Financial Information
Jump to a Section:
PART I
Item 1A. Risk Factors.
Technology, Information Protection, and Privacy Risks
A failure to keep pace with developments in technology could impair our operations or competitive position. The lodging industry continues to demand the use of sophisticated technology and systems, including those used for our reservation, revenue management, property management, human resources and payroll systems, our Loyalty Programs, and technologies we make available to our guests and for our associates. These technologies and systems must be refined, updated, and/or replaced with more advanced systems on a regular basis, and our business could suffer if we cannot do that as quickly or effectively as our competitors or within budgeted costs and time frames. We also may not achieve the benefits that we anticipate from any new technology or system, and a failure to do so could result in higher than anticipated costs or could impair our operating results.
An increase in the use of third-party Internet services to book online hotel reservations could adversely impact our business. Some of our hotel rooms are booked through Internet travel intermediaries such as Expedia.com®, Priceline.com®, Booking.comâ„¢, Travelocity.com®, and Orbitz.com®, as well as lesser-known online travel service providers. These intermediaries initially focused on leisure travel, but now also provide offerings for corporate travel and group meetings. Although our Best Rate Guarantee programs have helped limit guest preference shift to intermediaries and greatly reduced the ability of intermediaries to undercut the published rates at our hotels, intermediaries continue to use a variety of aggressive online marketing methods to attract guests, including the purchase, by certain companies, of trademarked online keywords such as “Marriott” from Internet search engines such as Google®, Bing®, Yahoo®, and Baidu® to steer guests toward their websites (a practice that has been challenged by various trademark owners in federal court). Although we have successfully limited these practices through contracts with key online intermediaries, the number of intermediaries and related companies that drive traffic to intermediaries’ websites is too large to permit us to eliminate this risk entirely. Our business and profitability could be harmed if online intermediaries succeed in significantly shifting loyalties from our lodging brands to their travel services, diverting bookings away from our direct online channels, or through their fees, increase the overall cost of Internet bookings for our hotels. In addition, if we fail to reach satisfactory agreements as our contracts with intermediaries come up for periodic renewal, our hotels might no longer appear on their websites and we could lose business as a result.
We are exposed to risks and costs associated with protecting the integrity and security of company employee and guest data. Our businesses process, use, and transmit large volumes of employee and guest data, including credit card numbers and other personal information in various information systems that we maintain and in systems maintained by third parties, including our owners, franchisees and licensees, as well as our service providers, in areas such as human resources outsourcing, website hosting, and various forms of electronic communications. The integrity and protection of that guest, employee, and company data is critical to our business. If that data is inaccurate or incomplete, we could make faulty decisions.
Our guests and employees also have a high expectation that we, as well as our owners, franchisees, licensees, and service providers, will adequately protect their personal information. The information, security, and privacy requirements imposed by laws and governmental regulation and the requirements of the payment card industry are also increasingly demanding, in the U.S., the European Union, Asia, and other jurisdictions where we operate. Our systems and the systems maintained or used by our owners, franchisees, licensees, and service providers may not be able to satisfy these changing legal and regulatory requirements and employee and guest expectations, or may require significant additional investments or time to do so.
Cyber-attacks could have a disruptive effect on our business. Efforts to hack or breach security measures, failures of systems or software to operate as designed or intended, viruses, “ransomware” or other malware, operator error, or inadvertent releases of data may materially impact our information systems and records and those of our owners, franchisees, licensees, or service providers. Our reliance on computer, Internet-based and mobile systems and communications and the frequency and sophistication of efforts by hackers to gain unauthorized access or prevent authorized access to such systems have greatly increased in recent years. A significant theft, loss, loss of access to, or fraudulent use of guest, employee, or company data could adversely impact our reputation and could result in remedial and other expenses, fines, or litigation. Breaches in the security of our information systems or those of our owners, franchisees, licensees, or service providers or other disruptions in data services could lead to an interruption in the operation of our systems, resulting in operational inefficiencies and a loss of profits. In addition, although we carry cyber/privacy liability insurance that is designed to protect us against certain losses related to cyber risks, that insurance coverage may not be sufficient to cover all losses or all types of claims that may arise in connection with cyber-attacks, security breaches, and other related breaches. Furthermore, in the future such insurance may not be available to us on commercially reasonable terms, or at all.
Changes in privacy and data security laws could increase our operating costs, increase our exposure to fines and litigation, and adversely affect our ability to market our products effectively. We are subject to numerous laws, regulations, and contractual obligations designed to protect personal information, including in the European Union, Asia, and other jurisdictions. Non-U.S. data privacy and data security laws, various U.S. federal and state laws, credit card industry security standards, and other information privacy and security standards are all applicable to us. Compliance with changes in applicable data privacy laws and regulations and contractual obligations may increase our operating costs, increase our exposure to fines and litigation in the event of alleged non-compliance, and adversely affect our reputation.
Additionally, we rely on a variety of direct marketing techniques, including email marketing, online advertising, and postal mailings. Any further restrictions in laws such as the CANSPAM Act, and various U.S. state laws, or new federal laws on marketing and solicitation or international privacy, e-privacy, and anti-spam laws that govern these activities could adversely affect the continuing effectiveness of email, online advertising, and postal mailing techniques and could force further changes in our marketing strategy. If this occurs, we may not be able to develop adequate alternative marketing strategies, which could impact the amount and timing of our sales of certain products. We also obtain access to potential guests from travel service providers or other companies with whom we have substantial relationships, and we market to some individuals on these lists directly or by including our marketing message in the other company’s marketing materials. If access to these lists were to be prohibited or otherwise restricted, our ability to develop new guests and introduce them to our products could be impaired.
Any disruption in the functioning of our reservation systems, as part of our integration of Starwood or otherwise, could adversely affect our performance and results. We manage global reservation systems that communicate reservations to our branded hotels that individuals make directly with us online, through our mobile apps, through our telephone call centers, or through intermediaries like travel agents, Internet travel websites, and other distribution channels. The cost, speed, accuracy and efficiency of our reservation systems are critical aspects of our business and are important considerations for hotel owners when choosing our brands. Our business may suffer if we fail to maintain, upgrade, or prevent disruption to our reservation systems. In addition, the risk of disruption in the functioning of our global reservation systems could increase with the anticipated systems integration that is part of our integration of Starwood. Disruptions in or changes to our reservation systems could result in a disruption to our business and the loss of important data.
Other Risks
Changes in laws and regulations could reduce our profits or increase our costs. We are subject to a wide variety of laws, regulations, and policies in jurisdictions around the world, including those for financial reporting, taxes, healthcare, cybersecurity, privacy, climate change, and the environment. Changes to these laws, regulations, or policies, including those associated with health care, tax or financial reforms, climate change and the environment, could reduce our profits. We also anticipate that many of the jurisdictions where we do business will continue to review taxes and other revenue raising measures, and any resulting changes could impose new restrictions, costs, or prohibitions on our current practices or reduce our profits. In particular, governments may revise tax laws, regulations, or official interpretations in ways that could significantly impact us, and other modifications could reduce the profits that we can effectively realize from our operations or could require costly changes to those operations or the way in which they are structured.
Uncertainties in the interpretation and application of the 2017 Tax Cuts and Jobs Act could materially affect our tax obligations and effective tax rate. On December 22, 2017, the U.S. enacted comprehensive tax legislation, commonly referred to as the 2017 Tax Cuts and Jobs Act (the “2017 Tax Act”), which significantly affected U.S. tax law by changing how the U.S. imposes income tax on multinational corporations. The 2017 Tax Act requires complex computations not previously required by U.S. tax law. As such, the application of accounting guidance for such items is currently uncertain. Further, compliance with the 2017 Tax Act and the accounting for such provisions require preparation and analysis of information not previously required or regularly produced. In addition, the U.S. Department of Treasury has broad authority to issue regulations and interpretative guidance that may significantly impact how we will apply the law and impact our results of operations in future periods. Accordingly, while we have provided a provisional estimate on the effect of the 2017 Tax Act in our Financial Statements, further regulatory or GAAP accounting guidance for the 2017 Tax Act, our further analysis on the application of the law, and refinement of our initial estimates and calculations could materially change our current provisional estimates, which could in turn materially affect our tax obligations and effective tax rate.
If we cannot attract and retain talented associates, our business could suffer. We compete with other companies both within and outside of our industry for talented personnel. If we cannot recruit, train, develop, and retain sufficient numbers of talented associates, we could experience increased associate turnover, decreased guest satisfaction, low morale, inefficiency, or internal control failures. Insufficient numbers of talented associates could also limit our ability to grow and expand our businesses. A shortage of skilled labor could also result in higher wages that would increase our labor costs, which could reduce our profits.
Delaware law and our governing corporate documents contain, and our Board of Directors could implement, anti-takeover provisions that could deter takeover attempts. Under the Delaware business combination statute, a shareholder holding 15 percent or more of our outstanding voting stock could not acquire us without Board of Director consent for at least three years after the date the shareholder first held 15 percent or more of the voting stock. Our governing corporate documents also, among other things, require supermajority votes for mergers and similar transactions. In addition, our Board of Directors could, without shareholder approval, implement other anti-takeover defenses, such as a shareholder rights plan.