What Moody's Corporation told the SEC could break it.

Cyberattacks, system/website malfunctions, data-processing disruptions or vendor failures could compromise the confidentiality, integrity or availability of material information Moody's holds — including material nonpublic information concerning rated customers and personally identifiable information, whose disclosure could lead to identity theft and liability.

“Such events may compromise the confidentiality, integrity, or availability of material information held by the Company (including information about Moody's business, employees or customers), as well as other sensitive data, including personally identifiable information, the disclosure of which could lead to identity theft.”

About 52% of Moody's assets were located outside the U.S. at year-end 2025 with significant operations in British pound and euro functional currencies; a 10% euro strengthening would have an ~$430 million unfavorable impact to its cross-currency swaps' fair value (in OCI), and ~$1.8B of its $2.4B cash is offshore (~38% in EUR/GBP).

“As of December 31, 2025, approximately 52% of Moody's assets were located outside the U.S., making the Company susceptible to fluctuations in FX rates.”

Moody's overseas operations face U.S. export/import restrictions, tariffs and sanctions tied to the U.S.-China relationship and Russia (Russia-Ukraine conflict); U.S. sanctions increasingly target Chinese persons, and China's blocking statute limiting the effect of foreign sanctions creates conflicts of law that may force difficult compliance choices.

“such as those related to the U.S.'s relationship with China and embargoes and sanctions laws with respect to Russia, including the Russia-Ukraine military conflict. For example, U.S. economic sanctions have increasingly targeted Chinese persons. In response, China issued a blocking statute that establishes a framework for limiting the effect of foreign sanctions on Chinese persons.”

Moody's business relies on Third-Party Technology that could become unavailable or fail and be hard to replace timely; certain aspects rely on a concentrated group of vendors, where a cybersecurity breach or error by one or more such vendors could significantly impact Moody's operations and those of its customers.

“certain aspects of the Company's business rely on a concentrated group of vendors, and a cybersecurity breach or event and/or an error caused by one or more of such vendors could have a significant impact on the Company's operations, as well as the operations of the Company's customers and other Third-Party Technology.”