price consideration was $53.9 million, net of $5.7 million of cash acquired. The total purchase price consideration includes $53.1 million of cash paid to acquire the remaining 99% interest in Dealflo, as well as $0.8 million of fair value of our previous 1% ownership interest. Upon the adoption of ASU 2016-01 on January 1, 2018 the book value of this ownership interest was increased by $0.5 million to record the equity investment at $0.8 million within our consolidated financial statements. This acquisition is accounted for as a business combination using the acquisition method of accounting, which requires the net assets acquired and liabilities assumed to be recognized at their fair values on the acquisition date. F-21 Table of Contents During the year ended December 31, 2019, we recorded certain measurement period adjustments to amounts previously reported, comprised primarily of a $1.8 million increase to the deferred tax liability and a $0.6 million increase to other current assets. The effect of the measurement period adjustments recorded before the measurement period ended during the year ended December 31, 2019 have been determined as if such adjustments had been accounted for at the acquisition date. The net effect of the measurement period adjustments increased goodwill by $1.1 million. The measurement period adjustments did not result in material income statement effects for the year ended December 31, 2019. The measurement period closed on May 30, 2019. The following table summarizes our final allocation of the purchase price consideration based on the estimated fair values of the assets acquired and liabilities assumed at the date of acquisition (net of cash acquired): Acquired tangible assets Acquired identifiable intangible assets Liabilities assumed Goodwill Total purchase price consideration Total (in thousands) 2,700 17,900 (6,041) 39,295 53,854 $ $ The excess of purchase consideration over net assets assumed was recorded as goodwill, which represents the strategic value assigned to Dealflo, including expected benefits from synergies resulting from the acquisition, as well as the knowledge and experience of the workforce in place. In accordance with applicable accounting standards, goodwill is not amortized and will be tested for impairment at least annually, or more frequently, if certain indicators are present. Goodwill and intangible assets related to this acquisition are not deductible for foreign tax purposes. Based on the final results of the acquisition valuation, $17.9 million of the purchase price consideration has been allocated to identifiable intangible assets. The following table summarizes the major classes of intangible assets, as well as the estimated weighted-average amortization periods: Identifiable Intangible Assets Customer relationships Technology Trademarks Estimated Fair Value (in thousands) Weighted Average Amortization Period (Years) $ $ 11,800 5,900 200 17,900 7 4 3 The results of operations of Dealflo subsequent to the acquisition date have been included in the consolidated statement of operations of the years ended December 31, 2020, December 31, 2019 and December 31, 2018. The acquisition related costs directly attributable to the business combination of $1.1 million, including professional fees, and other direct expenses, were expensed as incurred and included in general and administrative expense in the consolidated statement of operations for the year ended December 31, 2018. Unaudited Pro Forma Financial Information The following presents the unaudited pro forma combined results of operations of the Company with Dealflo for the year ended December 31, 2018, assuming Dealflo was acquired at the beginning of 2017, and after giving effect to certain pro forma adjustments. Pro forma adjustments for the year ended December 31, 2018 reflect estimated amortization expense for intangible assets purchased of $1.3 million, the elimination of $0.2 million of revenue related to intercompany transactions, and the elimination of $1.1 million of non-recurring acquisition-related costs. F-22 Table of Contents These unaudited pro forma results are not necessarily indicative of the actual consolidated results of operations had the acquisition actually occurred on January 1, 2017 or of future results of operations of the consolidated entities (in thousands except per share data): Revenue Net loss Basic net loss per share Diluted net loss per share Shares used in computing basic and diluted net loss per share Note 6 – Revenue $ Year ended December 31, 2018 (in thousands) 218,903 (6,966) (0.17) (0.17) 39,932 We recognize revenue in accordance with ASC 606 “Revenue from Contracts with Customers” (“Topic 606”), as described below. Disaggregation of Revenues The following tables present our revenues disaggregated by major products and services, geographical region and timing of revenue recognition. Certain amounts reported for the years ended December 31, 2019 and 2018 have been recast consistent with the impacts disclosed in Note 3 – Revision of Previously Issued Financial Statements. Revenue by major products and services (in thousands) Hardware products Software licenses Subscription Professional services Maintenance, support and other Total Revenue 2020 2019 2018 Years ended December 31, 81,849 51,137 27,788 5,689 49,228 215,691 $ $ 127,005 56,308 22,280 5,759 42,132 253,484 $ $ 105,560 46,494 15,432 5,743 38,107 211,336 $ $ Revenue by location of customer for the years ended December 31, 2020, 2019, and 2018 (in thousands) Total Revenue: 2020 2019 2018 Percent of Total: 2020 2019 2018 EMEA Americas APAC Total $ 117,086 $ 145,942 $ 102,349 $ $ $ 53,171 61,577 54,979 $ $ $ 45,434 45,965 54,008 $ 215,691 $ 253,484 $ 211,336 54 % 58 % 48 % 25 % 24 % 26 % 21 % 18 % 26 % 100 % 100 % 100 % F-23 Table of Contents Timing of revenue recognition (in thousands) Products and Licenses transferred at a point in time Services transferred over time Total Revenue Contract balances (in thousands) 2020 Year ended December 31, 2019 2018 $ $ 132,986 82,705 215,691 $ $ 183,313 70,171 253,484 $ $ 152,054 59,282 211,336 The following table provides information about receivables, contract assets and contract liabilities from contracts with customers. Receivables, inclusive of trade and unbilled Contract Assets (current and non-current) Contract Liabilities (Deferred Revenue current and non-current) $ $ $ December 31, 2020 2019 57,537 9,079 55,147 $ $ $ 62,405 8,595 45,597 Contract assets relate primarily to multi-year term license arrangements and the remaining contractual billings. These contract assets are transferred to receivables when the right to billing occurs, which is normally over 3-5 years. The contract liabilities primarily relate to the advance consideration received from customers for subscription and maintenance services. Revenue is recognized for these services over time. As a practical expedient, we do not adjust the promised amount of consideration for the effects of a significant financing component when we expect, at contract inception, that the period between our transfer of a promised product or service to a customer and when the customer pays for that product or service will be one year or less. We do not typically include extended payment terms in our contracts with customers. Revenue recognized during the year ended December 31, 2020 included $35.0 million that was included on the December 31, 2019 balance sheet in contract liabilities. Deferred revenue increased in the same period due to timing of annual renewals. Transaction price allocated to the remaining performance obligations The following table includes estimated revenue expected to be recognized in the future related to performance obligations that are unsatisfied (or partially unsatisfied) at the end of the reporting period. in thousands Future revenue related to current unsatisfied performance obligations 2021 2022 2023 Beyond 2023 Total $ 19,942 $ 13,565 $ 9,529 $ 6,461 $ 49,497 The Company applies practical expedients and does not disclose information about remaining performance obligations (a) that have original expected durations of one year or less, or (b) where revenue is recognized as invoiced. Costs of obtaining a contract The Company incurs incremental costs related to commissions, which can be directly tied to obtaining a contract. Under Topic 606, the Company capitalizes commissions associated with certain new contracts and amortizes the costs over a period of benefit based on the transfer of goods or services that we have determined to be up to seven years. We determined the period of benefit by taking into consideration our customer contracts, our technology and other factors, including customer attrition. Commissions are earned upon invoicing to the customer. For contracts with F-24 Table of Contents multiple year payment terms, as the commissions that are payable after year 1 are payable based on continued employment, they are expensed when incurred. Commissions and amortization expense are included in Sales and Marketing expenses on the consolidated statements of operations. Applying the practical expedient, the Company recognizes the incremental costs of obtaining contracts as an expense when incurred if the amortization period for the assets that the Company otherwise would have recognized is one year or less. These costs are included in Sales and Marketing expense in the consolidated statements of operations. The following tables provide information related to the capitalized costs and amortization recognized in the current and prior period: in thousands Capitalized costs to obtain contracts, current Capitalized costs to obtain contracts, non-current $ $ in thousands Amortization of capitalized costs to obtain contracts Impairments of capitalized costs to obtain contracts Note 7 – Goodwill December 31, 2020 December 31, 2019 December 31, 2018 413 2,150 1,222 $ 5,464 $ 676 $ 3,222 $ Year ended December 31, 2020 2019 $ $ 904 $ - $ 495 - Goodwill activity for the two years ended December 31, 2020 consisted of the following: in thousands Net balance at December 31, 2018 Adjustment to provisional estimate of acquisition date fair values Net foreign currency translation Net balance at December 31, 2019 Net foreign currency translation Net balance at December 31, 2020 $ $ $ 91,841 1,128 1,643 94,612 2,940 97,552 Certain portions of goodwill are denominated in local currencies and are subject to currency fluctuations. No impairment of goodwill was recorded during the years ended December 31, 2020, 2019, or 2018. F-25 Table of Contents Note 8 – Intangible Assets Intangible asset activity for the two years ended December 31, 2020 is detailed in the following table; in thousands Net balance at December 31, 2018 Net foreign currency translation Amortization expense Net balance at December 31, 2019 Additions Disposals Net foreign currency translation Amortization expense Net balance at December 31, 2020 December 31, 2020 balance at cost Accumulated amortization Net balance at December 31, 2020 $ Acquired Technology Customer Relationships Other Total Intangible Assets 45,462 217 (9,470) 30,408 118 (3,642) 8,795 120 (3,461) 6,259 (21) (2,367) $ $ $ 5,454 46 — 53 (3,276) 2,277 43,546 (41,269) $ $ 26,884 — — (58) (3,626) 23,200 39,946 (16,746) $ $ 3,871 87 (58) 39 (2,220) 1,719 13,593 (11,874) $ $ 36,209 133 (58) 34 (9,122) 27,196 97,085 (69,889) 2,277 $ 23,200 $ 1,719 $ 27,196 $ $ $ Certain intangible assets are denominated in local currencies and are subject to currency fluctuations. As a result of the Company rebranding, the values of certain intangible assets were written down during the second quarter of 2018, and impairment charges of $0.5 million were recorded for the year ended December 31, 2018. Expected amortization of the intangible assets for the years ended: December 31, 2021 December 31, 2022 December 31, 2023 December 31, 2024 December 31, 2025 Thereafter Subject to amortization Trademarks Total intangible assets Note 9 – Property and Equipment The major classes of property and equipment are as follows: in thousands Office equipment and software Leasehold improvements Furniture and fixtures Total Accumulated depreciation Property and equipment, net $ $ 5,886 4,718 4,088 4,089 3,079 4,600 26,460 736 27,196 $ $ December 31, 2020 December 31, 2019 14,595 9,417 3,717 27,729 (16,275) 11,454 13,540 10,593 3,827 27,960 (16,125) 11,835 $ $ Depreciation expense was $2.9 million, $2.1 million, and $2.3 million for the years ended December 31, 2020, 2019, and 2018, respectively. F-26 Table of Contents Note 10 – Fair Value Measurements The fair values of cash equivalents, receivables, net, and accounts payable approximate their carrying amounts due to their short duration. The fair value hierarchy is based on inputs to valuation techniques that are used to measure fair value that are either observable or unobservable. Observable inputs reflect assumptions market participants would use in pricing an asset or liability based on market data obtained from independent sources while unobservable inputs reflect a reporting entity’s pricing base upon its own market assumptions. The Company classifies its investments in debt securities as available-for-sale. As described in Note 2 – Summary of Significant Accounting Policies, the January 1, 2020 adoption of ASU 2016-13, Measurement of Credit Losses on Financial Instruments, amended our accounting for available-for-sale debt securities. We review available-for-sale debt securities for impairments related to losses and other factors each quarter. The unrealized gains and losses on the available-for-sale debt securities were not material as of December 31, 2020 and December 31, 2019. The estimated fair value of our financial instruments has been determined by using available market information and appropriate valuation methodologies, as defined in ASC 820, Fair Value Measurements. The fair value hierarchy consists of the following three levels: ● ● ● Level 1 – Inputs are quoted prices in active markets for identical assets or liabilities. Level 2 – Inputs are quoted prices for similar assets or liabilities in an active market, quoted prices for identical or similar assets or liabilities in markets that are not active, inputs other than quoted prices that are observable and market-corroborated inputs which are derived primarily from or corroborated by observable market data. Level 3 – Inputs are derived from valuation techniques in which one or more significant inputs or value drivers are unobservable. The following tables summarize assets that are measured at fair value on a recurring basis as of December 31, 2020 and December 31, 2019: in thousands Assets: U.S. Treasury Notes Corporate Notes / Bonds Commercial Paper U.S. Treasury Bills U.S. Government Agencies in thousands Assets: U.S. Treasury Notes Corporate Notes / Bonds Commercial Paper U.S. Treasury Bills U.S. Government Agencies Fair Value Measurement at Reporting Date Using Quoted Prices in Active Markets for Identical Assets (Level 1) Significant Other Observable Inputs (Level 2) Significant Unobservable Inputs (Level 3) December 31, 2020 4,951 8,780 4,098 5,292 3,738 - $ - $ - $ - $ - $ 4,951 8,780 4,098 5,292 3,738 - - - - - Fair Value Measurement at Reporting Date Using Quoted Prices in Active Markets for Identical Assets (Level 1) Significant Other Observable Inputs (Level 2) Significant Unobservable Inputs (Level 3) December 31, 2019 - $ - $ - $ - $ - $ 9,225 8,169 3,482 2,385 2,249 - - - - - 9,225 8,169 3,482 2,385 2,249 F-27 $ $ $ $ $ $ $ $ $ $ Table of Contents Note 11 – Allowance for Credit Losses As described in Note 2 – Summary of Significant Accounting Policies, the January 1, 2020 adoption of ASU 2016-13, Measurement of Credit Losses on Financial Instruments, amended our accounting policies for the allowance for credit losses. The change in the allowance for credit losses during the year ended December 31, 2020 were as follows: in thousands Balance at December 31, 2019 Impact of ASU 2016-13 adoption Balance at January 1, 2020 Provision Write-offs Net foreign currency translation Balance at December 31, 2020 $ $ 2,524 288 2,812 2,306 (994) 11 4,135 A higher allowance for credit losses was recorded during the year ended December 31, 2020 primarily due to the adverse impact the COVID-19 pandemic has had on factors that affect our estimate of future credit losses. Note 12 – Leases As mentioned in Note 2 – Summary of Significant Accounting Policies, the Company adopted ASC Topic 842, Leases on January 1, 2019, using the modified retrospective approach. The adoption of this accounting standard resulted in the recording of operating lease right-of-use (“ROU”) assets of $9.2 million in Operating lease right-of use assets, and operating lease liabilities of $2.5 million and $8.5 million in Other accrued expenses and Long-term lease liabilities, respectively, as of January 1, 2019, to capture the cumulative effect of the standard. The difference between the asset and liability is a result of lease incentives, such as tenant improvement allowances, and deferred rent on the balance sheet at transition. The Company leases certain real estate and automobiles. Leases with an initial term of 12 months or less (“short-term leases”) are not recorded on the consolidated balance sheet; the Company recognizes lease expense for these leases on a straight- line basis over the lease term. The Company determines if an arrangement is a lease at inception. All of our leases are operating leases. Operating lease right-of-use (“ROU”) assets and operating lease liabilities are recognized based on the present value of lease payments over the lease term at commencement date. Because most of the Company’s leases do not provide an implicit rate of return, the Company uses its imputed collateralized rate based on the information available at the commencement date in determining the present value of lease payments. Operating lease ROU assets are comprised of the lease liability plus prepaid rents and are reduced by lease incentives or deferred rents. The Company has lease agreements with non-lease components which are not bifurcated. Some of our leases include one or more options to renew, with renewal terms that can extend the lease from one to five years. The exercise of a lease renewal option typically occurs at the discretion of both parties. Certain leases also include options to purchase the leased property at fair value. For purposes of calculating operating lease liabilities, lease terms are deemed not to include options to extend the lease termination until it is reasonably certain that the Company will exercise that option. Certain of the Company’s lease agreements include payments adjusted periodically for inflation based on the consumer price index. The Company’s lease agreements do not contain any material residual value guarantees or material restrictive covenants. F-28 Table of Contents Operating lease cost details for the years ended December 31, 2020 and December 31, 2019 are as follows: Years ended December 31, 2020 2019 2020 Building rent Automobile rentals Total net operating lease costs $ $ 2,978 1,576 4,554 $ 3,397 1,531 4,928 (in thousands) $ Operating lease rent expense was $4.9 million for the year ended December 31, 2018. Short term lease costs and variable lease costs recognized during the years ended December 31, 2020 and December 31, 2019 are immaterial. Supplemental consolidated balance sheet information related to our operating leases is as follows: in thousands Leases Assets Operating lease assets Liabilities Current Operating lease liabilities Noncurrent Operating lease liabilities Total lease liabilities December 31, 2020 December 31, 2019 $ $ $ 11,356 11,356 $ 10,580 10,580 2,855 $ 2,636 12,399 15,254 $ 11,299 13,935 The weighted average remaining lease term for our operating leases is 6.8 years. The weighted-average discount rate for our operating leases is 5%. Supplemental consolidated cash flow information related to leases is as follows: Supplemental cash flow and other information related to leases: Operating cash payments from operating leases ROU assets obtained in exchange for new operating lease liabilities $ $ 3,835 3,549 $ $ 3,731 4,924 Years ended December 31, 2020 December 31, 2019 (in thousands) (in thousands) F-29 Table of Contents Maturities of our operating leases are as follows: 2021 2022 2023 2024 2025 Later years Less imputed interest Total lease liabilities Note 13 – Income Taxes As of December 31, 2020 (in $ thousands) 3,521 3,183 2,555 1,716 1,576 5,886 (3,183) 15,254 $ $ Income (loss) before income taxes was generated in the following jurisdictions: U.S. Non-U.S. Total For the year ended December 31, 2018 2019 2020 $ $ $ 3,223 1,046 (4,466) 11,186 (3,420) $ 14,409 $ (4,347) 6,956 2,609 $ For the years ended December 31, 2020, 2019, and 2018, domestic income excludes intercompany dividend income of $38.0 million, $6.3 million, and $133.3 million, respectively. The provision (benefit) for income taxes consists of the following: Current: Federal State Foreign Total current Deferred: Federal State Foreign Total deferred Total For the year ended December 31, 2018 2019 2020 $ $ 1,715 49 1,758 3,522 1,385 (24) (2,848) (1,487) 2,035 $ $ 433 107 7,629 8,169 $ (3,792) 97 10,691 6,996 (970) 24 (678) (1,624) 6,545 (333) 15 (7,113) (7,431) (435) $ F-30 Table of Contents For 2020, 2019, and 2018, our U.S. federal statutory was 21%. The differences between the income tax provisions computed using the statutory federal income tax rate and the provisions for income taxes reported in the consolidated statements of operations are as follows: Expected tax at statutory rate Foreign taxes at other rates Valuation allowances on NOL carryforwards US tax reform - deemed repatriation Global intangible low-taxed income inclusion US tax reform - deferred tax expense from tax rate change State income taxes, net of federal benefit Uncertain tax positions Disallowed expenses and other Total For the year ended December 31, 2019 2020 2018 $ (718) $ 3,026 (914) (309) 2,042 2,617 — — (27) 339 — — 108 32 1,845 235 465 (161) $ 6,545 $ 2,035 $ $ 549 (1,252) 2,894 (2,534) 23 (462) (79) 171 255 (435) Significant components of our deferred tax assets and liabilities are as follows: Deferred tax assets: Stock and long-term compensation plans Foreign NOL & other carryforwards US state NOL carryforwards Deferred revenue Pension liability, net Amortization and depreciation Lease liability Accrued expenses and other Total gross deferred tax assets Less: Valuation allowance Net deferred income tax assets Deferred tax liabilities: Accruals Tax on unremitted foreign earnings Right of use asset Intangible assets Tax on credits Contract acquisition costs Deferred tax liabilities Net deferred tax assets (liabilities) Deferred tax assets and liabilities are netted by tax jurisdiction. F-31 As of December 31, 2019 2020 $ 2,450 29,267 718 671 2,074 167 3,837 1,264 40,448 (19,992) $ 20,456 $ 2,405 24,867 670 684 1,509 586 2,807 1,013 34,541 (17,255) $ 17,286 $ 286 1,809 3,251 6,135 2,241 1,616 $ 15,338 $ 741 2,058 2,124 8,046 627 450 $ 14,046 $ 5,118 $ 3,240 Table of Contents At December 31, 2020, we had foreign and state net operating loss (NOL) carryforwards and other foreign deductible carryforwards as shown in the following table: NOL Carryforward Canada United Kingdom Other foreign Canada province U.S. states Other Carryforwards Canada Canada province Capital loss Canada (credit) Carryforward Expiration $ 46,329 2027-2040 8,882 7,323 None None 2027-2040 9,615 2021-2030 47,310 119,459 29,415 29,415 432 None None None 5,475 2023-2040 64,737 $ 184,196 The net change in the valuation allowance for the years ended December 31, 2020 and December 31, 2019 were increases of $2.7 million and $2.1 million respectively. Valuation allowances are reviewed on a regular basis and adjustments made as appropriate. The increase in the valuation allowance in 2020 reflects NOLs, other deduction carryforwards, and credits for which the realization is not more likely than not. The change in the valuation allowance also reflects other factors including, but not limited to, changes in our assessment of our ability to use existing NOLs and other deduction carryforwards, changes in currency rates, and adjustments to reflect differences between the actual returns filed and the estimates we made at financial reporting dates. For all other deferred tax assets, the Company believes it is more likely than not that the results of future operations will generate sufficient taxable income to realize the deferred tax assets. Our policy is to record interest and penalties on income taxes as income tax expense. We provided less than $0.1 million in 2020, $0.2 million in 2019 and less than $0.1 million during 2018. ASC 740, Income Taxes sets a “more likely than not” criterion for recognizing the tax benefit of uncertain tax positions. As of December 31, 2020, 2019, and 2018, we had reserves of $0.5 million, $2.9 million, and $0.4 million, respectively. Reserve at beginning of year Increases related to prior year tax positions Decreases related to prior year tax positions Lapse of statute of limitations Settlement Total $ As of year ended December 31, 2020 2018 2019 $ 2,923 277 (37) — $ 427 2,500 — (4) — $ 2,923 (2,663) 500 $ 107 427 — (107) — 427 $ We file income tax returns in the U.S. federal jurisdiction and in many state and foreign jurisdictions. We are subject to examination of our income tax returns by the IRS and other tax authorities. During the year ended December 31, 2020, we concluded an audit with the Belgian tax authorities which covered income tax returns filed for the years 2015-2018, and entered into a settlement agreement with the Belgian tax authorities covering tax years through 2016. There was no assessment for 2017 and 2018. While we believe the positions we took were supportable under Belgian tax law, in lieu of extending the audit process or pursuing litigation, we negotiated a settlement agreement. F-32 Table of Contents We believe that an adequate provision has been made for any adjustments that may result from tax examinations. However, the outcome of tax audits cannot be predicted with certainty. If any issues addressed in our tax audits are resolved in a manner not consistent with management's expectations, we could be required to adjust our provision for income taxes in the period such resolution occurs. Included in the balance of unrecognized tax benefits as of December 31, 2020 is $0.5 million, of tax benefits that, if recognized, would affect the effective tax rate. We estimate that our unrecognized tax benefits as of December 31, 2020 could decrease by as much as $0.5 million in the next 12 months. Our primary tax jurisdictions and the earliest tax year subject to audit are presented in the following table. Australia Austria Belgium Canada Netherlands Singapore Switzerland United Kingdom United States 2012 2014 2016 2016 2015 2015 2019 2018 2017 Note 14 – Stock Compensation Plans (sharecounts in thousands) The Company has a share-based compensation plan, the OneSpan Inc. 2019 Omnibus Incentive Plan (“Plan”), which was approved by its Shareholders in June 2019 under which the Board of Directors may grant share-based awards including restricted stock units (RSUs) and performance restricted stock units (PSUs). The Plan may provide performance incentives to employees and non-employee directors, consultants and other key persons of the Company. The plan is administered by the Compensation Committee as appointed by the Board of Directors and is intended to be a non-qualified plan. As of December 31, 2020, the remaining number of shares allowed to be issued under the Plan was 4.1 million shares of the company’s common stock, representing 10% of the issued and outstanding shares of the company as of such date. The following table details long-term compensation plan and stock-based compensation expense for the years ended December 31, 2020, 2019, and 2018. in thousands Restricted stock Long-term compensation plan Total compensation Time-Based Restricted Stock Awards For the year ended December 31, 2018 2019 2020 $ $ 4,740 1,262 6,002 $ $ 3,368 1,955 5,323 $ $ 3,973 2,118 6,091 Time-based awards granted to certain executive officers vest in equal semi-annual installments over four years. Awards granted to certain other employees vest ratably over a four-year period with the first one-fourth of the grant vesting one year after the date of the grant. Shares are subject to forfeiture if the service period requirement is not met. Compensation expense was $0.7 million, $0.5 million, and $2.0 million for 2020, 2019, and 2018, respectively. Tax benefit related to the compensation expense was $0.2 million, $0.2 million, and $0.5 million for 2020, 2019, and 2018, F-33 Table of Contents respectively. The following table summarizes the time-based restricted stock activity for the year ended December 31, 2020. (in thousands) Outstanding at January 1, 2020 Shares vested Outstanding at December 31, 2020 Weighted- Weighted- average remaining term (years) 1.71 0.89 average grant date fair value 14.88 14.47 14.60 $ $ Shares 121 (65) 56 The unamortized future compensation expense for time-based restricted stock awards was $0.5 million at December 31, 2020. Time-Based Restricted Stock Units Settled in Stock Beginning in 2019, the company grants certain eligible employees RSUs that settle in Company stock. RSUs granted to non-employee directors vest on the first anniversary date of the grant. Awards granted to certain executive officers vest in equal semi-annual installments over four years. Awards granted to certain other employees vest ratably over a four-year period with the first one-fourth of the grant vesting one year after the date of the grant. Shares are subject to forfeiture if the service period is not met. Compensation expense was $2.5 million and $1.0 million for 2020 and 2019, respectively, and the related tax benefit was $0.5 million and $0.3 million, respectively. The following table summarizes the time-based restricted stock activity for the year ended December 31, 2020: (in thousands) Nonvested, January 1, 2020 Shares vested Shares awarded Shares forfeited Nonvested, December 31, 2020 Weighted- Weighted- average remaining term (years) 2.54 $ 2.55 $ average grant date fair value 13.78 14.91 17.81 15.07 16.87 Shares 190 (121) 331 (21) 379 The unamortized future compensation expense for time-based restricted stock awards was $5.1 million at December 31, 2020. Performance-Based Restricted Stock Units settled in stock Performance-based restricted stock units granted to executive officers and certain other employees were subject to achievement of three year performance criteria established by the Board of Directors Under certain grants, earned shares related to three-year targets cliff vest upon fulfillment of the performance criteria and completion of the three-year period. Shares are subject to forfeiture if the performance criteria and service period are not met. None of the restricted stock units subject to the achievement of future performance criteria awarded during the year ended December 31, 2020 are expected to be earned, and the compensation costs recorded for these unvested shares has been reversed. Certain restricted stock units subject to the achievement of future performance criteria awarded during the years ended December 2019 and 2018 are not expected to be earned. The compensation costs recorded for the 81 and 3 unvested shares issued during the years ended December 31, 2019 and 2018, respectively, with performance criteria that are no longer considered probable of achievement have been reversed during the year ended December 31, 2020. Compensation expense in 2020, 2019, and 2018 was $1.1 million, $1.8 million, and $2.0 million. Tax benefit related to the compensation expense was $0.2 million, $0.2 million, and $0.5 million for 2020, 2019, and 2018, respectively. F-34 Table of Contents The following table summarizes activity related to unvested performance restricted stock shares during 2020: (in thousands) Unearned, January 1, 2020 Shares vested Shares awarded Shares forfeited Unearned, December 31, 2020 Total Unvested Weighted- average remaining Shares term (years) $ 1.25 Weighted- average grant date fair value 14.46 14.46 19.72 18.32 15.29 0.83 $ 492 (102) 78 (9) 459 Unamortized future compensation expense for performance-based restricted stock was $0.8 million at December 31, 2020. Market-Based Restricted Stock Units settled in stock We awarded restricted stock unit grants during the year ended December 31, 2020 to executive officers and certain other employees, subject to the achievement of market and service conditions, which allow for up to 52 shares to be earned if the market conditions are fully achieved at the end of the three year performance period. The fair value of these awards was $1.5 million at the dates of grant and the awards are being amortized over the vesting period of three years. Compensation expense for the year ended December 31, 2020 was $0.4 million and the related tax benefit was $0.1. The following table summarizes activity related to unvested market and service restricted stock units settled in stock: (in thousands) Nonvested, January 1, 2020 Shares vested Shares awarded Shares forfeited Nonvested, December 31, 2020 Weighted- Weighted- average remaining term (years) Shares — — 52 — 52 — $ 2.00 2.00 $ average grant date fair value - - 28.44 - 28.44 Unamortized future compensation expense for market-based restricted stock was $1.1 million at December 31, 2020. Note 15 – Earnings per Common Share (sharecounts in thousands) Basic earnings per share is based on the weighted average number of shares outstanding and excludes the dilutive effect of common stock equivalents. Diluted earnings per share is based on the weighted average number of shares outstanding and includes the dilutive effect of common stock equivalents to the extent they are not anti-dilutive. Because the Company is in a net loss position for the year ended December 31, 2020, diluted net loss per share for this F-35 Table of Contents period excludes the effects of all common stock equivalents, which are anti-dilutive. For the years ended December 31, 2019 and December 31, 2018, the anti-dilutive effect of our securities is immaterial. A reconciliation of the shares included in the basic and fully diluted earnings per share calculations is as follows: in thousands, except per share data Net income (loss) Weighted average common shares outstanding: Basic Incremental shares with dilutive effect: Restricted stock awards Diluted Net income (loss) per share: Basic Diluted Note 16 – Employee Benefit Plans U.S. Plan For the year ended December 31, 2018 3,044 $ (5,455) $ 2019 7,864 2020 $ 40,035 40,050 39,932 — 86 40,136 40,035 114 40,046 $ $ (0.14) $ (0.14) $ 0.20 0.20 $ $ 0.08 0.08 We maintain a defined contribution pension plan for U.S. employees established pursuant to Section 401(k) of the Internal Revenue Code. The plan allows voluntary employee contributions and discretionary employer contributions. For the years ended December 31, 2020, 2019, and 2018, we expensed contributions of $0.3 million, $0.3 million, and $0.3 million, respectively. Non-U.S. Plans We are subject to national mandatory pension systems and other compulsory plans, or make contributions to social pension funds based on local regulations. When our obligation is limited to the payment of the contribution into these plans or funds, the recognition of such liabilities is not required. In addition, we have, in some countries, defined benefit plans consisting of final retirement salary and committed pension payments. In Switzerland, the pension plan is a cash balance plan where contributions are expressed as a percentage of the pensionable salary. Contributions to Swiss plans are paid by the employees and the employer. The pension plan guarantees the amount accrued on the members’ savings accounts, as well as a minimum interest on those savings accounts. The plan assets are held in guaranteed investment contracts. We also maintain a pension plan for our Belgian employees, in compliance with Belgian law. Contributions to Belgium plans are paid by the employees and the employer. Certain features of the plans require them to be categorized as defined benefit plans under ASC 715 due to Belgian social legislation, which prescribed a minimum annual return of 1.6% on employer contributions and 1.6% for employee contributions. The plan assets are held in guaranteed investment contracts. The Company also includes a liability related to obligations to provide retirement benefits to employees who retire from the Company’s French subsidiary, as required by law. Per French regulations, each employee is entitled to a lump sum payment upon retirement based on years of service and salary at retirement. Benefit rights vest upon the statutory retirement age of 62. The obligation recorded represents the present value of amounts the Company expects to pay. F-36 Table of Contents Components of net periodic pension cost included in earnings: Year ended December 31, 2019 2018 2020 Service cost (gross) Interest cost Expected return on plan assets Amortization of unrecognized actuarial gain Net periodic pension cost $ $ 1,549 106 (271) (40) 1,344 $ $ 1,164 234 (242) (22) 1,134 $ $ 1,281 199 (327) 18 1,171 The net unfunded status of the Non-U.S. pension plans is as follows: Fair value of plan assets Projected benefit obligation Net unfunded benefit obligation $ As of December 31, 2019 2020 14,159 17,290 (21,759) (27,431) (7,600) $ (10,141) $ $ Net unfunded benefit obligation is recorded as other long-term liabilities in our consolidated Balance Sheets. The change in the fair value of plan assets is as follows: Fair value of plan assets at January 1 Employee contributions Actual return on plan assets Benefits (paid), net of transfers Employer contributions Foreign exchange adjustment Fair value of plan assets at December 31 The change in benefit obligations is as follows: Benefit obligations at January 1 Gross service cost Interest cost Employee contributions Actuarial (gains)/losses Benefits (paid), net of transfers Foreign exchange adjustment Benefit obligations at December 31 Year ended December 31, 2020 2019 $ $ 14,159 512 441 (251) 1,088 1,341 17,290 $ $ 12,823 485 908 (977) 977 (57) 14,159 Year ended December 31, 2020 2019 $ $ 21,759 1,549 106 512 1,694 (251) 2,062 27,431 $ $ 18,173 1,164 234 485 2,763 (977) (83) 21,759 The increase in benefit obligations at December 31, 2020 compared to December 31, 2019 was primarily driven by service costs, actuarial losses and foreign exchange adjustments, driven by the weakened Euro and Swiss Franc currencies. The increase in benefit obligations at December 31, 2019 compared to December 31, 2018 was primarily driven by a decrease in actuarial losses. F-37 Table of Contents Our investment policy meets our responsibility under local social legislation and aligns plan assets with liabilities, while minimizing risk. For the years ended December 31, 2020 and 2019, plan assets are invested in guaranteed investment contracts. Fair value of guaranteed investment contracts is surrender value. Fair value for the year ended December 31, 2020 was determined using Level 3 inputs as defined by ASC 820, Fair Value Measurements. Changes in our plan assets are attributable to benefit payments and contributions as we have not actively traded our assets during the years ended December 31, 2020 and December 31, 2019. Other The accumulated benefit obligation for the plans were $25.1 million and $20.3 million as of December 31, 2020 and 2019, respectively. The Company expects to pay approximately $1.0 million of contributions over the next twelve months. The amounts reclassified out of other comprehensive income during the years ended December 31, 2020, 2019, and 2018 were not material. Actuarial Assumptions Certain actuarial assumptions such as the discount rate and the long-term rate of return on plan assets have a significant effect on the amounts reported for net periodic cost and the benefit obligation. The assumed discount rates reflect the prevailing market rates of a universe of high-quality, non-callable, corporate bonds currently available that, if the obligation were settled at the measurement date, would provide the necessary future cash flows to pay the benefit obligation when due. In determining the long-term return on plan assets, the Company considers long-term rates of return of comparable low risk investments, such as Euro AA bonds. The following weighted-average assumptions between all plans were utilized in the pension calculations: Discount rates Inflation Expected return on plan assets Rate of salary increases Projected future pension benefits as of December 31, 2020: 2021 2022 2023 2024 2025 Beyond F-38 As of December 31, 2020 2019 (%) 0.05 - 0.60 0.90 - 1.80 1.25 - 2.00 1.90 - 2.80 0.15 - 0.70 1.00 - 2.00 1.25 - 2.00 2.00 - 2.80 $ 611 860 750 631 769 5,135 Table of Contents Note 17 – Geographic, Customer and Supplier Information We classify our sales by our customers’ locations in three geographic regions: 1) EMEA, which includes Europe, the Middle East, and Africa; 2) the Americas, which includes sales in North, Central, Latin and South America and Canada; and 3) Asia Pacific, which includes Australia and India. We have recast the below revenue and gross profit amounts for the years ended December 31, 2019 and 2018 for immaterial errors, consistent with the impacts disclosed in Note 3 – Revision of Previously Issued Financial Statements. 2020 Revenue Gross profit Long-lived assets 2019 Revenue Gross profit Long-lived assets 2018 Revenue Gross profit Long-lived assets Europe, Middle East, Africa (EMEA) Americas Asia Pacific Total $ $ $ 117,086 82,649 7,482 145,942 98,753 8,085 102,349 70,960 7,665 $ $ $ 53,171 37,532 14,968 61,577 41,667 13,240 54,979 38,118 4,247 $ $ $ 45,434 32,071 741 $ 215,691 152,252 23,191 45,965 31,102 709 $ 253,484 171,522 22,034 54,008 37,445 155 $ 211,336 146,523 12,067 For the years 2020, 2019, and 2018, our top 10 customers contributed 21%, 29% and 24%, respectively, of total worldwide revenue. The majority of our hardware products are assembled by four independent factories in Southern China. Note 18 – Commitments and Contingencies The company leases office space and automobiles under operating lease agreements. See Note 11 – Leases for future minimum rental payments required under non-cancelable leases. At December 31, 2020, we have purchase obligations of $23.9 million, including $12.7 million of inventory purchase obligations which are expected to be consummated in the next 12 months, $5.8 million of committed hosting arrangements which will be used in the next one to four years, and $5.4 million for other software agreements related to the administration of our business which range from one to five years. We are a party to or have intellectual property subject to litigation and other proceedings that arise in the ordinary course of our business. These types of matters could result in fines, penalties, compensatory or treble damages or non-monetary sanctions or relief. We believe the probability is remote that the outcome of each of these matters, including the legal proceedings described below, will have a material adverse effect on the corporation as a whole, notwithstanding that the unfavorable resolution of any matter may have a material effect on our financial results in any particular interim reporting period. Among the factors that we consider in this assessment are the nature of existing legal proceedings and claims, the asserted or possible damages or loss contingency (if estimable), the progress of the case, existing law and precedent, the opinions or views of legal counsel and other advisers, our experience in similar cases and the experience of other companies, the facts available to us at the time of assessment and how we intend to respond to the proceeding or claim. Our assessment of these factors may change over time as individual proceedings or claims progress. F-39 Table of Contents Although we cannot predict the outcome of legal or other proceedings with certainty, where there is at least a reasonable possibility that a loss may have been incurred, U.S. GAAP requires us to disclose an estimate of the reasonably possible loss or range of loss or make a statement that such an estimate cannot be made. We follow a process in which we seek to estimate the reasonably possible loss or range of loss, and only if we are unable to make such an estimate do we conclude and disclose that an estimate cannot be made. Accordingly, unless otherwise indicated below in our discussion of legal proceedings, a reasonably possible loss or range of loss associated with any individual legal proceeding cannot be estimated. We include various types of indemnification clauses in our agreements. These indemnifications may include, but are not limited to, infringement claims related to our intellectual property, direct damages and consequential damages. The type and amount of such indemnifications vary substantially based on our assessment of risk and reward associated with each agreement. We believe the estimated fair value of these indemnification clauses is minimal, and we cannot determine the maximum amount of potential future payments, if any, related to such indemnification provisions. We have no liabilities recorded for these clauses as of December 31, 2020. We have been involved in an ongoing dispute with a German company, Onespin solutions GmbH, regarding the co- existence of, or alleged infringement with, its trademark in certain jurisdictions for “ONESPIN” and our trademark in certain jurisdictions for “ONESPAN”. Onespin sells integrated circuit integrity verification solutions for use in the system on chip software development process flow. During the fourth quarter of 2020, we reached a settlement with Onespin on these matters. The amount of the settlement was not material from a financial perspective. We consider this matter to now be closed. A complaint was filed on August 20, 2020 against OneSpan and certain of its officers, asserting claims for purported violations of Sections 10(b) and 20(a) of the Securities Exchange Act of 1934 (the “Exchange Act”), and SEC Rule 10b-5 promulgated thereunder, based on certain alleged material misstatements and omissions. The case is captioned Almendariz v. OneSpan Inc., et al., No. 1:20-cv-04906 (N.D. Ill.) (the “Securities Class Action”). Specifically, the plaintiff in the Securities Class Action alleges, among other things, that certain statements about OneSpan’s business were misleading because of defendants’ failure to disclose that OneSpan purportedly had inadequate internal procedures and controls over financial reporting and related disclosures; and OneSpan purportedly downplayed the negative impacts of immaterial errors in its financial statements. A complaint, related in subject matter to the Securities Class Action, was filed on October 23, 2020 against certain of OneSpan’s officers and directors, and names OneSpan as a nominal defendant. The case is captioned Klein v. Boroditzky, et al., No. 1:20-cv-06310 (N.D. Ill.) (the “Derivative Action” and, collectively with the Securities Class Action, the “Litigation”). The plaintiff asserts claims for breach of fiduciary duty, abuse of control and corporate waste, as well as a claim for contribution under Sections 10(b) and 21D of the Exchange Act, based on the same alleged wrongdoing pled in the Securities Class Action. We intend to defend against the Litigation vigorously. From time to time, we have been involved in litigation and claims incidental to the conduct of our business, such as compensation claims from current or former employees in Europe. We expect that to continue. Excluding matters specifically disclosed above, we are not a party to any lawsuit or proceeding that, in management’s opinion, is likely to have a material adverse effect on its business, financial condition or results of operations. F-40 Table of Contents Note 19 – Quarterly Results of Operations (unaudited) The quarterly results of operations are as follows: 2020 2019 Total revenues Gross profit Operating costs Operating income (loss) Provision (benefit) for income taxes Net income (loss) Net income/(loss) per share: Basic Diluted Total revenues Gross profit Operating costs Operating income (loss) Provision (benefit) for income taxes Net income (loss) Net income/(loss) per share: Basic Diluted * First Quarter Second Third Quarter Quarter Fourth Quarter (1) $ 56,370 40,300 39,475 825 690 4 $ $ 54,954 36,729 38,416 (1,687) 973 (2,023) $ 51,439 35,961 38,316 (2,355) 95 (1,678) 52,928 39,262 41,303 (2,041) 277 (1,756) $ $ (0.00) $ (0.00) $ (0.05) $ (0.05) $ (0.04) $ (0.04) $ (0.04) (0.04) $ (1) $ 47,095 31,056 37,096 (6,040) (400) (6,056) (1) $ 56,167 38,287 40,565 (2,278) 753 (2,511) (1) $ 79,691 53,022 35,937 17,085 3,855 11,847 (1) 70,531 49,157 43,735 5,422 2,336 4,585 $ $ (0.15) $ (0.15) $ (0.06) $ (0.06) $ 0.30 0.30 $ $ 0.11 0.11 (1) We have revised the revenue, gross profit, operating income (loss), provision (benefit) for income taxes, net income (loss), and net income (loss) per share amounts reported in previously issued financial statements for immaterial errors. Specifically, fourth quarter 2019 total revenues, gross profit, provision for income taxes, net income, and net income per share decreased by $0.5 million, $0.5 million, less than $0.1 million, $0.5 million and $0.02. See Note 3 – Revision of Previously Issued Financial Statements for additional information. Note 20 – Related Party Agreements with Related Parties The Company entered into an agreement to provide e-signature and secure agreement automation services to Cox Automotive in the fourth quarter of 2020. Marianne Johnson is an Executive Vice President and the Chief Product Officer at Cox Automotive. Ms. Johnson has served on the OneSpan Board of Directors since March 2020. The amount of revenue recognized for e-signature and secure agreement automation services during the year ended December 31, 2020 was $0.1 million, and is included in subscription revenue. The amount receivable as of December 31, 2020 was $0.4 million. In the fourth quarter of 2020, the Company expanded the scope of its agreement for subscription SMS services purchased from Twilio, Inc. Marc Boroditsky is the Chief Revenue Officer of Twilio, Inc. and has a direct ownership interest in Twilio, Inc. Mr. Boroditsky has served on the OneSpan Board of Directors since June 2019. The Company has entered into various immaterial agreements to purchase SMS services from Twilio, Inc. prior to 2020. The total amount paid to Twilio, Inc. during the year ended December 31, 2020 was $0.4 million and is included in cost of goods sold. The amount payable at December 31, 2020 was less than $0.1 million. F-41 Table of Contents SCHEDULE II ONESPAN INC. VALUATION AND QUALIFYING ACCOUNTS Credit losses for trade receivables. For the year ended December 31, 2020 2019 2018 Beginning Balance Provision for Bad Debts Ending Chargeoffs Translation Balance Foreign Currency $ $ $ 2,812 (1) 1,152 520 2,306 2,215 871 (994) (843) (239) $ 11 — $ — $ 4,135 2,524 1,152 (1) Includes the $288 impact of the initial ASU 2016-13 adoption on January 1, 2020. See accompanying independent auditors’ report. F-42 Table of Contents Pursuant to the requirements of Section 13 or 15(d) of the Securities Exchange Act of 1934, the Registrant has duly caused this Report to be signed on its behalf by the undersigned, thereunto duly authorized, on February 25, 2021. SIGNATURES OneSpan Inc. /s/ Scott Clements Scott Clements President and Chief Executive Officer Pursuant to the requirements of the Securities Exchange Act of 1934, this Report has been signed by the following persons on behalf of the Registrant in the capacities indicated on February 25, 2021. Table of Contents POWER OF ATTORNEY Each of the undersigned, in his capacity as an officer or director, or both, as the case may be, of OneSpan Inc. does hereby appoint Scott Clements, and each of them severally, his true and lawful attorneys or attorney to execute in his name, place and stead, in his capacity as director or officer, or both, as the case may be, this Annual Report on Form 10-K for the fiscal year ended December 31, 2020 and any and all amendments thereto and to file the same with all exhibits thereto and other documents in connection therewith with the Securities and Exchange Commission. Each of said attorneys shall have power to act hereunder with or without the other attorney and shall have full power and authority to do and perform in the name and on behalf of each of said directors or officers, or both, as the case may be, every act whatsoever requisite or necessary to be done in the premises, as fully and to all intents and purposes as to which each of said officers or directors, or both, as the case may be, might or could do in person, hereby ratifying and confirming all that said attorneys or attorney may lawfully do or cause to be done by virtue hereof. SIGNATURE TITLE /s/ Scott M. Clements Scott M. Clements /s/ Mark S. Hoyt Mark S. Hoyt /s/ John Bosshart John Bosshart /s/ John N. Fox, Jr. John N. Fox, Jr. /s/ Marc D. Boroditsky Marc D. Boroditsky /s/ Michael P. Cullinane Michael P. Cullinane /s/ Naureen Hassan Naureen Hassan /s/ Jean K. Holley Jean K. Holley /s/ Marianne Johnson Marianne Johnson /s/ Matthew Moog Matthew Moog /s/ Alfred Nietzel Alfred Nietzel /s/ Marc Zenner Marc Zenner President, Chief Executive Officer, and Director (Principal Executive Officer) Chief Financial Officer, Treasurer, and Executive Vice President (Principal Financial Officer) Chief Accounting Officer (Principal Accounting Officer) Chairman Director Director Director Director Director Director Director Director EMPLOYMENT AGREEMENT Exhibit 10.4 This EMPLOYMENT AGREEMENT (this “ Agreement”) is made effective as of April 18, 2016 (the “Effective Date”), by and between VASCO Data Security International, Inc. (the “Company”), and Steven Worth (“Executive”). WHEREAS, the Company desires to employ Executive, and Executive desires to be employed by the Company, as the Company’s General Counsel and Chief Compliance Officer, on the terms set forth in this Agreement. NOW, THEREFORE, in consideration of the mutual undertakings of the parties hereto, the Company and Executive agree as follows: ARTICLE I EMPLOYMENT SERVICES 1.1 Term of Employment. The term of Executive’s employment under this Agreement shall commence on the Effective Date and continue until the second anniversary of such date (the “Initial Term”), which shall automatically renew on the second and each following anniversary of the Effective Date for successive one (1) year terms (each, a “Successive Term”) (the Initial Term, together with all Successive Terms, if any, are collectively referred to herein as the “Employment Period”), unless either party provides the other party with written notice at least six (6) months prior to the expiration of the Initial Term, or any Successive Term, of its or his intent not to renew the Initial Term, or any Successive Term, respectively. The Employment Period may be terminated earlier pursuant to the terms of Article III below. 1.2 Position and Duties. On the terms and subject to the conditions set forth in this Agreement, commencing on the Effective Date and thereafter during the Employment Period, Executive shall hold the position of General Counsel and Chief Compliance Officer and shall report to the Chief Executive Officer. Executive shall perform such duties and responsibilities as are consistent with Executive’s position and as may be reasonably assigned to Executive by the Chief Executive Officer from time to time. Executive shall devote Executive’s full business time, attention, skill and energy to the business and affairs of the Company, and shall use Executive’s reasonable best efforts to perform such responsibilities in a diligent, loyal, and businesslike manner so as to advance the best interests of the Company. Executive shall act in conformity with the Company’s Code of Conduct and Ethics (or similar successor document) as in effect from time to time (the “Code of Conduct”) and the Company’s policies, and within the limits, budgets and business plans set by the Company, and shall adhere to all rules and regulations in effect from time to time relating to the conduct of executives of the Company. 1.3 Other Activities. Notwithstanding Section 1.2, Executive shall be permitted to devote a reasonable amount of time and effort to professional, industry, civic and charitable organizations and managing personal investments; but only to the extent that such activities, individually or as a whole, do not materially interfere with the execution of Executive’s duties hereunder, or otherwise violate any provision of this Agreement. Executive shall not become involved in the management of any for profit corporation, partnership or other for profit entity, 1 including serving on the board of directors (or similar governing body) of any such entity, without the prior consent of the Company’s Board of Directors (“Board”) and the Chief Executive Officer; provided, however, that this restriction shall not apply to any subsidiary of the Company. Executive will serve without additional compensation as an officer and director of any of the Company’s subsidiaries. Any compensation or other remuneration received from such service may be offset against the amounts due hereunder. 1.4 Location. The Executive’s place of business shall be the Company’s headquarters in Oakbrook Terrace, Illinois. Executive’s principal place of business shall not be relocated outside a 40 mile radius of such office without the written consent of Executive. Executive will travel as reasonably necessary to perform his duties under this Agreement, which may include significant travel, including internationally. ARTICLE II COMPENSATION 2.1 Base Salary. The Company shall pay Executive base salary (“ Base Salary”) at any annual rate of $325,000, payable in accordance with payroll practices in effect for senior executive officers of the Company generally. Base Salary shall be subject to review in accordance with the Company’s normal practice for executive salary review from time to time in effect, and may be increased, but will not be reduced without the prior written consent of Executive except for a reduction that is commensurate with and part of a general salary reduction program applicable to all senior executives of the Company. 2.2 Annual Incentive Compensation. During the Employment Period, Executive shall participate in the Company’s Executive Incentive Plan and any successor thereto (the “Annual Bonus Plan”) in accordance with the terms and conditions thereof and on the same basis as other senior executives of the Company. For the portion of the Employment Period occurring in 2016, subject to and in accordance with the terms of the Annual Bonus Plan, Executive shall be provided a target bonus equal to 50% of his Base Salary (the “2016 Bonus”) prorated for the proportion that (i) the period that the Effective Date through December 31, 2016 is of (ii) the entire calendar year 2016. 2.3 Long-Term Incentive Compensation. During the Employment Period, Executive shall participate in the Company’s 2009 Equity Incentive Plan and any successor thereto (the “Long-Term Incentive Plan”) in accordance with the terms and conditions thereof and on the same basis as other senior executives of the Company. In connection with his commencing employment with the Company, on the Effective Date Executive is being awarded under the Long Term Incentive Plan a time vesting restricted stock grant (the “Initial Grant”) for one hundred thousand dollars ($100,000) of the Company’s common stock, valued as of market closing on the Effective Date, and vesting in equal semi-annual installments over 4 years from the Effective Date. The Initial Grant is in lieu of a grant that would vest based on the Company’s 2016 financial results. Also, on the Effective Date Executive is being awarded under the Long Term Incentive Plan a restricted stock grant for one hundred thousand dollars ($100,000) of the Company’s common stock, valued as of market closing on the Effective Date, which would be earned based upon the Company achieving three year performance targets for Company’s executive officers for the three year period of 2016, 2017 and 2018, measured by 2 results of 2018, as established by the Committee, and if earned, would vest 100% upon the Committee’s determination that such performance target was achieved (“2016 Three Year Performance Grant”). The terms and conditions of the Initial Grant and 2016 Three Year Performance Grant shall be governed by the Long Term Incentive Plan and an award agreement determined by the Committee in the case of the 2016 Three Year Performance Grant consistent with corresponding grants provided to other senior executive officers of the Company for 2016, and in the case of the Initial Grant consistent with time vested grants recently awarded. 2.4 Employee Benefit Plans. Executive will be eligible to participate on substantially the same basis as the Company’s other senior executive officers in any other employee benefit plans offered by the Company including, without limitation, medical, dental, short-term and long-term disability, life insurance, pension and profit sharing (in each case, subject to the eligibility requirements of such plans). The Company reserves the right to modify, suspend or discontinue any and all of its employee benefit plans, practices, policies and programs at any time without recourse by Executive, so long as the Company takes such action generally with respect to other similarly situated senior executive officers. 2.5 Vacation. Executive will be entitled to vacation in accordance with the Company’s vacation policy for senior executives of four weeks per calendar year of paid vacation. 2.6 Business Expenses. The Company will reimburse Executive for all reasonable and necessary business expenses incurred in the performance of services with the Company, according to Company’s policies and upon Executive’s presentation of an itemized written statement and such verification as the Company may require. ARTICLE III TERMINATION OF EMPLOYMENT 3.1 Voluntary Resignation. Executive may terminate his employment for any reason by giving the Company 90 days prior written notice of a voluntary resignation date (“Resignation Date”). Upon receiving Executive’s notice of intent to resign, the Company may require that Executive cease performing services for the Company at any time before the Resignation Date, so long as the Company continues Executive’s Base Salary, service for purposes of the Annual Bonus Plan and Long-Term Incentive Plan, and employee benefits under Section 2.4 through the Resignation Date. Except as otherwise provided under law or the terms of the Annual Bonus Plan, the Long-Term Incentive Plan, or any other employee benefit plan in which Executive participates, Executive shall not be entitled to receive any compensation or benefits from the Company after the Resignation Date. For the avoidance of doubt, any annual incentive bonus that has not been paid as of the Resignation Date will not be payable and is forfeited. 3.2 Termination By Company for Cause. The Company may terminate Executive’s employment for Cause (as defined below) by giving written notice to Executive designating an immediate or future termination date. Such notice shall indicate the specific provisions of this Agreement relied upon as the basis of such termination. In the event of a termination for Cause, the Company shall pay Executive his Base Salary and provide employee 3 benefits under Section 2.4 through the termination date. Except as otherwise provided under law or the terms of the Annual Bonus Plan, the Long-Term Incentive Plan, or any other employee benefit plan in which Executive participates, Executive shall not be entitled to receive any compensation or benefits from the Company after the termination date. For purposes of this Agreement, “Cause” means: (i) Executive materially breaches Executive’s obligations under this Agreement, the Company’s Code of Conduct and Ethics (or any successor thereto) or an established policy of the Company; (ii) Executive engages in conduct prohibited by law (other than minor violations), commits an act of dishonesty, fraud, or serious or willful misconduct in connection with his job duties, or engages in unethical or immoral conduct that, in the reasonable judgment of the Committee, could injure the integrity, character or reputation of Company; (iii) Executive fails or refuses to perform, or habitually neglects, Executive’s duties and responsibilities hereunder (other than on account of Disability (as defined below), and continues such failure, refusal or neglect after having been given written notice by the Company that specifies what duties Executive failed to perform and an opportunity to cure of 30 days; (iv) Use or disclosure by Executive of confidential information or trade secrets other than in the furtherance of the Company’s (or its subsidiaries’) business interests, or other violation of a fiduciary duty to the Company (including, without limitation, entering into any transaction or contractual relationship causing diversion of business opportunity from the Company (other than with the prior written consent of the Board)); or (v) Executive fails to reasonably cooperate with any audit or investigation involving the Company or its business practices after having been given written notice by the Company that specifies Executive’s failure to cooperate and an opportunity to cure of 10 days. 3.3 Termination By Company Without Cause or Termination by Executive for Good Reason. The Company may terminate Executive’s employment without Cause at any time during the Employment Period by giving written notice to Executive designating an immediate or future termination date. Executive may resign from employment during the Employment Period due to: (i) (ii) a failure to provide the compensation and benefits required by this Agreement; a reduction in Executive’s Base Salary below the Base Salary in effect during the immediately preceding year, unless such reduction is 4 commensurate with and part of a general salary reduction program applicable to all senior executives of the Company or agreed to in writing by Executive; (iii) any material diminution of Executive’s authority, duties or responsibilities; or (iv) the Company requiring Executive to be based at any office or location other than the office provided for in Section 1.4 hereof; (each of which shall constitute a “Company Breach” or “Good Reason”) and such resignation shall be treated as a termination by Executive for Good Reason; provided that, (a) Executive’s voluntary resignation occurs within 90 days following the initial occurrence of a Company Breach, (b) Executive provided written notice describing such Company Breach in reasonable detail to the Committee within 30 days of the initial occurrence of such Company Breach, and (c) the Company failed to cure such Company Breach within 30 days of receipt of such written notice from Executive; and provided, further, that in the case of subsections (ii) and (iii), an act or omission shall not constitute a Company Breach if Executive has incurred a Disability (as defined below). The election by Executive to not renew the Initial Term or any Successive Terms pursuant to Section 1.1 shall not be a termination for Good Reason and shall not entitle Executive to Severance Pay. However, the election by the Company to not renew the Initial Term or any Successive Terms pursuant to Section 1.1 shall be deemed to be a termination without Cause effective as of the termination of the Initial Term or Successive Term as applicable, and shall entitle Executive to Severance Pay as hereinafter provided. In the event of a termination by the Company without Cause or a termination by Executive for Good Reason, the Company shall pay Executive his Base Salary and provide employee benefits under Section 2.4 through the termination date. In addition, subject to the requirements set forth in Section 3.7, Section 3.8, and Section 3.9, the Company will provide the following compensation and benefits to Executive (collectively, the “Severance Pay”): (A) an amount equal to six (6) months of Executive’s then current Base Salary, plus an amount equal to 50% of Executive’s target bonus under the Annual Bonus Plan for the current year in which Executive’s employment terminates, or if such target has not been established for such current year, then the most recently established target bonus under the Annual Bonus Plan, each less applicable withholdings, payable in equal installments on each regularly scheduled payroll pay date during the six (6) month period that begins on the first day immediately after the Release Effective Date (as defined in Section 3.7); and (B) Awards, if any, under the Long Term Incentive Plan shall be paid in accordance with the terms and conditions of the Long-Term Incentive Plan and the applicable awards. Except as otherwise provided under law, or the terms of the Annual Bonus Plan, the Long-Term Incentive Plan, or any other employee benefit plan in which Executive participates, 5 Executive shall not be entitled to receive any additional compensation or benefits from the Company after the termination date. 3.4 Death. The Employment Period shall terminate automatically upon Executive’s death. In the event of Executive’s death during the Employment Period, the Company shall pay Executive’s Base Salary and provide employee benefits under Section 2.4 through the termination date. Except as otherwise provided under law or the terms of the Annual Bonus Plan, the Long-Term Incentive Plan, or any other employee benefit plan in which Executive participates, no other compensation or benefits from the Company shall be payable after the termination date. 3.5 Disability. “Disability” means Executive being unable to perform his duties to the Company as General Counsel and Chief Compliance Officer as provided in this Agreement for a period of at least 180 continuous days as a result of a mental or physical condition. The Company may terminate Executive’s employment for Disability during the Employment Period by giving written notice to Executive designating a termination date that is at least 30 days after the date of the notice of termination, provided that Executive does not return to work on a substantially full-time basis within 30 days after notice of termination on account of Disability is provided to Executive. A return to work of less than 30 continuous days on a substantially full-time basis shall not interrupt a continuous period of Disability. In the event of termination of the Employment Period on account of Executive’s Disability, the Company shall pay Executive’s Base Salary and provide employee benefits under Section 2.4 through the termination date. Except as otherwise provided under law or the terms of the Annual Bonus Plan, the Long-Term Incentive Plan, or any other employee benefit plan in which Executive participates, no other compensation or benefits from the Company shall be payable after the termination date. 3.6 Change in Control. “Change in Control” has the meaning assigned to such term in the Long Term Incentive Plan as in effect from time to time. Notwithstanding anything in this Agreement to contrary, a Change in Control will have occurred only if such change in ownership constitutes a change in control under Section 409A of the Internal Revenue Code of 1986, as amended (the “Code”), and the regulations and other guidance in effect thereunder (“Section 409A”). If contemporaneous with or within eighteen (18) months after a Change in Control that occurred during the Employment Period (a) the Company terminates Executive’s employment without Cause or (b) Executive terminates his employment for Good Reason, then, provided Executive complies with the requirements set forth in Section 3.7, Section 3.8, and Section 3.9, Executive will be eligible to receive the following payments (i) twelve (12) months of Executive’s then current Base Salary and (ii) 100% of his target bonus under the Annual Bonus Plan for the current year in which Executive’s employment terminates, or if such target has not been established for such current year, then the most recently established target bonus under the Annual Bonus Plan, each less applicable withholdings (collectively, the “Change in Control Payments”). The Change in Control Payment which is a cash payment (and not securities) will be made in a lump sum cash payment as soon as practicable, but in no event more than ten (10) days 6 after Release Effective Date. Except as otherwise provided under law or the terms of any other employee benefit plan in which Executive participates, Executive shall not be entitled to receive any additional compensation or benefits from the Company after the termination date. 3.7 Execution of Separation Agreement. As a condition to receiving Severance Pay or Change in Control Payments, Executive must execute and return to the Company, and not revoke any part of, a general release and waiver of claims against the Company and its officers, directors, stockholders, employees and affiliates with respect to Executive’s employment (including, without limitation, a release of claims under the Age Discrimination in Employment Act (the “ADEA Release”)), and other customary terms, in a form and substance reasonably acceptable to the Company (the “Release”). Executive must deliver the executed Release within the minimum time period required by law or, if none, within twenty-one (21) days after Executive receives the Release from the Company, which shall not be more than fifteen (15) days after Executive’s termination of Employment. The Release will become effective on the date the revocation period of the ADEA Release expires without Executive revoking the ADEA Release (the “Release Effective Date”). Any obligation of the Company to provide the Severance Pay shall cease: (i) if Executive materially breached or breaches his contractual obligations to the Company, including those set forth in Article IV or Article V herein, or in the Release or (ii) if, after Executive’s termination, the Company discovers facts and circumstances that would have justified a termination for Cause during the Employment Period. 3.8 Timing of Payments; Section 409A. (a) Notwithstanding any other provision of this Agreement, in the event of a payment to be made, or a benefit to be provided, pursuant to this Agreement based upon Executive’s “separation from service” (as defined below) for a reason other than death at a time when Executive is a Specified Employee (as defined below) and such payment or provision of such benefit is not exempt or otherwise permitted under Section 409A without the imposition of any Section 409A Penalty (as defined below), such payment shall not be made, and such benefit shall not be provided, before the earlier of the date which is the first day of the seventh month after Executive’s separation from service or 30 days after Executive’s death. All payments or benefits delayed pursuant to this Section 3.8 shall be aggregated into one lump sum payment to be made as of the Company’s first business day following the first day of the seventh month after Executive’s separation from service (or if earlier, as of 30 days after Executive’s death). (b) For purposes of this Agreement: (i) “Separation from service” has the meaning provided under Code Section 409A and Treas. Reg. l.409A-1(h); (ii) “Specified Employee” has the meaning given that term in Code Section 409A and Treas. Reg. 1.409A-1(c)(i) as determined in accordance with the Company’s policy for determining Specified Employees; (iii) Section 409A; and “Section 409A Penalty” means any increase in tax or any other penalty pursuant to 7 (iv) All payments of “deferred compensation,” as defined in Code Section 409A, due to Executive’s “termination of employment” shall be payable upon Executive’s separation from service. (c) This Agreement is intended not to result in the imposition of any Section 409A Penalty and shall be administered, interpreted and construed in a manner consistent with such intent. (d) Executive and the Company agree to cooperate to amend this Agreement from time to time as appropriate to avoid the imposition of any Section 409A Penalty. (e) In no event shall the Company be required to provide a tax gross-up payment to Executive with respect to any Section 409A Penalty. (f) Notwithstanding any provision of this Agreement to the contrary, this Agreement is intended to be exempt from or, in the alternative, comply with Section 409A and the interpretive guidance in effect thereunder, including the exceptions for short-term deferrals, separation pay arrangements, reimbursements, and in-kind distributions. The Agreement shall be construed and interpreted in accordance with such intent. 3.9 Excess Parachute Payments; No Excise Tax Gross-Up. Notwithstanding any provision of this Agreement to the contrary, if it is determined by the Company’s independent auditors that any amount or benefit to be paid or provided under this Agreement or otherwise, whether or not in connection with a Change in Control, would be an “Excess Parachute Payment” within the meaning of Code Section 280G but for the application of this sentence, then the payments and benefits to be paid or provided under this Agreement will be reduced to the minimum extent necessary (but in no event to less than zero) so that no portion of any such payment or benefit, as so reduced, constitutes an Excess Parachute Payment; provided, however, that the foregoing reduction will be made only if and to the extent that such reduction would result in an increase in the aggregate payment and benefits to be provided, determined on an after-tax basis (taking into account the excise tax imposed pursuant to Code Section 4999, any tax imposed by any comparable provision of state law, and any applicable federal, state and local income and employment taxes). The fact that Executive’s right to payments or benefits may be reduced by reason of the limitations contained in this Section 3.9 will not of itself limit or otherwise affect any other rights of Executive other than pursuant to this Agreement. In the event that any payment or benefit intended to be provided under this Agreement or otherwise is required to be reduced pursuant to this Section 3.9, the Company will effect such reduction by first reducing the lump sum cash payment related to Base Salary (a “Reduction”). In the event that, after such Reduction any payment or benefit intended to be provided under this Agreement or otherwise is still required to be reduced pursuant to this Section 3.9, the Company will effect such reduction by reducing other consideration due to Executive. 3.10 Removal from any Boards and Positions. If Executive’s employment is terminated for any reason under this Agreement, this Agreement will constitute his automatic 8 resignation from (i) if a member, the board of directors of any subsidiary of the Company or any other board to which he has been appointed or nominated by or on behalf of the Company, (ii) any position with the Company or any subsidiary of the Company, including, but not limited to, as an officer of the Company or any of its subsidiaries, and (iii) any fiduciary positions with respect to the Company’s benefit plans. ARTICLE IV EXCLUSIVITY OF SERVICES AND RESTRICTIVE COVENANTS 4.1 Confidential Information. Executive acknowledges and agrees that the Confidential Information (as defined below) of the Company and its subsidiaries and any other entity related to the Company (each, a “VASCO Entity”) that he obtained during the course of his employment by the Company is the property of the Company or such other VASCO Entity. Executive will never, directly or indirectly, disclose, publish or use any Confidential Information of which Executive has become aware, whether or not such information was developed by him. All duties and obligations set forth in this Agreement regarding Confidential Information shall be in addition to those which exist under the Illinois Trade Secrets Act and at common law. As used in this Agreement, “Confidential Information” means information that is not generally known to the public and that was or is used, developed or obtained by the Company or any other VASCO Entity, in connection with its businesses, including but not limited to: (i) unannounced products or services, development information (or other proprietary product or service information); products or services, product or service (ii) fees, costs, bids and pricing structures and quotations or proposals given to agents, distributors, vendors, contractors, licensors, licensees, customers, or prospective agents, distributors, vendors, contractors, licensors, licensees or customers, or received from any such person or entity; (iii) accounting or financial records; (iv) strategic business plans; (v) information system applications or strategies; (vi) customer and vendor lists and employee lists and directories; (vii) marketing plans, bidding strategies and processes, and negotiation strategies, whether past, current, or future; (viii) accounting and business methods; (ix) legal advice and/or attorney work product; (x) trade secrets and other proprietary information; 9 (xi) information, analysis or strategies regarding acquisitions, mergers, other business combinations, divestitures, recapitalizations, or new ventures; and (xii) nonpublic information that was acquired by Executive concerning the requirements and specifications of the Company’s or any other VASCO Entity’s agents, distributors, vendors, contractors, licensors, licensees, customers, or potential customers. Notwithstanding anything to the contrary, Confidential Information does not include any information that: (a) is publicly disclosed by law or pursuant to, and to the extent required by, an order of a court of competent jurisdiction or governmental agency; (b) becomes publicly available through no fault of Executive; or (c) has been published in a form generally available to the public before Executive proposes to disclose, publish, or use such information. 4.2 Noncompetition. During the Employment Period and for the 12-month period following the termination of the Employment Period for any reason (the “Restricted Period”), Executive will not, on behalf of himself or any other entity, have an ownership interest in or become employed or engaged by, or otherwise participate in or render services to, any business or enterprise (including, without limitation, any division, group or franchise of a larger organization) within the Geographical Area (as defined below) that engages in any data security business or any other business engaged in by the Company; provided, however, that the this restriction shall not prohibit Executive from passive beneficial ownership of less than two percent of any class of securities of a publicly- held corporation whose stock is traded on a U.S. national securities exchange or traded in the over-the-counter market. For the purpose of this provision, “Geographical Area” means North America, Central America, South America, the Caribbean, Europe, the Middle East, Africa, India, the Australian continent and Asia. 4.3 Non-Solicitation. During the Restricted Period, Executive shall not (other than in furtherance of Executive’s legitimate job duties on behalf of Company), directly or indirectly, on Executive’s own behalf or for any other person or entity: (i) solicit for employment, hire or engage, or attempt to solicit for employment, hire or engage, any person who is or was employed by the Company within the six month period prior to the date of solicitation, hire or engagement, or (ii) otherwise interfere with the relationship between any such person and the Company. 4.4 Non-Interference with Business Relationships. During the Restricted Period, Executive shall not (other than in furtherance of Executive’s legitimate job duties on behalf of the Company), directly or indirectly, on Executive’s own behalf or for any other person or entity: (i) induce or attempt to induce any customer, distributor, agent, licensor, licensee, contractor, vendor or other business relation that was doing business with any VASCO Entity during the one-year period prior to the inducement or attempted inducement to reduce or cease doing business with the Company or any VASCO Entity, or otherwise interfere with the relationship between such person (or entity) and any VASCO Entity; (ii) induce or attempt to induce any prospective customer, distributor, agent, licensor, licensee, contractor, vendor or other prospective business relation located in the Geographical Area with which any VASCO Entity has had communications during the six-month period prior to the inducement or attempted inducement regarding doing business with the Company or any other VASCO Entity to not do 10 business or to do reduced business with the Company or any other VASCO Entity, or otherwise interfere with the relationship between such person (or entity) and any VASCO Entity. 4.5 Equitable Modification. If any court of competent jurisdiction shall deem any provision in this Article IV too restrictive, the other provisions shall stand, and the court shall modify the unduly restrictive provision to the point of greatest restriction permissible by law. 4.6 Remedies. Executive acknowledges that the agreements and covenants contained in this Article IV are essential to protect the Company and its business and are a condition precedent to entering into this Agreement. Should Executive breach any covenants in this Article IV, then among other remedies, the duration of the covenant shall be extended by the period of any such breach. Executive agrees that irreparable harm would result from Executive’s breach or threat to breach any provision of this Article IV, and that monetary damages alone would not provide adequate relief to the Company for the harm incurred. Executive agrees that in addition to money damages, the Company shall be entitled to seek and obtain temporary, preliminary and permanent injunctive relief restraining Executive from committing or continuing any breach without being required to post a bond. Without limiting the foregoing, upon a breach by Executive of any provision of this Article IV, any outstanding Severance Pay shall cease and be forfeited, and Executive shall immediately reimburse the Company for any Severance Pay previously paid. ARTICLE V POST-TERMINATION OBLIGATIONS 5.1 Return of Company Materials. No later than three business days following the termination of Executive’s employment for any reason, Executive shall return to the Company all company property that is then in Executive’s possession, custody or control, including, without limitation, all keys, access cards, credit cards, computer hardware and software, documents, records, policies, marketing information, design information, specifications and plans, data base information and lists, and any other property or information that Executive has or had relating to the Company (whether those materials are in paper or computer-stored form), and including but not limited to any documents containing, summarizing, or describing any Confidential Information. 5.2 Executive Assistance. During Executive’s employment with the Company and for a period of 3 years after the termination of such employment, Executive shall, upon reasonable notice, furnish the Company with such information as may be in Executive’s possession or control, and cooperate with the Company in any reasonable manner that the Company may request, including without limitation conferring with the Company with regard to any litigation, claim, or other dispute in which the Company is or may become a party. The Company shall reimburse Executive for all reasonable out-of-pocket expenses incurred by Executive in fulfilling Executive’s obligations under this Section 5.2. The Company will make any such reimbursement within 30 days of the date Executive provides the Company with documentary evidence of such expense consistent with the policies of the Company. The Company will also pay Executive a reasonable fee per hour for his assistance during the two years commencing on the first anniversary of termination of his employment with the Company. 11 Notwithstanding anything to the contrary, any such reimbursement shall be administered so as to comply with Treasury Regulation Section l.409A-3(i)(1)(iv). ARTICLE VI MISCELLANEOUS 6.1 Notices. Any notices, consents or other communications required or permitted to be sent or given hereunder shall be in writing and shall be deemed properly served if (a) delivered personally, in which case the date of such notice shall be the date of delivery; (b) delivered prepaid to a nationally recognized overnight courier service, in which case the date of delivery shall be the next business day; or (c) sent by facsimile transmission (with a copy sent by first-class mail), in which case the date of delivery shall be the date of transmission, or if after 5:00 P.M., the next business day. If not personally delivered, notice shall be sent using the addresses set forth below: If to Executive, to the address listed on the signature page or the last address on file in the records of the Company. If to the Company: VASCO Data Security International, Inc. 1901 South Meyers Road Suite 210 Oakbrook Terrace, IL 60181-5206 Attention: Chief Executive Officer Telecopy: (630) 932-8852 with a copy to: Katten Muchin Rosenman LLP 525 West Monroe St. Chicago, IL 60661 Attention Matthew Brown Telecopy: (312) 902-1061 or such other address as may hereafter be specified by notice given by either party to the other party. Executive shall promptly notify the Company of any change in his address set forth on the signature page. 6.2 Withholding. The Company may withhold from any payment that it is required to make under this Agreement amounts sufficient to satisfy applicable withholding requirements under any federal, state or local law, as well as any other amounts due and owing to the Company from Executive. 6.3 Successors and Assigns. This Agreement shall be binding upon and inure to the benefit of the parties hereto and their respective heirs, personal representatives, successors and assigns; provided that Executive may not assign any of his rights or obligations under this Agreement without the Company’s prior written consent. 12 6.4 Nonalienation of Benefits. Benefits payable under this Agreement shall not be subject in any manner to anticipation, alienation, sale, transfer, assignment, pledge, encumbrance, charge, garnishment, execution or levy of any kind, either voluntary or involuntary, prior to actually being received by Executive, and any such attempt to dispose of any right to benefits payable hereunder shall be void. 6.5 Amendment; Waiver. No failure or delay by the Company or Executive in enforcing or exercising any right or remedy hereunder will operate as a waiver thereof. No modification, amendment or waiver of this Agreement or consent to any departure by Executive from any of the terms or conditions thereof, will be effective unless in writing and signed by the Chairman of the Committee. Any such waiver or consent will be effective only in the specific instance and for the purpose for which given. 6.6 Severability; Survivability. If any term or provision of this Agreement shall be held to be invalid or unenforceable, the remaining terms and provisions hereof shall not be affected thereby and shall be enforced to the fullest extent permitted under law. Executive’s obligations in Articles IV and V shall survive and continue in full force notwithstanding the termination of this Agreement or Executive’s employment for any reason. 6.7 Execution in Counterparts. This Agreement may be executed in one or more counterparts, each of which shall be considered an original instrument, but all of which shall be considered one and the same agreement. 6.8 Governing Law; Consent to Jurisdiction; Waiver of Jury. This Agreement shall be governed by and construed in accordance with the internal laws of the State of Illinois, without regard to its conflict of law principles. For the purposes of any suit, action, or other proceeding arising out of this Agreement or with respect to Executive’s employment hereunder, the parties: (i) agree to submit to the exclusive jurisdiction of the federal courts located in the Northern District of Illinois or state courts located in DuPage County, Illinois; (ii) waive any objection to personal jurisdiction or venue in such jurisdiction, and agree not to plead or claim forum non conveniens; and (iii) waive their respective rights to a jury trial of any claims and causes of action, and agree to have any matter heard and decided solely by the court. 6.9 Construction. The language used in this Agreement will be deemed to be the language chosen by Executive and the Company to express their mutual intent, and no rule of strict construction will be applied against Executive or the Company. The heading in this Agreement are for convenience of reference only and will not limit or otherwise affect the meaning of the provision. 6.10 Entire Agreement; Amendments. This Agreement contains the entire understanding of the parties hereto with regard to the subject matter contained herein, and supersedes all prior agreements, understandings or letters of intent with regard to the subject matter contained herein between the parties hereto. This Agreement shall not be amended, modified or supplemented except by a written instrument signed by each of the parties hereto. 13 IN WITNESS WHEREOF, each of the parties hereto has duly executed this Employment Agreement. VASCO DATA SECURITY INTERNATIONAL, INC. Date: April 25, 2016 By: /s/ T. Kendall Hunt Name: Title: T. Kendall Hunt CEO STEVEN WORTH Date: April 25, 2016 /s/ Steven Worth Address: c/o VASCO Data Security International, Inc. 1901 South Meyers Road Oakbrook Terrace, Illinois 60181 Phone: ***-***-**** Fax: 14 Exhibit 14.1 ONESPAN INC. CORPORATE GOVERNANCE GUIDELINES as amended on October 22, 2020 The Board of Directors (“Board”) of OneSpan Inc. (the “Company”) has developed the following Corporate Governance Guidelines (the “Guidelines”) to assist the Board in the exercise of its oversight responsibilities and to serve the best interests of the Company and its stockholders. The Guidelines should be interpreted in the context of all applicable laws and the Company’s Certificate of Incorporation, By- laws, and the charter documents of the Board and Board committees. The Guidelines are to provide guidance for corporation direction and control. Their structure specifies the distribution of rights and responsibilities among different participants: the Board, management, stockholders and other stakeholders of the Company. Broadly stated, the Guidelines will assist the Board in representing the Company’s stockholders by meeting two key objectives: first, being faithful to the Board’s oversight responsibilities; and second, advising and counseling on important strategic operating and financial decisions. The purpose of the Guidelines is to serve as a flexible framework within which the Company may conduct its business and not as a set of legally binding obligations. The Guidelines are subject to modification from time to time by the Board as it considers appropriate in the best interests of the Company or as required by applicable laws and regulations. 1. ROLE OF THE BOARD OF DIRECTORS · The Board is legally responsible for the oversight of the management of the Company’s business and its affairs in order to protect and enhance the assets of the Company in the interest of all stockholders. The Board approves the strategic goals of the business, the objectives and policies within which it is managed, and then evaluates management performance. · The Board is responsible for hiring the Chief Executive Officer and for planning for the succession of the Chief Executive Officer. · The Board supervises management of the business through the Company’s Chief Executive Officer, who is charged with the day-to-day management of the Company, and with the development and implementation of its business strategy. · Directors should be committed to the Company, as evidenced by regular Board and committee attendance, preparation for and active participation in meetings, and attention to the interests of the stockholders. Each director is also encouraged and expected to attend the Company’s annual meeting of stockholders. · Each director shall discharge all duties as a director, including duties as a member of a Board committee, in good faith, with the care an ordinarily prudent person in a like position would exercise under similar circumstances, and in a manner the director reasonably believes to be in the best interests of the corporation, and otherwise in compliance with applicable law and rules. 2. BOARD COMPOSITION; INDEPENDENCE · The Board of Directors should consist of a cross-section of qualified individuals with education and experience appropriate to guide the Company in meeting its legal, financial, and operational objectives. Generally, a director shall be of the highest moral integrity, shall have had significant managerial experience, either as a current or 121 West Wacker Drive, Suite 2050, Chicago, Illinois 60601 USA . OneSpan.com Revised October 22, 2020 former senior executive of a publicly traded or privately held company, or similar business experience or training. · The Board of Directors shall choose from among the directors a Chairman of the Board. In the absence of an independent director holding the position of Chairman, the Board of Directors shall appoint a Lead Independent Director. · The Corporate Governance and Nominating Committee is responsible for reviewing with the Board, on an annual basis, the requisite skills and characteristics of Board candidates, as well as the composition of the Board as a whole. This assessment will include director independence, as well as consideration of diversity, character and judgment, skills and experience in the context of the needs of the Board. More specifically, the Corporate Governance and Nominating Committee will evaluate each of the members of the Board and consider each member’s experience, qualifications, attributes and skills that make such member’s continued service on the Board appropriate. The Corporate Governance and Nominating Committee will make recommendations to the full Board concerning all nominees for Board membership, including the re-election of existing Board members and nominees to fill Board vacancies. Final approval of director nominees will be determined by the full Board. Each independent director is expected to promptly disclose to the Board any existing or proposed relationships or transactions that could impact his or her independence. · The Company’s By-laws provide that the Board shall consist of at least 4, but no more than 20, directors. A majority of the Board shall consist of directors who the Board has determined have no material relationship with the Company and who qualify as “independent” directors under the listing standards of The NASDAQ Stock Market LLC (“NASDAQ”) and the Securities and Exchange Commission (“SEC”). The Board will review annually the relationships that each director has with the Company (either directly, or as a partner, stockholder or officer of an organization that has a relationship with the Company), and only those directors who the Board affirmatively determines have no material relationship with the Company will be considered independent. The Company will disclose these determinations with respect to independence in its annual filings with the SEC. · If a director changes his or her primary business or professional activities or relationships, that director shall promptly communicate the change(s) to the Board for its consideration. The Board will then determine if that director should resign his/her position on the Board. A director shall promptly notify the Chairman and the Secretary in the event of any change or anticipated change in his or her affiliations, activities or professional or personal circumstances that (i) may create a conflict or potential conflict of interest, (ii) may trigger any Company reporting obligation, (iii) may result in the director engaging in significant political activity (such as participating in a visible leadership position in a political campaign, running for office or accepting an elected or appointed political office), (iv) has the potential to cause embarrassment, negative publicity or reputational harm to the Company or the director or (v) could result in a possible inconsistency with the Company’s policies or values. The Corporate Governance and Nominating Committee shall then determine if that director should resign his/her position on the Board. All directors must comply with the applicable provisions of the “A Company Free of Conflicts of Interest” section of the Company’s Code of Conduct and Ethics. Each director is expected to promptly disclose to the Board any existing or proposed relationships or transactions that involve or could create a conflict of interest. If a significant conflict of interest involving a director cannot be resolved, the director should promptly tender a resignation to the Board. The Corporate Governance and Nominating Committee shall then review the appropriateness of that director’s continued service on the Board in light of the conflict and make a recommendation to the Board as to whether the resignation should be accepted. · No individual can continue to serve as a director or officer if he or she has violated the general anti-fraud provisions of the securities laws. · All directors are elected for 1-year terms at the annual meeting of stockholders and serve until their successors are elected and qualified, or their earlier death, removal or resignation. 121 West Wacker Drive, Suite 2050, Chicago, Illinois 60601 USA . OneSpan.com · Without the express approval of the Board, no management director may serve on the board of directors (or equivalent governing body) of another non-affiliated public entity, and no non-management director shall serve on the board of directors (or equivalent governing body) of more than 5 public companies, without specific Board approval. · The Chairman shall regularly solicit from the members of the Board recommendations as to matters to be brought before the Board and shall ensure that such matters receive appropriate consideration. · The Board of Directors does not believe it should limit the number of terms an individual may serve as a director or that a fixed retirement age for directors is appropriate. Directors who have served on the Board of Directors for an extended time period are often able to provide valuable contributions and insight into the Company’s operations based on their experience with, and understanding of, the Company’s business, history and objectives. 3. BOARD COMMITTEES · The Board, by a vote of a majority of the whole Board, may establish and seek the advice of, and delegate responsibilities to, committees of the Board, and those committees from time to time at their discretion may engage external advisors. · The Board has established the following standing committees, each of which should meet as specified in its respective charter to review the matters with which it is charged, and to otherwise carry out its duties: - Audit - Compensation - Corporate Governance and Nominating - Finance and Strategy · The Audit Committee shall be composed of at least three directors who the Board has determined have no material relationship with the Company and who qualify as “independent” and “financially literate” directors under the NASDAQ rules and who satisfy the additional eligibility requirements for audit committee membership set forth in SEC Rule 10A-3 promulgated under the Securities Exchange Act of 1934. No director may serve on the Audit Committee unless he or she is independent. · The Compensation Committee shall be composed of at least three directors who the Board has determined to be “independent” directors, as defined under the NASDAQ rules and applicable requirements of the SEC. No director may serve on the Compensation Committee unless he or she is independent. No director shall serve on the Compensation Committee if he or she is an executive officer of a company on whose Board or equivalent governing body a member of the Company’s management serves. The Compensation Committee will review and approve corporate goals and objectives relevant to the compensation of the Company’s named executive officers, evaluate the officers’ performance in light of those goals and objectives and set the compensation level based on that evaluation. · The Corporate Governance and Nominating Committee shall be composed of at least three directors who the Board has determined to be “independent” directors, as defined under the NASDAQ rules. No director may serve on the Corporate Governance and Nominating Committee unless he or she is independent. The Corporate Governance and Nominating Committee will recommend individuals to be nominated to the Board and will review each committee’s charter annually with the applicable committee to be sure that the charter remains relevant and complies with applicable laws and rules. 121 West Wacker Drive, Suite 2050, Chicago, Illinois 60601 USA . OneSpan.com · The Finance and Strategy Committee shall be composed of at least three directors who the Board has determined to be “independent” directors, as defined under the NASDAQ rules. No director may serve on the Finance and Strategy Committee unless he or she is independent. The Finance and Strategy Committee will review the Company’s financing policies and related matters and will make recommendations to the Board. The Finance and Strategy Committee will advise management on the development and execution of its strategies and will make recommendations to the Board. 4. MEETINGS · The Board will hold at least 4 regular meetings each fiscal year at regularly scheduled intervals. · Each regular Board meeting shall include an executive session without management or any non-independent directors present. The independent Chairman, Lead Independent Director, or an independent director chosen by the directors present shall lead the executive sessions. · A meeting agenda and background material should be provided to directors prior to each meeting so that all Board members have an opportunity for advance review of the relevant materials, and senior management will be readily accessible to directors at all Board and committee meetings. 5. BOARD ACCESS TO EMPLOYEES; INTERACTION WITH THIRD PARTIES · Directors have access to Company employees to ensure that directors can ask all questions and glean all information necessary to fulfill their duties. Directors shall notify the Chief Executive Officer in advance of contacting any employee and shall use judgment to ensure that any such contact is not unduly disruptive to the business of the Company. In addition, as necessary and appropriate, the Board and its committees have access to the Company’s outside auditors and advisors. · In performing its functions, the Board and each of its committees is entitled to rely on the advice, reports and opinions of management, counsel, accountants, auditors and other expert advisers. The Board and each of its committees shall have the authority to retain and approve the fees and retention terms of its outside advisors. · It is the policy of the Board that the Company’s Chief Executive Officer, the Chief Financial Officer and Director of Investor Relations act as the spokespersons for the Company, although management may, from time to time, request individual directors to meet or otherwise communicate with various constituencies that are involved with the Company. Individual directors will only speak with stockholders and the media about the Company if authorized by the full Board and in accordance with the policies of the Company. · It is the policy of the Board that stockholders shall have reasonable access to directors at annual meetings of stockholders and an opportunity to communicate directly with directors on appropriate matters. The Board will generally respond, or cause the Company to respond, in writing to bona fide communications from stockholders addressed to one or more members of the Board. Directors shall notify the full Board of any oral or written communications received from stockholders and describe or send copies of such correspondence to the full Board. Stockholders and other interested parties are invited to communicate with the Board or any of its committees or directors by writing to the Board or any such committee or director at OneSpan Inc., 121 West Wacker Drive, 20th Floor, Chicago, Illinois 60601. · In order to facilitate open discussions, the Board believes maintaining confidentiality of information and deliberations is imperative. Each director has a fiduciary obligation to maintain the confidentiality of information received in connection with his or her service as a director or committee member. 121 West Wacker Drive, Suite 2050, Chicago, Illinois 60601 USA . OneSpan.com 6. BOARD AND SENIOR EXECUTIVE COMPENSATION AND RESTRICTIONS · Employee directors shall not receive any additional compensation for their service as directors. · A director’s annual retainer shall be paid in part in equity equal in value to at least 50% of such director’s aggregate annual retainer (excluding amounts payable for Committee Chair or membership) until the director holds stock valued at no less than three times the annual retainer for directors (excluding amounts payable for Committee Chair or membership). Once a director holds stock valued at three times the annual retainer, such ownership should be maintained through the director’s term of service. In the event that the annual retainer fee is increased, directors will have three years to meet the new ownership guidelines. The Board will evaluate whether exceptions should be made for any director on whom these guidelines would impose a financial hardship. To determine stock ownership levels, a calculation will be made as of January 31 of each year based on the then-current director aggregate annual retainer (excluding amounts payable for Committee Chair or membership), and for this purpose, (a) the value of a share of Company common stock shall be deemed to be the greater of the closing price on such January 31 (or if such January 31 is not a trading day, the last trading day immediately preceding such January 31 ) or the closing price of a share of Company common stock on the date on which the director acquired such share; (b) each share of unvested time-vested restricted stock shall count as one share of Company common stock; and (c) each share of unvested restricted stock subject to performance or other conditions other than time vesting shall not count for the purpose of determining stock ownership levels. · The Compensation Committee of the Board is responsible for evaluating and recommending non-employee director compensation to the full Board, and compensation for non-employee directors should be competitive and should encourage increased ownership of Company common stock through payment of a portion of that compensation in equity. · The Company shall not, directly or indirectly, including through or by any subsidiary, extend or maintain credit, or arrange for the extension of credit in the form of a personal loan, to or for any director or executive officer. · The Company’s named executive officers will forfeit certain bonuses and profits if the Company is required to restate its financial statements because of material non-compliance with any financial reporting requirements resulting from misconduct. Each named executive officer (including former named executive officers) will be required to reimburse any bonus and/or any equity-based incentive compensation he or she received and any profits he or she realized from the sale of the Company’s securities during the 12 months following the initial filing of the financial statements containing or embodying the non-compliance. 7. BOARD ORIENTATION AND CONTINUING EDUCATION · The Company shall provide new directors with a suitable orientation program to familiarize them with the Company’s operating businesses and to introduce senior management and primary outside advisors and auditors. · The Board believes that continuing education is essential to valuable Board participation and decision making. In addition, portions of certain Board meetings will be devoted to educational topics at which senior management and outside subject matter experts present information regarding matters such as the Company’s industry, business operations, strategies, objectives, risks, opportunities, competitors and important legal and regulatory issues. The Company encourages directors to periodically pursue or obtain appropriate programs, sessions or materials and the Company will reimburse directors for reasonable expenses in accordance with Company policy. 121 West Wacker Drive, Suite 2050, Chicago, Illinois 60601 USA . OneSpan.com Exhibit 14.2 1. Introduction OneSpan Inc. Code of Conduct and Ethics The Board of Directors of OneSpan Inc. (together with its subsidiaries, the "Company") has adopted this Code of Conduct and Ethics (the "Code") in order to: (a) promote honest and ethical conduct, including the ethical handling of actual or apparent conflicts of interest; (b) promote full, fair, accurate, timely and understandable disclosure in reports and documents that the Company files with, or submits to, the Securities and Exchange Commission (the "SEC") and in other public communications made by the Company; (c) promote compliance with applicable governmental laws, rules and regulations; (d) promote compliance with Company’s contractual obligations; (e) promote the protection of Company assets, including corporate opportunities and confidential information; (f) promote fair dealing practices; (g) promote fair and lawful processing of personal information; (h) deter wrongdoing; and (i) ensure accountability for adherence to the Code. All directors, officers, employees and contractors are required to be familiar with the Code, take any related mandatory training made available, accept and comply with its provisions and report any suspected violations as described below in Section 18, Reporting and Enforcement. 121 West Wacker Drive, Suite 2050, Chicago, Illinois 60601 USA OneSpan.com Revised December 14, 2017 2. Compliance 2.1 Employees, officers and directors should comply, in both letter and spirit, with all applicable laws, rules and regulations in the cities, states and countries in which the Company operates. 2.2 Although not all employees, officers and directors are expected to know the details of all applicable laws, rules and regulations, it is important to know enough to determine when to seek advice from appropriate personnel. Questions about compliance should be addressed to the Company’s Legal Department at Legal@vasco.com. 3. Honest and Ethical Conduct 3.1 The Company's policy is to promote high standards of integrity by conducting its affairs honestly and ethically. 3.2 Each director, officer and employee must act with integrity and observe the highest ethical standards of business conduct in his or her dealings with the Company's customers, suppliers, partners, service providers, competitors, employees and anyone else with whom he or she has contact in the course of performing his or her job. 4. Preventing Harassment and Discrimination OneSpan strives to maintain a work environment, which is free from discrimination and harassment, whether based on race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or any other factors that are unrelated to OneSpan’s legitimate business interests. OneSpan will not tolerate sexual advances, actions or comments, racial or religious slurs or jokes, or any other comments or conduct that, in the judgment of OneSpan management, creates, encourages or permits an offensive or intimidating work environment. 5. Health, Safety and the Environment 5.1 Maintaining a safe and sustainable environment both inside and outside the workplace is vital to the health and well-being of us all. 5.2 OneSpan provides a safe and drug-free working environment for its employees and to meet or exceed the standards of all applicable laws and regulations governing workplace safety, health and the environment. Misusing controlled substances or being under the influence of illegal drugs or alcohol is prohibited while performing work-related duties. 5.3 All directors, officers and employees should report any unsafe working conditions or workplace accidents to the local Human Resource Manager or the Chief Compliance Officer. Any acts or threats of violence towards another person or abuse of company property should be reported immediately to your local Human Resources Manager. 5.4 OneSpan has a responsibility to operate in an environmentally sound manner, uphold ethical and social standards in its supply chain, and make a positive difference in the communities 121 West Wacker Drive, Suite 2050, Chicago, Illinois 60601 USA OneSpan.com Revsied December 14, 2017 where its employees live and work. OneSpan strives to increase the energy efficiency of its operations, reduce waste, and protect the environment. 6. A Company free of Conflicts of Interest 6.1 A conflict of interest occurs when an individual's private interest (or the interest of a member of his or her family interferes, or reasonably appears to interfere, with the interests of the Company as a whole. A conflict of interest can arise when an employee, officer or director (or a member of his or her family) takes actions or has interests that may make it difficult to perform his or her work for the Company objectively and effectively. Conflicts of interest also arise when an employee, officer or director (or a member of his or her family) receives improper personal benefits because of his or her position in the Company. In addition, no director, officer or employee may compete with the Company during its employment. 6.2 Loans by the Company to, or guarantees by the Company of obligations of, employees or their family members are of special concern and could constitute improper personal benefits to the recipients of such loans or guarantees, depending on the facts and circumstances must be disclosed and approved by the Chief Compliance Officer. Loans by the Company to, or guarantees by the Company of obligations of, any director or officer or their family members are expressly prohibited. 6.3 Whether or not a conflict of interest exists or will exist can be unclear. Conflicts of interest (or reasonably potential ones) should be avoided unless specifically authorized as described in Section 6.4. 6.4 Persons other than directors and officers who have questions about a potential conflict of interest or who become aware of an actual or potential conflict should report the matter with their Local Human Resource Manager or the Chief Compliance Officer. The Local Human Resource Manager must report the matter to the Chief Compliance Officer with a written description of the activity and seeking the Chief Compliance Officer's determination. If the Local Human Resource Manager is himself involved in the potential or actual conflict, the matter should instead be discussed directly with the Chief Compliance Officer. 6.5 Directors and officers must seek determinations and prior authorizations or approvals of potential conflicts of interest from Chief Compliance Officer or the Chairperson of the Board’s Governance Committee. 7. Business Courtesy 7.1 The giving and receiving of gifts and entertainment is often part of building business relationships and corporate goodwill. However, a conflict of interest may arise if gifts or entertainment either influence business decisions or create the appearance of doing so. Therefore, it is important to carefully consider actual or apparent conflict of interest issues before offering or accepting gifts and entertainment. In certain situations, the exchange of limited, non-cash business courtesies may be appropriate, where permitted by applicable law. 121 West Wacker Drive, Suite 2050, Chicago, Illinois 60601 USA OneSpan.com Revsied December 14, 2017 7.2 Employees, officers and directors must exercise the utmost care when giving or receiving business-related gifts. Accepting or offering gifts of moderate value is permitted in situations where it is legal and in accordance with local business practices. Similarly, and to the extent permitted under applicable law, you may offer or accept meals and entertainment of reasonable value in connection with business discussions. However, any type of business courtesy, gift or gratuity is unacceptable if it could compromise your business judgment or improperly influence customers, suppliers, business partners or government officials. 7.3 Keep in mind that certain business courtesies, such as cash, checks, gift certificates and offers to pay non-business related travel and/or accommodations, are never acceptable. If you have any doubt about whether a particular gift is appropriate, consult Legal@vasco.com or the Chief Compliance Officer. 8. Protection and Proper Use of Company Assets 8.1 All directors, officers and employees should protect the Company's assets and ensure their efficient use. This includes both tangible and intangible assets. The Company and its employees must protect the confidentiality, integrity and availability of all forms of information used by, entrusted to and maintained by the Company on behalf of employees, investors, business partners, and customers. 8.2 All Company assets should be used only for legitimate business purposes, though incidental and reasonable personal use is permitted. Any information created, saved, sent or received using Company information systems may however be subject to technical monitoring that the Company performs for information security reasons. Any suspected incident of fraud or theft of Company assets should be reported for investigation immediately. 8.3 OneSpan’s Information Security department has created policies and standards that will help each director, officer and employee secure its environment by understanding information security issues and acting responsibly. Each director, officer and employee must follow OneSpan’s Information Security Policies required for the protection of OneSpan’s information and systems. 8.4 The obligation to protect Company assets includes the Company's proprietary information. Proprietary information includes intellectual property such as trade secrets, patents, trademarks and copyrights, as well as business and marketing plans, engineering and manufacturing ideas, designs, databases, records, OneSpan name and any non-public financial data or reports. Unauthorized use or distribution of this information is prohibited and could also be illegal and result in civil or criminal penalties. 8.5 From time to time OneSpan may also receive requests for money, Company assets or other Company resources to benefit a particular charity or civic group. These should be referred the appropriate supervisor within the business unit. The request should be discussed and approved by the Chief Compliance Officer. The Company does not make any political contributions to any political candidates, parties or campaigns. 121 West Wacker Drive, Suite 2050, Chicago, Illinois 60601 USA OneSpan.com Revsied December 14, 2017 9. Confidentiality 9.1 OneSpan processes confidential information in a manner to ensure appropriate security and protect against unauthorized or unlawful processing. Confidential information includes all non-public information (regardless of its source), e.g. personal information, intellectual property, patent information or trade secret that might be of use to the Company's competitors or harmful to the employees, the Company or its customers, suppliers or partners if disclosed. Similarly, directors, officers and employees must maintain the confidentiality of information entrusted to them by the Company or by its customers, suppliers or partners, except when disclosure is expressly authorized or is required or permitted by law. 9.2 OneSpan respects the privacy of all its employees, business partners and customers. Directors, officers and employees must handle personal information responsibly and in compliance with all applicable privacy laws. Employees, officers and directors must exercise special care when handling personal information. 10. Fair Dealing Each director, officer and employee must deal fairly with the Company's customers, suppliers, partners, service providers, competitors, employees and anyone else with whom he or she has contact in the course of performing his or her job. No director, officer or employee may take unfair advantage of anyone through manipulation, concealment, abuse or privileged information, misrepresentation of facts or any other unfair dealing practice. 11. Company Records 11.1 All directors, officers and employees should to make sure that all Company information is recorded and reported accurately and promptly. This includes, but is not limited to, information concerning the Company’s employees, research and development activities, strategic plans, travel and expense claims, and general operations. 11.2 OneSpan expects any regular document disposal must cease immediately if you are aware of or have reason to believe that the documents or materials are, or are likely to become, relevant to a business dispute, litigation matter or government inquiry (including all records that are subject to a legal hold or legal collection notice) or as requested by the Company. If you have any questions about the Company’s records retention, contact the Legal Department. 12. Disclosure 12.1 The Company's periodic reports and other documents filed with the SEC, including all financial statements and other financial information, must comply with applicable federal securities laws and SEC rules. 12.2 Each director, officer and employee who contributes in any way to the preparation or verification of the Company's financial statements and other financial information must ensure that the Company's books, records and accounts are accurately maintained. Each director, officer 121 West Wacker Drive, Suite 2050, Chicago, Illinois 60601 USA OneSpan.com Revsied December 14, 2017 and employee must cooperate fully with the Company's accounting and internal audit departments, as well as the Company's independent public accountants and counsel. 12.3 Each director, officer and employee who is involved in the Company's disclosure process must: ● be familiar with and comply with the Company's disclosure controls and procedures and its internal control over financial reporting; and ● take all necessary steps to ensure that all filings with the SEC and all other public communications about the financial and business condition of the Company provide full, fair, accurate, timely and understandable disclosure. 13. Anti-Bribery and Anti-Corruption 13.1 OneSpan acts openly, honest, and direct. No employees, officer or director shall offer, give or accept money or anything of value from third parties, including customers and partners, to improperly obtain or retain business, secure an improper advantage, or otherwise influence them to act improperly. This applies to engagements with third parties from both commercial and public sectors. 13.2 OneSpan is committed to comply with the U.S. Foreign Corrupt Practices Act, the UK Bribery Act and as well as other applicable national, local or international anti-bribery standards. OneSpan strictly prohibits offering bribes to a government official for the purpose of attempting to influence, obtain or retain business or for any other improper purpose. 13.3 Paying bribes in connection with purely private sector transactions is prohibited as well. Corrupt activities of any kind have no place at OneSpan. 14. Corporate Opportunities All directors, officers and employees owe a duty to the Company to advance its interests when the opportunity arises. Directors, officers and employees are prohibited from taking for themselves personally (or for the benefit of friends or family members) opportunities that are discovered through the use of Company assets, property, information or position. Directors, officers and employees may not use Company assets, property, information or position for personal gain (including gain of friends or family members). 15. Insider Trading Everyone at OneSpan is prohibited from providing inside information—about the Company or its suppliers, customers, or other third parties—to others. Insider trading, insider dealing, and stock tipping are criminal offenses in most countries where OneSpan does business. Employees shall follow the Company’s Insider Trading Policy. If you have any questions regarding this type of information, contact Legal Department for advice. 121 West Wacker Drive, Suite 2050, Chicago, Illinois 60601 USA OneSpan.com Revsied December 14, 2017 16. Anti-Competition Conduct OneSpan succeeds by competing vigorously and fairly in the marketplace in compliance with applicable antitrust, competition, and other laws and regulations designed to promote fair competition, free trade, and encourage ethical and legal behavior among competitors. 17. Trade Compliance As a U.S. company, OneSpan’s hardware and software products, services, and technology (i.e., technical data for the design, development, production or use of those products and source code) are subject to both U.S. and non-U.S. export laws and regulations. Before OneSpan products, services and technology can be exported, re-exported, or delivered anywhere, OneSpan must validate that it has the authorization to export under U.S. export regulations, European Union financial sanctions and the EU Dual-Use Export Control Regulations and any applicable trade compliance laws and regulations. 18. Reporting and Enforcement 18.1 Reporting and Investigation of Violations. (a) Actions prohibited by this Code involving board directors or executive officers must be reported to the Board’s Governance Committee by the Chief Compliance Officer. (b) Actions prohibited by this Code involving anyone other than a board director or executive officer must be reported to the Local Human Resource Manager, Chief Compliance Officer or to file a report via the internet, go to the Company’s report hotline. (c) After receiving a report of an alleged prohibited action, the Board’s Governance Committee, Local Human Resource Manager or the Chief Compliance Officer must promptly take all appropriate actions necessary to investigate. (d) All directors, officers and employees are expected to cooperate in any internal investigation of misconduct. 18.2 Enforcement. (a) The Company must ensure prompt and consistent action against violations of this Code. (b) If, after investigating a report of an alleged prohibited action by a director or executive officer, the Board’s Governance Committee determines that a violation of this Code has occurred, the Board’s Governance Committee will report such determination to the Board of Directors. (c) If, after investigating a report of an alleged prohibited action by any other person, Local Human Resource Manager or the Chief Compliance Officer determines that a 121 West Wacker Drive, Suite 2050, Chicago, Illinois 60601 USA OneSpan.com Revsied December 14, 2017 violation of this Code has occurred, Local Human Resource Manager will report such determination to the Chief Compliance Officer. (d) Upon receipt of a determination that there has been a violation of this Code, the Board of Directors or the Chief Compliance Officer will take such preventative or disciplinary action as it deems appropriate, including, but not limited to, reassignment, demotion, dismissal and, in the event of criminal conduct or other serious violations of the law, notification of appropriate governmental authorities. 18.3 Waivers. (a) Each of the Board of Directors (in the case of a violation by a director or executive officer) and the Chief Compliance Officer (in the case of a violation by any other person) may, in its discretion, waive any violation of this Code. (b) Any waiver for a director or an executive officer shall be disclosed as required by SEC and NASDAQ rules. 18.4 Prohibition on Retaliation. The Company does not tolerate acts of retaliation against any director, officer or employee who makes a good faith report of known or suspected acts of misconduct or other violations of this Code. 19. Monitoring Compliance and Disciplinary Action 19.1 The Company’s management, under the supervision of its Board or its Audit Committee, shall take reasonable steps from time to time to (i) monitor compliance with this Code, and (ii) when appropriate, impose and enforce appropriate disciplinary measures for violations of this Code. 19.2 Disciplinary measures for violations of this Code may include, but are not limited to, counseling, oral or written reprimands, warnings, termination of employment or service. 19.3 The Company’s management shall periodically report to the Board or the Audit Committee, as applicable, on these compliance efforts including, without limitation, periodic reporting of alleged violations of this Code and the actions taken with respect to any such violation. 121 West Wacker Drive, Suite 2050, Chicago, Illinois 60601 USA OneSpan.com Revsied December 14, 2017 Exhibit 21 Entity Name OneSpan Australia Pty Ltd OneSpan Pty Ltd OneSpan Austria GmbH OneSpan Europe NV OneSpan NV OneSpan Seguranca de Dados Brasil Ltda Dealflo Technology Inc. OneSpan Canada Inc. OneSpan Software (Beijing) Co. Ltd. OneSpan Software (Beijing) Co. Ltd. (Shanghai Branch) OneSpan France SAS OneSpan Japan Kabushiki Kaisha Diginotar Notariaat B.V. OneSpan Netherlands B.V. OneSpan Asia Pacific Pte Ltd OneSpan International GmbH OneSpan Solutions GmbH OneSpan Middle East FZE Risk IDS Limited OneSpan Solutions UK Limited OneSpan Technology Limited VASCO Digital Automation Limited OneSpan Solutions Limited OneSpan Inc. OneSpan North America Inc. Place of Registration Australia Australia Austria Belgium Belgium Brazil New Brunswick, Canada New Brunswick, Canada China China France Japan Netherlands Netherlands Singapore Switzerland Switzerland Dubai, United Arab Emirates United Kingdom United Kingdom United Kingdom United Kingdom United Kingdom State of Delaware State of Delaware Consent of Independent Registered Public Accounting Firm Exhibit 23 The Board of Directors OneSpan Inc.: We consent to the incorporation by reference in the registration statements (No. 333-234406) on Form S-3 and (Nos 333-62829, 333-161158 and 333-232207) on Form S-8 of OneSpan Inc. of our reports dated February 25, 2021, with respect to the consolidated balance sheets of OneSpan Inc. as of December 31, 2020 and 2019, the related consolidated statements of operations, comprehensive income (loss), stockholders’ equity, and cash flows for each of the years in the three-year period ended December 31, 2020, and the related notes and financial statement schedule II (collectively, the consolidated financial statements), and the effectiveness of internal control over financial reporting as of December 31, 2020, which reports appear in the December 31, 2020 annual report on Form 10-K of OneSpan Inc. Our report dated February 25, 2021, on the consolidated financial statements refers to the adoption of Accounting Standards Update (ASU) No. 2016-13, Measurement of Credit Losses on Financial Instruments, as of January 1, 2020, and the adoption of Accounting Standard Codification (ASC) Topic 842, Leases, as of January 1, 2019. Chicago, Illinois February 25, 2021 /s/ KPMG LLP Certification of Principal Executive Officer Pursuant to Section 302 of the Sarbanes-Oxley Act of 2002 Exhibit 31.1 I, Scott Clements, certify that: 1. 2. 3. 4. I have reviewed this annual report on Form 10-K of OneSpan Inc.; Based on my knowledge, this report does not contain any untrue statement of a material fact or omit to state a material fact necessary in order to make the statements made, in light of the circumstances under which such statements were made, not misleading with respect to the period covered by this report; Based on my knowledge, the financial statements, and other financial information included in this report, fairly present in all material respects the financial condition, results of operations and cash flows of the registrant as of, and for, the periods presented in this report; The registrant’s other certifying officer and I are responsible for establishing and maintaining disclosure controls and procedures (as defined in Exchange Act Rules 13a-15(e) and 15d-15(e)) and internal control over financial reporting (as defined in Exchange Act Rules 13a-15(f) and 15d-15(f)) for the registrant and have: (a) (b) (c) (d) Designed such disclosure controls and procedures, or caused such disclosure controls and procedures to be designed under our supervision, to ensure that material information relating to the registrant, including its consolidated subsidiaries, is made known to us by others within those entities, particularly during the period in which this report is being prepared; and Designed such internal control over financial reporting, or caused such internal control over financial reporting to be designed under our supervision, to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles; and Evaluated the effectiveness of the registrant’s disclosure controls and procedures and presented in this report our conclusions about the effectiveness of the disclosure controls and procedures as of the end of the period covered by the report based on such evaluation; and Disclosed in this report any change in the registrant’s internal control over financial reporting that occurred during the registrant’s most recent fiscal quarter (the registrant’s fourth fiscal quarter in the case of an annual report) that has materially affected, or is reasonably likely to materially affect, the registrant’s internal control over financial reporting. 5. The registrant’s other certifying officer and I have disclosed, based on our most recent evaluation of internal control over financial reporting, to the registrant’s auditors and the audit committee of registrant’s board of directors (or persons performing the equivalent functions): (a) (b) All significant deficiencies and material weaknesses in the design or operation of internal control over financial reporting which are reasonably likely to adversely affect the registrant’s ability to record, process, summarize and report financial information; and Any fraud, whether or not material, that involves management or other employees who have a significant role in the registrant’s internal control over financial reporting. Dated: February 25, 2021 /s/ Scott Clements Scott Clements President and Chief Executive Officer (Principal Executive Officer) Certification of Principal Financial Officer Pursuant to Section 302 of the Sarbanes-Oxley Act of 2002 Exhibit 31.2 I, Mark S. Hoyt, certify that: 1. 2. 3. 4. I have reviewed this annual report on Form 10-K of OneSpan Inc.; Based on my knowledge, this report does not contain any untrue statement of a material fact or omit to state a material fact necessary in order to make the statements made, in light of the circumstances under which such statements were made, not misleading with respect to the period covered by this report; Based on my knowledge, the financial statements, and other financial information included in this report, fairly present in all material respects the financial condition, results of operations and cash flows of the registrant as of, and for, the periods presented in this report; The registrant’s other certifying officer and I are responsible for establishing and maintaining disclosure controls and procedures (as defined in Exchange Act Rules 13a-15(e) and 15d-15(e)) and internal control over financial reporting (as defined in Exchange Act Rules 13a-15(f) and 15d-15(f)) for the registrant and have: (a) Designed such disclosure controls and procedures, or caused such disclosure controls and procedures to be designed under our supervision, to ensure that material information relating to the registrant, including its consolidated subsidiaries, is made known to us by others within those entities, particularly during the period in which this report is being prepared; and (b) Designed such internal control over financial reporting, or caused such internal control over financial reporting to be designed under our supervision, to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles; and (c) Evaluated the effectiveness of the registrant’s disclosure controls and procedures and presented in this report our conclusions about the effectiveness of the disclosure controls and procedures as of the end of the period covered by the report based on such evaluation; and (d) Disclosed in this report any change in the registrant’s internal control over financial reporting that occurred during the registrant’s most recent fiscal quarter (the registrant’s fourth fiscal quarter in the case of an annual report) that has materially affected, or is reasonably likely to materially affect, the registrant’s internal control over financial reporting. 5. The registrant’s other certifying officer and I have disclosed, based on our most recent evaluation of internal control over financial reporting, to the registrant’s auditors and the audit committee of registrant’s board of directors (or persons performing the equivalent functions): (a) All significant deficiencies and material weaknesses in the design or operation of internal control over financial reporting which are reasonably likely to adversely affect the registrant’s ability to record, process, summarize and report financial information; and (b) Any fraud, whether or not material, that involves management or other employees who have a significant role in the registrant’s internal control over financial reporting. Dated: February 25, 2021 /s/ Mark S. Hoyt Mark S. Hoyt Chief Financial Officer (Principal Financial Officer and Principal Accounting Officer) CERTIFICATION OF CHIEF EXECUTIVE OFFICER Pursuant to 18 U.S.C. Section 1350, as adopted pursuant to Section 906 of the Sarbanes-Oxley Act of 2002 Exhibit 32.1 In connection with the filing with the Securities and Exchange Commission of the Annual Report of OneSpan Inc. (the company) on Form 10-K for the period ended December 31, 2020 (the Report), I, Scott Clements, President and Chief Executive Officer of the company, certify, pursuant to 18 U.S.C. Section 1350, as adopted pursuant to Section 906 of the Sarbanes-Oxley Act of 2002, that to the best of my knowledge: i. ii. The Report fully complies with the requirements of section 13(a) or 15(d) of the Securities Exchange Act of 1934; and The information contained in the Report fairly presents, in all material respects, the financial condition and results of operations of the company. /s/ Scott Clements Scott Clements President and Chief Executive Officer February 25, 2021 CERTIFICATION OF CHIEF FINANCIAL OFFICER Pursuant to 18 U.S.C. Section 1350, as adopted pursuant to Section 906 of the Sarbanes-Oxley Act of 2002 Exhibit 32.2 In connection with the filing with the Securities and Exchange Commission of the Annual Report of OneSpan Inc. (the company) on Form 10-K for the period ended December 31, 2020 (the Report), I, Mark S. Hoyt, Chief Financial Officer of the company, certify, pursuant to 18 U.S.C. Section 1350, as adopted pursuant to Section 906 of the Sarbanes-Oxley Act of 2002, that to the best of my knowledge: i. ii. The Report fully complies with the requirements of section 13(a) or 15(d) of the Securities Exchange Act of 1934; and The information contained in the Report fairly presents, in all material respects, the financial condition and results of operations of the company. /s/ Mark S. Hoyt Mark S. Hoyt Chief Financial Officer February 25, 2021
Continue reading text version or see original annual report in PDF format above