ProNAi Therapeutics Inc

We intend to initially focus our product candidate development on treatments for various oncology indications, including myelofibrosis. The addressable patient populations that may benefit from treatment with our product candidates, if approved, are based on our estimates. These estimates, which have been derived from a variety of sources, including scientific literature, surveys of clinics, patient foundations and market research, may prove to be incorrect. Further, new studies may change the estimated incidence or prevalence of these diseases. Any regulatory approval of our product candidates would be limited to the therapeutic indications examined in our clinical trials and as determined by the FDA, which would not permit us to market our products for any other therapeutic indications not expressly approved by the FDA. Additionally, the potentially addressable patient population for our product candidates may not ultimately be amenable to treatment with our product candidates. Even if we receive regulatory approval for any of our product candidates, such approval could be conditioned upon label restrictions that materially limit the addressable patient population. Our market opportunity may also be limited by future competitor treatments that enter the market. If any of our estimates prove to be inaccurate, the market opportunity for any product candidate that we or our strategic partners develop could be significantly diminished and have an adverse material impact on our business.

The Bipartisan Budget Act of 2018 also amended the ACA, effective January 1, 2019, by increasing the point-of-sale discount that is owed by pharmaceutical manufacturers who participate in Medicare Part D and closing the coverage gap in most Medicare drug plans, commonly referred to as the “donut hole.” CMS published a final rule permitting further collections and payments to and from certain ACA qualified health plans and health insurance issuers under the ACA risk adjustment program in response to the outcome of federal district court litigation regarding the method CMS uses to determine this risk adjustment. In addition, CMS has published a final rule to give states greater flexibility, starting in 2020, in setting benchmarks for insurers in the individual and small group marketplaces, which may have the effect of relaxing the essential health benefits required under the ACA for plans sold through such marketplaces. The American Taxpayer Relief Act of 2012, or ATRA, among other things, reduced Medicare payments to several providers, including hospitals, and increased the statute of limitations period for the government to recover overpayments to providers from three to five years. Other legislative changes include aggregate reductions to Medicare payments to providers of up to 2% per fiscal year pursuant to the Budget Control Act of 2011, which began in 2013 and will remain in effect through 2030 with the exception of a temporary suspension implemented under various COVID-19 relief legislation from May 1, 2020 through the end of 2021, unless additional Congressional action is taken.

In addition, other legislative changes have been proposed and adopted since the ACA was enacted. There has been increasing legislative and enforcement interest in the United States with respect to specialty drug pricing practices. Specifically, there have been several recent U.S. Congressional inquiries and proposed federal and state legislation designed to, among other things, bring more transparency to drug pricing, reduce the cost of prescription drugs under Medicare, review the relationship between pricing and manufacturer patient programs, and reform government program reimbursement methodologies for drugs. At the federal level, in 2020, under the Trump administration, HHS and CMS issued various rules that are expected to impact, among others, price reductions from pharmaceutical manufacturers to plan sponsors under Part D, fee arrangements between pharmacy benefit managers and manufacturers, importation of prescription drugs from Canada and other countries, manufacturer price reporting requirements under the Medicaid Drug Rebate Program, including regulations that affect manufacturer-sponsored patient assistance programs subject to pharmacy benefit manager accumulator programs and Best Price reporting related to certain value-based purchasing arrangements. Multiple lawsuits have been brought against the HHS challenging various aspects of these new rules. In January 2021, the Biden administration issued a “regulatory freeze” memorandum that directs department and agency heads to review new or pending rules of the prior administration. It is unclear whether these new regulations will be withdrawn or when they will become fully effective under the current administration. The impact of these lawsuits as well as legislative, executive, and administrative actions of the current administration on us and the pharmaceutical industry as a whole is unclear.

We may face difficulties from changes to current regulations and future legislation. Healthcare legislative measures aimed at reducing healthcare costs may have a material adverse effect on our business and results of operations.

Disruptions at the FDA and other agencies may also slow the time necessary for new drugs to be reviewed and/or approved by necessary government agencies, which would adversely affect our business. For example, in recent years, including in 2018 and 2019, the U.S. government shut down several times and certain regulatory agencies, such as the FDA and the SEC, had to furlough critical employees and stop critical activities. Separately, in response to the COVID-19 pandemic, on March 10, 2020 the FDA announced its intention to postpone most inspections of foreign manufacturing facilities and products through April 2020. On March 18, 2020, the FDA announced its intention to temporarily postpone routine surveillance inspections of domestic manufacturing facilities and provided guidance regarding the conduct of clinical trials. In May 2020, FDA announced that it will continue to postpone domestic and foreign routine surveillance inspections due to COVID-19. In August 2020, as updated in 2021, FDA also issued a Questions and Answers guide on manufacturing, supply chain, and pharmaceutical product inspections during the public health emergency. The FDA indicated that it continues to use various tools and alternative methods, where possible, for inspections and exercises discretion on a case-by-case basis to conduct domestic inspections with a risk assessment system. In the event of any prolonged government shutdown, or if global health concerns continue to prevent the FDA or other regulatory authorities from conducting their regular inspections, reviews, or other regulatory activities on a timely basis, it could significantly impact the ability of the FDA to timely review and process our regulatory submissions, which could have a material adverse effect on our business. Further, future government shutdowns or delays could impact our ability to access the public markets and obtain necessary capital in order to properly capitalize and continue our operations.

Cyberattacks upon systems, across industries, are increasing in their frequency, persistence, and sophistication, and are being conducted by sophisticated, well-funded, and organized groups and individuals. These cyberattacks may occur on our systems or those of our third-party providers or partners. Additionally, certain threats are designed to remain dormant or undetectable until launched against a target and we may not be able to implement adequate preventative measures. Such cyberattacks could include wrongful conduct by hostile foreign governments, industrial espionage, the deployment of harmful malware, ransomware attacks, denial-of-service, and/or other means to threaten data confidentiality, integrity and availability. Those engaging in attacks may implement social engineering techniques to induce our employees or contractors to disclose passwords or other sensitive information or take other actions to gain improper access to data or systems. Further, security breaches and other security incidents may result from employee or contractor malfeasance, error or negligence or those of service providers on which we rely. A successful cyberattack could cause serious negative consequences for us, including, without limitation, the disruption of operations, the loss or misappropriation of confidential business information and trade secrets, unauthorized access to or other compromise of personal information or other sensitive information, and the disclosure of corporate strategic plans. We have in the past experienced, and may in the future experience, a compromise of our data or information technology systems that results in one or more third parties obtaining access to confidential information about our company or sensitive information about individuals, such as employees or clinical trial participants. Although we devote resources to protect our information technology systems and continue to assess and, as necessitated, enhance our cybersecurity protection, we realize that cyberattacks are a threat, and there can be no assurance that our efforts will prevent information security breaches that would result in business, legal or reputational harm to us, or would have a material adverse effect on our operating results and financial condition. We also may be required to incur significant costs in an effort to detect and prevent security breaches and other security-related incidents. Confidential information obtained by third parties in connection with past or future attacks could be used in ways that adversely affect our company or our stockholders. The majority of our workforce works remotely rather than in our offices, and we may be more susceptible to security breaches and incidents as a result. Further, we engage third-party service providers to store and otherwise process sensitive and personal information, including our CROs. Our CROs and other service providers face substantial risks of security breaches and incidents. Our service providers may be more susceptible to security breaches and other security incidents while social distancing measures restrict the ability of their employees to work at offices to combat the COVID-19 pandemic. Depending on the nature of any information compromised, in the event of a data breach or other unauthorized access to our sensitive information, we may also have obligations to notify affected individuals and regulators about the incident, and we may be required or find it appropriate to provide some form of remedy, such as a subscription to credit monitoring services, pay significant fines to one or more regulators, or pay compensation in connection with a class-action settlement (including under the new private right of action under the California Consumer Privacy Act of 2018 (the CCPA)). Laws and regulations relating to cybersecurity and notification and other obligations in connection with security breaches and incidents continue to evolve and may be inconsistent from one jurisdiction to another. Complying with these obligations and otherwise responding to any security breach or incident could cause us to incur substantial costs and could increase negative publicity surrounding any incident that compromises, or is perceived to have compromised, sensitive data.