---
ticker: BEN
company: BEN
filing_type: 10-K
year_current: 2024
year_prior: 2023
risks_added: 0
risks_removed: 0
risks_modified: 4
risks_unchanged: 28
source: SEC EDGAR
url: https://riskdiff.com/ben/2024-vs-2023/
markdown_url: https://riskdiff.com/ben/2024-vs-2023/index.md
generated: 2026-06-01
---

# BEN: 10-K Risk Factor Changes 2024 vs 2023

> Source: U.S. Securities and Exchange Commission (EDGAR)  
> Generated: 2026-06-01  
> All data extracted directly from official filings. No hallucinated content.

## Summary

| Status | Count |
|--------|-------|
| New risks added | 0 |
| Risks removed | 0 |
| Risks modified | 4 |
| Unchanged | 28 |

---

## Modified: Any significant limitation, failure or security breach of our information and cybersecurity infrastructure, software applications, technology or other systems, or those of our third-party providers, that are critical to our operations could disrupt our business and harm our operations and reputation.

**Key changes:**

- Reworded sentence: "We are also dependent on the continuity and effectiveness of our information and cybersecurity infrastructure, management oversight and reporting framework, policies, procedures and capabilities to protect our computer and telecommunications systems and the data that reside on or are transmitted through them and contracted third-party systems."

**Prior (2023):**

We are highly dependent upon the use of various proprietary and third-party information and security technology, software applications, external third-party services and other technology systems, and remote equipment and connectivity infrastructure, to access critical business systems necessary to operate our business. We are also dependent on the continuity and effectiveness of our information and cyber security infrastructure, management oversight and reporting framework, policies, procedures and capabilities to protect our computer and telecommunications systems and the data that reside on or are transmitted through them and contracted third-party systems. We use technology on a daily basis in our business to, among other things, support our business continuity and operations, process and transmit confidential communications, store and maintain data, obtain securities pricing information, process client transactions, and provide reports and other services to our clients. Any disruptions, inaccuracies, delays, theft, systems failures, data security or privacy breaches, cyber attacks or cyber-related fraud, or other security breaches in these and other processes could subject us to significant client dissatisfaction and losses and damage our reputation. We and our third-party service providers have been, and we expect to continue to be, the subject of these types of risks, breaches and/or attacks, as well as attempts to co-opt our brand. Although we take protective measures, including measures to secure and protect information through system security technology and our internal security procedures, we can provide no assurance that any of these measures will prove effective or comply with evolving information security standards. The technology systems we use remain vulnerable to denial of service attacks, unauthorized access, computer viruses, potential human errors and other events and circumstances that may have a security impact, such as an external or internal hacker attack by one or more cyber criminals (including through the use of phishing attacks, malware, ransomware and other methods and activities maliciously designed to obtain and exploit confidential information and to cause system and service disruption and other damage) or our personnel or vendors inadvertently or recklessly causing us to release confidential information, which could materially harm our operations and reputation. Potential system disruptions, failures or breaches of the technology we use or the security infrastructure we rely upon, including the third-party applications and third-party services we use, could result in: (i) material financial loss or costs, (ii) delays in clients' ability to access account information or in our ability to process transactions, (iii) the unauthorized disclosure or modification of sensitive or confidential client and business information, (iv) loss of valuable information, (v) breach of client and vendor contracts, (vi) liability for stolen assets, information or identity, (vii) remediation costs to repair damage caused by the failure or breach, (viii) additional security and organizational costs to mitigate against future incidents, (ix) reputational harm, (x) loss of confidence in our business and products, (xi) liability for failure to review and disclose applicable incidents or provide relevant updated disclosure properly and timely, (xii) regulatory investigations or actions, and/or (xiii) legal claims, litigation, and liability costs, any one or more of which may be material. Moreover, loss or unauthorized disclosure or transfer of confidential and proprietary data or confidential customer identification information could further harm our reputation and subject us to liability under laws that protect confidential data and personal information, resulting in increased costs or a decline in our revenues or common stock price. Further, although we take precautions to password protect and encrypt our laptops and sensitive information on our mobile electronic devices, if such devices are stolen, misplaced or left unattended, they may become vulnerable to hacking or other 22 22 22 Table of Contents Table of Contents unauthorized use, creating a possible security risk, which may require us to incur additional administrative costs and/or take remedial actions. In addition, failure to manage and operate properly the data centers and third-party cloud storage and computing application services we use could have an adverse impact on our business. Although we have in place certain disaster recovery plans, we may experience system delays and interruptions as a result of natural disasters, power failures, acts of war, and third-party failures.

**Current (2024):**

We are highly dependent upon the use of various proprietary and third-party information and security technology, software applications, external third-party services and other technology systems, and remote equipment and connectivity infrastructure, to access critical business systems necessary to operate our business. We are also dependent on the continuity and effectiveness of our information and cybersecurity infrastructure, management oversight and reporting framework, policies, procedures and capabilities to protect our computer and telecommunications systems and the data that reside on or are transmitted through them and contracted third-party systems. We use technology and third-party providers on a daily basis in our business to, among other things, support our business continuity and operations, process and transmit confidential communications, store and maintain confidential and proprietary data including personal employee and/or client data, obtain securities pricing information, process client transactions, and provide reports and other services to our clients. In addition, developments in our use of process automation and artificial intelligence further heighten our dependency on technology. Any disruptions, inaccuracies, mismanagement, delays, theft, systems failures, data security or privacy breaches, cybersecurity threats, incidents, attacks or other cyber-related fraud, or other security breaches in these and other processes, could subject us to significant client dissatisfaction and losses and damage our reputation. We and our third-party providers have been, and we expect to continue to be, the subject of these types of risks, breaches and/or attacks, as well as attempts to co-opt our brand. Ongoing advances in technology, including generative artificial intelligence, as well as the malicious use of such technology, could further heighten the risks to our business. Although we take protective measures, including measures to secure and protect information through system security technology and our internal security procedures, as well as measures to assess third-party provider security posture and controls, we can provide no assurance that any of these measures will prove effective or comply with evolving information security standards, particularly given the evolving nature and sophistication of cyber and technology threats and attacks. The technology systems we use or rely on, including those provided and/or leveraged by third-party providers, remain vulnerable to denial of service attacks, unauthorized access, computer viruses, human error and other events and circumstances that may have a security impact, such as an external or internal hacker attack by one or more cyber criminals (including through the use of social engineering, phishing attacks, malware, ransomware and other methods and activities maliciously designed to obtain and exploit confidential information and to cause system and service disruption and other damage) and to our personnel or vendors inadvertently or recklessly causing release of confidential information, which could materially harm our operations and reputation. System disruptions, failures or breaches of the technology we use or the security infrastructure we rely upon, including third-party applications and services, or our failure to properly manage, mitigate, disclose or communicate a cybersecurity incident, could result in: (i) material financial loss or costs, (ii) delays in clients' ability to access account information or in our ability to process transactions, (iii) the unauthorized disclosure or modification of sensitive or confidential client and business information, (iv) loss of valuable information, (v) breach of client and vendor contracts, (vi) liability for stolen assets, information or identity, (vii) remediation costs to repair damage caused by the failure or breach, (viii) additional security and organizational costs to mitigate against future incidents, (ix) reputational harm, (x) loss of confidence in our business and products, (xi) liability for failure to review and disclose applicable incidents or provide relevant updated disclosure properly and timely, (xii) regulatory investigations or actions, and/or (xiii) legal claims, litigation, and liability costs, any one or more of which may be material. Moreover, loss or unauthorized disclosure or transfer of confidential and proprietary data or confidential customer identification information could further harm our 22 22 22 Table of Contents Table of Contents reputation and subject us to liability under laws that protect confidential data and personal information, resulting in increased costs or a decline in our revenues or common stock price. Further, although we take precautions to password protect and encrypt our laptops and sensitive information on our mobile electronic devices, if such devices are stolen, misplaced or left unattended, they may become vulnerable to hacking or other unauthorized use, creating a possible security risk, which may require us to incur additional administrative costs and/or take remedial actions. In addition, failure to manage and operate properly the data centers and third-party cloud storage and computing application services we use could have an adverse impact on our business. Although we have in place certain disaster recovery plans, we may experience system delays and interruptions as a result of natural disasters, power failures, acts of war, and third-party failures.

---

## Modified: We may not effectively manage risks associated with the replacement of benchmark indices.

**Key changes:**

- Reworded sentence: "The replacement of benchmark indices may impose a number of risks on our business, our clients and the financial services industry more widely."
- Removed sentence: "LIBOR was replaced by the Secured Overnight Financing Rate and other alternatives in June 2023."

**Prior (2023):**

The replacement of widely used benchmark indices such as the London Interbank Offered Rate ("LIBOR") with alternative benchmark rates may impose a number of risks on our business, our clients and the financial services industry more widely. These include financial risks arising from changes in the valuation of financial instruments linked to benchmark indices, pricing and operational risks, and legal implementation and revised documentation. LIBOR was replaced by the Secured Overnight Financing Rate and other alternatives in June 2023. We may from time to time face operational challenges implementing successor benchmarks.

**Current (2024):**

The replacement of benchmark indices may impose a number of risks on our business, our clients and the financial services industry more widely. These include financial risks arising from changes in the valuation of financial instruments linked to benchmark indices, pricing and operational risks, and legal implementation and revised documentation. We may from time to time face operational challenges implementing successor benchmarks.

---

## Modified: Our ability to manage and grow our business successfully can be impeded by systems and other technological limitations.

**Key changes:**

- Reworded sentence: "Moreover, adapting or developing the existing technology systems we use to meet our internal needs, as well as client needs, industry demands and new 21 21 21 Table of Contents Table of Contents regulatory requirements, is also critical for our business."
- Reworded sentence: "On an ongoing basis, we need to upgrade and improve our technology, including our technology platform, data processing, financial, accounting, shareholder servicing and trading systems."
- Reworded sentence: "These needs could continue to present operational issues or require significant capital spending, and may require us to reevaluate the current value and/or expected useful lives of the technology we use or intend to use, which could negatively impact our results of operations."

**Prior (2023):**

Our continued success in effectively managing and growing our business depends on our ability to integrate our varied accounting, financial, information, and operational systems on a global basis. Moreover, adapting or developing the existing technology systems we use to meet our internal needs, as well as client needs, industry demands and new regulatory requirements, is also critical for our business. The introduction of new technologies presents new challenges to us. On an ongoing basis, we need to upgrade and improve our technology, including our data processing, financial, accounting, shareholder servicing and trading systems. Further, we also must be proactive and prepared to implement new technology when growth opportunities present themselves, whether as a result of a business acquisition or rapidly increasing business activities in particular markets or regions. These needs could present operational issues or require significant capital spending, and may require us to reevaluate the current value and/or expected useful lives of the technology we use, which could negatively impact our results of operations. In addition, technology is subject to rapid advancements and changes and our competitors may, from time to time, implement newer technologies or more advanced platforms for their services and products, including digital advisers, digital wealth and distribution tools, crypto asset tools and other advanced electronic systems, which could adversely affect our business if we are unable to remain competitive.

**Current (2024):**

Our continued success in effectively managing and growing our business depends on our ability to integrate our varied accounting, financial, information, and operational systems on a global basis. Moreover, adapting or developing the existing technology systems we use to meet our internal needs, as well as client needs, industry demands and new 21 21 21 Table of Contents Table of Contents regulatory requirements, is also critical for our business. The introduction of new technologies presents new challenges to us. On an ongoing basis, we need to upgrade and improve our technology, including our technology platform, data processing, financial, accounting, shareholder servicing and trading systems. For example, in July 2024, we selected a third-party technology solution to further support our investment management process and unify our investment management technology platform across asset classes to reduce complexity and support business growth, subject to a multi-year transition and implementation period. Further, we also must be proactive and prepared to implement new technology when growth opportunities present themselves, whether as a result of a business acquisition or rapidly increasing business activities in particular markets or regions. These needs could continue to present operational issues or require significant capital spending, and may require us to reevaluate the current value and/or expected useful lives of the technology we use or intend to use, which could negatively impact our results of operations. In addition, technology is subject to rapid advancements and changes and our competitors may, from time to time, implement newer technologies or more advanced platforms for their services and products, including investment management platforms, digital advisers, digital wealth and distribution tools, digital asset tools and other advanced electronic systems, which could adversely affect our business if we are unable to remain competitive.

---

## Modified: We may be adversely affected if any of our third-party providers is subject to a successful cyber or security attack.

**Key changes:**

- Reworded sentence: "Due to our interconnectivity with and dependency upon third-party providers, including advisors, central agents, exchanges, clearing organizations and other financial institutions, we may be adversely affected if any of them is subject to a successful cyber attack or other privacy or information security event or disruption."

**Prior (2023):**

Due to our interconnectivity with and dependency upon third-party vendors, advisors, central agents, exchanges, clearing organizations and other financial institutions, we may be adversely affected if any of them is subject to a successful cyber attack or other privacy or information security event. Most of the software applications that we use in our business are licensed from, and supported, upgraded and maintained by, third-party vendors. Our third-party applications include enterprise cloud storage and cloud computing application services provided and maintained by third-party vendors. Any breach, suspension or termination of certain of these licenses or the related support, upgrades and maintenance could cause temporary system delays or interruption that could adversely impact our business. Our third-party applications and third-party services may include confidential and proprietary data, including personal employee and/or client data. 21 21 21 Table of Contents Table of Contents

**Current (2024):**

Due to our interconnectivity with and dependency upon third-party providers, including advisors, central agents, exchanges, clearing organizations and other financial institutions, we may be adversely affected if any of them is subject to a successful cyber attack or other privacy or information security event or disruption. Cybersecurity issues affecting third-party providers are a growing concern in the asset management industry. Many services that we use in our business are delivered from and supported, upgraded and maintained by, third-party providers. A breach, suspension or termination of these services or related support, upgrades and maintenance could cause temporary system delays or interruption that could adversely impact our business.

---

*Data sourced from SEC EDGAR. Last updated 2026-06-01.*