EXP Realty International Corp

To run our business, it is essential for us to store and transmit sensitive personal information about our customers, prospects, employees, and independent agents in our systems and networks. At the same time, we are subject to numerous laws, regulations, and other requirements that require businesses like ours to protect the security of personal information, notify customers and other individuals about our privacy practices, and limit the use, disclosure, or transfer of personal data across country borders. Regulators in the U.S. and abroad continue to enact comprehensive new laws or legislative reforms imposing significant privacy and cybersecurity restrictions. The result is that we are subject to

increased regulatory scrutiny, additional contractual requirements from corporate customers, and heightened compliance costs. These ongoing changes to privacy and cybersecurity laws also may make it more difficult for us to operate our business and may have a material adverse effect on our operations. For example, the European Union’s GDPR conferred new and significant privacy rights on individuals (including employees and independent agents), and materially increased penalties for violations. In the U.S., California enacted the California Consumer Privacy Act—which is expected to go into full effect in 2020—imposing new and comprehensive requirements on organizations that collect and disclose personal information about California residents. In March 2017, the New York Department of Financial Services’ cybersecurity regulation went into effect, requiring regulated financial institutions to establish a detailed cybersecurity program. Program requirements included corporate governance, incident planning, data management, system testing, vendor oversight, and regulator notification rules. Now, other state regulatory agencies are expected to enact similar requirements following the adoption of the Insurance Data Security Model Law by the National Association of Insurance Commissioners that is consistent with the New York regulation.

A company is deemed to be the primary beneficiary of a VIE and must consolidate the entity if the company has both (1) the power to direct the activities of a VIE that most significantly impact the VIE’s economic performance and (2) the obligation to absorb losses of the VIE that could potentially be significant to the VIE or the right to receive benefits from the VIE that could potentially be significant to the VIE.  The Company has concluded that the Company is the primary beneficiary since the Company has the power to direct the activities of the entity and has an economic interest that will absorb the losses and/or receive benefits that could be significant to the VIE.  Accordingly, the Company consolidates the assets and liabilities and operating results in the consolidated financial statements.  The Company recognizes noncontrolling interest in the consolidated balance sheets.  The income or loss allocations reflected on the consolidated statement of operations may create volatility in the reported results of operations, including net losses attributable to common stockholders.

In January 2019, the Company amended the Agent Growth Incentive Program. The amendment changed the share-based performance awards from a fixed-share amount to a fixed-dollar amount of shares based on the achievement of performance metrics. The performance metrics did not change under the amended program.  The recognition of the award depends on which performance metric is achieved and the number of shares granted is calculated based on the fixed dollar amount of the respective award and the stock price on the last day of the month in which the agent achieves the performance metric. Once it is probable an agent will reach the performance metric, the award is recognized as a liability.  Since the Company’s obligation on the grant date is based on a fixed monetary amount that will be settled with a variable number of shares upon achievement of the performance condition, ASC 480 – Distinguishing Liabilities from Equity requires these awards to be classified as liabilities until the number of shares to be issued becomes fixed. The awards become fixed once the performance metric is achieved. The share price on the last day of the month the performance metric is met is used to calculate the number of shares to be awarded. Upon achievement of the performance metric, the award is no longer considered a liability and is reclassified from a liability to equity.

Management has been implementing and continues to implement measures designed to ensure that control deficiencies contributing to the material weaknesses are remediated, such that these controls are designed, implemented, and operating effectively in addition to implementing new monitoring controls to help mitigate the risks associated with the ineffective GITCs. The remediation actions include: (i) establishing an internal audit team to support the Company’s entire control environment and its ongoing internal controls development and monitoring; (ii) creating and filling an IT compliance oversight function; (iii) educating control owners concerning the principles and requirements of each control, with a focus on those related to user access and change-management over IT systems impacting financial reporting; (iv) developing and maintaining documentation underlying GITCs to promote knowledge transfer upon personnel and function changes; (v) developing enhanced controls and reviews related to changes in IT systems; (vi) performing an in-depth analysis of who should have access to perform key functions within the system that impact financial reporting and redesigning aspects of the system to better allow the access rights to be implemented; and (vii) adding additional manual controls to monitor information and data produced by the system to help mitigate the risks associated with ineffective GITCs.

We believe that these actions will remediate the material weaknesses. The weaknesses will not be considered remediated, however, until the applicable controls operate for a sufficient period of time and management has concluded, through testing, that these controls are operating effectively.

For the year ended December 31, 2019, Mr. Jacklin’s compensation was $200,000 and continues to be issued common stock having a value of $2,000 each month. For the year ended December 31, 2019, Mr. Frederick received $2,000 each month for directorship activities, which was paid in common stock. The number of shares of common stock to be issued is determined by the closing price of the last trading day of the month. For the year ended December 31, 2019, Ms. Truax’s compensation was $25,000, and stock options valued at $25,000 were granted to Ms. Truax. Mr. Frederick does not receive director fees; however, both Mr. Frederick and Ms. Truax received revenue sharing. Mr. Frederick received $4,227,130 and $24,045 in revenue sharing and stock awards, respectively, and Ms. Truax received $41,956 and $33,448 in revenue sharing and commissions, respectively. For the year ended December 31, 2019, Mr. Cahir’s compensation was $200,000.  The annual compensation for Mr. Miles was increased to $200,000 in August 2019. Directors are reimbursed for reasonable out-of-pocket expenses incurred in the performance of duties as a Board member.